0s autopkgtest [12:03:42]: starting date and time: 2025-01-09 12:03:42+0000 0s autopkgtest [12:03:42]: git checkout: 325255d2 Merge branch 'pin-any-arch' into 'ubuntu/production' 0s autopkgtest [12:03:42]: host juju-7f2275-prod-proposed-migration-environment-20; command line: /home/ubuntu/autopkgtest/runner/autopkgtest --output-dir /tmp/autopkgtest-work.psmoz_oc/out --timeout-copy=6000 --setup-commands /home/ubuntu/autopkgtest-cloud/worker-config-production/setup-canonical.sh --apt-pocket=proposed=src:shadow --apt-upgrade sssd --timeout-short=300 --timeout-copy=20000 --timeout-build=20000 --env=ADT_TEST_TRIGGERS=shadow/1:4.13+dfsg1-4ubuntu3.3 -- ssh -s /home/ubuntu/autopkgtest/ssh-setup/nova -- --flavor autopkgtest --security-groups autopkgtest-juju-7f2275-prod-proposed-migration-environment-20@bos03-arm64-16.secgroup --name adt-noble-arm64-sssd-20250109-120342-juju-7f2275-prod-proposed-migration-environment-20-cb7df331-2e34-45aa-bc40-f8e98d75330d --image adt/ubuntu-noble-arm64-server --keyname testbed-juju-7f2275-prod-proposed-migration-environment-20 --net-id=net_prod-proposed-migration -e TERM=linux -e ''"'"'http_proxy=http://squid.internal:3128'"'"'' -e ''"'"'https_proxy=http://squid.internal:3128'"'"'' -e ''"'"'no_proxy=127.0.0.1,127.0.1.1,login.ubuntu.com,localhost,localdomain,novalocal,internal,archive.ubuntu.com,ports.ubuntu.com,security.ubuntu.com,ddebs.ubuntu.com,changelogs.ubuntu.com,keyserver.ubuntu.com,launchpadlibrarian.net,launchpadcontent.net,launchpad.net,10.24.0.0/24,keystone.ps5.canonical.com,objectstorage.prodstack5.canonical.com,radosgw.ps5.canonical.com'"'"'' --mirror=http://ftpmaster.internal/ubuntu/ 98s autopkgtest [12:05:20]: testbed dpkg architecture: arm64 98s autopkgtest [12:05:20]: testbed apt version: 2.7.14build2 99s autopkgtest [12:05:21]: @@@@@@@@@@@@@@@@@@@@ test bed setup 99s autopkgtest [12:05:21]: testbed release detected to be: None 99s autopkgtest [12:05:21]: updating testbed package index (apt update) 100s Get:1 http://ftpmaster.internal/ubuntu noble-proposed InRelease [265 kB] 100s Hit:2 http://ftpmaster.internal/ubuntu noble InRelease 100s Hit:3 http://ftpmaster.internal/ubuntu noble-updates InRelease 100s Hit:4 http://ftpmaster.internal/ubuntu noble-security InRelease 100s Get:5 http://ftpmaster.internal/ubuntu noble-proposed/universe Sources [81.5 kB] 100s Get:6 http://ftpmaster.internal/ubuntu noble-proposed/restricted Sources [4008 B] 100s Get:7 http://ftpmaster.internal/ubuntu noble-proposed/multiverse Sources [1704 B] 100s Get:8 http://ftpmaster.internal/ubuntu noble-proposed/main Sources [73.8 kB] 100s Get:9 http://ftpmaster.internal/ubuntu noble-proposed/main arm64 Packages [136 kB] 100s Get:10 http://ftpmaster.internal/ubuntu noble-proposed/main arm64 c-n-f Metadata [3756 B] 100s Get:11 http://ftpmaster.internal/ubuntu noble-proposed/restricted arm64 Packages [74.1 kB] 100s Get:12 http://ftpmaster.internal/ubuntu