0s autopkgtest [21:06:58]: starting date and time: 2024-11-15 21:06:58+0000 0s autopkgtest [21:06:58]: git checkout: 6f3be7a8 Fix armhf LXD image generation for plucky 0s autopkgtest [21:06:58]: host juju-7f2275-prod-proposed-migration-environment-20; command line: /home/ubuntu/autopkgtest/runner/autopkgtest --output-dir /tmp/autopkgtest-work.a1h_nirk/out --timeout-copy=6000 --setup-commands /home/ubuntu/autopkgtest-cloud/worker-config-production/setup-canonical.sh --apt-pocket=proposed=src:systemd,src:openssh --apt-upgrade sssd --timeout-short=300 --timeout-copy=20000 --timeout-build=20000 '--env=ADT_TEST_TRIGGERS=systemd/255.4-1ubuntu8.5 openssh/1:9.6p1-3ubuntu13.7' -- ssh -s /home/ubuntu/autopkgtest/ssh-setup/nova -- --flavor autopkgtest --security-groups autopkgtest-juju-7f2275-prod-proposed-migration-environment-20@bos03-arm64-19.secgroup --name adt-noble-arm64-sssd-20241115-210658-juju-7f2275-prod-proposed-migration-environment-20-058487d7-5d56-4de8-bfc3-fa5fe1497f83 --image adt/ubuntu-noble-arm64-server --keyname testbed-juju-7f2275-prod-proposed-migration-environment-20 --net-id=net_prod-proposed-migration -e TERM=linux -e ''"'"'http_proxy=http://squid.internal:3128'"'"'' -e ''"'"'https_proxy=http://squid.internal:3128'"'"'' -e ''"'"'no_proxy=127.0.0.1,127.0.1.1,login.ubuntu.com,localhost,localdomain,novalocal,internal,archive.ubuntu.com,ports.ubuntu.com,security.ubuntu.com,ddebs.ubuntu.com,changelogs.ubuntu.com,keyserver.ubuntu.com,launchpadlibrarian.net,launchpadcontent.net,launchpad.net,10.24.0.0/24,keystone.ps5.canonical.com,objectstorage.prodstack5.canonical.com'"'"'' --mirror=http://ftpmaster.internal/ubuntu/ 73s autopkgtest [21:08:11]: testbed dpkg architecture: arm64 74s autopkgtest [21:08:12]: testbed apt version: 2.7.14build2 74s autopkgtest [21:08:12]: @@@@@@@@@@@@@@@@@@@@ test bed setup 75s Get:1 http://ftpmaster.internal/ubuntu noble-proposed InRelease [265 kB] 75s Get:2 http://ftpmaster.internal/ubuntu noble-proposed/restricted Sources [3240 B] 75s Get:3 http://ftpmaster.internal/ubuntu noble-proposed/universe Sources [88.3 kB] 75s Get:4 http://ftpmaster.internal/ubuntu noble-proposed/main Sources [78.5 kB] 75s Get:5 http://ftpmaster.internal/ubuntu noble-proposed/main arm64 Packages [185 kB] 75s Get:6 http://ftpmaster.internal/ubuntu noble-proposed/main arm64 c-n-f Metadata [3756 B] 75s Get:7 http://ftpmaster.internal/ubuntu noble-proposed/restricted arm64 Packages [69.3 kB] 75s Get:8 http://ftpmaster.internal/ubuntu noble-proposed/restricted arm64 c-n-f Metadata [352 B] 75s Get:9 http://ftpmaster.internal/ubuntu noble-proposed/universe arm64 Packages [617 kB] 75s Get:10 http://ftpmaster.internal/ubuntu noble-proposed/universe arm64 c-n-f Metadata [9620 B] 75s Get:11 http://ftpmaster.internal/ubuntu noble-proposed/multiverse arm64 c-n-f Metadata [344 B] 78s Fetched 1321 kB in 1s (1567 kB/s) 78s Reading package lists... 81s Reading package lists... 81s Building dependency tree... 81s Reading state information... 82s Calculating upgrade... 82s The following packages will be upgraded: 82s libnss-systemd libpam-systemd libsystemd-shared libsystemd0 libudev1 82s openssh-client openssh-server openssh-sftp-server systemd systemd-dev 82s systemd-resolved systemd-sysv systemd-timesyncd udev 82s 14 upgraded, 0 newly installed, 0 to remove and 0 not upgraded. 82s Need to get 10.1 MB of archives. 82s After this operation, 66.6 kB of additional disk space will be used. 82s Get:1 http://ftpmaster.internal/ubuntu noble-proposed/main arm64 libnss-systemd arm64 255.4-1ubuntu8.5 [155 kB] 82s Get:2 http://ftpmaster.internal/ubuntu noble-proposed/main arm64 systemd-dev all 255.4-1ubuntu8.5 [104 kB] 82s Get:3 http://ftpmaster.internal/ubuntu noble-proposed/main arm64 systemd-timesyncd arm64 255.4-1ubuntu8.5 [34.8 kB] 82s Get:4 http://ftpmaster.internal/ubuntu noble-proposed/main arm64 systemd-resolved arm64 255.4-1ubuntu8.5 [291 kB] 83s Get:5 http://ftpmaster.internal/ubuntu noble-proposed/main arm64 libsystemd-shared arm64 255.4-1ubuntu8.5 [2017 kB] 83s Get:6 http://ftpmaster.internal/ubuntu noble-proposed/main arm64 libsystemd0 arm64 255.4-1ubuntu8.5 [425 kB] 83s Get:7 http://ftpmaster.internal/ubuntu noble-proposed/main arm64 systemd-sysv arm64 255.4-1ubuntu8.5 [11.9 kB] 83s Get:8 http://ftpmaster.internal/ubuntu noble-proposed/main arm64 libpam-systemd arm64 255.4-1ubuntu8.5 [232 kB] 83s Get:9 http://ftpmaster.internal/ubuntu noble-proposed/main arm64 systemd arm64 255.4-1ubuntu8.5 [3404 kB] 83s Get:10 http://ftpmaster.internal/ubuntu noble-proposed/main arm64 udev arm64 255.4-1ubuntu8.5 [1852 kB] 83s Get:11 http://ftpmaster.internal/ubuntu noble-proposed/main arm64 libudev1 arm64 255.4-1ubuntu8.5 [173 kB] 83s Get:12 http://ftpmaster.internal/ubuntu noble-proposed/main arm64 openssh-sftp-server arm64 1:9.6p1-3ubuntu13.7 [36.8 kB] 83s Get:13 http://ftpmaster.internal/ubuntu noble-proposed/main arm64 openssh-server arm64 1:9.6p1-3ubuntu13.7 [501 kB] 83s Get:14 http://ftpmaster.internal/ubuntu noble-proposed/main arm64 openssh-client arm64 1:9.6p1-3ubuntu13.7 [887 kB] 83s Preconfiguring packages ... 83s Fetched 10.1 MB in 1s (11.1 MB/s) 84s (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 78121 files and directories currently installed.) 84s Preparing to unpack .../0-libnss-systemd_255.4-1ubuntu8.5_arm64.deb ... 84s Unpacking libnss-systemd:arm64 (255.4-1ubuntu8.5) over (255.4-1ubuntu8.4) ... 84s Preparing to unpack .../1-systemd-dev_255.4-1ubuntu8.5_all.deb ... 84s Unpacking systemd-dev (255.4-1ubuntu8.5) over (255.4-1ubuntu8.4) ... 84s Preparing to unpack .../2-systemd-timesyncd_255.4-1ubuntu8.5_arm64.deb ... 84s Unpacking systemd-timesyncd (255.4-1ubuntu8.5) over (255.4-1ubuntu8.4) ... 84s Preparing to unpack .../3-systemd-resolved_255.4-1ubuntu8.5_arm64.deb ... 84s Unpacking systemd-resolved (255.4-1ubuntu8.5) over (255.4-1ubuntu8.4) ... 84s Preparing to unpack .../4-libsystemd-shared_255.4-1ubuntu8.5_arm64.deb ... 84s Unpacking libsystemd-shared:arm64 (255.4-1ubuntu8.5) over (255.4-1ubuntu8.4) ... 84s Preparing to unpack .../5-libsystemd0_255.4-1ubuntu8.5_arm64.deb ... 84s Unpacking libsystemd0:arm64 (255.4-1ubuntu8.5) over (255.4-1ubuntu8.4) ... 84s Setting up libsystemd0:arm64 (255.4-1ubuntu8.5) ... 84s (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 78121 files and directories currently installed.) 84s Preparing to unpack .../systemd-sysv_255.4-1ubuntu8.5_arm64.deb ... 84s Unpacking systemd-sysv (255.4-1ubuntu8.5) over (255.4-1ubuntu8.4) ... 85s Preparing to unpack .../libpam-systemd_255.4-1ubuntu8.5_arm64.deb ... 85s Unpacking libpam-systemd:arm64 (255.4-1ubuntu8.5) over (255.4-1ubuntu8.4) ... 85s Preparing to unpack .../systemd_255.4-1ubuntu8.5_arm64.deb ... 85s Unpacking systemd (255.4-1ubuntu8.5) over (255.4-1ubuntu8.4) ... 85s Preparing to unpack .../udev_255.4-1ubuntu8.5_arm64.deb ... 85s Unpacking udev (255.4-1ubuntu8.5) over (255.4-1ubuntu8.4) ... 85s Preparing to unpack .../libudev1_255.4-1ubuntu8.5_arm64.deb ... 85s Unpacking libudev1:arm64 (255.4-1ubuntu8.5) over (255.4-1ubuntu8.4) ... 85s Setting up libudev1:arm64 (255.4-1ubuntu8.5) ... 85s (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 78121 files and directories currently installed.) 85s Preparing to unpack .../openssh-sftp-server_1%3a9.6p1-3ubuntu13.7_arm64.deb ... 85s Unpacking openssh-sftp-server (1:9.6p1-3ubuntu13.7) over (1:9.6p1-3ubuntu13.5) ... 85s Preparing to unpack .../openssh-server_1%3a9.6p1-3ubuntu13.7_arm64.deb ... 85s Unpacking openssh-server (1:9.6p1-3ubuntu13.7) over (1:9.6p1-3ubuntu13.5) ... 86s Preparing to unpack .../openssh-client_1%3a9.6p1-3ubuntu13.7_arm64.deb ... 86s Unpacking openssh-client (1:9.6p1-3ubuntu13.7) over (1:9.6p1-3ubuntu13.5) ... 86s Setting up openssh-client (1:9.6p1-3ubuntu13.7) ... 86s Setting up systemd-dev (255.4-1ubuntu8.5) ... 86s Setting up libsystemd-shared:arm64 (255.4-1ubuntu8.5) ... 86s Setting up openssh-sftp-server (1:9.6p1-3ubuntu13.7) ... 86s Setting up openssh-server (1:9.6p1-3ubuntu13.7) ... 86s Replacing config file /etc/ssh/sshd_config with new version 87s Setting up systemd (255.4-1ubuntu8.5) ... 87s Setting up systemd-timesyncd (255.4-1ubuntu8.5) ... 88s Setting up udev (255.4-1ubuntu8.5) ... 89s Setting up systemd-resolved (255.4-1ubuntu8.5) ... 89s Setting up systemd-sysv (255.4-1ubuntu8.5) ... 89s Setting up libnss-systemd:arm64 (255.4-1ubuntu8.5) ... 89s Setting up libpam-systemd:arm64 (255.4-1ubuntu8.5) ... 90s Processing triggers for libc-bin (2.39-0ubuntu8.3) ... 90s Processing triggers for ufw (0.36.2-6) ... 90s Processing triggers for man-db (2.12.0-4build2) ... 91s Processing triggers for dbus (1.14.10-4ubuntu4.1) ... 91s Processing triggers for initramfs-tools (0.142ubuntu25.4) ... 91s update-initramfs: Generating /boot/initrd.img-6.8.0-48-generic 91s W: No lz4 in /usr/bin:/sbin:/bin, using gzip 109s System running in EFI mode, skipping. 109s Reading package lists... 109s Building dependency tree... 109s Reading state information... 110s 0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded. 111s Hit:1 http://ftpmaster.internal/ubuntu noble-proposed InRelease 111s Hit:2 http://ftpmaster.internal/ubuntu noble InRelease 111s Hit:3 http://ftpmaster.internal/ubuntu noble-updates InRelease 111s Hit:4 http://ftpmaster.internal/ubuntu noble-security InRelease 112s Reading package lists... 112s Reading package lists... 112s Building dependency tree... 112s Reading state information... 113s Calculating upgrade... 114s 0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded. 114s Reading package lists... 114s Building dependency tree... 114s Reading state information... 115s 0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded. 115s autopkgtest [21:08:53]: rebooting testbed after setup commands that affected boot 139s autopkgtest [21:09:17]: testbed running kernel: Linux 6.8.0-48-generic #48-Ubuntu SMP PREEMPT_DYNAMIC Fri Sep 27 14:35:45 UTC 2024 142s autopkgtest [21:09:20]: @@@@@@@@@@@@@@@@@@@@ apt-source sssd 157s Get:1 http://ftpmaster.internal/ubuntu noble-updates/main sssd 2.9.4-1.1ubuntu6.1 (dsc) [5064 B] 157s Get:2 http://ftpmaster.internal/ubuntu noble-updates/main sssd 2.9.4-1.1ubuntu6.1 (tar) [7983 kB] 157s Get:3 http://ftpmaster.internal/ubuntu noble-updates/main sssd 2.9.4-1.1ubuntu6.1 (diff) [51.3 kB] 158s gpgv: Signature made Mon Jun 10 14:26:32 2024 UTC 158s gpgv: using RSA key 50C4A0DDCF31E452CEB19B516569D855A744BE93 158s gpgv: Can't check signature: No public key 158s dpkg-source: warning: cannot verify inline signature for ./sssd_2.9.4-1.1ubuntu6.1.dsc: no acceptable signature found 158s autopkgtest [21:09:36]: testing package sssd version 2.9.4-1.1ubuntu6.1 159s autopkgtest [21:09:37]: build not needed 161s autopkgtest [21:09:39]: test ldap-user-group-ldap-auth: preparing testbed 162s Reading package lists... 163s Building dependency tree... 163s Reading state information... 163s Starting pkgProblemResolver with broken count: 0 163s Starting 2 pkgProblemResolver with broken count: 0 163s Done 164s The following additional packages will be installed: 164s expect ldap-utils libavahi-client3 libavahi-common-data libavahi-common3 164s libbasicobjects0t64 libcares2 libcollection4t64 libcrack2 libdhash1t64 164s libevent-2.1-7t64 libini-config5t64 libipa-hbac-dev libipa-hbac0t64 libjose0 164s libkrad0 libldb2 libltdl7 libnfsidmap1 libnss-sss libnss-sudo libodbc2 164s libpam-pwquality libpam-sss libpath-utils1t64 libpwquality-common 164s libpwquality1 libref-array1t64 libsmbclient0 libsss-certmap-dev 164s libsss-certmap0 libsss-idmap-dev libsss-idmap0 libsss-nss-idmap-dev 164s libsss-nss-idmap0 libsss-sudo libtalloc2 libtcl8.6 libtdb1 libtevent0t64 164s libverto-libevent1t64 libverto1t64 libwbclient0 python3-libipa-hbac 164s python3-libsss-nss-idmap python3-sss samba-libs slapd sssd sssd-ad 164s sssd-ad-common sssd-common sssd-dbus sssd-idp sssd-ipa sssd-kcm sssd-krb5 164s sssd-krb5-common sssd-ldap sssd-passkey sssd-proxy sssd-tools tcl-expect 164s tcl8.6 164s Suggested packages: 164s tk8.6 libsasl2-modules-gssapi-mit | libsasl2-modules-gssapi-heimdal 164s odbc-postgresql tdsodbc adcli libsasl2-modules-ldap tcl-tclreadline 164s Recommended packages: 164s cracklib-runtime libsasl2-modules-gssapi-mit 164s | libsasl2-modules-gssapi-heimdal 164s The following NEW packages will be installed: 164s autopkgtest-satdep expect ldap-utils libavahi-client3 libavahi-common-data 164s libavahi-common3 libbasicobjects0t64 libcares2 libcollection4t64 libcrack2 164s libdhash1t64 libevent-2.1-7t64 libini-config5t64 libipa-hbac-dev 164s libipa-hbac0t64 libjose0 libkrad0 libldb2 libltdl7 libnfsidmap1 libnss-sss 164s libnss-sudo libodbc2 libpam-pwquality libpam-sss libpath-utils1t64 164s libpwquality-common libpwquality1 libref-array1t64 libsmbclient0 164s libsss-certmap-dev libsss-certmap0 libsss-idmap-dev libsss-idmap0 164s libsss-nss-idmap-dev libsss-nss-idmap0 libsss-sudo libtalloc2 libtcl8.6 164s libtdb1 libtevent0t64 libverto-libevent1t64 libverto1t64 libwbclient0 164s python3-libipa-hbac python3-libsss-nss-idmap python3-sss samba-libs slapd 164s sssd sssd-ad sssd-ad-common sssd-common sssd-dbus sssd-idp sssd-ipa sssd-kcm 164s sssd-krb5 sssd-krb5-common sssd-ldap sssd-passkey sssd-proxy sssd-tools 164s tcl-expect tcl8.6 164s 0 upgraded, 65 newly installed, 0 to remove and 0 not upgraded. 164s Need to get 12.7 MB/12.7 MB of archives. 164s After this operation, 60.1 MB of additional disk space will be used. 164s Get:1 /tmp/autopkgtest.HpidOX/1-autopkgtest-satdep.deb autopkgtest-satdep arm64 0 [872 B] 164s Get:2 http://ftpmaster.internal/ubuntu noble/main arm64 libltdl7 arm64 2.4.7-7build1 [40.4 kB] 165s Get:3 http://ftpmaster.internal/ubuntu noble-updates/main arm64 libodbc2 arm64 2.3.12-1ubuntu0.24.04.1 [145 kB] 165s Get:4 http://ftpmaster.internal/ubuntu noble-proposed/main arm64 slapd arm64 2.6.7+dfsg-1~exp1ubuntu8.1 [1515 kB] 165s Get:5 http://ftpmaster.internal/ubuntu noble/main arm64 libtcl8.6 arm64 8.6.14+dfsg-1build1 [978 kB] 165s Get:6 http://ftpmaster.internal/ubuntu noble/main arm64 tcl8.6 arm64 8.6.14+dfsg-1build1 [14.6 kB] 165s Get:7 http://ftpmaster.internal/ubuntu noble/universe arm64 tcl-expect arm64 5.45.4-3 [112 kB] 165s Get:8 http://ftpmaster.internal/ubuntu noble/universe arm64 expect arm64 5.45.4-3 [137 kB] 165s Get:9 http://ftpmaster.internal/ubuntu noble-proposed/main arm64 ldap-utils arm64 2.6.7+dfsg-1~exp1ubuntu8.1 [149 kB] 165s Get:10 http://ftpmaster.internal/ubuntu noble/main arm64 libavahi-common-data arm64 0.8-13ubuntu6 [29.6 kB] 165s Get:11 http://ftpmaster.internal/ubuntu noble/main arm64 libavahi-common3 arm64 0.8-13ubuntu6 [23.3 kB] 165s Get:12 http://ftpmaster.internal/ubuntu noble/main arm64 libavahi-client3 arm64 0.8-13ubuntu6 [27.2 kB] 165s Get:13 http://ftpmaster.internal/ubuntu noble/main arm64 libbasicobjects0t64 arm64 0.6.2-2.1build1 [5850 B] 165s Get:14 http://ftpmaster.internal/ubuntu noble/main arm64 libcares2 arm64 1.27.0-1.0ubuntu1 [74.1 kB] 165s Get:15 http://ftpmaster.internal/ubuntu noble/main arm64 libcollection4t64 arm64 0.6.2-2.1build1 [23.5 kB] 165s Get:16 http://ftpmaster.internal/ubuntu noble/main arm64 libcrack2 arm64 2.9.6-5.1build2 [28.9 kB] 165s Get:17 http://ftpmaster.internal/ubuntu noble/main arm64 libdhash1t64 arm64 0.6.2-2.1build1 [8882 B] 165s Get:18 http://ftpmaster.internal/ubuntu noble/main arm64 libevent-2.1-7t64 arm64 2.1.12-stable-9ubuntu2 [140 kB] 165s Get:19 http://ftpmaster.internal/ubuntu noble/main arm64 libpath-utils1t64 arm64 0.6.2-2.1build1 [9120 B] 165s Get:20 http://ftpmaster.internal/ubuntu noble/main arm64 libref-array1t64 arm64 0.6.2-2.1build1 [7322 B] 165s Get:21 http://ftpmaster.internal/ubuntu noble/main arm64 libini-config5t64 arm64 0.6.2-2.1build1 [44.6 kB] 165s Get:22 http://ftpmaster.internal/ubuntu noble-updates/main arm64 libipa-hbac0t64 arm64 2.9.4-1.1ubuntu6.1 [17.2 kB] 165s Get:23 http://ftpmaster.internal/ubuntu noble/universe arm64 libjose0 arm64 13-1 [44.5 kB] 165s Get:24 http://ftpmaster.internal/ubuntu noble/main arm64 libverto-libevent1t64 arm64 0.3.1-1.2ubuntu3 [6328 B] 165s Get:25 http://ftpmaster.internal/ubuntu noble/main arm64 libverto1t64 arm64 0.3.1-1.2ubuntu3 [10.4 kB] 165s Get:26 http://ftpmaster.internal/ubuntu noble-proposed/main arm64 libkrad0 arm64 1.20.1-6ubuntu2.2 [22.1 kB] 165s Get:27 http://ftpmaster.internal/ubuntu noble/main arm64 libtalloc2 arm64 2.4.2-1build2 [26.7 kB] 165s Get:28 http://ftpmaster.internal/ubuntu noble/main arm64 libtdb1 arm64 1.4.10-1build1 [48.5 kB] 165s Get:29 http://ftpmaster.internal/ubuntu noble/main arm64 libtevent0t64 arm64 0.16.1-2build1 [42.3 kB] 165s Get:30 http://ftpmaster.internal/ubuntu noble/main arm64 libldb2 arm64 2:2.8.0+samba4.19.5+dfsg-4ubuntu9 [188 kB] 165s Get:31 http://ftpmaster.internal/ubuntu noble/main arm64 libnfsidmap1 arm64 1:2.6.4-3ubuntu5 [48.2 kB] 165s Get:32 http://ftpmaster.internal/ubuntu noble/universe arm64 libnss-sudo all 1.9.15p5-3ubuntu5 [15.2 kB] 165s Get:33 http://ftpmaster.internal/ubuntu noble/main arm64 libpwquality-common all 1.4.5-3build1 [7748 B] 165s Get:34 http://ftpmaster.internal/ubuntu noble/main arm64 libpwquality1 arm64 1.4.5-3build1 [13.3 kB] 165s Get:35 http://ftpmaster.internal/ubuntu noble/main arm64 libpam-pwquality arm64 1.4.5-3build1 [11.7 kB] 165s Get:36 http://ftpmaster.internal/ubuntu noble/main arm64 libwbclient0 arm64 2:4.19.5+dfsg-4ubuntu9 [71.4 kB] 165s Get:37 http://ftpmaster.internal/ubuntu noble/main arm64 samba-libs arm64 2:4.19.5+dfsg-4ubuntu9 [6061 kB] 166s Get:38 http://ftpmaster.internal/ubuntu noble/main arm64 libsmbclient0 arm64 2:4.19.5+dfsg-4ubuntu9 [62.1 kB] 166s Get:39 http://ftpmaster.internal/ubuntu noble-updates/main arm64 libnss-sss arm64 2.9.4-1.1ubuntu6.1 [32.2 kB] 166s Get:40 http://ftpmaster.internal/ubuntu noble-updates/main arm64 libpam-sss arm64 2.9.4-1.1ubuntu6.1 [49.3 kB] 166s Get:41 http://ftpmaster.internal/ubuntu noble-updates/main arm64 python3-sss arm64 2.9.4-1.1ubuntu6.1 [47.0 kB] 166s Get:42 http://ftpmaster.internal/ubuntu noble-updates/main arm64 libsss-certmap0 arm64 2.9.4-1.1ubuntu6.1 [46.3 kB] 166s Get:43 http://ftpmaster.internal/ubuntu noble-updates/main arm64 libsss-idmap0 arm64 2.9.4-1.1ubuntu6.1 [22.4 kB] 166s Get:44 http://ftpmaster.internal/ubuntu noble-updates/main arm64 libsss-nss-idmap0 arm64 2.9.4-1.1ubuntu6.1 [30.8 kB] 166s Get:45 http://ftpmaster.internal/ubuntu noble-updates/main arm64 sssd-common arm64 2.9.4-1.1ubuntu6.1 [1147 kB] 166s Get:46 http://ftpmaster.internal/ubuntu noble-updates/universe arm64 sssd-idp arm64 2.9.4-1.1ubuntu6.1 [27.9 kB] 166s Get:47 http://ftpmaster.internal/ubuntu noble-updates/universe arm64 sssd-passkey arm64 2.9.4-1.1ubuntu6.1 [32.7 kB] 166s Get:48 http://ftpmaster.internal/ubuntu noble-updates/main arm64 sssd-ad-common arm64 2.9.4-1.1ubuntu6.1 [75.4 kB] 166s Get:49 http://ftpmaster.internal/ubuntu noble-updates/main arm64 sssd-krb5-common arm64 2.9.4-1.1ubuntu6.1 [87.8 kB] 166s Get:50 http://ftpmaster.internal/ubuntu noble-updates/main arm64 sssd-ad arm64 2.9.4-1.1ubuntu6.1 [135 kB] 166s Get:51 http://ftpmaster.internal/ubuntu noble-updates/main arm64 sssd-ipa arm64 2.9.4-1.1ubuntu6.1 [220 kB] 166s Get:52 http://ftpmaster.internal/ubuntu noble-updates/main arm64 sssd-krb5 arm64 2.9.4-1.1ubuntu6.1 [14.3 kB] 166s Get:53 http://ftpmaster.internal/ubuntu noble-updates/main arm64 sssd-ldap arm64 2.9.4-1.1ubuntu6.1 [31.3 kB] 166s Get:54 http://ftpmaster.internal/ubuntu noble-updates/main arm64 sssd-proxy arm64 2.9.4-1.1ubuntu6.1 [44.6 kB] 166s Get:55 http://ftpmaster.internal/ubuntu noble-updates/main arm64 sssd arm64 2.9.4-1.1ubuntu6.1 [4122 B] 166s Get:56 http://ftpmaster.internal/ubuntu noble-updates/main arm64 sssd-dbus arm64 2.9.4-1.1ubuntu6.1 [103 kB] 166s Get:57 http://ftpmaster.internal/ubuntu noble-updates/universe arm64 sssd-kcm arm64 2.9.4-1.1ubuntu6.1 [139 kB] 166s Get:58 http://ftpmaster.internal/ubuntu noble-updates/main arm64 sssd-tools arm64 2.9.4-1.1ubuntu6.1 [97.6 kB] 166s Get:59 http://ftpmaster.internal/ubuntu noble-updates/main arm64 libipa-hbac-dev arm64 2.9.4-1.1ubuntu6.1 [6666 B] 166s Get:60 http://ftpmaster.internal/ubuntu noble-updates/main arm64 libsss-certmap-dev arm64 2.9.4-1.1ubuntu6.1 [5728 B] 166s Get:61 http://ftpmaster.internal/ubuntu noble-updates/main arm64 libsss-idmap-dev arm64 2.9.4-1.1ubuntu6.1 [8380 B] 166s Get:62 http://ftpmaster.internal/ubuntu noble-updates/main arm64 libsss-nss-idmap-dev arm64 2.9.4-1.1ubuntu6.1 [6716 B] 166s Get:63 http://ftpmaster.internal/ubuntu noble-updates/universe arm64 libsss-sudo arm64 2.9.4-1.1ubuntu6.1 [20.9 kB] 166s Get:64 http://ftpmaster.internal/ubuntu noble-updates/universe arm64 python3-libipa-hbac arm64 2.9.4-1.1ubuntu6.1 [16.6 kB] 166s Get:65 http://ftpmaster.internal/ubuntu noble-updates/universe arm64 python3-libsss-nss-idmap arm64 2.9.4-1.1ubuntu6.1 [9150 B] 166s Preconfiguring packages ... 166s Fetched 12.7 MB in 1s (9001 kB/s) 166s Selecting previously unselected package libltdl7:arm64. 167s (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 78121 files and directories currently installed.) 167s Preparing to unpack .../00-libltdl7_2.4.7-7build1_arm64.deb ... 167s Unpacking libltdl7:arm64 (2.4.7-7build1) ... 167s Selecting previously unselected package libodbc2:arm64. 167s Preparing to unpack .../01-libodbc2_2.3.12-1ubuntu0.24.04.1_arm64.deb ... 167s Unpacking libodbc2:arm64 (2.3.12-1ubuntu0.24.04.1) ... 167s Selecting previously unselected package slapd. 167s Preparing to unpack .../02-slapd_2.6.7+dfsg-1~exp1ubuntu8.1_arm64.deb ... 167s Unpacking slapd (2.6.7+dfsg-1~exp1ubuntu8.1) ... 167s Selecting previously unselected package libtcl8.6:arm64. 167s Preparing to unpack .../03-libtcl8.6_8.6.14+dfsg-1build1_arm64.deb ... 167s Unpacking libtcl8.6:arm64 (8.6.14+dfsg-1build1) ... 167s Selecting previously unselected package tcl8.6. 167s Preparing to unpack .../04-tcl8.6_8.6.14+dfsg-1build1_arm64.deb ... 167s Unpacking tcl8.6 (8.6.14+dfsg-1build1) ... 167s Selecting previously unselected package tcl-expect:arm64. 167s Preparing to unpack .../05-tcl-expect_5.45.4-3_arm64.deb ... 167s Unpacking tcl-expect:arm64 (5.45.4-3) ... 167s Selecting previously unselected package expect. 167s Preparing to unpack .../06-expect_5.45.4-3_arm64.deb ... 167s Unpacking expect (5.45.4-3) ... 167s Selecting previously unselected package ldap-utils. 167s Preparing to unpack .../07-ldap-utils_2.6.7+dfsg-1~exp1ubuntu8.1_arm64.deb ... 167s Unpacking ldap-utils (2.6.7+dfsg-1~exp1ubuntu8.1) ... 167s Selecting previously unselected package libavahi-common-data:arm64. 167s Preparing to unpack .../08-libavahi-common-data_0.8-13ubuntu6_arm64.deb ... 167s Unpacking libavahi-common-data:arm64 (0.8-13ubuntu6) ... 167s Selecting previously unselected package libavahi-common3:arm64. 167s Preparing to unpack .../09-libavahi-common3_0.8-13ubuntu6_arm64.deb ... 167s Unpacking libavahi-common3:arm64 (0.8-13ubuntu6) ... 167s Selecting previously unselected package libavahi-client3:arm64. 167s Preparing to unpack .../10-libavahi-client3_0.8-13ubuntu6_arm64.deb ... 167s Unpacking libavahi-client3:arm64 (0.8-13ubuntu6) ... 167s Selecting previously unselected package libbasicobjects0t64:arm64. 167s Preparing to unpack .../11-libbasicobjects0t64_0.6.2-2.1build1_arm64.deb ... 167s Unpacking libbasicobjects0t64:arm64 (0.6.2-2.1build1) ... 167s Selecting previously unselected package libcares2:arm64. 167s Preparing to unpack .../12-libcares2_1.27.0-1.0ubuntu1_arm64.deb ... 167s Unpacking libcares2:arm64 (1.27.0-1.0ubuntu1) ... 167s Selecting previously unselected package libcollection4t64:arm64. 167s Preparing to unpack .../13-libcollection4t64_0.6.2-2.1build1_arm64.deb ... 167s Unpacking libcollection4t64:arm64 (0.6.2-2.1build1) ... 167s Selecting previously unselected package libcrack2:arm64. 167s Preparing to unpack .../14-libcrack2_2.9.6-5.1build2_arm64.deb ... 167s Unpacking libcrack2:arm64 (2.9.6-5.1build2) ... 167s Selecting previously unselected package libdhash1t64:arm64. 167s Preparing to unpack .../15-libdhash1t64_0.6.2-2.1build1_arm64.deb ... 167s Unpacking libdhash1t64:arm64 (0.6.2-2.1build1) ... 167s Selecting previously unselected package libevent-2.1-7t64:arm64. 168s Preparing to unpack .../16-libevent-2.1-7t64_2.1.12-stable-9ubuntu2_arm64.deb ... 168s Unpacking libevent-2.1-7t64:arm64 (2.1.12-stable-9ubuntu2) ... 168s Selecting previously unselected package libpath-utils1t64:arm64. 168s Preparing to unpack .../17-libpath-utils1t64_0.6.2-2.1build1_arm64.deb ... 168s Unpacking libpath-utils1t64:arm64 (0.6.2-2.1build1) ... 168s Selecting previously unselected package libref-array1t64:arm64. 168s Preparing to unpack .../18-libref-array1t64_0.6.2-2.1build1_arm64.deb ... 168s Unpacking libref-array1t64:arm64 (0.6.2-2.1build1) ... 168s Selecting previously unselected package libini-config5t64:arm64. 168s Preparing to unpack .../19-libini-config5t64_0.6.2-2.1build1_arm64.deb ... 168s Unpacking libini-config5t64:arm64 (0.6.2-2.1build1) ... 168s Selecting previously unselected package libipa-hbac0t64. 168s Preparing to unpack .../20-libipa-hbac0t64_2.9.4-1.1ubuntu6.1_arm64.deb ... 168s Unpacking libipa-hbac0t64 (2.9.4-1.1ubuntu6.1) ... 168s Selecting previously unselected package libjose0:arm64. 168s Preparing to unpack .../21-libjose0_13-1_arm64.deb ... 168s Unpacking libjose0:arm64 (13-1) ... 168s Selecting previously unselected package libverto-libevent1t64:arm64. 168s Preparing to unpack .../22-libverto-libevent1t64_0.3.1-1.2ubuntu3_arm64.deb ... 168s Unpacking libverto-libevent1t64:arm64 (0.3.1-1.2ubuntu3) ... 168s Selecting previously unselected package libverto1t64:arm64. 168s Preparing to unpack .../23-libverto1t64_0.3.1-1.2ubuntu3_arm64.deb ... 168s Unpacking libverto1t64:arm64 (0.3.1-1.2ubuntu3) ... 168s Selecting previously unselected package libkrad0:arm64. 168s Preparing to unpack .../24-libkrad0_1.20.1-6ubuntu2.2_arm64.deb ... 168s Unpacking libkrad0:arm64 (1.20.1-6ubuntu2.2) ... 168s Selecting previously unselected package libtalloc2:arm64. 168s Preparing to unpack .../25-libtalloc2_2.4.2-1build2_arm64.deb ... 168s Unpacking libtalloc2:arm64 (2.4.2-1build2) ... 168s Selecting previously unselected package libtdb1:arm64. 168s Preparing to unpack .../26-libtdb1_1.4.10-1build1_arm64.deb ... 168s Unpacking libtdb1:arm64 (1.4.10-1build1) ... 168s Selecting previously unselected package libtevent0t64:arm64. 168s Preparing to unpack .../27-libtevent0t64_0.16.1-2build1_arm64.deb ... 168s Unpacking libtevent0t64:arm64 (0.16.1-2build1) ... 168s Selecting previously unselected package libldb2:arm64. 168s Preparing to unpack .../28-libldb2_2%3a2.8.0+samba4.19.5+dfsg-4ubuntu9_arm64.deb ... 168s Unpacking libldb2:arm64 (2:2.8.0+samba4.19.5+dfsg-4ubuntu9) ... 168s Selecting previously unselected package libnfsidmap1:arm64. 168s Preparing to unpack .../29-libnfsidmap1_1%3a2.6.4-3ubuntu5_arm64.deb ... 168s Unpacking libnfsidmap1:arm64 (1:2.6.4-3ubuntu5) ... 168s Selecting previously unselected package libnss-sudo. 168s Preparing to unpack .../30-libnss-sudo_1.9.15p5-3ubuntu5_all.deb ... 168s Unpacking libnss-sudo (1.9.15p5-3ubuntu5) ... 168s Selecting previously unselected package libpwquality-common. 168s Preparing to unpack .../31-libpwquality-common_1.4.5-3build1_all.deb ... 168s Unpacking libpwquality-common (1.4.5-3build1) ... 168s Selecting previously unselected package libpwquality1:arm64. 168s Preparing to unpack .../32-libpwquality1_1.4.5-3build1_arm64.deb ... 168s Unpacking libpwquality1:arm64 (1.4.5-3build1) ... 168s Selecting previously unselected package libpam-pwquality:arm64. 168s Preparing to unpack .../33-libpam-pwquality_1.4.5-3build1_arm64.deb ... 168s Unpacking libpam-pwquality:arm64 (1.4.5-3build1) ... 168s Selecting previously unselected package libwbclient0:arm64. 168s Preparing to unpack .../34-libwbclient0_2%3a4.19.5+dfsg-4ubuntu9_arm64.deb ... 168s Unpacking libwbclient0:arm64 (2:4.19.5+dfsg-4ubuntu9) ... 168s Selecting previously unselected package samba-libs:arm64. 168s Preparing to unpack .../35-samba-libs_2%3a4.19.5+dfsg-4ubuntu9_arm64.deb ... 168s Unpacking samba-libs:arm64 (2:4.19.5+dfsg-4ubuntu9) ... 168s Selecting previously unselected package libsmbclient0:arm64. 168s Preparing to unpack .../36-libsmbclient0_2%3a4.19.5+dfsg-4ubuntu9_arm64.deb ... 168s Unpacking libsmbclient0:arm64 (2:4.19.5+dfsg-4ubuntu9) ... 168s Selecting previously unselected package libnss-sss:arm64. 168s Preparing to unpack .../37-libnss-sss_2.9.4-1.1ubuntu6.1_arm64.deb ... 168s Unpacking libnss-sss:arm64 (2.9.4-1.1ubuntu6.1) ... 168s Selecting previously unselected package libpam-sss:arm64. 168s Preparing to unpack .../38-libpam-sss_2.9.4-1.1ubuntu6.1_arm64.deb ... 168s Unpacking libpam-sss:arm64 (2.9.4-1.1ubuntu6.1) ... 168s Selecting previously unselected package python3-sss. 168s Preparing to unpack .../39-python3-sss_2.9.4-1.1ubuntu6.1_arm64.deb ... 168s Unpacking python3-sss (2.9.4-1.1ubuntu6.1) ... 169s Selecting previously unselected package libsss-certmap0. 169s Preparing to unpack .../40-libsss-certmap0_2.9.4-1.1ubuntu6.1_arm64.deb ... 169s Unpacking libsss-certmap0 (2.9.4-1.1ubuntu6.1) ... 169s Selecting previously unselected package libsss-idmap0. 169s Preparing to unpack .../41-libsss-idmap0_2.9.4-1.1ubuntu6.1_arm64.deb ... 169s Unpacking libsss-idmap0 (2.9.4-1.1ubuntu6.1) ... 169s Selecting previously unselected package libsss-nss-idmap0. 169s Preparing to unpack .../42-libsss-nss-idmap0_2.9.4-1.1ubuntu6.1_arm64.deb ... 169s Unpacking libsss-nss-idmap0 (2.9.4-1.1ubuntu6.1) ... 169s Selecting previously unselected package sssd-common. 169s Preparing to unpack .../43-sssd-common_2.9.4-1.1ubuntu6.1_arm64.deb ... 169s Unpacking sssd-common (2.9.4-1.1ubuntu6.1) ... 169s Selecting previously unselected package sssd-idp. 169s Preparing to unpack .../44-sssd-idp_2.9.4-1.1ubuntu6.1_arm64.deb ... 169s Unpacking sssd-idp (2.9.4-1.1ubuntu6.1) ... 169s Selecting previously unselected package sssd-passkey. 169s Preparing to unpack .../45-sssd-passkey_2.9.4-1.1ubuntu6.1_arm64.deb ... 169s Unpacking sssd-passkey (2.9.4-1.1ubuntu6.1) ... 169s Selecting previously unselected package sssd-ad-common. 169s Preparing to unpack .../46-sssd-ad-common_2.9.4-1.1ubuntu6.1_arm64.deb ... 169s Unpacking sssd-ad-common (2.9.4-1.1ubuntu6.1) ... 169s Selecting previously unselected package sssd-krb5-common. 169s Preparing to unpack .../47-sssd-krb5-common_2.9.4-1.1ubuntu6.1_arm64.deb ... 169s Unpacking sssd-krb5-common (2.9.4-1.1ubuntu6.1) ... 169s Selecting previously unselected package sssd-ad. 169s Preparing to unpack .../48-sssd-ad_2.9.4-1.1ubuntu6.1_arm64.deb ... 169s Unpacking sssd-ad (2.9.4-1.1ubuntu6.1) ... 169s Selecting previously unselected package sssd-ipa. 169s Preparing to unpack .../49-sssd-ipa_2.9.4-1.1ubuntu6.1_arm64.deb ... 169s Unpacking sssd-ipa (2.9.4-1.1ubuntu6.1) ... 169s Selecting previously unselected package sssd-krb5. 169s Preparing to unpack .../50-sssd-krb5_2.9.4-1.1ubuntu6.1_arm64.deb ... 169s Unpacking sssd-krb5 (2.9.4-1.1ubuntu6.1) ... 169s Selecting previously unselected package sssd-ldap. 169s Preparing to unpack .../51-sssd-ldap_2.9.4-1.1ubuntu6.1_arm64.deb ... 169s Unpacking sssd-ldap (2.9.4-1.1ubuntu6.1) ... 169s Selecting previously unselected package sssd-proxy. 169s Preparing to unpack .../52-sssd-proxy_2.9.4-1.1ubuntu6.1_arm64.deb ... 169s Unpacking sssd-proxy (2.9.4-1.1ubuntu6.1) ... 169s Selecting previously unselected package sssd. 169s Preparing to unpack .../53-sssd_2.9.4-1.1ubuntu6.1_arm64.deb ... 169s Unpacking sssd (2.9.4-1.1ubuntu6.1) ... 169s Selecting previously unselected package sssd-dbus. 169s Preparing to unpack .../54-sssd-dbus_2.9.4-1.1ubuntu6.1_arm64.deb ... 169s Unpacking sssd-dbus (2.9.4-1.1ubuntu6.1) ... 169s Selecting previously unselected package sssd-kcm. 169s Preparing to unpack .../55-sssd-kcm_2.9.4-1.1ubuntu6.1_arm64.deb ... 169s Unpacking sssd-kcm (2.9.4-1.1ubuntu6.1) ... 169s Selecting previously unselected package sssd-tools. 169s Preparing to unpack .../56-sssd-tools_2.9.4-1.1ubuntu6.1_arm64.deb ... 169s Unpacking sssd-tools (2.9.4-1.1ubuntu6.1) ... 169s Selecting previously unselected package libipa-hbac-dev. 169s Preparing to unpack .../57-libipa-hbac-dev_2.9.4-1.1ubuntu6.1_arm64.deb ... 169s Unpacking libipa-hbac-dev (2.9.4-1.1ubuntu6.1) ... 169s Selecting previously unselected package libsss-certmap-dev. 169s Preparing to unpack .../58-libsss-certmap-dev_2.9.4-1.1ubuntu6.1_arm64.deb ... 169s Unpacking libsss-certmap-dev (2.9.4-1.1ubuntu6.1) ... 169s Selecting previously unselected package libsss-idmap-dev. 169s Preparing to unpack .../59-libsss-idmap-dev_2.9.4-1.1ubuntu6.1_arm64.deb ... 169s Unpacking libsss-idmap-dev (2.9.4-1.1ubuntu6.1) ... 169s Selecting previously unselected package libsss-nss-idmap-dev. 169s Preparing to unpack .../60-libsss-nss-idmap-dev_2.9.4-1.1ubuntu6.1_arm64.deb ... 169s Unpacking libsss-nss-idmap-dev (2.9.4-1.1ubuntu6.1) ... 169s Selecting previously unselected package libsss-sudo. 169s Preparing to unpack .../61-libsss-sudo_2.9.4-1.1ubuntu6.1_arm64.deb ... 169s Unpacking libsss-sudo (2.9.4-1.1ubuntu6.1) ... 169s Selecting previously unselected package python3-libipa-hbac. 169s Preparing to unpack .../62-python3-libipa-hbac_2.9.4-1.1ubuntu6.1_arm64.deb ... 169s Unpacking python3-libipa-hbac (2.9.4-1.1ubuntu6.1) ... 169s Selecting previously unselected package python3-libsss-nss-idmap. 169s Preparing to unpack .../63-python3-libsss-nss-idmap_2.9.4-1.1ubuntu6.1_arm64.deb ... 169s Unpacking python3-libsss-nss-idmap (2.9.4-1.1ubuntu6.1) ... 169s Selecting previously unselected package autopkgtest-satdep. 169s Preparing to unpack .../64-1-autopkgtest-satdep.deb ... 169s Unpacking autopkgtest-satdep (0) ... 169s Setting up libpwquality-common (1.4.5-3build1) ... 169s Setting up libnfsidmap1:arm64 (1:2.6.4-3ubuntu5) ... 169s Setting up libsss-idmap0 (2.9.4-1.1ubuntu6.1) ... 169s Setting up libbasicobjects0t64:arm64 (0.6.2-2.1build1) ... 169s Setting up libipa-hbac0t64 (2.9.4-1.1ubuntu6.1) ... 169s Setting up libsss-idmap-dev (2.9.4-1.1ubuntu6.1) ... 169s Setting up libref-array1t64:arm64 (0.6.2-2.1build1) ... 169s Setting up libipa-hbac-dev (2.9.4-1.1ubuntu6.1) ... 169s Setting up libtdb1:arm64 (1.4.10-1build1) ... 169s Setting up libcollection4t64:arm64 (0.6.2-2.1build1) ... 169s Setting up libevent-2.1-7t64:arm64 (2.1.12-stable-9ubuntu2) ... 169s Setting up ldap-utils (2.6.7+dfsg-1~exp1ubuntu8.1) ... 169s Setting up libjose0:arm64 (13-1) ... 169s Setting up libwbclient0:arm64 (2:4.19.5+dfsg-4ubuntu9) ... 169s Setting up libtalloc2:arm64 (2.4.2-1build2) ... 169s Setting up libpath-utils1t64:arm64 (0.6.2-2.1build1) ... 169s Setting up libavahi-common-data:arm64 (0.8-13ubuntu6) ... 169s Setting up libcares2:arm64 (1.27.0-1.0ubuntu1) ... 169s Setting up libdhash1t64:arm64 (0.6.2-2.1build1) ... 169s Setting up libtcl8.6:arm64 (8.6.14+dfsg-1build1) ... 169s Setting up libltdl7:arm64 (2.4.7-7build1) ... 169s Setting up libcrack2:arm64 (2.9.6-5.1build2) ... 169s Setting up libodbc2:arm64 (2.3.12-1ubuntu0.24.04.1) ... 169s Setting up python3-libipa-hbac (2.9.4-1.1ubuntu6.1) ... 169s Setting up libnss-sudo (1.9.15p5-3ubuntu5) ... 169s Setting up libsss-nss-idmap0 (2.9.4-1.1ubuntu6.1) ... 169s Setting up libini-config5t64:arm64 (0.6.2-2.1build1) ... 169s Setting up libtevent0t64:arm64 (0.16.1-2build1) ... 169s Setting up libnss-sss:arm64 (2.9.4-1.1ubuntu6.1) ... 170s Setting up slapd (2.6.7+dfsg-1~exp1ubuntu8.1) ... 170s Creating new user openldap... done. 170s Creating initial configuration... done. 170s Creating LDAP directory... done. 170s Setting up tcl8.6 (8.6.14+dfsg-1build1) ... 170s Setting up libsss-sudo (2.9.4-1.1ubuntu6.1) ... 170s Setting up libsss-nss-idmap-dev (2.9.4-1.1ubuntu6.1) ... 170s Setting up libavahi-common3:arm64 (0.8-13ubuntu6) ... 170s Setting up tcl-expect:arm64 (5.45.4-3) ... 170s Setting up libsss-certmap0 (2.9.4-1.1ubuntu6.1) ... 170s Setting up libpwquality1:arm64 (1.4.5-3build1) ... 170s Setting up python3-libsss-nss-idmap (2.9.4-1.1ubuntu6.1) ... 170s Setting up libldb2:arm64 (2:2.8.0+samba4.19.5+dfsg-4ubuntu9) ... 170s Setting up libavahi-client3:arm64 (0.8-13ubuntu6) ... 170s Setting up expect (5.45.4-3) ... 170s Setting up libpam-pwquality:arm64 (1.4.5-3build1) ... 171s Setting up samba-libs:arm64 (2:4.19.5+dfsg-4ubuntu9) ... 171s Setting up libsss-certmap-dev (2.9.4-1.1ubuntu6.1) ... 171s Setting up python3-sss (2.9.4-1.1ubuntu6.1) ... 171s Setting up libsmbclient0:arm64 (2:4.19.5+dfsg-4ubuntu9) ... 171s Setting up libpam-sss:arm64 (2.9.4-1.1ubuntu6.1) ... 171s Setting up sssd-common (2.9.4-1.1ubuntu6.1) ... 171s Creating SSSD system user & group... 171s warn: The home directory `/var/lib/sss' already exists. Not touching this directory. 171s warn: Warning: The home directory `/var/lib/sss' does not belong to the user you are currently creating. 171s Warning: found usr.sbin.sssd in /etc/apparmor.d/force-complain, forcing complain mode 171s Warning from /etc/apparmor.d/usr.sbin.sssd (/etc/apparmor.d/usr.sbin.sssd line 63): Caching disabled for: 'usr.sbin.sssd' due to force complain 172s Created symlink /etc/systemd/system/sssd.service.wants/sssd-autofs.socket → /usr/lib/systemd/system/sssd-autofs.socket. 172s Created symlink /etc/systemd/system/sssd.service.wants/sssd-nss.socket → /usr/lib/systemd/system/sssd-nss.socket. 172s Created symlink /etc/systemd/system/sssd.service.wants/sssd-pam-priv.socket → /usr/lib/systemd/system/sssd-pam-priv.socket. 172s Created symlink /etc/systemd/system/sssd.service.wants/sssd-pam.socket → /usr/lib/systemd/system/sssd-pam.socket. 173s Created symlink /etc/systemd/system/sssd.service.wants/sssd-ssh.socket → /usr/lib/systemd/system/sssd-ssh.socket. 173s Created symlink /etc/systemd/system/sssd.service.wants/sssd-sudo.socket → /usr/lib/systemd/system/sssd-sudo.socket. 173s Created symlink /etc/systemd/system/multi-user.target.wants/sssd.service → /usr/lib/systemd/system/sssd.service. 174s sssd-autofs.service is a disabled or a static unit, not starting it. 174s sssd-nss.service is a disabled or a static unit, not starting it. 174s sssd-pam.service is a disabled or a static unit, not starting it. 174s sssd-ssh.service is a disabled or a static unit, not starting it. 174s sssd-sudo.service is a disabled or a static unit, not starting it. 174s Could not execute systemctl: at /usr/bin/deb-systemd-invoke line 148. 174s Setting up sssd-proxy (2.9.4-1.1ubuntu6.1) ... 174s Setting up sssd-kcm (2.9.4-1.1ubuntu6.1) ... 174s Created symlink /etc/systemd/system/sockets.target.wants/sssd-kcm.socket → /usr/lib/systemd/system/sssd-kcm.socket. 174s sssd-kcm.service is a disabled or a static unit, not starting it. 174s Setting up sssd-dbus (2.9.4-1.1ubuntu6.1) ... 175s sssd-ifp.service is a disabled or a static unit, not starting it. 175s Setting up sssd-ad-common (2.9.4-1.1ubuntu6.1) ... 175s Created symlink /etc/systemd/system/sssd.service.wants/sssd-pac.socket → /usr/lib/systemd/system/sssd-pac.socket. 175s sssd-pac.service is a disabled or a static unit, not starting it. 175s Could not execute systemctl: at /usr/bin/deb-systemd-invoke line 148. 175s Setting up sssd-krb5-common (2.9.4-1.1ubuntu6.1) ... 175s Setting up sssd-krb5 (2.9.4-1.1ubuntu6.1) ... 175s Setting up sssd-ldap (2.9.4-1.1ubuntu6.1) ... 175s Setting up sssd-ad (2.9.4-1.1ubuntu6.1) ... 175s Setting up sssd-tools (2.9.4-1.1ubuntu6.1) ... 175s Setting up sssd-ipa (2.9.4-1.1ubuntu6.1) ... 175s Setting up sssd (2.9.4-1.1ubuntu6.1) ... 175s Setting up libverto-libevent1t64:arm64 (0.3.1-1.2ubuntu3) ... 175s Setting up libverto1t64:arm64 (0.3.1-1.2ubuntu3) ... 175s Setting up libkrad0:arm64 (1.20.1-6ubuntu2.2) ... 175s Setting up sssd-passkey (2.9.4-1.1ubuntu6.1) ... 175s Setting up sssd-idp (2.9.4-1.1ubuntu6.1) ... 175s Setting up autopkgtest-satdep (0) ... 175s Processing triggers for libc-bin (2.39-0ubuntu8.3) ... 175s Processing triggers for ufw (0.36.2-6) ... 175s Processing triggers for man-db (2.12.0-4build2) ... 177s Processing triggers for dbus (1.14.10-4ubuntu4.1) ... 188s (Reading database ... 79412 files and directories currently installed.) 188s Removing autopkgtest-satdep (0) ... 188s autopkgtest [21:10:06]: test ldap-user-group-ldap-auth: [----------------------- 188s + . debian/tests/util 188s + . debian/tests/common-tests 188s + mydomain=example.com 188s + myhostname=ldap.example.com 188s + mysuffix=dc=example,dc=com 188s + admin_dn=cn=admin,dc=example,dc=com 188s + admin_pw=secret 188s + ldap_user=testuser1 188s + ldap_user_pw=testuser1secret 188s + ldap_group=ldapusers 188s + adjust_hostname ldap.example.com 188s + local myhostname=ldap.example.com 188s + echo ldap.example.com 188s + hostname ldap.example.com 188s + grep -qE ldap.example.com /etc/hosts 188s + echo 127.0.1.10 ldap.example.com 188s + reconfigure_slapd 188s + debconf-set-selections 189s + rm -rf /var/backups/*slapd* /var/backups/unknown*ldapdb 189s + dpkg-reconfigure -fnoninteractive -pcritical slapd 189s Backing up /etc/ldap/slapd.d in /var/backups/slapd-2.6.7+dfsg-1~exp1ubuntu8.1... done. 189s Moving old database directory to /var/backups: 189s - directory unknown... done. 189s Creating initial configuration... done. 189s Creating LDAP directory... done. 189s + generate_certs ldap.example.com 189s + local cn=ldap.example.com 189s + local cert=/etc/ldap/server.pem 189s + local key=/etc/ldap/server.key 189s + local cnf=/etc/ldap/openssl.cnf 189s + cat 189s + openssl req -new -x509 -nodes -out /etc/ldap/server.pem -keyout /etc/ldap/server.key -config /etc/ldap/openssl.cnf 189s ...............++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 189s ......................++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 189s ----- 189s + chmod 0640 /etc/ldap/server.key 189s + chgrp openldap /etc/ldap/server.key 189s + [ ! -f /etc/ldap/server.pem ] 189s + [ ! -f /etc/ldap/server.key ] 189s + enable_ldap_ssl 189s + cat 189s + cat 189s + ldapmodify -H ldapi:/// -Y EXTERNAL -Q 189s + populate_ldap_rfc2307 189s + cat 189s + ldapadd -x -D cn=admin,dc=example,dc=com -w secret 189s modifying entry "cn=config" 189s 189s adding new entry "ou=People,dc=example,dc=com" 189s 189s adding new entry "ou=Group,dc=example,dc=com" 189s 189s adding new entry "uid=testuser1,ou=People,dc=example,dc=com" 189s 189s adding new entry "cn=testuser1,ou=Group,dc=example,dc=com" 189s 189s adding new entry "cn=ldapusers,ou=Group,dc=example,dc=com" 189s 189s + configure_sssd_ldap_rfc2307 189s + cat 189s + chmod 0600 /etc/sssd/sssd.conf 189s + systemctl restart sssd 190s + enable_pam_mkhomedir 190s + grep -qE ^session.*pam_mkhomedir\.so /etc/pam.d/common-session 190s + echo session optional pam_mkhomedir.so 190s + run_common_tests 190s + echo Assert local user databases do not have our LDAP test data 190s + check_local_user testuser1 190s + local local_user=testuser1 190s + grep -q ^testuser1 /etc/passwd 190s Assert local user databases do not have our LDAP test data 190s + check_local_group testuser1 190s + local local_group=testuser1 190s + grep -q ^testuser1 /etc/group 190s + check_local_group ldapusers 190s + local local_group=ldapusers 190s + grep -q ^ldapusers /etc/group 190s + echo The LDAP user is known to the system via getent 190s + check_getent_user testuser1 190s + local getent_user=testuser1 190s + local output 190s + getent passwd testuser1 190s The LDAP user is known to the system via getent 190s + output=testuser1:*:10001:10001:testuser1:/home/testuser1:/bin/bash 190s + [ -z testuser1:*:10001:10001:testuser1:/home/testuser1:/bin/bash ] 190s + echo The LDAP user's private group is known to the system via getent 190s + check_getent_group testuser1 190s + local getent_group=testuser1 190s + local output 190s + getent group testuser1 190s The LDAP user's private group is known to the system via getent 190s The LDAP group ldapusers is known to the system via getent 190s + output=testuser1:*:10001:testuser1 190s + [ -z testuser1:*:10001:testuser1 ] 190s + echo The LDAP group ldapusers is known to the system via getent 190s + check_getent_group ldapusers 190s + local getent_group=ldapusers 190s + local output 190s + getent group ldapusers 190s + output=ldapusers:*:10100:testuser1 190s + [ -z ldapusers:*:10100:testuser1 ] 190s + echo The id(1) command can resolve the group membership of the LDAP user 190s The id(1) command can resolve the group membership of the LDAP user 190s + id -Gn testuser1 190s The LDAP user can login on a terminal 190s + output=testuser1 ldapusers 190s + [ testuser1 ldapusers != testuser1 ldapusers ] 190s + echo The LDAP user can login on a terminal 190s + /usr/bin/expect -f debian/tests/login.exp testuser1 testuser1secret 190s spawn login 190s ldap.example.com login: testuser1 190s Password: 190s Welcome to Ubuntu 24.04.1 LTS (GNU/Linux 6.8.0-48-generic aarch64) 190s 190s * Documentation: https://help.ubuntu.com 190s * Management: https://landscape.canonical.com 190s * Support: https://ubuntu.com/pro 190s 190s 190s The programs included with the Ubuntu system are free software; 190s the exact distribution terms for each program are described in the 190s individual files in /usr/share/doc/*/copyright. 190s 190s Ubuntu comes with ABSOLUTELY NO WARRANTY, to the extent permitted by 190s applicable law. 190s 190s 190s The programs included with the Ubuntu system are free software; 190s the exact distribution terms for each program are described in the 190s individual files in /usr/share/doc/*/copyright. 190s 190s Ubuntu comes with ABSOLUTELY NO WARRANTY, to the extent permitted by 190s applicable law. 190s 190s Creating directory '/home/testuser1'. 190s [?2004htestuser1@ldap:~$ id -un 190s [?2004l testuser1 190s [?2004htestuser1@ldap:~$ autopkgtest [21:10:08]: test ldap-user-group-ldap-auth: -----------------------] 191s ldap-user-group-ldap-auth PASS 191s autopkgtest [21:10:09]: test ldap-user-group-ldap-auth: - - - - - - - - - - results - - - - - - - - - - 191s autopkgtest [21:10:09]: test ldap-user-group-krb5-auth: preparing testbed 194s Reading package lists... 194s Building dependency tree... 194s Reading state information... 194s Starting pkgProblemResolver with broken count: 0 195s Starting 2 pkgProblemResolver with broken count: 0 195s Done 195s The following additional packages will be installed: 195s krb5-admin-server krb5-config krb5-kdc krb5-user libgssrpc4t64 195s libkadm5clnt-mit12 libkadm5srv-mit12 libkdb5-10t64 195s Suggested packages: 195s krb5-kdc-ldap krb5-kpropd krb5-k5tls krb5-doc 195s The following NEW packages will be installed: 195s autopkgtest-satdep krb5-admin-server krb5-config krb5-kdc krb5-user 195s libgssrpc4t64 libkadm5clnt-mit12 libkadm5srv-mit12 libkdb5-10t64 195s 0 upgraded, 9 newly installed, 0 to remove and 0 not upgraded. 195s Need to get 597 kB/598 kB of archives. 195s After this operation, 2914 kB of additional disk space will be used. 195s Get:1 /tmp/autopkgtest.HpidOX/2-autopkgtest-satdep.deb autopkgtest-satdep arm64 0 [892 B] 196s Get:2 http://ftpmaster.internal/ubuntu noble/main arm64 krb5-config all 2.7 [22.0 kB] 196s Get:3 http://ftpmaster.internal/ubuntu noble-proposed/main arm64 libgssrpc4t64 arm64 1.20.1-6ubuntu2.2 [57.9 kB] 196s Get:4 http://ftpmaster.internal/ubuntu noble-proposed/main arm64 libkadm5clnt-mit12 arm64 1.20.1-6ubuntu2.2 [40.0 kB] 196s Get:5 http://ftpmaster.internal/ubuntu noble-proposed/main arm64 libkdb5-10t64 arm64 1.20.1-6ubuntu2.2 [40.5 kB] 196s Get:6 http://ftpmaster.internal/ubuntu noble-proposed/main arm64 libkadm5srv-mit12 arm64 1.20.1-6ubuntu2.2 [53.4 kB] 196s Get:7 http://ftpmaster.internal/ubuntu noble-proposed/universe arm64 krb5-user arm64 1.20.1-6ubuntu2.2 [108 kB] 196s Get:8 http://ftpmaster.internal/ubuntu noble-proposed/universe arm64 krb5-kdc arm64 1.20.1-6ubuntu2.2 [180 kB] 196s Get:9 http://ftpmaster.internal/ubuntu noble-proposed/universe arm64 krb5-admin-server arm64 1.20.1-6ubuntu2.2 [94.9 kB] 196s Preconfiguring packages ... 198s Fetched 597 kB in 1s (1080 kB/s) 198s Selecting previously unselected package krb5-config. 198s (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 79412 files and directories currently installed.) 198s Preparing to unpack .../0-krb5-config_2.7_all.deb ... 198s Unpacking krb5-config (2.7) ... 198s Selecting previously unselected package libgssrpc4t64:arm64. 198s Preparing to unpack .../1-libgssrpc4t64_1.20.1-6ubuntu2.2_arm64.deb ... 198s Unpacking libgssrpc4t64:arm64 (1.20.1-6ubuntu2.2) ... 198s Selecting previously unselected package libkadm5clnt-mit12:arm64. 198s Preparing to unpack .../2-libkadm5clnt-mit12_1.20.1-6ubuntu2.2_arm64.deb ... 198s Unpacking libkadm5clnt-mit12:arm64 (1.20.1-6ubuntu2.2) ... 198s Selecting previously unselected package libkdb5-10t64:arm64. 198s Preparing to unpack .../3-libkdb5-10t64_1.20.1-6ubuntu2.2_arm64.deb ... 198s Unpacking libkdb5-10t64:arm64 (1.20.1-6ubuntu2.2) ... 198s Selecting previously unselected package libkadm5srv-mit12:arm64. 198s Preparing to unpack .../4-libkadm5srv-mit12_1.20.1-6ubuntu2.2_arm64.deb ... 198s Unpacking libkadm5srv-mit12:arm64 (1.20.1-6ubuntu2.2) ... 198s Selecting previously unselected package krb5-user. 198s Preparing to unpack .../5-krb5-user_1.20.1-6ubuntu2.2_arm64.deb ... 198s Unpacking krb5-user (1.20.1-6ubuntu2.2) ... 198s Selecting previously unselected package krb5-kdc. 198s Preparing to unpack .../6-krb5-kdc_1.20.1-6ubuntu2.2_arm64.deb ... 198s Unpacking krb5-kdc (1.20.1-6ubuntu2.2) ... 198s Selecting previously unselected package krb5-admin-server. 198s Preparing to unpack .../7-krb5-admin-server_1.20.1-6ubuntu2.2_arm64.deb ... 198s Unpacking krb5-admin-server (1.20.1-6ubuntu2.2) ... 198s Selecting previously unselected package autopkgtest-satdep. 198s Preparing to unpack .../8-2-autopkgtest-satdep.deb ... 198s Unpacking autopkgtest-satdep (0) ... 198s Setting up libgssrpc4t64:arm64 (1.20.1-6ubuntu2.2) ... 198s Setting up krb5-config (2.7) ... 198s Setting up libkadm5clnt-mit12:arm64 (1.20.1-6ubuntu2.2) ... 198s Setting up libkdb5-10t64:arm64 (1.20.1-6ubuntu2.2) ... 198s Setting up libkadm5srv-mit12:arm64 (1.20.1-6ubuntu2.2) ... 198s Setting up krb5-user (1.20.1-6ubuntu2.2) ... 198s update-alternatives: using /usr/bin/kinit.mit to provide /usr/bin/kinit (kinit) in auto mode 198s update-alternatives: using /usr/bin/klist.mit to provide /usr/bin/klist (klist) in auto mode 198s update-alternatives: using /usr/bin/kswitch.mit to provide /usr/bin/kswitch (kswitch) in auto mode 198s update-alternatives: using /usr/bin/ksu.mit to provide /usr/bin/ksu (ksu) in auto mode 198s update-alternatives: using /usr/bin/kpasswd.mit to provide /usr/bin/kpasswd (kpasswd) in auto mode 198s update-alternatives: using /usr/bin/kdestroy.mit to provide /usr/bin/kdestroy (kdestroy) in auto mode 198s update-alternatives: using /usr/bin/kadmin.mit to provide /usr/bin/kadmin (kadmin) in auto mode 198s update-alternatives: using /usr/bin/ktutil.mit to provide /usr/bin/ktutil (ktutil) in auto mode 198s Setting up krb5-kdc (1.20.1-6ubuntu2.2) ... 199s Created symlink /etc/systemd/system/multi-user.target.wants/krb5-kdc.service → /usr/lib/systemd/system/krb5-kdc.service. 199s Could not execute systemctl: at /usr/bin/deb-systemd-invoke line 148. 199s Setting up krb5-admin-server (1.20.1-6ubuntu2.2) ... 200s Created symlink /etc/systemd/system/multi-user.target.wants/krb5-admin-server.service → /usr/lib/systemd/system/krb5-admin-server.service. 200s Setting up autopkgtest-satdep (0) ... 200s Processing triggers for man-db (2.12.0-4build2) ... 201s Processing triggers for libc-bin (2.39-0ubuntu8.3) ... 209s (Reading database ... 79507 files and directories currently installed.) 209s Removing autopkgtest-satdep (0) ... 209s autopkgtest [21:10:27]: test ldap-user-group-krb5-auth: [----------------------- 210s + . debian/tests/util 210s + . debian/tests/common-tests 210s + mydomain=example.com 210s + myhostname=ldap.example.com 210s + mysuffix=dc=example,dc=com 210s + myrealm=EXAMPLE.COM 210s + admin_dn=cn=admin,dc=example,dc=com 210s + admin_pw=secret 210s + ldap_user=testuser1 210s + ldap_user_pw=testuser1secret 210s + kerberos_principal_pw=testuser1kerberos 210s + ldap_group=ldapusers 210s + adjust_hostname ldap.example.com 210s + local myhostname=ldap.example.com 210s + echo ldap.example.com 210s + hostname ldap.example.com 210s + grep -qE ldap.example.com /etc/hosts 210s + reconfigure_slapd 210s + debconf-set-selections 210s + rm -rf /var/backups/slapd-2.6.7+dfsg-1~exp1ubuntu8.1 /var/backups/unknown-2.6.7+dfsg-1~exp1ubuntu8.1-20241115-211007.ldapdb 210s + dpkg-reconfigure -fnoninteractive -pcritical slapd 210s Backing up /etc/ldap/slapd.d in /var/backups/slapd-2.6.7+dfsg-1~exp1ubuntu8.1... done. 210s Moving old database directory to /var/backups: 210s - directory unknown... done. 210s Creating initial configuration... done. 210s Creating LDAP directory... done. 211s + generate_certs ldap.example.com 211s + local cn=ldap.example.com 211s + local cert=/etc/ldap/server.pem 211s + local key=/etc/ldap/server.key 211s + local cnf=/etc/ldap/openssl.cnf 211s + cat 211s + openssl req -new -x509 -nodes -out /etc/ldap/server.pem -keyout /etc/ldap/server.key -config /etc/ldap/openssl.cnf 211s ...............................++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 211s .................................................................................................................................................................................++++++++++++++++++++++++++++++++++++++++modifying entry "cn=config" 211s 211s adding new entry "ou=People,dc=example,dc=com" 211s 211s adding new entry "ou=Group,dc=example,dc=com" 211s 211s adding new entry "uid=testuser1,ou=People,dc=example,dc=com" 211s 211s adding new entry "cn=testuser1,ou=Group,dc=example,dc=com" 211s 211s adding new entry "cn=ldapusers,ou=Group,dc=example,dc=com" 211s 211s ++++++++++++++++++++++++ 211s ----- 211s + chmod 0640 /etc/ldap/server.key 211s + chgrp openldap /etc/ldap/server.key 211s + [ ! -f /etc/ldap/server.pem ] 211s + [ ! -f /etc/ldap/server.key ] 211s + enable_ldap_ssl 211s + cat 211s + cat 211s + ldapmodify -H ldapi:/// -Y EXTERNAL -Q 211s + populate_ldap_rfc2307 211s + cat 211s + ldapadd -x -D cn=admin,dc=example,dc=com -w secret 211s + create_realm EXAMPLE.COM ldap.example.com 211s + local realm_name=EXAMPLE.COM 211s + local kerberos_server=ldap.example.com 211s + rm -rf /var/lib/krb5kdc/* 211s + rm -rf /etc/krb5kdc/kdc.conf 211s + rm -f /etc/krb5.keytab 211s + cat 211s + cat 211s + echo # */admin * 211s + kdb5_util create -s -P secretpassword 211s Initializing database '/var/lib/krb5kdc/principal' for realm 'EXAMPLE.COM', 211s master key name 'K/M@EXAMPLE.COM' 211s + systemctl restart krb5-kdc.service krb5-admin-server.service 211s + create_krb_principal testuser1 testuser1kerberos 211s + local principal=testuser1 211s + local password=testuser1kerberos 211s + kadmin.local -q addprinc -pw testuser1kerberos testuser1 211s No policy specified for testuser1@EXAMPLE.COM; defaulting to no policy 211s Authenticating as principal root/admin@EXAMPLE.COM with password. 211s Principal "testuser1@EXAMPLE.COM" created. 211s + configure_sssd_ldap_rfc2307_krb5_auth 211s + cat 211s + chmod 0600 /etc/sssd/sssd.conf 211s + systemctl restart sssd 211s + enable_pam_mkhomedir 211s + grep -qE ^session.*pam_mkhomedir\.so /etc/pam.d/common-session 211s + run_common_tests 211s + echo Assert local user databases do not have our LDAP test data 211s + check_local_user testuser1 211s + local local_user=testuser1 211s + grep -q ^testuser1 /etc/passwd 211s Assert local user databases do not have our LDAP test data 211s + check_local_group testuser1 211s + local local_group=testuser1 211s + grep -q ^testuser1 /etc/group 211s + check_local_group ldapusers 211s + local local_group=ldapusers 211s + grep -q ^ldapusers /etc/group 211s + echoThe LDAP user is known to the system via getent 211s The LDAP user is known to the system via getent 211s + check_getent_user testuser1 211s + local getent_user=testuser1 211s + local output 211s + getent passwd testuser1 211s + output=testuser1:*:10001:10001:testuser1:/home/testuser1:/bin/bash 211s + [ -z testuser1:*:10001:10001:testuser1:/home/testuser1:/bin/bash ] 211s + echo The LDAP user's private group is known to the system via getent 211s The LDAP user's private group is known to the system via getent 211s + check_getent_group testuser1 211s + local getent_group=testuser1 211s + local output 211s + getent group testuser1 211s The LDAP group ldapusers is known to the system via getent 211s + output=testuser1:*:10001:testuser1 211s + [ -z testuser1:*:10001:testuser1 ] 211s + echo The LDAP group ldapusers is known to the system via getent 211s + check_getent_group ldapusers 211s + local getent_group=ldapusers 211s + local output 211s + getent group ldapusers 211s The id(1) command can resolve the group membership of the LDAP user 211s + output=ldapusers:*:10100:testuser1 211s + [ -z ldapusers:*:10100:testuser1 ] 211s + echo The id(1) command can resolve the group membership of the LDAP user 211s + id -Gn testuser1 211s + output=testuser1 ldapusers 211s + [ testuser1 ldapusers != testuser1 ldapusers ] 211s + echo The Kerberos principal can login on a terminal 211s + kdestroy 211s The Kerberos principal can login on a terminal 211s + /usr/bin/expect -f debian/tests/login.exp testuser1 testuser1kerberos testuser1@EXAMPLE.COM 211s spawn login 211s ldap.example.com login: testuser1 211s Password: 211s Welcome to Ubuntu 24.04.1 LTS (GNU/Linux 6.8.0-48-generic aarch64) 211s 211s * Documentation: https://help.ubuntu.com 211s * Management: https://landscape.canonical.com 211s * Support: https://ubuntu.com/pro 211s 211s 211s The programs included with the Ubuntu system are free software; 211s the exact distribution terms for each program are described in the 211s individual files in /usr/share/doc/*/copyright. 211s 211s Ubuntu comes with ABSOLUTELY NO WARRANTY, to the extent permitted by 211s applicable law. 211s 211s [?2004htestuser1@ldap:~$ id -un 211s [?2004l testuser1 211s [?2004htestuser1@ldap:~$ klist 211s [?2004l Ticket cache: FILE:/tmp/krb5cc_10001_FtaIyd 211s Default principal: testuser1@EXAMPLE.COM 211s 211s Valid starting Expires Service principal 211s 11/15/24 21:10:29 11/16/24 07:10:29 krbtgt/EXAMPLE.COM@EXAMPLE.COM 211s renew until 11/16/24 21:10:29 212s autopkgtest [21:10:30]: test ldap-user-group-krb5-auth: -----------------------] 212s autopkgtest [21:10:30]: test ldap-user-group-krb5-auth: - - - - - - - - - - results - - - - - - - - - - 212s ldap-user-group-krb5-auth PASS 213s autopkgtest [21:10:31]: test sssd-softhism2-certificates-tests.sh: preparing testbed 594s autopkgtest [21:16:52]: testbed dpkg architecture: arm64 594s autopkgtest [21:16:52]: testbed apt version: 2.7.14build2 594s autopkgtest [21:16:52]: @@@@@@@@@@@@@@@@@@@@ test bed setup 595s Get:1 http://ftpmaster.internal/ubuntu noble-proposed InRelease [265 kB] 596s Get:2 http://ftpmaster.internal/ubuntu noble-proposed/restricted Sources [3240 B] 596s Get:3 http://ftpmaster.internal/ubuntu noble-proposed/universe Sources [88.3 kB] 596s Get:4 http://ftpmaster.internal/ubuntu noble-proposed/main Sources [78.5 kB] 596s Get:5 http://ftpmaster.internal/ubuntu noble-proposed/main arm64 Packages [185 kB] 596s Get:6 http://ftpmaster.internal/ubuntu noble-proposed/main arm64 c-n-f Metadata [3756 B] 596s Get:7 http://ftpmaster.internal/ubuntu noble-proposed/restricted arm64 Packages [69.3 kB] 596s Get:8 http://ftpmaster.internal/ubuntu noble-proposed/restricted arm64 c-n-f Metadata [352 B] 596s Get:9 http://ftpmaster.internal/ubuntu noble-proposed/universe arm64 Packages [617 kB] 596s Get:10 http://ftpmaster.internal/ubuntu noble-proposed/universe arm64 c-n-f Metadata [9620 B] 596s Get:11 http://ftpmaster.internal/ubuntu noble-proposed/multiverse arm64 c-n-f Metadata [344 B] 599s Fetched 1321 kB in 1s (1390 kB/s) 599s Reading package lists... 601s Reading package lists... 602s Building dependency tree... 602s Reading state information... 602s Calculating upgrade... 603s The following packages will be upgraded: 603s libnss-systemd libpam-systemd libsystemd-shared libsystemd0 libudev1 603s openssh-client openssh-server openssh-sftp-server systemd systemd-dev 603s systemd-resolved systemd-sysv systemd-timesyncd udev 603s 14 upgraded, 0 newly installed, 0 to remove and 0 not upgraded. 603s Need to get 10.1 MB of archives. 603s After this operation, 66.6 kB of additional disk space will be used. 603s Get:1 http://ftpmaster.internal/ubuntu noble-proposed/main arm64 libnss-systemd arm64 255.4-1ubuntu8.5 [155 kB] 603s Get:2 http://ftpmaster.internal/ubuntu noble-proposed/main arm64 systemd-dev all 255.4-1ubuntu8.5 [104 kB] 603s Get:3 http://ftpmaster.internal/ubuntu noble-proposed/main arm64 systemd-timesyncd arm64 255.4-1ubuntu8.5 [34.8 kB] 603s Get:4 http://ftpmaster.internal/ubuntu noble-proposed/main arm64 systemd-resolved arm64 255.4-1ubuntu8.5 [291 kB] 603s Get:5 http://ftpmaster.internal/ubuntu noble-proposed/main arm64 libsystemd-shared arm64 255.4-1ubuntu8.5 [2017 kB] 604s Get:6 http://ftpmaster.internal/ubuntu noble-proposed/main arm64 libsystemd0 arm64 255.4-1ubuntu8.5 [425 kB] 604s Get:7 http://ftpmaster.internal/ubuntu noble-proposed/main arm64 systemd-sysv arm64 255.4-1ubuntu8.5 [11.9 kB] 604s Get:8 http://ftpmaster.internal/ubuntu noble-proposed/main arm64 libpam-systemd arm64 255.4-1ubuntu8.5 [232 kB] 604s Get:9 http://ftpmaster.internal/ubuntu noble-proposed/main arm64 systemd arm64 255.4-1ubuntu8.5 [3404 kB] 604s Get:10 http://ftpmaster.internal/ubuntu noble-proposed/main arm64 udev arm64 255.4-1ubuntu8.5 [1852 kB] 604s Get:11 http://ftpmaster.internal/ubuntu noble-proposed/main arm64 libudev1 arm64 255.4-1ubuntu8.5 [173 kB] 604s Get:12 http://ftpmaster.internal/ubuntu noble-proposed/main arm64 openssh-sftp-server arm64 1:9.6p1-3ubuntu13.7 [36.8 kB] 604s Get:13 http://ftpmaster.internal/ubuntu noble-proposed/main arm64 openssh-server arm64 1:9.6p1-3ubuntu13.7 [501 kB] 604s Get:14 http://ftpmaster.internal/ubuntu noble-proposed/main arm64 openssh-client arm64 1:9.6p1-3ubuntu13.7 [887 kB] 604s Preconfiguring packages ... 604s Fetched 10.1 MB in 1s (12.1 MB/s) 605s (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 78121 files and directories currently installed.) 605s Preparing to unpack .../0-libnss-systemd_255.4-1ubuntu8.5_arm64.deb ... 605s Unpacking libnss-systemd:arm64 (255.4-1ubuntu8.5) over (255.4-1ubuntu8.4) ... 605s Preparing to unpack .../1-systemd-dev_255.4-1ubuntu8.5_all.deb ... 605s Unpacking systemd-dev (255.4-1ubuntu8.5) over (255.4-1ubuntu8.4) ... 605s Preparing to unpack .../2-systemd-timesyncd_255.4-1ubuntu8.5_arm64.deb ... 605s Unpacking systemd-timesyncd (255.4-1ubuntu8.5) over (255.4-1ubuntu8.4) ... 605s Preparing to unpack .../3-systemd-resolved_255.4-1ubuntu8.5_arm64.deb ... 605s Unpacking systemd-resolved (255.4-1ubuntu8.5) over (255.4-1ubuntu8.4) ... 605s Preparing to unpack .../4-libsystemd-shared_255.4-1ubuntu8.5_arm64.deb ... 