noble-proposed/restricted arm64 c-n-f Metadata [352 B] 100s Get:13 http://ftpmaster.internal/ubuntu noble-proposed/universe arm64 Packages [461 kB] 101s Get:14 http://ftpmaster.internal/ubuntu noble-proposed/universe arm64 c-n-f Metadata [9620 B] 101s Get:15 http://ftpmaster.internal/ubuntu noble-proposed/multiverse arm64 Packages [772 B] 101s Get:16 http://ftpmaster.internal/ubuntu noble-proposed/multiverse arm64 c-n-f Metadata [344 B] 103s Fetched 1113 kB in 1s (1163 kB/s) 104s Reading package lists... 105s Reading package lists... 105s Building dependency tree... 105s Reading state information... 106s Calculating upgrade... 106s The following package was automatically installed and is no longer required: 106s python3-netifaces 106s Use 'sudo apt autoremove' to remove it. 106s The following packages will be upgraded: 106s libnetplan1 netplan-generator netplan.io python3-netplan 106s 4 upgraded, 0 newly installed, 0 to remove and 0 not upgraded. 106s Need to get 280 kB of archives. 106s After this operation, 89.1 kB of additional disk space will be used. 106s Get:1 http://ftpmaster.internal/ubuntu noble-proposed/main arm64 netplan-generator arm64 1.1.1-1~ubuntu24.04.1 [60.5 kB] 106s Get:2 http://ftpmaster.internal/ubuntu noble-proposed/main arm64 python3-netplan arm64 1.1.1-1~ubuntu24.04.1 [22.9 kB] 106s Get:3 http://ftpmaster.internal/ubuntu noble-proposed/main arm64 netplan.io arm64 1.1.1-1~ubuntu24.04.1 [68.6 kB] 107s Get:4 http://ftpmaster.internal/ubuntu noble-proposed/main arm64 libnetplan1 arm64 1.1.1-1~ubuntu24.04.1 [128 kB] 107s Fetched 280 kB in 0s (647 kB/s) 107s (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 112962 files and directories currently installed.) 107s Preparing to unpack .../netplan-generator_1.1.1-1~ubuntu24.04.1_arm64.deb ... 107s Adding 'diversion of /lib/systemd/system-generators/netplan to /lib/systemd/system-generators/netplan.usr-is-merged by netplan-generator' 107s Unpacking netplan-generator (1.1.1-1~ubuntu24.04.1) over (1.0.1-1ubuntu2~24.04.1) ... 107s Preparing to unpack .../python3-netplan_1.1.1-1~ubuntu24.04.1_arm64.deb ... 107s Unpacking python3-netplan (1.1.1-1~ubuntu24.04.1) over (1.0.1-1ubuntu2~24.04.1) ... 107s Preparing to unpack .../netplan.io_1.1.1-1~ubuntu24.04.1_arm64.deb ... 107s Unpacking netplan.io (1.1.1-1~ubuntu24.04.1) over (1.0.1-1ubuntu2~24.04.1) ... 107s Preparing to unpack .../libnetplan1_1.1.1-1~ubuntu24.04.1_arm64.deb ... 107s Unpacking libnetplan1:arm64 (1.1.1-1~ubuntu24.04.1) over (1.0.1-1ubuntu2~24.04.1) ... 107s Setting up libnetplan1:arm64 (1.1.1-1~ubuntu24.04.1) ... 107s Setting up python3-netplan (1.1.1-1~ubuntu24.04.1) ... 108s Setting up netplan-generator (1.1.1-1~ubuntu24.04.1) ... 108s Removing 'diversion of /lib/systemd/system-generators/netplan to /lib/systemd/system-generators/netplan.usr-is-merged by netplan-generator' 108s Setting up netplan.io (1.1.1-1~ubuntu24.04.1) ... 108s Processing triggers for libc-bin (2.39-0ubuntu8.3) ... 108s Processing triggers for man-db (2.12.0-4build2) ... 108s Processing triggers for dbus (1.14.10-4ubuntu4.1) ... 108s Reading package lists... 109s Building dependency tree... 109s Reading state information... 109s The following packages will be REMOVED: 109s python3-netifaces* 110s 0 upgraded, 0 newly installed, 1 to remove and 2 not upgraded. 110s After this operation, 99.3 kB disk space will be freed. 110s (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 112963 files and directories currently installed.) 110s Removing python3-netifaces:arm64 (0.11.0-2build3) ... 110s autopkgtest [12:05:32]: upgrading testbed (apt dist-upgrade and autopurge) 110s Reading package lists... 110s Building dependency tree... 110s Reading state information... 111s Calculating upgrade...Starting pkgProblemResolver with broken count: 0 111s Starting 2 pkgProblemResolver with broken count: 0 111s Done 112s Entering ResolveByKeep 112s 112s The following packages will be upgraded: 112s login passwd 113s 2 upgraded, 0 newly installed, 0 to remove and 0 not upgraded. 113s Need to get 1039 kB of archives. 113s After this operation, 4096 B disk space will be freed. 113s Get:1 http://ftpmaster.internal/ubuntu noble-proposed/main arm64 login arm64 1:4.13+dfsg1-4ubuntu3.3 [201 kB] 113s Get:2 http://ftpmaster.internal/ubuntu noble-proposed/main arm64 passwd arm64 1:4.13+dfsg1-4ubuntu3.3 [839 kB] 113s Fetched 1039 kB in 1s (1809 kB/s) 114s (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 112953 files and directories currently installed.) 114s Preparing to unpack .../login_1%3a4.13+dfsg1-4ubuntu3.3_arm64.deb ... 114s Unpacking login (1:4.13+dfsg1-4ubuntu3.3) over (1:4.13+dfsg1-4ubuntu3.2) ... 114s Setting up login (1:4.13+dfsg1-4ubuntu3.3) ... 114s Installing new version of config file /etc/pam.d/login ... 114s (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 112953 files and directories currently installed.) 114s Preparing to unpack .../passwd_1%3a4.13+dfsg1-4ubuntu3.3_arm64.deb ... 114s Unpacking passwd (1:4.13+dfsg1-4ubuntu3.3) over (1:4.13+dfsg1-4ubuntu3.2) ... 114s Setting up passwd (1:4.13+dfsg1-4ubuntu3.3) ... 114s Processing triggers for man-db (2.12.0-4build2) ... 115s Reading package lists... 116s Building dependency tree... 116s Reading state information... 116s Starting pkgProblemResolver with broken count: 0 116s Starting 2 pkgProblemResolver with broken count: 0 116s Done 117s 0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded. 120s autopkgtest [12:05:42]: testbed running kernel: Linux 6.8.0-51-generic #52-Ubuntu SMP PREEMPT_DYNAMIC Thu Dec 5 13:32:09 UTC 2024 120s autopkgtest [12:05:42]: @@@@@@@@@@@@@@@@@@@@ apt-source sssd 137s Get:1 http://ftpmaster.internal/ubuntu noble-updates/main sssd 2.9.4-1.1ubuntu6.2 (dsc) [5064 B] 137s Get:2 http://ftpmaster.internal/ubuntu noble-updates/main