605s Unpacking libsystemd-shared:arm64 (255.4-1ubuntu8.5) over (255.4-1ubuntu8.4) ... 605s Preparing to unpack .../5-libsystemd0_255.4-1ubuntu8.5_arm64.deb ... 605s Unpacking libsystemd0:arm64 (255.4-1ubuntu8.5) over (255.4-1ubuntu8.4) ... 605s Setting up libsystemd0:arm64 (255.4-1ubuntu8.5) ... 605s (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 78121 files and directories currently installed.) 605s Preparing to unpack .../systemd-sysv_255.4-1ubuntu8.5_arm64.deb ... 605s Unpacking systemd-sysv (255.4-1ubuntu8.5) over (255.4-1ubuntu8.4) ... 605s Preparing to unpack .../libpam-systemd_255.4-1ubuntu8.5_arm64.deb ... 605s Unpacking libpam-systemd:arm64 (255.4-1ubuntu8.5) over (255.4-1ubuntu8.4) ... 605s Preparing to unpack .../systemd_255.4-1ubuntu8.5_arm64.deb ... 605s Unpacking systemd (255.4-1ubuntu8.5) over (255.4-1ubuntu8.4) ... 605s Preparing to unpack .../udev_255.4-1ubuntu8.5_arm64.deb ... 605s Unpacking udev (255.4-1ubuntu8.5) over (255.4-1ubuntu8.4) ... 606s Preparing to unpack .../libudev1_255.4-1ubuntu8.5_arm64.deb ... 606s Unpacking libudev1:arm64 (255.4-1ubuntu8.5) over (255.4-1ubuntu8.4) ... 606s Setting up libudev1:arm64 (255.4-1ubuntu8.5) ... 606s (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 78121 files and directories currently installed.) 606s Preparing to unpack .../openssh-sftp-server_1%3a9.6p1-3ubuntu13.7_arm64.deb ... 606s Unpacking openssh-sftp-server (1:9.6p1-3ubuntu13.7) over (1:9.6p1-3ubuntu13.5) ... 606s Preparing to unpack .../openssh-server_1%3a9.6p1-3ubuntu13.7_arm64.deb ... 606s Unpacking openssh-server (1:9.6p1-3ubuntu13.7) over (1:9.6p1-3ubuntu13.5) ... 606s Preparing to unpack .../openssh-client_1%3a9.6p1-3ubuntu13.7_arm64.deb ... 606s Unpacking openssh-client (1:9.6p1-3ubuntu13.7) over (1:9.6p1-3ubuntu13.5) ... 606s Setting up openssh-client (1:9.6p1-3ubuntu13.7) ... 606s Setting up systemd-dev (255.4-1ubuntu8.5) ... 606s Setting up libsystemd-shared:arm64 (255.4-1ubuntu8.5) ... 606s Setting up openssh-sftp-server (1:9.6p1-3ubuntu13.7) ... 606s Setting up openssh-server (1:9.6p1-3ubuntu13.7) ... 606s Replacing config file /etc/ssh/sshd_config with new version 607s Setting up systemd (255.4-1ubuntu8.5) ... 608s Setting up systemd-timesyncd (255.4-1ubuntu8.5) ... 608s Setting up udev (255.4-1ubuntu8.5) ... 609s Setting up systemd-resolved (255.4-1ubuntu8.5) ... 610s Setting up systemd-sysv (255.4-1ubuntu8.5) ... 610s Setting up libnss-systemd:arm64 (255.4-1ubuntu8.5) ... 610s Setting up libpam-systemd:arm64 (255.4-1ubuntu8.5) ... 610s Processing triggers for libc-bin (2.39-0ubuntu8.3) ... 610s Processing triggers for ufw (0.36.2-6) ... 610s Processing triggers for man-db (2.12.0-4build2) ... 611s Processing triggers for dbus (1.14.10-4ubuntu4.1) ... 611s Processing triggers for initramfs-tools (0.142ubuntu25.4) ... 611s update-initramfs: Generating /boot/initrd.img-6.8.0-48-generic 611s W: No lz4 in /usr/bin:/sbin:/bin, using gzip 633s System running in EFI mode, skipping. 633s Reading package lists... 634s Building dependency tree... 634s Reading state information... 635s 0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded. 636s Hit:1 http://ftpmaster.internal/ubuntu noble-proposed InRelease 636s Hit:2 http://ftpmaster.internal/ubuntu noble InRelease 636s Hit:3 http://ftpmaster.internal/ubuntu noble-updates InRelease 636s Hit:4 http://ftpmaster.internal/ubuntu noble-security InRelease 638s Reading package lists... 638s Reading package lists... 639s Building dependency tree... 639s Reading state information... 640s Calculating upgrade... 641s 0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded. 641s Reading package lists... 641s Building dependency tree... 641s Reading state information... 643s 0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded. 643s autopkgtest [21:17:41]: rebooting testbed after setup commands that affected boot 647s autopkgtest-virt-ssh: WARNING: ssh connection failed. Retrying in 3 seconds... 673s Reading package lists... 673s Building dependency tree... 673s Reading state information... 674s Starting pkgProblemResolver with broken count: 0 674s Starting 2 pkgProblemResolver with broken count: 0 674s Done 675s The following additional packages will be installed: 675s gnutls-bin libavahi-client3 libavahi-common-data libavahi-common3 675s libbasicobjects0t64 libcares2 libcollection4t64 libcrack2 libdhash1t64 675s libevent-2.1-7t64 libgnutls-dane0t64 libini-config5t64 libipa-hbac0t64 675s libldb2 libnfsidmap1 libnss-sss libpam-pwquality libpam-sss 675s libpath-utils1t64 libpwquality-common libpwquality1 libref-array1t64 675s libsmbclient0 libsofthsm2 libsss-certmap0 libsss-idmap0 libsss-nss-idmap0 675s libtalloc2 libtdb1 libtevent0t64 libunbound8 libwbclient0 python3-sss 675s samba-libs softhsm2 softhsm2-common sssd sssd-ad sssd-ad-common sssd-common 675s sssd-ipa sssd-krb5 sssd-krb5-common sssd-ldap sssd-proxy 675s Suggested packages: 675s dns-root-data adcli libsss-sudo sssd-tools libsasl2-modules-ldap 675s Recommended packages: 675s cracklib-runtime libsasl2-modules-gssapi-mit 675s | libsasl2-modules-gssapi-heimdal ldap-utils 675s The following NEW packages will be installed: 675s autopkgtest-satdep gnutls-bin libavahi-client3 libavahi-common-data 675s libavahi-common3 libbasicobjects0t64 libcares2 libcollection4t64 libcrack2 675s libdhash1t64 libevent-2.1-7t64 libgnutls-dane0t64 libini-config5t64 675s libipa-hbac0t64 libldb2 libnfsidmap1 libnss-sss libpam-pwquality libpam-sss 675s libpath-utils1t64 libpwquality-common libpwquality1 libref-array1t64 675s libsmbclient0 libsofthsm2 libsss-certmap0 libsss-idmap0 libsss-nss-idmap0 675s libtalloc2 libtdb1 libtevent0t64 libunbound8 libwbclient0 python3-sss 675s samba-libs softhsm2 softhsm2-common sssd sssd-ad sssd-ad-common sssd-common 675s sssd-ipa sssd-krb5 sssd-krb5-common sssd-ldap sssd-proxy 675s 0 upgraded, 46 newly installed, 0 to remove and 0 not upgraded. 675s Need to get 10.1 MB/10.1 MB of archives. 675s After this operation, 48.7 MB of additional disk space will be used. 675s Get:1 /tmp/autopkgtest.HpidOX/3-autopkgtest-satdep.deb autopkgtest-satdep arm64 0 [744 B] 675s Get:2 http://ftpmaster.internal/ubuntu noble/main arm64 libevent-2.1-7t64 arm64 2.1.12-stable-9ubuntu2 [140 kB] 675s Get:3 http://ftpmaster.internal/ubuntu noble-updates/main arm64 libunbound8 arm64 1.19.2-1ubuntu3.3 [425 kB] 675s Get:4 http://ftpmaster.internal/ubuntu noble-updates/main arm64 libgnutls-dane0t64 arm64 3.8.3-1.1ubuntu3.2 [23.5 kB] 675s Get:5 http://ftpmaster.internal/ubuntu noble-updates/universe arm64 gnutls-bin arm64 3.8.3-1.1ubuntu3.2 [267 kB] 675s Get:6 http://ftpmaster.internal/ubuntu noble/main arm64 libavahi-common-data arm64 0.8-13ubuntu6 [29.6 kB] 675s Get:7 http://ftpmaster.internal/ubuntu noble/main arm64 libavahi-common3 arm64 0.8-13ubuntu6 [23.3 kB] 675s Get:8 http://ftpmaster.internal/ubuntu noble/main arm64 libavahi-client3 arm64 0.8-13ubuntu6 [27.2 kB] 675s Get:9 http://ftpmaster.internal/ubuntu noble/main arm64 libbasicobjects0t64 arm64 0.6.2-2.1build1 [5850 B] 675s Get:10 http://ftpmaster.internal/ubuntu noble/main arm64 libcares2 arm64 1.27.0-1.0ubuntu1 [74.1 kB] 675s Get:11 http://ftpmaster.internal/ubuntu noble/main arm64 libcollection4t64 arm64 0.6.2-2.1build1 [23.5 kB] 675s Get:12 http://ftpmaster.internal/ubuntu noble/main arm64 libcrack2 arm64 2.9.6-5.1build2 [28.9 kB] 677s Get:13 http://ftpmaster.internal/ubuntu noble/main arm64 libdhash1t64 arm64 0.6.2-2.1build1 [8882 B] 677s Get:14 http://ftpmaster.internal/ubuntu noble/main arm64 libpath-utils1t64 arm64 0.6.2-2.1build1 [9120 B] 677s Get:15 http://ftpmaster.internal/ubuntu noble/main arm64 libref-array1t64 arm64 0.6.2-2.1build1 [7322 B] 677s Get:16 http://ftpmaster.internal/ubuntu noble/main arm64 libini-config5t64 arm64 0.6.2-2.1build1 [44.6 kB] 677s Get:17 http://ftpmaster.internal/ubuntu noble-updates/main arm64 libipa-hbac0t64 arm64 2.9.4-1.1ubuntu6.1 [17.2 kB] 677s Get:18 http://ftpmaster.internal/ubuntu noble/main arm64 libtalloc2 arm64 2.4.2-1build2 [26.7 kB] 677s Get:19 http://ftpmaster.internal/ubuntu noble/main arm64 libtdb1 arm64 1.4.10-1build1 [48.5 kB] 677s Get:20 http://ftpmaster.internal/ubuntu noble/main arm64 libtevent0t64 arm64 0.16.1-2build1 [42.3 kB] 677s Get:21 http://ftpmaster.internal/ubuntu noble/main arm64 libldb2 arm64 2:2.8.0+samba4.19.5+dfsg-4ubuntu9 [188 kB] 677s Get:22 http://ftpmaster.internal/ubuntu noble/main arm64 libnfsidmap1 arm64 1:2.6.4-3ubuntu5 [48.2 kB] 677s Get:23 http://ftpmaster.internal/ubuntu noble/main arm64 libpwquality-common all 1.4.5-3build1 [7748 B] 677s Get:24 http://ftpmaster.internal/ubuntu noble/main arm64 libpwquality1 arm64 1.4.5-3build1 [13.3 kB] 677s Get:25 http://ftpmaster.internal/ubuntu noble/main arm64 libpam-pwquality arm64 1.4.5-3build1 [11.7 kB] 677s Get:26 http://ftpmaster.internal/ubuntu noble/main arm64 libwbclient0 arm64 2:4.19.5+dfsg-4ubuntu9 [71.4 kB] 677s Get:27 http://ftpmaster.internal/ubuntu noble/main arm64 samba-libs arm64 2:4.19.5+dfsg-4ubuntu9 [6061 kB] 677s Get:28 http://ftpmaster.internal/ubuntu noble/main arm64 libsmbclient0 arm64 2:4.19.5+dfsg-4ubuntu9 [62.1 kB] 677s Get:29 http://ftpmaster.internal/ubuntu noble/universe arm64 softhsm2-common arm64 2.6.1-2.2ubuntu3 [6196 B] 677s Get:30 http://ftpmaster.internal/ubuntu noble/universe arm64 libsofthsm2 arm64 2.6.1-2.2ubuntu3 [247 kB] 677s Get:31 http://ftpmaster.internal/ubuntu noble/universe arm64 softhsm2 arm64 2.6.1-2.2ubuntu3 [167 kB] 677s Get:32 http://ftpmaster.internal/ubuntu noble-updates/main arm64 python3-sss arm64 2.9.4-1.1ubuntu6.1 [47.0 kB] 677s Get:33 http://ftpmaster.internal/ubuntu noble-updates/main arm64 libsss-idmap0 arm64 2.9.4-1.1ubuntu6.1 [22.4 kB] 677s Get:34 http://ftpmaster.internal/ubuntu noble-updates/main arm64 libnss-sss arm64 2.9.4-1.1ubuntu6.1 [32.2 kB] 677s Get:35 http://ftpmaster.internal/ubuntu noble-updates/main arm64 libpam-sss arm64 2.9.4-1.1ubuntu6.1 [49.3 kB] 677s Get:36 http://ftpmaster.internal/ubuntu noble-updates/main arm64 libsss-certmap0 arm64 2.9.4-1.1ubuntu6.1 [46.3 kB] 677s Get:37 http://ftpmaster.internal/ubuntu noble-updates/main arm64 libsss-nss-idmap0 arm64 2.9.4-1.1ubuntu6.1 [30.8 kB] 677s Get:38 http://ftpmaster.internal/ubuntu noble-updates/main arm64 sssd-common arm64 2.9.4-1.1ubuntu6.1 [1147 kB] 677s Get:39 http://ftpmaster.internal/ubuntu noble-updates/main arm64 sssd-ad-common arm64 2.9.4-1.1ubuntu6.1 [75.4 kB] 677s Get:40 http://ftpmaster.internal/ubuntu noble-updates/main arm64 sssd-krb5-common arm64 2.9.4-1.1ubuntu6.1 [87.8 kB] 677s Get:41 http://ftpmaster.internal/ubuntu noble-updates/main arm64 sssd-ad arm64 2.9.4-1.1ubuntu6.1 [135 kB] 677s Get:42 http://ftpmaster.internal/ubuntu noble-updates/main arm64 sssd-ipa arm64 2.9.4-1.1ubuntu6.1 [220 kB] 677s Get:43 http://ftpmaster.internal/ubuntu noble-updates/main arm64 sssd-krb5 arm64 2.9.4-1.1ubuntu6.1 [14.3 kB] 677s Get:44 http://ftpmaster.internal/ubuntu noble-updates/main arm64 sssd-ldap arm64 2.9.4-1.1ubuntu6.1 [31.3 kB] 677s Get:45 http://ftpmaster.internal/ubuntu noble-updates/main arm64 sssd-proxy arm64 2.9.4-1.1ubuntu6.1 [44.6 kB] 677s Get:46 http://ftpmaster.internal/ubuntu noble-updates/main arm64 sssd arm64 2.9.4-1.1ubuntu6.1 [4122 B] 677s Fetched 10.1 MB in 1s (9333 kB/s) 677s Selecting previously unselected package libevent-2.1-7t64:arm64. 677s (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 78121 files and directories currently installed.) 677s Preparing to unpack .../00-libevent-2.1-7t64_2.1.12-stable-9ubuntu2_arm64.deb ... 677s Unpacking libevent-2.1-7t64:arm64 (2.1.12-stable-9ubuntu2) ... 677s Selecting previously unselected package libunbound8:arm64. 677s Preparing to unpack .../01-libunbound8_1.19.2-1ubuntu3.3_arm64.deb ... 677s Unpacking libunbound8:arm64 (1.19.2-1ubuntu3.3) ... 677s Selecting previously unselected package libgnutls-dane0t64:arm64. 677s Preparing to unpack .../02-libgnutls-dane0t64_3.8.3-1.1ubuntu3.2_arm64.deb ... 677s Unpacking libgnutls-dane0t64:arm64 (3.8.3-1.1ubuntu3.2) ... 677s Selecting previously unselected package gnutls-bin. 677s Preparing to unpack .../03-gnutls-bin_3.8.3-1.1ubuntu3.2_arm64.deb ... 677s Unpacking gnutls-bin (3.8.3-1.1ubuntu3.2) ... 677s Selecting previously unselected package libavahi-common-data:arm64. 677s Preparing to unpack .../04-libavahi-common-data_0.8-13ubuntu6_arm64.deb ... 677s Unpacking libavahi-common-data:arm64 (0.8-13ubuntu6) ... 677s Selecting previously unselected package libavahi-common3:arm64. 677s Preparing to unpack .../05-libavahi-common3_0.8-13ubuntu6_arm64.deb ... 677s Unpacking libavahi-common3:arm64 (0.8-13ubuntu6) ... 677s Selecting previously unselected package libavahi-client3:arm64. 677s Preparing to unpack .../06-libavahi-client3_0.8-13ubuntu6_arm64.deb ... 677s Unpacking libavahi-client3:arm64 (0.8-13ubuntu6) ... 677s Selecting previously unselected package libbasicobjects0t64:arm64. 677s Preparing to unpack .../07-libbasicobjects0t64_0.6.2-2.1build1_arm64.deb ... 677s Unpacking libbasicobjects0t64:arm64 (0.6.2-2.1build1) ... 677s Selecting previously unselected package libcares2:arm64. 677s Preparing to unpack .../08-libcares2_1.27.0-1.0ubuntu1_arm64.deb ... 677s Unpacking libcares2:arm64 (1.27.0-1.0ubuntu1) ... 677s Selecting previously unselected package libcollection4t64:arm64. 677s Preparing to unpack .../09-libcollection4t64_0.6.2-2.1build1_arm64.deb ... 677s Unpacking libcollection4t64:arm64 (0.6.2-2.1build1) ... 677s Selecting previously unselected package libcrack2:arm64. 677s Preparing to unpack .../10-libcrack2_2.9.6-5.1build2_arm64.deb ... 677s Unpacking libcrack2:arm64 (2.9.6-5.1build2) ... 677s Selecting previously unselected package libdhash1t64:arm64. 677s Preparing to unpack .../11-libdhash1t64_0.6.2-2.1build1_arm64.deb ... 677s Unpacking libdhash1t64:arm64 (0.6.2-2.1build1) ... 677s Selecting previously unselected package libpath-utils1t64:arm64. 677s Preparing to unpack .../12-libpath-utils1t64_0.6.2-2.1build1_arm64.deb ... 677s Unpacking libpath-utils1t64:arm64 (0.6.2-2.1build1) ... 677s Selecting previously unselected package libref-array1t64:arm64. 677s Preparing to unpack .../13-libref-array1t64_0.6.2-2.1build1_arm64.deb ... 677s Unpacking libref-array1t64:arm64 (0.6.2-2.1build1) ... 677s Selecting previously unselected package libini-config5t64:arm64. 677s Preparing to unpack .../14-libini-config5t64_0.6.2-2.1build1_arm64.deb ... 677s Unpacking libini-config5t64:arm64 (0.6.2-2.1build1) ... 677s Selecting previously unselected package libipa-hbac0t64. 677s Preparing to unpack .../15-libipa-hbac0t64_2.9.4-1.1ubuntu6.1_arm64.deb ... 677s Unpacking libipa-hbac0t64 (2.9.4-1.1ubuntu6.1) ... 677s Selecting previously unselected package libtalloc2:arm64. 677s Preparing to unpack .../16-libtalloc2_2.4.2-1build2_arm64.deb ... 677s Unpacking libtalloc2:arm64 (2.4.2-1build2) ... 677s Selecting previously unselected package libtdb1:arm64. 677s Preparing to unpack .../17-libtdb1_1.4.10-1build1_arm64.deb ... 677s Unpacking libtdb1:arm64 (1.4.10-1build1) ... 677s Selecting previously unselected package libtevent0t64:arm64. 677s Preparing to unpack .../18-libtevent0t64_0.16.1-2build1_arm64.deb ... 677s Unpacking libtevent0t64:arm64 (0.16.1-2build1) ... 677s Selecting previously unselected package libldb2:arm64. 677s Preparing to unpack .../19-libldb2_2%3a2.8.0+samba4.19.5+dfsg-4ubuntu9_arm64.deb ... 677s Unpacking libldb2:arm64 (2:2.8.0+samba4.19.5+dfsg-4ubuntu9) ... 678s Selecting previously unselected package libnfsidmap1:arm64. 678s Preparing to unpack .../20-libnfsidmap1_1%3a2.6.4-3ubuntu5_arm64.deb ... 678s Unpacking libnfsidmap1:arm64 (1:2.6.4-3ubuntu5) ... 678s Selecting previously unselected package libpwquality-common. 678s Preparing to unpack .../21-libpwquality-common_1.4.5-3build1_all.deb ... 678s Unpacking libpwquality-common (1.4.5-3build1) ... 678s Selecting previously unselected package libpwquality1:arm64. 678s Preparing to unpack .../22-libpwquality1_1.4.5-3build1_arm64.deb ... 678s Unpacking libpwquality1:arm64 (1.4.5-3build1) ... 678s Selecting previously unselected package libpam-pwquality:arm64. 678s Preparing to unpack .../23-libpam-pwquality_1.4.5-3build1_arm64.deb ... 678s Unpacking libpam-pwquality:arm64 (1.4.5-3build1) ... 678s Selecting previously unselected package libwbclient0:arm64. 678s Preparing to unpack .../24-libwbclient0_2%3a4.19.5+dfsg-4ubuntu9_arm64.deb ... 678s Unpacking libwbclient0:arm64 (2:4.19.5+dfsg-4ubuntu9) ... 678s Selecting previously unselected package samba-libs:arm64. 678s Preparing to unpack .../25-samba-libs_2%3a4.19.5+dfsg-4ubuntu9_arm64.deb ... 678s Unpacking samba-libs:arm64 (2:4.19.5+dfsg-4ubuntu9) ... 678s Selecting previously unselected package libsmbclient0:arm64. 678s Preparing to unpack .../26-libsmbclient0_2%3a4.19.5+dfsg-4ubuntu9_arm64.deb ... 678s Unpacking libsmbclient0:arm64 (2:4.19.5+dfsg-4ubuntu9) ... 678s Selecting previously unselected package softhsm2-common. 678s Preparing to unpack .../27-softhsm2-common_2.6.1-2.2ubuntu3_arm64.deb ... 678s Unpacking softhsm2-common (2.6.1-2.2ubuntu3) ... 678s Selecting previously unselected package libsofthsm2. 678s Preparing to unpack .../28-libsofthsm2_2.6.1-2.2ubuntu3_arm64.deb ... 678s Unpacking libsofthsm2 (2.6.1-2.2ubuntu3) ... 678s Selecting previously unselected package softhsm2. 678s Preparing to unpack .../29-softhsm2_2.6.1-2.2ubuntu3_arm64.deb ... 678s Unpacking softhsm2 (2.6.1-2.2ubuntu3) ... 678s Selecting previously unselected package python3-sss. 678s Preparing to unpack .../30-python3-sss_2.9.4-1.1ubuntu6.1_arm64.deb ... 678s Unpacking python3-sss (2.9.4-1.1ubuntu6.1) ... 678s Selecting previously unselected package libsss-idmap0. 678s Preparing to unpack .../31-libsss-idmap0_2.9.4-1.1ubuntu6.1_arm64.deb ... 678s Unpacking libsss-idmap0 (2.9.4-1.1ubuntu6.1) ... 678s Selecting previously unselected package libnss-sss:arm64. 678s Preparing to unpack .../32-libnss-sss_2.9.4-1.1ubuntu6.1_arm64.deb ... 678s Unpacking libnss-sss:arm64 (2.9.4-1.1ubuntu6.1) ... 678s Selecting previously unselected package libpam-sss:arm64. 678s Preparing to unpack .../33-libpam-sss_2.9.4-1.1ubuntu6.1_arm64.deb ... 678s Unpacking libpam-sss:arm64 (2.9.4-1.1ubuntu6.1) ... 678s Selecting previously unselected package libsss-certmap0. 678s Preparing to unpack .../34-libsss-certmap0_2.9.4-1.1ubuntu6.1_arm64.deb ... 678s Unpacking libsss-certmap0 (2.9.4-1.1ubuntu6.1) ... 678s Selecting previously unselected package libsss-nss-idmap0. 678s Preparing to unpack .../35-libsss-nss-idmap0_2.9.4-1.1ubuntu6.1_arm64.deb ... 678s Unpacking libsss-nss-idmap0 (2.9.4-1.1ubuntu6.1) ... 678s Selecting previously unselected package sssd-common. 678s Preparing to unpack .../36-sssd-common_2.9.4-1.1ubuntu6.1_arm64.deb ... 678s Unpacking sssd-common (2.9.4-1.1ubuntu6.1) ... 679s Selecting previously unselected package sssd-ad-common. 679s Preparing to unpack .../37-sssd-ad-common_2.9.4-1.1ubuntu6.1_arm64.deb ... 679s Unpacking sssd-ad-common (2.9.4-1.1ubuntu6.1) ... 679s Selecting previously unselected package sssd-krb5-common. 679s Preparing to unpack .../38-sssd-krb5-common_2.9.4-1.1ubuntu6.1_arm64.deb ... 679s Unpacking sssd-krb5-common (2.9.4-1.1ubuntu6.1) ... 679s Selecting previously unselected package sssd-ad. 679s Preparing to unpack .../39-sssd-ad_2.9.4-1.1ubuntu6.1_arm64.deb ... 679s Unpacking sssd-ad (2.9.4-1.1ubuntu6.1) ... 679s Selecting previously unselected package sssd-ipa. 679s Preparing to unpack .../40-sssd-ipa_2.9.4-1.1ubuntu6.1_arm64.deb ... 679s Unpacking sssd-ipa (2.9.4-1.1ubuntu6.1) ... 679s Selecting previously unselected package sssd-krb5. 679s Preparing to unpack .../41-sssd-krb5_2.9.4-1.1ubuntu6.1_arm64.deb ... 679s Unpacking sssd-krb5 (2.9.4-1.1ubuntu6.1) ... 679s Selecting previously unselected package sssd-ldap. 679s Preparing to unpack .../42-sssd-ldap_2.9.4-1.1ubuntu6.1_arm64.deb ... 679s Unpacking sssd-ldap (2.9.4-1.1ubuntu6.1) ... 679s Selecting previously unselected package sssd-proxy. 679s Preparing to unpack .../43-sssd-proxy_2.9.4-1.1ubuntu6.1_arm64.deb ... 679s Unpacking sssd-proxy (2.9.4-1.1ubuntu6.1) ... 679s Selecting previously unselected package sssd. 679s Preparing to unpack .../44-sssd_2.9.4-1.1ubuntu6.1_arm64.deb ... 679s Unpacking sssd (2.9.4-1.1ubuntu6.1) ... 679s Selecting previously unselected package autopkgtest-satdep. 679s Preparing to unpack .../45-3-autopkgtest-satdep.deb ... 679s Unpacking autopkgtest-satdep (0) ... 679s Setting up libpwquality-common (1.4.5-3build1) ... 679s Setting up softhsm2-common (2.6.1-2.2ubuntu3) ... 679s 679s Creating config file /etc/softhsm/softhsm2.conf with new version 679s Setting up libnfsidmap1:arm64 (1:2.6.4-3ubuntu5) ... 679s Setting up libsss-idmap0 (2.9.4-1.1ubuntu6.1) ... 679s Setting up libbasicobjects0t64:arm64 (0.6.2-2.1build1) ... 679s Setting up libipa-hbac0t64 (2.9.4-1.1ubuntu6.1) ... 679s Setting up libref-array1t64:arm64 (0.6.2-2.1build1) ... 679s Setting up libtdb1:arm64 (1.4.10-1build1) ... 679s Setting up libcollection4t64:arm64 (0.6.2-2.1build1) ... 679s Setting up libevent-2.1-7t64:arm64 (2.1.12-stable-9ubuntu2) ... 679s Setting up libwbclient0:arm64 (2:4.19.5+dfsg-4ubuntu9) ... 679s Setting up libtalloc2:arm64 (2.4.2-1build2) ... 679s Setting up libpath-utils1t64:arm64 (0.6.2-2.1build1) ... 679s Setting up libunbound8:arm64 (1.19.2-1ubuntu3.3) ... 679s Setting up libgnutls-dane0t64:arm64 (3.8.3-1.1ubuntu3.2) ... 679s Setting up libavahi-common-data:arm64 (0.8-13ubuntu6) ... 679s Setting up libcares2:arm64 (1.27.0-1.0ubuntu1) ... 679s Setting up libdhash1t64:arm64 (0.6.2-2.1build1) ... 679s Setting up libcrack2:arm64 (2.9.6-5.1build2) ... 679s Setting up libsss-nss-idmap0 (2.9.4-1.1ubuntu6.1) ... 679s Setting up libini-config5t64:arm64 (0.6.2-2.1build1) ... 679s Setting up libtevent0t64:arm64 (0.16.1-2build1) ... 679s Setting up libnss-sss:arm64 (2.9.4-1.1ubuntu6.1) ... 679s Setting up gnutls-bin (3.8.3-1.1ubuntu3.2) ... 679s Setting up libsofthsm2 (2.6.1-2.2ubuntu3) ... 679s Setting up softhsm2 (2.6.1-2.2ubuntu3) ... 679s Setting up libavahi-common3:arm64 (0.8-13ubuntu6) ... 679s Setting up libsss-certmap0 (2.9.4-1.1ubuntu6.1) ... 679s Setting up libpwquality1:arm64 (1.4.5-3build1) ... 679s Setting up libldb2:arm64 (2:2.8.0+samba4.19.5+dfsg-4ubuntu9) ... 679s Setting up libavahi-client3:arm64 (0.8-13ubuntu6) ... 679s Setting up libpam-pwquality:arm64 (1.4.5-3build1) ... 680s Setting up samba-libs:arm64 (2:4.19.5+dfsg-4ubuntu9) ... 680s Setting up python3-sss (2.9.4-1.1ubuntu6.1) ... 680s Setting up libsmbclient0:arm64 (2:4.19.5+dfsg-4ubuntu9) ... 680s Setting up libpam-sss:arm64 (2.9.4-1.1ubuntu6.1) ... 680s Setting up sssd-common (2.9.4-1.1ubuntu6.1) ... 680s Creating SSSD system user & group... 680s warn: The home directory `/var/lib/sss' already exists. Not touching this directory. 680s warn: Warning: The home directory `/var/lib/sss' does not belong to the user you are currently creating. 680s Warning: found usr.sbin.sssd in /etc/apparmor.d/force-complain, forcing complain mode 680s Warning from /etc/apparmor.d/usr.sbin.sssd (/etc/apparmor.d/usr.sbin.sssd line 63): Caching disabled for: 'usr.sbin.sssd' due to force complain 681s Created symlink /etc/systemd/system/sssd.service.wants/sssd-autofs.socket → /usr/lib/systemd/system/sssd-autofs.socket. 681s Created symlink /etc/systemd/system/sssd.service.wants/sssd-nss.socket → /usr/lib/systemd/system/sssd-nss.socket. 682s Created symlink /etc/systemd/system/sssd.service.wants/sssd-pam-priv.socket → /usr/lib/systemd/system/sssd-pam-priv.socket. 682s Created symlink /etc/systemd/system/sssd.service.wants/sssd-pam.socket → /usr/lib/systemd/system/sssd-pam.socket. 682s Created symlink /etc/systemd/system/sssd.service.wants/sssd-ssh.socket → /usr/lib/systemd/system/sssd-ssh.socket. 682s Created symlink /etc/systemd/system/sssd.service.wants/sssd-sudo.socket → /usr/lib/systemd/system/sssd-sudo.socket. 683s Created symlink /etc/systemd/system/multi-user.target.wants/sssd.service → /usr/lib/systemd/system/sssd.service. 683s sssd-autofs.service is a disabled or a static unit, not starting it. 683s sssd-nss.service is a disabled or a static unit, not starting it. 683s sssd-pam.service is a disabled or a static unit, not starting it. 683s sssd-ssh.service is a disabled or a static unit, not starting it. 683s sssd-sudo.service is a disabled or a static unit, not starting it. 683s Could not execute systemctl: at /usr/bin/deb-systemd-invoke line 148. 683s Setting up sssd-proxy (2.9.4-1.1ubuntu6.1) ... 683s Setting up sssd-ad-common (2.9.4-1.1ubuntu6.1) ... 683s Created symlink /etc/systemd/system/sssd.service.wants/sssd-pac.socket → /usr/lib/systemd/system/sssd-pac.socket. 684s sssd-pac.service is a disabled or a static unit, not starting it. 684s Could not execute systemctl: at /usr/bin/deb-systemd-invoke line 148. 684s Setting up sssd-krb5-common (2.9.4-1.1ubuntu6.1) ... 684s Setting up sssd-krb5 (2.9.4-1.1ubuntu6.1) ... 684s Setting up sssd-ldap (2.9.4-1.1ubuntu6.1) ... 684s Setting up sssd-ad (2.9.4-1.1ubuntu6.1) ... 684s Setting up sssd-ipa (2.9.4-1.1ubuntu6.1) ... 684s Setting up sssd (2.9.4-1.1ubuntu6.1) ... 684s Setting up autopkgtest-satdep (0) ... 684s Processing triggers for man-db (2.12.0-4build2) ... 685s Processing triggers for libc-bin (2.39-0ubuntu8.3) ... 691s (Reading database ... 78717 files and directories currently installed.) 691s Removing autopkgtest-satdep (0) ... 698s autopkgtest [21:18:36]: test sssd-softhism2-certificates-tests.sh: [----------------------- 698s + '[' -z ubuntu ']' 698s + required_tools=(p11tool openssl softhsm2-util) 698s + for cmd in "${required_tools[@]}" 698s + command -v p11tool 698s + for cmd in "${required_tools[@]}" 698s + command -v openssl 698s + for cmd in "${required_tools[@]}" 698s + command -v softhsm2-util 698s + PIN=053350 698s +++ find /usr/lib/softhsm/libsofthsm2.so 698s +++ head -n 1 698s ++ realpath /usr/lib/softhsm/libsofthsm2.so 698s + SOFTHSM2_MODULE=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so 698s + SSSD_P11_CHILD=/usr/libexec/sssd/p11_child 698s + TOKEN_ID=00112233445566778899FFAABBCCDDEEFF012345 698s + '[' '!' -v NO_SSSD_TESTS ']' 698s + '[' '!' -x /usr/libexec/sssd/p11_child ']' 698s + ca_db_arg=ca_db 698s ++ /usr/libexec/sssd/p11_child --help 698s + p11_child_help='Usage: p11_child [OPTION...] 698s -d, --debug-level=INT Debug level 698s --debug-timestamps=INT Add debug timestamps 698s --debug-microseconds=INT Show timestamps with microseconds 698s --dumpable=INT Allow core dumps 698s --debug-fd=INT An open file descriptor for the debug 698s logs 698s --logger=stderr|files|journald Set logger 698s --auth Run in auth mode 698s --pre Run in pre-auth mode 698s --wait_for_card Wait until card is available 698s --verification Run in verification mode 698s --pin Expect PIN on stdin 698s --keypad Expect PIN on keypad 698s --verify=STRING Tune validation 698s --ca_db=STRING CA DB to use 698s --module_name=STRING Module name for authentication 698s --token_name=STRING Token name for authentication 698s --key_id=STRING Key ID for authentication 698s --label=STRING Label for authentication 698s --certificate=STRING certificate to verify, base64 encoded 698s --uri=STRING PKCS#11 URI to restrict selection 698s --chain-id=LONG Tevent chain ID used for logging 698s purposes 698s 698s Help options: 698s -?, --help Show this help message 698s --usage Display brief usage message' 698s + echo 'Usage: p11_child [OPTION...] 698s -d, --debug-level=INT Debug level 698s --debug-timestamps=INT Add debug timestamps 698s --debug-microseconds=INT Show timestamps with microseconds 698s --dumpable=INT Allow core dumps 698s --debug-fd=INT An open file descriptor for the debug 698s logs 698s --logger=stderr|files|journald Set logger 698s --auth Run in auth mode 698s --pre Run in pre-auth mode 698s --wait_for_card Wait until card is available 698s --verification Run in verification mode 698s --pin Expect PIN on stdin 698s --keypad Expect PIN on keypad 698s --verify=STRING Tune validation 698s --ca_db=STRING CA DB to use 698s --module_name=STRING Module name for authentication 698s --token_name=STRING Token name for authentication 698s --key_id=STRING Key ID for authentication 698s --label=STRING Label for authentication 698s --certificate=STRING certificate to verify, base64 encoded 698s --uri=STRING PKCS#11 URI to restrict selection 698s --chain-id=LONG Tevent chain ID used for logging 698s purposes 698s 698s Help options: 698s -?, --help Show this help message 698s --usage Display brief usage message' 698s + grep nssdb -qs 698s + echo 'Usage: p11_child [OPTION...] 698s -d, --debug-level=INT Debug level 698s --debug-timestamps=INT Add debug timestamps 698s --debug-microseconds=INT Show timestamps with microseconds 698s --dumpable=INT Allow core dumps 698s --debug-fd=INT An open file descriptor for the debug 698s logs 698s --logger=stderr|files|journald Set logger 698s --auth Run in auth mode 698s --pre Run in pre-auth mode 698s --wait_for_card Wait until card is available 698s --verification Run in verification mode 698s --pin Expect PIN on stdin 698s --keypad Expect PIN on keypad 698s --verify=STRING Tune validation 698s --ca_db=STRING CA DB to use 698s --module_name=STRING Module name for authentication 698s --token_name=STRING Token name for authentication 698s --key_id=STRING Key ID for authentication 698s --label=STRING Label for authentication 698s --certificate=STRING certificate to verify, base64 encoded 698s --uri=STRING PKCS#11 URI to restrict selection 698s --chain-id=LONG Tevent chain ID used for logging 698s purposes 698s 698s Help options: 698s -?, --help Show this help message 698s --usage Display brief usage message' 698s + grep -qs -- --ca_db 698s + '[' '!' -e /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so ']' 698s ++ mktemp -d -t sssd-softhsm2-XXXXXX 698s + tmpdir=/tmp/sssd-softhsm2-nb8LhS 698s + keys_size=1024 698s + [[ ! -v KEEP_TEMPORARY_FILES ]] 698s + trap 'rm -rf "$tmpdir"' EXIT 698s + trap 'set +x; echo -e "\nUnexpected failure!!!"' ERR 698s + echo -n 01 698s + touch /tmp/sssd-softhsm2-nb8LhS/index.txt 698s + mkdir -p /tmp/sssd-softhsm2-nb8LhS/new_certs 698s + cat 698s + root_ca_key_pass=pass:random-root-CA-password-18571 698s + openssl genrsa -aes256 -out /tmp/sssd-softhsm2-nb8LhS/test-root-CA-key.pem -passout pass:random-root-CA-password-18571 1024 698s + openssl req -passin pass:random-root-CA-password-18571 -batch -config /tmp/sssd-softhsm2-nb8LhS/test-root-CA.config -x509 -new -nodes -key /tmp/sssd-softhsm2-nb8LhS/test-root-CA-key.pem -sha256 -days 1024 -set_serial 0 -extensions v3_ca -out /tmp/sssd-softhsm2-nb8LhS/test-root-CA.pem 698s + openssl x509 -noout -in /tmp/sssd-softhsm2-nb8LhS/test-root-CA.pem 698s + cat 698s + intermediate_ca_key_pass=pass:random-intermediate-CA-password-18319 698s + openssl genrsa -aes256 -out /tmp/sssd-softhsm2-nb8LhS/test-intermediate-CA-key.pem -passout pass:random-intermediate-CA-password-18319 1024 698s + openssl req -batch -new -nodes -passin pass:random-intermediate-CA-password-18319 -config /tmp/sssd-softhsm2-nb8LhS/test-intermediate-CA.config -key /tmp/sssd-softhsm2-nb8LhS/test-intermediate-CA-key.pem -passout pass:random-root-CA-password-18571 -sha256 -extensions v3_ca -out /tmp/sssd-softhsm2-nb8LhS/test-intermediate-CA-certificate-request.pem 698s + openssl req -text -noout -in /tmp/sssd-softhsm2-nb8LhS/test-intermediate-CA-certificate-request.pem 698s Certificate Request: 698s Data: 698s Version: 1 (0x0) 698s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate CA 698s Subject Public Key Info: 698s Public Key Algorithm: rsaEncryption 698s Public-Key: (1024 bit) 698s Modulus: 698s 00:ba:09:19:47:04:f6:65:8b:c2:f3:cc:89:00:c2: 698s 24:b8:c2:3b:da:71:5a:74:f1:e5:42:7c:de:c2:b8: 698s 22:23:b3:3d:65:ee:65:4a:a6:43:a1:6f:da:44:58: 698s ad:5d:51:99:f0:d8:e4:91:c1:0c:59:b6:a3:aa:d6: 698s 49:14:13:6b:92:ab:fc:a6:eb:a2:f5:05:32:56:d1: 698s ed:54:52:a1:76:4c:06:a5:ed:66:56:36:7c:8b:64: 698s 77:ae:0f:06:cf:34:d9:cc:4e:08:5a:8b:b9:40:69: 698s 11:53:0e:88:56:22:10:a8:bf:b8:0a:df:58:73:02: 698s 7d:be:61:5a:c8:7b:06:df:a1 698s Exponent: 65537 (0x10001) 698s Attributes: 698s (none) 698s Requested Extensions: 698s Signature Algorithm: sha256WithRSAEncryption 698s Signature Value: 698s 87:fb:50:1c:3e:05:05:6d:58:63:26:aa:02:67:b2:fa:5f:d1: 698s a5:1d:50:3e:9a:28:aa:db:ad:16:b5:96:a0:68:3c:ed:7c:cc: 698s 4e:57:ac:c2:75:1a:06:31:2a:6b:ae:f7:e9:4d:0c:e6:d7:a3: 698s a0:ae:49:4d:69:94:df:98:da:35:ad:b9:e4:c6:1b:b2:b7:03: 698s 30:2c:a4:c9:8f:89:40:57:12:31:a4:4d:5a:24:b6:4b:ed:2b: 698s f1:a0:96:43:be:4d:bd:4d:20:f8:0e:d0:9b:6e:0e:e5:63:ea: 698s 94:01:01:b2:7b:e7:31:b6:1e:0b:e5:36:35:5c:6c:b8:52:4b: 698s 6c:73 698s + openssl ca -batch -notext -config /tmp/sssd-softhsm2-nb8LhS/test-root-CA.config -passin pass:random-root-CA-password-18571 -keyfile /tmp/sssd-softhsm2-nb8LhS/test-root-CA-key.pem -in /tmp/sssd-softhsm2-nb8LhS/test-intermediate-CA-certificate-request.pem -days 365 -extensions v3_intermediate_ca -out /tmp/sssd-softhsm2-nb8LhS/test-intermediate-CA.pem 698s Using configuration from /tmp/sssd-softhsm2-nb8LhS/test-root-CA.config 698s Check that the request matches the signature 698s Signature ok 698s Certificate Details: 698s Serial Number: 1 (0x1) 698s Validity 698s Not Before: Nov 15 21:18:36 2024 GMT 698s Not After : Nov 15 21:18:36 2025 GMT 698s Subject: 698s organizationName = Test Organization 698s organizationalUnitName = Test Organization Unit 698s commonName = Test Organization Intermediate CA 698s X509v3 extensions: 698s X509v3 Subject Key Identifier: 698s C0:06:CD:E8:9C:C5:94:A3:E9:AB:C2:71:78:41:95:47:0C:4D:A7:05 698s X509v3 Authority Key Identifier: 698s keyid:E0:AF:9D:51:01:4E:01:F5:6D:88:82:7B:2A:E3:83:5C:C8:4F:66:0B 698s DirName:/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root CA 698s serial:00 698s X509v3 Basic Constraints: 698s CA:TRUE 698s X509v3 Key Usage: critical 698s Digital Signature, Certificate Sign, CRL Sign 698s Certificate is to be certified until Nov 15 21:18:36 2025 GMT (365 days) 698s 698s Write out database with 1 new entries 698s Database updated 698s + openssl x509 -noout -in /tmp/sssd-softhsm2-nb8LhS/test-intermediate-CA.pem 698s + openssl verify -CAfile /tmp/sssd-softhsm2-nb8LhS/test-root-CA.pem /tmp/sssd-softhsm2-nb8LhS/test-intermediate-CA.pem 698s /tmp/sssd-softhsm2-nb8LhS/test-intermediate-CA.pem: OK 698s + cat 698s + sub_intermediate_ca_key_pass=pass:random-sub-intermediate-CA-password-24259 698s + openssl genrsa -aes256 -out /tmp/sssd-softhsm2-nb8LhS/test-sub-intermediate-CA-key.pem -passout pass:random-sub-intermediate-CA-password-24259 1024 698s + openssl req -batch -new -nodes -passin pass:random-sub-intermediate-CA-password-24259 -config /tmp/sssd-softhsm2-nb8LhS/test-sub-intermediate-CA.config -key /tmp/sssd-softhsm2-nb8LhS/test-sub-intermediate-CA-key.pem -passout pass:random-intermediate-CA-password-18319 -sha256 -extensions v3_ca -out /tmp/sssd-softhsm2-nb8LhS/test-sub-intermediate-CA-certificate-request.pem 698s + openssl req -text -noout -in /tmp/sssd-softhsm2-nb8LhS/test-sub-intermediate-CA-certificate-request.pem 698s Certificate Request: 698s Data: 698s Version: 1 (0x0) 698s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate CA 698s Subject Public Key Info: 698s Public Key Algorithm: rsaEncryption 698s Public-Key: (1024 bit) 698s Modulus: 698s 00:bd:d2:c1:65:d5:1b:4f:1e:29:e5:46:2c:2e:43: 698s 17:3f:7d:01:cb:04:b6:15:37:36:3d:54:4a:97:33: 698s 23:3b:ec:72:ce:19:72:3a:df:cb:88:ae:12:83:73: 698s 70:d5:84:91:83:f9:14:cb:ab:48:cb:0d:d0:11:c9: 698s f9:64:f4:3a:1b:fc:f8:54:65:ca:80:5a:31:de:a1: 698s 04:7c:52:30:02:c5:97:d4:f5:bc:81:56:70:6b:be: 698s 92:26:8b:88:ff:4e:d8:ac:c3:ff:da:ed:59:e2:b4: 698s e7:0c:98:61:01:80:24:ea:0c:e4:7f:39:57:6a:6b: 698s e9:09:2f:0c:ee:d9:44:90:15 698s Exponent: 65537 (0x10001) 698s Attributes: 698s (none) 698s Requested Extensions: 698s Signature Algorithm: sha256WithRSAEncryption 698s Signature Value: 698s 28:cb:81:90:98:24:3a:e5:b1:96:99:92:14:43:c4:d6:61:81: 698s f1:1d:32:65:3c:b4:3b:2f:8c:af:00:00:3c:1e:1c:bf:f0:bd: 698s 7b:79:b3:bd:46:b0:06:9d:bc:5c:a2:c1:95:24:a3:b9:5c:83: 698s 35:47:7f:ad:36:74:e4:13:cd:74:a4:fa:3a:47:02:d0:64:c0: 698s 29:dd:92:fb:e8:de:8a:96:e3:5e:07:35:45:f5:81:59:7b:d5: 698s 15:8c:28:f4:8f:9c:fb:49:cd:aa:2c:7b:6e:2a:52:11:ea:41: 698s 10:d1:a8:19:b3:7e:99:87:34:95:f2:11:7d:2a:1e:e6:7c:85: 698s f0:a0 698s + openssl ca -batch -notext -config /tmp/sssd-softhsm2-nb8LhS/test-intermediate-CA.config -passin pass:random-intermediate-CA-password-18319 -keyfile /tmp/sssd-softhsm2-nb8LhS/test-intermediate-CA-key.pem -in /tmp/sssd-softhsm2-nb8LhS/test-sub-intermediate-CA-certificate-request.pem -days 365 -extensions v3_intermediate_ca -out /tmp/sssd-softhsm2-nb8LhS/test-sub-intermediate-CA.pem 698s Using configuration from /tmp/sssd-softhsm2-nb8LhS/test-intermediate-CA.config 698s Check that the request matches the signature 698s Signature ok 698s Certificate Details: 698s Serial Number: 2 (0x2) 698s Validity 698s Not Before: Nov 15 21:18:36 2024 GMT 698s Not After : Nov 15 21:18:36 2025 GMT 698s Subject: 698s organizationName = Test Organization 698s organizationalUnitName = Test Organization Unit 698s commonName = Test Organization Sub Intermediate CA 698s X509v3 extensions: 698s X509v3 Subject Key Identifier: 698s 3D:3A:72:A2:57:57:9F:CD:0C:0D:EC:4D:DB:C0:0C:C1:86:F2:56:AF 698s X509v3 Authority Key Identifier: 698s keyid:C0:06:CD:E8:9C:C5:94:A3:E9:AB:C2:71:78:41:95:47:0C:4D:A7:05 698s DirName:/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root CA 698s serial:01 698s X509v3 Basic Constraints: 698s CA:TRUE 698s X509v3 Key Usage: critical 698s Digital Signature, Certificate Sign, CRL Sign 698s Certificate is to be certified until Nov 15 21:18:36 2025 GMT (365 days) 698s 698s Write out database with 1 new entries 698s Database updated 698s + openssl x509 -noout -in /tmp/sssd-softhsm2-nb8LhS/test-sub-intermediate-CA.pem 698s + openssl verify -partial_chain -CAfile /tmp/sssd-softhsm2-nb8LhS/test-intermediate-CA.pem /tmp/sssd-softhsm2-nb8LhS/test-sub-intermediate-CA.pem 698s /tmp/sssd-softhsm2-nb8LhS/test-sub-intermediate-CA.pem: OK 698s + expect_fail openssl verify -CAfile /tmp/sssd-softhsm2-nb8LhS/test-root-CA.pem /tmp/sssd-softhsm2-nb8LhS/test-sub-intermediate-CA.pem 698s + local cmd=openssl 698s + shift 698s + openssl verify -CAfile /tmp/sssd-softhsm2-nb8LhS/test-root-CA.pem /tmp/sssd-softhsm2-nb8LhS/test-sub-intermediate-CA.pem 698s O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate CA 698s error 20 at 0 depth lookup: unable to get local issuer certificate 698s error /tmp/sssd-softhsm2-nb8LhS/test-sub-intermediate-CA.pem: verification failed 698s + cat 698s + root_ca_trusted_cert_0001_key_pass=pass:random-root-ca-trusted-cert-0001-3772 698s + openssl genrsa -aes256 -out /tmp/sssd-softhsm2-nb8LhS/test-root-CA-trusted-certificate-0001-key.pem -passout pass:random-root-ca-trusted-cert-0001-3772 1024 698s + openssl req -new -nodes -reqexts req_exts -passin pass:random-root-ca-trusted-cert-0001-3772 -key /tmp/sssd-softhsm2-nb8LhS/test-root-CA-trusted-certificate-0001-key.pem -config /tmp/sssd-softhsm2-nb8LhS/test-root-CA-trusted-certificate-0001.config -out /tmp/sssd-softhsm2-nb8LhS/test-root-CA-trusted-certificate-0001-request.pem 698s + openssl req -text -noout -in /tmp/sssd-softhsm2-nb8LhS/test-root-CA-trusted-certificate-0001-request.pem 698s Certificate Request: 698s Data: 698s Version: 1 (0x0) 698s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root Trusted Certificate 0001 698s Subject Public Key Info: 698s Public Key Algorithm: rsaEncryption 698s Public-Key: (1024 bit) 698s Modulus: 698s 00:c8:68:7f:69:d9:f4:ef:c0:ad:85:05:7f:c2:b2: 698s 7b:d7:91:bf:82:32:d2:19:f7:75:61:b1:27:37:5f: 698s ed:a9:e5:65:51:1c:5e:d3:5d:2f:cb:21:ed:c0:95: 698s b9:07:e4:cf:1f:79:ce:63:1e:0f:73:52:70:a8:6c: 698s 8f:05:4e:62:12:52:b3:e0:9b:bb:27:07:89:ce:6c: 698s 0d:1c:a8:95:7d:b1:dc:df:25:bb:b2:05:56:7c:4b: 698s 62:ce:2a:76:aa:6b:2c:51:27:68:75:92:3f:16:75: 698s e3:3b:18:a1:70:68:86:ab:ec:74:77:de:0b:43:01: 698s 49:e6:4b:f1:ce:8b:17:de:01 698s Exponent: 65537 (0x10001) 698s Attributes: 698s Requested Extensions: 698s X509v3 Basic Constraints: 698s CA:FALSE 698s Netscape Cert Type: 698s SSL Client, S/MIME 698s Netscape Comment: 698s Test Organization Root CA trusted Certificate 698s X509v3 Subject Key Identifier: 698s CA:3B:D7:5E:F2:4D:74:0A:4D:0C:A0:C4:CB:67:37:71:26:BD:78:5B 698s X509v3 Key Usage: critical 698s Digital Signature, Non Repudiation, Key Encipherment 698s X509v3 Extended Key Usage: 698s TLS Web Client Authentication, E-mail Protection 698s X509v3 Subject Alternative Name: 698s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 698s Signature Algorithm: sha256WithRSAEncryption 698s Signature Value: 698s 40:fd:43:81:14:b8:83:e8:b1:8f:f7:7b:ce:fa:dc:57:1b:77: 698s a1:8d:f9:57:36:39:fc:f7:d9:91:0b:64:50:18:14:87:b3:49: 698s 7c:b2:f4:72:e3:ce:e2:27:e8:a9:a5:c9:d1:b0:72:73:bc:83: 698s fa:70:e2:01:c4:9c:7c:1e:e0:bc:d8:7b:c0:eb:2c:54:5b:b4: 698s 5c:df:52:ee:76:ab:59:1a:37:15:05:3b:82:c1:d9:88:7b:9d: 698s d3:13:42:7e:1b:6a:49:69:20:c3:ff:c0:b1:15:be:fe:e1:49: 698s a2:35:d5:9f:c0:cd:92:67:86:37:62:71:75:57:68:6b:0d:71: 698s bb:d9 698s + openssl ca -batch -notext -config /tmp/sssd-softhsm2-nb8LhS/test-root-CA.config -passin pass:random-root-CA-password-18571 -keyfile /tmp/sssd-softhsm2-nb8LhS/test-root-CA-key.pem -in /tmp/sssd-softhsm2-nb8LhS/test-root-CA-trusted-certificate-0001-request.pem -days 365 -extensions usr_cert -out /tmp/sssd-softhsm2-nb8LhS/test-root-CA-trusted-certificate-0001.pem 698s Using configuration from /tmp/sssd-softhsm2-nb8LhS/test-root-CA.config 698s Check that the request matches the signature 698s Signature ok 698s Certificate Details: 698s Serial Number: 3 (0x3) 698s Validity 698s Not Before: Nov 15 21:18:36 2024 GMT 698s Not After : Nov 15 21:18:36 2025 GMT 698s Subject: 698s organizationName = Test Organization 698s organizationalUnitName = Test Organization Unit 698s commonName = Test Organization Root Trusted Certificate 0001 698s X509v3 extensions: 698s X509v3 Authority Key Identifier: 698s E0:AF:9D:51:01:4E:01:F5:6D:88:82:7B:2A:E3:83:5C:C8:4F:66:0B 698s X509v3 Basic Constraints: 698s CA:FALSE 698s Netscape Cert Type: 698s SSL Client, S/MIME 698s Netscape Comment: 698s Test Organization Root CA trusted Certificate 698s X509v3 Subject Key Identifier: 698s CA:3B:D7:5E:F2:4D:74:0A:4D:0C:A0:C4:CB:67:37:71:26:BD:78:5B 698s X509v3 Key Usage: critical 698s Digital Signature, Non Repudiation, Key Encipherment 698s X509v3 Extended Key Usage: 698s TLS Web Client Authentication, E-mail Protection 698s X509v3 Subject Alternative Name: 698s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 698s Certificate is to be certified until Nov 15 21:18:36 2025 GMT (365 days) 698s 698s Write out database with 1 new entries 698s Database updated 698s + openssl x509 -noout -in /tmp/sssd-softhsm2-nb8LhS/test-root-CA-trusted-certificate-0001.pem 698s + openssl verify -CAfile /tmp/sssd-softhsm2-nb8LhS/test-root-CA.pem /tmp/sssd-softhsm2-nb8LhS/test-root-CA-trusted-certificate-0001.pem 698s /tmp/sssd-softhsm2-nb8LhS/test-root-CA-trusted-certificate-0001.pem: OK 698s + expect_fail openssl verify -CAfile /tmp/sssd-softhsm2-nb8LhS/test-intermediate-CA.pem /tmp/sssd-softhsm2-nb8LhS/test-root-CA-trusted-certificate-0001.pem 698s + local cmd=openssl 698s + shift 698s + openssl verify -CAfile /tmp/sssd-softhsm2-nb8LhS/test-intermediate-CA.pem /tmp/sssd-softhsm2-nb8LhS/test-root-CA-trusted-certificate-0001.pem 698s O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root Trusted Certificate 0001 698s error 20 at 0 depth lookup: unable to get local issuer certificate 698s error /tmp/sssd-softhsm2-nb8LhS/test-root-CA-trusted-certificate-0001.pem: verification failed 698s + cat 698s + intermediate_ca_trusted_cert_0001_key_pass=pass:random-intermediate-ca-trusted-cert-0001-27551 698s + openssl genrsa -aes256 -out /tmp/sssd-softhsm2-nb8LhS/test-intermediate-CA-trusted-certificate-0001-key.pem -passout pass:random-intermediate-ca-trusted-cert-0001-27551 1024 698s + openssl req -new -nodes -reqexts req_exts -passin pass:random-intermediate-ca-trusted-cert-0001-27551 -key /tmp/sssd-softhsm2-nb8LhS/test-intermediate-CA-trusted-certificate-0001-key.pem -config /tmp/sssd-softhsm2-nb8LhS/test-intermediate-CA-trusted-certificate-0001.config -out /tmp/sssd-softhsm2-nb8LhS/test-intermediate-CA-trusted-certificate-0001-request.pem 698s + openssl req -text -noout -in /tmp/sssd-softhsm2-nb8LhS/test-intermediate-CA-trusted-certificate-0001-request.pem 698s Certificate Request: 698s Data: 698s Version: 1 (0x0) 698s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate Trusted Certificate 0001 698s Subject Public Key Info: 698s Public Key Algorithm: rsaEncryption 698s Public-Key: (1024 bit) 698s Modulus: 698s 00:9f:44:3c:1e:df:88:26:22:5e:60:06:bf:e7:71: 698s 5c:fe:01:9e:d5:41:ed:96:7d:db:69:af:31:63:6b: 698s 10:38:39:f0:e8:a2:07:2b:ad:49:71:1e:c8:5e:3f: 698s 46:40:6f:62:77:1a:34:81:78:12:2b:a0:5f:55:25: 698s 1f:13:7f:03:fb:84:7a:b2:1f:2b:46:c2:12:78:8c: 698s 6b:ee:63:1c:ed:f4:53:6c:50:4f:87:46:83:7f:40: 698s fd:62:ef:29:f7:51:31:04:f0:e4:32:d2:8c:60:dc: 698s 04:fa:9c:b3:4c:19:6c:e4:8b:cc:bc:30:b4:1f:50: 698s 42:5b:30:a9:6c:81:0c:17:71 698s Exponent: 65537 (0x10001) 698s Attributes: 698s Requested Extensions: 698s X509v3 Basic Constraints: 698s CA:FALSE 698s Netscape Cert Type: 698s SSL Client, S/MIME 698s Netscape Comment: 698s Test Organization Intermediate CA trusted Certificate 698s X509v3 Subject Key Identifier: 698s 6C:77:F7:D1:28:CE:1B:0E:BC:A6:76:84:C4:8F:6D:2F:6A:7D:21:DF 698s X509v3 Key Usage: critical 698s Digital Signature, Non Repudiation, Key Encipherment 698s X509v3 Extended Key Usage: 698s TLS Web Client Authentication, E-mail Protection 698s X509v3 Subject Alternative Name: 698s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 698s Signature Algorithm: sha256WithRSAEncryption 698s Signature Value: 698s 1e:4a:2b:32:63:a3:40:34:f3:e7:5b:dd:f1:f2:90:75:8b:e0: 698s 83:6f:10:47:57:7f:dd:cc:bf:e6:e3:1c:e6:7c:77:bf:6f:04: 698s 73:75:f1:67:2b:d4:7e:4c:79:07:d1:a6:91:7c:fd:ac:74:6c: 698s 5e:5c:3f:e7:43:10:eb:1d:0f:9c:72:b5:2c:f2:17:cb:34:98: 698s cb:82:72:51:29:e0:73:d9:7a:83:bf:57:a1:35:73:30:56:41: 698s 03:2f:5f:df:16:8e:49:26:68:c0:21:8d:ee:00:6a:da:f2:61: 698s 64:e8:a6:50:75:c7:2e:ad:1b:0a:bf:42:1a:65:c4:c3:17:99: 698s f4:9e 698s + openssl ca -passin pass:random-intermediate-CA-password-18319 -config /tmp/sssd-softhsm2-nb8LhS/test-intermediate-CA.config -batch -notext -keyfile /tmp/sssd-softhsm2-nb8LhS/test-intermediate-CA-key.pem -in /tmp/sssd-softhsm2-nb8LhS/test-intermediate-CA-trusted-certificate-0001-request.pem -days 365 -extensions usr_cert -out /tmp/sssd-softhsm2-nb8LhS/test-intermediate-CA-trusted-certificate-0001.pem 698s Using configuration from /tmp/sssd-softhsm2-nb8LhS/test-intermediate-CA.config 698s Check that the request matches the signature 698s Signature ok 698s Certificate Details: 698s Serial Number: 4 (0x4) 698s Validity 698s Not Before: Nov 15 21:18:36 2024 GMT 698s Not After : Nov 15 21:18:36 2025 GMT 698s Subject: 698s organizationName = Test Organization 698s organizationalUnitName = Test Organization Unit 698s commonName = Test Organization Intermediate Trusted Certificate 0001 698s X509v3 extensions: 698s X509v3 Authority Key Identifier: 698s C0:06:CD:E8:9C:C5:94:A3:E9:AB:C2:71:78:41:95:47:0C:4D:A7:05 698s X509v3 Basic Constraints: 698s CA:FALSE 698s Netscape Cert Type: 698s SSL Client, S/MIME 698s Netscape Comment: 698s Test Organization Intermediate CA trusted Certificate 698s X509v3 Subject Key Identifier: 698s 6C:77:F7:D1:28:CE:1B:0E:BC:A6:76:84:C4:8F:6D:2F:6A:7D:21:DF 698s X509v3 Key Usage: critical 698s Digital Signature, Non Repudiation, Key Encipherment 698s X509v3 Extended Key Usage: 698s TLS Web Client Authentication, E-mail Protection 698s X509v3 Subject Alternative Name: 698s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 698s Certificate is to be certified until Nov 15 21:18:36 2025 GMT (365 days) 698s 698s Write out database with 1 new entries 698s Database updated 698s + openssl x509 -noout -in /tmp/sssd-softhsm2-nb8LhS/test-intermediate-CA-trusted-certificate-0001.pem 698s This certificate should not be trusted fully 698s + echo 'This certificate should not be trusted fully' 698s + expect_fail openssl verify -CAfile /tmp/sssd-softhsm2-nb8LhS/test-intermediate-CA.pem /tmp/sssd-softhsm2-nb8LhS/test-intermediate-CA-trusted-certificate-0001.pem 698s + local cmd=openssl 698s + shift 698s + openssl verify -CAfile /tmp/sssd-softhsm2-nb8LhS/test-intermediate-CA.pem /tmp/sssd-softhsm2-nb8LhS/test-intermediate-CA-trusted-certificate-0001.pem 698s O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate CA 698s error 2 at 1 depth lookup: unable to get issuer certificate 698s error /tmp/sssd-softhsm2-nb8LhS/test-intermediate-CA-trusted-certificate-0001.pem: verification failed 698s + openssl verify -partial_chain -CAfile /tmp/sssd-softhsm2-nb8LhS/test-intermediate-CA.pem /tmp/sssd-softhsm2-nb8LhS/test-intermediate-CA-trusted-certificate-0001.pem 698s /tmp/sssd-softhsm2-nb8LhS/test-intermediate-CA-trusted-certificate-0001.pem: OK 698s + cat 698s + sub_intermediate_ca_trusted_cert_0001_key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-20200 698s + openssl genrsa -aes256 -out /tmp/sssd-softhsm2-nb8LhS/test-sub-intermediate-CA-trusted-certificate-0001-key.pem -passout pass:random-sub-intermediate-ca-trusted-cert-0001-20200 1024 698s + openssl req -new -nodes -reqexts req_exts -passin pass:random-sub-intermediate-ca-trusted-cert-0001-20200 -key /tmp/sssd-softhsm2-nb8LhS/test-sub-intermediate-CA-trusted-certificate-0001-key.pem -config /tmp/sssd-softhsm2-nb8LhS/test-sub-intermediate-CA-trusted-certificate-0001.config -out /tmp/sssd-softhsm2-nb8LhS/test-sub-intermediate-CA-trusted-certificate-0001-request.pem 698s + openssl req -text -noout -in /tmp/sssd-softhsm2-nb8LhS/test-sub-intermediate-CA-trusted-certificate-0001-request.pem 698s Certificate Request: 698s Data: 698s Version: 1 (0x0) 698s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate Trusted Certificate 0001 698s Subject Public Key Info: 698s Public Key Algorithm: rsaEncryption 698s Public-Key: (1024 bit) 698s Modulus: 698s 00:b3:2e:9b:de:fe:f6:7d:32:ff:f3:2d:ab:2a:39: 698s 8b:d5:80:b7:50:a0:e3:43:07:03:e4:82:1f:0b:87: 698s 48:76:7b:e9:20:c5:50:5b:db:fd:30:8e:36:5a:05: 698s 7e:ce:e8:c5:81:16:6e:d2:4e:13:36:3a:59:4a:f8: 698s 78:72:41:52:61:a9:c2:8c:7c:6b:80:ba:4a:51:ea: 698s 96:7a:31:8f:da:e1:d6:eb:68:26:b1:6a:91:29:20: 698s 86:72:8f:a4:49:c3:56:82:bc:a0:c7:b1:66:f8:5e: 698s 61:13:03:ca:75:dc:39:28:e9:f3:7b:d4:91:80:03: 698s 55:c8:a9:87:9e:45:fc:5a:b3 698s Exponent: 65537 (0x10001) 698s Attributes: 698s Requested Extensions: 698s X509v3 Basic Constraints: 698s CA:FALSE 698s Netscape Cert Type: 698s SSL Client, S/MIME 698s Netscape Comment: 698s Test Organization Sub Intermediate CA trusted Certificate 698s X509v3 Subject Key Identifier: 698s 24:5C:FA:A5:94:9B:53:2C:2B:88:4C:7C:F3:E1:77:E0:49:6E:53:0C 698s X509v3 Key Usage: critical 698s Digital Signature, Non Repudiation, Key Encipherment 698s X509v3 Extended Key Usage: 698s TLS Web Client Authentication, E-mail Protection 698s X509v3 Subject Alternative Name: 698s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 698s Signature Algorithm: sha256WithRSAEncryption 698s Signature Value: 698s 8e:35:da:70:90:15:d5:3e:d5:71:01:9f:90:27:a9:cf:8e:61: 698s 35:82:af:ae:05:bf:be:42:f6:5e:20:50:0f:f5:36:06:b1:f5: 698s bf:fc:83:da:97:4c:6f:4b:fd:99:81:36:b5:83:03:ee:04:13: 698s 28:4e:e3:c0:ea:48:c4:9c:1d:5b:d1:bd:24:97:cc:a9:00:08: 698s 75:f0:fb:09:54:de:c1:13:7b:2b:95:1c:e9:00:f7:fd:8e:f2: 698s 6b:45:c0:d6:c2:73:fe:ab:29:62:3a:9e:f2:a4:9b:ef:75:ab: 698s b6:6b:59:ba:2e:5f:e4:2c:12:cd:ed:89:b6:31:44:b1:0e:db: 698s bc:b3 698s + openssl ca -passin pass:random-sub-intermediate-CA-password-24259 -config /tmp/sssd-softhsm2-nb8LhS/test-sub-intermediate-CA.config -batch -notext -keyfile /tmp/sssd-softhsm2-nb8LhS/test-sub-intermediate-CA-key.pem -in /tmp/sssd-softhsm2-nb8LhS/test-sub-intermediate-CA-trusted-certificate-0001-request.pem -days 365 -extensions usr_cert -out /tmp/sssd-softhsm2-nb8LhS/test-sub-intermediate-CA-trusted-certificate-0001.pem 698s Using configuration from /tmp/sssd-softhsm2-nb8LhS/test-sub-intermediate-CA.config 698s Check that the request matches the signature 698s Signature ok 698s Certificate Details: 698s Serial Number: 5 (0x5) 698s Validity 698s Not Before: Nov 15 21:18:36 2024 GMT 698s Not After : Nov 15 21:18:36 2025 GMT 698s Subject: 698s organizationName = Test Organization 698s organizationalUnitName = Test Organization Unit 698s commonName = Test Organization Sub Intermediate Trusted Certificate 0001 698s X509v3 extensions: 698s X509v3 Authority Key Identifier: 698s 3D:3A:72:A2:57:57:9F:CD:0C:0D:EC:4D:DB:C0:0C:C1:86:F2:56:AF 698s X509v3 Basic Constraints: 698s CA:FALSE 698s Netscape Cert Type: 698s SSL Client, S/MIME 698s Netscape Comment: 698s Test Organization Sub Intermediate CA trusted Certificate 698s X509v3 Subject Key Identifier: 698s 24:5C:FA:A5:94:9B:53:2C:2B:88:4C:7C:F3:E1:77:E0:49:6E:53:0C 698s X509v3 Key Usage: critical 698s Digital Signature, Non Repudiation, Key Encipherment 698s X509v3 Extended Key Usage: 698s TLS Web Client Authentication, E-mail Protection 698s X509v3 Subject Alternative Name: 698s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 698s Certificate is to be certified until Nov 15 21:18:36 2025 GMT (365 days) 698s 698s Write out database with 1 new entries 698s Database updated 698s + openssl x509 -noout -in /tmp/sssd-softhsm2-nb8LhS/test-sub-intermediate-CA-trusted-certificate-0001.pem 699s This certificate should not be trusted fully 699s + echo 'This certificate should not be trusted fully' 699s + expect_fail openssl verify -CAfile /tmp/sssd-softhsm2-nb8LhS/test-sub-intermediate-CA.pem /tmp/sssd-softhsm2-nb8LhS/test-sub-intermediate-CA-trusted-certificate-0001.pem 699s + local cmd=openssl 699s + shift 699s + openssl verify -CAfile /tmp/sssd-softhsm2-nb8LhS/test-sub-intermediate-CA.pem /tmp/sssd-softhsm2-nb8LhS/test-sub-intermediate-CA-trusted-certificate-0001.pem 699s O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate CA 699s error 2 at 1 depth lookup: unable to get issuer certificate 699s error /tmp/sssd-softhsm2-nb8LhS/test-sub-intermediate-CA-trusted-certificate-0001.pem: verification failed 699s + expect_fail openssl verify -CAfile /tmp/sssd-softhsm2-nb8LhS/test-intermediate-CA.pem /tmp/sssd-softhsm2-nb8LhS/test-sub-intermediate-CA-trusted-certificate-0001.pem 699s + local cmd=openssl 699s + shift 699s + openssl verify -CAfile /tmp/sssd-softhsm2-nb8LhS/test-intermediate-CA.pem /tmp/sssd-softhsm2-nb8LhS/test-sub-intermediate-CA-trusted-certificate-0001.pem 699s O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate Trusted Certificate 0001 699s error 20 at 0 depth lookup: unable to get local issuer certificate 699s error /tmp/sssd-softhsm2-nb8LhS/test-sub-intermediate-CA-trusted-certificate-0001.pem: verification failed 699s + openssl verify -partial_chain -CAfile /tmp/sssd-softhsm2-nb8LhS/test-sub-intermediate-CA.pem /tmp/sssd-softhsm2-nb8LhS/test-sub-intermediate-CA-trusted-certificate-0001.pem 699s /tmp/sssd-softhsm2-nb8LhS/test-sub-intermediate-CA-trusted-certificate-0001.pem: OK 699s + expect_fail openssl verify -partial_chain -CAfile /tmp/sssd-softhsm2-nb8LhS/test-intermediate-CA.pem /tmp/sssd-softhsm2-nb8LhS/test-sub-intermediate-CA-trusted-certificate-0001.pem 699s + local cmd=openssl 699s + shift 699s + openssl verify -partial_chain -CAfile /tmp/sssd-softhsm2-nb8LhS/test-intermediate-CA.pem /tmp/sssd-softhsm2-nb8LhS/test-sub-intermediate-CA-trusted-certificate-0001.pem 699s O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate Trusted Certificate 0001 699s error 20 at 0 depth lookup: unable to get local issuer certificate 699s error /tmp/sssd-softhsm2-nb8LhS/test-sub-intermediate-CA-trusted-certificate-0001.pem: verification failed 699s Building a the full-chain CA file... 699s + echo 'Building a the full-chain CA file...' 699s + cat /tmp/sssd-softhsm2-nb8LhS/test-root-CA.pem /tmp/sssd-softhsm2-nb8LhS/test-intermediate-CA.pem /tmp/sssd-softhsm2-nb8LhS/test-sub-intermediate-CA.pem 699s + cat /tmp/sssd-softhsm2-nb8LhS/test-root-CA.pem /tmp/sssd-softhsm2-nb8LhS/test-intermediate-CA.pem 699s + cat /tmp/sssd-softhsm2-nb8LhS/test-intermediate-CA.pem /tmp/sssd-softhsm2-nb8LhS/test-sub-intermediate-CA.pem 699s + openssl crl2pkcs7 -nocrl -certfile /tmp/sssd-softhsm2-nb8LhS/test-full-chain-CA.pem 699s + openssl pkcs7 -print_certs -noout 699s subject=O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root CA 699s issuer=O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root CA 699s 699s subject=O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate CA 699s issuer=O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root CA 699s 699s subject=O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate CA 699s issuer=O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate CA 699s 699s + openssl verify -CAfile /tmp/sssd-softhsm2-nb8LhS/test-full-chain-CA.pem /tmp/sssd-softhsm2-nb8LhS/test-intermediate-CA.pem 699s /tmp/sssd-softhsm2-nb8LhS/test-intermediate-CA.pem: OK 699s + openssl verify -CAfile /tmp/sssd-softhsm2-nb8LhS/test-full-chain-CA.pem /tmp/sssd-softhsm2-nb8LhS/test-root-CA-trusted-certificate-0001.pem 699s /tmp/sssd-softhsm2-nb8LhS/test-root-CA-trusted-certificate-0001.pem: OK 699s + openssl verify -CAfile /tmp/sssd-softhsm2-nb8LhS/test-full-chain-CA.pem /tmp/sssd-softhsm2-nb8LhS/test-intermediate-CA-trusted-certificate-0001.pem 699s /tmp/sssd-softhsm2-nb8LhS/test-intermediate-CA-trusted-certificate-0001.pem: OK 699s + openssl verify -CAfile /tmp/sssd-softhsm2-nb8LhS/test-full-chain-CA.pem /tmp/sssd-softhsm2-nb8LhS/test-root-intermediate-chain-CA.pem 699s /tmp/sssd-softhsm2-nb8LhS/test-root-intermediate-chain-CA.pem: OK 699s + openssl verify -CAfile /tmp/sssd-softhsm2-nb8LhS/test-full-chain-CA.pem /tmp/sssd-softhsm2-nb8LhS/test-sub-intermediate-CA-trusted-certificate-0001.pem 699s /tmp/sssd-softhsm2-nb8LhS/test-sub-intermediate-CA-trusted-certificate-0001.pem: OK 699s Certificates generation completed! 699s + echo 'Certificates generation completed!' 699s + [[ -v NO_SSSD_TESTS ]] 699s + invalid_certificate /tmp/sssd-softhsm2-nb8LhS/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-3772 /dev/null 699s + check_certificate /tmp/sssd-softhsm2-nb8LhS/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-3772 /dev/null 699s + local certificate=/tmp/sssd-softhsm2-nb8LhS/test-root-CA-trusted-certificate-0001.pem 699s + local key_pass=pass:random-root-ca-trusted-cert-0001-3772 699s + local key_ring=/dev/null 699s + local verify_option= 699s + prepare_softhsm2_card /tmp/sssd-softhsm2-nb8LhS/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-3772 699s + local certificate=/tmp/sssd-softhsm2-nb8LhS/test-root-CA-trusted-certificate-0001.pem 699s + local key_pass=pass:random-root-ca-trusted-cert-0001-3772 699s + local key_cn 699s + local key_name 699s + local tokens_dir 699s + local output_cert_file 699s + token_name= 699s ++ basename /tmp/sssd-softhsm2-nb8LhS/test-root-CA-trusted-certificate-0001.pem .pem 699s + key_name=test-root-CA-trusted-certificate-0001 699s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-nb8LhS/test-root-CA-trusted-certificate-0001.pem 699s ++ sed -n 's/ *commonName *= //p' 699s + key_cn='Test Organization Root Trusted Certificate 0001' 699s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 699s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-nb8LhS/softhsm2-test-root-CA-trusted-certificate-0001.conf 699s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-nb8LhS/softhsm2-test-root-CA-trusted-certificate-0001.conf 699s ++ basename /tmp/sssd-softhsm2-nb8LhS/softhsm2-test-root-CA-trusted-certificate-0001.conf .conf 699s + tokens_dir=/tmp/sssd-softhsm2-nb8LhS/softhsm2-test-root-CA-trusted-certificate-0001 699s + token_name='Test Organization Root Tr Token' 699s + '[' '!' -e /tmp/sssd-softhsm2-nb8LhS/softhsm2-test-root-CA-trusted-certificate-0001.conf ']' 699s + local key_file 699s + local decrypted_key 699s + mkdir -p /tmp/sssd-softhsm2-nb8LhS/softhsm2-test-root-CA-trusted-certificate-0001 699s + key_file=/tmp/sssd-softhsm2-nb8LhS/test-root-CA-trusted-certificate-0001-key.pem 699s + decrypted_key=/tmp/sssd-softhsm2-nb8LhS/test-root-CA-trusted-certificate-0001-key-decrypted.pem 699s + cat 699s + softhsm2-util --init-token --label 'Test Organization Root Tr Token' --pin 053350 --so-pin 053350 --free 699s Slot 0 has a free/uninitialized token. 699s The token has been initialized and is reassigned to slot 983677898 699s + softhsm2-util --show-slots 699s Available slots: 699s Slot 983677898 699s Slot info: 699s Description: SoftHSM slot ID 0x3aa1bbca 699s Manufacturer ID: SoftHSM project 699s Hardware version: 2.6 699s Firmware version: 2.6 699s Token present: yes 699s Token info: 699s Manufacturer ID: SoftHSM project 699s Model: SoftHSM v2 699s Hardware version: 2.6 699s Firmware version: 2.6 699s Serial number: 6325a0a33aa1bbca 699s Initialized: yes 699s User PIN init.: yes 699s Label: Test Organization Root Tr Token 699s Slot 1 699s Slot info: 699s Description: SoftHSM slot ID 0x1 699s Manufacturer ID: SoftHSM project 699s Hardware version: 2.6 699s Firmware version: 2.6 699s Token present: yes 699s Token info: 699s Manufacturer ID: SoftHSM project 699s Model: SoftHSM v2 699s Hardware version: 2.6 699s Firmware version: 2.6 699s Serial number: 699s Initialized: no 699s User PIN init.: no 699s Label: 699s + p11tool --provider=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so --write --no-mark-private --load-certificate=/tmp/sssd-softhsm2-nb8LhS/test-root-CA-trusted-certificate-0001.pem --login --set-pin=053350 --label 'Test Organization Root Trusted Certificate 0001' --id 00112233445566778899FFAABBCCDDEEFF012345 699s + openssl rsa -passin pass:random-root-ca-trusted-cert-0001-3772 -in /tmp/sssd-softhsm2-nb8LhS/test-root-CA-trusted-certificate-0001-key.pem -out /tmp/sssd-softhsm2-nb8LhS/test-root-CA-trusted-certificate-0001-key-decrypted.pem 699s writing RSA key 699s + p11tool --provider=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so --write --load-privkey=/tmp/sssd-softhsm2-nb8LhS/test-root-CA-trusted-certificate-0001-key-decrypted.pem --login --set-pin=053350 --label 'Test Organization Root Trusted Certificate 0001 Key' --id 00112233445566778899FFAABBCCDDEEFF012345 699s + rm /tmp/sssd-softhsm2-nb8LhS/test-root-CA-trusted-certificate-0001-key-decrypted.pem 699s + p11tool --provider=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so --list-all 699s Object 0: 699s URL: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=6325a0a33aa1bbca;token=Test%20Organization%20Root%20Tr%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Root%20Trusted%20Certificate%200001;type=cert 699s Type: X.509 Certificate (RSA-1024) 699s Expires: Sat Nov 15 21:18:36 2025 699s Label: Test Organization Root Trusted Certificate 0001 699s ID: 00:11:22:33:44:55:66:77:88:99:ff:aa:bb:cc:dd:ee:ff:01:23:45 699s 699s + echo 'Test Organization Root Tr Token' 699s + '[' -n '' ']' 699s + local output_base_name=SSSD-child-18690 699s + local output_file=/tmp/sssd-softhsm2-nb8LhS/SSSD-child-18690.output 699s + output_cert_file=/tmp/sssd-softhsm2-nb8LhS/SSSD-child-18690.pem 699s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so '' --ca_db=/dev/null 699s Test Organization Root Tr Token 699s [p11_child[2199]] [main] (0x0400): p11_child started. 699s [p11_child[2199]] [main] (0x2000): Running in [pre-auth] mode. 699s [p11_child[2199]] [main] (0x2000): Running with effective IDs: [0][0]. 699s [p11_child[2199]] [main] (0x2000): Running with real IDs [0][0]. 699s [p11_child[2199]] [init_verification] (0x0040): X509_LOOKUP_load_file [/dev/null] failed [92274824][error:05800088:x509 certificate routines::no certificate or crl found]. 699s [p11_child[2199]] [do_work] (0x0040): init_verification failed. 699s [p11_child[2199]] [main] (0x0020): p11_child failed (5) 699s + return 2 699s + valid_certificate /tmp/sssd-softhsm2-nb8LhS/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-3772 /dev/null no_verification 699s + check_certificate /tmp/sssd-softhsm2-nb8LhS/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-3772 /dev/null no_verification 699s + local certificate=/tmp/sssd-softhsm2-nb8LhS/test-root-CA-trusted-certificate-0001.pem 699s + local key_pass=pass:random-root-ca-trusted-cert-0001-3772 699s + local key_ring=/dev/null 699s + local verify_option=no_verification 699s + prepare_softhsm2_card /tmp/sssd-softhsm2-nb8LhS/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-3772 699s + local certificate=/tmp/sssd-softhsm2-nb8LhS/test-root-CA-trusted-certificate-0001.pem 699s + local key_pass=pass:random-root-ca-trusted-cert-0001-3772 699s + local key_cn 699s + local key_name 699s + local tokens_dir 699s + local output_cert_file 699s + token_name= 699s ++ basename /tmp/sssd-softhsm2-nb8LhS/test-root-CA-trusted-certificate-0001.pem .pem 699s + key_name=test-root-CA-trusted-certificate-0001 699s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-nb8LhS/test-root-CA-trusted-certificate-0001.pem 699s ++ sed -n 's/ *commonName *= //p' 699s + key_cn='Test Organization Root Trusted Certificate 0001' 699s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 699s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-nb8LhS/softhsm2-test-root-CA-trusted-certificate-0001.conf 699s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-nb8LhS/softhsm2-test-root-CA-trusted-certificate-0001.conf 699s ++ basename /tmp/sssd-softhsm2-nb8LhS/softhsm2-test-root-CA-trusted-certificate-0001.conf .conf 699s Test Organization Root Tr Token 699s + tokens_dir=/tmp/sssd-softhsm2-nb8LhS/softhsm2-test-root-CA-trusted-certificate-0001 699s + token_name='Test Organization Root Tr Token' 699s + '[' '!' -e /tmp/sssd-softhsm2-nb8LhS/softhsm2-test-root-CA-trusted-certificate-0001.conf ']' 699s + '[' '!' -d /tmp/sssd-softhsm2-nb8LhS/softhsm2-test-root-CA-trusted-certificate-0001 ']' 699s + echo 'Test Organization Root Tr Token' 699s + '[' -n no_verification ']' 699s + local verify_arg=--verify=no_verification 699s + local output_base_name=SSSD-child-24273 699s + local output_file=/tmp/sssd-softhsm2-nb8LhS/SSSD-child-24273.output 699s + output_cert_file=/tmp/sssd-softhsm2-nb8LhS/SSSD-child-24273.pem 699s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so --verify=no_verification --ca_db=/dev/null 699s [p11_child[2205]] [main] (0x0400): p11_child started. 699s [p11_child[2205]] [main] (0x2000): Running in [pre-auth] mode. 699s [p11_child[2205]] [main] (0x2000): Running with effective IDs: [0][0]. 699s [p11_child[2205]] [main] (0x2000): Running with real IDs [0][0]. 699s [p11_child[2205]] [parse_cert_verify_opts] (0x0020): Found 'no_verification' option, disabling verification completely. This should not be used in production. 699s [p11_child[2205]] [do_card] (0x4000): Module List: 699s [p11_child[2205]] [do_card] (0x4000): common name: [softhsm2]. 699s [p11_child[2205]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 699s [p11_child[2205]] [do_card] (0x4000): Description [SoftHSM slot ID 0x3aa1bbca] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 699s [p11_child[2205]] [do_card] (0x4000): Token label [Test Organization Root Tr Token]. 699s [p11_child[2205]] [do_card] (0x4000): Found [Test Organization Root Tr Token] in slot [SoftHSM slot ID 0x3aa1bbca][983677898] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 699s [p11_child[2205]] [do_card] (0x4000): Login NOT required. 699s [p11_child[2205]] [read_certs] (0x4000): found cert[Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] 699s [p11_child[2205]] [do_card] (0x4000): /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so (null) Test Organization Root Tr Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 699s [p11_child[2205]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x3aa1bbca;slot-manufacturer=SoftHSM%20project;slot-id=983677898;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=6325a0a33aa1bbca;token=Test%20Organization%20Root%20Tr%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Root%20Trusted%20Certificate%200001;type=cert. 699s [p11_child[2205]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 699s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-nb8LhS/SSSD-child-24273.output 699s + echo '-----BEGIN CERTIFICATE-----' 699s + tail -n1 /tmp/sssd-softhsm2-nb8LhS/SSSD-child-24273.output 699s + echo '-----END CERTIFICATE-----' 699s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-nb8LhS/SSSD-child-24273.pem 699s Certificate: 699s Data: 699s Version: 3 (0x2) 699s Serial Number: 3 (0x3) 699s Signature Algorithm: sha256WithRSAEncryption 699s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root CA 699s Validity 699s Not Before: Nov 15 21:18:36 2024 GMT 699s Not After : Nov 15 21:18:36 2025 GMT 699s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root Trusted Certificate 0001 699s Subject Public Key Info: 699s Public Key Algorithm: rsaEncryption 699s Public-Key: (1024 bit) 699s Modulus: 699s 00:c8:68:7f:69:d9:f4:ef:c0:ad:85:05:7f:c2:b2: 699s 7b:d7:91:bf:82:32:d2:19:f7:75:61:b1:27:37:5f: 699s ed:a9:e5:65:51:1c:5e:d3:5d:2f:cb:21:ed:c0:95: 699s b9:07:e4:cf:1f:79:ce:63:1e:0f:73:52:70:a8:6c: 699s 8f:05:4e:62:12:52:b3:e0:9b:bb:27:07:89:ce:6c: 699s 0d:1c:a8:95:7d:b1:dc:df:25:bb:b2:05:56:7c:4b: 699s 62:ce:2a:76:aa:6b:2c:51:27:68:75:92:3f:16:75: 699s e3:3b:18:a1:70:68:86:ab:ec:74:77:de:0b:43:01: 699s 49:e6:4b:f1:ce:8b:17:de:01 699s Exponent: 65537 (0x10001) 699s X509v3 extensions: 699s X509v3 Authority Key Identifier: 699s E0:AF:9D:51:01:4E:01:F5:6D:88:82:7B:2A:E3:83:5C:C8:4F:66:0B 699s X509v3 Basic Constraints: 699s CA:FALSE 699s Netscape Cert Type: 699s SSL Client, S/MIME 699s Netscape Comment: 699s Test Organization Root CA trusted Certificate 699s X509v3 Subject Key Identifier: 699s CA:3B:D7:5E:F2:4D:74:0A:4D:0C:A0:C4:CB:67:37:71:26:BD:78:5B 699s X509v3 Key Usage: critical 699s Digital Signature, Non Repudiation, Key Encipherment 699s X509v3 Extended Key Usage: 699s TLS Web Client Authentication, E-mail Protection 699s X509v3 Subject Alternative Name: 699s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 699s Signature Algorithm: sha256WithRSAEncryption 699s Signature Value: 699s 2d:c5:e3:6e:4b:21:a9:7b:f3:36:ef:58:ad:a1:37:5c:ae:da: 699s 5e:fc:76:30:fa:0d:c2:27:44:70:3e:e9:50:b0:96:b9:8a:e9: 699s c5:2c:b5:5c:76:76:8c:05:80:25:3e:41:36:4c:36:72:37:a3: 699s 7c:6f:43:6f:7e:fd:f9:f2:d2:0e:27:ee:51:8f:30:01:ab:37: 699s 9c:15:e0:ba:1f:d4:13:e5:3a:39:16:19:aa:e3:0b:c9:21:9f: 699s 15:5d:8c:b5:d0:d7:ee:8f:ef:ab:51:c4:9b:36:3c:03:60:2e: 699s 7a:9d:0a:10:f1:f9:6f:54:2c:74:35:86:50:9d:c9:0d:0b:0d: 699s 14:18 699s + local found_md5 expected_md5 699s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-nb8LhS/test-root-CA-trusted-certificate-0001.pem 699s + expected_md5=Modulus=C8687F69D9F4EFC0AD85057FC2B27BD791BF8232D219F77561B127375FEDA9E565511C5ED35D2FCB21EDC095B907E4CF1F79CE631E0F735270A86C8F054E621252B3E09BBB270789CE6C0D1CA8957DB1DCDF25BBB205567C4B62CE2A76AA6B2C51276875923F1675E33B18A1706886ABEC7477DE0B430149E64BF1CE8B17DE01 699s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-nb8LhS/SSSD-child-24273.pem 699s + found_md5=Modulus=C8687F69D9F4EFC0AD85057FC2B27BD791BF8232D219F77561B127375FEDA9E565511C5ED35D2FCB21EDC095B907E4CF1F79CE631E0F735270A86C8F054E621252B3E09BBB270789CE6C0D1CA8957DB1DCDF25BBB205567C4B62CE2A76AA6B2C51276875923F1675E33B18A1706886ABEC7477DE0B430149E64BF1CE8B17DE01 699s + '[' Modulus=C8687F69D9F4EFC0AD85057FC2B27BD791BF8232D219F77561B127375FEDA9E565511C5ED35D2FCB21EDC095B907E4CF1F79CE631E0F735270A86C8F054E621252B3E09BBB270789CE6C0D1CA8957DB1DCDF25BBB205567C4B62CE2A76AA6B2C51276875923F1675E33B18A1706886ABEC7477DE0B430149E64BF1CE8B17DE01 '!=' Modulus=C8687F69D9F4EFC0AD85057FC2B27BD791BF8232D219F77561B127375FEDA9E565511C5ED35D2FCB21EDC095B907E4CF1F79CE631E0F735270A86C8F054E621252B3E09BBB270789CE6C0D1CA8957DB1DCDF25BBB205567C4B62CE2A76AA6B2C51276875923F1675E33B18A1706886ABEC7477DE0B430149E64BF1CE8B17DE01 ']' 699s + output_file=/tmp/sssd-softhsm2-nb8LhS/SSSD-child-24273-auth.output 699s ++ basename /tmp/sssd-softhsm2-nb8LhS/SSSD-child-24273-auth.output .output 699s + output_cert_file=/tmp/sssd-softhsm2-nb8LhS/SSSD-child-24273-auth.pem 699s + echo -n 053350 699s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/dev/null --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 --verify=no_verification --token_name 'Test Organization Root Tr Token' --module_name /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so 699s [p11_child[2213]] [main] (0x0400): p11_child started. 699s [p11_child[2213]] [main] (0x2000): Running in [auth] mode. 699s [p11_child[2213]] [main] (0x2000): Running with effective IDs: [0][0]. 699s [p11_child[2213]] [main] (0x2000): Running with real IDs [0][0]. 699s [p11_child[2213]] [parse_cert_verify_opts] (0x0020): Found 'no_verification' option, disabling verification completely. This should not be used in production. 699s [p11_child[2213]] [do_card] (0x4000): Module List: 699s [p11_child[2213]] [do_card] (0x4000): common name: [softhsm2]. 699s [p11_child[2213]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 699s [p11_child[2213]] [do_card] (0x4000): Description [SoftHSM slot ID 0x3aa1bbca] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 699s [p11_child[2213]] [do_card] (0x4000): Token label [Test Organization Root Tr Token]. 699s [p11_child[2213]] [do_card] (0x4000): Found [Test Organization Root Tr Token] in slot [SoftHSM slot ID 0x3aa1bbca][983677898] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 699s [p11_child[2213]] [do_card] (0x4000): Login required. 699s [p11_child[2213]] [read_certs] (0x4000): found cert[Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] 699s [p11_child[2213]] [do_card] (0x4000): /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so Test Organization Root Tr Token Test Organization Root Tr Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 699s [p11_child[2213]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x3aa1bbca;slot-manufacturer=SoftHSM%20project;slot-id=983677898;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=6325a0a33aa1bbca;token=Test%20Organization%20Root%20Tr%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Root%20Trusted%20Certificate%200001;type=cert. 699s [p11_child[2213]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 699s [p11_child[2213]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 699s [p11_child[2213]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 699s [p11_child[2213]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 699s [p11_child[2213]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 699s [p11_child[2213]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 699s [p11_child[2213]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 699s [p11_child[2213]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 699s [p11_child[2213]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 699s [p11_child[2213]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 699s [p11_child[2213]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 699s [p11_child[2213]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 699s [p11_child[2213]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 699s [p11_child[2213]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 699s [p11_child[2213]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 699s [p11_child[2213]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 699s [p11_child[2213]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 699s [p11_child[2213]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 699s [p11_child[2213]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 699s [p11_child[2213]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 699s [p11_child[2213]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 699s [p11_child[2213]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 699s [p11_child[2213]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 699s [p11_child[2213]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 699s [p11_child[2213]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 699s [p11_child[2213]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 699s [p11_child[2213]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 699s [p11_child[2213]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 699s [p11_child[2213]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 699s [p11_child[2213]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 699s [p11_child[2213]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 699s [p11_child[2213]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 699s [p11_child[2213]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 699s [p11_child[2213]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 699s [p11_child[2213]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 699s [p11_child[2213]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 699s [p11_child[2213]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 699s [p11_child[2213]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 699s [p11_child[2213]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 699s [p11_child[2213]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 699s [p11_child[2213]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 699s [p11_child[2213]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 699s [p11_child[2213]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 699s [p11_child[2213]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 699s [p11_child[2213]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 699s [p11_child[2213]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 699s [p11_child[2213]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 699s [p11_child[2213]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 699s [p11_child[2213]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 699s [p11_child[2213]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 699s [p11_child[2213]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 699s [p11_child[2213]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 699s [p11_child[2213]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 699s [p11_child[2213]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 699s [p11_child[2213]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 699s [p11_child[2213]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 699s [p11_child[2213]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 699s [p11_child[2213]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 699s [p11_child[2213]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 699s [p11_child[2213]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 699s [p11_child[2213]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 699s [p11_child[2213]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 699s [p11_child[2213]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 699s [p11_child[2213]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 699s [p11_child[2213]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 699s [p11_child[2213]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 699s [p11_child[2213]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 699s [p11_child[2213]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 699s [p11_child[2213]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 699s [p11_child[2213]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 699s [p11_child[2213]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 699s [p11_child[2213]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 699s [p11_child[2213]] [do_card] (0x4000): Certificate verified and validated. 699s [p11_child[2213]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 699s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-nb8LhS/SSSD-child-24273-auth.output 699s + echo '-----BEGIN CERTIFICATE-----' 699s + tail -n1 /tmp/sssd-softhsm2-nb8LhS/SSSD-child-24273-auth.output 699s + echo '-----END CERTIFICATE-----' 699s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-nb8LhS/SSSD-child-24273-auth.pem 699s Certificate: 699s Data: 699s Version: 3 (0x2) 699s Serial Number: 3 (0x3) 699s Signature Algorithm: sha256WithRSAEncryption 699s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root CA 699s Validity 699s Not Before: Nov 15 21:18:36 2024 GMT 699s Not After : Nov 15 21:18:36 2025 GMT 699s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root Trusted Certificate 0001 699s Subject Public Key Info: 699s Public Key Algorithm: rsaEncryption 699s Public-Key: (1024 bit) 699s Modulus: 699s 00:c8:68:7f:69:d9:f4:ef:c0:ad:85:05:7f:c2:b2: 699s 7b:d7:91:bf:82:32:d2:19:f7:75:61:b1:27:37:5f: 699s ed:a9:e5:65:51:1c:5e:d3:5d:2f:cb:21:ed:c0:95: 699s b9:07:e4:cf:1f:79:ce:63:1e:0f:73:52:70:a8:6c: 699s 8f:05:4e:62:12:52:b3:e0:9b:bb:27:07:89:ce:6c: 699s 0d:1c:a8:95:7d:b1:dc:df:25:bb:b2:05:56:7c:4b: 699s 62:ce:2a:76:aa:6b:2c:51:27:68:75:92:3f:16:75: 699s e3:3b:18:a1:70:68:86:ab:ec:74:77:de:0b:43:01: 699s 49:e6:4b:f1:ce:8b:17:de:01 699s Exponent: 65537 (0x10001) 699s X509v3 extensions: 699s X509v3 Authority Key Identifier: 699s E0:AF:9D:51:01:4E:01:F5:6D:88:82:7B:2A:E3:83:5C:C8:4F:66:0B 699s X509v3 Basic Constraints: 699s CA:FALSE 699s Netscape Cert Type: 699s SSL Client, S/MIME 699s Netscape Comment: 699s Test Organization Root CA trusted Certificate 699s X509v3 Subject Key Identifier: 699s CA:3B:D7:5E:F2:4D:74:0A:4D:0C:A0:C4:CB:67:37:71:26:BD:78:5B 699s X509v3 Key Usage: critical 699s Digital Signature, Non Repudiation, Key Encipherment 699s X509v3 Extended Key Usage: 699s TLS Web Client Authentication, E-mail Protection 699s X509v3 Subject Alternative Name: 699s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 699s Signature Algorithm: sha256WithRSAEncryption 699s Signature Value: 699s 2d:c5:e3:6e:4b:21:a9:7b:f3:36:ef:58:ad:a1:37:5c:ae:da: 699s 5e:fc:76:30:fa:0d:c2:27:44:70:3e:e9:50:b0:96:b9:8a:e9: 699s c5:2c:b5:5c:76:76:8c:05:80:25:3e:41:36:4c:36:72:37:a3: 699s 7c:6f:43:6f:7e:fd:f9:f2:d2:0e:27:ee:51:8f:30:01:ab:37: 699s 9c:15:e0:ba:1f:d4:13:e5:3a:39:16:19:aa:e3:0b:c9:21:9f: 699s 15:5d:8c:b5:d0:d7:ee:8f:ef:ab:51:c4:9b:36:3c:03:60:2e: 699s 7a:9d:0a:10:f1:f9:6f:54:2c:74:35:86:50:9d:c9:0d:0b:0d: 699s 14:18 699s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-nb8LhS/SSSD-child-24273-auth.pem 699s + found_md5=Modulus=C8687F69D9F4EFC0AD85057FC2B27BD791BF8232D219F77561B127375FEDA9E565511C5ED35D2FCB21EDC095B907E4CF1F79CE631E0F735270A86C8F054E621252B3E09BBB270789CE6C0D1CA8957DB1DCDF25BBB205567C4B62CE2A76AA6B2C51276875923F1675E33B18A1706886ABEC7477DE0B430149E64BF1CE8B17DE01 699s + '[' Modulus=C8687F69D9F4EFC0AD85057FC2B27BD791BF8232D219F77561B127375FEDA9E565511C5ED35D2FCB21EDC095B907E4CF1F79CE631E0F735270A86C8F054E621252B3E09BBB270789CE6C0D1CA8957DB1DCDF25BBB205567C4B62CE2A76AA6B2C51276875923F1675E33B18A1706886ABEC7477DE0B430149E64BF1CE8B17DE01 '!=' Modulus=C8687F69D9F4EFC0AD85057FC2B27BD791BF8232D219F77561B127375FEDA9E565511C5ED35D2FCB21EDC095B907E4CF1F79CE631E0F735270A86C8F054E621252B3E09BBB270789CE6C0D1CA8957DB1DCDF25BBB205567C4B62CE2A76AA6B2C51276875923F1675E33B18A1706886ABEC7477DE0B430149E64BF1CE8B17DE01 ']' 699s + valid_certificate /tmp/sssd-softhsm2-nb8LhS/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-3772 /tmp/sssd-softhsm2-nb8LhS/test-root-CA.pem 699s + check_certificate /tmp/sssd-softhsm2-nb8LhS/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-3772 /tmp/sssd-softhsm2-nb8LhS/test-root-CA.pem 699s + local certificate=/tmp/sssd-softhsm2-nb8LhS/test-root-CA-trusted-certificate-0001.pem 699s + local key_pass=pass:random-root-ca-trusted-cert-0001-3772 699s + local key_ring=/tmp/sssd-softhsm2-nb8LhS/test-root-CA.pem 699s + local verify_option= 699s + prepare_softhsm2_card /tmp/sssd-softhsm2-nb8LhS/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-3772 699s + local certificate=/tmp/sssd-softhsm2-nb8LhS/test-root-CA-trusted-certificate-0001.pem 699s + local key_pass=pass:random-root-ca-trusted-cert-0001-3772 699s + local key_cn 699s + local key_name 699s + local tokens_dir 699s + local output_cert_file 699s + token_name= 699s ++ basename /tmp/sssd-softhsm2-nb8LhS/test-root-CA-trusted-certificate-0001.pem .pem 699s + key_name=test-root-CA-trusted-certificate-0001 699s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-nb8LhS/test-root-CA-trusted-certificate-0001.pem 699s ++ sed -n 's/ *commonName *= //p' 699s + key_cn='Test Organization Root Trusted Certificate 0001' 699s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 699s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-nb8LhS/softhsm2-test-root-CA-trusted-certificate-0001.conf 699s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-nb8LhS/softhsm2-test-root-CA-trusted-certificate-0001.conf 699s ++ basename /tmp/sssd-softhsm2-nb8LhS/softhsm2-test-root-CA-trusted-certificate-0001.conf .conf 699s Test Organization Root Tr Token 699s + tokens_dir=/tmp/sssd-softhsm2-nb8LhS/softhsm2-test-root-CA-trusted-certificate-0001 699s + token_name='Test Organization Root Tr Token' 699s + '[' '!' -e /tmp/sssd-softhsm2-nb8LhS/softhsm2-test-root-CA-trusted-certificate-0001.conf ']' 699s + '[' '!' -d /tmp/sssd-softhsm2-nb8LhS/softhsm2-test-root-CA-trusted-certificate-0001 ']' 699s + echo 'Test Organization Root Tr Token' 699s + '[' -n '' ']' 699s + local output_base_name=SSSD-child-17206 699s + local output_file=/tmp/sssd-softhsm2-nb8LhS/SSSD-child-17206.output 699s + output_cert_file=/tmp/sssd-softhsm2-nb8LhS/SSSD-child-17206.pem 699s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so '' --ca_db=/tmp/sssd-softhsm2-nb8LhS/test-root-CA.pem 699s [p11_child[2223]] [main] (0x0400): p11_child started. 699s [p11_child[2223]] [main] (0x2000): Running in [pre-auth] mode. 699s [p11_child[2223]] [main] (0x2000): Running with effective IDs: [0][0]. 699s [p11_child[2223]] [main] (0x2000): Running with real IDs [0][0]. 699s [p11_child[2223]] [do_card] (0x4000): Module List: 699s [p11_child[2223]] [do_card] (0x4000): common name: [softhsm2]. 699s [p11_child[2223]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 699s [p11_child[2223]] [do_card] (0x4000): Description [SoftHSM slot ID 0x3aa1bbca] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 699s [p11_child[2223]] [do_card] (0x4000): Token label [Test Organization Root Tr Token]. 699s [p11_child[2223]] [do_card] (0x4000): Found [Test Organization Root Tr Token] in slot [SoftHSM slot ID 0x3aa1bbca][983677898] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 699s [p11_child[2223]] [do_card] (0x4000): Login NOT required. 699s [p11_child[2223]] [read_certs] (0x4000): found cert[Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] 699s [p11_child[2223]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 699s [p11_child[2223]] [do_card] (0x4000): /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so (null) Test Organization Root Tr Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 699s [p11_child[2223]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x3aa1bbca;slot-manufacturer=SoftHSM%20project;slot-id=983677898;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=6325a0a33aa1bbca;token=Test%20Organization%20Root%20Tr%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Root%20Trusted%20Certificate%200001;type=cert. 699s [p11_child[2223]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 699s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-nb8LhS/SSSD-child-17206.output 699s + echo '-----BEGIN CERTIFICATE-----' 699s + tail -n1 /tmp/sssd-softhsm2-nb8LhS/SSSD-child-17206.output 699s + echo '-----END CERTIFICATE-----' 699s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-nb8LhS/SSSD-child-17206.pem 699s Certificate: 699s Data: 699s Version: 3 (0x2) 699s Serial Number: 3 (0x3) 699s Signature Algorithm: sha256WithRSAEncryption 699s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root CA 699s Validity 699s Not Before: Nov 15 21:18:36 2024 GMT 699s Not After : Nov 15 21:18:36 2025 GMT 699s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root Trusted Certificate 0001 699s Subject Public Key Info: 699s Public Key Algorithm: rsaEncryption 699s Public-Key: (1024 bit) 699s Modulus: 699s 00:c8:68:7f:69:d9:f4:ef:c0:ad:85:05:7f:c2:b2: 699s 7b:d7:91:bf:82:32:d2:19:f7:75:61:b1:27:37:5f: 699s ed:a9:e5:65:51:1c:5e:d3:5d:2f:cb:21:ed:c0:95: 699s b9:07:e4:cf:1f:79:ce:63:1e:0f:73:52:70:a8:6c: 699s 8f:05:4e:62:12:52:b3:e0:9b:bb:27:07:89:ce:6c: 699s 0d:1c:a8:95:7d:b1:dc:df:25:bb:b2:05:56:7c:4b: 699s 62:ce:2a:76:aa:6b:2c:51:27:68:75:92:3f:16:75: 699s e3:3b:18:a1:70:68:86:ab:ec:74:77:de:0b:43:01: 699s 49:e6:4b:f1:ce:8b:17:de:01 699s Exponent: 65537 (0x10001) 699s X509v3 extensions: 699s X509v3 Authority Key Identifier: 699s E0:AF:9D:51:01:4E:01:F5:6D:88:82:7B:2A:E3:83:5C:C8:4F:66:0B 699s X509v3 Basic Constraints: 699s CA:FALSE 699s Netscape Cert Type: 699s SSL Client, S/MIME 699s Netscape Comment: 699s Test Organization Root CA trusted Certificate 699s X509v3 Subject Key Identifier: 699s CA:3B:D7:5E:F2:4D:74:0A:4D:0C:A0:C4:CB:67:37:71:26:BD:78:5B 699s X509v3 Key Usage: critical 699s Digital Signature, Non Repudiation, Key Encipherment 699s X509v3 Extended Key Usage: 699s TLS Web Client Authentication, E-mail Protection 699s X509v3 Subject Alternative Name: 699s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 699s Signature Algorithm: sha256WithRSAEncryption 699s Signature Value: 699s 2d:c5:e3:6e:4b:21:a9:7b:f3:36:ef:58:ad:a1:37:5c:ae:da: 699s 5e:fc:76:30:fa:0d:c2:27:44:70:3e:e9:50:b0:96:b9:8a:e9: 699s c5:2c:b5:5c:76:76:8c:05:80:25:3e:41:36:4c:36:72:37:a3: 699s 7c:6f:43:6f:7e:fd:f9:f2:d2:0e:27:ee:51:8f:30:01:ab:37: 699s 9c:15:e0:ba:1f:d4:13:e5:3a:39:16:19:aa:e3:0b:c9:21:9f: 699s 15:5d:8c:b5:d0:d7:ee:8f:ef:ab:51:c4:9b:36:3c:03:60:2e: 699s 7a:9d:0a:10:f1:f9:6f:54:2c:74:35:86:50:9d:c9:0d:0b:0d: 699s 14:18 699s + local found_md5 expected_md5 699s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-nb8LhS/test-root-CA-trusted-certificate-0001.pem 699s + expected_md5=Modulus=C8687F69D9F4EFC0AD85057FC2B27BD791BF8232D219F77561B127375FEDA9E565511C5ED35D2FCB21EDC095B907E4CF1F79CE631E0F735270A86C8F054E621252B3E09BBB270789CE6C0D1CA8957DB1DCDF25BBB205567C4B62CE2A76AA6B2C51276875923F1675E33B18A1706886ABEC7477DE0B430149E64BF1CE8B17DE01 699s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-nb8LhS/SSSD-child-17206.pem 699s + found_md5=Modulus=C8687F69D9F4EFC0AD85057FC2B27BD791BF8232D219F77561B127375FEDA9E565511C5ED35D2FCB21EDC095B907E4CF1F79CE631E0F735270A86C8F054E621252B3E09BBB270789CE6C0D1CA8957DB1DCDF25BBB205567C4B62CE2A76AA6B2C51276875923F1675E33B18A1706886ABEC7477DE0B430149E64BF1CE8B17DE01 699s + '[' Modulus=C8687F69D9F4EFC0AD85057FC2B27BD791BF8232D219F77561B127375FEDA9E565511C5ED35D2FCB21EDC095B907E4CF1F79CE631E0F735270A86C8F054E621252B3E09BBB270789CE6C0D1CA8957DB1DCDF25BBB205567C4B62CE2A76AA6B2C51276875923F1675E33B18A1706886ABEC7477DE0B430149E64BF1CE8B17DE01 '!=' Modulus=C8687F69D9F4EFC0AD85057FC2B27BD791BF8232D219F77561B127375FEDA9E565511C5ED35D2FCB21EDC095B907E4CF1F79CE631E0F735270A86C8F054E621252B3E09BBB270789CE6C0D1CA8957DB1DCDF25BBB205567C4B62CE2A76AA6B2C51276875923F1675E33B18A1706886ABEC7477DE0B430149E64BF1CE8B17DE01 ']' 699s + output_file=/tmp/sssd-softhsm2-nb8LhS/SSSD-child-17206-auth.output 699s ++ basename /tmp/sssd-softhsm2-nb8LhS/SSSD-child-17206-auth.output .output 699s + output_cert_file=/tmp/sssd-softhsm2-nb8LhS/SSSD-child-17206-auth.pem 699s + echo -n 053350 699s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/tmp/sssd-softhsm2-nb8LhS/test-root-CA.pem --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 '' --token_name 'Test Organization Root Tr Token' --module_name /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so 699s [p11_child[2231]] [main] (0x0400): p11_child started. 699s [p11_child[2231]] [main] (0x2000): Running in [auth] mode. 699s [p11_child[2231]] [main] (0x2000): Running with effective IDs: [0][0]. 699s [p11_child[2231]] [main] (0x2000): Running with real IDs [0][0]. 699s [p11_child[2231]] [do_card] (0x4000): Module List: 699s [p11_child[2231]] [do_card] (0x4000): common name: [softhsm2]. 699s [p11_child[2231]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 699s [p11_child[2231]] [do_card] (0x4000): Description [SoftHSM slot ID 0x3aa1bbca] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 699s [p11_child[2231]] [do_card] (0x4000): Token label [Test Organization Root Tr Token]. 699s [p11_child[2231]] [do_card] (0x4000): Found [Test Organization Root Tr Token] in slot [SoftHSM slot ID 0x3aa1bbca][983677898] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 699s [p11_child[2231]] [do_card] (0x4000): Login required. 699s [p11_child[2231]] [read_certs] (0x4000): found cert[Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] 699s [p11_child[2231]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 699s [p11_child[2231]] [do_card] (0x4000): /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so Test Organization Root Tr Token Test Organization Root Tr Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 699s [p11_child[2231]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x3aa1bbca;slot-manufacturer=SoftHSM%20project;slot-id=983677898;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=6325a0a33aa1bbca;token=Test%20Organization%20Root%20Tr%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Root%20Trusted%20Certificate%200001;type=cert. 699s [p11_child[2231]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 699s [p11_child[2231]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 699s [p11_child[2231]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 699s [p11_child[2231]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 699s [p11_child[2231]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 699s [p11_child[2231]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 699s [p11_child[2231]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 699s [p11_child[2231]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 699s [p11_child[2231]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 699s [p11_child[2231]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 699s [p11_child[2231]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 699s [p11_child[2231]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 699s [p11_child[2231]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 699s [p11_child[2231]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 699s [p11_child[2231]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 699s [p11_child[2231]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 699s [p11_child[2231]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 699s [p11_child[2231]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 699s [p11_child[2231]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 699s [p11_child[2231]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 699s [p11_child[2231]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 699s [p11_child[2231]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 699s [p11_child[2231]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 699s [p11_child[2231]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 699s [p11_child[2231]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 699s [p11_child[2231]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 699s [p11_child[2231]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 699s [p11_child[2231]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 699s [p11_child[2231]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 699s [p11_child[2231]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 699s [p11_child[2231]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 699s [p11_child[2231]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 699s [p11_child[2231]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 699s [p11_child[2231]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 699s [p11_child[2231]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 699s [p11_child[2231]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 699s [p11_child[2231]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 699s [p11_child[2231]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 699s [p11_child[2231]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 699s [p11_child[2231]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 699s [p11_child[2231]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 699s [p11_child[2231]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 699s [p11_child[2231]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 699s [p11_child[2231]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 699s [p11_child[2231]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 699s [p11_child[2231]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 699s [p11_child[2231]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 699s [p11_child[2231]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 699s [p11_child[2231]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 699s [p11_child[2231]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 699s [p11_child[2231]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 699s [p11_child[2231]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 699s [p11_child[2231]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 699s [p11_child[2231]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 699s [p11_child[2231]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 699s [p11_child[2231]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 699s [p11_child[2231]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 699s [p11_child[2231]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 699s [p11_child[2231]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 699s [p11_child[2231]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 699s [p11_child[2231]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 699s [p11_child[2231]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 699s [p11_child[2231]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 699s [p11_child[2231]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 699s [p11_child[2231]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 699s [p11_child[2231]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 699s [p11_child[2231]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 699s [p11_child[2231]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 699s [p11_child[2231]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 699s [p11_child[2231]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 699s [p11_child[2231]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 699s [p11_child[2231]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 699s [p11_child[2231]] [do_card] (0x4000): Certificate verified and validated. 699s [p11_child[2231]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 699s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-nb8LhS/SSSD-child-17206-auth.output 699s + echo '-----BEGIN CERTIFICATE-----' 699s + tail -n1 /tmp/sssd-softhsm2-nb8LhS/SSSD-child-17206-auth.output 699s + echo '-----END CERTIFICATE-----' 699s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-nb8LhS/SSSD-child-17206-auth.pem 699s Certificate: 699s Data: 699s Version: 3 (0x2) 699s Serial Number: 3 (0x3) 699s Signature Algorithm: sha256WithRSAEncryption 699s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root CA 699s Validity 699s Not Before: Nov 15 21:18:36 2024 GMT 699s Not After : Nov 15 21:18:36 2025 GMT 699s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root Trusted Certificate 0001 699s Subject Public Key Info: 699s Public Key Algorithm: rsaEncryption 699s Public-Key: (1024 bit) 699s Modulus: 699s 00:c8:68:7f:69:d9:f4:ef:c0:ad:85:05:7f:c2:b2: 699s 7b:d7:91:bf:82:32:d2:19:f7:75:61:b1:27:37:5f: 699s ed:a9:e5:65:51:1c:5e:d3:5d:2f:cb:21:ed:c0:95: 699s b9:07:e4:cf:1f:79:ce:63:1e:0f:73:52:70:a8:6c: 699s 8f:05:4e:62:12:52:b3:e0:9b:bb:27:07:89:ce:6c: 699s 0d:1c:a8:95:7d:b1:dc:df:25:bb:b2:05:56:7c:4b: 699s 62:ce:2a:76:aa:6b:2c:51:27:68:75:92:3f:16:75: 699s e3:3b:18:a1:70:68:86:ab:ec:74:77:de:0b:43:01: 699s 49:e6:4b:f1:ce:8b:17:de:01 699s Exponent: 65537 (0x10001) 699s X509v3 extensions: 699s X509v3 Authority Key Identifier: 699s E0:AF:9D:51:01:4E:01:F5:6D:88:82:7B:2A:E3:83:5C:C8:4F:66:0B 699s X509v3 Basic Constraints: 699s CA:FALSE 699s Netscape Cert Type: 699s SSL Client, S/MIME 699s Netscape Comment: 699s Test Organization Root CA trusted Certificate 699s X509v3 Subject Key Identifier: 699s CA:3B:D7:5E:F2:4D:74:0A:4D:0C:A0:C4:CB:67:37:71:26:BD:78:5B 699s X509v3 Key Usage: critical 699s Digital Signature, Non Repudiation, Key Encipherment 699s X509v3 Extended Key Usage: 699s TLS Web Client Authentication, E-mail Protection 699s X509v3 Subject Alternative Name: 699s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 699s Signature Algorithm: sha256WithRSAEncryption 699s Signature Value: 699s 2d:c5:e3:6e:4b:21:a9:7b:f3:36:ef:58:ad:a1:37:5c:ae:da: 699s 5e:fc:76:30:fa:0d:c2:27:44:70:3e:e9:50:b0:96:b9:8a:e9: 699s c5:2c:b5:5c:76:76:8c:05:80:25:3e:41:36:4c:36:72:37:a3: 699s 7c:6f:43:6f:7e:fd:f9:f2:d2:0e:27:ee:51:8f:30:01:ab:37: 699s 9c:15:e0:ba:1f:d4:13:e5:3a:39:16:19:aa:e3:0b:c9:21:9f: 699s 15:5d:8c:b5:d0:d7:ee:8f:ef:ab:51:c4:9b:36:3c:03:60:2e: 699s 7a:9d:0a:10:f1:f9:6f:54:2c:74:35:86:50:9d:c9:0d:0b:0d: 699s 14:18 699s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-nb8LhS/SSSD-child-17206-auth.pem 699s + found_md5=Modulus=C8687F69D9F4EFC0AD85057FC2B27BD791BF8232D219F77561B127375FEDA9E565511C5ED35D2FCB21EDC095B907E4CF1F79CE631E0F735270A86C8F054E621252B3E09BBB270789CE6C0D1CA8957DB1DCDF25BBB205567C4B62CE2A76AA6B2C51276875923F1675E33B18A1706886ABEC7477DE0B430149E64BF1CE8B17DE01 699s + '[' Modulus=C8687F69D9F4EFC0AD85057FC2B27BD791BF8232D219F77561B127375FEDA9E565511C5ED35D2FCB21EDC095B907E4CF1F79CE631E0F735270A86C8F054E621252B3E09BBB270789CE6C0D1CA8957DB1DCDF25BBB205567C4B62CE2A76AA6B2C51276875923F1675E33B18A1706886ABEC7477DE0B430149E64BF1CE8B17DE01 '!=' Modulus=C8687F69D9F4EFC0AD85057FC2B27BD791BF8232D219F77561B127375FEDA9E565511C5ED35D2FCB21EDC095B907E4CF1F79CE631E0F735270A86C8F054E621252B3E09BBB270789CE6C0D1CA8957DB1DCDF25BBB205567C4B62CE2A76AA6B2C51276875923F1675E33B18A1706886ABEC7477DE0B430149E64BF1CE8B17DE01 ']' 699s + valid_certificate /tmp/sssd-softhsm2-nb8LhS/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-3772 /tmp/sssd-softhsm2-nb8LhS/test-root-CA.pem partial_chain 699s + check_certificate /tmp/sssd-softhsm2-nb8LhS/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-3772 /tmp/sssd-softhsm2-nb8LhS/test-root-CA.pem partial_chain 699s + local certificate=/tmp/sssd-softhsm2-nb8LhS/test-root-CA-trusted-certificate-0001.pem 699s + local key_pass=pass:random-root-ca-trusted-cert-0001-3772 699s + local key_ring=/tmp/sssd-softhsm2-nb8LhS/test-root-CA.pem 699s + local verify_option=partial_chain 699s + prepare_softhsm2_card /tmp/sssd-softhsm2-nb8LhS/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-3772 699s + local certificate=/tmp/sssd-softhsm2-nb8LhS/test-root-CA-trusted-certificate-0001.pem 699s + local key_pass=pass:random-root-ca-trusted-cert-0001-3772 699s + local key_cn 699s + local key_name 699s + local tokens_dir 699s + local output_cert_file 699s + token_name= 699s ++ basename /tmp/sssd-softhsm2-nb8LhS/test-root-CA-trusted-certificate-0001.pem .pem 699s + key_name=test-root-CA-trusted-certificate-0001 699s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-nb8LhS/test-root-CA-trusted-certificate-0001.pem 699s ++ sed -n 's/ *commonName *= //p' 699s + key_cn='Test Organization Root Trusted Certificate 0001' 699s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 699s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-nb8LhS/softhsm2-test-root-CA-trusted-certificate-0001.conf 699s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-nb8LhS/softhsm2-test-root-CA-trusted-certificate-0001.conf 699s ++ basename /tmp/sssd-softhsm2-nb8LhS/softhsm2-test-root-CA-trusted-certificate-0001.conf .conf 699s + tokens_dir=/tmp/sssd-softhsm2-nb8LhS/softhsm2-test-root-CA-trusted-certificate-0001 699s + token_name='Test Organization Root Tr Token' 699s Test Organization Root Tr Token 699s + '[' '!' -e /tmp/sssd-softhsm2-nb8LhS/softhsm2-test-root-CA-trusted-certificate-0001.conf ']' 699s + '[' '!' -d /tmp/sssd-softhsm2-nb8LhS/softhsm2-test-root-CA-trusted-certificate-0001 ']' 699s + echo 'Test Organization Root Tr Token' 699s + '[' -n partial_chain ']' 699s + local verify_arg=--verify=partial_chain 699s + local output_base_name=SSSD-child-5191 699s + local output_file=/tmp/sssd-softhsm2-nb8LhS/SSSD-child-5191.output 699s + output_cert_file=/tmp/sssd-softhsm2-nb8LhS/SSSD-child-5191.pem 699s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so --verify=partial_chain --ca_db=/tmp/sssd-softhsm2-nb8LhS/test-root-CA.pem 699s [p11_child[2241]] [main] (0x0400): p11_child started. 699s [p11_child[2241]] [main] (0x2000): Running in [pre-auth] mode. 699s [p11_child[2241]] [main] (0x2000): Running with effective IDs: [0][0]. 699s [p11_child[2241]] [main] (0x2000): Running with real IDs [0][0]. 699s [p11_child[2241]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 699s [p11_child[2241]] [do_card] (0x4000): Module List: 699s [p11_child[2241]] [do_card] (0x4000): common name: [softhsm2]. 699s [p11_child[2241]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 699s [p11_child[2241]] [do_card] (0x4000): Description [SoftHSM slot ID 0x3aa1bbca] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 699s [p11_child[2241]] [do_card] (0x4000): Token label [Test Organization Root Tr Token]. 699s [p11_child[2241]] [do_card] (0x4000): Found [Test Organization Root Tr Token] in slot [SoftHSM slot ID 0x3aa1bbca][983677898] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 699s [p11_child[2241]] [do_card] (0x4000): Login NOT required. 699s [p11_child[2241]] [read_certs] (0x4000): found cert[Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] 699s [p11_child[2241]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 699s [p11_child[2241]] [do_card] (0x4000): /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so (null) Test Organization Root Tr Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 699s [p11_child[2241]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x3aa1bbca;slot-manufacturer=SoftHSM%20project;slot-id=983677898;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=6325a0a33aa1bbca;token=Test%20Organization%20Root%20Tr%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Root%20Trusted%20Certificate%200001;type=cert. 699s [p11_child[2241]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 699s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-nb8LhS/SSSD-child-5191.output 699s + echo '-----BEGIN CERTIFICATE-----' 699s + tail -n1 /tmp/sssd-softhsm2-nb8LhS/SSSD-child-5191.output 699s + echo '-----END CERTIFICATE-----' 699s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-nb8LhS/SSSD-child-5191.pem 699s Certificate: 699s Data: 699s Version: 3 (0x2) 699s Serial Number: 3 (0x3) 699s Signature Algorithm: sha256WithRSAEncryption 699s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root CA 699s Validity 699s Not Before: Nov 15 21:18:36 2024 GMT 699s Not After : Nov 15 21:18:36 2025 GMT 699s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root Trusted Certificate 0001 699s Subject Public Key Info: 699s Public Key Algorithm: rsaEncryption 699s Public-Key: (1024 bit) 699s Modulus: 699s 00:c8:68:7f:69:d9:f4:ef:c0:ad:85:05:7f:c2:b2: 699s 7b:d7:91:bf:82:32:d2:19:f7:75:61:b1:27:37:5f: 699s ed:a9:e5:65:51:1c:5e:d3:5d:2f:cb:21:ed:c0:95: 699s b9:07:e4:cf:1f:79:ce:63:1e:0f:73:52:70:a8:6c: 699s 8f:05:4e:62:12:52:b3:e0:9b:bb:27:07:89:ce:6c: 699s 0d:1c:a8:95:7d:b1:dc:df:25:bb:b2:05:56:7c:4b: 699s 62:ce:2a:76:aa:6b:2c:51:27:68:75:92:3f:16:75: 699s e3:3b:18:a1:70:68:86:ab:ec:74:77:de:0b:43:01: 699s 49:e6:4b:f1:ce:8b:17:de:01 699s Exponent: 65537 (0x10001) 699s X509v3 extensions: 699s X509v3 Authority Key Identifier: 699s E0:AF:9D:51:01:4E:01:F5:6D:88:82:7B:2A:E3:83:5C:C8:4F:66:0B 699s X509v3 Basic Constraints: 699s CA:FALSE 699s Netscape Cert Type: 699s SSL Client, S/MIME 699s Netscape Comment: 699s Test Organization Root CA trusted Certificate 699s X509v3 Subject Key Identifier: 699s CA:3B:D7:5E:F2:4D:74:0A:4D:0C:A0:C4:CB:67:37:71:26:BD:78:5B 699s X509v3 Key Usage: critical 699s Digital Signature, Non Repudiation, Key Encipherment 699s X509v3 Extended Key Usage: 699s TLS Web Client Authentication, E-mail Protection 699s X509v3 Subject Alternative Name: 699s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 699s Signature Algorithm: sha256WithRSAEncryption 699s Signature Value: 699s 2d:c5:e3:6e:4b:21:a9:7b:f3:36:ef:58:ad:a1:37:5c:ae:da: 699s 5e:fc:76:30:fa:0d:c2:27:44:70:3e:e9:50:b0:96:b9:8a:e9: 699s c5:2c:b5:5c:76:76:8c:05:80:25:3e:41:36:4c:36:72:37:a3: 699s 7c:6f:43:6f:7e:fd:f9:f2:d2:0e:27:ee:51:8f:30:01:ab:37: 699s 9c:15:e0:ba:1f:d4:13:e5:3a:39:16:19:aa:e3:0b:c9:21:9f: 699s 15:5d:8c:b5:d0:d7:ee:8f:ef:ab:51:c4:9b:36:3c:03:60:2e: 699s 7a:9d:0a:10:f1:f9:6f:54:2c:74:35:86:50:9d:c9:0d:0b:0d: 699s 14:18 699s + local found_md5 expected_md5 699s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-nb8LhS/test-root-CA-trusted-certificate-0001.pem 699s + expected_md5=Modulus=C8687F69D9F4EFC0AD85057FC2B27BD791BF8232D219F77561B127375FEDA9E565511C5ED35D2FCB21EDC095B907E4CF1F79CE631E0F735270A86C8F054E621252B3E09BBB270789CE6C0D1CA8957DB1DCDF25BBB205567C4B62CE2A76AA6B2C51276875923F1675E33B18A1706886ABEC7477DE0B430149E64BF1CE8B17DE01 699s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-nb8LhS/SSSD-child-5191.pem 700s + found_md5=Modulus=C8687F69D9F4EFC0AD85057FC2B27BD791BF8232D219F77561B127375FEDA9E565511C5ED35D2FCB21EDC095B907E4CF1F79CE631E0F735270A86C8F054E621252B3E09BBB270789CE6C0D1CA8957DB1DCDF25BBB205567C4B62CE2A76AA6B2C51276875923F1675E33B18A1706886ABEC7477DE0B430149E64BF1CE8B17DE01 700s + '[' Modulus=C8687F69D9F4EFC0AD85057FC2B27BD791BF8232D219F77561B127375FEDA9E565511C5ED35D2FCB21EDC095B907E4CF1F79CE631E0F735270A86C8F054E621252B3E09BBB270789CE6C0D1CA8957DB1DCDF25BBB205567C4B62CE2A76AA6B2C51276875923F1675E33B18A1706886ABEC7477DE0B430149E64BF1CE8B17DE01 '!=' Modulus=C8687F69D9F4EFC0AD85057FC2B27BD791BF8232D219F77561B127375FEDA9E565511C5ED35D2FCB21EDC095B907E4CF1F79CE631E0F735270A86C8F054E621252B3E09BBB270789CE6C0D1CA8957DB1DCDF25BBB205567C4B62CE2A76AA6B2C51276875923F1675E33B18A1706886ABEC7477DE0B430149E64BF1CE8B17DE01 ']' 700s + output_file=/tmp/sssd-softhsm2-nb8LhS/SSSD-child-5191-auth.output 700s ++ basename /tmp/sssd-softhsm2-nb8LhS/SSSD-child-5191-auth.output .output 700s + output_cert_file=/tmp/sssd-softhsm2-nb8LhS/SSSD-child-5191-auth.pem 700s + echo -n 053350 700s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/tmp/sssd-softhsm2-nb8LhS/test-root-CA.pem --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 --verify=partial_chain --token_name 'Test Organization Root Tr Token' --module_name /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so 700s [p11_child[2249]] [main] (0x0400): p11_child started. 700s [p11_child[2249]] [main] (0x2000): Running in [auth] mode. 700s [p11_child[2249]] [main] (0x2000): Running with effective IDs: [0][0]. 700s [p11_child[2249]] [main] (0x2000): Running with real IDs [0][0]. 700s [p11_child[2249]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 700s [p11_child[2249]] [do_card] (0x4000): Module List: 700s [p11_child[2249]] [do_card] (0x4000): common name: [softhsm2]. 700s [p11_child[2249]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 700s [p11_child[2249]] [do_card] (0x4000): Description [SoftHSM slot ID 0x3aa1bbca] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 700s [p11_child[2249]] [do_card] (0x4000): Token label [Test Organization Root Tr Token]. 700s [p11_child[2249]] [do_card] (0x4000): Found [Test Organization Root Tr Token] in slot [SoftHSM slot ID 0x3aa1bbca][983677898] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 700s [p11_child[2249]] [do_card] (0x4000): Login required. 700s [p11_child[2249]] [read_certs] (0x4000): found cert[Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] 700s [p11_child[2249]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 700s [p11_child[2249]] [do_card] (0x4000): /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so Test Organization Root Tr Token Test Organization Root Tr Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 700s [p11_child[2249]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x3aa1bbca;slot-manufacturer=SoftHSM%20project;slot-id=983677898;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=6325a0a33aa1bbca;token=Test%20Organization%20Root%20Tr%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Root%20Trusted%20Certificate%200001;type=cert. 700s [p11_child[2249]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 700s [p11_child[2249]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 700s [p11_child[2249]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 700s [p11_child[2249]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 700s [p11_child[2249]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 700s [p11_child[2249]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 700s [p11_child[2249]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 700s [p11_child[2249]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 700s [p11_child[2249]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 700s [p11_child[2249]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 700s [p11_child[2249]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 700s [p11_child[2249]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 700s [p11_child[2249]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 700s [p11_child[2249]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 700s [p11_child[2249]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 700s [p11_child[2249]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 700s [p11_child[2249]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 700s [p11_child[2249]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 700s [p11_child[2249]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 700s [p11_child[2249]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 700s [p11_child[2249]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 700s [p11_child[2249]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 700s [p11_child[2249]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 700s [p11_child[2249]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 700s [p11_child[2249]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 700s [p11_child[2249]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 700s [p11_child[2249]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 700s [p11_child[2249]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 700s [p11_child[2249]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 700s [p11_child[2249]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 700s [p11_child[2249]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 700s [p11_child[2249]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 700s [p11_child[2249]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 700s [p11_child[2249]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 700s [p11_child[2249]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 700s [p11_child[2249]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 700s [p11_child[2249]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 700s [p11_child[2249]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 700s [p11_child[2249]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 700s [p11_child[2249]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 700s [p11_child[2249]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 700s [p11_child[2249]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 700s [p11_child[2249]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 700s [p11_child[2249]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 700s [p11_child[2249]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 700s [p11_child[2249]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 700s [p11_child[2249]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 700s [p11_child[2249]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 700s [p11_child[2249]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 700s [p11_child[2249]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 700s [p11_child[2249]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 700s [p11_child[2249]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 700s [p11_child[2249]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 700s [p11_child[2249]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 700s [p11_child[2249]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 700s [p11_child[2249]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 700s [p11_child[2249]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 700s [p11_child[2249]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 700s [p11_child[2249]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 700s [p11_child[2249]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 700s [p11_child[2249]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 700s [p11_child[2249]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 700s [p11_child[2249]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 700s [p11_child[2249]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 700s [p11_child[2249]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 700s [p11_child[2249]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 700s [p11_child[2249]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 700s [p11_child[2249]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 700s [p11_child[2249]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 700s [p11_child[2249]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 700s [p11_child[2249]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 700s [p11_child[2249]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 700s [p11_child[2249]] [do_card] (0x4000): Certificate verified and validated. 700s [p11_child[2249]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 700s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-nb8LhS/SSSD-child-5191-auth.output 700s + echo '-----BEGIN CERTIFICATE-----' 700s + tail -n1 /tmp/sssd-softhsm2-nb8LhS/SSSD-child-5191-auth.output 700s + echo '-----END CERTIFICATE-----' 700s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-nb8LhS/SSSD-child-5191-auth.pem 700s Certificate: 700s Data: 700s Version: 3 (0x2) 700s Serial Number: 3 (0x3) 700s Signature Algorithm: sha256WithRSAEncryption 700s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root CA 700s Validity 700s Not Before: Nov 15 21:18:36 2024 GMT 700s Not After : Nov 15 21:18:36 2025 GMT 700s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root Trusted Certificate 0001 700s Subject Public Key Info: 700s Public Key Algorithm: rsaEncryption 700s Public-Key: (1024 bit) 700s Modulus: 700s 00:c8:68:7f:69:d9:f4:ef:c0:ad:85:05:7f:c2:b2: 700s 7b:d7:91:bf:82:32:d2:19:f7:75:61:b1:27:37:5f: 700s ed:a9:e5:65:51:1c:5e:d3:5d:2f:cb:21:ed:c0:95: 700s b9:07:e4:cf:1f:79:ce:63:1e:0f:73:52:70:a8:6c: 700s 8f:05:4e:62:12:52:b3:e0:9b:bb:27:07:89:ce:6c: 700s 0d:1c:a8:95:7d:b1:dc:df:25:bb:b2:05:56:7c:4b: 700s 62:ce:2a:76:aa:6b:2c:51:27:68:75:92:3f:16:75: 700s e3:3b:18:a1:70:68:86:ab:ec:74:77:de:0b:43:01: 700s 49:e6:4b:f1:ce:8b:17:de:01 700s Exponent: 65537 (0x10001) 700s X509v3 extensions: 700s X509v3 Authority Key Identifier: 700s E0:AF:9D:51:01:4E:01:F5:6D:88:82:7B:2A:E3:83:5C:C8:4F:66:0B 700s X509v3 Basic Constraints: 700s CA:FALSE 700s Netscape Cert Type: 700s SSL Client, S/MIME 700s Netscape Comment: 700s Test Organization Root CA trusted Certificate 700s X509v3 Subject Key Identifier: 700s CA:3B:D7:5E:F2:4D:74:0A:4D:0C:A0:C4:CB:67:37:71:26:BD:78:5B 700s X509v3 Key Usage: critical 700s Digital Signature, Non Repudiation, Key Encipherment 700s X509v3 Extended Key Usage: 700s TLS Web Client Authentication, E-mail Protection 700s X509v3 Subject Alternative Name: 700s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 700s Signature Algorithm: sha256WithRSAEncryption 700s Signature Value: 700s 2d:c5:e3:6e:4b:21:a9:7b:f3:36:ef:58:ad:a1:37:5c:ae:da: 700s 5e:fc:76:30:fa:0d:c2:27:44:70:3e:e9:50:b0:96:b9:8a:e9: 700s c5:2c:b5:5c:76:76:8c:05:80:25:3e:41:36:4c:36:72:37:a3: 700s 7c:6f:43:6f:7e:fd:f9:f2:d2:0e:27:ee:51:8f:30:01:ab:37: 700s 9c:15:e0:ba:1f:d4:13:e5:3a:39:16:19:aa:e3:0b:c9:21:9f: 700s 15:5d:8c:b5:d0:d7:ee:8f:ef:ab:51:c4:9b:36:3c:03:60:2e: 700s 7a:9d:0a:10:f1:f9:6f:54:2c:74:35:86:50:9d:c9:0d:0b:0d: 700s 14:18 700s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-nb8LhS/SSSD-child-5191-auth.pem 700s + found_md5=Modulus=C8687F69D9F4EFC0AD85057FC2B27BD791BF8232D219F77561B127375FEDA9E565511C5ED35D2FCB21EDC095B907E4CF1F79CE631E0F735270A86C8F054E621252B3E09BBB270789CE6C0D1CA8957DB1DCDF25BBB205567C4B62CE2A76AA6B2C51276875923F1675E33B18A1706886ABEC7477DE0B430149E64BF1CE8B17DE01 700s + '[' Modulus=C8687F69D9F4EFC0AD85057FC2B27BD791BF8232D219F77561B127375FEDA9E565511C5ED35D2FCB21EDC095B907E4CF1F79CE631E0F735270A86C8F054E621252B3E09BBB270789CE6C0D1CA8957DB1DCDF25BBB205567C4B62CE2A76AA6B2C51276875923F1675E33B18A1706886ABEC7477DE0B430149E64BF1CE8B17DE01 '!=' Modulus=C8687F69D9F4EFC0AD85057FC2B27BD791BF8232D219F77561B127375FEDA9E565511C5ED35D2FCB21EDC095B907E4CF1F79CE631E0F735270A86C8F054E621252B3E09BBB270789CE6C0D1CA8957DB1DCDF25BBB205567C4B62CE2A76AA6B2C51276875923F1675E33B18A1706886ABEC7477DE0B430149E64BF1CE8B17DE01 ']' 700s + valid_certificate /tmp/sssd-softhsm2-nb8LhS/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-3772 /tmp/sssd-softhsm2-nb8LhS/test-full-chain-CA.pem 700s + check_certificate /tmp/sssd-softhsm2-nb8LhS/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-3772 /tmp/sssd-softhsm2-nb8LhS/test-full-chain-CA.pem 700s + local certificate=/tmp/sssd-softhsm2-nb8LhS/test-root-CA-trusted-certificate-0001.pem 700s + local key_pass=pass:random-root-ca-trusted-cert-0001-3772 700s + local key_ring=/tmp/sssd-softhsm2-nb8LhS/test-full-chain-CA.pem 700s + local verify_option= 700s + prepare_softhsm2_card /tmp/sssd-softhsm2-nb8LhS/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-3772 700s + local certificate=/tmp/sssd-softhsm2-nb8LhS/test-root-CA-trusted-certificate-0001.pem 700s + local key_pass=pass:random-root-ca-trusted-cert-0001-3772 700s + local key_cn 700s + local key_name 700s + local tokens_dir 700s + local output_cert_file 700s + token_name= 700s ++ basename /tmp/sssd-softhsm2-nb8LhS/test-root-CA-trusted-certificate-0001.pem .pem 700s + key_name=test-root-CA-trusted-certificate-0001 700s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-nb8LhS/test-root-CA-trusted-certificate-0001.pem 700s ++ sed -n 's/ *commonName *= //p' 700s + key_cn='Test Organization Root Trusted Certificate 0001' 700s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 700s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-nb8LhS/softhsm2-test-root-CA-trusted-certificate-0001.conf 700s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-nb8LhS/softhsm2-test-root-CA-trusted-certificate-0001.conf 700s ++ basename /tmp/sssd-softhsm2-nb8LhS/softhsm2-test-root-CA-trusted-certificate-0001.conf .conf 700s Test Organization Root Tr Token 700s + tokens_dir=/tmp/sssd-softhsm2-nb8LhS/softhsm2-test-root-CA-trusted-certificate-0001 700s + token_name='Test Organization Root Tr Token' 700s + '[' '!' -e /tmp/sssd-softhsm2-nb8LhS/softhsm2-test-root-CA-trusted-certificate-0001.conf ']' 700s + '[' '!' -d /tmp/sssd-softhsm2-nb8LhS/softhsm2-test-root-CA-trusted-certificate-0001 ']' 700s + echo 'Test Organization Root Tr Token' 700s + '[' -n '' ']' 700s + local output_base_name=SSSD-child-1445 700s + local output_file=/tmp/sssd-softhsm2-nb8LhS/SSSD-child-1445.output 700s + output_cert_file=/tmp/sssd-softhsm2-nb8LhS/SSSD-child-1445.pem 700s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so '' --ca_db=/tmp/sssd-softhsm2-nb8LhS/test-full-chain-CA.pem 700s [p11_child[2259]] [main] (0x0400): p11_child started. 700s [p11_child[2259]] [main] (0x2000): Running in [pre-auth] mode. 700s [p11_child[2259]] [main] (0x2000): Running with effective IDs: [0][0]. 700s [p11_child[2259]] [main] (0x2000): Running with real IDs [0][0]. 700s [p11_child[2259]] [do_card] (0x4000): Module List: 700s [p11_child[2259]] [do_card] (0x4000): common name: [softhsm2]. 700s [p11_child[2259]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 700s [p11_child[2259]] [do_card] (0x4000): Description [SoftHSM slot ID 0x3aa1bbca] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 700s [p11_child[2259]] [do_card] (0x4000): Token label [Test Organization Root Tr Token]. 700s [p11_child[2259]] [do_card] (0x4000): Found [Test Organization Root Tr Token] in slot [SoftHSM slot ID 0x3aa1bbca][983677898] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 700s [p11_child[2259]] [do_card] (0x4000): Login NOT required. 