sssd 2.9.4-1.1ubuntu6.2 (tar) [7983 kB] 137s Get:3 http://ftpmaster.internal/ubuntu noble-updates/main sssd 2.9.4-1.1ubuntu6.2 (diff) [52.0 kB] 137s gpgv: Signature made Thu Nov 7 02:57:42 2024 UTC 137s gpgv: using RSA key 8987D8E45F339310CE661A2E64C469BE59C0DEA2 137s gpgv: Can't check signature: No public key 137s dpkg-source: warning: cannot verify inline signature for ./sssd_2.9.4-1.1ubuntu6.2.dsc: no acceptable signature found 138s autopkgtest [12:06:00]: testing package sssd version 2.9.4-1.1ubuntu6.2 144s autopkgtest [12:06:06]: build not needed 154s autopkgtest [12:06:16]: test ldap-user-group-ldap-auth: preparing testbed 154s Reading package lists... 154s Building dependency tree... 154s Reading state information... 155s Starting pkgProblemResolver with broken count: 0 155s Starting 2 pkgProblemResolver with broken count: 0 155s Done 156s The following NEW packages will be installed: 156s expect ldap-utils libavahi-client3 libavahi-common-data libavahi-common3 156s libbasicobjects0t64 libcares2 libcollection4t64 libcrack2 libdhash1t64 156s libevent-2.1-7t64 libini-config5t64 libipa-hbac-dev libipa-hbac0t64 libjose0 156s libkrad0 libldb2 libltdl7 libnfsidmap1 libnss-sss libnss-sudo libodbc2 156s libpam-pwquality libpam-sss libpath-utils1t64 libpwquality-common 156s libpwquality1 libref-array1t64 libsmbclient0 libsss-certmap-dev 156s libsss-certmap0 libsss-idmap-dev libsss-idmap0 libsss-nss-idmap-dev 156s libsss-nss-idmap0 libsss-sudo libtalloc2 libtcl8.6 libtdb1 libtevent0t64 156s libverto-libevent1t64 libverto1t64 libwbclient0 python3-libipa-hbac 156s python3-libsss-nss-idmap python3-sss samba-libs slapd sssd sssd-ad 156s sssd-ad-common sssd-common sssd-dbus sssd-idp sssd-ipa sssd-kcm sssd-krb5 156s sssd-krb5-common sssd-ldap sssd-passkey sssd-proxy sssd-tools tcl-expect 156s tcl8.6 156s 0 upgraded, 64 newly installed, 0 to remove and 0 not upgraded. 156s Need to get 12.7 MB of archives. 156s After this operation, 60.1 MB of additional disk space will be used. 156s Get:1 http://ftpmaster.internal/ubuntu noble/main arm64 libltdl7 arm64 2.4.7-7build1 [40.4 kB] 156s Get:2 http://ftpmaster.internal/ubuntu noble-updates/main arm64 libodbc2 arm64 2.3.12-1ubuntu0.24.04.1 [145 kB] 156s Get:3 http://ftpmaster.internal/ubuntu noble-updates/main arm64 slapd arm64 2.6.7+dfsg-1~exp1ubuntu8.1 [1515 kB] 156s Get:4 http://ftpmaster.internal/ubuntu noble/main arm64 libtcl8.6 arm64 8.6.14+dfsg-1build1 [978 kB] 156s Get:5 http://ftpmaster.internal/ubuntu noble/main arm64 tcl8.6 arm64 8.6.14+dfsg-1build1 [14.6 kB] 156s Get:6 http://ftpmaster.internal/ubuntu noble/universe arm64 tcl-expect arm64 5.45.4-3 [112 kB] 156s Get:7 http://ftpmaster.internal/ubuntu noble/universe arm64 expect arm64 5.45.4-3 [137 kB] 156s Get:8 http://ftpmaster.internal/ubuntu noble-updates/main arm64 ldap-utils arm64 2.6.7+dfsg-1~exp1ubuntu8.1 [149 kB] 156s Get:9 http://ftpmaster.internal/ubuntu