700s [p11_child[2259]] [read_certs] (0x4000): found cert[Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] 700s [p11_child[2259]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 700s [p11_child[2259]] [do_card] (0x4000): /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so (null) Test Organization Root Tr Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 700s [p11_child[2259]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x3aa1bbca;slot-manufacturer=SoftHSM%20project;slot-id=983677898;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=6325a0a33aa1bbca;token=Test%20Organization%20Root%20Tr%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Root%20Trusted%20Certificate%200001;type=cert. 700s [p11_child[2259]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 700s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-nb8LhS/SSSD-child-1445.output 700s + echo '-----BEGIN CERTIFICATE-----' 700s + tail -n1 /tmp/sssd-softhsm2-nb8LhS/SSSD-child-1445.output 700s + echo '-----END CERTIFICATE-----' 700s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-nb8LhS/SSSD-child-1445.pem 700s Certificate: 700s Data: 700s Version: 3 (0x2) 700s Serial Number: 3 (0x3) 700s Signature Algorithm: sha256WithRSAEncryption 700s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root CA 700s Validity 700s Not Before: Nov 15 21:18:36 2024 GMT 700s Not After : Nov 15 21:18:36 2025 GMT 700s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root Trusted Certificate 0001 700s Subject Public Key Info: 700s Public Key Algorithm: rsaEncryption 700s Public-Key: (1024 bit) 700s Modulus: 700s 00:c8:68:7f:69:d9:f4:ef:c0:ad:85:05:7f:c2:b2: 700s 7b:d7:91:bf:82:32:d2:19:f7:75:61:b1:27:37:5f: 700s ed:a9:e5:65:51:1c:5e:d3:5d:2f:cb:21:ed:c0:95: 700s b9:07:e4:cf:1f:79:ce:63:1e:0f:73:52:70:a8:6c: 700s 8f:05:4e:62:12:52:b3:e0:9b:bb:27:07:89:ce:6c: 700s 0d:1c:a8:95:7d:b1:dc:df:25:bb:b2:05:56:7c:4b: 700s 62:ce:2a:76:aa:6b:2c:51:27:68:75:92:3f:16:75: 700s e3:3b:18:a1:70:68:86:ab:ec:74:77:de:0b:43:01: 700s 49:e6:4b:f1:ce:8b:17:de:01 700s Exponent: 65537 (0x10001) 700s X509v3 extensions: 700s X509v3 Authority Key Identifier: 700s E0:AF:9D:51:01:4E:01:F5:6D:88:82:7B:2A:E3:83:5C:C8:4F:66:0B 700s X509v3 Basic Constraints: 700s CA:FALSE 700s Netscape Cert Type: 700s SSL Client, S/MIME 700s Netscape Comment: 700s Test Organization Root CA trusted Certificate 700s X509v3 Subject Key Identifier: 700s CA:3B:D7:5E:F2:4D:74:0A:4D:0C:A0:C4:CB:67:37:71:26:BD:78:5B 700s X509v3 Key Usage: critical 700s Digital Signature, Non Repudiation, Key Encipherment 700s X509v3 Extended Key Usage: 700s TLS Web Client Authentication, E-mail Protection 700s X509v3 Subject Alternative Name: 700s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 700s Signature Algorithm: sha256WithRSAEncryption 700s Signature Value: 700s 2d:c5:e3:6e:4b:21:a9:7b:f3:36:ef:58:ad:a1:37:5c:ae:da: 700s 5e:fc:76:30:fa:0d:c2:27:44:70:3e:e9:50:b0:96:b9:8a:e9: 700s c5:2c:b5:5c:76:76:8c:05:80:25:3e:41:36:4c:36:72:37:a3: 700s 7c:6f:43:6f:7e:fd:f9:f2:d2:0e:27:ee:51:8f:30:01:ab:37: 700s 9c:15:e0:ba:1f:d4:13:e5:3a:39:16:19:aa:e3:0b:c9:21:9f: 700s 15:5d:8c:b5:d0:d7:ee:8f:ef:ab:51:c4:9b:36:3c:03:60:2e: 700s 7a:9d:0a:10:f1:f9:6f:54:2c:74:35:86:50:9d:c9:0d:0b:0d: 700s 14:18 700s + local found_md5 expected_md5 700s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-nb8LhS/test-root-CA-trusted-certificate-0001.pem 700s + expected_md5=Modulus=C8687F69D9F4EFC0AD85057FC2B27BD791BF8232D219F77561B127375FEDA9E565511C5ED35D2FCB21EDC095B907E4CF1F79CE631E0F735270A86C8F054E621252B3E09BBB270789CE6C0D1CA8957DB1DCDF25BBB205567C4B62CE2A76AA6B2C51276875923F1675E33B18A1706886ABEC7477DE0B430149E64BF1CE8B17DE01 700s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-nb8LhS/SSSD-child-1445.pem 700s + found_md5=Modulus=C8687F69D9F4EFC0AD85057FC2B27BD791BF8232D219F77561B127375FEDA9E565511C5ED35D2FCB21EDC095B907E4CF1F79CE631E0F735270A86C8F054E621252B3E09BBB270789CE6C0D1CA8957DB1DCDF25BBB205567C4B62CE2A76AA6B2C51276875923F1675E33B18A1706886ABEC7477DE0B430149E64BF1CE8B17DE01 700s + '[' Modulus=C8687F69D9F4EFC0AD85057FC2B27BD791BF8232D219F77561B127375FEDA9E565511C5ED35D2FCB21EDC095B907E4CF1F79CE631E0F735270A86C8F054E621252B3E09BBB270789CE6C0D1CA8957DB1DCDF25BBB205567C4B62CE2A76AA6B2C51276875923F1675E33B18A1706886ABEC7477DE0B430149E64BF1CE8B17DE01 '!=' Modulus=C8687F69D9F4EFC0AD85057FC2B27BD791BF8232D219F77561B127375FEDA9E565511C5ED35D2FCB21EDC095B907E4CF1F79CE631E0F735270A86C8F054E621252B3E09BBB270789CE6C0D1CA8957DB1DCDF25BBB205567C4B62CE2A76AA6B2C51276875923F1675E33B18A1706886ABEC7477DE0B430149E64BF1CE8B17DE01 ']' 700s + output_file=/tmp/sssd-softhsm2-nb8LhS/SSSD-child-1445-auth.output 700s ++ basename /tmp/sssd-softhsm2-nb8LhS/SSSD-child-1445-auth.output .output 700s + output_cert_file=/tmp/sssd-softhsm2-nb8LhS/SSSD-child-1445-auth.pem 700s + echo -n 053350 700s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/tmp/sssd-softhsm2-nb8LhS/test-full-chain-CA.pem --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 '' --token_name 'Test Organization Root Tr Token' --module_name /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so 700s [p11_child[2267]] [main] (0x0400): p11_child started. 700s [p11_child[2267]] [main] (0x2000): Running in [auth] mode. 700s [p11_child[2267]] [main] (0x2000): Running with effective IDs: [0][0]. 700s [p11_child[2267]] [main] (0x2000): Running with real IDs [0][0]. 700s [p11_child[2267]] [do_card] (0x4000): Module List: 700s [p11_child[2267]] [do_card] (0x4000): common name: [softhsm2]. 700s [p11_child[2267]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 700s [p11_child[2267]] [do_card] (0x4000): Description [SoftHSM slot ID 0x3aa1bbca] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 700s [p11_child[2267]] [do_card] (0x4000): Token label [Test Organization Root Tr Token]. 700s [p11_child[2267]] [do_card] (0x4000): Found [Test Organization Root Tr Token] in slot [SoftHSM slot ID 0x3aa1bbca][983677898] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 700s [p11_child[2267]] [do_card] (0x4000): Login required. 700s [p11_child[2267]] [read_certs] (0x4000): found cert[Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] 700s [p11_child[2267]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 700s [p11_child[2267]] [do_card] (0x4000): /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so Test Organization Root Tr Token Test Organization Root Tr Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 700s [p11_child[2267]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x3aa1bbca;slot-manufacturer=SoftHSM%20project;slot-id=983677898;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=6325a0a33aa1bbca;token=Test%20Organization%20Root%20Tr%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Root%20Trusted%20Certificate%200001;type=cert. 700s [p11_child[2267]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 700s [p11_child[2267]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 700s [p11_child[2267]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 700s [p11_child[2267]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 700s [p11_child[2267]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 700s [p11_child[2267]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 700s [p11_child[2267]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 700s [p11_child[2267]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 700s [p11_child[2267]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 700s [p11_child[2267]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 700s [p11_child[2267]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 700s [p11_child[2267]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 700s [p11_child[2267]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 700s [p11_child[2267]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 700s [p11_child[2267]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 700s [p11_child[2267]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 700s [p11_child[2267]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 700s [p11_child[2267]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 700s [p11_child[2267]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 700s [p11_child[2267]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 700s [p11_child[2267]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 700s [p11_child[2267]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 700s [p11_child[2267]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 700s [p11_child[2267]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 700s [p11_child[2267]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 700s [p11_child[2267]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 700s [p11_child[2267]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 700s [p11_child[2267]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 700s [p11_child[2267]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 700s [p11_child[2267]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 700s [p11_child[2267]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 700s [p11_child[2267]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 700s [p11_child[2267]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 700s [p11_child[2267]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 700s [p11_child[2267]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 700s [p11_child[2267]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 700s [p11_child[2267]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 700s [p11_child[2267]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 700s [p11_child[2267]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 700s [p11_child[2267]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 700s [p11_child[2267]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 700s [p11_child[2267]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 700s [p11_child[2267]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 700s [p11_child[2267]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 700s [p11_child[2267]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 700s [p11_child[2267]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 700s [p11_child[2267]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 700s [p11_child[2267]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 700s [p11_child[2267]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 700s [p11_child[2267]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 700s [p11_child[2267]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 700s [p11_child[2267]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 700s [p11_child[2267]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 700s [p11_child[2267]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 700s [p11_child[2267]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 700s [p11_child[2267]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 700s [p11_child[2267]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 700s [p11_child[2267]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 700s [p11_child[2267]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 700s [p11_child[2267]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 700s [p11_child[2267]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 700s [p11_child[2267]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 700s [p11_child[2267]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 700s [p11_child[2267]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 700s [p11_child[2267]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 700s [p11_child[2267]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 700s [p11_child[2267]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 700s [p11_child[2267]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 700s [p11_child[2267]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 700s [p11_child[2267]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 700s [p11_child[2267]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 700s [p11_child[2267]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 700s [p11_child[2267]] [do_card] (0x4000): Certificate verified and validated. 700s [p11_child[2267]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 700s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-nb8LhS/SSSD-child-1445-auth.output 700s + echo '-----BEGIN CERTIFICATE-----' 700s + tail -n1 /tmp/sssd-softhsm2-nb8LhS/SSSD-child-1445-auth.output 700s + echo '-----END CERTIFICATE-----' 700s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-nb8LhS/SSSD-child-1445-auth.pem 700s Certificate: 700s Data: 700s Version: 3 (0x2) 700s Serial Number: 3 (0x3) 700s Signature Algorithm: sha256WithRSAEncryption 700s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root CA 700s Validity 700s Not Before: Nov 15 21:18:36 2024 GMT 700s Not After : Nov 15 21:18:36 2025 GMT 700s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root Trusted Certificate 0001 700s Subject Public Key Info: 700s Public Key Algorithm: rsaEncryption 700s Public-Key: (1024 bit) 700s Modulus: 700s 00:c8:68:7f:69:d9:f4:ef:c0:ad:85:05:7f:c2:b2: 700s 7b:d7:91:bf:82:32:d2:19:f7:75:61:b1:27:37:5f: 700s ed:a9:e5:65:51:1c:5e:d3:5d:2f:cb:21:ed:c0:95: 700s b9:07:e4:cf:1f:79:ce:63:1e:0f:73:52:70:a8:6c: 700s 8f:05:4e:62:12:52:b3:e0:9b:bb:27:07:89:ce:6c: 700s 0d:1c:a8:95:7d:b1:dc:df:25:bb:b2:05:56:7c:4b: 700s 62:ce:2a:76:aa:6b:2c:51:27:68:75:92:3f:16:75: 700s e3:3b:18:a1:70:68:86:ab:ec:74:77:de:0b:43:01: 700s 49:e6:4b:f1:ce:8b:17:de:01 700s Exponent: 65537 (0x10001) 700s X509v3 extensions: 700s X509v3 Authority Key Identifier: 700s E0:AF:9D:51:01:4E:01:F5:6D:88:82:7B:2A:E3:83:5C:C8:4F:66:0B 700s X509v3 Basic Constraints: 700s CA:FALSE 700s Netscape Cert Type: 700s SSL Client, S/MIME 700s Netscape Comment: 700s Test Organization Root CA trusted Certificate 700s X509v3 Subject Key Identifier: 700s CA:3B:D7:5E:F2:4D:74:0A:4D:0C:A0:C4:CB:67:37:71:26:BD:78:5B 700s X509v3 Key Usage: critical 700s Digital Signature, Non Repudiation, Key Encipherment 700s X509v3 Extended Key Usage: 700s TLS Web Client Authentication, E-mail Protection 700s X509v3 Subject Alternative Name: 700s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 700s Signature Algorithm: sha256WithRSAEncryption 700s Signature Value: 700s 2d:c5:e3:6e:4b:21:a9:7b:f3:36:ef:58:ad:a1:37:5c:ae:da: 700s 5e:fc:76:30:fa:0d:c2:27:44:70:3e:e9:50:b0:96:b9:8a:e9: 700s c5:2c:b5:5c:76:76:8c:05:80:25:3e:41:36:4c:36:72:37:a3: 700s 7c:6f:43:6f:7e:fd:f9:f2:d2:0e:27:ee:51:8f:30:01:ab:37: 700s 9c:15:e0:ba:1f:d4:13:e5:3a:39:16:19:aa:e3:0b:c9:21:9f: 700s 15:5d:8c:b5:d0:d7:ee:8f:ef:ab:51:c4:9b:36:3c:03:60:2e: 700s 7a:9d:0a:10:f1:f9:6f:54:2c:74:35:86:50:9d:c9:0d:0b:0d: 700s 14:18 700s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-nb8LhS/SSSD-child-1445-auth.pem 700s + found_md5=Modulus=C8687F69D9F4EFC0AD85057FC2B27BD791BF8232D219F77561B127375FEDA9E565511C5ED35D2FCB21EDC095B907E4CF1F79CE631E0F735270A86C8F054E621252B3E09BBB270789CE6C0D1CA8957DB1DCDF25BBB205567C4B62CE2A76AA6B2C51276875923F1675E33B18A1706886ABEC7477DE0B430149E64BF1CE8B17DE01 700s + '[' Modulus=C8687F69D9F4EFC0AD85057FC2B27BD791BF8232D219F77561B127375FEDA9E565511C5ED35D2FCB21EDC095B907E4CF1F79CE631E0F735270A86C8F054E621252B3E09BBB270789CE6C0D1CA8957DB1DCDF25BBB205567C4B62CE2A76AA6B2C51276875923F1675E33B18A1706886ABEC7477DE0B430149E64BF1CE8B17DE01 '!=' Modulus=C8687F69D9F4EFC0AD85057FC2B27BD791BF8232D219F77561B127375FEDA9E565511C5ED35D2FCB21EDC095B907E4CF1F79CE631E0F735270A86C8F054E621252B3E09BBB270789CE6C0D1CA8957DB1DCDF25BBB205567C4B62CE2A76AA6B2C51276875923F1675E33B18A1706886ABEC7477DE0B430149E64BF1CE8B17DE01 ']' 700s + valid_certificate /tmp/sssd-softhsm2-nb8LhS/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-3772 /tmp/sssd-softhsm2-nb8LhS/test-full-chain-CA.pem partial_chain 700s + check_certificate /tmp/sssd-softhsm2-nb8LhS/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-3772 /tmp/sssd-softhsm2-nb8LhS/test-full-chain-CA.pem partial_chain 700s + local certificate=/tmp/sssd-softhsm2-nb8LhS/test-root-CA-trusted-certificate-0001.pem 700s + local key_pass=pass:random-root-ca-trusted-cert-0001-3772 700s + local key_ring=/tmp/sssd-softhsm2-nb8LhS/test-full-chain-CA.pem 700s + local verify_option=partial_chain 700s + prepare_softhsm2_card /tmp/sssd-softhsm2-nb8LhS/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-3772 700s + local certificate=/tmp/sssd-softhsm2-nb8LhS/test-root-CA-trusted-certificate-0001.pem 700s + local key_pass=pass:random-root-ca-trusted-cert-0001-3772 700s + local key_cn 700s + local key_name 700s + local tokens_dir 700s + local output_cert_file 700s + token_name= 700s ++ basename /tmp/sssd-softhsm2-nb8LhS/test-root-CA-trusted-certificate-0001.pem .pem 700s + key_name=test-root-CA-trusted-certificate-0001 700s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-nb8LhS/test-root-CA-trusted-certificate-0001.pem 700s ++ sed -n 's/ *commonName *= //p' 700s + key_cn='Test Organization Root Trusted Certificate 0001' 700s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 700s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-nb8LhS/softhsm2-test-root-CA-trusted-certificate-0001.conf 700s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-nb8LhS/softhsm2-test-root-CA-trusted-certificate-0001.conf 700s ++ basename /tmp/sssd-softhsm2-nb8LhS/softhsm2-test-root-CA-trusted-certificate-0001.conf .conf 700s + tokens_dir=/tmp/sssd-softhsm2-nb8LhS/softhsm2-test-root-CA-trusted-certificate-0001 700s + token_name='Test Organization Root Tr Token' 700s + '[' '!' -e /tmp/sssd-softhsm2-nb8LhS/softhsm2-test-root-CA-trusted-certificate-0001.conf ']' 700s + '[' '!' -d /tmp/sssd-softhsm2-nb8LhS/softhsm2-test-root-CA-trusted-certificate-0001 ']' 700s + echo 'Test Organization Root Tr Token' 700s Test Organization Root Tr Token 700s + '[' -n partial_chain ']' 700s + local verify_arg=--verify=partial_chain 700s + local output_base_name=SSSD-child-483 700s + local output_file=/tmp/sssd-softhsm2-nb8LhS/SSSD-child-483.output 700s + output_cert_file=/tmp/sssd-softhsm2-nb8LhS/SSSD-child-483.pem 700s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so --verify=partial_chain --ca_db=/tmp/sssd-softhsm2-nb8LhS/test-full-chain-CA.pem 700s [p11_child[2277]] [main] (0x0400): p11_child started. 700s [p11_child[2277]] [main] (0x2000): Running in [pre-auth] mode. 700s [p11_child[2277]] [main] (0x2000): Running with effective IDs: [0][0]. 700s [p11_child[2277]] [main] (0x2000): Running with real IDs [0][0]. 700s [p11_child[2277]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 700s [p11_child[2277]] [do_card] (0x4000): Module List: 700s [p11_child[2277]] [do_card] (0x4000): common name: [softhsm2]. 700s [p11_child[2277]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 700s [p11_child[2277]] [do_card] (0x4000): Description [SoftHSM slot ID 0x3aa1bbca] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 700s [p11_child[2277]] [do_card] (0x4000): Token label [Test Organization Root Tr Token]. 700s [p11_child[2277]] [do_card] (0x4000): Found [Test Organization Root Tr Token] in slot [SoftHSM slot ID 0x3aa1bbca][983677898] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 700s [p11_child[2277]] [do_card] (0x4000): Login NOT required. 700s [p11_child[2277]] [read_certs] (0x4000): found cert[Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] 700s [p11_child[2277]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 700s [p11_child[2277]] [do_card] (0x4000): /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so (null) Test Organization Root Tr Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 700s [p11_child[2277]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x3aa1bbca;slot-manufacturer=SoftHSM%20project;slot-id=983677898;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=6325a0a33aa1bbca;token=Test%20Organization%20Root%20Tr%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Root%20Trusted%20Certificate%200001;type=cert. 700s [p11_child[2277]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 700s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-nb8LhS/SSSD-child-483.output 700s + echo '-----BEGIN CERTIFICATE-----' 700s + tail -n1 /tmp/sssd-softhsm2-nb8LhS/SSSD-child-483.output 700s + echo '-----END CERTIFICATE-----' 700s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-nb8LhS/SSSD-child-483.pem 700s Certificate: 700s Data: 700s Version: 3 (0x2) 700s Serial Number: 3 (0x3) 700s Signature Algorithm: sha256WithRSAEncryption 700s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root CA 700s Validity 700s Not Before: Nov 15 21:18:36 2024 GMT 700s Not After : Nov 15 21:18:36 2025 GMT 700s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root Trusted Certificate 0001 700s Subject Public Key Info: 700s Public Key Algorithm: rsaEncryption 700s Public-Key: (1024 bit) 700s Modulus: 700s 00:c8:68:7f:69:d9:f4:ef:c0:ad:85:05:7f:c2:b2: 700s 7b:d7:91:bf:82:32:d2:19:f7:75:61:b1:27:37:5f: 700s ed:a9:e5:65:51:1c:5e:d3:5d:2f:cb:21:ed:c0:95: 700s b9:07:e4:cf:1f:79:ce:63:1e:0f:73:52:70:a8:6c: 700s 8f:05:4e:62:12:52:b3:e0:9b:bb:27:07:89:ce:6c: 700s 0d:1c:a8:95:7d:b1:dc:df:25:bb:b2:05:56:7c:4b: 700s 62:ce:2a:76:aa:6b:2c:51:27:68:75:92:3f:16:75: 700s e3:3b:18:a1:70:68:86:ab:ec:74:77:de:0b:43:01: 700s 49:e6:4b:f1:ce:8b:17:de:01 700s Exponent: 65537 (0x10001) 700s X509v3 extensions: 700s X509v3 Authority Key Identifier: 700s E0:AF:9D:51:01:4E:01:F5:6D:88:82:7B:2A:E3:83:5C:C8:4F:66:0B 700s X509v3 Basic Constraints: 700s CA:FALSE 700s Netscape Cert Type: 700s SSL Client, S/MIME 700s Netscape Comment: 700s Test Organization Root CA trusted Certificate 700s X509v3 Subject Key Identifier: 700s CA:3B:D7:5E:F2:4D:74:0A:4D:0C:A0:C4:CB:67:37:71:26:BD:78:5B 700s X509v3 Key Usage: critical 700s Digital Signature, Non Repudiation, Key Encipherment 700s X509v3 Extended Key Usage: 700s TLS Web Client Authentication, E-mail Protection 700s X509v3 Subject Alternative Name: 700s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 700s Signature Algorithm: sha256WithRSAEncryption 700s Signature Value: 700s 2d:c5:e3:6e:4b:21:a9:7b:f3:36:ef:58:ad:a1:37:5c:ae:da: 700s 5e:fc:76:30:fa:0d:c2:27:44:70:3e:e9:50:b0:96:b9:8a:e9: 700s c5:2c:b5:5c:76:76:8c:05:80:25:3e:41:36:4c:36:72:37:a3: 700s 7c:6f:43:6f:7e:fd:f9:f2:d2:0e:27:ee:51:8f:30:01:ab:37: 700s 9c:15:e0:ba:1f:d4:13:e5:3a:39:16:19:aa:e3:0b:c9:21:9f: 700s 15:5d:8c:b5:d0:d7:ee:8f:ef:ab:51:c4:9b:36:3c:03:60:2e: 700s 7a:9d:0a:10:f1:f9:6f:54:2c:74:35:86:50:9d:c9:0d:0b:0d: 700s 14:18 700s + local found_md5 expected_md5 700s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-nb8LhS/test-root-CA-trusted-certificate-0001.pem 700s + expected_md5=Modulus=C8687F69D9F4EFC0AD85057FC2B27BD791BF8232D219F77561B127375FEDA9E565511C5ED35D2FCB21EDC095B907E4CF1F79CE631E0F735270A86C8F054E621252B3E09BBB270789CE6C0D1CA8957DB1DCDF25BBB205567C4B62CE2A76AA6B2C51276875923F1675E33B18A1706886ABEC7477DE0B430149E64BF1CE8B17DE01 700s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-nb8LhS/SSSD-child-483.pem 700s + found_md5=Modulus=C8687F69D9F4EFC0AD85057FC2B27BD791BF8232D219F77561B127375FEDA9E565511C5ED35D2FCB21EDC095B907E4CF1F79CE631E0F735270A86C8F054E621252B3E09BBB270789CE6C0D1CA8957DB1DCDF25BBB205567C4B62CE2A76AA6B2C51276875923F1675E33B18A1706886ABEC7477DE0B430149E64BF1CE8B17DE01 700s + '[' Modulus=C8687F69D9F4EFC0AD85057FC2B27BD791BF8232D219F77561B127375FEDA9E565511C5ED35D2FCB21EDC095B907E4CF1F79CE631E0F735270A86C8F054E621252B3E09BBB270789CE6C0D1CA8957DB1DCDF25BBB205567C4B62CE2A76AA6B2C51276875923F1675E33B18A1706886ABEC7477DE0B430149E64BF1CE8B17DE01 '!=' Modulus=C8687F69D9F4EFC0AD85057FC2B27BD791BF8232D219F77561B127375FEDA9E565511C5ED35D2FCB21EDC095B907E4CF1F79CE631E0F735270A86C8F054E621252B3E09BBB270789CE6C0D1CA8957DB1DCDF25BBB205567C4B62CE2A76AA6B2C51276875923F1675E33B18A1706886ABEC7477DE0B430149E64BF1CE8B17DE01 ']' 700s + output_file=/tmp/sssd-softhsm2-nb8LhS/SSSD-child-483-auth.output 700s ++ basename /tmp/sssd-softhsm2-nb8LhS/SSSD-child-483-auth.output .output 700s + output_cert_file=/tmp/sssd-softhsm2-nb8LhS/SSSD-child-483-auth.pem 700s + echo -n 053350 700s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/tmp/sssd-softhsm2-nb8LhS/test-full-chain-CA.pem --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 --verify=partial_chain --token_name 'Test Organization Root Tr Token' --module_name /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so 700s [p11_child[2285]] [main] (0x0400): p11_child started. 700s [p11_child[2285]] [main] (0x2000): Running in [auth] mode. 700s [p11_child[2285]] [main] (0x2000): Running with effective IDs: [0][0]. 700s [p11_child[2285]] [main] (0x2000): Running with real IDs [0][0]. 700s [p11_child[2285]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 700s [p11_child[2285]] [do_card] (0x4000): Module List: 700s [p11_child[2285]] [do_card] (0x4000): common name: [softhsm2]. 700s [p11_child[2285]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 700s [p11_child[2285]] [do_card] (0x4000): Description [SoftHSM slot ID 0x3aa1bbca] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 700s [p11_child[2285]] [do_card] (0x4000): Token label [Test Organization Root Tr Token]. 700s [p11_child[2285]] [do_card] (0x4000): Found [Test Organization Root Tr Token] in slot [SoftHSM slot ID 0x3aa1bbca][983677898] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 700s [p11_child[2285]] [do_card] (0x4000): Login required. 700s [p11_child[2285]] [read_certs] (0x4000): found cert[Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] 700s [p11_child[2285]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 700s [p11_child[2285]] [do_card] (0x4000): /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so Test Organization Root Tr Token Test Organization Root Tr Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 700s [p11_child[2285]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x3aa1bbca;slot-manufacturer=SoftHSM%20project;slot-id=983677898;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=6325a0a33aa1bbca;token=Test%20Organization%20Root%20Tr%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Root%20Trusted%20Certificate%200001;type=cert. 700s [p11_child[2285]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 700s [p11_child[2285]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 700s [p11_child[2285]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 700s [p11_child[2285]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 700s [p11_child[2285]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 700s [p11_child[2285]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 700s [p11_child[2285]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 700s [p11_child[2285]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 700s [p11_child[2285]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 700s [p11_child[2285]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 700s [p11_child[2285]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 700s [p11_child[2285]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 700s [p11_child[2285]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 700s [p11_child[2285]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 700s [p11_child[2285]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 700s [p11_child[2285]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 700s [p11_child[2285]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 700s [p11_child[2285]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 700s [p11_child[2285]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 700s [p11_child[2285]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 700s [p11_child[2285]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 700s [p11_child[2285]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 700s [p11_child[2285]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 700s [p11_child[2285]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 700s [p11_child[2285]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 700s [p11_child[2285]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 700s [p11_child[2285]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 700s [p11_child[2285]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 700s [p11_child[2285]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 700s [p11_child[2285]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 700s [p11_child[2285]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 700s [p11_child[2285]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 700s [p11_child[2285]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 700s [p11_child[2285]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 700s [p11_child[2285]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 700s [p11_child[2285]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 700s [p11_child[2285]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 700s [p11_child[2285]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 700s [p11_child[2285]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 700s [p11_child[2285]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 700s [p11_child[2285]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 700s [p11_child[2285]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 700s [p11_child[2285]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 700s [p11_child[2285]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 700s [p11_child[2285]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 700s [p11_child[2285]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 700s [p11_child[2285]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 700s [p11_child[2285]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 700s [p11_child[2285]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 700s [p11_child[2285]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 700s [p11_child[2285]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 700s [p11_child[2285]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 700s [p11_child[2285]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 700s [p11_child[2285]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 700s [p11_child[2285]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 700s [p11_child[2285]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 700s [p11_child[2285]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 700s [p11_child[2285]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 700s [p11_child[2285]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 700s [p11_child[2285]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 700s [p11_child[2285]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 700s [p11_child[2285]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 700s [p11_child[2285]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 700s [p11_child[2285]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 700s [p11_child[2285]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 700s [p11_child[2285]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 700s [p11_child[2285]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 700s [p11_child[2285]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 700s [p11_child[2285]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 700s [p11_child[2285]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 700s [p11_child[2285]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 700s [p11_child[2285]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 700s [p11_child[2285]] [do_card] (0x4000): Certificate verified and validated. 700s [p11_child[2285]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 700s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-nb8LhS/SSSD-child-483-auth.output 700s + echo '-----BEGIN CERTIFICATE-----' 700s + tail -n1 /tmp/sssd-softhsm2-nb8LhS/SSSD-child-483-auth.output 700s + echo '-----END CERTIFICATE-----' 700s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-nb8LhS/SSSD-child-483-auth.pem 700s Certificate: 700s Data: 700s Version: 3 (0x2) 700s Serial Number: 3 (0x3) 700s Signature Algorithm: sha256WithRSAEncryption 700s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root CA 700s Validity 700s Not Before: Nov 15 21:18:36 2024 GMT 700s Not After : Nov 15 21:18:36 2025 GMT 700s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root Trusted Certificate 0001 700s Subject Public Key Info: 700s Public Key Algorithm: rsaEncryption 700s Public-Key: (1024 bit) 700s Modulus: 700s 00:c8:68:7f:69:d9:f4:ef:c0:ad:85:05:7f:c2:b2: 700s 7b:d7:91:bf:82:32:d2:19:f7:75:61:b1:27:37:5f: 700s ed:a9:e5:65:51:1c:5e:d3:5d:2f:cb:21:ed:c0:95: 700s b9:07:e4:cf:1f:79:ce:63:1e:0f:73:52:70:a8:6c: 700s 8f:05:4e:62:12:52:b3:e0:9b:bb:27:07:89:ce:6c: 700s 0d:1c:a8:95:7d:b1:dc:df:25:bb:b2:05:56:7c:4b: 700s 62:ce:2a:76:aa:6b:2c:51:27:68:75:92:3f:16:75: 700s e3:3b:18:a1:70:68:86:ab:ec:74:77:de:0b:43:01: 700s 49:e6:4b:f1:ce:8b:17:de:01 700s Exponent: 65537 (0x10001) 700s X509v3 extensions: 700s X509v3 Authority Key Identifier: 700s E0:AF:9D:51:01:4E:01:F5:6D:88:82:7B:2A:E3:83:5C:C8:4F:66:0B 700s X509v3 Basic Constraints: 700s CA:FALSE 700s Netscape Cert Type: 700s SSL Client, S/MIME 700s Netscape Comment: 700s Test Organization Root CA trusted Certificate 700s X509v3 Subject Key Identifier: 700s CA:3B:D7:5E:F2:4D:74:0A:4D:0C:A0:C4:CB:67:37:71:26:BD:78:5B 700s X509v3 Key Usage: critical 700s Digital Signature, Non Repudiation, Key Encipherment 700s X509v3 Extended Key Usage: 700s TLS Web Client Authentication, E-mail Protection 700s X509v3 Subject Alternative Name: 700s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 700s Signature Algorithm: sha256WithRSAEncryption 700s Signature Value: 700s 2d:c5:e3:6e:4b:21:a9:7b:f3:36:ef:58:ad:a1:37:5c:ae:da: 700s 5e:fc:76:30:fa:0d:c2:27:44:70:3e:e9:50:b0:96:b9:8a:e9: 700s c5:2c:b5:5c:76:76:8c:05:80:25:3e:41:36:4c:36:72:37:a3: 700s 7c:6f:43:6f:7e:fd:f9:f2:d2:0e:27:ee:51:8f:30:01:ab:37: 700s 9c:15:e0:ba:1f:d4:13:e5:3a:39:16:19:aa:e3:0b:c9:21:9f: 700s 15:5d:8c:b5:d0:d7:ee:8f:ef:ab:51:c4:9b:36:3c:03:60:2e: 700s 7a:9d:0a:10:f1:f9:6f:54:2c:74:35:86:50:9d:c9:0d:0b:0d: 700s 14:18 700s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-nb8LhS/SSSD-child-483-auth.pem 700s + found_md5=Modulus=C8687F69D9F4EFC0AD85057FC2B27BD791BF8232D219F77561B127375FEDA9E565511C5ED35D2FCB21EDC095B907E4CF1F79CE631E0F735270A86C8F054E621252B3E09BBB270789CE6C0D1CA8957DB1DCDF25BBB205567C4B62CE2A76AA6B2C51276875923F1675E33B18A1706886ABEC7477DE0B430149E64BF1CE8B17DE01 700s + '[' Modulus=C8687F69D9F4EFC0AD85057FC2B27BD791BF8232D219F77561B127375FEDA9E565511C5ED35D2FCB21EDC095B907E4CF1F79CE631E0F735270A86C8F054E621252B3E09BBB270789CE6C0D1CA8957DB1DCDF25BBB205567C4B62CE2A76AA6B2C51276875923F1675E33B18A1706886ABEC7477DE0B430149E64BF1CE8B17DE01 '!=' Modulus=C8687F69D9F4EFC0AD85057FC2B27BD791BF8232D219F77561B127375FEDA9E565511C5ED35D2FCB21EDC095B907E4CF1F79CE631E0F735270A86C8F054E621252B3E09BBB270789CE6C0D1CA8957DB1DCDF25BBB205567C4B62CE2A76AA6B2C51276875923F1675E33B18A1706886ABEC7477DE0B430149E64BF1CE8B17DE01 ']' 700s + invalid_certificate /tmp/sssd-softhsm2-nb8LhS/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-3772 /tmp/sssd-softhsm2-nb8LhS/test-intermediate-CA.pem 700s + check_certificate /tmp/sssd-softhsm2-nb8LhS/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-3772 /tmp/sssd-softhsm2-nb8LhS/test-intermediate-CA.pem 700s + local certificate=/tmp/sssd-softhsm2-nb8LhS/test-root-CA-trusted-certificate-0001.pem 700s + local key_pass=pass:random-root-ca-trusted-cert-0001-3772 700s + local key_ring=/tmp/sssd-softhsm2-nb8LhS/test-intermediate-CA.pem 700s + local verify_option= 700s + prepare_softhsm2_card /tmp/sssd-softhsm2-nb8LhS/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-3772 700s + local certificate=/tmp/sssd-softhsm2-nb8LhS/test-root-CA-trusted-certificate-0001.pem 700s + local key_pass=pass:random-root-ca-trusted-cert-0001-3772 700s + local key_cn 700s + local key_name 700s + local tokens_dir 700s + local output_cert_file 700s + token_name= 700s ++ basename /tmp/sssd-softhsm2-nb8LhS/test-root-CA-trusted-certificate-0001.pem .pem 700s + key_name=test-root-CA-trusted-certificate-0001 700s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-nb8LhS/test-root-CA-trusted-certificate-0001.pem 700s ++ sed -n 's/ *commonName *= //p' 700s + key_cn='Test Organization Root Trusted Certificate 0001' 700s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 700s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-nb8LhS/softhsm2-test-root-CA-trusted-certificate-0001.conf 700s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-nb8LhS/softhsm2-test-root-CA-trusted-certificate-0001.conf 700s ++ basename /tmp/sssd-softhsm2-nb8LhS/softhsm2-test-root-CA-trusted-certificate-0001.conf .conf 700s Test Organization Root Tr Token 700s + tokens_dir=/tmp/sssd-softhsm2-nb8LhS/softhsm2-test-root-CA-trusted-certificate-0001 700s + token_name='Test Organization Root Tr Token' 700s + '[' '!' -e /tmp/sssd-softhsm2-nb8LhS/softhsm2-test-root-CA-trusted-certificate-0001.conf ']' 700s + '[' '!' -d /tmp/sssd-softhsm2-nb8LhS/softhsm2-test-root-CA-trusted-certificate-0001 ']' 700s + echo 'Test Organization Root Tr Token' 700s + '[' -n '' ']' 700s + local output_base_name=SSSD-child-21889 700s + local output_file=/tmp/sssd-softhsm2-nb8LhS/SSSD-child-21889.output 700s + output_cert_file=/tmp/sssd-softhsm2-nb8LhS/SSSD-child-21889.pem 700s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so '' --ca_db=/tmp/sssd-softhsm2-nb8LhS/test-intermediate-CA.pem 700s [p11_child[2295]] [main] (0x0400): p11_child started. 700s [p11_child[2295]] [main] (0x2000): Running in [pre-auth] mode. 700s [p11_child[2295]] [main] (0x2000): Running with effective IDs: [0][0]. 700s [p11_child[2295]] [main] (0x2000): Running with real IDs [0][0]. 700s [p11_child[2295]] [do_card] (0x4000): Module List: 700s [p11_child[2295]] [do_card] (0x4000): common name: [softhsm2]. 700s [p11_child[2295]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 700s [p11_child[2295]] [do_card] (0x4000): Description [SoftHSM slot ID 0x3aa1bbca] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 700s [p11_child[2295]] [do_card] (0x4000): Token label [Test Organization Root Tr Token]. 700s [p11_child[2295]] [do_card] (0x4000): Found [Test Organization Root Tr Token] in slot [SoftHSM slot ID 0x3aa1bbca][983677898] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 700s [p11_child[2295]] [do_card] (0x4000): Login NOT required. 700s [p11_child[2295]] [read_certs] (0x4000): found cert[Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] 700s [p11_child[2295]] [do_verification] (0x0040): X509_verify_cert failed [0]. 700s [p11_child[2295]] [do_verification] (0x0040): X509_verify_cert failed [20][unable to get local issuer certificate]. 700s [p11_child[2295]] [read_certs] (0x0040): Certificate [Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] not valid, skipping. 700s [p11_child[2295]] [do_card] (0x4000): No certificate found. 700s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-nb8LhS/SSSD-child-21889.output 700s + return 2 700s + invalid_certificate /tmp/sssd-softhsm2-nb8LhS/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-3772 /tmp/sssd-softhsm2-nb8LhS/test-intermediate-CA.pem partial_chain 700s + check_certificate /tmp/sssd-softhsm2-nb8LhS/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-3772 /tmp/sssd-softhsm2-nb8LhS/test-intermediate-CA.pem partial_chain 700s + local certificate=/tmp/sssd-softhsm2-nb8LhS/test-root-CA-trusted-certificate-0001.pem 700s + local key_pass=pass:random-root-ca-trusted-cert-0001-3772 700s + local key_ring=/tmp/sssd-softhsm2-nb8LhS/test-intermediate-CA.pem 700s + local verify_option=partial_chain 700s + prepare_softhsm2_card /tmp/sssd-softhsm2-nb8LhS/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-3772 700s + local certificate=/tmp/sssd-softhsm2-nb8LhS/test-root-CA-trusted-certificate-0001.pem 700s + local key_pass=pass:random-root-ca-trusted-cert-0001-3772 700s + local key_cn 700s + local key_name 700s + local tokens_dir 700s + local output_cert_file 700s + token_name= 700s ++ basename /tmp/sssd-softhsm2-nb8LhS/test-root-CA-trusted-certificate-0001.pem .pem 700s + key_name=test-root-CA-trusted-certificate-0001 700s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-nb8LhS/test-root-CA-trusted-certificate-0001.pem 700s ++ sed -n 's/ *commonName *= //p' 700s + key_cn='Test Organization Root Trusted Certificate 0001' 700s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 700s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-nb8LhS/softhsm2-test-root-CA-trusted-certificate-0001.conf 700s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-nb8LhS/softhsm2-test-root-CA-trusted-certificate-0001.conf 700s ++ basename /tmp/sssd-softhsm2-nb8LhS/softhsm2-test-root-CA-trusted-certificate-0001.conf .conf 700s + tokens_dir=/tmp/sssd-softhsm2-nb8LhS/softhsm2-test-root-CA-trusted-certificate-0001 700s + token_name='Test Organization Root Tr Token' 700s + '[' '!' -e /tmp/sssd-softhsm2-nb8LhS/softhsm2-test-root-CA-trusted-certificate-0001.conf ']' 700s + '[' '!' -d /tmp/sssd-softhsm2-nb8LhS/softhsm2-test-root-CA-trusted-certificate-0001 ']' 700s Test Organization Root Tr Token 700s + echo 'Test Organization Root Tr Token' 700s + '[' -n partial_chain ']' 700s + local verify_arg=--verify=partial_chain 700s + local output_base_name=SSSD-child-25208 700s + local output_file=/tmp/sssd-softhsm2-nb8LhS/SSSD-child-25208.output 700s + output_cert_file=/tmp/sssd-softhsm2-nb8LhS/SSSD-child-25208.pem 700s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so --verify=partial_chain --ca_db=/tmp/sssd-softhsm2-nb8LhS/test-intermediate-CA.pem 700s [p11_child[2302]] [main] (0x0400): p11_child started. 700s [p11_child[2302]] [main] (0x2000): Running in [pre-auth] mode. 700s [p11_child[2302]] [main] (0x2000): Running with effective IDs: [0][0]. 700s [p11_child[2302]] [main] (0x2000): Running with real IDs [0][0]. 700s [p11_child[2302]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 700s [p11_child[2302]] [do_card] (0x4000): Module List: 700s [p11_child[2302]] [do_card] (0x4000): common name: [softhsm2]. 700s [p11_child[2302]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 700s [p11_child[2302]] [do_card] (0x4000): Description [SoftHSM slot ID 0x3aa1bbca] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 700s [p11_child[2302]] [do_card] (0x4000): Token label [Test Organization Root Tr Token]. 700s [p11_child[2302]] [do_card] (0x4000): Found [Test Organization Root Tr Token] in slot [SoftHSM slot ID 0x3aa1bbca][983677898] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 700s [p11_child[2302]] [do_card] (0x4000): Login NOT required. 700s [p11_child[2302]] [read_certs] (0x4000): found cert[Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] 700s [p11_child[2302]] [do_verification] (0x0040): X509_verify_cert failed [0]. 700s [p11_child[2302]] [do_verification] (0x0040): X509_verify_cert failed [20][unable to get local issuer certificate]. 700s [p11_child[2302]] [read_certs] (0x0040): Certificate [Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] not valid, skipping. 700s [p11_child[2302]] [do_card] (0x4000): No certificate found. 700s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-nb8LhS/SSSD-child-25208.output 700s + return 2 700s + invalid_certificate /tmp/sssd-softhsm2-nb8LhS/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-27551 /dev/null 700s + check_certificate /tmp/sssd-softhsm2-nb8LhS/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-27551 /dev/null 700s + local certificate=/tmp/sssd-softhsm2-nb8LhS/test-intermediate-CA-trusted-certificate-0001.pem 700s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-27551 700s + local key_ring=/dev/null 700s + local verify_option= 700s + prepare_softhsm2_card /tmp/sssd-softhsm2-nb8LhS/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-27551 700s + local certificate=/tmp/sssd-softhsm2-nb8LhS/test-intermediate-CA-trusted-certificate-0001.pem 700s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-27551 700s + local key_cn 700s + local key_name 700s + local tokens_dir 700s + local output_cert_file 700s + token_name= 700s ++ basename /tmp/sssd-softhsm2-nb8LhS/test-intermediate-CA-trusted-certificate-0001.pem .pem 700s + key_name=test-intermediate-CA-trusted-certificate-0001 700s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-nb8LhS/test-intermediate-CA-trusted-certificate-0001.pem 700s ++ sed -n 's/ *commonName *= //p' 700s + key_cn='Test Organization Intermediate Trusted Certificate 0001' 700s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 700s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-nb8LhS/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 700s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-nb8LhS/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 700s ++ basename /tmp/sssd-softhsm2-nb8LhS/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf .conf 700s + tokens_dir=/tmp/sssd-softhsm2-nb8LhS/softhsm2-test-intermediate-CA-trusted-certificate-0001 700s + token_name='Test Organization Interme Token' 700s + '[' '!' -e /tmp/sssd-softhsm2-nb8LhS/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf ']' 700s + local key_file 700s + local decrypted_key 700s + mkdir -p /tmp/sssd-softhsm2-nb8LhS/softhsm2-test-intermediate-CA-trusted-certificate-0001 700s + key_file=/tmp/sssd-softhsm2-nb8LhS/test-intermediate-CA-trusted-certificate-0001-key.pem 700s + decrypted_key=/tmp/sssd-softhsm2-nb8LhS/test-intermediate-CA-trusted-certificate-0001-key-decrypted.pem 700s + cat 700s + softhsm2-util --init-token --label 'Test Organization Interme Token' --pin 053350 --so-pin 053350 --free 700s Slot 0 has a free/uninitialized token. 700s The token has been initialized and is reassigned to slot 963418932 700s + softhsm2-util --show-slots 700s Available slots: 700s Slot 963418932 700s Slot info: 700s Description: SoftHSM slot ID 0x396c9b34 700s Manufacturer ID: SoftHSM project 700s Hardware version: 2.6 700s Firmware version: 2.6 700s Token present: yes 700s Token info: 700s Manufacturer ID: SoftHSM project 700s Model: SoftHSM v2 700s Hardware version: 2.6 700s Firmware version: 2.6 700s Serial number: bc668c10b96c9b34 700s Initialized: yes 700s User PIN init.: yes 700s Label: Test Organization Interme Token 700s Slot 1 700s Slot info: 700s Description: SoftHSM slot ID 0x1 700s Manufacturer ID: SoftHSM project 700s Hardware version: 2.6 700s Firmware version: 2.6 700s Token present: yes 700s Token info: 700s Manufacturer ID: SoftHSM project 700s Model: SoftHSM v2 700s Hardware version: 2.6 700s Firmware version: 2.6 700s Serial number: 700s Initialized: no 700s User PIN init.: no 700s Label: 700s + p11tool --provider=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so --write --no-mark-private --load-certificate=/tmp/sssd-softhsm2-nb8LhS/test-intermediate-CA-trusted-certificate-0001.pem --login --set-pin=053350 --label 'Test Organization Intermediate Trusted Certificate 0001' --id 00112233445566778899FFAABBCCDDEEFF012345 700s + openssl rsa -passin pass:random-intermediate-ca-trusted-cert-0001-27551 -in /tmp/sssd-softhsm2-nb8LhS/test-intermediate-CA-trusted-certificate-0001-key.pem -out /tmp/sssd-softhsm2-nb8LhS/test-intermediate-CA-trusted-certificate-0001-key-decrypted.pem 700s writing RSA key 700s + p11tool --provider=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so --write --load-privkey=/tmp/sssd-softhsm2-nb8LhS/test-intermediate-CA-trusted-certificate-0001-key-decrypted.pem --login --set-pin=053350 --label 'Test Organization Intermediate Trusted Certificate 0001 Key' --id 00112233445566778899FFAABBCCDDEEFF012345 700s + rm /tmp/sssd-softhsm2-nb8LhS/test-intermediate-CA-trusted-certificate-0001-key-decrypted.pem 700s + p11tool --provider=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so --list-all 700s Object 0: 700s URL: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=bc668c10b96c9b34;token=Test%20Organization%20Interme%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Intermediate%20Trusted%20Certificate%200001;type=cert 700s Type: X.509 Certificate (RSA-1024) 700s Expires: Sat Nov 15 21:18:36 2025 700s Label: Test Organization Intermediate Trusted Certificate 0001 700s ID: 00:11:22:33:44:55:66:77:88:99:ff:aa:bb:cc:dd:ee:ff:01:23:45 700s 700s + echo 'Test Organization Interme Token' 700s + '[' -n '' ']' 700s + local output_base_name=SSSD-child-17576 700s + local output_file=/tmp/sssd-softhsm2-nb8LhS/SSSD-child-17576.output 700s + output_cert_file=/tmp/sssd-softhsm2-nb8LhS/SSSD-child-17576.pem 700s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so '' --ca_db=/dev/null 700s Test Organization Interme Token 700s [p11_child[2318]] [main] (0x0400): p11_child started. 700s [p11_child[2318]] [main] (0x2000): Running in [pre-auth] mode. 700s [p11_child[2318]] [main] (0x2000): Running with effective IDs: [0][0]. 700s [p11_child[2318]] [main] (0x2000): Running with real IDs [0][0]. 700s [p11_child[2318]] [init_verification] (0x0040): X509_LOOKUP_load_file [/dev/null] failed [92274824][error:05800088:x509 certificate routines::no certificate or crl found]. 700s [p11_child[2318]] [do_work] (0x0040): init_verification failed. 700s [p11_child[2318]] [main] (0x0020): p11_child failed (5) 700s + return 2 700s + valid_certificate /tmp/sssd-softhsm2-nb8LhS/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-27551 /dev/null no_verification 700s + check_certificate /tmp/sssd-softhsm2-nb8LhS/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-27551 /dev/null no_verification 700s + local certificate=/tmp/sssd-softhsm2-nb8LhS/test-intermediate-CA-trusted-certificate-0001.pem 700s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-27551 700s + local key_ring=/dev/null 700s + local verify_option=no_verification 700s + prepare_softhsm2_card /tmp/sssd-softhsm2-nb8LhS/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-27551 700s + local certificate=/tmp/sssd-softhsm2-nb8LhS/test-intermediate-CA-trusted-certificate-0001.pem 700s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-27551 700s + local key_cn 700s + local key_name 700s + local tokens_dir 700s + local output_cert_file 700s + token_name= 700s ++ basename /tmp/sssd-softhsm2-nb8LhS/test-intermediate-CA-trusted-certificate-0001.pem .pem 700s + key_name=test-intermediate-CA-trusted-certificate-0001 700s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-nb8LhS/test-intermediate-CA-trusted-certificate-0001.pem 700s ++ sed -n 's/ *commonName *= //p' 700s + key_cn='Test Organization Intermediate Trusted Certificate 0001' 700s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 700s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-nb8LhS/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 700s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-nb8LhS/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 700s ++ basename /tmp/sssd-softhsm2-nb8LhS/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf .conf 700s + tokens_dir=/tmp/sssd-softhsm2-nb8LhS/softhsm2-test-intermediate-CA-trusted-certificate-0001 700s + token_name='Test Organization Interme Token' 700s + '[' '!' -e /tmp/sssd-softhsm2-nb8LhS/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf ']' 700s + '[' '!' -d /tmp/sssd-softhsm2-nb8LhS/softhsm2-test-intermediate-CA-trusted-certificate-0001 ']' 700s Test Organization Interme Token 700s + echo 'Test Organization Interme Token' 700s + '[' -n no_verification ']' 700s + local verify_arg=--verify=no_verification 700s + local output_base_name=SSSD-child-12268 700s + local output_file=/tmp/sssd-softhsm2-nb8LhS/SSSD-child-12268.output 700s + output_cert_file=/tmp/sssd-softhsm2-nb8LhS/SSSD-child-12268.pem 700s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so --verify=no_verification --ca_db=/dev/null 700s [p11_child[2324]] [main] (0x0400): p11_child started. 700s [p11_child[2324]] [main] (0x2000): Running in [pre-auth] mode. 700s [p11_child[2324]] [main] (0x2000): Running with effective IDs: [0][0]. 700s [p11_child[2324]] [main] (0x2000): Running with real IDs [0][0]. 700s [p11_child[2324]] [parse_cert_verify_opts] (0x0020): Found 'no_verification' option, disabling verification completely. This should not be used in production. 700s [p11_child[2324]] [do_card] (0x4000): Module List: 700s [p11_child[2324]] [do_card] (0x4000): common name: [softhsm2]. 700s [p11_child[2324]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 700s [p11_child[2324]] [do_card] (0x4000): Description [SoftHSM slot ID 0x396c9b34] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 700s [p11_child[2324]] [do_card] (0x4000): Token label [Test Organization Interme Token]. 700s [p11_child[2324]] [do_card] (0x4000): Found [Test Organization Interme Token] in slot [SoftHSM slot ID 0x396c9b34][963418932] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 700s [p11_child[2324]] [do_card] (0x4000): Login NOT required. 700s [p11_child[2324]] [read_certs] (0x4000): found cert[Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] 700s [p11_child[2324]] [do_card] (0x4000): /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so (null) Test Organization Interme Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 700s [p11_child[2324]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x396c9b34;slot-manufacturer=SoftHSM%20project;slot-id=963418932;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=bc668c10b96c9b34;token=Test%20Organization%20Interme%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Intermediate%20Trusted%20Certificate%200001;type=cert. 700s [p11_child[2324]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 700s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-nb8LhS/SSSD-child-12268.output 700s + echo '-----BEGIN CERTIFICATE-----' 700s + tail -n1 /tmp/sssd-softhsm2-nb8LhS/SSSD-child-12268.output 700s + echo '-----END CERTIFICATE-----' 700s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-nb8LhS/SSSD-child-12268.pem 700s Certificate: 700s Data: 700s Version: 3 (0x2) 700s Serial Number: 4 (0x4) 700s Signature Algorithm: sha256WithRSAEncryption 700s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate CA 700s Validity 700s Not Before: Nov 15 21:18:36 2024 GMT 700s Not After : Nov 15 21:18:36 2025 GMT 700s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate Trusted Certificate 0001 700s Subject Public Key Info: 700s Public Key Algorithm: rsaEncryption 700s Public-Key: (1024 bit) 700s Modulus: 700s 00:9f:44:3c:1e:df:88:26:22:5e:60:06:bf:e7:71: 700s 5c:fe:01:9e:d5:41:ed:96:7d:db:69:af:31:63:6b: 700s 10:38:39:f0:e8:a2:07:2b:ad:49:71:1e:c8:5e:3f: 700s 46:40:6f:62:77:1a:34:81:78:12:2b:a0:5f:55:25: 700s 1f:13:7f:03:fb:84:7a:b2:1f:2b:46:c2:12:78:8c: 700s 6b:ee:63:1c:ed:f4:53:6c:50:4f:87:46:83:7f:40: 700s fd:62:ef:29:f7:51:31:04:f0:e4:32:d2:8c:60:dc: 700s 04:fa:9c:b3:4c:19:6c:e4:8b:cc:bc:30:b4:1f:50: 700s 42:5b:30:a9:6c:81:0c:17:71 700s Exponent: 65537 (0x10001) 700s X509v3 extensions: 700s X509v3 Authority Key Identifier: 700s C0:06:CD:E8:9C:C5:94:A3:E9:AB:C2:71:78:41:95:47:0C:4D:A7:05 700s X509v3 Basic Constraints: 700s CA:FALSE 700s Netscape Cert Type: 700s SSL Client, S/MIME 700s Netscape Comment: 700s Test Organization Intermediate CA trusted Certificate 700s X509v3 Subject Key Identifier: 700s 6C:77:F7:D1:28:CE:1B:0E:BC:A6:76:84:C4:8F:6D:2F:6A:7D:21:DF 700s X509v3 Key Usage: critical 700s Digital Signature, Non Repudiation, Key Encipherment 700s X509v3 Extended Key Usage: 700s TLS Web Client Authentication, E-mail Protection 700s X509v3 Subject Alternative Name: 700s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 700s Signature Algorithm: sha256WithRSAEncryption 700s Signature Value: 700s 17:08:f5:10:33:84:26:8a:ff:cc:d7:22:e9:dd:45:a7:97:7e: 700s b2:f1:2d:4f:f4:0b:d3:ec:8b:b3:50:85:16:e2:b8:81:c7:e0: 700s 17:f4:84:e4:1e:45:60:a3:e1:dc:b4:8a:fe:a1:e7:1e:2a:70: 700s fe:80:c7:c2:cf:f4:53:bc:59:a8:58:37:b8:60:fe:10:b3:dd: 700s 83:5e:4a:cc:7c:07:a5:f6:c9:af:27:be:fa:d8:e4:a8:bc:27: 700s b7:4f:5c:69:89:cb:dc:c1:0d:45:49:ae:49:e1:b9:ba:a2:eb: 700s 87:f0:a2:18:57:8f:9c:85:8d:da:a5:04:03:81:87:ff:59:e2: 700s a1:c6 700s + local found_md5 expected_md5 700s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-nb8LhS/test-intermediate-CA-trusted-certificate-0001.pem 701s + expected_md5=Modulus=9F443C1EDF8826225E6006BFE7715CFE019ED541ED967DDB69AF31636B103839F0E8A2072BAD49711EC85E3F46406F62771A348178122BA05F55251F137F03FB847AB21F2B46C212788C6BEE631CEDF4536C504F8746837F40FD62EF29F7513104F0E432D28C60DC04FA9CB34C196CE48BCCBC30B41F50425B30A96C810C1771 701s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-nb8LhS/SSSD-child-12268.pem 701s + found_md5=Modulus=9F443C1EDF8826225E6006BFE7715CFE019ED541ED967DDB69AF31636B103839F0E8A2072BAD49711EC85E3F46406F62771A348178122BA05F55251F137F03FB847AB21F2B46C212788C6BEE631CEDF4536C504F8746837F40FD62EF29F7513104F0E432D28C60DC04FA9CB34C196CE48BCCBC30B41F50425B30A96C810C1771 701s + '[' Modulus=9F443C1EDF8826225E6006BFE7715CFE019ED541ED967DDB69AF31636B103839F0E8A2072BAD49711EC85E3F46406F62771A348178122BA05F55251F137F03FB847AB21F2B46C212788C6BEE631CEDF4536C504F8746837F40FD62EF29F7513104F0E432D28C60DC04FA9CB34C196CE48BCCBC30B41F50425B30A96C810C1771 '!=' Modulus=9F443C1EDF8826225E6006BFE7715CFE019ED541ED967DDB69AF31636B103839F0E8A2072BAD49711EC85E3F46406F62771A348178122BA05F55251F137F03FB847AB21F2B46C212788C6BEE631CEDF4536C504F8746837F40FD62EF29F7513104F0E432D28C60DC04FA9CB34C196CE48BCCBC30B41F50425B30A96C810C1771 ']' 701s + output_file=/tmp/sssd-softhsm2-nb8LhS/SSSD-child-12268-auth.output 701s ++ basename /tmp/sssd-softhsm2-nb8LhS/SSSD-child-12268-auth.output .output 701s + output_cert_file=/tmp/sssd-softhsm2-nb8LhS/SSSD-child-12268-auth.pem 701s + echo -n 053350 701s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/dev/null --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 --verify=no_verification --token_name 'Test Organization Interme Token' --module_name /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so 701s [p11_child[2332]] [main] (0x0400): p11_child started. 701s [p11_child[2332]] [main] (0x2000): Running in [auth] mode. 701s [p11_child[2332]] [main] (0x2000): Running with effective IDs: [0][0]. 701s [p11_child[2332]] [main] (0x2000): Running with real IDs [0][0]. 701s [p11_child[2332]] [parse_cert_verify_opts] (0x0020): Found 'no_verification' option, disabling verification completely. This should not be used in production. 701s [p11_child[2332]] [do_card] (0x4000): Module List: 701s [p11_child[2332]] [do_card] (0x4000): common name: [softhsm2]. 701s [p11_child[2332]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 701s [p11_child[2332]] [do_card] (0x4000): Description [SoftHSM slot ID 0x396c9b34] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 701s [p11_child[2332]] [do_card] (0x4000): Token label [Test Organization Interme Token]. 701s [p11_child[2332]] [do_card] (0x4000): Found [Test Organization Interme Token] in slot [SoftHSM slot ID 0x396c9b34][963418932] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 701s [p11_child[2332]] [do_card] (0x4000): Login required. 701s [p11_child[2332]] [read_certs] (0x4000): found cert[Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] 701s [p11_child[2332]] [do_card] (0x4000): /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so Test Organization Interme Token Test Organization Interme Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 701s [p11_child[2332]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x396c9b34;slot-manufacturer=SoftHSM%20project;slot-id=963418932;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=bc668c10b96c9b34;token=Test%20Organization%20Interme%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Intermediate%20Trusted%20Certificate%200001;type=cert. 701s [p11_child[2332]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 701s [p11_child[2332]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 701s [p11_child[2332]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 701s [p11_child[2332]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 701s [p11_child[2332]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 701s [p11_child[2332]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 701s [p11_child[2332]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 701s [p11_child[2332]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 701s [p11_child[2332]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 701s [p11_child[2332]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 701s [p11_child[2332]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 701s [p11_child[2332]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 701s [p11_child[2332]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 701s [p11_child[2332]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 701s [p11_child[2332]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 701s [p11_child[2332]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 701s [p11_child[2332]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 701s [p11_child[2332]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 701s [p11_child[2332]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 701s [p11_child[2332]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 701s [p11_child[2332]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 701s [p11_child[2332]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 701s [p11_child[2332]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 701s [p11_child[2332]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 701s [p11_child[2332]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 701s [p11_child[2332]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 701s [p11_child[2332]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 701s [p11_child[2332]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 701s [p11_child[2332]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 701s [p11_child[2332]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 701s [p11_child[2332]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 701s [p11_child[2332]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 701s [p11_child[2332]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 701s [p11_child[2332]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 701s [p11_child[2332]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 701s [p11_child[2332]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 701s [p11_child[2332]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 701s [p11_child[2332]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 701s [p11_child[2332]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 701s [p11_child[2332]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 701s [p11_child[2332]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 701s [p11_child[2332]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 701s [p11_child[2332]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 701s [p11_child[2332]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 701s [p11_child[2332]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 701s [p11_child[2332]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 701s [p11_child[2332]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 701s [p11_child[2332]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 701s [p11_child[2332]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 701s [p11_child[2332]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 701s [p11_child[2332]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 701s [p11_child[2332]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 701s [p11_child[2332]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 701s [p11_child[2332]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 701s [p11_child[2332]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 701s [p11_child[2332]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 701s [p11_child[2332]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 701s [p11_child[2332]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 701s [p11_child[2332]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 701s [p11_child[2332]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 701s [p11_child[2332]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 701s [p11_child[2332]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 701s [p11_child[2332]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 701s [p11_child[2332]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 701s [p11_child[2332]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 701s [p11_child[2332]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 701s [p11_child[2332]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 701s [p11_child[2332]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 701s [p11_child[2332]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 701s [p11_child[2332]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 701s [p11_child[2332]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 701s [p11_child[2332]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 701s [p11_child[2332]] [do_card] (0x4000): Certificate verified and validated. 701s [p11_child[2332]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 701s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-nb8LhS/SSSD-child-12268-auth.output 701s + echo '-----BEGIN CERTIFICATE-----' 701s + tail -n1 /tmp/sssd-softhsm2-nb8LhS/SSSD-child-12268-auth.output 701s + echo '-----END CERTIFICATE-----' 701s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-nb8LhS/SSSD-child-12268-auth.pem 701s Certificate: 701s Data: 701s Version: 3 (0x2) 701s Serial Number: 4 (0x4) 701s Signature Algorithm: sha256WithRSAEncryption 701s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate CA 701s Validity 701s Not Before: Nov 15 21:18:36 2024 GMT 701s Not After : Nov 15 21:18:36 2025 GMT 701s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate Trusted Certificate 0001 701s Subject Public Key Info: 701s Public Key Algorithm: rsaEncryption 701s Public-Key: (1024 bit) 701s Modulus: 701s 00:9f:44:3c:1e:df:88:26:22:5e:60:06:bf:e7:71: 701s 5c:fe:01:9e:d5:41:ed:96:7d:db:69:af:31:63:6b: 701s 10:38:39:f0:e8:a2:07:2b:ad:49:71:1e:c8:5e:3f: 701s 46:40:6f:62:77:1a:34:81:78:12:2b:a0:5f:55:25: 701s 1f:13:7f:03:fb:84:7a:b2:1f:2b:46:c2:12:78:8c: 701s 6b:ee:63:1c:ed:f4:53:6c:50:4f:87:46:83:7f:40: 701s fd:62:ef:29:f7:51:31:04:f0:e4:32:d2:8c:60:dc: 701s 04:fa:9c:b3:4c:19:6c:e4:8b:cc:bc:30:b4:1f:50: 701s 42:5b:30:a9:6c:81:0c:17:71 701s Exponent: 65537 (0x10001) 701s X509v3 extensions: 701s X509v3 Authority Key Identifier: 701s C0:06:CD:E8:9C:C5:94:A3:E9:AB:C2:71:78:41:95:47:0C:4D:A7:05 701s X509v3 Basic Constraints: 701s CA:FALSE 701s Netscape Cert Type: 701s SSL Client, S/MIME 701s Netscape Comment: 701s Test Organization Intermediate CA trusted Certificate 701s X509v3 Subject Key Identifier: 701s 6C:77:F7:D1:28:CE:1B:0E:BC:A6:76:84:C4:8F:6D:2F:6A:7D:21:DF 701s X509v3 Key Usage: critical 701s Digital Signature, Non Repudiation, Key Encipherment 701s X509v3 Extended Key Usage: 701s TLS Web Client Authentication, E-mail Protection 701s X509v3 Subject Alternative Name: 701s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 701s Signature Algorithm: sha256WithRSAEncryption 701s Signature Value: 701s 17:08:f5:10:33:84:26:8a:ff:cc:d7:22:e9:dd:45:a7:97:7e: 701s b2:f1:2d:4f:f4:0b:d3:ec:8b:b3:50:85:16:e2:b8:81:c7:e0: 701s 17:f4:84:e4:1e:45:60:a3:e1:dc:b4:8a:fe:a1:e7:1e:2a:70: 701s fe:80:c7:c2:cf:f4:53:bc:59:a8:58:37:b8:60:fe:10:b3:dd: 701s 83:5e:4a:cc:7c:07:a5:f6:c9:af:27:be:fa:d8:e4:a8:bc:27: 701s b7:4f:5c:69:89:cb:dc:c1:0d:45:49:ae:49:e1:b9:ba:a2:eb: 701s 87:f0:a2:18:57:8f:9c:85:8d:da:a5:04:03:81:87:ff:59:e2: 701s a1:c6 701s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-nb8LhS/SSSD-child-12268-auth.pem 701s + found_md5=Modulus=9F443C1EDF8826225E6006BFE7715CFE019ED541ED967DDB69AF31636B103839F0E8A2072BAD49711EC85E3F46406F62771A348178122BA05F55251F137F03FB847AB21F2B46C212788C6BEE631CEDF4536C504F8746837F40FD62EF29F7513104F0E432D28C60DC04FA9CB34C196CE48BCCBC30B41F50425B30A96C810C1771 701s + '[' Modulus=9F443C1EDF8826225E6006BFE7715CFE019ED541ED967DDB69AF31636B103839F0E8A2072BAD49711EC85E3F46406F62771A348178122BA05F55251F137F03FB847AB21F2B46C212788C6BEE631CEDF4536C504F8746837F40FD62EF29F7513104F0E432D28C60DC04FA9CB34C196CE48BCCBC30B41F50425B30A96C810C1771 '!=' Modulus=9F443C1EDF8826225E6006BFE7715CFE019ED541ED967DDB69AF31636B103839F0E8A2072BAD49711EC85E3F46406F62771A348178122BA05F55251F137F03FB847AB21F2B46C212788C6BEE631CEDF4536C504F8746837F40FD62EF29F7513104F0E432D28C60DC04FA9CB34C196CE48BCCBC30B41F50425B30A96C810C1771 ']' 701s + invalid_certificate /tmp/sssd-softhsm2-nb8LhS/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-27551 /tmp/sssd-softhsm2-nb8LhS/test-root-CA.pem 701s + check_certificate /tmp/sssd-softhsm2-nb8LhS/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-27551 /tmp/sssd-softhsm2-nb8LhS/test-root-CA.pem 701s + local certificate=/tmp/sssd-softhsm2-nb8LhS/test-intermediate-CA-trusted-certificate-0001.pem 701s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-27551 701s + local key_ring=/tmp/sssd-softhsm2-nb8LhS/test-root-CA.pem 701s + local verify_option= 701s + prepare_softhsm2_card /tmp/sssd-softhsm2-nb8LhS/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-27551 701s + local certificate=/tmp/sssd-softhsm2-nb8LhS/test-intermediate-CA-trusted-certificate-0001.pem 701s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-27551 701s + local key_cn 701s + local key_name 701s + local tokens_dir 701s + local output_cert_file 701s + token_name= 701s ++ basename /tmp/sssd-softhsm2-nb8LhS/test-intermediate-CA-trusted-certificate-0001.pem .pem 701s + key_name=test-intermediate-CA-trusted-certificate-0001 701s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-nb8LhS/test-intermediate-CA-trusted-certificate-0001.pem 701s ++ sed -n 's/ *commonName *= //p' 701s + key_cn='Test Organization Intermediate Trusted Certificate 0001' 701s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 701s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-nb8LhS/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 701s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-nb8LhS/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 701s ++ basename /tmp/sssd-softhsm2-nb8LhS/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf .conf 701s Test Organization Interme Token 701s + tokens_dir=/tmp/sssd-softhsm2-nb8LhS/softhsm2-test-intermediate-CA-trusted-certificate-0001 701s + token_name='Test Organization Interme Token' 701s + '[' '!' -e /tmp/sssd-softhsm2-nb8LhS/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf ']' 701s + '[' '!' -d /tmp/sssd-softhsm2-nb8LhS/softhsm2-test-intermediate-CA-trusted-certificate-0001 ']' 701s + echo 'Test Organization Interme Token' 701s + '[' -n '' ']' 701s + local output_base_name=SSSD-child-3130 701s + local output_file=/tmp/sssd-softhsm2-nb8LhS/SSSD-child-3130.output 701s + output_cert_file=/tmp/sssd-softhsm2-nb8LhS/SSSD-child-3130.pem 701s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so '' --ca_db=/tmp/sssd-softhsm2-nb8LhS/test-root-CA.pem 701s [p11_child[2342]] [main] (0x0400): p11_child started. 701s [p11_child[2342]] [main] (0x2000): Running in [pre-auth] mode. 701s [p11_child[2342]] [main] (0x2000): Running with effective IDs: [0][0]. 701s [p11_child[2342]] [main] (0x2000): Running with real IDs [0][0]. 701s [p11_child[2342]] [do_card] (0x4000): Module List: 701s [p11_child[2342]] [do_card] (0x4000): common name: [softhsm2]. 701s [p11_child[2342]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 701s [p11_child[2342]] [do_card] (0x4000): Description [SoftHSM slot ID 0x396c9b34] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 701s [p11_child[2342]] [do_card] (0x4000): Token label [Test Organization Interme Token]. 701s [p11_child[2342]] [do_card] (0x4000): Found [Test Organization Interme Token] in slot [SoftHSM slot ID 0x396c9b34][963418932] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 701s [p11_child[2342]] [do_card] (0x4000): Login NOT required. 701s [p11_child[2342]] [read_certs] (0x4000): found cert[Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] 701s [p11_child[2342]] [do_verification] (0x0040): X509_verify_cert failed [0]. 701s [p11_child[2342]] [do_verification] (0x0040): X509_verify_cert failed [20][unable to get local issuer certificate]. 701s [p11_child[2342]] [read_certs] (0x0040): Certificate [Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] not valid, skipping. 701s [p11_child[2342]] [do_card] (0x4000): No certificate found. 701s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-nb8LhS/SSSD-child-3130.output 701s + return 2 701s + invalid_certificate /tmp/sssd-softhsm2-nb8LhS/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-27551 /tmp/sssd-softhsm2-nb8LhS/test-root-CA.pem partial_chain 701s + check_certificate /tmp/sssd-softhsm2-nb8LhS/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-27551 /tmp/sssd-softhsm2-nb8LhS/test-root-CA.pem partial_chain 701s + local certificate=/tmp/sssd-softhsm2-nb8LhS/test-intermediate-CA-trusted-certificate-0001.pem 701s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-27551 701s + local key_ring=/tmp/sssd-softhsm2-nb8LhS/test-root-CA.pem 701s + local verify_option=partial_chain 701s + prepare_softhsm2_card /tmp/sssd-softhsm2-nb8LhS/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-27551 701s + local certificate=/tmp/sssd-softhsm2-nb8LhS/test-intermediate-CA-trusted-certificate-0001.pem 701s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-27551 701s + local key_cn 701s + local key_name 701s + local tokens_dir 701s + local output_cert_file 701s + token_name= 701s ++ basename /tmp/sssd-softhsm2-nb8LhS/test-intermediate-CA-trusted-certificate-0001.pem .pem 701s + key_name=test-intermediate-CA-trusted-certificate-0001 701s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-nb8LhS/test-intermediate-CA-trusted-certificate-0001.pem 701s ++ sed -n 's/ *commonName *= //p' 701s + key_cn='Test Organization Intermediate Trusted Certificate 0001' 701s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 701s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-nb8LhS/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 701s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-nb8LhS/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 701s ++ basename /tmp/sssd-softhsm2-nb8LhS/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf .conf 701s + tokens_dir=/tmp/sssd-softhsm2-nb8LhS/softhsm2-test-intermediate-CA-trusted-certificate-0001 701s + token_name='Test Organization Interme Token' 701s + '[' '!' -e /tmp/sssd-softhsm2-nb8LhS/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf ']' 701s Test Organization Interme Token 701s + '[' '!' -d /tmp/sssd-softhsm2-nb8LhS/softhsm2-test-intermediate-CA-trusted-certificate-0001 ']' 701s + echo 'Test Organization Interme Token' 701s + '[' -n partial_chain ']' 701s + local verify_arg=--verify=partial_chain 701s + local output_base_name=SSSD-child-6359 701s + local output_file=/tmp/sssd-softhsm2-nb8LhS/SSSD-child-6359.output 701s + output_cert_file=/tmp/sssd-softhsm2-nb8LhS/SSSD-child-6359.pem 701s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so --verify=partial_chain --ca_db=/tmp/sssd-softhsm2-nb8LhS/test-root-CA.pem 701s [p11_child[2349]] [main] (0x0400): p11_child started. 701s [p11_child[2349]] [main] (0x2000): Running in [pre-auth] mode. 701s [p11_child[2349]] [main] (0x2000): Running with effective IDs: [0][0]. 701s [p11_child[2349]] [main] (0x2000): Running with real IDs [0][0]. 701s [p11_child[2349]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 701s [p11_child[2349]] [do_card] (0x4000): Module List: 701s [p11_child[2349]] [do_card] (0x4000): common name: [softhsm2]. 701s [p11_child[2349]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 701s [p11_child[2349]] [do_card] (0x4000): Description [SoftHSM slot ID 0x396c9b34] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 701s [p11_child[2349]] [do_card] (0x4000): Token label [Test Organization Interme Token]. 701s [p11_child[2349]] [do_card] (0x4000): Found [Test Organization Interme Token] in slot [SoftHSM slot ID 0x396c9b34][963418932] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 701s [p11_child[2349]] [do_card] (0x4000): Login NOT required. 701s [p11_child[2349]] [read_certs] (0x4000): found cert[Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] 701s [p11_child[2349]] [do_verification] (0x0040): X509_verify_cert failed [0]. 701s [p11_child[2349]] [do_verification] (0x0040): X509_verify_cert failed [20][unable to get local issuer certificate]. 701s [p11_child[2349]] [read_certs] (0x0040): Certificate [Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] not valid, skipping. 701s [p11_child[2349]] [do_card] (0x4000): No certificate found. 701s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-nb8LhS/SSSD-child-6359.output 701s + return 2 701s + valid_certificate /tmp/sssd-softhsm2-nb8LhS/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-27551 /tmp/sssd-softhsm2-nb8LhS/test-full-chain-CA.pem 701s + check_certificate /tmp/sssd-softhsm2-nb8LhS/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-27551 /tmp/sssd-softhsm2-nb8LhS/test-full-chain-CA.pem 701s + local certificate=/tmp/sssd-softhsm2-nb8LhS/test-intermediate-CA-trusted-certificate-0001.pem 701s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-27551 701s + local key_ring=/tmp/sssd-softhsm2-nb8LhS/test-full-chain-CA.pem 701s + local verify_option= 701s + prepare_softhsm2_card /tmp/sssd-softhsm2-nb8LhS/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-27551 701s + local certificate=/tmp/sssd-softhsm2-nb8LhS/test-intermediate-CA-trusted-certificate-0001.pem 701s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-27551 701s + local key_cn 701s + local key_name 701s + local tokens_dir 701s + local output_cert_file 701s + token_name= 701s ++ basename /tmp/sssd-softhsm2-nb8LhS/test-intermediate-CA-trusted-certificate-0001.pem .pem 701s + key_name=test-intermediate-CA-trusted-certificate-0001 701s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-nb8LhS/test-intermediate-CA-trusted-certificate-0001.pem 701s ++ sed -n 's/ *commonName *= //p' 701s + key_cn='Test Organization Intermediate Trusted Certificate 0001' 701s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 701s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-nb8LhS/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 701s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-nb8LhS/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 701s ++ basename /tmp/sssd-softhsm2-nb8LhS/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf .conf 701s + tokens_dir=/tmp/sssd-softhsm2-nb8LhS/softhsm2-test-intermediate-CA-trusted-certificate-0001 701s + token_name='Test Organization Interme Token' 701s + '[' '!' -e /tmp/sssd-softhsm2-nb8LhS/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf ']' 701s + '[' '!' -d /tmp/sssd-softhsm2-nb8LhS/softhsm2-test-intermediate-CA-trusted-certificate-0001 ']' 701s + echo 'Test Organization Interme Token' 701s Test Organization Interme Token 701s + '[' -n '' ']' 701s + local output_base_name=SSSD-child-17782 701s + local output_file=/tmp/sssd-softhsm2-nb8LhS/SSSD-child-17782.output 701s + output_cert_file=/tmp/sssd-softhsm2-nb8LhS/SSSD-child-17782.pem 701s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so '' --ca_db=/tmp/sssd-softhsm2-nb8LhS/test-full-chain-CA.pem 701s [p11_child[2356]] [main] (0x0400): p11_child started. 701s [p11_child[2356]] [main] (0x2000): Running in [pre-auth] mode. 701s [p11_child[2356]] [main] (0x2000): Running with effective IDs: [0][0]. 701s [p11_child[2356]] [main] (0x2000): Running with real IDs [0][0]. 701s [p11_child[2356]] [do_card] (0x4000): Module List: 701s [p11_child[2356]] [do_card] (0x4000): common name: [softhsm2]. 701s [p11_child[2356]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 701s [p11_child[2356]] [do_card] (0x4000): Description [SoftHSM slot ID 0x396c9b34] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 701s [p11_child[2356]] [do_card] (0x4000): Token label [Test Organization Interme Token]. 701s [p11_child[2356]] [do_card] (0x4000): Found [Test Organization Interme Token] in slot [SoftHSM slot ID 0x396c9b34][963418932] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 701s [p11_child[2356]] [do_card] (0x4000): Login NOT required. 701s [p11_child[2356]] [read_certs] (0x4000): found cert[Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] 701s [p11_child[2356]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 701s [p11_child[2356]] [do_card] (0x4000): /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so (null) Test Organization Interme Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 701s [p11_child[2356]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x396c9b34;slot-manufacturer=SoftHSM%20project;slot-id=963418932;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=bc668c10b96c9b34;token=Test%20Organization%20Interme%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Intermediate%20Trusted%20Certificate%200001;type=cert. 701s [p11_child[2356]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 701s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-nb8LhS/SSSD-child-17782.output 701s + echo '-----BEGIN CERTIFICATE-----' 701s + tail -n1 /tmp/sssd-softhsm2-nb8LhS/SSSD-child-17782.output 701s + echo '-----END CERTIFICATE-----' 701s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-nb8LhS/SSSD-child-17782.pem 701s Certificate: 701s Data: 701s Version: 3 (0x2) 701s Serial Number: 4 (0x4) 701s Signature Algorithm: sha256WithRSAEncryption 701s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate CA 701s Validity 701s Not Before: Nov 15 21:18:36 2024 GMT 701s Not After : Nov 15 21:18:36 2025 GMT 701s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate Trusted Certificate 0001 701s Subject Public Key Info: 701s Public Key Algorithm: rsaEncryption 701s Public-Key: (1024 bit) 701s Modulus: 701s 00:9f:44:3c:1e:df:88:26:22:5e:60:06:bf:e7:71: 701s 5c:fe:01:9e:d5:41:ed:96:7d:db:69:af:31:63:6b: 701s 10:38:39:f0:e8:a2:07:2b:ad:49:71:1e:c8:5e:3f: 701s 46:40:6f:62:77:1a:34:81:78:12:2b:a0:5f:55:25: 701s 1f:13:7f:03:fb:84:7a:b2:1f:2b:46:c2:12:78:8c: 701s 6b:ee:63:1c:ed:f4:53:6c:50:4f:87:46:83:7f:40: 701s fd:62:ef:29:f7:51:31:04:f0:e4:32:d2:8c:60:dc: 701s 04:fa:9c:b3:4c:19:6c:e4:8b:cc:bc:30:b4:1f:50: 701s 42:5b:30:a9:6c:81:0c:17:71 701s Exponent: 65537 (0x10001) 701s X509v3 extensions: 701s X509v3 Authority Key Identifier: 701s C0:06:CD:E8:9C:C5:94:A3:E9:AB:C2:71:78:41:95:47:0C:4D:A7:05 701s X509v3 Basic Constraints: 701s CA:FALSE 701s Netscape Cert Type: 701s SSL Client, S/MIME 701s Netscape Comment: 701s Test Organization Intermediate CA trusted Certificate 701s X509v3 Subject Key Identifier: 701s 6C:77:F7:D1:28:CE:1B:0E:BC:A6:76:84:C4:8F:6D:2F:6A:7D:21:DF 701s X509v3 Key Usage: critical 701s Digital Signature, Non Repudiation, Key Encipherment 701s X509v3 Extended Key Usage: 701s TLS Web Client Authentication, E-mail Protection 701s X509v3 Subject Alternative Name: 701s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 701s Signature Algorithm: sha256WithRSAEncryption 701s Signature Value: 701s 17:08:f5:10:33:84:26:8a:ff:cc:d7:22:e9:dd:45:a7:97:7e: 701s b2:f1:2d:4f:f4:0b:d3:ec:8b:b3:50:85:16:e2:b8:81:c7:e0: 701s 17:f4:84:e4:1e:45:60:a3:e1:dc:b4:8a:fe:a1:e7:1e:2a:70: 701s fe:80:c7:c2:cf:f4:53:bc:59:a8:58:37:b8:60:fe:10:b3:dd: 701s 83:5e:4a:cc:7c:07:a5:f6:c9:af:27:be:fa:d8:e4:a8:bc:27: 701s b7:4f:5c:69:89:cb:dc:c1:0d:45:49:ae:49:e1:b9:ba:a2:eb: 701s 87:f0:a2:18:57:8f:9c:85:8d:da:a5:04:03:81:87:ff:59:e2: 701s a1:c6 701s + local found_md5 expected_md5 701s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-nb8LhS/test-intermediate-CA-trusted-certificate-0001.pem 701s + expected_md5=Modulus=9F443C1EDF8826225E6006BFE7715CFE019ED541ED967DDB69AF31636B103839F0E8A2072BAD49711EC85E3F46406F62771A348178122BA05F55251F137F03FB847AB21F2B46C212788C6BEE631CEDF4536C504F8746837F40FD62EF29F7513104F0E432D28C60DC04FA9CB34C196CE48BCCBC30B41F50425B30A96C810C1771 701s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-nb8LhS/SSSD-child-17782.pem 701s + found_md5=Modulus=9F443C1EDF8826225E6006BFE7715CFE019ED541ED967DDB69AF31636B103839F0E8A2072BAD49711EC85E3F46406F62771A348178122BA05F55251F137F03FB847AB21F2B46C212788C6BEE631CEDF4536C504F8746837F40FD62EF29F7513104F0E432D28C60DC04FA9CB34C196CE48BCCBC30B41F50425B30A96C810C1771 701s + '[' Modulus=9F443C1EDF8826225E6006BFE7715CFE019ED541ED967DDB69AF31636B103839F0E8A2072BAD49711EC85E3F46406F62771A348178122BA05F55251F137F03FB847AB21F2B46C212788C6BEE631CEDF4536C504F8746837F40FD62EF29F7513104F0E432D28C60DC04FA9CB34C196CE48BCCBC30B41F50425B30A96C810C1771 '!=' Modulus=9F443C1EDF8826225E6006BFE7715CFE019ED541ED967DDB69AF31636B103839F0E8A2072BAD49711EC85E3F46406F62771A348178122BA05F55251F137F03FB847AB21F2B46C212788C6BEE631CEDF4536C504F8746837F40FD62EF29F7513104F0E432D28C60DC04FA9CB34C196CE48BCCBC30B41F50425B30A96C810C1771 ']' 701s + output_file=/tmp/sssd-softhsm2-nb8LhS/SSSD-child-17782-auth.output 701s ++ basename /tmp/sssd-softhsm2-nb8LhS/SSSD-child-17782-auth.output .output 701s + output_cert_file=/tmp/sssd-softhsm2-nb8LhS/SSSD-child-17782-auth.pem 701s + echo -n 053350 701s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/tmp/sssd-softhsm2-nb8LhS/test-full-chain-CA.pem --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 '' --token_name 'Test Organization Interme Token' --module_name /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so 701s [p11_child[2364]] [main] (0x0400): p11_child started. 701s [p11_child[2364]] [main] (0x2000): Running in [auth] mode. 701s [p11_child[2364]] [main] (0x2000): Running with effective IDs: [0][0]. 701s [p11_child[2364]] [main] (0x2000): Running with real IDs [0][0]. 701s [p11_child[2364]] [do_card] (0x4000): Module List: 701s [p11_child[2364]] [do_card] (0x4000): common name: [softhsm2]. 701s [p11_child[2364]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 701s [p11_child[2364]] [do_card] (0x4000): Description [SoftHSM slot ID 0x396c9b34] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 701s [p11_child[2364]] [do_card] (0x4000): Token label [Test Organization Interme Token]. 701s [p11_child[2364]] [do_card] (0x4000): Found [Test Organization Interme Token] in slot [SoftHSM slot ID 0x396c9b34][963418932] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 701s [p11_child[2364]] [do_card] (0x4000): Login required. 701s [p11_child[2364]] [read_certs] (0x4000): found cert[Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] 701s [p11_child[2364]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 701s [p11_child[2364]] [do_card] (0x4000): /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so Test Organization Interme Token Test Organization Interme Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 701s [p11_child[2364]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x396c9b34;slot-manufacturer=SoftHSM%20project;slot-id=963418932;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=bc668c10b96c9b34;token=Test%20Organization%20Interme%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Intermediate%20Trusted%20Certificate%200001;type=cert. 701s [p11_child[2364]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 701s [p11_child[2364]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 701s [p11_child[2364]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 701s [p11_child[2364]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 701s [p11_child[2364]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 701s [p11_child[2364]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 701s [p11_child[2364]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 701s [p11_child[2364]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 701s [p11_child[2364]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 701s [p11_child[2364]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 701s [p11_child[2364]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 701s [p11_child[2364]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 701s [p11_child[2364]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 701s [p11_child[2364]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 701s [p11_child[2364]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 701s [p11_child[2364]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 701s [p11_child[2364]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 701s [p11_child[2364]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 701s [p11_child[2364]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 701s [p11_child[2364]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 701s [p11_child[2364]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 701s [p11_child[2364]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 701s [p11_child[2364]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 701s [p11_child[2364]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 701s [p11_child[2364]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 701s [p11_child[2364]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 701s [p11_child[2364]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 701s [p11_child[2364]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 701s [p11_child[2364]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 701s [p11_child[2364]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 701s [p11_child[2364]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 701s [p11_child[2364]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 701s [p11_child[2364]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 701s [p11_child[2364]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 701s [p11_child[2364]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 701s [p11_child[2364]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 701s [p11_child[2364]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 701s [p11_child[2364]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 701s [p11_child[2364]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 701s [p11_child[2364]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 701s [p11_child[2364]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 701s [p11_child[2364]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 701s [p11_child[2364]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 701s [p11_child[2364]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 701s [p11_child[2364]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 701s [p11_child[2364]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 701s [p11_child[2364]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 701s [p11_child[2364]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 701s [p11_child[2364]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 701s [p11_child[2364]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 701s [p11_child[2364]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 701s [p11_child[2364]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 701s [p11_child[2364]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 701s [p11_child[2364]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 701s [p11_child[2364]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 701s [p11_child[2364]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 701s [p11_child[2364]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 701s [p11_child[2364]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 701s [p11_child[2364]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 701s [p11_child[2364]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 701s [p11_child[2364]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 701s [p11_child[2364]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 701s [p11_child[2364]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 701s [p11_child[2364]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 701s [p11_child[2364]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 701s [p11_child[2364]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 701s [p11_child[2364]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 701s [p11_child[2364]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 701s [p11_child[2364]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 701s [p11_child[2364]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 701s [p11_child[2364]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 701s [p11_child[2364]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 701s [p11_child[2364]] [do_card] (0x4000): Certificate verified and validated. 701s [p11_child[2364]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 701s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-nb8LhS/SSSD-child-17782-auth.output 701s + echo '-----BEGIN CERTIFICATE-----' 701s + tail -n1 /tmp/sssd-softhsm2-nb8LhS/SSSD-child-17782-auth.output 701s + echo '-----END CERTIFICATE-----' 701s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-nb8LhS/SSSD-child-17782-auth.pem 701s Certificate: 701s Data: 701s Version: 3 (0x2) 701s Serial Number: 4 (0x4) 701s Signature Algorithm: sha256WithRSAEncryption 701s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate CA 701s Validity 701s Not Before: Nov 15 21:18:36 2024 GMT 701s Not After : Nov 15 21:18:36 2025 GMT 701s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate Trusted Certificate 0001 701s Subject Public Key Info: 701s Public Key Algorithm: rsaEncryption 701s Public-Key: (1024 bit) 701s Modulus: 701s 00:9f:44:3c:1e:df:88:26:22:5e:60:06:bf:e7:71: 701s 5c:fe:01:9e:d5:41:ed:96:7d:db:69:af:31:63:6b: 701s 10:38:39:f0:e8:a2:07:2b:ad:49:71:1e:c8:5e:3f: 701s 46:40:6f:62:77:1a:34:81:78:12:2b:a0:5f:55:25: 701s 1f:13:7f:03:fb:84:7a:b2:1f:2b:46:c2:12:78:8c: 701s 6b:ee:63:1c:ed:f4:53:6c:50:4f:87:46:83:7f:40: 701s fd:62:ef:29:f7:51:31:04:f0:e4:32:d2:8c:60:dc: 701s 04:fa:9c:b3:4c:19:6c:e4:8b:cc:bc:30:b4:1f:50: 701s 42:5b:30:a9:6c:81:0c:17:71 701s Exponent: 65537 (0x10001) 701s X509v3 extensions: 701s X509v3 Authority Key Identifier: 701s C0:06:CD:E8:9C:C5:94:A3:E9:AB:C2:71:78:41:95:47:0C:4D:A7:05 701s X509v3 Basic Constraints: 701s CA:FALSE 701s Netscape Cert Type: 701s SSL Client, S/MIME 701s Netscape Comment: 701s Test Organization Intermediate CA trusted Certificate 701s X509v3 Subject Key Identifier: 701s 6C:77:F7:D1:28:CE:1B:0E:BC:A6:76:84:C4:8F:6D:2F:6A:7D:21:DF 701s X509v3 Key Usage: critical 701s Digital Signature, Non Repudiation, Key Encipherment 701s X509v3 Extended Key Usage: 701s TLS Web Client Authentication, E-mail Protection 701s X509v3 Subject Alternative Name: 701s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 701s Signature Algorithm: sha256WithRSAEncryption 701s Signature Value: 701s 17:08:f5:10:33:84:26:8a:ff:cc:d7:22:e9:dd:45:a7:97:7e: 701s b2:f1:2d:4f:f4:0b:d3:ec:8b:b3:50:85:16:e2:b8:81:c7:e0: 701s 17:f4:84:e4:1e:45:60:a3:e1:dc:b4:8a:fe:a1:e7:1e:2a:70: 701s fe:80:c7:c2:cf:f4:53:bc:59:a8:58:37:b8:60:fe:10:b3:dd: 701s 83:5e:4a:cc:7c:07:a5:f6:c9:af:27:be:fa:d8:e4:a8:bc:27: 701s b7:4f:5c:69:89:cb:dc:c1:0d:45:49:ae:49:e1:b9:ba:a2:eb: 701s 87:f0:a2:18:57:8f:9c:85:8d:da:a5:04:03:81:87:ff:59:e2: 701s a1:c6 701s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-nb8LhS/SSSD-child-17782-auth.pem 701s + found_md5=Modulus=9F443C1EDF8826225E6006BFE7715CFE019ED541ED967DDB69AF31636B103839F0E8A2072BAD49711EC85E3F46406F62771A348178122BA05F55251F137F03FB847AB21F2B46C212788C6BEE631CEDF4536C504F8746837F40FD62EF29F7513104F0E432D28C60DC04FA9CB34C196CE48BCCBC30B41F50425B30A96C810C1771 701s + '[' Modulus=9F443C1EDF8826225E6006BFE7715CFE019ED541ED967DDB69AF31636B103839F0E8A2072BAD49711EC85E3F46406F62771A348178122BA05F55251F137F03FB847AB21F2B46C212788C6BEE631CEDF4536C504F8746837F40FD62EF29F7513104F0E432D28C60DC04FA9CB34C196CE48BCCBC30B41F50425B30A96C810C1771 '!=' Modulus=9F443C1EDF8826225E6006BFE7715CFE019ED541ED967DDB69AF31636B103839F0E8A2072BAD49711EC85E3F46406F62771A348178122BA05F55251F137F03FB847AB21F2B46C212788C6BEE631CEDF4536C504F8746837F40FD62EF29F7513104F0E432D28C60DC04FA9CB34C196CE48BCCBC30B41F50425B30A96C810C1771 ']' 701s + valid_certificate /tmp/sssd-softhsm2-nb8LhS/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-27551 /tmp/sssd-softhsm2-nb8LhS/test-full-chain-CA.pem partial_chain 701s + check_certificate /tmp/sssd-softhsm2-nb8LhS/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-27551 /tmp/sssd-softhsm2-nb8LhS/test-full-chain-CA.pem partial_chain 701s + local certificate=/tmp/sssd-softhsm2-nb8LhS/test-intermediate-CA-trusted-certificate-0001.pem 701s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-27551 701s + local key_ring=/tmp/sssd-softhsm2-nb8LhS/test-full-chain-CA.pem 701s + local verify_option=partial_chain 701s + prepare_softhsm2_card /tmp/sssd-softhsm2-nb8LhS/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-27551 701s + local certificate=/tmp/sssd-softhsm2-nb8LhS/test-intermediate-CA-trusted-certificate-0001.pem 701s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-27551 701s + local key_cn 701s + local key_name 701s + local tokens_dir 701s + local output_cert_file 701s + token_name= 701s ++ basename /tmp/sssd-softhsm2-nb8LhS/test-intermediate-CA-trusted-certificate-0001.pem .pem 701s + key_name=test-intermediate-CA-trusted-certificate-0001 701s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-nb8LhS/test-intermediate-CA-trusted-certificate-0001.pem 701s ++ sed -n 's/ *commonName *= //p' 701s + key_cn='Test Organization Intermediate Trusted Certificate 0001' 701s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 701s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-nb8LhS/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 701s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-nb8LhS/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 701s ++ basename /tmp/sssd-softhsm2-nb8LhS/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf .conf 701s + tokens_dir=/tmp/sssd-softhsm2-nb8LhS/softhsm2-test-intermediate-CA-trusted-certificate-0001 701s + token_name='Test Organization Interme Token' 701s + '[' '!' -e /tmp/sssd-softhsm2-nb8LhS/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf ']' 701s + '[' '!' -d /tmp/sssd-softhsm2-nb8LhS/softhsm2-test-intermediate-CA-trusted-certificate-0001 ']' 701s + echo 'Test Organization Interme Token' 701s Test Organization Interme Token 701s + '[' -n partial_chain ']' 701s + local verify_arg=--verify=partial_chain 701s + local output_base_name=SSSD-child-2487 701s + local output_file=/tmp/sssd-softhsm2-nb8LhS/SSSD-child-2487.output 701s + output_cert_file=/tmp/sssd-softhsm2-nb8LhS/SSSD-child-2487.pem 701s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so --verify=partial_chain --ca_db=/tmp/sssd-softhsm2-nb8LhS/test-full-chain-CA.pem 701s [p11_child[2374]] [main] (0x0400): p11_child started. 701s [p11_child[2374]] [main] (0x2000): Running in [pre-auth] mode. 701s [p11_child[2374]] [main] (0x2000): Running with effective IDs: [0][0]. 701s [p11_child[2374]] [main] (0x2000): Running with real IDs [0][0]. 701s [p11_child[2374]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 701s [p11_child[2374]] [do_card] (0x4000): Module List: 701s [p11_child[2374]] [do_card] (0x4000): common name: [softhsm2]. 701s [p11_child[2374]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 701s [p11_child[2374]] [do_card] (0x4000): Description [SoftHSM slot ID 0x396c9b34] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 701s [p11_child[2374]] [do_card] (0x4000): Token label [Test Organization Interme Token]. 701s [p11_child[2374]] [do_card] (0x4000): Found [Test Organization Interme Token] in slot [SoftHSM slot ID 0x396c9b34][963418932] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 701s [p11_child[2374]] [do_card] (0x4000): Login NOT required. 701s [p11_child[2374]] [read_certs] (0x4000): found cert[Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] 701s [p11_child[2374]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 701s [p11_child[2374]] [do_card] (0x4000): /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so (null) Test Organization Interme Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 701s [p11_child[2374]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x396c9b34;slot-manufacturer=SoftHSM%20project;slot-id=963418932;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=bc668c10b96c9b34;token=Test%20Organization%20Interme%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Intermediate%20Trusted%20Certificate%200001;type=cert. 701s [p11_child[2374]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 701s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-nb8LhS/SSSD-child-2487.output 701s + echo '-----BEGIN CERTIFICATE-----' 701s + tail -n1 /tmp/sssd-softhsm2-nb8LhS/SSSD-child-2487.output 701s + echo '-----END CERTIFICATE-----' 701s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-nb8LhS/SSSD-child-2487.pem 701s Certificate: 701s Data: 701s Version: 3 (0x2) 701s Serial Number: 4 (0x4) 701s Signature Algorithm: sha256WithRSAEncryption 701s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate CA 701s Validity 701s Not Before: Nov 15 21:18:36 2024 GMT 701s Not After : Nov 15 21:18:36 2025 GMT 701s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate Trusted Certificate 0001 701s Subject Public Key Info: 701s Public Key Algorithm: rsaEncryption 701s Public-Key: (1024 bit) 701s Modulus: 701s 00:9f:44:3c:1e:df:88:26:22:5e:60:06:bf:e7:71: 701s 5c:fe:01:9e:d5:41:ed:96:7d:db:69:af:31:63:6b: 701s 10:38:39:f0:e8:a2:07:2b:ad:49:71:1e:c8:5e:3f: 701s 46:40:6f:62:77:1a:34:81:78:12:2b:a0:5f:55:25: 701s 1f:13:7f:03:fb:84:7a:b2:1f:2b:46:c2:12:78:8c: 701s 6b:ee:63:1c:ed:f4:53:6c:50:4f:87:46:83:7f:40: 701s fd:62:ef:29:f7:51:31:04:f0:e4:32:d2:8c:60:dc: 701s 04:fa:9c:b3:4c:19:6c:e4:8b:cc:bc:30:b4:1f:50: 701s 42:5b:30:a9:6c:81:0c:17:71 701s Exponent: 65537 (0x10001) 701s X509v3 extensions: 701s X509v3 Authority Key Identifier: 701s C0:06:CD:E8:9C:C5:94:A3:E9:AB:C2:71:78:41:95:47:0C:4D:A7:05 701s X509v3 Basic Constraints: 701s CA:FALSE 701s Netscape Cert Type: 701s SSL Client, S/MIME 701s Netscape Comment: 701s Test Organization Intermediate CA trusted Certificate 701s X509v3 Subject Key Identifier: 701s 6C:77:F7:D1:28:CE:1B:0E:BC:A6:76:84:C4:8F:6D:2F:6A:7D:21:DF 701s X509v3 Key Usage: critical 701s Digital Signature, Non Repudiation, Key Encipherment 701s X509v3 Extended Key Usage: 701s TLS Web Client Authentication, E-mail Protection 701s X509v3 Subject Alternative Name: 701s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 701s Signature Algorithm: sha256WithRSAEncryption 701s Signature Value: 701s 17:08:f5:10:33:84:26:8a:ff:cc:d7:22:e9:dd:45:a7:97:7e: 701s b2:f1:2d:4f:f4:0b:d3:ec:8b:b3:50:85:16:e2:b8:81:c7:e0: 701s 17:f4:84:e4:1e:45:60:a3:e1:dc:b4:8a:fe:a1:e7:1e:2a:70: 701s fe:80:c7:c2:cf:f4:53:bc:59:a8:58:37:b8:60:fe:10:b3:dd: 701s 83:5e:4a:cc:7c:07:a5:f6:c9:af:27:be:fa:d8:e4:a8:bc:27: 701s b7:4f:5c:69:89:cb:dc:c1:0d:45:49:ae:49:e1:b9:ba:a2:eb: 701s 87:f0:a2:18:57:8f:9c:85:8d:da:a5:04:03:81:87:ff:59:e2: 701s a1:c6 701s + local found_md5 expected_md5 701s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-nb8LhS/test-intermediate-CA-trusted-certificate-0001.pem 701s + expected_md5=Modulus=9F443C1EDF8826225E6006BFE7715CFE019ED541ED967DDB69AF31636B103839F0E8A2072BAD49711EC85E3F46406F62771A348178122BA05F55251F137F03FB847AB21F2B46C212788C6BEE631CEDF4536C504F8746837F40FD62EF29F7513104F0E432D28C60DC04FA9CB34C196CE48BCCBC30B41F50425B30A96C810C1771 701s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-nb8LhS/SSSD-child-2487.pem 701s + found_md5=Modulus=9F443C1EDF8826225E6006BFE7715CFE019ED541ED967DDB69AF31636B103839F0E8A2072BAD49711EC85E3F46406F62771A348178122BA05F55251F137F03FB847AB21F2B46C212788C6BEE631CEDF4536C504F8746837F40FD62EF29F7513104F0E432D28C60DC04FA9CB34C196CE48BCCBC30B41F50425B30A96C810C1771 701s + '[' Modulus=9F443C1EDF8826225E6006BFE7715CFE019ED541ED967DDB69AF31636B103839F0E8A2072BAD49711EC85E3F46406F62771A348178122BA05F55251F137F03FB847AB21F2B46C212788C6BEE631CEDF4536C504F8746837F40FD62EF29F7513104F0E432D28C60DC04FA9CB34C196CE48BCCBC30B41F50425B30A96C810C1771 '!=' Modulus=9F443C1EDF8826225E6006BFE7715CFE019ED541ED967DDB69AF31636B103839F0E8A2072BAD49711EC85E3F46406F62771A348178122BA05F55251F137F03FB847AB21F2B46C212788C6BEE631CEDF4536C504F8746837F40FD62EF29F7513104F0E432D28C60DC04FA9CB34C196CE48BCCBC30B41F50425B30A96C810C1771 ']' 701s + output_file=/tmp/sssd-softhsm2-nb8LhS/SSSD-child-2487-auth.output 701s ++ basename /tmp/sssd-softhsm2-nb8LhS/SSSD-child-2487-auth.output .output 701s + output_cert_file=/tmp/sssd-softhsm2-nb8LhS/SSSD-child-2487-auth.pem 701s + echo -n 053350 701s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/tmp/sssd-softhsm2-nb8LhS/test-full-chain-CA.pem --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 --verify=partial_chain --token_name 'Test Organization Interme Token' --module_name /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so 701s [p11_child[2382]] [main] (0x0400): p11_child started. 701s [p11_child[2382]] [main] (0x2000): Running in [auth] mode. 701s [p11_child[2382]] [main] (0x2000): Running with effective IDs: [0][0]. 701s [p11_child[2382]] [main] (0x2000): Running with real IDs [0][0]. 701s [p11_child[2382]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 701s [p11_child[2382]] [do_card] (0x4000): Module List: 701s [p11_child[2382]] [do_card] (0x4000): common name: [softhsm2]. 701s [p11_child[2382]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 701s [p11_child[2382]] [do_card] (0x4000): Description [SoftHSM slot ID 0x396c9b34] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 701s [p11_child[2382]] [do_card] (0x4000): Token label [Test Organization Interme Token]. 701s [p11_child[2382]] [do_card] (0x4000): Found [Test Organization Interme Token] in slot [SoftHSM slot ID 0x396c9b34][963418932] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 701s [p11_child[2382]] [do_card] (0x4000): Login required. 701s [p11_child[2382]] [read_certs] (0x4000): found cert[Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] 701s [p11_child[2382]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 701s [p11_child[2382]] [do_card] (0x4000): /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so Test Organization Interme Token Test Organization Interme Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 701s [p11_child[2382]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x396c9b34;slot-manufacturer=SoftHSM%20project;slot-id=963418932;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=bc668c10b96c9b34;token=Test%20Organization%20Interme%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Intermediate%20Trusted%20Certificate%200001;type=cert. 701s [p11_child[2382]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 701s [p11_child[2382]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 701s [p11_child[2382]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 701s [p11_child[2382]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 701s [p11_child[2382]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 701s [p11_child[2382]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 701s [p11_child[2382]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 701s [p11_child[2382]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 701s [p11_child[2382]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 701s [p11_child[2382]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 701s [p11_child[2382]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 701s [p11_child[2382]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 701s [p11_child[2382]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 701s [p11_child[2382]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 701s [p11_child[2382]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 701s [p11_child[2382]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 701s [p11_child[2382]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 701s [p11_child[2382]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 701s [p11_child[2382]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 701s [p11_child[2382]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 701s [p11_child[2382]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 701s [p11_child[2382]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 701s [p11_child[2382]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 701s [p11_child[2382]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 701s [p11_child[2382]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 701s [p11_child[2382]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 701s [p11_child[2382]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 701s [p11_child[2382]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 701s [p11_child[2382]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 701s [p11_child[2382]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 701s [p11_child[2382]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 701s [p11_child[2382]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 701s [p11_child[2382]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 701s [p11_child[2382]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 701s [p11_child[2382]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 701s [p11_child[2382]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 701s [p11_child[2382]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 701s [p11_child[2382]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 701s [p11_child[2382]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 701s [p11_child[2382]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 701s [p11_child[2382]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 701s [p11_child[2382]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 701s [p11_child[2382]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 701s [p11_child[2382]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 701s [p11_child[2382]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 701s [p11_child[2382]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 701s [p11_child[2382]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 701s [p11_child[2382]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 701s [p11_child[2382]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 701s [p11_child[2382]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 701s [p11_child[2382]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 701s [p11_child[2382]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 701s [p11_child[2382]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 701s [p11_child[2382]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 701s [p11_child[2382]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 701s [p11_child[2382]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 701s [p11_child[2382]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 701s [p11_child[2382]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 701s [p11_child[2382]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 701s [p11_child[2382]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 701s [p11_child[2382]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 701s [p11_child[2382]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 701s [p11_child[2382]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 701s [p11_child[2382]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 701s [p11_child[2382]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 701s [p11_child[2382]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 701s [p11_child[2382]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 701s [p11_child[2382]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 701s [p11_child[2382]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 701s [p11_child[2382]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 701s [p11_child[2382]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 701s [p11_child[2382]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 701s [p11_child[2382]] [do_card] (0x4000): Certificate verified and validated. 701s [p11_child[2382]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 701s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-nb8LhS/SSSD-child-2487-auth.output 701s + echo '-----BEGIN CERTIFICATE-----' 701s + tail -n1 /tmp/sssd-softhsm2-nb8LhS/SSSD-child-2487-auth.output 701s + echo '-----END CERTIFICATE-----' 701s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-nb8LhS/SSSD-child-2487-auth.pem 701s Certificate: 701s Data: 701s Version: 3 (0x2) 701s Serial Number: 4 (0x4) 701s Signature Algorithm: sha256WithRSAEncryption 701s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate CA 701s Validity 701s Not Before: Nov 15 21:18:36 2024 GMT 701s Not After : Nov 15 21:18:36 2025 GMT 701s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate Trusted Certificate 0001 701s Subject Public Key Info: 701s Public Key Algorithm: rsaEncryption 701s Public-Key: (1024 bit) 701s Modulus: 701s 00:9f:44:3c:1e:df:88:26:22:5e:60:06:bf:e7:71: 701s 5c:fe:01:9e:d5:41:ed:96:7d:db:69:af:31:63:6b: 701s 10:38:39:f0:e8:a2:07:2b:ad:49:71:1e:c8:5e:3f: 701s 46:40:6f:62:77:1a:34:81:78:12:2b:a0:5f:55:25: 701s 1f:13:7f:03:fb:84:7a:b2:1f:2b:46:c2:12:78:8c: 701s 6b:ee:63:1c:ed:f4:53:6c:50:4f:87:46:83:7f:40: 701s fd:62:ef:29:f7:51:31:04:f0:e4:32:d2:8c:60:dc: 701s 04:fa:9c:b3:4c:19:6c:e4:8b:cc:bc:30:b4:1f:50: 701s 42:5b:30:a9:6c:81:0c:17:71 701s Exponent: 65537 (0x10001) 701s X509v3 extensions: 701s X509v3 Authority Key Identifier: 701s C0:06:CD:E8:9C:C5:94:A3:E9:AB:C2:71:78:41:95:47:0C:4D:A7:05 701s X509v3 Basic Constraints: 701s CA:FALSE 701s Netscape Cert Type: 701s SSL Client, S/MIME 701s Netscape Comment: 701s Test Organization Intermediate CA trusted Certificate 701s X509v3 Subject Key Identifier: 701s 6C:77:F7:D1:28:CE:1B:0E:BC:A6:76:84:C4:8F:6D:2F:6A:7D:21:DF 701s X509v3 Key Usage: critical 701s Digital Signature, Non Repudiation, Key Encipherment 701s X509v3 Extended Key Usage: 701s TLS Web Client Authentication, E-mail Protection 701s X509v3 Subject Alternative Name: 701s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 701s Signature Algorithm: sha256WithRSAEncryption 701s Signature Value: 701s 17:08:f5:10:33:84:26:8a:ff:cc:d7:22:e9:dd:45:a7:97:7e: 701s b2:f1:2d:4f:f4:0b:d3:ec:8b:b3:50:85:16:e2:b8:81:c7:e0: 701s 17:f4:84:e4:1e:45:60:a3:e1:dc:b4:8a:fe:a1:e7:1e:2a:70: 701s fe:80:c7:c2:cf:f4:53:bc:59:a8:58:37:b8:60:fe:10:b3:dd: 701s 83:5e:4a:cc:7c:07:a5:f6:c9:af:27:be:fa:d8:e4:a8:bc:27: 701s b7:4f:5c:69:89:cb:dc:c1:0d:45:49:ae:49:e1:b9:ba:a2:eb: 701s 87:f0:a2:18:57:8f:9c:85:8d:da:a5:04:03:81:87:ff:59:e2: 701s a1:c6 701s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-nb8LhS/SSSD-child-2487-auth.pem 701s + found_md5=Modulus=9F443C1EDF8826225E6006BFE7715CFE019ED541ED967DDB69AF31636B103839F0E8A2072BAD49711EC85E3F46406F62771A348178122BA05F55251F137F03FB847AB21F2B46C212788C6BEE631CEDF4536C504F8746837F40FD62EF29F7513104F0E432D28C60DC04FA9CB34C196CE48BCCBC30B41F50425B30A96C810C1771 701s + '[' Modulus=9F443C1EDF8826225E6006BFE7715CFE019ED541ED967DDB69AF31636B103839F0E8A2072BAD49711EC85E3F46406F62771A348178122BA05F55251F137F03FB847AB21F2B46C212788C6BEE631CEDF4536C504F8746837F40FD62EF29F7513104F0E432D28C60DC04FA9CB34C196CE48BCCBC30B41F50425B30A96C810C1771 '!=' Modulus=9F443C1EDF8826225E6006BFE7715CFE019ED541ED967DDB69AF31636B103839F0E8A2072BAD49711EC85E3F46406F62771A348178122BA05F55251F137F03FB847AB21F2B46C212788C6BEE631CEDF4536C504F8746837F40FD62EF29F7513104F0E432D28C60DC04FA9CB34C196CE48BCCBC30B41F50425B30A96C810C1771 ']' 701s + invalid_certificate /tmp/sssd-softhsm2-nb8LhS/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-27551 /tmp/sssd-softhsm2-nb8LhS/test-intermediate-CA.pem 701s + check_certificate /tmp/sssd-softhsm2-nb8LhS/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-27551 /tmp/sssd-softhsm2-nb8LhS/test-intermediate-CA.pem 701s + local certificate=/tmp/sssd-softhsm2-nb8LhS/test-intermediate-CA-trusted-certificate-0001.pem 701s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-27551 701s + local key_ring=/tmp/sssd-softhsm2-nb8LhS/test-intermediate-CA.pem 701s + local verify_option= 701s + prepare_softhsm2_card /tmp/sssd-softhsm2-nb8LhS/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-27551 701s + local certificate=/tmp/sssd-softhsm2-nb8LhS/test-intermediate-CA-trusted-certificate-0001.pem 701s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-27551 701s + local key_cn 701s + local key_name 701s + local tokens_dir 701s + local output_cert_file 701s + token_name= 701s ++ basename /tmp/sssd-softhsm2-nb8LhS/test-intermediate-CA-trusted-certificate-0001.pem .pem 701s + key_name=test-intermediate-CA-trusted-certificate-0001 701s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-nb8LhS/test-intermediate-CA-trusted-certificate-0001.pem 701s ++ sed -n 's/ *commonName *= //p' 701s + key_cn='Test Organization Intermediate Trusted Certificate 0001' 701s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 701s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-nb8LhS/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 701s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-nb8LhS/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 701s ++ basename /tmp/sssd-softhsm2-nb8LhS/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf .conf 701s + tokens_dir=/tmp/sssd-softhsm2-nb8LhS/softhsm2-test-intermediate-CA-trusted-certificate-0001 701s + token_name='Test Organization Interme Token' 701s + '[' '!' -e /tmp/sssd-softhsm2-nb8LhS/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf ']' 701s + '[' '!' -d /tmp/sssd-softhsm2-nb8LhS/softhsm2-test-intermediate-CA-trusted-certificate-0001 ']' 701s + echo 'Test Organization Interme Token' 701s + '[' -n '' ']' 701s + local output_base_name=SSSD-child-3505 701s + local output_file=/tmp/sssd-softhsm2-nb8LhS/SSSD-child-3505.output 701s + output_cert_file=/tmp/sssd-softhsm2-nb8LhS/SSSD-child-3505.pem 701s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so '' --ca_db=/tmp/sssd-softhsm2-nb8LhS/test-intermediate-CA.pem 701s Test Organization Interme Token 701s [p11_child[2392]] [main] (0x0400): p11_child started. 701s [p11_child[2392]] [main] (0x2000): Running in [pre-auth] mode. 701s [p11_child[2392]] [main] (0x2000): Running with effective IDs: [0][0]. 701s [p11_child[2392]] [main] (0x2000): Running with real IDs [0][0]. 701s [p11_child[2392]] [do_card] (0x4000): Module List: 701s [p11_child[2392]] [do_card] (0x4000): common name: [softhsm2]. 701s [p11_child[2392]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 701s [p11_child[2392]] [do_card] (0x4000): Description [SoftHSM slot ID 0x396c9b34] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 701s [p11_child[2392]] [do_card] (0x4000): Token label [Test Organization Interme Token]. 701s [p11_child[2392]] [do_card] (0x4000): Found [Test Organization Interme Token] in slot [SoftHSM slot ID 0x396c9b34][963418932] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 701s [p11_child[2392]] [do_card] (0x4000): Login NOT required. 701s [p11_child[2392]] [read_certs] (0x4000): found cert[Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] 701s [p11_child[2392]] [do_verification] (0x0040): X509_verify_cert failed [0]. 701s [p11_child[2392]] [do_verification] (0x0040): X509_verify_cert failed [2][unable to get issuer certificate]. 701s [p11_child[2392]] [read_certs] (0x0040): Certificate [Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] not valid, skipping. 701s [p11_child[2392]] [do_card] (0x4000): No certificate found. 701s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-nb8LhS/SSSD-child-3505.output 701s + return 2 701s + valid_certificate /tmp/sssd-softhsm2-nb8LhS/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-27551 /tmp/sssd-softhsm2-nb8LhS/test-intermediate-CA.pem partial_chain 701s + check_certificate /tmp/sssd-softhsm2-nb8LhS/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-27551 /tmp/sssd-softhsm2-nb8LhS/test-intermediate-CA.pem partial_chain 701s + local certificate=/tmp/sssd-softhsm2-nb8LhS/test-intermediate-CA-trusted-certificate-0001.pem 701s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-27551 701s + local key_ring=/tmp/sssd-softhsm2-nb8LhS/test-intermediate-CA.pem 701s + local verify_option=partial_chain 701s + prepare_softhsm2_card /tmp/sssd-softhsm2-nb8LhS/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-27551 701s + local certificate=/tmp/sssd-softhsm2-nb8LhS/test-intermediate-CA-trusted-certificate-0001.pem 701s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-27551 701s + local key_cn 701s + local key_name 701s + local tokens_dir 701s + local output_cert_file 701s + token_name= 701s ++ basename /tmp/sssd-softhsm2-nb8LhS/test-intermediate-CA-trusted-certificate-0001.pem .pem 701s + key_name=test-intermediate-CA-trusted-certificate-0001 701s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-nb8LhS/test-intermediate-CA-trusted-certificate-0001.pem 701s ++ sed -n 's/ *commonName *= //p' 701s + key_cn='Test Organization Intermediate Trusted Certificate 0001' 701s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 701s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-nb8LhS/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 701s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-nb8LhS/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 701s ++ basename /tmp/sssd-softhsm2-nb8LhS/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf .conf 701s + tokens_dir=/tmp/sssd-softhsm2-nb8LhS/softhsm2-test-intermediate-CA-trusted-certificate-0001 701s + token_name='Test Organization Interme Token' 701s + '[' '!' -e /tmp/sssd-softhsm2-nb8LhS/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf ']' 701s + '[' '!' -d /tmp/sssd-softhsm2-nb8LhS/softhsm2-test-intermediate-CA-trusted-certificate-0001 ']' 701s + echo 'Test Organization Interme Token' 701s + '[' -n partial_chain ']' 701s + local verify_arg=--verify=partial_chain 701s + local output_base_name=SSSD-child-18509 701s + local output_file=/tmp/sssd-softhsm2-nb8LhS/SSSD-child-18509.output 701s + output_cert_file=/tmp/sssd-softhsm2-nb8LhS/SSSD-child-18509.pem 701s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so --verify=partial_chain --ca_db=/tmp/sssd-softhsm2-nb8LhS/test-intermediate-CA.pem 701s Test Organization Interme Token 701s [p11_child[2399]] [main] (0x0400): p11_child started. 701s [p11_child[2399]] [main] (0x2000): Running in [pre-auth] mode. 701s [p11_child[2399]] [main] (0x2000): Running with effective IDs: [0][0]. 701s [p11_child[2399]] [main] (0x2000): Running with real IDs [0][0]. 701s [p11_child[2399]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 701s [p11_child[2399]] [do_card] (0x4000): Module List: 701s [p11_child[2399]] [do_card] (0x4000): common name: [softhsm2]. 701s [p11_child[2399]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 701s [p11_child[2399]] [do_card] (0x4000): Description [SoftHSM slot ID 0x396c9b34] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 701s [p11_child[2399]] [do_card] (0x4000): Token label [Test Organization Interme Token]. 701s [p11_child[2399]] [do_card] (0x4000): Found [Test Organization Interme Token] in slot [SoftHSM slot ID 0x396c9b34][963418932] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 701s [p11_child[2399]] [do_card] (0x4000): Login NOT required. 701s [p11_child[2399]] [read_certs] (0x4000): found cert[Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] 701s [p11_child[2399]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 701s [p11_child[2399]] [do_card] (0x4000): /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so (null) Test Organization Interme Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 701s [p11_child[2399]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x396c9b34;slot-manufacturer=SoftHSM%20project;slot-id=963418932;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=bc668c10b96c9b34;token=Test%20Organization%20Interme%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Intermediate%20Trusted%20Certificate%200001;type=cert. 701s [p11_child[2399]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 701s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-nb8LhS/SSSD-child-18509.output 701s + echo '-----BEGIN CERTIFICATE-----' 701s + tail -n1 /tmp/sssd-softhsm2-nb8LhS/SSSD-child-18509.output 701s + echo '-----END CERTIFICATE-----' 701s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-nb8LhS/SSSD-child-18509.pem 701s Certificate: 701s Data: 701s Version: 3 (0x2) 701s Serial Number: 4 (0x4) 701s Signature Algorithm: sha256WithRSAEncryption 701s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate CA 701s Validity 701s Not Before: Nov 15 21:18:36 2024 GMT 701s Not After : Nov 15 21:18:36 2025 GMT 701s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate Trusted Certificate 0001 701s Subject Public Key Info: 701s Public Key Algorithm: rsaEncryption 701s Public-Key: (1024 bit) 701s Modulus: 701s 00:9f:44:3c:1e:df:88:26:22:5e:60:06:bf:e7:71: 701s 5c:fe:01:9e:d5:41:ed:96:7d:db:69:af:31:63:6b: 701s 10:38:39:f0:e8:a2:07:2b:ad:49:71:1e:c8:5e:3f: 701s 46:40:6f:62:77:1a:34:81:78:12:2b:a0:5f:55:25: 701s 1f:13:7f:03:fb:84:7a:b2:1f:2b:46:c2:12:78:8c: 701s 6b:ee:63:1c:ed:f4:53:6c:50:4f:87:46:83:7f:40: 701s fd:62:ef:29:f7:51:31:04:f0:e4:32:d2:8c:60:dc: 701s 04:fa:9c:b3:4c:19:6c:e4:8b:cc:bc:30:b4:1f:50: 701s 42:5b:30:a9:6c:81:0c:17:71 701s Exponent: 65537 (0x10001) 701s X509v3 extensions: 701s X509v3 Authority Key Identifier: 701s C0:06:CD:E8:9C:C5:94:A3:E9:AB:C2:71:78:41:95:47:0C:4D:A7:05 701s X509v3 Basic Constraints: 701s CA:FALSE 701s Netscape Cert Type: 701s SSL Client, S/MIME 701s Netscape Comment: 701s Test Organization Intermediate CA trusted Certificate 701s X509v3 Subject Key Identifier: 701s 6C:77:F7:D1:28:CE:1B:0E:BC:A6:76:84:C4:8F:6D:2F:6A:7D:21:DF 701s X509v3 Key Usage: critical 701s Digital Signature, Non Repudiation, Key Encipherment 701s X509v3 Extended Key Usage: 701s TLS Web Client Authentication, E-mail Protection 701s X509v3 Subject Alternative Name: 701s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 701s Signature Algorithm: sha256WithRSAEncryption 701s Signature Value: 701s 17:08:f5:10:33:84:26:8a:ff:cc:d7:22:e9:dd:45:a7:97:7e: 701s b2:f1:2d:4f:f4:0b:d3:ec:8b:b3:50:85:16:e2:b8:81:c7:e0: 701s 17:f4:84:e4:1e:45:60:a3:e1:dc:b4:8a:fe:a1:e7:1e:2a:70: 701s fe:80:c7:c2:cf:f4:53:bc:59:a8:58:37:b8:60:fe:10:b3:dd: 701s 83:5e:4a:cc:7c:07:a5:f6:c9:af:27:be:fa:d8:e4:a8:bc:27: 701s b7:4f:5c:69:89:cb:dc:c1:0d:45:49:ae:49:e1:b9:ba:a2:eb: 701s 87:f0:a2:18:57:8f:9c:85:8d:da:a5:04:03:81:87:ff:59:e2: 701s a1:c6 701s + local found_md5 expected_md5 701s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-nb8LhS/test-intermediate-CA-trusted-certificate-0001.pem 701s + expected_md5=Modulus=9F443C1EDF8826225E6006BFE7715CFE019ED541ED967DDB69AF31636B103839F0E8A2072BAD49711EC85E3F46406F62771A348178122BA05F55251F137F03FB847AB21F2B46C212788C6BEE631CEDF4536C504F8746837F40FD62EF29F7513104F0E432D28C60DC04FA9CB34C196CE48BCCBC30B41F50425B30A96C810C1771 701s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-nb8LhS/SSSD-child-18509.pem 702s + found_md5=Modulus=9F443C1EDF8826225E6006BFE7715CFE019ED541ED967DDB69AF31636B103839F0E8A2072BAD49711EC85E3F46406F62771A348178122BA05F55251F137F03FB847AB21F2B46C212788C6BEE631CEDF4536C504F8746837F40FD62EF29F7513104F0E432D28C60DC04FA9CB34C196CE48BCCBC30B41F50425B30A96C810C1771 702s + '[' Modulus=9F443C1EDF8826225E6006BFE7715CFE019ED541ED967DDB69AF31636B103839F0E8A2072BAD49711EC85E3F46406F62771A348178122BA05F55251F137F03FB847AB21F2B46C212788C6BEE631CEDF4536C504F8746837F40FD62EF29F7513104F0E432D28C60DC04FA9CB34C196CE48BCCBC30B41F50425B30A96C810C1771 '!