noble/main arm64 libavahi-common-data arm64 0.8-13ubuntu6 [29.6 kB] 156s Get:10 http://ftpmaster.internal/ubuntu noble/main arm64 libavahi-common3 arm64 0.8-13ubuntu6 [23.3 kB] 156s Get:11 http://ftpmaster.internal/ubuntu noble/main arm64 libavahi-client3 arm64 0.8-13ubuntu6 [27.2 kB] 156s Get:12 http://ftpmaster.internal/ubuntu noble/main arm64 libbasicobjects0t64 arm64 0.6.2-2.1build1 [5850 B] 156s Get:13 http://ftpmaster.internal/ubuntu noble/main arm64 libcares2 arm64 1.27.0-1.0ubuntu1 [74.1 kB] 156s Get:14 http://ftpmaster.internal/ubuntu noble/main arm64 libcollection4t64 arm64 0.6.2-2.1build1 [23.5 kB] 156s Get:15 http://ftpmaster.internal/ubuntu noble/main arm64 libcrack2 arm64 2.9.6-5.1build2 [28.9 kB] 156s Get:16 http://ftpmaster.internal/ubuntu noble/main arm64 libdhash1t64 arm64 0.6.2-2.1build1 [8882 B] 156s Get:17 http://ftpmaster.internal/ubuntu noble/main arm64 libevent-2.1-7t64 arm64 2.1.12-stable-9ubuntu2 [140 kB] 156s Get:18 http://ftpmaster.internal/ubuntu noble/main arm64 libpath-utils1t64 arm64 0.6.2-2.1build1 [9120 B] 156s Get:19 http://ftpmaster.internal/ubuntu noble/main arm64 libref-array1t64 arm64 0.6.2-2.1build1 [7322 B] 156s Get:20 http://ftpmaster.internal/ubuntu noble/main arm64 libini-config5t64 arm64 0.6.2-2.1build1 [44.6 kB] 156s Get:21 http://ftpmaster.internal/ubuntu noble-updates/main arm64 libipa-hbac0t64 arm64 2.9.4-1.1ubuntu6.2 [17.3 kB] 156s Get:22 http://ftpmaster.internal/ubuntu noble/universe arm64 libjose0 arm64 13-1 [44.5 kB] 156s Get:23 http://ftpmaster.internal/ubuntu noble/main arm64 libverto-libevent1t64 arm64 0.3.1-1.2ubuntu3 [6328 B] 157s Get:24 http://ftpmaster.internal/ubuntu noble/main arm64 libverto1t64 arm64 0.3.1-1.2ubuntu3 [10.4 kB] 157s Get:25 http://ftpmaster.internal/ubuntu noble-updates/main arm64 libkrad0 arm64 1.20.1-6ubuntu2.2 [22.1 kB] 157s Get:26 http://ftpmaster.internal/ubuntu noble/main arm64 libtalloc2 arm64 2.4.2-1build2 [26.7 kB] 157s Get:27 http://ftpmaster.internal/ubuntu noble/main arm64 libtdb1 arm64 1.4.10-1build1 [48.5 kB] 157s Get:28 http://ftpmaster.internal/ubuntu noble/main arm64 libtevent0t64 arm64 0.16.1-2build1 [42.3 kB] 157s Get:29 http://ftpmaster.internal/ubuntu noble/main arm64 libldb2 arm64 2:2.8.0+samba4.19.5+dfsg-4ubuntu9 [188 kB] 157s Get:30 http://ftpmaster.internal/ubuntu noble/main arm64 libnfsidmap1 arm64 1:2.6.4-3ubuntu5 [48.2 kB] 157s Get:31 http://ftpmaster.internal/ubuntu noble/universe arm64 libnss-sudo all 1.9.15p5-3ubuntu5 [15.2 kB] 157s Get:32 http://ftpmaster.internal/ubuntu noble/main arm64 libpwquality-common all 1.4.5-3build1 [7748 B] 157s Get:33 http://ftpmaster.internal/ubuntu noble/main arm64 libpwquality1 arm64 1.4.5-3build1 [13.3 kB] 157s Get:34 http://ftpmaster.internal/ubuntu noble/main arm64 libpam-pwquality arm64 1.4.5-3build1 [11.7 kB] 157s Get:35 http://ftpmaster.internal/ubuntu noble/main arm64 libwbclient0 arm64 2:4.19.5+dfsg-4ubuntu9 [71.4 kB] 157s Get:36 http://ftpmaster.internal/ubuntu noble/main arm64 samba-libs arm64 2:4.19.5+dfsg-4ubuntu9 [6061 kB] 157s Get:37 http://ftpmaster.internal/ubuntu noble/main arm64 libsmbclient0 arm64 2:4.19.5+dfsg-4ubuntu9 [62.1 kB] 157s Get:38 http://ftpmaster.internal/ubuntu noble-updates/main arm64 libnss-sss arm64 2.9.4-1.1ubuntu6.2 [32.2 kB] 157s Get:39 http://ftpmaster.internal/ubuntu noble-updates/main arm64 libpam-sss arm64 2.9.4-1.1ubuntu6.2 [49.4 kB] 157s Get:40 http://ftpmaster.internal/ubuntu noble-updates/main arm64 python3-sss arm64 2.9.4-1.1ubuntu6.2 [47.1 kB] 157s Get:41 http://ftpmaster.internal/ubuntu noble-updates/main arm64 libsss-certmap0 arm64 2.9.4-1.1ubuntu6.2 [46.5 kB] 157s Get:42 http://ftpmaster.internal/ubuntu noble-updates/main arm64 libsss-idmap0 arm64 2.9.4-1.1ubuntu6.2 [22.5 kB] 157s Get:43 http://ftpmaster.internal/ubuntu noble-updates/main arm64 libsss-nss-idmap0 arm64 2.9.4-1.1ubuntu6.2 [30.9 kB] 157s Get:44 http://ftpmaster.internal/ubuntu noble-updates/main arm64 sssd-common arm64 2.9.4-1.1ubuntu6.2 [1147 kB] 157s Get:45 http://ftpmaster.internal/ubuntu noble-updates/universe arm64 sssd-idp arm64 2.9.4-1.1ubuntu6.2 [27.9 kB] 157s Get:46 http://ftpmaster.internal/ubuntu noble-updates/universe arm64 sssd-passkey arm64 2.9.4-1.1ubuntu6.2 [32.7 kB] 157s Get:47 http://ftpmaster.internal/ubuntu noble-updates/main arm64 libipa-hbac-dev arm64 2.9.4-1.1ubuntu6.2 [6670 B] 157s Get:48 http://ftpmaster.internal/ubuntu noble-updates/main arm64 libsss-certmap-dev arm64 2.9.4-1.1ubuntu6.2 [5734 B] 157s Get:49 http://ftpmaster.internal/ubuntu noble-updates/main arm64 libsss-idmap-dev arm64 2.9.4-1.1ubuntu6.2 [8380 B] 157s Get:50 http://ftpmaster.internal/ubuntu noble-updates/main arm64 libsss-nss-idmap-dev arm64 2.9.4-1.1ubuntu6.2 [6716 B] 157s Get:51 http://ftpmaster.internal/ubuntu noble-updates/universe arm64 libsss-sudo arm64 2.9.4-1.1ubuntu6.2 [21.0 kB] 157s Get:52 http://ftpmaster.internal/ubuntu noble-updates/universe arm64 python3-libipa-hbac arm64 2.9.4-1.1ubuntu6.2 [16.6 kB] 157s Get:53 http://ftpmaster.internal/ubuntu noble-updates/universe arm64 python3-libsss-nss-idmap arm64 2.9.4-1.1ubuntu6.2 [9126 B] 157s Get:54 http://ftpmaster.internal/ubuntu noble-updates/main arm64 sssd-ad-common arm64 2.9.4-1.1ubuntu6.2 [75.5 kB] 157s Get:55 http://ftpmaster.internal/ubuntu noble-updates/main arm64 sssd-krb5-common arm64 2.9.4-1.1ubuntu6.2 [87.8 kB] 157s Get:56 http://ftpmaster.internal/ubuntu noble-updates/main arm64 sssd-ad arm64 2.9.4-1.1ubuntu6.2 [135 kB] 157s Get:57 http://ftpmaster.internal/ubuntu noble-updates/main arm64 sssd-ipa arm64 2.9.4-1.1ubuntu6.2 [220 kB] 157s Get:58 http://ftpmaster.internal/ubuntu noble-updates/main arm64 sssd-krb5 arm64 2.9.4-1.1ubuntu6.2 [14.3 kB] 157s Get:59 http://ftpmaster.internal/ubuntu noble-updates/main arm64 sssd-ldap arm64 2.9.4-1.1ubuntu6.2 [31.3 kB] 157s Get:60 http://ftpmaster.internal/ubuntu