=' Modulus=9F443C1EDF8826225E6006BFE7715CFE019ED541ED967DDB69AF31636B103839F0E8A2072BAD49711EC85E3F46406F62771A348178122BA05F55251F137F03FB847AB21F2B46C212788C6BEE631CEDF4536C504F8746837F40FD62EF29F7513104F0E432D28C60DC04FA9CB34C196CE48BCCBC30B41F50425B30A96C810C1771 ']' 702s + output_file=/tmp/sssd-softhsm2-nb8LhS/SSSD-child-18509-auth.output 702s ++ basename /tmp/sssd-softhsm2-nb8LhS/SSSD-child-18509-auth.output .output 702s + output_cert_file=/tmp/sssd-softhsm2-nb8LhS/SSSD-child-18509-auth.pem 702s + echo -n 053350 702s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/tmp/sssd-softhsm2-nb8LhS/test-intermediate-CA.pem --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 --verify=partial_chain --token_name 'Test Organization Interme Token' --module_name /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so 702s [p11_child[2407]] [main] (0x0400): p11_child started. 702s [p11_child[2407]] [main] (0x2000): Running in [auth] mode. 702s [p11_child[2407]] [main] (0x2000): Running with effective IDs: [0][0]. 702s [p11_child[2407]] [main] (0x2000): Running with real IDs [0][0]. 702s [p11_child[2407]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 702s [p11_child[2407]] [do_card] (0x4000): Module List: 702s [p11_child[2407]] [do_card] (0x4000): common name: [softhsm2]. 702s [p11_child[2407]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 702s [p11_child[2407]] [do_card] (0x4000): Description [SoftHSM slot ID 0x396c9b34] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 702s [p11_child[2407]] [do_card] (0x4000): Token label [Test Organization Interme Token]. 702s [p11_child[2407]] [do_card] (0x4000): Found [Test Organization Interme Token] in slot [SoftHSM slot ID 0x396c9b34][963418932] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 702s [p11_child[2407]] [do_card] (0x4000): Login required. 702s [p11_child[2407]] [read_certs] (0x4000): found cert[Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] 702s [p11_child[2407]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 702s [p11_child[2407]] [do_card] (0x4000): /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so Test Organization Interme Token Test Organization Interme Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 702s [p11_child[2407]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x396c9b34;slot-manufacturer=SoftHSM%20project;slot-id=963418932;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=bc668c10b96c9b34;token=Test%20Organization%20Interme%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Intermediate%20Trusted%20Certificate%200001;type=cert. 702s [p11_child[2407]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 702s [p11_child[2407]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 702s [p11_child[2407]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 702s [p11_child[2407]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 702s [p11_child[2407]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 702s [p11_child[2407]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 702s [p11_child[2407]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 702s [p11_child[2407]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 702s [p11_child[2407]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 702s [p11_child[2407]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 702s [p11_child[2407]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 702s [p11_child[2407]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 702s [p11_child[2407]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 702s [p11_child[2407]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 702s [p11_child[2407]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 702s [p11_child[2407]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 702s [p11_child[2407]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 702s [p11_child[2407]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 702s [p11_child[2407]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 702s [p11_child[2407]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 702s [p11_child[2407]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 702s [p11_child[2407]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 702s [p11_child[2407]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 702s [p11_child[2407]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 702s [p11_child[2407]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 702s [p11_child[2407]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 702s [p11_child[2407]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 702s [p11_child[2407]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 702s [p11_child[2407]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 702s [p11_child[2407]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 702s [p11_child[2407]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 702s [p11_child[2407]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 702s [p11_child[2407]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 702s [p11_child[2407]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 702s [p11_child[2407]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 702s [p11_child[2407]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 702s [p11_child[2407]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 702s [p11_child[2407]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 702s [p11_child[2407]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 702s [p11_child[2407]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 702s [p11_child[2407]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 702s [p11_child[2407]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 702s [p11_child[2407]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 702s [p11_child[2407]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 702s [p11_child[2407]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 702s [p11_child[2407]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 702s [p11_child[2407]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 702s [p11_child[2407]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 702s [p11_child[2407]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 702s [p11_child[2407]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 702s [p11_child[2407]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 702s [p11_child[2407]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 702s [p11_child[2407]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 702s [p11_child[2407]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 702s [p11_child[2407]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 702s [p11_child[2407]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 702s [p11_child[2407]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 702s [p11_child[2407]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 702s [p11_child[2407]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 702s [p11_child[2407]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 702s [p11_child[2407]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 702s [p11_child[2407]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 702s [p11_child[2407]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 702s [p11_child[2407]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 702s [p11_child[2407]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 702s [p11_child[2407]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 702s [p11_child[2407]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 702s [p11_child[2407]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 702s [p11_child[2407]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 702s [p11_child[2407]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 702s [p11_child[2407]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 702s [p11_child[2407]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 702s [p11_child[2407]] [do_card] (0x4000): Certificate verified and validated. 702s [p11_child[2407]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 702s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-nb8LhS/SSSD-child-18509-auth.output 702s + echo '-----BEGIN CERTIFICATE-----' 702s + tail -n1 /tmp/sssd-softhsm2-nb8LhS/SSSD-child-18509-auth.output 702s + echo '-----END CERTIFICATE-----' 702s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-nb8LhS/SSSD-child-18509-auth.pem 702s Certificate: 702s Data: 702s Version: 3 (0x2) 702s Serial Number: 4 (0x4) 702s Signature Algorithm: sha256WithRSAEncryption 702s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate CA 702s Validity 702s Not Before: Nov 15 21:18:36 2024 GMT 702s Not After : Nov 15 21:18:36 2025 GMT 702s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate Trusted Certificate 0001 702s Subject Public Key Info: 702s Public Key Algorithm: rsaEncryption 702s Public-Key: (1024 bit) 702s Modulus: 702s 00:9f:44:3c:1e:df:88:26:22:5e:60:06:bf:e7:71: 702s 5c:fe:01:9e:d5:41:ed:96:7d:db:69:af:31:63:6b: 702s 10:38:39:f0:e8:a2:07:2b:ad:49:71:1e:c8:5e:3f: 702s 46:40:6f:62:77:1a:34:81:78:12:2b:a0:5f:55:25: 702s 1f:13:7f:03:fb:84:7a:b2:1f:2b:46:c2:12:78:8c: 702s 6b:ee:63:1c:ed:f4:53:6c:50:4f:87:46:83:7f:40: 702s fd:62:ef:29:f7:51:31:04:f0:e4:32:d2:8c:60:dc: 702s 04:fa:9c:b3:4c:19:6c:e4:8b:cc:bc:30:b4:1f:50: 702s 42:5b:30:a9:6c:81:0c:17:71 702s Exponent: 65537 (0x10001) 702s X509v3 extensions: 702s X509v3 Authority Key Identifier: 702s C0:06:CD:E8:9C:C5:94:A3:E9:AB:C2:71:78:41:95:47:0C:4D:A7:05 702s X509v3 Basic Constraints: 702s CA:FALSE 702s Netscape Cert Type: 702s SSL Client, S/MIME 702s Netscape Comment: 702s Test Organization Intermediate CA trusted Certificate 702s X509v3 Subject Key Identifier: 702s 6C:77:F7:D1:28:CE:1B:0E:BC:A6:76:84:C4:8F:6D:2F:6A:7D:21:DF 702s X509v3 Key Usage: critical 702s Digital Signature, Non Repudiation, Key Encipherment 702s X509v3 Extended Key Usage: 702s TLS Web Client Authentication, E-mail Protection 702s X509v3 Subject Alternative Name: 702s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 702s Signature Algorithm: sha256WithRSAEncryption 702s Signature Value: 702s 17:08:f5:10:33:84:26:8a:ff:cc:d7:22:e9:dd:45:a7:97:7e: 702s b2:f1:2d:4f:f4:0b:d3:ec:8b:b3:50:85:16:e2:b8:81:c7:e0: 702s 17:f4:84:e4:1e:45:60:a3:e1:dc:b4:8a:fe:a1:e7:1e:2a:70: 702s fe:80:c7:c2:cf:f4:53:bc:59:a8:58:37:b8:60:fe:10:b3:dd: 702s 83:5e:4a:cc:7c:07:a5:f6:c9:af:27:be:fa:d8:e4:a8:bc:27: 702s b7:4f:5c:69:89:cb:dc:c1:0d:45:49:ae:49:e1:b9:ba:a2:eb: 702s 87:f0:a2:18:57:8f:9c:85:8d:da:a5:04:03:81:87:ff:59:e2: 702s a1:c6 702s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-nb8LhS/SSSD-child-18509-auth.pem 702s + found_md5=Modulus=9F443C1EDF8826225E6006BFE7715CFE019ED541ED967DDB69AF31636B103839F0E8A2072BAD49711EC85E3F46406F62771A348178122BA05F55251F137F03FB847AB21F2B46C212788C6BEE631CEDF4536C504F8746837F40FD62EF29F7513104F0E432D28C60DC04FA9CB34C196CE48BCCBC30B41F50425B30A96C810C1771 702s + '[' Modulus=9F443C1EDF8826225E6006BFE7715CFE019ED541ED967DDB69AF31636B103839F0E8A2072BAD49711EC85E3F46406F62771A348178122BA05F55251F137F03FB847AB21F2B46C212788C6BEE631CEDF4536C504F8746837F40FD62EF29F7513104F0E432D28C60DC04FA9CB34C196CE48BCCBC30B41F50425B30A96C810C1771 '!=' Modulus=9F443C1EDF8826225E6006BFE7715CFE019ED541ED967DDB69AF31636B103839F0E8A2072BAD49711EC85E3F46406F62771A348178122BA05F55251F137F03FB847AB21F2B46C212788C6BEE631CEDF4536C504F8746837F40FD62EF29F7513104F0E432D28C60DC04FA9CB34C196CE48BCCBC30B41F50425B30A96C810C1771 ']' 702s + invalid_certificate /tmp/sssd-softhsm2-nb8LhS/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-20200 /tmp/sssd-softhsm2-nb8LhS/test-root-CA.pem 702s + check_certificate /tmp/sssd-softhsm2-nb8LhS/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-20200 /tmp/sssd-softhsm2-nb8LhS/test-root-CA.pem 702s + local certificate=/tmp/sssd-softhsm2-nb8LhS/test-sub-intermediate-CA-trusted-certificate-0001.pem 702s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-20200 702s + local key_ring=/tmp/sssd-softhsm2-nb8LhS/test-root-CA.pem 702s + local verify_option= 702s + prepare_softhsm2_card /tmp/sssd-softhsm2-nb8LhS/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-20200 702s + local certificate=/tmp/sssd-softhsm2-nb8LhS/test-sub-intermediate-CA-trusted-certificate-0001.pem 702s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-20200 702s + local key_cn 702s + local key_name 702s + local tokens_dir 702s + local output_cert_file 702s + token_name= 702s ++ basename /tmp/sssd-softhsm2-nb8LhS/test-sub-intermediate-CA-trusted-certificate-0001.pem .pem 702s + key_name=test-sub-intermediate-CA-trusted-certificate-0001 702s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-nb8LhS/test-sub-intermediate-CA-trusted-certificate-0001.pem 702s ++ sed -n 's/ *commonName *= //p' 702s + key_cn='Test Organization Sub Intermediate Trusted Certificate 0001' 702s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 702s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-nb8LhS/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 702s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-nb8LhS/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 702s ++ basename /tmp/sssd-softhsm2-nb8LhS/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf .conf 702s + tokens_dir=/tmp/sssd-softhsm2-nb8LhS/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 702s + token_name='Test Organization Sub Int Token' 702s + '[' '!' -e /tmp/sssd-softhsm2-nb8LhS/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf ']' 702s + local key_file 702s + local decrypted_key 702s + mkdir -p /tmp/sssd-softhsm2-nb8LhS/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 702s + key_file=/tmp/sssd-softhsm2-nb8LhS/test-sub-intermediate-CA-trusted-certificate-0001-key.pem 702s + decrypted_key=/tmp/sssd-softhsm2-nb8LhS/test-sub-intermediate-CA-trusted-certificate-0001-key-decrypted.pem 702s + cat 702s + softhsm2-util --init-token --label 'Test Organization Sub Int Token' --pin 053350 --so-pin 053350 --free 702s Slot 0 has a free/uninitialized token. 702s The token has been initialized and is reassigned to slot 1804432007 702s + softhsm2-util --show-slots 702s Available slots: 702s Slot 1804432007 702s Slot info: 702s Description: SoftHSM slot ID 0x6b8d7287 702s Manufacturer ID: SoftHSM project 702s Hardware version: 2.6 702s Firmware version: 2.6 702s Token present: yes 702s Token info: 702s Manufacturer ID: SoftHSM project 702s Model: SoftHSM v2 702s Hardware version: 2.6 702s Firmware version: 2.6 702s Serial number: 1927d569eb8d7287 702s Initialized: yes 702s User PIN init.: yes 702s Label: Test Organization Sub Int Token 702s Slot 1 702s Slot info: 702s Description: SoftHSM slot ID 0x1 702s Manufacturer ID: SoftHSM project 702s Hardware version: 2.6 702s Firmware version: 2.6 702s Token present: yes 702s Token info: 702s Manufacturer ID: SoftHSM project 702s Model: SoftHSM v2 702s Hardware version: 2.6 702s Firmware version: 2.6 702s Serial number: 702s Initialized: no 702s User PIN init.: no 702s Label: 702s + p11tool --provider=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so --write --no-mark-private --load-certificate=/tmp/sssd-softhsm2-nb8LhS/test-sub-intermediate-CA-trusted-certificate-0001.pem --login --set-pin=053350 --label 'Test Organization Sub Intermediate Trusted Certificate 0001' --id 00112233445566778899FFAABBCCDDEEFF012345 702s + openssl rsa -passin pass:random-sub-intermediate-ca-trusted-cert-0001-20200 -in /tmp/sssd-softhsm2-nb8LhS/test-sub-intermediate-CA-trusted-certificate-0001-key.pem -out /tmp/sssd-softhsm2-nb8LhS/test-sub-intermediate-CA-trusted-certificate-0001-key-decrypted.pem 702s writing RSA key 702s + p11tool --provider=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so --write --load-privkey=/tmp/sssd-softhsm2-nb8LhS/test-sub-intermediate-CA-trusted-certificate-0001-key-decrypted.pem --login --set-pin=053350 --label 'Test Organization Sub Intermediate Trusted Certificate 0001 Key' --id 00112233445566778899FFAABBCCDDEEFF012345 702s + rm /tmp/sssd-softhsm2-nb8LhS/test-sub-intermediate-CA-trusted-certificate-0001-key-decrypted.pem 702s + p11tool --provider=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so --list-all 702s Object 0: 702s URL: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=1927d569eb8d7287;token=Test%20Organization%20Sub%20Int%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Sub%20Intermediate%20Trusted%20Certificate%200001;type=cert 702s Type: X.509 Certificate (RSA-1024) 702s Expires: Sat Nov 15 21:18:36 2025 702s Label: Test Organization Sub Intermediate Trusted Certificate 0001 702s ID: 00:11:22:33:44:55:66:77:88:99:ff:aa:bb:cc:dd:ee:ff:01:23:45 702s 702s Test Organization Sub Int Token 702s + echo 'Test Organization Sub Int Token' 702s + '[' -n '' ']' 702s + local output_base_name=SSSD-child-12406 702s + local output_file=/tmp/sssd-softhsm2-nb8LhS/SSSD-child-12406.output 702s + output_cert_file=/tmp/sssd-softhsm2-nb8LhS/SSSD-child-12406.pem 702s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so '' --ca_db=/tmp/sssd-softhsm2-nb8LhS/test-root-CA.pem 702s [p11_child[2426]] [main] (0x0400): p11_child started. 702s [p11_child[2426]] [main] (0x2000): Running in [pre-auth] mode. 702s [p11_child[2426]] [main] (0x2000): Running with effective IDs: [0][0]. 702s [p11_child[2426]] [main] (0x2000): Running with real IDs [0][0]. 702s [p11_child[2426]] [do_card] (0x4000): Module List: 702s [p11_child[2426]] [do_card] (0x4000): common name: [softhsm2]. 702s [p11_child[2426]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 702s [p11_child[2426]] [do_card] (0x4000): Description [SoftHSM slot ID 0x6b8d7287] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 702s [p11_child[2426]] [do_card] (0x4000): Token label [Test Organization Sub Int Token]. 702s [p11_child[2426]] [do_card] (0x4000): Found [Test Organization Sub Int Token] in slot [SoftHSM slot ID 0x6b8d7287][1804432007] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 702s [p11_child[2426]] [do_card] (0x4000): Login NOT required. 702s [p11_child[2426]] [read_certs] (0x4000): found cert[Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] 702s [p11_child[2426]] [do_verification] (0x0040): X509_verify_cert failed [0]. 702s [p11_child[2426]] [do_verification] (0x0040): X509_verify_cert failed [20][unable to get local issuer certificate]. 702s [p11_child[2426]] [read_certs] (0x0040): Certificate [Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] not valid, skipping. 702s [p11_child[2426]] [do_card] (0x4000): No certificate found. 702s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-nb8LhS/SSSD-child-12406.output 702s + return 2 702s + invalid_certificate /tmp/sssd-softhsm2-nb8LhS/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-20200 /tmp/sssd-softhsm2-nb8LhS/test-root-CA.pem partial_chain 702s + check_certificate /tmp/sssd-softhsm2-nb8LhS/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-20200 /tmp/sssd-softhsm2-nb8LhS/test-root-CA.pem partial_chain 702s + local certificate=/tmp/sssd-softhsm2-nb8LhS/test-sub-intermediate-CA-trusted-certificate-0001.pem 702s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-20200 702s + local key_ring=/tmp/sssd-softhsm2-nb8LhS/test-root-CA.pem 702s + local verify_option=partial_chain 702s + prepare_softhsm2_card /tmp/sssd-softhsm2-nb8LhS/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-20200 702s + local certificate=/tmp/sssd-softhsm2-nb8LhS/test-sub-intermediate-CA-trusted-certificate-0001.pem 702s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-20200 702s + local key_cn 702s + local key_name 702s + local tokens_dir 702s + local output_cert_file 702s + token_name= 702s ++ basename /tmp/sssd-softhsm2-nb8LhS/test-sub-intermediate-CA-trusted-certificate-0001.pem .pem 702s + key_name=test-sub-intermediate-CA-trusted-certificate-0001 702s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-nb8LhS/test-sub-intermediate-CA-trusted-certificate-0001.pem 702s ++ sed -n 's/ *commonName *= //p' 702s + key_cn='Test Organization Sub Intermediate Trusted Certificate 0001' 702s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 702s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-nb8LhS/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 702s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-nb8LhS/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 702s ++ basename /tmp/sssd-softhsm2-nb8LhS/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf .conf 702s + tokens_dir=/tmp/sssd-softhsm2-nb8LhS/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 702s + token_name='Test Organization Sub Int Token' 702s + '[' '!' -e /tmp/sssd-softhsm2-nb8LhS/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf ']' 702s Test Organization Sub Int Token 702s + '[' '!' -d /tmp/sssd-softhsm2-nb8LhS/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 ']' 702s + echo 'Test Organization Sub Int Token' 702s + '[' -n partial_chain ']' 702s + local verify_arg=--verify=partial_chain 702s + local output_base_name=SSSD-child-19196 702s + local output_file=/tmp/sssd-softhsm2-nb8LhS/SSSD-child-19196.output 702s + output_cert_file=/tmp/sssd-softhsm2-nb8LhS/SSSD-child-19196.pem 702s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so --verify=partial_chain --ca_db=/tmp/sssd-softhsm2-nb8LhS/test-root-CA.pem 702s [p11_child[2433]] [main] (0x0400): p11_child started. 702s [p11_child[2433]] [main] (0x2000): Running in [pre-auth] mode. 702s [p11_child[2433]] [main] (0x2000): Running with effective IDs: [0][0]. 702s [p11_child[2433]] [main] (0x2000): Running with real IDs [0][0]. 702s [p11_child[2433]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 702s [p11_child[2433]] [do_card] (0x4000): Module List: 702s [p11_child[2433]] [do_card] (0x4000): common name: [softhsm2]. 702s [p11_child[2433]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 702s [p11_child[2433]] [do_card] (0x4000): Description [SoftHSM slot ID 0x6b8d7287] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 702s [p11_child[2433]] [do_card] (0x4000): Token label [Test Organization Sub Int Token]. 702s [p11_child[2433]] [do_card] (0x4000): Found [Test Organization Sub Int Token] in slot [SoftHSM slot ID 0x6b8d7287][1804432007] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 702s [p11_child[2433]] [do_card] (0x4000): Login NOT required. 702s [p11_child[2433]] [read_certs] (0x4000): found cert[Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] 702s [p11_child[2433]] [do_verification] (0x0040): X509_verify_cert failed [0]. 702s [p11_child[2433]] [do_verification] (0x0040): X509_verify_cert failed [20][unable to get local issuer certificate]. 702s [p11_child[2433]] [read_certs] (0x0040): Certificate [Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] not valid, skipping. 702s [p11_child[2433]] [do_card] (0x4000): No certificate found. 702s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-nb8LhS/SSSD-child-19196.output 702s + return 2 702s + valid_certificate /tmp/sssd-softhsm2-nb8LhS/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-20200 /tmp/sssd-softhsm2-nb8LhS/test-full-chain-CA.pem 702s + check_certificate /tmp/sssd-softhsm2-nb8LhS/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-20200 /tmp/sssd-softhsm2-nb8LhS/test-full-chain-CA.pem 702s + local certificate=/tmp/sssd-softhsm2-nb8LhS/test-sub-intermediate-CA-trusted-certificate-0001.pem 702s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-20200 702s + local key_ring=/tmp/sssd-softhsm2-nb8LhS/test-full-chain-CA.pem 702s + local verify_option= 702s + prepare_softhsm2_card /tmp/sssd-softhsm2-nb8LhS/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-20200 702s + local certificate=/tmp/sssd-softhsm2-nb8LhS/test-sub-intermediate-CA-trusted-certificate-0001.pem 702s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-20200 702s + local key_cn 702s + local key_name 702s + local tokens_dir 702s + local output_cert_file 702s + token_name= 702s ++ basename /tmp/sssd-softhsm2-nb8LhS/test-sub-intermediate-CA-trusted-certificate-0001.pem .pem 702s + key_name=test-sub-intermediate-CA-trusted-certificate-0001 702s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-nb8LhS/test-sub-intermediate-CA-trusted-certificate-0001.pem 702s ++ sed -n 's/ *commonName *= //p' 702s + key_cn='Test Organization Sub Intermediate Trusted Certificate 0001' 702s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 702s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-nb8LhS/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 702s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-nb8LhS/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 702s ++ basename /tmp/sssd-softhsm2-nb8LhS/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf .conf 702s Test Organization Sub Int Token 702s + tokens_dir=/tmp/sssd-softhsm2-nb8LhS/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 702s + token_name='Test Organization Sub Int Token' 702s + '[' '!' -e /tmp/sssd-softhsm2-nb8LhS/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf ']' 702s + '[' '!' -d /tmp/sssd-softhsm2-nb8LhS/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 ']' 702s + echo 'Test Organization Sub Int Token' 702s + '[' -n '' ']' 702s + local output_base_name=SSSD-child-14639 702s + local output_file=/tmp/sssd-softhsm2-nb8LhS/SSSD-child-14639.output 702s + output_cert_file=/tmp/sssd-softhsm2-nb8LhS/SSSD-child-14639.pem 702s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so '' --ca_db=/tmp/sssd-softhsm2-nb8LhS/test-full-chain-CA.pem 702s [p11_child[2440]] [main] (0x0400): p11_child started. 702s [p11_child[2440]] [main] (0x2000): Running in [pre-auth] mode. 702s [p11_child[2440]] [main] (0x2000): Running with effective IDs: [0][0]. 702s [p11_child[2440]] [main] (0x2000): Running with real IDs [0][0]. 702s [p11_child[2440]] [do_card] (0x4000): Module List: 702s [p11_child[2440]] [do_card] (0x4000): common name: [softhsm2]. 702s [p11_child[2440]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 702s [p11_child[2440]] [do_card] (0x4000): Description [SoftHSM slot ID 0x6b8d7287] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 702s [p11_child[2440]] [do_card] (0x4000): Token label [Test Organization Sub Int Token]. 702s [p11_child[2440]] [do_card] (0x4000): Found [Test Organization Sub Int Token] in slot [SoftHSM slot ID 0x6b8d7287][1804432007] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 702s [p11_child[2440]] [do_card] (0x4000): Login NOT required. 702s [p11_child[2440]] [read_certs] (0x4000): found cert[Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] 702s [p11_child[2440]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 702s [p11_child[2440]] [do_card] (0x4000): /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so (null) Test Organization Sub Int Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 702s [p11_child[2440]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x6b8d7287;slot-manufacturer=SoftHSM%20project;slot-id=1804432007;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=1927d569eb8d7287;token=Test%20Organization%20Sub%20Int%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Sub%20Intermediate%20Trusted%20Certificate%200001;type=cert. 702s [p11_child[2440]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 702s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-nb8LhS/SSSD-child-14639.output 702s + echo '-----BEGIN CERTIFICATE-----' 702s + tail -n1 /tmp/sssd-softhsm2-nb8LhS/SSSD-child-14639.output 702s + echo '-----END CERTIFICATE-----' 702s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-nb8LhS/SSSD-child-14639.pem 702s Certificate: 702s Data: 702s Version: 3 (0x2) 702s Serial Number: 5 (0x5) 702s Signature Algorithm: sha256WithRSAEncryption 702s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate CA 702s Validity 702s Not Before: Nov 15 21:18:36 2024 GMT 702s Not After : Nov 15 21:18:36 2025 GMT 702s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate Trusted Certificate 0001 702s Subject Public Key Info: 702s Public Key Algorithm: rsaEncryption 702s Public-Key: (1024 bit) 702s Modulus: 702s 00:b3:2e:9b:de:fe:f6:7d:32:ff:f3:2d:ab:2a:39: 702s 8b:d5:80:b7:50:a0:e3:43:07:03:e4:82:1f:0b:87: 702s 48:76:7b:e9:20:c5:50:5b:db:fd:30:8e:36:5a:05: 702s 7e:ce:e8:c5:81:16:6e:d2:4e:13:36:3a:59:4a:f8: 702s 78:72:41:52:61:a9:c2:8c:7c:6b:80:ba:4a:51:ea: 702s 96:7a:31:8f:da:e1:d6:eb:68:26:b1:6a:91:29:20: 702s 86:72:8f:a4:49:c3:56:82:bc:a0:c7:b1:66:f8:5e: 702s 61:13:03:ca:75:dc:39:28:e9:f3:7b:d4:91:80:03: 702s 55:c8:a9:87:9e:45:fc:5a:b3 702s Exponent: 65537 (0x10001) 702s X509v3 extensions: 702s X509v3 Authority Key Identifier: 702s 3D:3A:72:A2:57:57:9F:CD:0C:0D:EC:4D:DB:C0:0C:C1:86:F2:56:AF 702s X509v3 Basic Constraints: 702s CA:FALSE 702s Netscape Cert Type: 702s SSL Client, S/MIME 702s Netscape Comment: 702s Test Organization Sub Intermediate CA trusted Certificate 702s X509v3 Subject Key Identifier: 702s 24:5C:FA:A5:94:9B:53:2C:2B:88:4C:7C:F3:E1:77:E0:49:6E:53:0C 702s X509v3 Key Usage: critical 702s Digital Signature, Non Repudiation, Key Encipherment 702s X509v3 Extended Key Usage: 702s TLS Web Client Authentication, E-mail Protection 702s X509v3 Subject Alternative Name: 702s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 702s Signature Algorithm: sha256WithRSAEncryption 702s Signature Value: 702s 13:a4:e2:b6:15:3d:1e:de:92:c7:1c:26:73:20:46:e7:23:83: 702s 3d:82:ba:0f:64:68:f6:9a:f1:83:98:e6:30:78:03:7c:f7:e0: 702s a5:fb:3c:57:b5:e8:d6:21:4c:fd:af:72:ba:5b:56:f1:be:83: 702s 5b:94:6a:db:79:c0:38:0e:c3:3e:66:26:3b:1f:49:49:02:78: 702s 0a:2c:f0:35:ab:3b:39:de:c5:b4:e5:2b:90:9e:c8:76:1c:86: 702s ca:79:3e:f7:10:c1:d4:eb:4a:dc:6c:06:fb:80:d3:0f:a5:20: 702s 47:6b:88:d4:5f:cc:45:28:32:2a:f8:96:a5:74:2f:c6:79:a3: 702s 0b:37 702s + local found_md5 expected_md5 702s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-nb8LhS/test-sub-intermediate-CA-trusted-certificate-0001.pem 702s + expected_md5=Modulus=B32E9BDEFEF67D32FFF32DAB2A398BD580B750A0E3430703E4821F0B8748767BE920C5505BDBFD308E365A057ECEE8C581166ED24E13363A594AF87872415261A9C28C7C6B80BA4A51EA967A318FDAE1D6EB6826B16A91292086728FA449C35682BCA0C7B166F85E611303CA75DC3928E9F37BD491800355C8A9879E45FC5AB3 702s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-nb8LhS/SSSD-child-14639.pem 702s + found_md5=Modulus=B32E9BDEFEF67D32FFF32DAB2A398BD580B750A0E3430703E4821F0B8748767BE920C5505BDBFD308E365A057ECEE8C581166ED24E13363A594AF87872415261A9C28C7C6B80BA4A51EA967A318FDAE1D6EB6826B16A91292086728FA449C35682BCA0C7B166F85E611303CA75DC3928E9F37BD491800355C8A9879E45FC5AB3 702s + '[' Modulus=B32E9BDEFEF67D32FFF32DAB2A398BD580B750A0E3430703E4821F0B8748767BE920C5505BDBFD308E365A057ECEE8C581166ED24E13363A594AF87872415261A9C28C7C6B80BA4A51EA967A318FDAE1D6EB6826B16A91292086728FA449C35682BCA0C7B166F85E611303CA75DC3928E9F37BD491800355C8A9879E45FC5AB3 '!=' Modulus=B32E9BDEFEF67D32FFF32DAB2A398BD580B750A0E3430703E4821F0B8748767BE920C5505BDBFD308E365A057ECEE8C581166ED24E13363A594AF87872415261A9C28C7C6B80BA4A51EA967A318FDAE1D6EB6826B16A91292086728FA449C35682BCA0C7B166F85E611303CA75DC3928E9F37BD491800355C8A9879E45FC5AB3 ']' 702s + output_file=/tmp/sssd-softhsm2-nb8LhS/SSSD-child-14639-auth.output 702s ++ basename /tmp/sssd-softhsm2-nb8LhS/SSSD-child-14639-auth.output .output 702s + output_cert_file=/tmp/sssd-softhsm2-nb8LhS/SSSD-child-14639-auth.pem 702s + echo -n 053350 702s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/tmp/sssd-softhsm2-nb8LhS/test-full-chain-CA.pem --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 '' --token_name 'Test Organization Sub Int Token' --module_name /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so 702s [p11_child[2448]] [main] (0x0400): p11_child started. 702s [p11_child[2448]] [main] (0x2000): Running in [auth] mode. 702s [p11_child[2448]] [main] (0x2000): Running with effective IDs: [0][0]. 702s [p11_child[2448]] [main] (0x2000): Running with real IDs [0][0]. 702s [p11_child[2448]] [do_card] (0x4000): Module List: 702s [p11_child[2448]] [do_card] (0x4000): common name: [softhsm2]. 702s [p11_child[2448]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 702s [p11_child[2448]] [do_card] (0x4000): Description [SoftHSM slot ID 0x6b8d7287] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 702s [p11_child[2448]] [do_card] (0x4000): Token label [Test Organization Sub Int Token]. 702s [p11_child[2448]] [do_card] (0x4000): Found [Test Organization Sub Int Token] in slot [SoftHSM slot ID 0x6b8d7287][1804432007] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 702s [p11_child[2448]] [do_card] (0x4000): Login required. 702s [p11_child[2448]] [read_certs] (0x4000): found cert[Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] 702s [p11_child[2448]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 702s [p11_child[2448]] [do_card] (0x4000): /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so Test Organization Sub Int Token Test Organization Sub Int Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 702s [p11_child[2448]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x6b8d7287;slot-manufacturer=SoftHSM%20project;slot-id=1804432007;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=1927d569eb8d7287;token=Test%20Organization%20Sub%20Int%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Sub%20Intermediate%20Trusted%20Certificate%200001;type=cert. 702s [p11_child[2448]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 702s [p11_child[2448]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 702s [p11_child[2448]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 702s [p11_child[2448]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 702s [p11_child[2448]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 702s [p11_child[2448]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 702s [p11_child[2448]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 702s [p11_child[2448]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 702s [p11_child[2448]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 702s [p11_child[2448]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 702s [p11_child[2448]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 702s [p11_child[2448]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 702s [p11_child[2448]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 702s [p11_child[2448]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 702s [p11_child[2448]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 702s [p11_child[2448]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 702s [p11_child[2448]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 702s [p11_child[2448]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 702s [p11_child[2448]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 702s [p11_child[2448]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 702s [p11_child[2448]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 702s [p11_child[2448]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 702s [p11_child[2448]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 702s [p11_child[2448]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 702s [p11_child[2448]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 702s [p11_child[2448]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 702s [p11_child[2448]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 702s [p11_child[2448]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 702s [p11_child[2448]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 702s [p11_child[2448]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 702s [p11_child[2448]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 702s [p11_child[2448]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 702s [p11_child[2448]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 702s [p11_child[2448]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 702s [p11_child[2448]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 702s [p11_child[2448]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 702s [p11_child[2448]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 702s [p11_child[2448]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 702s [p11_child[2448]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 702s [p11_child[2448]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 702s [p11_child[2448]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 702s [p11_child[2448]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 702s [p11_child[2448]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 702s [p11_child[2448]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 702s [p11_child[2448]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 702s [p11_child[2448]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 702s [p11_child[2448]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 702s [p11_child[2448]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 702s [p11_child[2448]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 702s [p11_child[2448]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 702s [p11_child[2448]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 702s [p11_child[2448]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 702s [p11_child[2448]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 702s [p11_child[2448]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 702s [p11_child[2448]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 702s [p11_child[2448]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 702s [p11_child[2448]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 702s [p11_child[2448]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 702s [p11_child[2448]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 702s [p11_child[2448]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 702s [p11_child[2448]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 702s [p11_child[2448]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 702s [p11_child[2448]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 702s [p11_child[2448]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 702s [p11_child[2448]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 702s [p11_child[2448]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 702s [p11_child[2448]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 702s [p11_child[2448]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 702s [p11_child[2448]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 702s [p11_child[2448]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 702s [p11_child[2448]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 702s [p11_child[2448]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 702s [p11_child[2448]] [do_card] (0x4000): Certificate verified and validated. 702s [p11_child[2448]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 702s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-nb8LhS/SSSD-child-14639-auth.output 702s + echo '-----BEGIN CERTIFICATE-----' 702s + tail -n1 /tmp/sssd-softhsm2-nb8LhS/SSSD-child-14639-auth.output 702s + echo '-----END CERTIFICATE-----' 702s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-nb8LhS/SSSD-child-14639-auth.pem 702s Certificate: 702s Data: 702s Version: 3 (0x2) 702s Serial Number: 5 (0x5) 702s Signature Algorithm: sha256WithRSAEncryption 702s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate CA 702s Validity 702s Not Before: Nov 15 21:18:36 2024 GMT 702s Not After : Nov 15 21:18:36 2025 GMT 702s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate Trusted Certificate 0001 702s Subject Public Key Info: 702s Public Key Algorithm: rsaEncryption 702s Public-Key: (1024 bit) 702s Modulus: 702s 00:b3:2e:9b:de:fe:f6:7d:32:ff:f3:2d:ab:2a:39: 702s 8b:d5:80:b7:50:a0:e3:43:07:03:e4:82:1f:0b:87: 702s 48:76:7b:e9:20:c5:50:5b:db:fd:30:8e:36:5a:05: 702s 7e:ce:e8:c5:81:16:6e:d2:4e:13:36:3a:59:4a:f8: 702s 78:72:41:52:61:a9:c2:8c:7c:6b:80:ba:4a:51:ea: 702s 96:7a:31:8f:da:e1:d6:eb:68:26:b1:6a:91:29:20: 702s 86:72:8f:a4:49:c3:56:82:bc:a0:c7:b1:66:f8:5e: 702s 61:13:03:ca:75:dc:39:28:e9:f3:7b:d4:91:80:03: 702s 55:c8:a9:87:9e:45:fc:5a:b3 702s Exponent: 65537 (0x10001) 702s X509v3 extensions: 702s X509v3 Authority Key Identifier: 702s 3D:3A:72:A2:57:57:9F:CD:0C:0D:EC:4D:DB:C0:0C:C1:86:F2:56:AF 702s X509v3 Basic Constraints: 702s CA:FALSE 702s Netscape Cert Type: 702s SSL Client, S/MIME 702s Netscape Comment: 702s Test Organization Sub Intermediate CA trusted Certificate 702s X509v3 Subject Key Identifier: 702s 24:5C:FA:A5:94:9B:53:2C:2B:88:4C:7C:F3:E1:77:E0:49:6E:53:0C 702s X509v3 Key Usage: critical 702s Digital Signature, Non Repudiation, Key Encipherment 702s X509v3 Extended Key Usage: 702s TLS Web Client Authentication, E-mail Protection 702s X509v3 Subject Alternative Name: 702s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 702s Signature Algorithm: sha256WithRSAEncryption 702s Signature Value: 702s 13:a4:e2:b6:15:3d:1e:de:92:c7:1c:26:73:20:46:e7:23:83: 702s 3d:82:ba:0f:64:68:f6:9a:f1:83:98:e6:30:78:03:7c:f7:e0: 702s a5:fb:3c:57:b5:e8:d6:21:4c:fd:af:72:ba:5b:56:f1:be:83: 702s 5b:94:6a:db:79:c0:38:0e:c3:3e:66:26:3b:1f:49:49:02:78: 702s 0a:2c:f0:35:ab:3b:39:de:c5:b4:e5:2b:90:9e:c8:76:1c:86: 702s ca:79:3e:f7:10:c1:d4:eb:4a:dc:6c:06:fb:80:d3:0f:a5:20: 702s 47:6b:88:d4:5f:cc:45:28:32:2a:f8:96:a5:74:2f:c6:79:a3: 702s 0b:37 702s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-nb8LhS/SSSD-child-14639-auth.pem 702s + found_md5=Modulus=B32E9BDEFEF67D32FFF32DAB2A398BD580B750A0E3430703E4821F0B8748767BE920C5505BDBFD308E365A057ECEE8C581166ED24E13363A594AF87872415261A9C28C7C6B80BA4A51EA967A318FDAE1D6EB6826B16A91292086728FA449C35682BCA0C7B166F85E611303CA75DC3928E9F37BD491800355C8A9879E45FC5AB3 702s + '[' Modulus=B32E9BDEFEF67D32FFF32DAB2A398BD580B750A0E3430703E4821F0B8748767BE920C5505BDBFD308E365A057ECEE8C581166ED24E13363A594AF87872415261A9C28C7C6B80BA4A51EA967A318FDAE1D6EB6826B16A91292086728FA449C35682BCA0C7B166F85E611303CA75DC3928E9F37BD491800355C8A9879E45FC5AB3 '!=' Modulus=B32E9BDEFEF67D32FFF32DAB2A398BD580B750A0E3430703E4821F0B8748767BE920C5505BDBFD308E365A057ECEE8C581166ED24E13363A594AF87872415261A9C28C7C6B80BA4A51EA967A318FDAE1D6EB6826B16A91292086728FA449C35682BCA0C7B166F85E611303CA75DC3928E9F37BD491800355C8A9879E45FC5AB3 ']' 702s + valid_certificate /tmp/sssd-softhsm2-nb8LhS/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-20200 /tmp/sssd-softhsm2-nb8LhS/test-full-chain-CA.pem partial_chain 702s + check_certificate /tmp/sssd-softhsm2-nb8LhS/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-20200 /tmp/sssd-softhsm2-nb8LhS/test-full-chain-CA.pem partial_chain 702s + local certificate=/tmp/sssd-softhsm2-nb8LhS/test-sub-intermediate-CA-trusted-certificate-0001.pem 702s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-20200 702s + local key_ring=/tmp/sssd-softhsm2-nb8LhS/test-full-chain-CA.pem 702s + local verify_option=partial_chain 702s + prepare_softhsm2_card /tmp/sssd-softhsm2-nb8LhS/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-20200 702s + local certificate=/tmp/sssd-softhsm2-nb8LhS/test-sub-intermediate-CA-trusted-certificate-0001.pem 702s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-20200 702s + local key_cn 702s + local key_name 702s + local tokens_dir 702s + local output_cert_file 702s + token_name= 702s ++ basename /tmp/sssd-softhsm2-nb8LhS/test-sub-intermediate-CA-trusted-certificate-0001.pem .pem 702s + key_name=test-sub-intermediate-CA-trusted-certificate-0001 702s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-nb8LhS/test-sub-intermediate-CA-trusted-certificate-0001.pem 702s ++ sed -n 's/ *commonName *= //p' 702s + key_cn='Test Organization Sub Intermediate Trusted Certificate 0001' 702s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 702s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-nb8LhS/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 702s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-nb8LhS/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 702s ++ basename /tmp/sssd-softhsm2-nb8LhS/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf .conf 702s + tokens_dir=/tmp/sssd-softhsm2-nb8LhS/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 702s + token_name='Test Organization Sub Int Token' 702s Test Organization Sub Int Token 702s + '[' '!' -e /tmp/sssd-softhsm2-nb8LhS/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf ']' 702s + '[' '!' -d /tmp/sssd-softhsm2-nb8LhS/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 ']' 702s + echo 'Test Organization Sub Int Token' 702s + '[' -n partial_chain ']' 702s + local verify_arg=--verify=partial_chain 702s + local output_base_name=SSSD-child-13166 702s + local output_file=/tmp/sssd-softhsm2-nb8LhS/SSSD-child-13166.output 702s + output_cert_file=/tmp/sssd-softhsm2-nb8LhS/SSSD-child-13166.pem 702s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so --verify=partial_chain --ca_db=/tmp/sssd-softhsm2-nb8LhS/test-full-chain-CA.pem 702s [p11_child[2458]] [main] (0x0400): p11_child started. 702s [p11_child[2458]] [main] (0x2000): Running in [pre-auth] mode. 702s [p11_child[2458]] [main] (0x2000): Running with effective IDs: [0][0]. 702s [p11_child[2458]] [main] (0x2000): Running with real IDs [0][0]. 702s [p11_child[2458]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 702s [p11_child[2458]] [do_card] (0x4000): Module List: 702s [p11_child[2458]] [do_card] (0x4000): common name: [softhsm2]. 702s [p11_child[2458]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 702s [p11_child[2458]] [do_card] (0x4000): Description [SoftHSM slot ID 0x6b8d7287] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 702s [p11_child[2458]] [do_card] (0x4000): Token label [Test Organization Sub Int Token]. 702s [p11_child[2458]] [do_card] (0x4000): Found [Test Organization Sub Int Token] in slot [SoftHSM slot ID 0x6b8d7287][1804432007] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 702s [p11_child[2458]] [do_card] (0x4000): Login NOT required. 702s [p11_child[2458]] [read_certs] (0x4000): found cert[Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] 702s [p11_child[2458]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 702s [p11_child[2458]] [do_card] (0x4000): /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so (null) Test Organization Sub Int Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 702s [p11_child[2458]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x6b8d7287;slot-manufacturer=SoftHSM%20project;slot-id=1804432007;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=1927d569eb8d7287;token=Test%20Organization%20Sub%20Int%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Sub%20Intermediate%20Trusted%20Certificate%200001;type=cert. 702s [p11_child[2458]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 702s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-nb8LhS/SSSD-child-13166.output 702s + echo '-----BEGIN CERTIFICATE-----' 702s + tail -n1 /tmp/sssd-softhsm2-nb8LhS/SSSD-child-13166.output 702s + echo '-----END CERTIFICATE-----' 702s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-nb8LhS/SSSD-child-13166.pem 702s Certificate: 702s Data: 702s Version: 3 (0x2) 702s Serial Number: 5 (0x5) 702s Signature Algorithm: sha256WithRSAEncryption 702s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate CA 702s Validity 702s Not Before: Nov 15 21:18:36 2024 GMT 702s Not After : Nov 15 21:18:36 2025 GMT 702s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate Trusted Certificate 0001 702s Subject Public Key Info: 702s Public Key Algorithm: rsaEncryption 702s Public-Key: (1024 bit) 702s Modulus: 702s 00:b3:2e:9b:de:fe:f6:7d:32:ff:f3:2d:ab:2a:39: 702s 8b:d5:80:b7:50:a0:e3:43:07:03:e4:82:1f:0b:87: 702s 48:76:7b:e9:20:c5:50:5b:db:fd:30:8e:36:5a:05: 702s 7e:ce:e8:c5:81:16:6e:d2:4e:13:36:3a:59:4a:f8: 702s 78:72:41:52:61:a9:c2:8c:7c:6b:80:ba:4a:51:ea: 702s 96:7a:31:8f:da:e1:d6:eb:68:26:b1:6a:91:29:20: 702s 86:72:8f:a4:49:c3:56:82:bc:a0:c7:b1:66:f8:5e: 702s 61:13:03:ca:75:dc:39:28:e9:f3:7b:d4:91:80:03: 702s 55:c8:a9:87:9e:45:fc:5a:b3 702s Exponent: 65537 (0x10001) 702s X509v3 extensions: 702s X509v3 Authority Key Identifier: 702s 3D:3A:72:A2:57:57:9F:CD:0C:0D:EC:4D:DB:C0:0C:C1:86:F2:56:AF 702s X509v3 Basic Constraints: 702s CA:FALSE 702s Netscape Cert Type: 702s SSL Client, S/MIME 702s Netscape Comment: 702s Test Organization Sub Intermediate CA trusted Certificate 702s X509v3 Subject Key Identifier: 702s 24:5C:FA:A5:94:9B:53:2C:2B:88:4C:7C:F3:E1:77:E0:49:6E:53:0C 702s X509v3 Key Usage: critical 702s Digital Signature, Non Repudiation, Key Encipherment 702s X509v3 Extended Key Usage: 702s TLS Web Client Authentication, E-mail Protection 702s X509v3 Subject Alternative Name: 702s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 702s Signature Algorithm: sha256WithRSAEncryption 702s Signature Value: 702s 13:a4:e2:b6:15:3d:1e:de:92:c7:1c:26:73:20:46:e7:23:83: 702s 3d:82:ba:0f:64:68:f6:9a:f1:83:98:e6:30:78:03:7c:f7:e0: 702s a5:fb:3c:57:b5:e8:d6:21:4c:fd:af:72:ba:5b:56:f1:be:83: 702s 5b:94:6a:db:79:c0:38:0e:c3:3e:66:26:3b:1f:49:49:02:78: 702s 0a:2c:f0:35:ab:3b:39:de:c5:b4:e5:2b:90:9e:c8:76:1c:86: 702s ca:79:3e:f7:10:c1:d4:eb:4a:dc:6c:06:fb:80:d3:0f:a5:20: 702s 47:6b:88:d4:5f:cc:45:28:32:2a:f8:96:a5:74:2f:c6:79:a3: 702s 0b:37 702s + local found_md5 expected_md5 702s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-nb8LhS/test-sub-intermediate-CA-trusted-certificate-0001.pem 702s + expected_md5=Modulus=B32E9BDEFEF67D32FFF32DAB2A398BD580B750A0E3430703E4821F0B8748767BE920C5505BDBFD308E365A057ECEE8C581166ED24E13363A594AF87872415261A9C28C7C6B80BA4A51EA967A318FDAE1D6EB6826B16A91292086728FA449C35682BCA0C7B166F85E611303CA75DC3928E9F37BD491800355C8A9879E45FC5AB3 702s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-nb8LhS/SSSD-child-13166.pem 702s + found_md5=Modulus=B32E9BDEFEF67D32FFF32DAB2A398BD580B750A0E3430703E4821F0B8748767BE920C5505BDBFD308E365A057ECEE8C581166ED24E13363A594AF87872415261A9C28C7C6B80BA4A51EA967A318FDAE1D6EB6826B16A91292086728FA449C35682BCA0C7B166F85E611303CA75DC3928E9F37BD491800355C8A9879E45FC5AB3 702s + '[' Modulus=B32E9BDEFEF67D32FFF32DAB2A398BD580B750A0E3430703E4821F0B8748767BE920C5505BDBFD308E365A057ECEE8C581166ED24E13363A594AF87872415261A9C28C7C6B80BA4A51EA967A318FDAE1D6EB6826B16A91292086728FA449C35682BCA0C7B166F85E611303CA75DC3928E9F37BD491800355C8A9879E45FC5AB3 '!=' Modulus=B32E9BDEFEF67D32FFF32DAB2A398BD580B750A0E3430703E4821F0B8748767BE920C5505BDBFD308E365A057ECEE8C581166ED24E13363A594AF87872415261A9C28C7C6B80BA4A51EA967A318FDAE1D6EB6826B16A91292086728FA449C35682BCA0C7B166F85E611303CA75DC3928E9F37BD491800355C8A9879E45FC5AB3 ']' 702s + output_file=/tmp/sssd-softhsm2-nb8LhS/SSSD-child-13166-auth.output 702s ++ basename /tmp/sssd-softhsm2-nb8LhS/SSSD-child-13166-auth.output .output 702s + output_cert_file=/tmp/sssd-softhsm2-nb8LhS/SSSD-child-13166-auth.pem 702s + echo -n 053350 702s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/tmp/sssd-softhsm2-nb8LhS/test-full-chain-CA.pem --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 --verify=partial_chain --token_name 'Test Organization Sub Int Token' --module_name /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so 702s [p11_child[2466]] [main] (0x0400): p11_child started. 702s [p11_child[2466]] [main] (0x2000): Running in [auth] mode. 702s [p11_child[2466]] [main] (0x2000): Running with effective IDs: [0][0]. 702s [p11_child[2466]] [main] (0x2000): Running with real IDs [0][0]. 702s [p11_child[2466]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 702s [p11_child[2466]] [do_card] (0x4000): Module List: 702s [p11_child[2466]] [do_card] (0x4000): common name: [softhsm2]. 702s [p11_child[2466]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 702s [p11_child[2466]] [do_card] (0x4000): Description [SoftHSM slot ID 0x6b8d7287] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 702s [p11_child[2466]] [do_card] (0x4000): Token label [Test Organization Sub Int Token]. 702s [p11_child[2466]] [do_card] (0x4000): Found [Test Organization Sub Int Token] in slot [SoftHSM slot ID 0x6b8d7287][1804432007] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 702s [p11_child[2466]] [do_card] (0x4000): Login required. 702s [p11_child[2466]] [read_certs] (0x4000): found cert[Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] 702s [p11_child[2466]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 702s [p11_child[2466]] [do_card] (0x4000): /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so Test Organization Sub Int Token Test Organization Sub Int Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 702s [p11_child[2466]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x6b8d7287;slot-manufacturer=SoftHSM%20project;slot-id=1804432007;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=1927d569eb8d7287;token=Test%20Organization%20Sub%20Int%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Sub%20Intermediate%20Trusted%20Certificate%200001;type=cert. 702s [p11_child[2466]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 702s [p11_child[2466]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 702s [p11_child[2466]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 702s [p11_child[2466]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 702s [p11_child[2466]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 702s [p11_child[2466]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 702s [p11_child[2466]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 702s [p11_child[2466]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 702s [p11_child[2466]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 702s [p11_child[2466]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 702s [p11_child[2466]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 702s [p11_child[2466]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 702s [p11_child[2466]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 702s [p11_child[2466]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 702s [p11_child[2466]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 702s [p11_child[2466]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 702s [p11_child[2466]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 702s [p11_child[2466]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 702s [p11_child[2466]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 702s [p11_child[2466]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 702s [p11_child[2466]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 702s [p11_child[2466]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 702s [p11_child[2466]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 702s [p11_child[2466]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 702s [p11_child[2466]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 702s [p11_child[2466]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 702s [p11_child[2466]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 702s [p11_child[2466]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 702s [p11_child[2466]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 702s [p11_child[2466]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 702s [p11_child[2466]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 702s [p11_child[2466]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 702s [p11_child[2466]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 702s [p11_child[2466]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 702s [p11_child[2466]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 702s [p11_child[2466]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 702s [p11_child[2466]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 702s [p11_child[2466]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 702s [p11_child[2466]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 702s [p11_child[2466]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 702s [p11_child[2466]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 702s [p11_child[2466]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 702s [p11_child[2466]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 702s [p11_child[2466]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 702s [p11_child[2466]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 702s [p11_child[2466]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 702s [p11_child[2466]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 702s [p11_child[2466]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 702s [p11_child[2466]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 702s [p11_child[2466]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 702s [p11_child[2466]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 702s [p11_child[2466]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 702s [p11_child[2466]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 702s [p11_child[2466]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 702s [p11_child[2466]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 702s [p11_child[2466]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 702s [p11_child[2466]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 702s [p11_child[2466]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 702s [p11_child[2466]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 702s [p11_child[2466]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 702s [p11_child[2466]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 702s [p11_child[2466]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 702s [p11_child[2466]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 702s [p11_child[2466]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 702s [p11_child[2466]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 702s [p11_child[2466]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 702s [p11_child[2466]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 702s [p11_child[2466]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 702s [p11_child[2466]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 702s [p11_child[2466]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 702s [p11_child[2466]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 702s [p11_child[2466]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 702s [p11_child[2466]] [do_card] (0x4000): Certificate verified and validated. 702s [p11_child[2466]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 702s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-nb8LhS/SSSD-child-13166-auth.output 702s + echo '-----BEGIN CERTIFICATE-----' 702s + tail -n1 /tmp/sssd-softhsm2-nb8LhS/SSSD-child-13166-auth.output 702s + echo '-----END CERTIFICATE-----' 702s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-nb8LhS/SSSD-child-13166-auth.pem 702s Certificate: 702s Data: 702s Version: 3 (0x2) 702s Serial Number: 5 (0x5) 702s Signature Algorithm: sha256WithRSAEncryption 702s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate CA 702s Validity 702s Not Before: Nov 15 21:18:36 2024 GMT 702s Not After : Nov 15 21:18:36 2025 GMT 702s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate Trusted Certificate 0001 702s Subject Public Key Info: 702s Public Key Algorithm: rsaEncryption 702s Public-Key: (1024 bit) 702s Modulus: 702s 00:b3:2e:9b:de:fe:f6:7d:32:ff:f3:2d:ab:2a:39: 702s 8b:d5:80:b7:50:a0:e3:43:07:03:e4:82:1f:0b:87: 702s 48:76:7b:e9:20:c5:50:5b:db:fd:30:8e:36:5a:05: 702s 7e:ce:e8:c5:81:16:6e:d2:4e:13:36:3a:59:4a:f8: 702s 78:72:41:52:61:a9:c2:8c:7c:6b:80:ba:4a:51:ea: 702s 96:7a:31:8f:da:e1:d6:eb:68:26:b1:6a:91:29:20: 702s 86:72:8f:a4:49:c3:56:82:bc:a0:c7:b1:66:f8:5e: 702s 61:13:03:ca:75:dc:39:28:e9:f3:7b:d4:91:80:03: 702s 55:c8:a9:87:9e:45:fc:5a:b3 702s Exponent: 65537 (0x10001) 702s X509v3 extensions: 702s X509v3 Authority Key Identifier: 702s 3D:3A:72:A2:57:57:9F:CD:0C:0D:EC:4D:DB:C0:0C:C1:86:F2:56:AF 702s X509v3 Basic Constraints: 702s CA:FALSE 702s Netscape Cert Type: 702s SSL Client, S/MIME 702s Netscape Comment: 702s Test Organization Sub Intermediate CA trusted Certificate 702s X509v3 Subject Key Identifier: 702s 24:5C:FA:A5:94:9B:53:2C:2B:88:4C:7C:F3:E1:77:E0:49:6E:53:0C 702s X509v3 Key Usage: critical 702s Digital Signature, Non Repudiation, Key Encipherment 702s X509v3 Extended Key Usage: 702s TLS Web Client Authentication, E-mail Protection 702s X509v3 Subject Alternative Name: 702s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 702s Signature Algorithm: sha256WithRSAEncryption 702s Signature Value: 702s 13:a4:e2:b6:15:3d:1e:de:92:c7:1c:26:73:20:46:e7:23:83: 702s 3d:82:ba:0f:64:68:f6:9a:f1:83:98:e6:30:78:03:7c:f7:e0: 702s a5:fb:3c:57:b5:e8:d6:21:4c:fd:af:72:ba:5b:56:f1:be:83: 702s 5b:94:6a:db:79:c0:38:0e:c3:3e:66:26:3b:1f:49:49:02:78: 702s 0a:2c:f0:35:ab:3b:39:de:c5:b4:e5:2b:90:9e:c8:76:1c:86: 702s ca:79:3e:f7:10:c1:d4:eb:4a:dc:6c:06:fb:80:d3:0f:a5:20: 702s 47:6b:88:d4:5f:cc:45:28:32:2a:f8:96:a5:74:2f:c6:79:a3: 702s 0b:37 702s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-nb8LhS/SSSD-child-13166-auth.pem 702s + found_md5=Modulus=B32E9BDEFEF67D32FFF32DAB2A398BD580B750A0E3430703E4821F0B8748767BE920C5505BDBFD308E365A057ECEE8C581166ED24E13363A594AF87872415261A9C28C7C6B80BA4A51EA967A318FDAE1D6EB6826B16A91292086728FA449C35682BCA0C7B166F85E611303CA75DC3928E9F37BD491800355C8A9879E45FC5AB3 702s + '[' Modulus=B32E9BDEFEF67D32FFF32DAB2A398BD580B750A0E3430703E4821F0B8748767BE920C5505BDBFD308E365A057ECEE8C581166ED24E13363A594AF87872415261A9C28C7C6B80BA4A51EA967A318FDAE1D6EB6826B16A91292086728FA449C35682BCA0C7B166F85E611303CA75DC3928E9F37BD491800355C8A9879E45FC5AB3 '!=' Modulus=B32E9BDEFEF67D32FFF32DAB2A398BD580B750A0E3430703E4821F0B8748767BE920C5505BDBFD308E365A057ECEE8C581166ED24E13363A594AF87872415261A9C28C7C6B80BA4A51EA967A318FDAE1D6EB6826B16A91292086728FA449C35682BCA0C7B166F85E611303CA75DC3928E9F37BD491800355C8A9879E45FC5AB3 ']' 702s + invalid_certificate /tmp/sssd-softhsm2-nb8LhS/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-20200 /tmp/sssd-softhsm2-nb8LhS/test-sub-intermediate-CA.pem 702s + check_certificate /tmp/sssd-softhsm2-nb8LhS/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-20200 /tmp/sssd-softhsm2-nb8LhS/test-sub-intermediate-CA.pem 702s + local certificate=/tmp/sssd-softhsm2-nb8LhS/test-sub-intermediate-CA-trusted-certificate-0001.pem 702s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-20200 702s + local key_ring=/tmp/sssd-softhsm2-nb8LhS/test-sub-intermediate-CA.pem 702s + local verify_option= 702s + prepare_softhsm2_card /tmp/sssd-softhsm2-nb8LhS/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-20200 702s + local certificate=/tmp/sssd-softhsm2-nb8LhS/test-sub-intermediate-CA-trusted-certificate-0001.pem 702s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-20200 702s + local key_cn 702s + local key_name 702s + local tokens_dir 702s + local output_cert_file 702s + token_name= 702s ++ basename /tmp/sssd-softhsm2-nb8LhS/test-sub-intermediate-CA-trusted-certificate-0001.pem .pem 702s + key_name=test-sub-intermediate-CA-trusted-certificate-0001 702s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-nb8LhS/test-sub-intermediate-CA-trusted-certificate-0001.pem 702s ++ sed -n 's/ *commonName *= //p' 702s + key_cn='Test Organization Sub Intermediate Trusted Certificate 0001' 702s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 702s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-nb8LhS/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 702s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-nb8LhS/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 702s ++ basename /tmp/sssd-softhsm2-nb8LhS/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf .conf 702s + tokens_dir=/tmp/sssd-softhsm2-nb8LhS/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 702s + token_name='Test Organization Sub Int Token' 702s + '[' '!' -e /tmp/sssd-softhsm2-nb8LhS/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf ']' 702s + '[' '!' -d /tmp/sssd-softhsm2-nb8LhS/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 ']' 702s + echo 'Test Organization Sub Int Token' 702s + '[' -n '' ']' 702s + local output_base_name=SSSD-child-8224 702s + local output_file=/tmp/sssd-softhsm2-nb8LhS/SSSD-child-8224.output 702s + output_cert_file=/tmp/sssd-softhsm2-nb8LhS/SSSD-child-8224.pem 702s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so '' --ca_db=/tmp/sssd-softhsm2-nb8LhS/test-sub-intermediate-CA.pem 702s Test Organization Sub Int Token 702s [p11_child[2476]] [main] (0x0400): p11_child started. 702s [p11_child[2476]] [main] (0x2000): Running in [pre-auth] mode. 702s [p11_child[2476]] [main] (0x2000): Running with effective IDs: [0][0]. 702s [p11_child[2476]] [main] (0x2000): Running with real IDs [0][0]. 702s [p11_child[2476]] [do_card] (0x4000): Module List: 702s [p11_child[2476]] [do_card] (0x4000): common name: [softhsm2]. 702s [p11_child[2476]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 702s [p11_child[2476]] [do_card] (0x4000): Description [SoftHSM slot ID 0x6b8d7287] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 702s [p11_child[2476]] [do_card] (0x4000): Token label [Test Organization Sub Int Token]. 702s [p11_child[2476]] [do_card] (0x4000): Found [Test Organization Sub Int Token] in slot [SoftHSM slot ID 0x6b8d7287][1804432007] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 702s [p11_child[2476]] [do_card] (0x4000): Login NOT required. 702s [p11_child[2476]] [read_certs] (0x4000): found cert[Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] 702s [p11_child[2476]] [do_verification] (0x0040): X509_verify_cert failed [0]. 702s [p11_child[2476]] [do_verification] (0x0040): X509_verify_cert failed [2][unable to get issuer certificate]. 702s [p11_child[2476]] [read_certs] (0x0040): Certificate [Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] not valid, skipping. 702s [p11_child[2476]] [do_card] (0x4000): No certificate found. 702s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-nb8LhS/SSSD-child-8224.output 702s + return 2 702s + invalid_certificate /tmp/sssd-softhsm2-nb8LhS/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-20200 /tmp/sssd-softhsm2-nb8LhS/test-root-intermediate-chain-CA.pem partial_chain 702s + check_certificate /tmp/sssd-softhsm2-nb8LhS/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-20200 /tmp/sssd-softhsm2-nb8LhS/test-root-intermediate-chain-CA.pem partial_chain 702s + local certificate=/tmp/sssd-softhsm2-nb8LhS/test-sub-intermediate-CA-trusted-certificate-0001.pem 702s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-20200 702s + local key_ring=/tmp/sssd-softhsm2-nb8LhS/test-root-intermediate-chain-CA.pem 702s + local verify_option=partial_chain 702s + prepare_softhsm2_card /tmp/sssd-softhsm2-nb8LhS/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-20200 702s + local certificate=/tmp/sssd-softhsm2-nb8LhS/test-sub-intermediate-CA-trusted-certificate-0001.pem 702s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-20200 702s + local key_cn 702s + local key_name 702s + local tokens_dir 702s + local output_cert_file 702s + token_name= 702s ++ basename /tmp/sssd-softhsm2-nb8LhS/test-sub-intermediate-CA-trusted-certificate-0001.pem .pem 702s + key_name=test-sub-intermediate-CA-trusted-certificate-0001 702s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-nb8LhS/test-sub-intermediate-CA-trusted-certificate-0001.pem 702s ++ sed -n 's/ *commonName *= //p' 702s + key_cn='Test Organization Sub Intermediate Trusted Certificate 0001' 702s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 702s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-nb8LhS/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 702s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-nb8LhS/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 702s ++ basename /tmp/sssd-softhsm2-nb8LhS/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf .conf 702s Test Organization Sub Int Token 702s + tokens_dir=/tmp/sssd-softhsm2-nb8LhS/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 702s + token_name='Test Organization Sub Int Token' 702s + '[' '!' -e /tmp/sssd-softhsm2-nb8LhS/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf ']' 702s + '[' '!' -d /tmp/sssd-softhsm2-nb8LhS/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 ']' 702s + echo 'Test Organization Sub Int Token' 702s + '[' -n partial_chain ']' 702s + local verify_arg=--verify=partial_chain 702s + local output_base_name=SSSD-child-23524 702s + local output_file=/tmp/sssd-softhsm2-nb8LhS/SSSD-child-23524.output 702s + output_cert_file=/tmp/sssd-softhsm2-nb8LhS/SSSD-child-23524.pem 702s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so --verify=partial_chain --ca_db=/tmp/sssd-softhsm2-nb8LhS/test-root-intermediate-chain-CA.pem 702s [p11_child[2483]] [main] (0x0400): p11_child started. 702s [p11_child[2483]] [main] (0x2000): Running in [pre-auth] mode. 702s [p11_child[2483]] [main] (0x2000): Running with effective IDs: [0][0]. 702s [p11_child[2483]] [main] (0x2000): Running with real IDs [0][0]. 702s [p11_child[2483]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 702s [p11_child[2483]] [do_card] (0x4000): Module List: 702s [p11_child[2483]] [do_card] (0x4000): common name: [softhsm2]. 702s [p11_child[2483]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 702s [p11_child[2483]] [do_card] (0x4000): Description [SoftHSM slot ID 0x6b8d7287] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 702s [p11_child[2483]] [do_card] (0x4000): Token label [Test Organization Sub Int Token]. 702s [p11_child[2483]] [do_card] (0x4000): Found [Test Organization Sub Int Token] in slot [SoftHSM slot ID 0x6b8d7287][1804432007] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 702s [p11_child[2483]] [do_card] (0x4000): Login NOT required. 702s [p11_child[2483]] [read_certs] (0x4000): found cert[Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] 702s [p11_child[2483]] [do_verification] (0x0040): X509_verify_cert failed [0]. 702s [p11_child[2483]] [do_verification] (0x0040): X509_verify_cert failed [20][unable to get local issuer certificate]. 702s [p11_child[2483]] [read_certs] (0x0040): Certificate [Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] not valid, skipping. 702s [p11_child[2483]] [do_card] (0x4000): No certificate found. 702s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-nb8LhS/SSSD-child-23524.output 702s + return 2 702s + valid_certificate /tmp/sssd-softhsm2-nb8LhS/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-20200 /tmp/sssd-softhsm2-nb8LhS/test-sub-intermediate-CA.pem partial_chain 702s + check_certificate /tmp/sssd-softhsm2-nb8LhS/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-20200 /tmp/sssd-softhsm2-nb8LhS/test-sub-intermediate-CA.pem partial_chain 702s + local certificate=/tmp/sssd-softhsm2-nb8LhS/test-sub-intermediate-CA-trusted-certificate-0001.pem 702s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-20200 702s + local key_ring=/tmp/sssd-softhsm2-nb8LhS/test-sub-intermediate-CA.pem 702s + local verify_option=partial_chain 702s + prepare_softhsm2_card /tmp/sssd-softhsm2-nb8LhS/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-20200 702s + local certificate=/tmp/sssd-softhsm2-nb8LhS/test-sub-intermediate-CA-trusted-certificate-0001.pem 702s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-20200 702s + local key_cn 702s + local key_name 702s + local tokens_dir 702s + local output_cert_file 702s + token_name= 702s ++ basename /tmp/sssd-softhsm2-nb8LhS/test-sub-intermediate-CA-trusted-certificate-0001.pem .pem 702s + key_name=test-sub-intermediate-CA-trusted-certificate-0001 702s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-nb8LhS/test-sub-intermediate-CA-trusted-certificate-0001.pem 702s ++ sed -n 's/ *commonName *= //p' 703s + key_cn='Test Organization Sub Intermediate Trusted Certificate 0001' 703s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 703s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-nb8LhS/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 703s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-nb8LhS/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 703s ++ basename /tmp/sssd-softhsm2-nb8LhS/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf .conf 703s + tokens_dir=/tmp/sssd-softhsm2-nb8LhS/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 703s + token_name='Test Organization Sub Int Token' 703s + '[' '!' -e /tmp/sssd-softhsm2-nb8LhS/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf ']' 703s + '[' '!' -d /tmp/sssd-softhsm2-nb8LhS/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 ']' 703s + echo 'Test Organization Sub Int Token' 703s + '[' -n partial_chain ']' 703s + local verify_arg=--verify=partial_chain 703s + local output_base_name=SSSD-child-11783 703s Test Organization Sub Int Token 703s + local output_file=/tmp/sssd-softhsm2-nb8LhS/SSSD-child-11783.output 703s + output_cert_file=/tmp/sssd-softhsm2-nb8LhS/SSSD-child-11783.pem 703s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so --verify=partial_chain --ca_db=/tmp/sssd-softhsm2-nb8LhS/test-sub-intermediate-CA.pem 703s [p11_child[2490]] [main] (0x0400): p11_child started. 703s [p11_child[2490]] [main] (0x2000): Running in [pre-auth] mode. 703s [p11_child[2490]] [main] (0x2000): Running with effective IDs: [0][0]. 703s [p11_child[2490]] [main] (0x2000): Running with real IDs [0][0]. 703s [p11_child[2490]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 703s [p11_child[2490]] [do_card] (0x4000): Module List: 703s [p11_child[2490]] [do_card] (0x4000): common name: [softhsm2]. 703s [p11_child[2490]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 703s [p11_child[2490]] [do_card] (0x4000): Description [SoftHSM slot ID 0x6b8d7287] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 703s [p11_child[2490]] [do_card] (0x4000): Token label [Test Organization Sub Int Token]. 703s [p11_child[2490]] [do_card] (0x4000): Found [Test Organization Sub Int Token] in slot [SoftHSM slot ID 0x6b8d7287][1804432007] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 703s [p11_child[2490]] [do_card] (0x4000): Login NOT required. 703s [p11_child[2490]] [read_certs] (0x4000): found cert[Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] 703s [p11_child[2490]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 703s [p11_child[2490]] [do_card] (0x4000): /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so (null) Test Organization Sub Int Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 703s [p11_child[2490]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x6b8d7287;slot-manufacturer=SoftHSM%20project;slot-id=1804432007;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=1927d569eb8d7287;token=Test%20Organization%20Sub%20Int%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Sub%20Intermediate%20Trusted%20Certificate%200001;type=cert. 703s [p11_child[2490]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 703s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-nb8LhS/SSSD-child-11783.output 703s + echo '-----BEGIN CERTIFICATE-----' 703s + tail -n1 /tmp/sssd-softhsm2-nb8LhS/SSSD-child-11783.output 703s + echo '-----END CERTIFICATE-----' 703s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-nb8LhS/SSSD-child-11783.pem 703s Certificate: 703s Data: 703s Version: 3 (0x2) 703s Serial Number: 5 (0x5) 703s Signature Algorithm: sha256WithRSAEncryption 703s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate CA 703s Validity 703s Not Before: Nov 15 21:18:36 2024 GMT 703s Not After : Nov 15 21:18:36 2025 GMT 703s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate Trusted Certificate 0001 703s Subject Public Key Info: 703s Public Key Algorithm: rsaEncryption 703s Public-Key: (1024 bit) 703s Modulus: 703s 00:b3:2e:9b:de:fe:f6:7d:32:ff:f3:2d:ab:2a:39: 703s 8b:d5:80:b7:50:a0:e3:43:07:03:e4:82:1f:0b:87: 703s 48:76:7b:e9:20:c5:50:5b:db:fd:30:8e:36:5a:05: 703s 7e:ce:e8:c5:81:16:6e:d2:4e:13:36:3a:59:4a:f8: 703s 78:72:41:52:61:a9:c2:8c:7c:6b:80:ba:4a:51:ea: 703s 96:7a:31:8f:da:e1:d6:eb:68:26:b1:6a:91:29:20: 703s 86:72:8f:a4:49:c3:56:82:bc:a0:c7:b1:66:f8:5e: 703s 61:13:03:ca:75:dc:39:28:e9:f3:7b:d4:91:80:03: 703s 55:c8:a9:87:9e:45:fc:5a:b3 703s Exponent: 65537 (0x10001) 703s X509v3 extensions: 703s X509v3 Authority Key Identifier: 703s 3D:3A:72:A2:57:57:9F:CD:0C:0D:EC:4D:DB:C0:0C:C1:86:F2:56:AF 703s X509v3 Basic Constraints: 703s CA:FALSE 703s Netscape Cert Type: 703s SSL Client, S/MIME 703s Netscape Comment: 703s Test Organization Sub Intermediate CA trusted Certificate 703s X509v3 Subject Key Identifier: 703s 24:5C:FA:A5:94:9B:53:2C:2B:88:4C:7C:F3:E1:77:E0:49:6E:53:0C 703s X509v3 Key Usage: critical 703s Digital Signature, Non Repudiation, Key Encipherment 703s X509v3 Extended Key Usage: 703s TLS Web Client Authentication, E-mail Protection 703s X509v3 Subject Alternative Name: 703s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 703s Signature Algorithm: sha256WithRSAEncryption 703s Signature Value: 703s 13:a4:e2:b6:15:3d:1e:de:92:c7:1c:26:73:20:46:e7:23:83: 703s 3d:82:ba:0f:64:68:f6:9a:f1:83:98:e6:30:78:03:7c:f7:e0: 703s a5:fb:3c:57:b5:e8:d6:21:4c:fd:af:72:ba:5b:56:f1:be:83: 703s 5b:94:6a:db:79:c0:38:0e:c3:3e:66:26:3b:1f:49:49:02:78: 703s 0a:2c:f0:35:ab:3b:39:de:c5:b4:e5:2b:90:9e:c8:76:1c:86: 703s ca:79:3e:f7:10:c1:d4:eb:4a:dc:6c:06:fb:80:d3:0f:a5:20: 703s 47:6b:88:d4:5f:cc:45:28:32:2a:f8:96:a5:74:2f:c6:79:a3: 703s 0b:37 703s + local found_md5 expected_md5 703s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-nb8LhS/test-sub-intermediate-CA-trusted-certificate-0001.pem 703s + expected_md5=Modulus=B32E9BDEFEF67D32FFF32DAB2A398BD580B750A0E3430703E4821F0B8748767BE920C5505BDBFD308E365A057ECEE8C581166ED24E13363A594AF87872415261A9C28C7C6B80BA4A51EA967A318FDAE1D6EB6826B16A91292086728FA449C35682BCA0C7B166F85E611303CA75DC3928E9F37BD491800355C8A9879E45FC5AB3 703s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-nb8LhS/SSSD-child-11783.pem 703s + found_md5=Modulus=B32E9BDEFEF67D32FFF32DAB2A398BD580B750A0E3430703E4821F0B8748767BE920C5505BDBFD308E365A057ECEE8C581166ED24E13363A594AF87872415261A9C28C7C6B80BA4A51EA967A318FDAE1D6EB6826B16A91292086728FA449C35682BCA0C7B166F85E611303CA75DC3928E9F37BD491800355C8A9879E45FC5AB3 703s + '[' Modulus=B32E9BDEFEF67D32FFF32DAB2A398BD580B750A0E3430703E4821F0B8748767BE920C5505BDBFD308E365A057ECEE8C581166ED24E13363A594AF87872415261A9C28C7C6B80BA4A51EA967A318FDAE1D6EB6826B16A91292086728FA449C35682BCA0C7B166F85E611303CA75DC3928E9F37BD491800355C8A9879E45FC5AB3 '!=' Modulus=B32E9BDEFEF67D32FFF32DAB2A398BD580B750A0E3430703E4821F0B8748767BE920C5505BDBFD308E365A057ECEE8C581166ED24E13363A594AF87872415261A9C28C7C6B80BA4A51EA967A318FDAE1D6EB6826B16A91292086728FA449C35682BCA0C7B166F85E611303CA75DC3928E9F37BD491800355C8A9879E45FC5AB3 ']' 703s + output_file=/tmp/sssd-softhsm2-nb8LhS/SSSD-child-11783-auth.output 703s ++ basename /tmp/sssd-softhsm2-nb8LhS/SSSD-child-11783-auth.output .output 703s + output_cert_file=/tmp/sssd-softhsm2-nb8LhS/SSSD-child-11783-auth.pem 703s + echo -n 053350 703s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/tmp/sssd-softhsm2-nb8LhS/test-sub-intermediate-CA.pem --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 --verify=partial_chain --token_name 'Test Organization Sub Int Token' --module_name /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so 703s [p11_child[2498]] [main] (0x0400): p11_child started. 703s [p11_child[2498]] [main] (0x2000): Running in [auth] mode. 703s [p11_child[2498]] [main] (0x2000): Running with effective IDs: [0][0]. 703s [p11_child[2498]] [main] (0x2000): Running with real IDs [0][0]. 703s [p11_child[2498]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 703s [p11_child[2498]] [do_card] (0x4000): Module List: 703s [p11_child[2498]] [do_card] (0x4000): common name: [softhsm2]. 703s [p11_child[2498]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 703s [p11_child[2498]] [do_card] (0x4000): Description [SoftHSM slot ID 0x6b8d7287] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 703s [p11_child[2498]] [do_card] (0x4000): Token label [Test Organization Sub Int Token]. 703s [p11_child[2498]] [do_card] (0x4000): Found [Test Organization Sub Int Token] in slot [SoftHSM slot ID 0x6b8d7287][1804432007] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 703s [p11_child[2498]] [do_card] (0x4000): Login required. 703s [p11_child[2498]] [read_certs] (0x4000): found cert[Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] 703s [p11_child[2498]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 703s [p11_child[2498]] [do_card] (0x4000): /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so Test Organization Sub Int Token Test Organization Sub Int Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 703s [p11_child[2498]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x6b8d7287;slot-manufacturer=SoftHSM%20project;slot-id=1804432007;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=1927d569eb8d7287;token=Test%20Organization%20Sub%20Int%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Sub%20Intermediate%20Trusted%20Certificate%200001;type=cert. 703s [p11_child[2498]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 703s [p11_child[2498]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 703s [p11_child[2498]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 703s [p11_child[2498]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 703s [p11_child[2498]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 703s [p11_child[2498]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 703s [p11_child[2498]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 703s [p11_child[2498]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 703s [p11_child[2498]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 703s [p11_child[2498]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 703s [p11_child[2498]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 703s [p11_child[2498]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 703s [p11_child[2498]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 703s [p11_child[2498]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 703s [p11_child[2498]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 703s [p11_child[2498]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 703s [p11_child[2498]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 703s [p11_child[2498]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 703s [p11_child[2498]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 703s [p11_child[2498]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 703s [p11_child[2498]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 703s [p11_child[2498]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 703s [p11_child[2498]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 703s [p11_child[2498]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 703s [p11_child[2498]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 703s [p11_child[2498]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 703s [p11_child[2498]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 703s [p11_child[2498]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 703s [p11_child[2498]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 703s [p11_child[2498]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 703s [p11_child[2498]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 703s [p11_child[2498]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 703s [p11_child[2498]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 703s [p11_child[2498]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 703s [p11_child[2498]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 703s [p11_child[2498]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 703s [p11_child[2498]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 703s [p11_child[2498]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 703s [p11_child[2498]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 703s [p11_child[2498]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 703s [p11_child[2498]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 703s [p11_child[2498]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 703s [p11_child[2498]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 703s [p11_child[2498]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 703s [p11_child[2498]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 703s [p11_child[2498]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 703s [p11_child[2498]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 703s [p11_child[2498]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 703s [p11_child[2498]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 703s [p11_child[2498]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 703s [p11_child[2498]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 703s [p11_child[2498]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 703s [p11_child[2498]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 703s [p11_child[2498]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 703s [p11_child[2498]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 703s [p11_child[2498]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 703s [p11_child[2498]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 703s [p11_child[2498]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 703s [p11_child[2498]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 703s [p11_child[2498]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 703s [p11_child[2498]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 703s [p11_child[2498]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 703s [p11_child[2498]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 703s [p11_child[2498]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 703s [p11_child[2498]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 703s [p11_child[2498]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 703s [p11_child[2498]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 703s [p11_child[2498]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 703s [p11_child[2498]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 703s [p11_child[2498]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 703s [p11_child[2498]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 703s [p11_child[2498]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 703s [p11_child[2498]] [do_card] (0x4000): Certificate verified and validated. 703s [p11_child[2498]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 703s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-nb8LhS/SSSD-child-11783-auth.output 703s + echo '-----BEGIN CERTIFICATE-----' 703s + tail -n1 /tmp/sssd-softhsm2-nb8LhS/SSSD-child-11783-auth.output 703s + echo '-----END CERTIFICATE-----' 703s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-nb8LhS/SSSD-child-11783-auth.pem 703s Certificate: 703s Data: 703s Version: 3 (0x2) 703s Serial Number: 5 (0x5) 703s Signature Algorithm: sha256WithRSAEncryption 703s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate CA 703s Validity 703s Not Before: Nov 15 21:18:36 2024 GMT 703s Not After : Nov 15 21:18:36 2025 GMT 703s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate Trusted Certificate 0001 703s Subject Public Key Info: 703s Public Key Algorithm: rsaEncryption 703s Public-Key: (1024 bit) 703s Modulus: 703s 00:b3:2e:9b:de:fe:f6:7d:32:ff:f3:2d:ab:2a:39: 703s 8b:d5:80:b7:50:a0:e3:43:07:03:e4:82:1f:0b:87: 703s 48:76:7b:e9:20:c5:50:5b:db:fd:30:8e:36:5a:05: 703s 7e:ce:e8:c5:81:16:6e:d2:4e:13:36:3a:59:4a:f8: 703s 78:72:41:52:61:a9:c2:8c:7c:6b:80:ba:4a:51:ea: 703s 96:7a:31:8f:da:e1:d6:eb:68:26:b1:6a:91:29:20: 703s 86:72:8f:a4:49:c3:56:82:bc:a0:c7:b1:66:f8:5e: 703s 61:13:03:ca:75:dc:39:28:e9:f3:7b:d4:91:80:03: 703s 55:c8:a9:87:9e:45:fc:5a:b3 703s Exponent: 65537 (0x10001) 703s X509v3 extensions: 703s X509v3 Authority Key Identifier: 703s 3D:3A:72:A2:57:57:9F:CD:0C:0D:EC:4D:DB:C0:0C:C1:86:F2:56:AF 703s X509v3 Basic Constraints: 703s CA:FALSE 703s Netscape Cert Type: 703s SSL Client, S/MIME 703s Netscape Comment: 703s Test Organization Sub Intermediate CA trusted Certificate 703s X509v3 Subject Key Identifier: 703s 24:5C:FA:A5:94:9B:53:2C:2B:88:4C:7C:F3:E1:77:E0:49:6E:53:0C 703s X509v3 Key Usage: critical 703s Digital Signature, Non Repudiation, Key Encipherment 703s X509v3 Extended Key Usage: 703s TLS Web Client Authentication, E-mail Protection 703s X509v3 Subject Alternative Name: 703s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 703s Signature Algorithm: sha256WithRSAEncryption 703s Signature Value: 703s 13:a4:e2:b6:15:3d:1e:de:92:c7:1c:26:73:20:46:e7:23:83: 703s 3d:82:ba:0f:64:68:f6:9a:f1:83:98:e6:30:78:03:7c:f7:e0: 703s a5:fb:3c:57:b5:e8:d6:21:4c:fd:af:72:ba:5b:56:f1:be:83: 703s 5b:94:6a:db:79:c0:38:0e:c3:3e:66:26:3b:1f:49:49:02:78: 703s 0a:2c:f0:35:ab:3b:39:de:c5:b4:e5:2b:90:9e:c8:76:1c:86: 703s ca:79:3e:f7:10:c1:d4:eb:4a:dc:6c:06:fb:80:d3:0f:a5:20: 703s 47:6b:88:d4:5f:cc:45:28:32:2a:f8:96:a5:74:2f:c6:79:a3: 703s 0b:37 703s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-nb8LhS/SSSD-child-11783-auth.pem 703s + found_md5=Modulus=B32E9BDEFEF67D32FFF32DAB2A398BD580B750A0E3430703E4821F0B8748767BE920C5505BDBFD308E365A057ECEE8C581166ED24E13363A594AF87872415261A9C28C7C6B80BA4A51EA967A318FDAE1D6EB6826B16A91292086728FA449C35682BCA0C7B166F85E611303CA75DC3928E9F37BD491800355C8A9879E45FC5AB3 703s + '[' Modulus=B32E9BDEFEF67D32FFF32DAB2A398BD580B750A0E3430703E4821F0B8748767BE920C5505BDBFD308E365A057ECEE8C581166ED24E13363A594AF87872415261A9C28C7C6B80BA4A51EA967A318FDAE1D6EB6826B16A91292086728FA449C35682BCA0C7B166F85E611303CA75DC3928E9F37BD491800355C8A9879E45FC5AB3 '!=' Modulus=B32E9BDEFEF67D32FFF32DAB2A398BD580B750A0E3430703E4821F0B8748767BE920C5505BDBFD308E365A057ECEE8C581166ED24E13363A594AF87872415261A9C28C7C6B80BA4A51EA967A318FDAE1D6EB6826B16A91292086728FA449C35682BCA0C7B166F85E611303CA75DC3928E9F37BD491800355C8A9879E45FC5AB3 ']' 703s + valid_certificate /tmp/sssd-softhsm2-nb8LhS/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-20200 /tmp/sssd-softhsm2-nb8LhS/test-intermediate-sub-chain-CA.pem partial_chain 703s + check_certificate /tmp/sssd-softhsm2-nb8LhS/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-20200 /tmp/sssd-softhsm2-nb8LhS/test-intermediate-sub-chain-CA.pem partial_chain 703s + local certificate=/tmp/sssd-softhsm2-nb8LhS/test-sub-intermediate-CA-trusted-certificate-0001.pem 703s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-20200 703s + local key_ring=/tmp/sssd-softhsm2-nb8LhS/test-intermediate-sub-chain-CA.pem 703s + local verify_option=partial_chain 703s + prepare_softhsm2_card /tmp/sssd-softhsm2-nb8LhS/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-20200 703s + local certificate=/tmp/sssd-softhsm2-nb8LhS/test-sub-intermediate-CA-trusted-certificate-0001.pem 703s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-20200 703s + local key_cn 703s + local key_name 703s + local tokens_dir 703s + local output_cert_file 703s + token_name= 703s ++ basename /tmp/sssd-softhsm2-nb8LhS/test-sub-intermediate-CA-trusted-certificate-0001.pem .pem 703s + key_name=test-sub-intermediate-CA-trusted-certificate-0001 703s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-nb8LhS/test-sub-intermediate-CA-trusted-certificate-0001.pem 703s ++ sed -n 's/ *commonName *= //p' 703s + key_cn='Test Organization Sub Intermediate Trusted Certificate 0001' 703s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 703s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-nb8LhS/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 703s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-nb8LhS/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 703s ++ basename /tmp/sssd-softhsm2-nb8LhS/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf .conf 703s Test Organization Sub Int Token 703s + tokens_dir=/tmp/sssd-softhsm2-nb8LhS/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 703s + token_name='Test Organization Sub Int Token' 703s + '[' '!' -e /tmp/sssd-softhsm2-nb8LhS/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf ']' 703s + '[' '!' -d /tmp/sssd-softhsm2-nb8LhS/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 ']' 703s + echo 'Test Organization Sub Int Token' 703s + '[' -n partial_chain ']' 703s + local verify_arg=--verify=partial_chain 703s + local output_base_name=SSSD-child-29020 703s + local output_file=/tmp/sssd-softhsm2-nb8LhS/SSSD-child-29020.output 703s + output_cert_file=/tmp/sssd-softhsm2-nb8LhS/SSSD-child-29020.pem 703s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so --verify=partial_chain --ca_db=/tmp/sssd-softhsm2-nb8LhS/test-intermediate-sub-chain-CA.pem 703s [p11_child[2508]] [main] (0x0400): p11_child started. 703s [p11_child[2508]] [main] (0x2000): Running in [pre-auth] mode. 703s [p11_child[2508]] [main] (0x2000): Running with effective IDs: [0][0]. 703s [p11_child[2508]] [main] (0x2000): Running with real IDs [0][0]. 703s [p11_child[2508]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 703s [p11_child[2508]] [do_card] (0x4000): Module List: 703s [p11_child[2508]] [do_card] (0x4000): common name: [softhsm2]. 703s [p11_child[2508]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 703s [p11_child[2508]] [do_card] (0x4000): Description [SoftHSM slot ID 0x6b8d7287] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 703s [p11_child[2508]] [do_card] (0x4000): Token label [Test Organization Sub Int Token]. 703s [p11_child[2508]] [do_card] (0x4000): Found [Test Organization Sub Int Token] in slot [SoftHSM slot ID 0x6b8d7287][1804432007] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 703s [p11_child[2508]] [do_card] (0x4000): Login NOT required. 703s [p11_child[2508]] [read_certs] (0x4000): found cert[Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] 703s [p11_child[2508]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 703s [p11_child[2508]] [do_card] (0x4000): /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so (null) Test Organization Sub Int Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 703s [p11_child[2508]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x6b8d7287;slot-manufacturer=SoftHSM%20project;slot-id=1804432007;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=1927d569eb8d7287;token=Test%20Organization%20Sub%20Int%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Sub%20Intermediate%20Trusted%20Certificate%200001;type=cert. 703s [p11_child[2508]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 703s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-nb8LhS/SSSD-child-29020.output 703s + echo '-----BEGIN CERTIFICATE-----' 703s + tail -n1 /tmp/sssd-softhsm2-nb8LhS/SSSD-child-29020.output 703s + echo '-----END CERTIFICATE-----' 703s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-nb8LhS/SSSD-child-29020.pem 703s Certificate: 703s Data: 703s Version: 3 (0x2) 703s Serial Number: 5 (0x5) 703s Signature Algorithm: sha256WithRSAEncryption 703s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate CA 703s Validity 703s Not Before: Nov 15 21:18:36 2024 GMT 703s Not After : Nov 15 21:18:36 2025 GMT 703s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate Trusted Certificate 0001 703s Subject Public Key Info: 703s Public Key Algorithm: rsaEncryption 703s Public-Key: (1024 bit) 703s Modulus: 703s 00:b3:2e:9b:de:fe:f6:7d:32:ff:f3:2d:ab:2a:39: 703s 8b:d5:80:b7:50:a0:e3:43:07:03:e4:82:1f:0b:87: 703s 48:76:7b:e9:20:c5:50:5b:db:fd:30:8e:36:5a:05: 703s 7e:ce:e8:c5:81:16:6e:d2:4e:13:36:3a:59:4a:f8: 703s 78:72:41:52:61:a9:c2:8c:7c:6b:80:ba:4a:51:ea: 703s 96:7a:31:8f:da:e1:d6:eb:68:26:b1:6a:91:29:20: 703s 86:72:8f:a4:49:c3:56:82:bc:a0:c7:b1:66:f8:5e: 703s 61:13:03:ca:75:dc:39:28:e9:f3:7b:d4:91:80:03: 703s 55:c8:a9:87:9e:45:fc:5a:b3 703s Exponent: 65537 (0x10001) 703s X509v3 extensions: 703s X509v3 Authority Key Identifier: 703s 3D:3A:72:A2:57:57:9F:CD:0C:0D:EC:4D:DB:C0:0C:C1:86:F2:56:AF 703s X509v3 Basic Constraints: 703s CA:FALSE 703s Netscape Cert Type: 703s SSL Client, S/MIME 703s Netscape Comment: 703s Test Organization Sub Intermediate CA trusted Certificate 703s X509v3 Subject Key Identifier: 703s 24:5C:FA:A5:94:9B:53:2C:2B:88:4C:7C:F3:E1:77:E0:49:6E:53:0C 703s X509v3 Key Usage: critical 703s Digital Signature, Non Repudiation, Key Encipherment 703s X509v3 Extended Key Usage: 703s TLS Web Client Authentication, E-mail Protection 703s X509v3 Subject Alternative Name: 703s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 703s Signature Algorithm: sha256WithRSAEncryption 703s Signature Value: 703s 13:a4:e2:b6:15:3d:1e:de:92:c7:1c:26:73:20:46:e7:23:83: 703s 3d:82:ba:0f:64:68:f6:9a:f1:83:98:e6:30:78:03:7c:f7:e0: 703s a5:fb:3c:57:b5:e8:d6:21:4c:fd:af:72:ba:5b:56:f1:be:83: 703s 5b:94:6a:db:79:c0:38:0e:c3:3e:66:26:3b:1f:49:49:02:78: 703s 0a:2c:f0:35:ab:3b:39:de:c5:b4:e5:2b:90:9e:c8:76:1c:86: 703s ca:79:3e:f7:10:c1:d4:eb:4a:dc:6c:06:fb:80:d3:0f:a5:20: 703s 47:6b:88:d4:5f:cc:45:28:32:2a:f8:96:a5:74:2f:c6:79:a3: 703s 0b:37 703s + local found_md5 expected_md5 703s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-nb8LhS/test-sub-intermediate-CA-trusted-certificate-0001.pem 703s + expected_md5=Modulus=B32E9BDEFEF67D32FFF32DAB2A398BD580B750A0E3430703E4821F0B8748767BE920C5505BDBFD308E365A057ECEE8C581166ED24E13363A594AF87872415261A9C28C7C6B80BA4A51EA967A318FDAE1D6EB6826B16A91292086728FA449C35682BCA0C7B166F85E611303CA75DC3928E9F37BD491800355C8A9879E45FC5AB3 703s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-nb8LhS/SSSD-child-29020.pem 703s + found_md5=Modulus=B32E9BDEFEF67D32FFF32DAB2A398BD580B750A0E3430703E4821F0B8748767BE920C5505BDBFD308E365A057ECEE8C581166ED24E13363A594AF87872415261A9C28C7C6B80BA4A51EA967A318FDAE1D6EB6826B16A91292086728FA449C35682BCA0C7B166F85E611303CA75DC3928E9F37BD491800355C8A9879E45FC5AB3 703s + '[' Modulus=B32E9BDEFEF67D32FFF32DAB2A398BD580B750A0E3430703E4821F0B8748767BE920C5505BDBFD308E365A057ECEE8C581166ED24E13363A594AF87872415261A9C28C7C6B80BA4A51EA967A318FDAE1D6EB6826B16A91292086728FA449C35682BCA0C7B166F85E611303CA75DC3928E9F37BD491800355C8A9879E45FC5AB3 '!=' Modulus=B32E9BDEFEF67D32FFF32DAB2A398BD580B750A0E3430703E4821F0B8748767BE920C5505BDBFD308E365A057ECEE8C581166ED24E13363A594AF87872415261A9C28C7C6B80BA4A51EA967A318FDAE1D6EB6826B16A91292086728FA449C35682BCA0C7B166F85E611303CA75DC3928E9F37BD491800355C8A9879E45FC5AB3 ']' 703s + output_file=/tmp/sssd-softhsm2-nb8LhS/SSSD-child-29020-auth.output 703s ++ basename /tmp/sssd-softhsm2-nb8LhS/SSSD-child-29020-auth.output .output 703s + output_cert_file=/tmp/sssd-softhsm2-nb8LhS/SSSD-child-29020-auth.pem 703s + echo -n 053350 703s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/tmp/sssd-softhsm2-nb8LhS/test-intermediate-sub-chain-CA.pem --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 --verify=partial_chain --token_name 'Test Organization Sub Int Token' --module_name /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so 703s [p11_child[2516]] [main] (0x0400): p11_child started. 703s [p11_child[2516]] [main] (0x2000): Running in [auth] mode. 703s [p11_child[2516]] [main] (0x2000): Running with effective IDs: [0][0]. 703s [p11_child[2516]] [main] (0x2000): Running with real IDs [0][0]. 703s [p11_child[2516]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 703s [p11_child[2516]] [do_card] (0x4000): Module List: 703s [p11_child[2516]] [do_card] (0x4000): common name: [softhsm2]. 703s [p11_child[2516]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 703s [p11_child[2516]] [do_card] (0x4000): Description [SoftHSM slot ID 0x6b8d7287] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 703s [p11_child[2516]] [do_card] (0x4000): Token label [Test Organization Sub Int Token]. 703s [p11_child[2516]] [do_card] (0x4000): Found [Test Organization Sub Int Token] in slot [SoftHSM slot ID 0x6b8d7287][1804432007] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 703s [p11_child[2516]] [do_card] (0x4000): Login required. 703s [p11_child[2516]] [read_certs] (0x4000): found cert[Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] 703s [p11_child[2516]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 703s [p11_child[2516]] [do_card] (0x4000): /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so Test Organization Sub Int Token Test Organization Sub Int Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 703s [p11_child[2516]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x6b8d7287;slot-manufacturer=SoftHSM%20project;slot-id=1804432007;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=1927d569eb8d7287;token=Test%20Organization%20Sub%20Int%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Sub%20Intermediate%20Trusted%20Certificate%200001;type=cert. 703s [p11_child[2516]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 703s [p11_child[2516]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 703s [p11_child[2516]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 703s [p11_child[2516]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 703s [p11_child[2516]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 703s [p11_child[2516]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 703s [p11_child[2516]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 703s [p11_child[2516]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 703s [p11_child[2516]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 703s [p11_child[2516]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 703s [p11_child[2516]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 703s [p11_child[2516]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 703s [p11_child[2516]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 703s [p11_child[2516]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 703s [p11_child[2516]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 703s [p11_child[2516]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 703s [p11_child[2516]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 703s [p11_child[2516]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 703s [p11_child[2516]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 703s [p11_child[2516]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 703s [p11_child[2516]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 703s [p11_child[2516]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 703s [p11_child[2516]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 703s [p11_child[2516]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 703s [p11_child[2516]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 703s [p11_child[2516]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 703s [p11_child[2516]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 703s [p11_child[2516]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 703s [p11_child[2516]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 703s [p11_child[2516]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 703s [p11_child[2516]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 703s [p11_child[2516]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 703s [p11_child[2516]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 703s [p11_child[2516]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 703s [p11_child[2516]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 703s [p11_child[2516]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 703s [p11_child[2516]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 703s [p11_child[2516]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 703s [p11_child[2516]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 703s [p11_child[2516]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 703s [p11_child[2516]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 703s [p11_child[2516]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 703s [p11_child[2516]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 703s [p11_child[2516]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 703s [p11_child[2516]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 703s [p11_child[2516]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 703s [p11_child[2516]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 703s [p11_child[2516]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 703s [p11_child[2516]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 703s [p11_child[2516]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 703s [p11_child[2516]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 703s [p11_child[2516]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 703s [p11_child[2516]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 703s [p11_child[2516]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 703s [p11_child[2516]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 703s [p11_child[2516]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 703s [p11_child[2516]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 703s [p11_child[2516]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 703s [p11_child[2516]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 703s [p11_child[2516]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 703s [p11_child[2516]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 703s [p11_child[2516]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 703s [p11_child[2516]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 703s [p11_child[2516]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 703s [p11_child[2516]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 703s [p11_child[2516]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 703s [p11_child[2516]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 703s [p11_child[2516]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 703s [p11_child[2516]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 703s [p11_child[2516]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 703s [p11_child[2516]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 703s [p11_child[2516]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 703s [p11_child[2516]] [do_card] (0x4000): Certificate verified and validated. 703s [p11_child[2516]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 703s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-nb8LhS/SSSD-child-29020-auth.output 703s + echo '-----BEGIN CERTIFICATE-----' 703s + tail -n1 /tmp/sssd-softhsm2-nb8LhS/SSSD-child-29020-auth.output 703s + echo '-----END CERTIFICATE-----' 703s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-nb8LhS/SSSD-child-29020-auth.pem 703s Certificate: 703s Data: 703s Version: 3 (0x2) 703s Serial Number: 5 (0x5) 703s Signature Algorithm: sha256WithRSAEncryption 703s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate CA 703s Validity 703s Not Before: Nov 15 21:18:36 2024 GMT 703s Not After : Nov 15 21:18:36 2025 GMT 703s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate Trusted Certificate 0001 703s Subject Public Key Info: 703s Public Key Algorithm: rsaEncryption 703s Public-Key: (1024 bit) 703s Modulus: 703s 00:b3:2e:9b:de:fe:f6:7d:32:ff:f3:2d:ab:2a:39: 703s 8b:d5:80:b7:50:a0:e3:43:07:03:e4:82:1f:0b:87: 703s 48:76:7b:e9:20:c5:50:5b:db:fd:30:8e:36:5a:05: 703s 7e:ce:e8:c5:81:16:6e:d2:4e:13:36:3a:59:4a:f8: 703s 78:72:41:52:61:a9:c2:8c:7c:6b:80:ba:4a:51:ea: 703s 96:7a:31:8f:da:e1:d6:eb:68:26:b1:6a:91:29:20: 703s 86:72:8f:a4:49:c3:56:82:bc:a0:c7:b1:66:f8:5e: 703s 61:13:03:ca:75:dc:39:28:e9:f3:7b:d4:91:80:03: 703s 55:c8:a9:87:9e:45:fc:5a:b3 703s Exponent: 65537 (0x10001) 703s X509v3 extensions: 703s X509v3 Authority Key Identifier: 703s 3D:3A:72:A2:57:57:9F:CD:0C:0D:EC:4D:DB:C0:0C:C1:86:F2:56:AF 703s X509v3 Basic Constraints: 703s CA:FALSE 703s Netscape Cert Type: 703s SSL Client, S/MIME 703s Netscape Comment: 703s Test Organization Sub Intermediate CA trusted Certificate 703s X509v3 Subject Key Identifier: 703s 24:5C:FA:A5:94:9B:53:2C:2B:88:4C:7C:F3:E1:77:E0:49:6E:53:0C 703s X509v3 Key Usage: critical 703s Digital Signature, Non Repudiation, Key Encipherment 703s X509v3 Extended Key Usage: 703s TLS Web Client Authentication, E-mail Protection 703s X509v3 Subject Alternative Name: 703s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 703s Signature Algorithm: sha256WithRSAEncryption 703s Signature Value: 703s 13:a4:e2:b6:15:3d:1e:de:92:c7:1c:26:73:20:46:e7:23:83: 703s 3d:82:ba:0f:64:68:f6:9a:f1:83:98:e6:30:78:03:7c:f7:e0: 703s a5:fb:3c:57:b5:e8:d6:21:4c:fd:af:72:ba:5b:56:f1:be:83: 703s 5b:94:6a:db:79:c0:38:0e:c3:3e:66:26:3b:1f:49:49:02:78: 703s 0a:2c:f0:35:ab:3b:39:de:c5:b4:e5:2b:90:9e:c8:76:1c:86: 703s ca:79:3e:f7:10:c1:d4:eb:4a:dc:6c:06:fb:80:d3:0f:a5:20: 703s 47:6b:88:d4:5f:cc:45:28:32:2a:f8:96:a5:74:2f:c6:79:a3: 703s 0b:37 703s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-nb8LhS/SSSD-child-29020-auth.pem 703s 703s Test completed, Root CA and intermediate issued certificates verified! 703s + found_md5=Modulus=B32E9BDEFEF67D32FFF32DAB2A398BD580B750A0E3430703E4821F0B8748767BE920C5505BDBFD308E365A057ECEE8C581166ED24E13363A594AF87872415261A9C28C7C6B80BA4A51EA967A318FDAE1D6EB6826B16A91292086728FA449C35682BCA0C7B166F85E611303CA75DC3928E9F37BD491800355C8A9879E45FC5AB3 703s + '[' Modulus=B32E9BDEFEF67D32FFF32DAB2A398BD580B750A0E3430703E4821F0B8748767BE920C5505BDBFD308E365A057ECEE8C581166ED24E13363A594AF87872415261A9C28C7C6B80BA4A51EA967A318FDAE1D6EB6826B16A91292086728FA449C35682BCA0C7B166F85E611303CA75DC3928E9F37BD491800355C8A9879E45FC5AB3 '!=' Modulus=B32E9BDEFEF67D32FFF32DAB2A398BD580B750A0E3430703E4821F0B8748767BE920C5505BDBFD308E365A057ECEE8C581166ED24E13363A594AF87872415261A9C28C7C6B80BA4A51EA967A318FDAE1D6EB6826B16A91292086728FA449C35682BCA0C7B166F85E611303CA75DC3928E9F37BD491800355C8A9879E45FC5AB3 ']' 703s + set +x 703s autopkgtest [21:18:41]: test sssd-softhism2-certificates-tests.sh: -----------------------] 704s autopkgtest [21:18:42]: test sssd-softhism2-certificates-tests.sh: - - - - - - - - - - results - - - - - - - - - - 704s sssd-softhism2-certificates-tests.sh PASS 704s autopkgtest [21:18:42]: test sssd-smart-card-pam-auth-configs: preparing testbed 706s Reading package lists... 706s Building dependency tree... 706s Reading state information... 706s Starting pkgProblemResolver with broken count: 0 706s Starting 2 pkgProblemResolver with broken count: 0 706s Done 707s The following additional packages will be installed: 707s pamtester 707s The following NEW packages will be installed: 707s autopkgtest-satdep pamtester 707s 0 upgraded, 2 newly installed, 0 to remove and 0 not upgraded. 707s Need to get 12.3 kB/13.0 kB of archives. 707s After this operation, 36.9 kB of additional disk space will be used. 707s Get:1 /tmp/autopkgtest.HpidOX/4-autopkgtest-satdep.deb autopkgtest-satdep arm64 0 [760 B] 707s Get:2 http://ftpmaster.internal/ubuntu noble/universe arm64 pamtester arm64 0.1.2-4 [12.3 kB] 708s Fetched 12.3 kB in 0s (73.0 kB/s) 708s Selecting previously unselected package pamtester. 708s (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 78718 files and directories currently installed.) 708s Preparing to unpack .../pamtester_0.1.2-4_arm64.deb ... 708s Unpacking pamtester (0.1.2-4) ... 708s Selecting previously unselected package autopkgtest-satdep. 708s Preparing to unpack .../4-autopkgtest-satdep.deb ... 708s Unpacking autopkgtest-satdep (0) ... 708s Setting up pamtester (0.1.2-4) ... 708s Setting up autopkgtest-satdep (0) ... 708s Processing triggers for man-db (2.12.0-4build2) ... 712s (Reading database ... 78724 files and directories currently installed.) 712s Removing autopkgtest-satdep (0) ... 712s autopkgtest [21:18:50]: test sssd-smart-card-pam-auth-configs: env OFFLINE_MODE=1 bash debian/tests/sssd-smart-card-pam-auth-configs-tester.sh 712s autopkgtest [21:18:50]: test sssd-smart-card-pam-auth-configs: [----------------------- 712s + '[' -z ubuntu ']' 712s + export DEBIAN_FRONTEND=noninteractive 712s + DEBIAN_FRONTEND=noninteractive 712s + required_tools=(pamtester softhsm2-util sssd) 712s + [[ ! -v OFFLINE_MODE ]] 712s + for cmd in "${required_tools[@]}" 712s + command -v pamtester 712s + for cmd in "${required_tools[@]}" 712s + command -v softhsm2-util 712s + for cmd in "${required_tools[@]}" 712s + command -v sssd 712s + PIN=123456 712s ++ mktemp -d -t sssd-softhsm2-certs-XXXXXX 712s + tmpdir=/tmp/sssd-softhsm2-certs-xx7KV9 712s + backupsdir= 712s + alternative_pam_configs=(sss-smart-card-optional sss-smart-card-required) 712s + declare -a restore_paths 712s + declare -a delete_paths 712s + trap handle_exit EXIT 712s ++ dirname debian/tests/sssd-smart-card-pam-auth-configs-tester.sh 712s + tester=debian/tests/sssd-softhism2-certificates-tests.sh 712s + '[' '!' -e debian/tests/sssd-softhism2-certificates-tests.sh ']' 712s + '[' '!' -e debian/tests/sssd-softhism2-certificates-tests.sh ']' 712s + export PIN TEST_TMPDIR=/tmp/sssd-softhsm2-certs-xx7KV9 GENERATE_SMART_CARDS=1 KEEP_TEMPORARY_FILES=1 NO_SSSD_TESTS=1 712s + TEST_TMPDIR=/tmp/sssd-softhsm2-certs-xx7KV9 712s + GENERATE_SMART_CARDS=1 712s + KEEP_TEMPORARY_FILES=1 712s + NO_SSSD_TESTS=1 712s + bash debian/tests/sssd-softhism2-certificates-tests.sh 712s + '[' -z ubuntu ']' 712s + required_tools=(p11tool openssl softhsm2-util) 712s + for cmd in "${required_tools[@]}" 712s + command -v p11tool 712s + for cmd in "${required_tools[@]}" 712s + command -v openssl 712s + for cmd in "${required_tools[@]}" 712s + command -v softhsm2-util 712s + PIN=123456 712s +++ find /usr/lib/softhsm/libsofthsm2.so 712s +++ head -n 1 712s ++ realpath /usr/lib/softhsm/libsofthsm2.so 712s + SOFTHSM2_MODULE=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so 712s + SSSD_P11_CHILD=/usr/libexec/sssd/p11_child 712s + TOKEN_ID=00112233445566778899FFAABBCCDDEEFF012345 712s + '[' '!' -v NO_SSSD_TESTS ']' 712s + '[' '!' -e /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so ']' 712s + tmpdir=/tmp/sssd-softhsm2-certs-xx7KV9 712s + keys_size=1024 712s + [[ ! -v KEEP_TEMPORARY_FILES ]] 712s + trap 'set +x; echo -e "\nUnexpected failure!!!"' ERR 712s + echo -n 01 712s + touch /tmp/sssd-softhsm2-certs-xx7KV9/index.txt 712s + mkdir -p /tmp/sssd-softhsm2-certs-xx7KV9/new_certs 712s + cat 712s + root_ca_key_pass=pass:random-root-CA-password-28931 712s + openssl genrsa -aes256 -out /tmp/sssd-softhsm2-certs-xx7KV9/test-root-CA-key.pem -passout pass:random-root-CA-password-28931 1024 712s + openssl req -passin pass:random-root-CA-password-28931 -batch -config /tmp/sssd-softhsm2-certs-xx7KV9/test-root-CA.config -x509 -new -nodes -key /tmp/sssd-softhsm2-certs-xx7KV9/test-root-CA-key.pem -sha256 -days 1024 -set_serial 0 -extensions v3_ca -out /tmp/sssd-softhsm2-certs-xx7KV9/test-root-CA.pem 712s + openssl x509 -noout -in /tmp/sssd-softhsm2-certs-xx7KV9/test-root-CA.pem 713s + cat 713s + intermediate_ca_key_pass=pass:random-intermediate-CA-password-9255 713s + openssl genrsa -aes256 -out /tmp/sssd-softhsm2-certs-xx7KV9/test-intermediate-CA-key.pem -passout pass:random-intermediate-CA-password-9255 1024 713s + openssl req -batch -new -nodes -passin pass:random-intermediate-CA-password-9255 -config /tmp/sssd-softhsm2-certs-xx7KV9/test-intermediate-CA.config -key /tmp/sssd-softhsm2-certs-xx7KV9/test-intermediate-CA-key.pem -passout pass:random-root-CA-password-28931 -sha256 -extensions v3_ca -out /tmp/sssd-softhsm2-certs-xx7KV9/test-intermediate-CA-certificate-request.pem 713s + openssl req -text -noout -in /tmp/sssd-softhsm2-certs-xx7KV9/test-intermediate-CA-certificate-request.pem 713s Certificate Request: 713s Data: 713s Version: 1 (0x0) 713s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate CA 713s Subject Public Key Info: 713s Public Key Algorithm: rsaEncryption 713s Public-Key: (1024 bit) 713s Modulus: 713s 00:a5:17:dc:f6:d3:d6:da:37:58:1d:a8:0a:e1:42: 713s 24:54:d9:ad:95:5e:7a:52:9f:9e:23:1f:12:ac:d1: 713s b3:c6:bb:c2:b3:58:bf:6f:0c:2a:b4:b7:43:1f:17: 713s a4:94:53:b9:ec:58:b7:81:0d:f1:d5:ca:7c:54:58: 713s df:3e:93:c3:ab:f4:b0:de:d8:76:c8:be:53:99:23: 713s 3e:d6:fc:ec:90:6d:d3:0e:cb:28:27:1e:be:bf:21: 713s f2:66:f6:4f:c2:13:fb:6d:ee:11:db:e2:15:2e:00: 713s f1:2c:37:2f:ea:f4:33:f9:da:b2:80:b7:75:7a:95: 713s b6:2f:d2:4e:10:ad:b5:fa:5f 713s Exponent: 65537 (0x10001) 713s Attributes: 713s (none) 713s Requested Extensions: 713s Signature Algorithm: sha256WithRSAEncryption 713s Signature Value: 713s 38:d3:20:35:5c:4e:ec:d5:ca:a1:4f:e9:7a:69:06:cb:80:fb: 713s ba:cb:a1:8f:1a:f8:45:00:f5:1e:77:79:63:31:72:25:c2:60: 713s b8:1b:f5:20:ff:01:7b:fd:89:fc:1e:90:a4:0e:2e:ef:07:b4: 713s a3:53:17:3c:09:11:3e:d5:d0:2d:7c:9e:1b:ed:32:50:d5:e4: 713s 5d:d3:85:ff:5e:1b:dd:3b:4e:0b:52:65:47:54:4d:b9:46:5c: 713s 16:db:c9:48:f5:4c:f5:a9:0c:cf:56:25:7f:a3:16:d8:c0:87: 713s 07:03:1c:b4:3b:4f:8d:76:d1:44:25:6e:c3:d1:b9:71:36:ac: 713s de:52 713s + openssl ca -batch -notext -config /tmp/sssd-softhsm2-certs-xx7KV9/test-root-CA.config -passin pass:random-root-CA-password-28931 -keyfile /tmp/sssd-softhsm2-certs-xx7KV9/test-root-CA-key.pem -in /tmp/sssd-softhsm2-certs-xx7KV9/test-intermediate-CA-certificate-request.pem -days 365 -extensions v3_intermediate_ca -out /tmp/sssd-softhsm2-certs-xx7KV9/test-intermediate-CA.pem 713s Using configuration from /tmp/sssd-softhsm2-certs-xx7KV9/test-root-CA.config 713s Check that the request matches the signature 713s Signature ok 713s Certificate Details: 713s Serial Number: 1 (0x1) 713s Validity 713s Not Before: Nov 15 21:18:51 2024 GMT 713s Not After : Nov 15 21:18:51 2025 GMT 713s Subject: 713s organizationName = Test Organization 713s organizationalUnitName = Test Organiza/tmp/sssd-softhsm2-certs-xx7KV9/test-intermediate-CA.pem: OK 713s tion Unit 713s commonName = Test Organization Intermediate CA 713s X509v3 extensions: 713s X509v3 Subject Key Identifier: 713s 18:B7:9B:C5:94:70:A1:70:D0:7D:D1:4F:4C:79:AD:11:63:ED:1A:E2 713s X509v3 Authority Key Identifier: 713s keyid:8E:AD:00:B8:1C:DF:15:E9:66:29:0D:59:82:A7:A2:9E:6B:67:C0:9F 713s DirName:/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root CA 713s serial:00 713s X509v3 Basic Constraints: 713s CA:TRUE 713s X509v3 Key Usage: critical 713s Digital Signature, Certificate Sign, CRL Sign 713s Certificate is to be certified until Nov 15 21:18:51 2025 GMT (365 days) 713s 713s Write out database with 1 new entries 713s Database updated 713s + openssl x509 -noout -in /tmp/sssd-softhsm2-certs-xx7KV9/test-intermediate-CA.pem 713s + openssl verify -CAfile /tmp/sssd-softhsm2-certs-xx7KV9/test-root-CA.pem /tmp/sssd-softhsm2-certs-xx7KV9/test-intermediate-CA.pem 713s + cat 713s + sub_intermediate_ca_key_pass=pass:random-sub-intermediate-CA-password-27254 713s + openssl genrsa -aes256 -out /tmp/sssd-softhsm2-certs-xx7KV9/test-sub-intermediate-CA-key.pem -passout pass:random-sub-intermediate-CA-password-27254 1024 713s + openssl req -batch -new -nodes -passin pass:random-sub-intermediate-CA-password-27254 -config /tmp/sssd-softhsm2-certs-xx7KV9/test-sub-intermediate-CA.config -key /tmp/sssd-softhsm2-certs-xx7KV9/test-sub-intermediate-CA-key.pem -passout pass:random-intermediate-CA-password-9255 -sha256 -extensions v3_ca -out /tmp/sssd-softhsm2-certs-xx7KV9/test-sub-intermediate-CA-certificate-request.pem 713s + openssl req -text -noout -in /tmp/sssd-softhsm2-certs-xx7KV9/test-sub-intermediate-CA-certificate-request.pem 713s Certificate Request: 713s Data: 713s Version: 1 (0x0) 713s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate CA 713s Subject Public Key Info: 713s Public Key Algorithm: rsaEncryption 713s Public-Key: (1024 bit) 713s Modulus: 713s 00:b2:92:73:12:1d:bd:2f:54:75:c8:8a:54:52:05: 713s bf:da:e9:b2:16:29:94:1a:6a:25:66:ba:37:7a:6f: 713s 74:4f:c1:30:d7:71:cb:95:67:2f:93:15:79:44:f3: 713s 01:3e:11:a6:e8:19:b5:ad:49:fe:d8:17:35:6e:2c: 713s 01:ce:ed:dd:54:62:56:95:97:d1:d6:c7:21:2a:c8: 713s 1d:42:c3:b9:83:c2:86:fa:b4:34:9f:04:7c:a4:72: 713s 97:99:dd:3f:f9:58:a6:9c:1a:59:39:58:93:7d:2f: 713s e7:27:94:4d:fe:72:5a:f5:f0:d0:46:f6:a0:ce:0c: 713s 86:5e:39:bc:7f:45:08:bd:1b 713s Exponent: 65537 (0x10001) 713s Attributes: 713s (none) 713s Requested Extensions: 713s Signature Algorithm: sha256WithRSAEncryption 713s Signature Value: 713s 47:f5:30:00:fd:5a:ff:50:5d:13:cf:96:26:0b:8c:8e:0d:2b: 713s 88:33:31:ac:df:6e:5f:0d:c3:44:20:b7:bb:46:7d:f6:14:42: 713s 5c:a5:5c:0f:cc:75:a7:77:4b:30:38:76:f6:8b:6f:54:76:4b: 713s 4e:b0:b9:fe:a7:c9:89:4f:69:1e:fd:f6:3e:22:43:da:31:01: 713s a6:1d:d0:d8:d7:c8:fe:48:d9:ab:df:30:b3:d4:26:f3:3d:0a: 713s 3f:cd:19:1d:5d:5d:d3:08:81:55:68:af:f1:a7:02:b9:76:e0: 713s 6e:91:a7:4d:3c:d1:44:7f:ec:4f:ff:b3:ad:c3:bf:a1:d3:42: 713s 86:e9 713s + openssl ca -batch -notext -config /tmp/sssd-softhsm2-certs-xx7KV9/test-intermediate-CA.config -passin pass:random-intermediate-CA-password-9255 -keyfile /tmp/sssd-softhsm2-certs-xx7KV9/test-intermediate-CA-key.pem -in /tmp/sssd-softhsm2-certs-xx7KV9/test-sub-intermediate-CA-certificate-request.pem -days 365 -extensions v3_intermediate_ca -out /tmp/sssd-softhsm2-certs-xx7KV9/test-sub-intermediate-CA.pem 713s Using configuration from /tmp/sssd-softhsm2-certs-xx7KV9/test-intermediate-CA.config 713s Check that the request matches the signature 713s Signature ok 713s Certificate Details: 713s Serial Number: 2 (0x2) 713s Validity 713s Not Before: Nov 15 21:18:51 2024 GMT 713s Not After : Nov 15 21:18:51 2025 GMT 713s Subject: 713s organizationName = Test Organization 713s organizationalUnitName = Test Organization Unit 713s commonName = Test Organization Sub Intermediate CA 713s X509v3 extensions: 713s X509v3 Subject Key Identifier: 713s EB:F2:3E:64:28:08:82:39:06:A0:61:B0:65:AF:28:1D:30:7C:99:89 713s X509v3 Authority Key Identifier: 713s keyid:18:B7:9B:C5:94:70:A1:70:D0:7D:D1:4F:4C:79:AD:11:63:ED:1A:E2 713s DirName:/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root CA 713s serial:01 713s X509v3 Basic Constraints: 713s CA:TRUE 713s X509v3 Key Usage: critical 713s Digital Signature, Certificate Sign, CRL Sign 713s Certificate is to be certified until Nov 15 21:18:51 2025 GMT (365 days) 713s 713s Write out database with 1 new entries 713s Database updated 713s + openssl x509 -noout -in /tmp/sssd-softhsm2-certs-xx7KV9/test-sub-intermediate-CA.pem 713s + openssl verify -partial_chain -CAfile /tmp/sssd-softhsm2-certs-xx7KV9/test-intermediate-CA.pem /tmp/sssd-softhsm2-certs-xx7KV9/test-sub-intermediate-CA.pem 713s /tmp/sssd-softhsm2-certs-xx7KV9/test-sub-intermediate-CA.pem: OK 713s + expect_fail openssl verify -CAfile /tmp/sssd-softhsm2-certs-xx7KV9/test-root-CA.pem /tmp/sssd-softhsm2-certs-xx7KV9/test-sub-intermediate-CA.pem 713s + local cmd=openssl 713s + shift 713s + openssl verify -CAfile /tmp/sssd-softhsm2-certs-xx7KV9/test-root-CA.pem /tmp/sssd-softhsm2-certs-xx7KV9/test-sub-intermediate-CA.pem 713s O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate CA 713s error 20 at 0 depth lookup: unable to get local issuer certificate 713s error /tmp/sssd-softhsm2-certs-xx7KV9/test-sub-intermediate-CA.pem: verification failed 713s + cat 713s + root_ca_trusted_cert_0001_key_pass=pass:random-root-ca-trusted-cert-0001-4379 713s + openssl genrsa -aes256 -out /tmp/sssd-softhsm2-certs-xx7KV9/test-root-CA-trusted-certificate-0001-key.pem -passout pass:random-root-ca-trusted-cert-0001-4379 1024 713s + openssl req -new -nodes -reqexts req_exts -passin pass:random-root-ca-trusted-cert-0001-4379 -key /tmp/sssd-softhsm2-certs-xx7KV9/test-root-CA-trusted-certificate-0001-key.pem -config /tmp/sssd-softhsm2-certs-xx7KV9/test-root-CA-trusted-certificate-0001.config -out /tmp/sssd-softhsm2-certs-xx7KV9/test-root-CA-trusted-certificate-0001-request.pem 713s + openssl req -text -noout -in /tmp/sssd-softhsm2-certs-xx7KV9/test-root-CA-trusted-certificate-0001-request.pem 713s Certificate Request: 713s Data: 713s Version: 1 (0x0) 713s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root Trusted Certificate 0001 713s Subject Public Key Info: 713s Public Key Algorithm: rsaEncryption 713s Public-Key: (1024 bit) 713s Modulus: 713s 00:d7:f7:63:e3:08:a7:c1:0e:96:88:67:6f:63:b6: 713s e8:c8:63:56:98:d3:56:55:5f:67:cb:15:e8:80:70: 713s ae:7d:52:5a:8f:33:fb:2b:d1:c6:db:ab:85:ae:4f: 713s e6:8b:06:b8:0a:01:85:6f:26:bd:ec:4f:a4:e9:65: 713s e8:e8:e2:33:3f:06:85:d6:e8:a0:76:cc:2f:89:53: 713s dc:dc:1f:2f:d5:e2:35:49:ed:03:81:86:a4:3f:5a: 713s cd:29:48:80:0a:8d:31:f1:ae:7c:4e:2c:46:b8:65: 713s d2:d7:76:d6:a5:75:cf:21:b7:49:08:64:85:2a:7e: 713s e0:92:0c:0b:c3:71:52:f0:af 713s Exponent: 65537 (0x10001) 713s Attributes: 713s Requested Extensions: 713s X509v3 Basic Constraints: 713s CA:FALSE 713s Netscape Cert Type: 713s SSL Client, S/MIME 713s Netscape Comment: 713s Test Organization Root CA trusted Certificate 713s X509v3 Subject Key Identifier: 713s A7:18:B9:C6:41:2F:0E:FB:57:E8:C2:D5:60:A1:6F:E8:01:F8:14:1F 713s X509v3 Key Usage: critical 713s Digital Signature, Non Repudiation, Key Encipherment 713s X509v3 Extended Key Usage: 713s TLS Web Client Authentication, E-mail Protection 713s X509v3 Subject Alternative Name: 713s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 713s Signature Algorithm: sha256WithRSAEncryption 713s Signature Value: 713s 8d:82:39:b5:4a:c1:f9:5c:4c:8f:6d:9d:18:4a:71:90:6a:dc: 713s 16:e0:7e:d7:17:fd:0b:11:2d:67:e0:a3:34:d8:48:26:31:8f: 713s 8f:cd:2d:50:8f:f1:58:7d:db:8a:87:d3:9b:cd:70:26:85:bd: 713s ca:38:fd:9a:5a:57:37:b0:f0:03:00:d7:c4:e2:92:37:cd:e4: 713s bd:db:68:b2:d2:f8:4a:bc:29:ca:f7:64:30:c8:26:e7:73:41: 713s 4c:5d:da:ee:04:d5:1f:73:d9:8b:77:0c:32:30:55:ac:9b:eb: 713s a2:3f:e2:78:3b:a1:66:9e:8b:68:f0:1e:ba:a8:24:e7:3b:49: 713s 8e:e0 713s + openssl ca -batch -notext -config /tmp/sssd-softhsm2-certs-xx7KV9/test-root-CA.config -passin pass:random-root-CA-password-28931 -keyfile /tmp/sssd-softhsm2-certs-xx7KV9/test-root-CA-key.pem -in /tmp/sssd-softhsm2-certs-xx7KV9/test-root-CA-trusted-certificate-0001-request.pem -days 365 -extensions usr_cert -out /tmp/sssd-softhsm2-certs-xx7KV9/test-root-CA-trusted-certificate-0001.pem 713s Using configuration from /tmp/sssd-softhsm2-certs-xx7KV9/test-root-CA.config 713s Check that the request matches the signature 713s Signature ok 713s Certificate Details: 713s Serial Number: 3 (0x3) 713s Validity 713s Not Before: Nov 15 21:18:51 2024 GMT 713s Not After : Nov 15 21:18:51 2025 GMT 713s Subject: 713s organizationName = Test Organization 713s organizationalUnitName = Test Organization Unit 713s commonName = Test Organization Root Trusted Certificate 0001 713s X509v3 extensions: 713s X509v3 Authority Key Identifier: 713s 8E:AD:00:B8:1C:DF:15:E9:66:29:0D:59:82:A7:A2:9E:6B:67:C0:9F 713s X509v3 Basic Constraints: 713s CA:FALSE 713s Netscape Cert Type: 713s SSL Client, S/MIME 713s Netscape Comment: 713s Test Organization Root CA trusted Certificate 713s X509v3 Subject Key Identifier: 713s A7:18:B9:C6:41:2F:0E:FB:57:E8:C2:D5:60:A1:6F:E8:01:F8:14:1F 713s X509v3 Key Usage: critical 713s Digital Signature, Non Repudiation, Key Encipherment 713s X509v3 Extended Key Usage: 713s TLS Web Client Authentication, E-mail Protection 713s X509v3 Subject Alternative Name: 713s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 713s Certificate is to be certified until Nov 15 21:18:51 2025 GMT (365 days) 713s 713s Write out database with 1 new entries 713s Database updated 713s + openssl x509 -noout -in /tmp/sssd-softhsm2-certs-xx7KV9/test-root-CA-trusted-certificate-0001.pem 713s + openssl verify -CAfile /tmp/sssd-softhsm2-certs-xx7KV9/test-root-CA.pem /tmp/sssd-softhsm2-certs-xx7KV9/test-root-CA-trusted-certificate-0001.pem 713s /tmp/sssd-softhsm2-certs-xx7KV9/test-root-CA-trusted-certificate-0001.pem: OK 713s + expect_fail openssl verify -CAfile /tmp/sssd-softhsm2-certs-xx7KV9/test-intermediate-CA.pem /tmp/sssd-softhsm2-certs-xx7KV9/test-root-CA-trusted-certificate-0001.pem 713s + local cmd=openssl 713s + shift 713s + openssl verify -CAfile /tmp/sssd-softhsm2-certs-xx7KV9/test-intermediate-CA.pem /tmp/sssd-softhsm2-certs-xx7KV9/test-root-CA-trusted-certificate-0001.pem 713s O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root Trusted Certificate 0001 713s error 20 at 0 depth lookup: unable to get local issuer certificate 713s error /tmp/sssd-softhsm2-certs-xx7KV9/test-root-CA-trusted-certificate-0001.pem: verification failed 713s + cat 713s + intermediate_ca_trusted_cert_0001_key_pass=pass:random-intermediate-ca-trusted-cert-0001-28512 713s + openssl genrsa -aes256 -out /tmp/sssd-softhsm2-certs-xx7KV9/test-intermediate-CA-trusted-certificate-0001-key.pem -passout pass:random-intermediate-ca-trusted-cert-0001-28512 1024 713s + openssl req -new -nodes -reqexts req_exts -passin pass:random-intermediate-ca-trusted-cert-0001-28512 -key /tmp/sssd-softhsm2-certs-xx7KV9/test-intermediate-CA-trusted-certificate-0001-key.pem -config /tmp/sssd-softhsm2-certs-xx7KV9/test-intermediate-CA-trusted-certificate-0001.config -out /tmp/sssd-softhsm2-certs-xx7KV9/test-intermediate-CA-trusted-certificate-0001-request.pem 713s + openssl req -text -noout -in /tmp/sssd-softhsm2-certs-xx7KV9/test-intermediate-CA-trusted-certificate-0001-request.pem 713s Certificate Request: 713s Data: 713s Version: 1 (0x0) 713s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate Trusted Certificate 0001 713s Subject Public Key Info: 713s Public Key Algorithm: rsaEncryption 713s Public-Key: (1024 bit) 713s Modulus: 713s 00:db:e2:10:cc:76:64:16:68:32:fd:2a:13:0d:11: 713s ba:06:3c:a1:1b:f3:ae:6a:26:95:a0:db:a4:5c:99: 713s ca:32:a0:c8:33:3c:f6:5a:dc:a1:82:57:c2:41:d0: 713s 9b:68:b1:eb:20:10:eb:82:fa:e1:57:73:d2:97:31: 713s 16:6d:c8:8c:39:41:7d:30:01:d7:4c:61:2e:45:2e: 713s f5:54:d6:e6:86:4a:4b:c0:1c:d7:29:ec:75:3b:b5: 713s 70:9c:3d:36:72:3c:56:11:b5:29:00:c4:de:c9:0d: 713s e3:5b:0f:37:6e:da:1f:ad:b5:20:f8:4e:e2:df:d8: 713s 7f:93:19:90:84:9a:d4:a2:33 713s Exponent: 65537 (0x10001) 713s Attributes: 713s Requested Extensions: 713s X509v3 Basic Constraints: 713s CA:FALSE 713s Netscape Cert Type: 713s SSL Client, S/MIME 713s Netscape Comment: 713s Test Organization Intermediate CA trusted Certificate 713s X509v3 Subject Key Identifier: 713s 56:DA:1C:75:DD:65:03:C3:C8:34:37:3E:03:55:B7:FB:E4:0B:C9:1C 713s X509v3 Key Usage: critical 713s Digital Signature, Non Repudiation, Key Encipherment 713s X509v3 Extended Key Usage: 713s TLS Web Client Authentication, E-mail Protection 713s X509v3 Subject Alternative Name: 713s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 713s Signature Algorithm: sha256WithRSAEncryption 713s Signature Value: 713s 96:c8:91:5a:1f:4e:82:41:52:b1:73:6a:d9:1b:f4:3e:fc:79: 713s 74:2e:07:99:be:e6:99:57:0a:2f:79:01:01:1e:33:a0:24:dc: 713s e4:59:4d:3f:ac:cd:a6:07:00:2f:88:75:47:2f:34:9c:6c:41: 713s b1:42:94:55:9d:b6:eb:7c:79:c5:7f:ff:67:83:81:1a:e0:39: 713s c0:8f:1f:90:f0:66:79:87:34:7d:b9:1e:3d:4f:47:b2:61:64: 713s e0:43:f2:83:7d:a2:52:f2:d3:a2:77:bb:f5:d8:d1:b6:b3:61: 713s f6:ca:a9:23:ff:f6:98:9a:44:78:11:d1:be:87:05:7c:ab:7a: 713s 6d:11 713s + openssl ca -passin pass:random-intermediate-CA-password-9255 -config /tmp/sssd-softhsm2-certs-xx7KV9/test-intermediate-CA.config -batch -notext -keyfile /tmp/sssd-softhsm2-certs-xx7KV9/test-intermediate-CA-key.pem -in /tmp/sssd-softhsm2-certs-xx7KV9/test-intermediate-CA-trusted-certificate-0001-request.pem -days 365 -extensions usr_cert -out /tmp/sssd-softhsm2-certs-xx7KV9/test-intermediate-CA-trusted-certificate-0001.pem 713s Using configuration from /tmp/sssd-softhsm2-certs-xx7KV9/test-intermediate-CA.config 713s Check that the request matches the signature 713s Signature ok 713s Certificate Details: 713s Serial Number: 4 (0x4) 713s Validity 713s Not Before: Nov 15 21:18:51 2024 GMT 713s Not After : Nov 15 21:18:51 2025 GMT 713s Subject: 713s organizationName = Test Organization 713s organizationalUnitName = Test Organization Unit 713s commonName = Test Organization Intermediate Trusted Certificate 0001 713s X509v3 extensions: 713s X509v3 Authority Key Identifier: 713s 18:B7:9B:C5:94:70:A1:70:D0:7D:D1:4F:4C:79:AD:11:63:ED:1A:E2 713s X509v3 Basic Constraints: 713s CA:FALSE 713s Netscape Cert Type: 713s SSL Client, S/MIME 713s Netscape Comment: 713s Test Organization Intermediate CA trusted Certificate 713s X509v3 Subject Key Identifier: 713s 56:DA:1C:75:DD:65:03:C3:C8:34:37:3E:03:55:B7:FB:E4:0B:C9:1C 713s X509v3 Key Usage: critical 713s Digital Signature, Non Repudiation, Key Encipherment 713s X509v3 Extended Key Usage: 713s TLS Web Client Authentication, E-mail Protection 713s X509v3 Subject Alternative Name: 713s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 713s Certificate is to be certified until Nov 15 21:18:51 2025 GMT (365 days) 713s 713s Write out database with 1 new entries 713s Database updated 713s + openssl x509 -noout -in /tmp/sssd-softhsm2-certs-xx7KV9/test-intermediate-CA-trusted-certificate-0001.pem 713s This certificate should not be trusted fully 713s + echo 'This certificate should not be trusted fully' 713s + expect_fail openssl verify -CAfile /tmp/sssd-softhsm2-certs-xx7KV9/test-intermediate-CA.pem /tmp/sssd-softhsm2-certs-xx7KV9/test-intermediate-CA-trusted-certificate-0001.pem 713s + local cmd=openssl 713s + shift 713s + openssl verify -CAfile /tmp/sssd-softhsm2-certs-xx7KV9/test-intermediate-CA.pem /tmp/sssd-softhsm2-certs-xx7KV9/test-intermediate-CA-trusted-certificate-0001.pem 713s O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate CA 713s error 2 at 1 depth lookup: unable to get issuer certificate 713s error /tmp/sssd-softhsm2-certs-xx7KV9/test-intermediate-CA-trusted-certificate-0001.pem: verification failed 713s + openssl verify -partial_chain -CAfile /tmp/sssd-softhsm2-certs-xx7KV9/test-intermediate-CA.pem /tmp/sssd-softhsm2-certs-xx7KV9/test-intermediate-CA-trusted-certificate-0001.pem 713s /tmp/sssd-softhsm2-certs-xx7KV9/test-intermediate-CA-trusted-certificate-0001.pem: OK 713s + cat 713s + sub_intermediate_ca_trusted_cert_0001_key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-10163 713s + openssl genrsa -aes256 -out /tmp/sssd-softhsm2-certs-xx7KV9/test-sub-intermediate-CA-trusted-certificate-0001-key.pem -passout pass:random-sub-intermediate-ca-trusted-cert-0001-10163 1024 713s + openssl req -new -nodes -reqexts req_exts -passin pass:random-sub-intermediate-ca-trusted-cert-0001-10163 -key /tmp/sssd-softhsm2-certs-xx7KV9/test-sub-intermediate-CA-trusted-certificate-0001-key.pem -config /tmp/sssd-softhsm2-certs-xx7KV9/test-sub-intermediate-CA-trusted-certificate-0001.config -out /tmp/sssd-softhsm2-certs-xx7KV9/test-sub-intermediate-CA-trusted-certificate-0001-request.pem 713s + openssl req -text -noout -in /tmp/sssd-softhsm2-certs-xx7KV9/test-sub-intermediate-CA-trusted-certificate-0001-request.pem 713s Certificate Request: 713s Data: 713s Version: 1 (0x0) 713s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate Trusted Certificate 0001 713s Subject Public Key Info: 713s Public Key Algorithm: rsaEncryption 713s Public-Key: (1024 bit) 713s Modulus: 713s 00:c0:ca:79:cc:d2:85:b9:ba:06:b8:05:6e:14:62: 713s 8d:d0:e3:ca:ce:7d:0b:55:4e:51:87:55:2b:67:04: 713s 34:91:1e:4b:6b:62:81:86:4e:e8:3d:94:34:cb:0d: 713s f5:4b:11:46:d9:14:5b:82:7a:27:75:2e:3e:17:a0: 713s ab:fd:3d:a5:72:b3:93:c1:7f:ff:37:13:3d:aa:27: 713s 19:ef:44:ff:5f:18:b2:8e:cb:55:68:bb:2b:af:45: 713s 1d:83:17:5d:f0:27:a0:1a:b5:0c:e2:ca:f3:af:14: 713s d4:dc:6e:e4:39:8e:9a:a8:b5:1a:a1:17:67:30:07: 713s bf:6f:6c:49:45:c5:a3:c9:bd 713s Exponent: 65537 (0x10001) 713s Attributes: 713s Requested Extensions: 713s X509v3 Basic Constraints: 713s CA:FALSE 713s Netscape Cert Type: 713s SSL Client, S/MIME 713s Netscape Comment: 713s Test Organization Sub Intermediate CA trusted Certificate 713s X509v3 Subject Key Identifier: 713s 64:E6:8F:D6:4A:B6:C8:49:F2:20:2A:01:77:47:5B:29:D6:21:28:46 713s X509v3 Key Usage: critical 713s Digital Signature, Non Repudiation, Key Encipherment 713s X509v3 Extended Key Usage: 713s TLS Web Client Authentication, E-mail Protection 713s X509v3 Subject Alternative Name: 713s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 713s Signature Algorithm: sha256WithRSAEncryption 713s Signature Value: 713s 78:cc:5d:2e:ea:a4:6f:0f:fe:12:fe:38:98:5c:0b:f0:65:e4: 713s b4:5f:d4:d4:9d:b7:77:56:aa:66:f0:5f:02:47:24:6b:d5:df: 713s 90:ce:60:9b:c1:bf:29:91:03:87:d2:8f:f1:f2:d8:76:29:2a: 713s 28:3c:d8:63:5a:7d:ca:1d:23:ae:99:e4:0a:af:a3:d9:fd:68: 713s 3d:47:ac:2c:c0:ea:d6:b3:02:10:38:5d:63:19:18:8d:fa:4f: 713s 6f:50:b1:c1:13:b8:ba:30:46:82:7f:09:1a:cf:27:e2:3c:02: 713s e0:28:a4:87:33:df:fc:aa:22:0a:2a:d7:55:34:01:fa:fc:19: 713s d0:ae 713s + openssl ca -passin pass:random-sub-intermediate-CA-password-27254 -config /tmp/sssd-softhsm2-certs-xx7KV9/test-sub-intermediate-CA.config -batch -notext -keyfile /tmp/sssd-softhsm2-certs-xx7KV9/test-sub-intermediate-CA-key.pem -in /tmp/sssd-softhsm2-certs-xx7KV9/test-sub-intermediate-CA-trusted-certificate-0001-request.pem -days 365 -extensions usr_cert -out /tmp/sssd-softhsm2-certs-xx7KV9/test-sub-intermediate-CA-trusted-certificate-0001.pem 713s Using configuration from /tmp/sssd-softhsm2-certs-xx7KV9/test-sub-intermediate-CA.config 713s Check that the request matches the signature 713s Signature ok 713s Certificate Details: 713s Serial Number: 5 (0x5) 713s Validity 713s Not Before: Nov 15 21:18:51 2024 GMT 713s Not After : Nov 15 21:18:51 2025 GMT 713s Subject: 713s organizationName = Test Organization 713s organizationalUnitName = Test Organization Unit 713s commonName = Test Organization Sub Intermediate Trusted Certificate 0001 713s X509v3 extensions: 713s X509v3 Authority Key Identifier: 713s EB:F2:3E:64:28:08:82:39:06:A0:61:B0:65:AF:28:1D:30:7C:99:89 713s X509v3 Basic Constraints: 713s CA:FALSE 713s Netscape Cert Type: 713s SSL Client, S/MIME 713s Netscape Comment: 713s Test Organization Sub Intermediate CA trusted Certificate 713s X509v3 Subject Key Identifier: 713s 64:E6:8F:D6:4A:B6:C8:49:F2:20:2A:01:77:47:5B:29:D6:21:28:46 713s X509v3 Key Usage: critical 713s Digital Signature, Non Repudiation, Key Encipherment 713s X509v3 Extended Key Usage: 713s TLS Web Client Authentication, E-mail Protection 713s X509v3 Subject Alternative Name: 713s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 713s Certificate is to be certified until Nov 15 21:18:51 2025 GMT (365 days) 713s 713s Write out database with 1 new entries 713s Database updated 713s + openssl x509 -noout -in /tmp/sssd-softhsm2-certs-xx7KV9/test-sub-intermediate-CA-trusted-certificate-0001.pem 713s This certificate should not be trusted fully 713s + echo 'This certificate should not be trusted fully' 713s + expect_fail openssl verify -CAfile /tmp/sssd-softhsm2-certs-xx7KV9/test-sub-intermediate-CA.pem /tmp/sssd-softhsm2-certs-xx7KV9/test-sub-intermediate-CA-trusted-certificate-0001.pem 713s + local cmd=openssl 713s + shift 713s + openssl verify -CAfile /tmp/sssd-softhsm2-certs-xx7KV9/test-sub-intermediate-CA.pem /tmp/sssd-softhsm2-certs-xx7KV9/test-sub-intermediate-CA-trusted-certificate-0001.pem 713s O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate CA 713s error 2 at 1 depth lookup: unable to get issuer certificate 713s error /tmp/sssd-softhsm2-certs-xx7KV9/test-sub-intermediate-CA-trusted-certificate-0001.pem: verification failed 713s + expect_fail openssl verify -CAfile /tmp/sssd-softhsm2-certs-xx7KV9/test-intermediate-CA.pem /tmp/sssd-softhsm2-certs-xx7KV9/test-sub-intermediate-CA-trusted-certificate-0001.pem 713s + local cmd=openssl 713s + shift 713s + openssl verify -CAfile /tmp/sssd-softhsm2-certs-xx7KV9/test-intermediate-CA.pem /tmp/sssd-softhsm2-certs-xx7KV9/test-sub-intermediate-CA-trusted-certificate-0001.pem 713s O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate Trusted Certificate 0001 713s error 20 at 0 depth lookup: unable to get local issuer certificate 713s error /tmp/sssd-softhsm2-certs-xx7KV9/test-sub-intermediate-CA-trusted-certificate-0001.pem: verification failed 713s + openssl verify -partial_chain -CAfile /tmp/sssd-softhsm2-certs-xx7KV9/test-sub-intermediate-CA.pem /tmp/sssd-softhsm2-certs-xx7KV9/test-sub-intermediate-CA-trusted-certificate-0001.pem 713s /tmp/sssd-softhsm2-certs-xx7KV9/test-sub-intermediate-CA-trusted-certificate-0001.pem: OK 713s + expect_fail openssl verify -partial_chain -CAfile /tmp/sssd-softhsm2-certs-xx7KV9/test-intermediate-CA.pem /tmp/sssd-softhsm2-certs-xx7KV9/test-sub-intermediate-CA-trusted-certificate-0001.pem 713s + local cmd=openssl 713s + shift 713s + openssl verify -partial_chain -CAfile /tmp/sssd-softhsm2-certs-xx7KV9/test-intermediate-CA.pem /tmp/sssd-softhsm2-certs-xx7KV9/test-sub-intermediate-CA-trusted-certificate-0001.pem 713s O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate Trusted Certificate 0001 713s error 20 at 0 depth lookup: unable to get local issuer certificate 713s error /tmp/sssd-softhsm2-certs-xx7KV9/test-sub-intermediate-CA-trusted-certificate-0001.pem: verification failed 713s Building a the full-chain CA file... 713s + echo 'Building a the full-chain CA file...' 713s + cat /tmp/sssd-softhsm2-certs-xx7KV9/test-root-CA.pem /tmp/sssd-softhsm2-certs-xx7KV9/test-intermediate-CA.pem /tmp/sssd-softhsm2-certs-xx7KV9/test-sub-intermediate-CA.pem 713s + cat /tmp/sssd-softhsm2-certs-xx7KV9/test-root-CA.pem /tmp/sssd-softhsm2-certs-xx7KV9/test-intermediate-CA.pem 713s + cat /tmp/sssd-softhsm2-certs-xx7KV9/test-intermediate-CA.pem /tmp/sssd-softhsm2-certs-xx7KV9/test-sub-intermediate-CA.pem 713s + openssl crl2pkcs7 -nocrl -certfile /tmp/sssd-softhsm2-certs-xx7KV9/test-full-chain-CA.pem 713s + openssl pkcs7 -print_certs -noout 713s subject=O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root CA 713s issuer=O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root CA 713s 713s subject=O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate CA 713s issuer=O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root CA 713s 713s subject=O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate CA 713s issuer=O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate CA 713s 713s + openssl verify -CAfile /tmp/sssd-softhsm2-certs-xx7KV9/test-full-chain-CA.pem /tmp/sssd-softhsm2-certs-xx7KV9/test-intermediate-CA.pem 713s /tmp/sssd-softhsm2-certs-xx7KV9/test-intermediate-CA.pem: OK 713s + openssl verify -CAfile /tmp/sssd-softhsm2-certs-xx7KV9/test-full-chain-CA.pem /tmp/sssd-softhsm2-certs-xx7KV9/test-root-CA-trusted-certificate-0001.pem 713s /tmp/sssd-softhsm2-certs-xx7KV9/test-root-CA-trusted-certificate-0001.pem: OK 713s + openssl verify -CAfile /tmp/sssd-softhsm2-certs-xx7KV9/test-full-chain-CA.pem /tmp/sssd-softhsm2-certs-xx7KV9/test-intermediate-CA-trusted-certificate-0001.pem 713s /tmp/sssd-softhsm2-certs-xx7KV9/test-intermediate-CA-trusted-certificate-0001.pem: OK 713s + openssl verify -CAfile /tmp/sssd-softhsm2-certs-xx7KV9/test-full-chain-CA.pem /tmp/sssd-softhsm2-certs-xx7KV9/test-root-intermediate-chain-CA.pem 713s /tmp/sssd-softhsm2-certs-xx7KV9/test-root-intermediate-chain-CA.pem: OK 713s + openssl verify -CAfile /tmp/sssd-softhsm2-certs-xx7KV9/test-full-chain-CA.pem /tmp/sssd-softhsm2-certs-xx7KV9/test-sub-intermediate-CA-trusted-certificate-0001.pem 713s /tmp/sssd-softhsm2-certs-xx7KV9/test-sub-intermediate-CA-trusted-certificate-0001.pem: OK 713s + echo 'Certificates generation completed!' 713s Certificates generation completed! 713s + [[ -v NO_SSSD_TESTS ]] 713s + [[ -v GENERATE_SMART_CARDS ]] 713s + prepare_softhsm2_card /tmp/sssd-softhsm2-certs-xx7KV9/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-4379 713s + local certificate=/tmp/sssd-softhsm2-certs-xx7KV9/test-root-CA-trusted-certificate-0001.pem 713s + local key_pass=pass:random-root-ca-trusted-cert-0001-4379 713s + local key_cn 713s + local key_name 713s + local tokens_dir 713s + local output_cert_file 713s + token_name= 713s ++ basename /tmp/sssd-softhsm2-certs-xx7KV9/test-root-CA-trusted-certificate-0001.pem .pem 713s + key_name=test-root-CA-trusted-certificate-0001 713s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-certs-xx7KV9/test-root-CA-trusted-certificate-0001.pem 713s ++ sed -n 's/ *commonName *= //p' 713s + key_cn='Test Organization Root Trusted Certificate 0001' 713s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 713s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-certs-xx7KV9/softhsm2-test-root-CA-trusted-certificate-0001.conf 713s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-certs-xx7KV9/softhsm2-test-root-CA-trusted-certificate-0001.conf 713s ++ basename /tmp/sssd-softhsm2-certs-xx7KV9/softhsm2-test-root-CA-trusted-certificate-0001.conf .conf 713s + tokens_dir=/tmp/sssd-softhsm2-certs-xx7KV9/softhsm2-test-root-CA-trusted-certificate-0001 713s + token_name='Test Organization Root Tr Token' 713s + '[' '!' -e /tmp/sssd-softhsm2-certs-xx7KV9/softhsm2-test-root-CA-trusted-certificate-0001.conf ']' 713s + local key_file 713s + local decrypted_key 713s + mkdir -p /tmp/sssd-softhsm2-certs-xx7KV9/softhsm2-test-root-CA-trusted-certificate-0001 713s + key_file=/tmp/sssd-softhsm2-certs-xx7KV9/test-root-CA-trusted-certificate-0001-key.pem 713s + decrypted_key=/tmp/sssd-softhsm2-certs-xx7KV9/test-root-CA-trusted-certificate-0001-key-decrypted.pem 713s + cat 713s + softhsm2-util --init-token --label 'Test Organization Root Tr Token' --pin 123456 --so-pin 123456 --free 713s Slot 0 has a free/uninitialized token. 713s The token has been initialized and is reassigned to slot 1833127908 713s + softhsm2-util --show-slots 713s Available slots: 713s Slot 1833127908 713s Slot info: 713s Description: SoftHSM slot ID 0x6d434fe4 713s Manufacturer ID: SoftHSM project 713s Hardware version: 2.6 713s Firmware version: 2.6 713s Token present: yes 713s Token info: 713s Manufacturer ID: SoftHSM project 713s Model: SoftHSM v2 713s Hardware version: 2.6 713s Firmware version: 2.6 713s Serial number: 91fa01d16d434fe4 713s Initialized: yes 713s User PIN init.: yes 713s Label: Test Organization Root Tr Token 713s Slot 1 713s Slot info: 713s Description: SoftHSM slot ID 0x1 713s Manufacturer ID: SoftHSM project 713s Hardware version: 2.6 713s Firmware version: 2.6 713s Token present: yes 713s Token info: 713s Manufacturer ID: SoftHSM project 713s Model: SoftHSM v2 713s Hardware version: 2.6 713s Firmware version: 2.6 713s Serial number: 713s Initialized: no 713s User PIN init.: no 713s Label: 713s + p11tool --provider=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so --write --no-mark-private --load-certificate=/tmp/sssd-softhsm2-certs-xx7KV9/test-root-CA-trusted-certificate-0001.pem --login --set-pin=123456 --label 'Test Organization Root Trusted Certificate 0001' --id 00112233445566778899FFAABBCCDDEEFF012345 713s + openssl rsa -passin pass:random-root-ca-trusted-cert-0001-4379 -in /tmp/sssd-softhsm2-certs-xx7KV9/test-root-CA-trusted-certificate-0001-key.pem -out /tmp/sssd-softhsm2-certs-xx7KV9/test-root-CA-trusted-certificate-0001-key-decrypted.pem 713s writing RSA key 713s + p11tool --provider=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so --write --load-privkey=/tmp/sssd-softhsm2-certs-xx7KV9/test-root-CA-trusted-certificate-0001-key-decrypted.pem --login --set-pin=123456 --label 'Test Organization Root Trusted Certificate 0001 Key' --id 00112233445566778899FFAABBCCDDEEFF012345 713s + rm /tmp/sssd-softhsm2-certs-xx7KV9/test-root-CA-trusted-certificate-0001-key-decrypted.pem 713s + p11tool --provider=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so --list-all 713s Object 0: 713s URL: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=91fa01d16d434fe4;token=Test%20Organization%20Root%20Tr%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Root%20Trusted%20Certificate%200001;type=cert 713s Type: X.509 Certificate (RSA-1024) 713s Expires: Sat Nov 15 21:18:51 2025 713s Label: Test Organization Root Trusted Certificate 0001 713s ID: 00:11:22:33:44:55:66:77:88:99:ff:aa:bb:cc:dd:ee:ff:01:23:45 713s 713s Test Organization Root Tr Token 713s + echo 'Test Organization Root Tr Token' 713s + prepare_softhsm2_card /tmp/sssd-softhsm2-certs-xx7KV9/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-28512 713s + local certificate=/tmp/sssd-softhsm2-certs-xx7KV9/test-intermediate-CA-trusted-certificate-0001.pem 713s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-28512 713s + local key_cn 713s + local key_name 713s + local tokens_dir 713s + local output_cert_file 713s + token_name= 713s ++ basename /tmp/sssd-softhsm2-certs-xx7KV9/test-intermediate-CA-trusted-certificate-0001.pem .pem 713s + key_name=test-intermediate-CA-trusted-certificate-0001 713s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-certs-xx7KV9/test-intermediate-CA-trusted-certificate-0001.pem 713s ++ sed -n 's/ *commonName *= //p' 713s + key_cn='Test Organization Intermediate Trusted Certificate 0001' 713s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 713s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-certs-xx7KV9/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 713s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-certs-xx7KV9/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 713s ++ basename /tmp/sssd-softhsm2-certs-xx7KV9/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf .conf 713s + tokens_dir=/tmp/sssd-softhsm2-certs-xx7KV9/softhsm2-test-intermediate-CA-trusted-certificate-0001 713s + token_name='Test Organization Interme Token' 713s + '[' '!' -e /tmp/sssd-softhsm2-certs-xx7KV9/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf ']' 713s + local key_file 713s + local decrypted_key 713s + mkdir -p /tmp/sssd-softhsm2-certs-xx7KV9/softhsm2-test-intermediate-CA-trusted-certificate-0001 713s + key_file=/tmp/sssd-softhsm2-certs-xx7KV9/test-intermediate-CA-trusted-certificate-0001-key.pem 713s + decrypted_key=/tmp/sssd-softhsm2-certs-xx7KV9/test-intermediate-CA-trusted-certificate-0001-key-decrypted.pem 713s + cat 713s + softhsm2-util --init-token --label 'Test Organization Interme Token' --pin 123456 --so-pin 123456 --free 713s Slot 0 has a free/uninitialized token. 713s The token has been initialized and is reassigned to slot 619827150 713s + softhsm2-util --show-slots 713s Available slots: 713s Slot 619827150 713s Slot info: 713s Description: SoftHSM slot ID 0x24f1cfce 713s Manufacturer ID: SoftHSM project 713s Hardware version: 2.6 713s Firmware version: 2.6 713s Token present: yes 713s Token info: 713s Manufacturer ID: SoftHSM project 713s Model: SoftHSM v2 713s Hardware version: 2.6 713s Firmware version: 2.6 713s Serial number: 79aefc85a4f1cfce 713s Initialized: yes 713s User PIN init.: yes 713s Label: Test Organization Interme Token 713s Slot 1 713s Slot info: 713s Description: SoftHSM slot ID 0x1 713s Manufacturer ID: SoftHSM project 713s Hardware version: 2.6 713s Firmware version: 2.6 713s Token present: yes 713s Token info: 713s Manufacturer ID: SoftHSM project 713s Model: SoftHSM v2 713s Hardware version: 2.6 713s Firmware version: 2.6 713s Serial number: 713s Initialized: no 713s User PIN init.: no 713s Label: 713s + p11tool --provider=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so --write --no-mark-private --load-certificate=/tmp/sssd-softhsm2-certs-xx7KV9/test-intermediate-CA-trusted-certificate-0001.pem --login --set-pin=123456 --label 'Test Organization Intermediate Trusted Certificate 0001' --id 00112233445566778899FFAABBCCDDEEFF012345 713s + openssl rsa -passin pass:random-intermediate-ca-trusted-cert-0001-28512 -in /tmp/sssd-softhsm2-certs-xx7KV9/test-intermediate-CA-trusted-certificate-0001-key.pem -out /tmp/sssd-softhsm2-certs-xx7KV9/test-intermediate-CA-trusted-certificate-0001-key-decrypted.pem 713s writing RSA key 713s + p11tool --provider=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so --write --load-privkey=/tmp/sssd-softhsm2-certs-xx7KV9/test-intermediate-CA-trusted-certificate-0001-key-decrypted.pem --login --set-pin=123456 --label 'Test Organization Intermediate Trusted Certificate 0001 Key' --id 00112233445566778899FFAABBCCDDEEFF012345 713s + rm /tmp/sssd-softhsm2-certs-xx7KV9/test-intermediate-CA-trusted-certificate-0001-key-decrypted.pem 713s + p11tool --provider=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so --list-all 713s Object 0: 713s URL: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=79aefc85a4f1cfce;token=Test%20Organization%20Interme%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Intermediate%20Trusted%20Certificate%200001;type=cert 713s Type: X.509 Certificate (RSA-1024) 713s Expires: Sat Nov 15 21:18:51 2025 713s Label: Test Organization Intermediate Trusted Certificate 0001 713s ID: 00:11:22:33:44:55:66:77:88:99:ff:aa:bb:cc:dd:ee:ff:01:23:45 713s 713s Test Organization Interme Token 713s + echo 'Test Organization Interme Token' 713s + prepare_softhsm2_card /tmp/sssd-softhsm2-certs-xx7KV9/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-10163 713s + local certificate=/tmp/sssd-softhsm2-certs-xx7KV9/test-sub-intermediate-CA-trusted-certificate-0001.pem 713s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-10163 713s + local key_cn 713s + local key_name 713s + local tokens_dir 713s + local output_cert_file 713s + token_name= 713s ++ basename /tmp/sssd-softhsm2-certs-xx7KV9/test-sub-intermediate-CA-trusted-certificate-0001.pem .pem 713s + key_name=test-sub-intermediate-CA-trusted-certificate-0001 713s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-certs-xx7KV9/test-sub-intermediate-CA-trusted-certificate-0001.pem 713s ++ sed -n 's/ *commonName *= //p' 714s + key_cn='Test Organization Sub Intermediate Trusted Certificate 0001' 714s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 714s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-certs-xx7KV9/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 714s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-certs-xx7KV9/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 714s ++ basename /tmp/sssd-softhsm2-certs-xx7KV9/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf .conf 714s + tokens_dir=/tmp/sssd-softhsm2-certs-xx7KV9/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 714s + token_name='Test Organization Sub Int Token' 714s + '[' '!' -e /tmp/sssd-softhsm2-certs-xx7KV9/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf ']' 714s + local key_file 714s + local decrypted_key 714s + mkdir -p /tmp/sssd-softhsm2-certs-xx7KV9/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 714s + key_file=/tmp/sssd-softhsm2-certs-xx7KV9/test-sub-intermediate-CA-trusted-certificate-0001-key.pem 714s + decrypted_key=/tmp/sssd-softhsm2-certs-xx7KV9/test-sub-intermediate-CA-trusted-certificate-0001-key-decrypted.pem 714s + cat 714s + softhsm2-util --init-token --label 'Test Organization Sub Int Token' --pin 123456 --so-pin 123456 --free 714s Slot 0 has a free/uninitialized token. 714s The token has been initialized and is reassigned to slot 1564703072 714s + softhsm2-util --show-slots 714s Available slots: 714s Slot 1564703072 714s Slot info: 714s Description: SoftHSM slot ID 0x5d437960 714s Manufacturer ID: SoftHSM project 714s Hardware version: 2.6 714s Firmware version: 2.6 714s Token present: yes 714s Token info: 714s Manufacturer ID: SoftHSM project 714s Model: SoftHSM v2 714s Hardware version: 2.6 714s Firmware version: 2.6 714s Serial number: 2d30a9e45d437960 714s Initialized: yes 714s User PIN init.: yes 714s Label: Test Organization Sub Int Token 714s Slot 1 714s Slot info: 714s Description: SoftHSM slot ID 0x1 714s Manufacturer ID: SoftHSM project 714s Hardware version: 2.6 714s Firmware version: 2.6 714s Token present: yes 714s Token info: 714s Manufacturer ID: SoftHSM project 714s Model: SoftHSM v2 714s Hardware version: 2.6 714s Firmware version: 2.6 714s Serial number: 714s Initialized: no 714s User PIN init.: no 714s Label: 714s + p11tool --provider=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so --write --no-mark-private --load-certificate=/tmp/sssd-softhsm2-certs-xx7KV9/test-sub-intermediate-CA-trusted-certificate-0001.pem --login --set-pin=123456 --label 'Test Organization Sub Intermediate Trusted Certificate 0001' --id 00112233445566778899FFAABBCCDDEEFF012345 714s + openssl rsa -passin pass:random-sub-intermediate-ca-trusted-cert-0001-10163 -in /tmp/sssd-softhsm2-certs-xx7KV9/test-sub-intermediate-CA-trusted-certificate-0001-key.pem -out /tmp/sssd-softhsm2-certs-xx7KV9/test-sub-intermediate-CA-trusted-certificate-0001-key-decrypted.pem 714s writing RSA key 714s + p11tool --provider=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so --write --load-privkey=/tmp/sssd-softhsm2-certs-xx7KV9/test-sub-intermediate-CA-trusted-certificate-0001-key-decrypted.pem --login --set-pin=123456 --label 'Test Organization Sub Intermediate Trusted Certificate 0001 Key' --id 00112233445566778899FFAABBCCDDEEFF012345 714s + rm /tmp/sssd-softhsm2-certs-xx7KV9/test-sub-intermediate-CA-trusted-certificate-0001-key-decrypted.pem 714s + p11tool --provider=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so --list-all 714s Object 0: 714s URL: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=2d30a9e45d437960;token=Test%20Organization%20Sub%20Int%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Sub%20Intermediate%20Trusted%20Certificate%200001;type=cert 714s Type: X.509 Certificate (RSA-1024) 714s Expires: Sat Nov 15 21:18:51 2025 714s Label: Test Organization Sub Intermediate Trusted Certificate 0001 714s ID: 00:11:22:33:44:55:66:77:88:99:ff:aa:bb:cc:dd:ee:ff:01:23:45 714s 714s Test Organization Sub Int Token 714s Certificates generation completed! 714s + echo 'Test Organization Sub Int Token' 714s + echo 'Certificates generation completed!' 714s + exit 0 714s + find /tmp/sssd-softhsm2-certs-xx7KV9 -type d -exec chmod 777 '{}' ';' 714s + find /tmp/sssd-softhsm2-certs-xx7KV9 -type f -exec chmod 666 '{}' ';' 714s + backup_file /etc/sssd/sssd.conf 714s + '[' -z '' ']' 714s ++ mktemp -d -t sssd-softhsm2-backups-XXXXXX 714s + backupsdir=/tmp/sssd-softhsm2-backups-ntXYtD 714s + '[' -e /etc/sssd/sssd.conf ']' 714s + delete_paths+=("$1") 714s + rm -f /etc/sssd/sssd.conf 714s ++ runuser -u ubuntu -- sh -c 'echo ~' 714s + user_home=/home/ubuntu 714s + mkdir -p /home/ubuntu 714s + chown ubuntu:ubuntu /home/ubuntu 714s ++ runuser -u ubuntu -- sh -c 'echo ${XDG_CONFIG_HOME:-~/.config}' 714s + user_config=/home/ubuntu/.config 714s + system_config=/etc 714s + softhsm2_conf_paths=("${AUTOPKGTEST_NORMAL_USER}:$user_config/softhsm2/softhsm2.conf" "root:$system_config/softhsm/softhsm2.conf") 714s + for path_pair in "${softhsm2_conf_paths[@]}" 714s + IFS=: 714s + read -r -a path 714s + path=/home/ubuntu/.config/softhsm2/softhsm2.conf 714s + backup_file /home/ubuntu/.config/softhsm2/softhsm2.conf 714s + '[' -z /tmp/sssd-softhsm2-backups-ntXYtD ']' 714s + '[' -e /home/ubuntu/.config/softhsm2/softhsm2.conf ']' 714s + delete_paths+=("$1") 714s + rm -f /home/ubuntu/.config/softhsm2/softhsm2.conf 714s + for path_pair in "${softhsm2_conf_paths[@]}" 714s + IFS=: 714s + read -r -a path 714s + path=/etc/softhsm/softhsm2.conf 714s + backup_file /etc/softhsm/softhsm2.conf 714s + '[' -z /tmp/sssd-softhsm2-backups-ntXYtD ']' 714s + '[' -e /etc/softhsm/softhsm2.conf ']' 714s ++ dirname /etc/softhsm/softhsm2.conf 714s + local back_dir=/tmp/sssd-softhsm2-backups-ntXYtD//etc/softhsm 714s ++ basename /etc/softhsm/softhsm2.conf 714s + local back_path=/tmp/sssd-softhsm2-backups-ntXYtD//etc/softhsm/softhsm2.conf 714s + '[' '!' -e /tmp/sssd-softhsm2-backups-ntXYtD//etc/softhsm/softhsm2.conf ']' 714s + mkdir -p /tmp/sssd-softhsm2-backups-ntXYtD//etc/softhsm 714s + cp -a /etc/softhsm/softhsm2.conf /tmp/sssd-softhsm2-backups-ntXYtD//etc/softhsm/softhsm2.conf 714s + restore_paths+=("$back_path") 714s + rm -f /etc/softhsm/softhsm2.conf 714s + test_authentication login /tmp/sssd-softhsm2-certs-xx7KV9/softhsm2-test-root-CA-trusted-certificate-0001.conf /tmp/sssd-softhsm2-certs-xx7KV9/test-full-chain-CA.pem 714s + pam_service=login 714s + certificate_config=/tmp/sssd-softhsm2-certs-xx7KV9/softhsm2-test-root-CA-trusted-certificate-0001.conf 714s + ca_db=/tmp/sssd-softhsm2-certs-xx7KV9/test-full-chain-CA.pem 714s + verification_options= 714s + mkdir -p -m 700 /etc/sssd 714s Using CA DB '/tmp/sssd-softhsm2-certs-xx7KV9/test-full-chain-CA.pem' with verification options: '' 714s + echo 'Using CA DB '\''/tmp/sssd-softhsm2-certs-xx7KV9/test-full-chain-CA.pem'\'' with verification options: '\'''\''' 714s + cat 714s + chmod 600 /etc/sssd/sssd.conf 714s + for path_pair in "${softhsm2_conf_paths[@]}" 714s + IFS=: 714s + read -r -a path 714s + user=ubuntu 714s + path=/home/ubuntu/.config/softhsm2/softhsm2.conf 714s ++ dirname /home/ubuntu/.config/softhsm2/softhsm2.conf 714s + runuser -u ubuntu -- mkdir -p /home/ubuntu/.config/softhsm2 714s + runuser -u ubuntu -- ln -sf /tmp/sssd-softhsm2-certs-xx7KV9/softhsm2-test-root-CA-trusted-certificate-0001.conf /home/ubuntu/.config/softhsm2/softhsm2.conf 714s + runuser -u ubuntu -- softhsm2-util --show-slots 714s + grep 'Test Organization' 714s Label: Test Organization Root Tr Token 714s + for path_pair in "${softhsm2_conf_paths[@]}" 714s + IFS=: 714s + read -r -a path 714s + user=root 714s + path=/etc/softhsm/softhsm2.conf 714s ++ dirname /etc/softhsm/softhsm2.conf 714s + runuser -u root -- mkdir -p /etc/softhsm 714s + runuser -u root -- ln -sf /tmp/sssd-softhsm2-certs-xx7KV9/softhsm2-test-root-CA-trusted-certificate-0001.conf /etc/softhsm/softhsm2.conf 714s + runuser -u root -- softhsm2-util --show-slots 714s + grep 'Test Organization' 714s Label: Test Organization Root Tr Token 714s + systemctl restart sssd 714s + pam-auth-update --disable sss-smart-card-optional sss-smart-card-required 714s + for alternative in "${alternative_pam_configs[@]}" 714s + pam-auth-update --enable sss-smart-card-optional 715s + cat /etc/pam.d/common-auth 715s # 715s # /etc/pam.d/common-auth - authentication settings common to all services 715s # 715s # This file is included from other service-specific PAM config files, 715s # and should contain a list of the authentication modules that define 715s # the central authentication scheme for use on the system 715s # (e.g., /etc/shadow, LDAP, Kerberos, etc.). The default is to use the 715s # traditional Unix authentication mechanisms. 715s # 715s # As of pam 1.0.1-6, this file is managed by pam-auth-update by default. 715s # To take advantage of this, it is recommended that you configure any 715s # local modules either before or after the default block, and use 715s # pam-auth-update to manage selection of other modules. See 715s # pam-auth-update(8) for details. 715s 715s # here are the per-package modules (the "Primary" block) 715s auth [success=3 default=ignore] pam_sss.so allow_missing_name try_cert_auth 715s auth [success=2 default=ignore] pam_unix.so nullok try_first_pass 715s auth [success=1 default=ignore] pam_sss.so use_first_pass 715s # here's the fallback if no module succeeds 715s auth requisite pam_deny.so 715s # prime the stack with a positive return value if there isn't one already; 715s # this avoids us returning an error just because nothing sets a success code 715s # since the modules above will each just jump around 715s auth required pam_permit.so 715s # and here are more per-package modules (the "Additional" block) 715s auth optional pam_cap.so 715s # end of pam-auth-update config 715s + echo -n -e 123456 715s + runuser -u ubuntu -- pamtester -v login ubuntu authenticate 715s pamtester: invoking pam_start(login, ubuntu, ...) 715s pamtester: performing operation - authenticate 715s PIN for Test Organization Root Tr Token: pamtester: successfully authenticated 715s + echo -n -e 123456 715s + runuser -u ubuntu -- pamtester -v login '' authenticate 715s pamtester: invoking pam_start(login, , ...) 715s pamtester: performing operation - authenticate 715s PIN for Test Organization Root Tr Token: pamtester: successfully authenticated 715s + echo -n -e wrong123456 715s + runuser -u ubuntu -- pamtester -v login ubuntu authenticate 715s pamtester: invoking pam_start(login, ubuntu, ...) 715s pamtester: performing operation - authenticate 718s PIN for Test Organization Root Tr Token: Password: pamtester: Authentication failure 718s + echo -n -e wrong123456 718s + runuser -u ubuntu -- pamtester -v login '' authenticate 718s pamtester: invoking pam_start(login, , ...) 718s pamtester: performing operation - authenticate 721s PIN for Test Organization Root Tr Token: Password: pamtester: Authentication failure 721s + echo -n -e 123456 721s + pamtester -v login root authenticate 721s pamtester: invoking pam_start(login, root, ...) 721s pamtester: performing operation - authenticate 723s Password: pamtester: Authentication failure 723s + for alternative in "${alternative_pam_configs[@]}" 723s + pam-auth-update --enable sss-smart-card-required 724s PAM configuration 724s ----------------- 724s 724s Incompatible PAM profiles selected. 724s 724s The following PAM profiles cannot be used together: 724s 724s SSS required smart card authentication, SSS optional smart card 724s authentication 724s 724s Please select a different set of modules to enable. 724s 724s + cat /etc/pam.d/common-auth 724s # 724s # /etc/pam.d/common-auth - authentication settings common to all services 724s # 724s # This file is included from other service-specific PAM config files, 724s # and should contain a list of the authentication modules that define 724s # the central authentication scheme for use on the system 724s # (e.g., /etc/shadow, LDAP, Kerberos, etc.). The default is to use the 724s # traditional Unix authentication mechanisms. 724s # 724s # As of pam 1.0.1-6, this file is managed by pam-auth-update by default. 724s # To take advantage of this, it is recommended that you configure any 724s # local modules either before or after the default block, and use 724s # pam-auth-update to manage selection of other modules. See 724s # pam-auth-update(8) for details. 724s 724s # here are the per-package modules (the "Primary" block) 724s auth [success=3 ignore=ignore default=die] pam_sss.so allow_missing_name require_cert_auth 724s auth [success=2 default=ignore] pam_unix.so nullok try_first_pass 724s auth [success=1 default=ignore] pam_sss.so use_first_pass 724s # here's the fallback if no module succeeds 724s auth requisite pam_deny.so 724s # prime the stack with a positive return value if there isn't one already; 724s # this avoids us returning an error just because nothing sets a success code 724s # since the modules above will each just jump around 724s auth required pam_permit.so 724s # and here are more per-package modules (the "Additional" block) 724s auth optional pam_cap.so 724s # end of pam-auth-update config 724s + echo -n -e 123456 724s + runuser -u ubuntu -- pamtester -v login ubuntu authenticate 724s pamtester: invoking pam_start(login, ubuntu, ...) 724s pamtester: performing operation - authenticate 724s PIN for Test Organization Root Tr Token: pamtester: successfully authenticated 724s + echo -n -e 123456 724s + runuser -u ubuntu -- pamtester -v login '' authenticate 724s pamtester: invoking pam_start(login, , ...) 724s pamtester: performing operation - authenticate 724s PIN for Test Organization Root Tr Token: pamtester: successfully authenticated 724s + echo -n -e wrong123456 724s + runuser -u ubuntu -- pamtester -v login ubuntu authenticate 724s pamtester: invoking pam_start(login, ubuntu, ...) 724s pamtester: performing operation - authenticate 727s PIN for Test Organization Root Tr Token: pamtester: Authentication failure 727s + echo -n -e wrong123456 727s + runuser -u ubuntu -- pamtester -v login '' authenticate 727s pamtester: invoking pam_start(login, , ...) 727s pamtester: performing operation - authenticate 730s PIN for Test Organization Root Tr Token: pamtester: Authentication failure 730s + echo -n -e 123456 730s + pamtester -v login root authenticate 730s pamtester: invoking pam_start(login, root, ...) 730s pamtester: performing operation - authenticate 733s pamtester: Authentication service cannot retrieve authentication info 733s + test_authentication login /tmp/sssd-softhsm2-certs-xx7KV9/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf /tmp/sssd-softhsm2-certs-xx7KV9/test-full-chain-CA.pem 733s + pam_service=login 733s + certificate_config=/tmp/sssd-softhsm2-certs-xx7KV9/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 733s + ca_db=/tmp/sssd-softhsm2-certs-xx7KV9/test-full-chain-CA.pem 733s + verification_options= 733s + mkdir -p -m 700 /etc/sssd 733s + echo 'Using CA DB '\''/tmp/sssd-softhsm2-certs-xx7KV9/test-full-chain-CA.pem'\'' with verification options: '\'''\''' 733s + cat 733s Using CA DB '/tmp/sssd-softhsm2-certs-xx7KV9/test-full-chain-CA.pem' with verification options: '' 733s + chmod 600 /etc/sssd/sssd.conf 733s + for path_pair in "${softhsm2_conf_paths[@]}" 733s + IFS=: 733s + read -r -a path 733s + user=ubuntu 733s + path=/home/ubuntu/.config/softhsm2/softhsm2.conf 733s ++ dirname /home/ubuntu/.config/softhsm2/softhsm2.conf 733s + runuser -u ubuntu -- mkdir -p /home/ubuntu/.config/softhsm2 733s + runuser -u ubuntu -- ln -sf /tmp/sssd-softhsm2-certs-xx7KV9/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf /home/ubuntu/.config/softhsm2/softhsm2.conf 733s + runuser -u ubuntu -- softhsm2-util --show-slots 733s + grep 'Test Organization' 733s Label: Test Organization Sub Int Token 733s + for path_pair in "${softhsm2_conf_paths[@]}" 733s + IFS=: 733s + read -r -a path 733s + user=root 733s + path=/etc/softhsm/softhsm2.conf 733s ++ dirname /etc/softhsm/softhsm2.conf 733s + runuser -u root -- mkdir -p /etc/softhsm 733s + runuser -u root -- ln -sf /tmp/sssd-softhsm2-certs-xx7KV9/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf /etc/softhsm/softhsm2.conf 733s + runuser -u root -- softhsm2-util --show-slots 733s + grep 'Test Organization' 733s Label: Test Organization Sub Int Token 733s + systemctl restart sssd 734s + pam-auth-update --disable sss-smart-card-optional sss-smart-card-required 734s + for alternative in "${alternative_pam_configs[@]}" 734s + pam-auth-update --enable sss-smart-card-optional 734s + cat /etc/pam.d/common-auth 734s + echo -n -e 123456 734s # 734s # /etc/pam.d/common-auth - authentication settings common to all services 734s # 734s # This file is included from other service-specific PAM config files, 734s # and should contain a list of the authentication modules that define 734s # the central authentication scheme for use on the system 734s # (e.g., /etc/shadow, LDAP, Kerberos, etc.). The default is to use the 734s # traditional Unix authentication mechanisms. 734s # 734s # As of pam 1.0.1-6, this file is managed by pam-auth-update by default. 734s # To take advantage of this, it is recommended that you configure any 734s # local modules either before or after the default block, and use 734s # pam-auth-update to manage selection of other modules. See 734s # pam-auth-update(8) for details. 734s 734s # here are the per-package modules (the "Primary" block) 734s auth [success=3 default=ignore] pam_sss.so allow_missing_name try_cert_auth 734s auth [success=2 default=ignore] pam_unix.so nullok try_first_pass 734s auth [success=1 default=ignore] pam_sss.so use_first_pass 734s # here's the fallback if no module succeeds 734s auth requisite pam_deny.so 734s # prime the stack with a positive return value if there isn't one already; 734s # this avoids us returning an error just because nothing sets a success code 734s # since the modules above will each just jump around 734s auth required pam_permit.so 734s # and here are more per-package modules (the "Additional" block) 734s auth optional pam_cap.so 734s # end of pam-auth-update config 734s + runuser -u ubuntu -- pamtester -v login ubuntu authenticate 734s pamtester: invoking pam_start(login, ubuntu, ...) 734s pamtester: performing operation - authenticate 734s PIN for Test Organization Sub Int Token: pamtester: successfully authenticated 734s + echo -n -e 123456 734s + runuser -u ubuntu -- pamtester -v login '' authenticate 734s pamtester: invoking pam_start(login, , ...) 734s pamtester: performing operation - authenticate 734s PIN for Test Organization Sub Int Token: pamtester: successfully authenticated 734s + echo -n -e wrong123456 734s + runuser -u ubuntu -- pamtester -v login ubuntu authenticate 734s pamtester: invoking pam_start(login, ubuntu, ...) 734s pamtester: performing operation - authenticate 737s PIN for Test Organization Sub Int Token: Password: pamtester: Authentication failure 737s + echo -n -e wrong123456 737s + runuser -u ubuntu -- pamtester -v login '' authenticate 737s pamtester: invoking pam_start(login, , ...) 737s pamtester: performing operation - authenticate 739s PIN for Test Organization Sub Int Token: Password: pamtester: Authentication failure 739s + echo -n -e 123456 739s + pamtester -v login root authenticate 739s pamtester: invoking pam_start(login, root, ...) 739s pamtester: performing operation - authenticate 743s Password: pamtester: Authentication failure 743s + for alternative in "${alternative_pam_configs[@]}" 743s + pam-auth-update --enable sss-smart-card-required 743s PAM configuration 743s ----------------- 743s 743s Incompatible PAM profiles selected. 743s 743s The following PAM profiles cannot be used together: 743s 743s SSS required smart card authentication, SSS optional smart card 743s authentication 743s 743s Please select a different set of modules to enable. 743s 743s + cat /etc/pam.d/common-auth 743s # 743s # /etc/pam.d/common-auth - authentication settings common to all services 743s # 743s # This file is included from other service-specific PAM config files, 743s # and should contain a list of the authentication modules that define 743s # the central authentication scheme for use on the system 743s # (e.g., /etc/shadow, LDAP, Kerberos, etc.). The default is to use the 743s # traditional Unix authentication mechanisms. 743s # 743s # As of pam 1.0.1-6, this file is managed by pam-auth-update by default. 743s # To take advantage of this, it is recommended that you configure any 743s # local modules either before or after the default block, and use 743s # pam-auth-update to manage selection of other modules. See 743s # pam-auth-update(8) for details. 743s 743s # here are the per-package modules (the "Primary" block) 743s auth [success=3 ignore=ignore default=die] pam_sss.so allow_missing_name require_cert_auth 743s auth [success=2 default=ignore] pam_unix.so nullok try_first_pass 743s auth [success=1 default=ignore] pam_sss.so use_first_pass 743s # here's the fallback if no module succeeds 743s auth requisite pam_deny.so 743s # prime the stack with a positive return value if there isn't one already; 743s # this avoids us returning an error just because nothing sets a success code 743s # since the modules above will each just jump around 743s auth required pam_permit.so 743s # and here are more per-package modules (the "Additional" block) 743s auth optional pam_cap.so 743s # end of pam-auth-update config 743s + echo -n -e 123456 743s + runuser -u ubuntu -- pamtester -v login ubuntu authenticate 743s pamtester: invoking pam_start(login, ubuntu, ...) 743s pamtester: performing operation - authenticate 743s PIN for Test Organization Sub Int Token: pamtester: successfully authenticated 743s + echo -n -e 123456 743s + runuser -u ubuntu -- pamtester -v login '' authenticate 743s pamtester: invoking pam_start(login, , ...) 743s pamtester: performing operation - authenticate 743s PIN for Test Organization Sub Int Token: pamtester: successfully authenticated 743s + echo -n -e wrong123456 743s + runuser -u ubuntu -- pamtester -v login ubuntu authenticate 743s pamtester: invoking pam_start(login, ubuntu, ...) 743s pamtester: performing operation - authenticate 745s PIN for Test Organization Sub Int Token: pamtester: Authentication failure 745s + runuser -u ubuntu -- pamtester -v login '' authenticate 745s + echo -n -e wrong123456 745s pamtester: invoking pam_start(login, , ...) 745s pamtester: performing operation - authenticate 748s PIN for Test Organization Sub Int Token: pamtester: Authentication failure 748s + echo -n -e 123456 748s + pamtester -v login root authenticate 748s pamtester: invoking pam_start(login, root, ...) 748s pamtester: performing operation - authenticate 751s pamtester: Authentication service cannot retrieve authentication info 751s + test_authentication login /tmp/sssd-softhsm2-certs-xx7KV9/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf /tmp/sssd-softhsm2-certs-xx7KV9/test-sub-intermediate-CA.pem partial_chain 751s + pam_service=login 751s + certificate_config=/tmp/sssd-softhsm2-certs-xx7KV9/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 751s + ca_db=/tmp/sssd-softhsm2-certs-xx7KV9/test-sub-intermediate-CA.pem 751s + verification_options=partial_chain 751s + mkdir -p -m 700 /etc/sssd 751s Using CA DB '/tmp/sssd-softhsm2-certs-xx7KV9/test-sub-intermediate-CA.pem' with verification options: 'partial_chain' 751s + echo 'Using CA DB '\''/tmp/sssd-softhsm2-certs-xx7KV9/test-sub-intermediate-CA.pem'\'' with verification options: '\''partial_chain'\''' 751s + cat 751s + chmod 600 /etc/sssd/sssd.conf 751s + for path_pair in "${softhsm2_conf_paths[@]}" 751s + IFS=: 751s + read -r -a path 751s + user=ubuntu 751s + path=/home/ubuntu/.config/softhsm2/softhsm2.conf 751s ++ dirname /home/ubuntu/.config/softhsm2/softhsm2.conf 751s + runuser -u ubuntu -- mkdir -p /home/ubuntu/.config/softhsm2 751s + runuser -u ubuntu -- ln -sf /tmp/sssd-softhsm2-certs-xx7KV9/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf /home/ubuntu/.config/softhsm2/softhsm2.conf 751s + runuser -u ubuntu -- softhsm2-util --show-slots 751s + grep 'Test Organization' 751s Label: Test Organization Sub Int Token 751s + for path_pair in "${softhsm2_conf_paths[@]}" 751s + IFS=: 751s + read -r -a path 751s + user=root 751s + path=/etc/softhsm/softhsm2.conf 751s ++ dirname /etc/softhsm/softhsm2.conf 751s + runuser -u root -- mkdir -p /etc/softhsm 752s + runuser -u root -- ln -sf /tmp/sssd-softhsm2-certs-xx7KV9/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf /etc/softhsm/softhsm2.conf 752s + runuser -u root -- softhsm2-util --show-slots 752s + grep 'Test Organization' 752s Label: Test Organization Sub Int Token 752s + systemctl restart sssd 752s + pam-auth-update --disable sss-smart-card-optional sss-smart-card-required 752s + for alternative in "${alternative_pam_configs[@]}" 752s + pam-auth-update --enable sss-smart-card-optional 752s + cat /etc/pam.d/common-auth 752s # 752s # /etc/pam.d/common-auth - authentication settings common to all services 752s # 752s # This file is included from other service-specific PAM config files, 752s # and should contain a list of the authentication modules that define 752s # the central authentication scheme for use on the system 752s # (e.g., /etc/shadow, LDAP, Kerberos, etc.). The default is to use the 752s # traditional Unix authentication mechanisms. 752s # 752s # As of pam 1.0.1-6, this file is managed by pam-auth-update by default. 752s # To take advantage of this, it is recommended that you configure any 752s # local modules either before or after the default block, and use 752s # pam-auth-update to manage selection of other modules. See 752s # pam-auth-update(8) for details. 752s 752s # here are the per-package modules (the "Primary" block) 752s auth [success=3 default=ignore] pam_sss.so allow_missing_name try_cert_auth 752s auth [success=2 default=ignore] pam_unix.so nullok try_first_pass 752s auth [success=1 default=ignore] pam_sss.so use_first_pass 752s # here's the fallback if no module succeeds 752s auth requisite pam_deny.so 752s # prime the stack with a positive return value if there isn't one already; 752s # this avoids us returning an error just because nothing sets a success code 752s # since the modules above will each just jump around 752s auth required pam_permit.so 752s # and here are more per-package modules (the "Additional" block) 752s auth optional pam_cap.so 752s # end of pam-auth-update config 752s + echo -n -e 123456 752s + runuser -u ubuntu -- pamtester -v login ubuntu authenticate 752s pamtester: invoking pam_start(login, ubuntu, ...) 752s pamtester: performing operation - authenticate 752s PIN for Test Organization Sub Int Token: pamtester: successfully authenticated 752s + echo -n -e 123456 752s + runuser -u ubuntu -- pamtester -v login '' authenticate 752s pamtester: invoking pam_start(login, , ...) 752s pamtester: performing operation - authenticate 752s PIN for Test Organization Sub Int Token: pamtester: successfully authenticated 752s + echo -n -e wrong123456 752s + runuser -u ubuntu -- pamtester -v login ubuntu authenticate 752s pamtester: invoking pam_start(login, ubuntu, ...) 752s pamtester: performing operation - authenticate 755s PIN for Test Organization Sub Int Token: Password: pamtester: Authentication failure 755s + echo -n -e wrong123456 755s + runuser -u ubuntu -- pamtester -v login '' authenticate 755s pamtester: invoking pam_start(login, , ...) 755s pamtester: performing operation - authenticate 758s PIN for Test Organization Sub Int Token: Password: pamtester: Authentication failure 758s + echo -n -e 123456 758s + pamtester -v login root authenticate 758s pamtester: invoking pam_start(login, root, ...) 758s pamtester: performing operation - authenticate 761s Password: pamtester: Authentication failure 761s + for alternative in "${alternative_pam_configs[@]}" 761s + pam-auth-update --enable sss-smart-card-required 761s PAM configuration 761s ----------------- 761s 761s Incompatible PAM profiles selected. 761s 761s The following PAM profiles cannot be used together: 761s 761s SSS required smart card authentication, SSS optional smart card 761s authentication 761s 761s Please select a different set of modules to enable. 761s 761s + cat /etc/pam.d/common-auth 761s # 761s # /etc/pam.d/common-auth - authentication settings common to all services 761s # 761s # This file is included from other service-specific PAM config files, 761s # and should contain a list of the authentication modules that define 761s # the central authentication scheme for use on the system 761s # (e.g., /etc/shadow, LDAP, Kerberos, etc.). The default is to use the 761s # traditional Unix authentication mechanisms. 761s # 761s # As of pam 1.0.1-6, this file is managed by pam-auth-update by default. 761s # To take advantage of this, it is recommended that you configure any 761s # local modules either before or after the default block, and use 761s # pam-auth-update to manage selection of other modules. See 761s # pam-auth-update(8) for details. 761s 761s # here are the per-package modules (the "Primary" block) 761s auth [success=3 ignore=ignore default=die] pam_sss.so allow_missing_name require_cert_auth 761s auth [success=2 default=ignore] pam_unix.so nullok try_first_pass 761s auth [success=1 default=ignore] pam_sss.so use_first_pass 761s # here's the fallback if no module succeeds 761s auth requisite pam_deny.so 761s # prime the stack with a positive return value if there isn't one already; 761s # this avoids us returning an error just because nothing sets a success code 761s # since the modules above will each just jump around 761s auth required pam_permit.so 761s # and here are more per-package modules (the "Additional" block) 761s auth optional pam_cap.so 761s # end of pam-auth-update config 761s + echo -n -e 123456 761s + runuser -u ubuntu -- pamtester -v login ubuntu authenticate 761s pamtester: invoking pam_start(login, ubuntu, ...) 761s pamtester: performing operation - authenticate 761s PIN for Test Organization Sub Int Token: pamtester: successfully authenticated 761s + echo -n -e 123456 761s + runuser -u ubuntu -- pamtester -v login '' authenticate 761s pamtester: invoking pam_start(login, , ...) 762s pamtester: performing operation - authenticate 762s PIN for Test Organization Sub Int Token: pamtester: successfully authenticated 762s + echo -n -e wrong123456 762s + runuser -u ubuntu -- pamtester -v login ubuntu authenticate 762s pamtester: invoking pam_start(login, ubuntu, ...) 762s pamtester: performing operation - authenticate 764s PIN for Test Organization Sub Int Token: pamtester: Authentication failure 764s + echo -n -e wrong123456 764s + runuser -u ubuntu -- pamtester -v login '' authenticate 764s pamtester: invoking pam_start(login, , ...) 764s pamtester: performing operation - authenticate 768s PIN for Test Organization Sub Int Token: pamtester: Authentication failure 768s + echo -n -e 123456 768s + pamtester -v login root authenticate 768s pamtester: invoking pam_start(login, root, ...) 768s pamtester: performing operation - authenticate 770s pamtester: Authentication service cannot retrieve authentication info 770s + handle_exit 770s + exit_code=0 770s + restore_changes 770s + for path in "${restore_paths[@]}" 770s + local original_path 770s ++ realpath --strip --relative-base=/tmp/sssd-softhsm2-backups-ntXYtD /tmp/sssd-softhsm2-backups-ntXYtD//etc/softhsm/softhsm2.conf 770s + original_path=/etc/softhsm/softhsm2.conf 770s + rm /etc/softhsm/softhsm2.conf 770s + mv /tmp/sssd-softhsm2-backups-ntXYtD//etc/softhsm/softhsm2.conf /etc/softhsm/softhsm2.conf 770s + for path in "${delete_paths[@]}" 770s + rm -f /etc/sssd/sssd.conf 770s + for path in "${delete_paths[@]}" 770s + rm -f /home/ubuntu/.config/softhsm2/softhsm2.conf 770s + pam-auth-update --disable sss-smart-card-optional sss-smart-card-required 771s + '[' -e /etc/sssd/sssd.conf ']' 771s + systemctl stop sssd 771s + '[' -e /etc/softhsm/softhsm2.conf ']' 771s + chmod 600 /etc/softhsm/softhsm2.conf 771s + rm -rf /tmp/sssd-softhsm2-certs-xx7KV9 771s + '[' 0 = 0 ']' 771s + rm -rf /tmp/sssd-softhsm2-backups-ntXYtD 771s + set +x 771s Script completed successfully! 771s autopkgtest [21:19:49]: test sssd-smart-card-pam-auth-configs: -----------------------] 772s sssd-smart-card-pam-auth-configs PASS 772s autopkgtest [21:19:50]: test sssd-smart-card-pam-auth-configs: - - - - - - - - - - results - - - - - - - - - - 772s autopkgtest [21:19:50]: @@@@@@@@@@@@@@@@@@@@ summary 772s ldap-user-group-ldap-auth PASS 772s ldap-user-group-krb5-auth PASS 772s sssd-softhism2-certificates-tests.sh PASS 772s sssd-smart-card-pam-auth-configs PASS 783s nova [W] Skipping flock in bos03-arm64 783s Creating nova instance adt-noble-arm64-sssd-20241115-210658-juju-7f2275-prod-proposed-migration-environment-20-058487d7-5d56-4de8-bfc3-fa5fe1497f83 from image adt/ubuntu-noble-arm64-server-20241115.img (UUID 7f368af9-0e77-4513-8b13-cc742bdc3388)... 783s nova [W] Skipping flock in bos03-arm64 783s Creating nova instance adt-noble-arm64-sssd-20241115-210658-juju-7f2275-prod-proposed-migration-environment-20-058487d7-5d56-4de8-bfc3-fa5fe1497f83 from image adt/ubuntu-noble-arm64-server-20241115.img (UUID 7f368af9-0e77-4513-8b13-cc742bdc3388)... 783s nova [W] nova quota exceeded (attempt #0)