noble-updates/main arm64 sssd-proxy arm64 2.9.4-1.1ubuntu6.2 [44.6 kB] 157s Get:61 http://ftpmaster.internal/ubuntu noble-updates/main arm64 sssd arm64 2.9.4-1.1ubuntu6.2 [4124 B] 157s Get:62 http://ftpmaster.internal/ubuntu noble-updates/main arm64 sssd-dbus arm64 2.9.4-1.1ubuntu6.2 [103 kB] 157s Get:63 http://ftpmaster.internal/ubuntu noble-updates/universe arm64 sssd-kcm arm64 2.9.4-1.1ubuntu6.2 [139 kB] 158s Get:64 http://ftpmaster.internal/ubuntu noble-updates/main arm64 sssd-tools arm64 2.9.4-1.1ubuntu6.2 [97.5 kB] 158s Preconfiguring packages ... 158s Fetched 12.7 MB in 2s (6355 kB/s) 158s Selecting previously unselected package libltdl7:arm64. 158s (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 112953 files and directories currently installed.) 158s Preparing to unpack .../00-libltdl7_2.4.7-7build1_arm64.deb ... 158s Unpacking libltdl7:arm64 (2.4.7-7build1) ... 158s Selecting previously unselected package libodbc2:arm64. 158s Preparing to unpack .../01-libodbc2_2.3.12-1ubuntu0.24.04.1_arm64.deb ... 158s Unpacking libodbc2:arm64 (2.3.12-1ubuntu0.24.04.1) ... 158s Selecting previously unselected package slapd. 158s Preparing to unpack .../02-slapd_2.6.7+dfsg-1~exp1ubuntu8.1_arm64.deb ... 158s Unpacking slapd (2.6.7+dfsg-1~exp1ubuntu8.1) ... 158s Selecting previously unselected package libtcl8.6:arm64. 159s Preparing to unpack .../03-libtcl8.6_8.6.14+dfsg-1build1_arm64.deb ... 159s Unpacking libtcl8.6:arm64 (8.6.14+dfsg-1build1) ... 159s Selecting previously unselected package tcl8.6. 159s Preparing to unpack .../04-tcl8.6_8.6.14+dfsg-1build1_arm64.deb ... 159s Unpacking tcl8.6 (8.6.14+dfsg-1build1) ... 159s Selecting previously unselected package tcl-expect:arm64. 159s Preparing to unpack .../05-tcl-expect_5.45.4-3_arm64.deb ... 159s Unpacking tcl-expect:arm64 (5.45.4-3) ... 159s Selecting previously unselected package expect. 159s Preparing to unpack .../06-expect_5.45.4-3_arm64.deb ... 159s Unpacking expect (5.45.4-3) ... 159s Selecting previously unselected package ldap-utils. 159s Preparing to unpack .../07-ldap-utils_2.6.7+dfsg-1~exp1ubuntu8.1_arm64.deb ... 159s Unpacking ldap-utils (2.6.7+dfsg-1~exp1ubuntu8.1) ... 159s Selecting previously unselected package libavahi-common-data:arm64. 159s Preparing to unpack .../08-libavahi-common-data_0.8-13ubuntu6_arm64.deb ... 159s Unpacking libavahi-common-data:arm64 (0.8-13ubuntu6) ... 159s Selecting previously unselected package libavahi-common3:arm64. 159s Preparing to unpack .../09-libavahi-common3_0.8-13ubuntu6_arm64.deb ... 159s Unpacking libavahi-common3:arm64 (0.8-13ubuntu6) ... 159s Selecting previously unselected package libavahi-client3:arm64. 159s Preparing to unpack .../10-libavahi-client3_0.8-13ubuntu6_arm64.deb ... 159s Unpacking libavahi-client3:arm64 (0.8-13ubuntu6) ... 159s Selecting previously unselected package libbasicobjects0t64:arm64. 159s Preparing to unpack .../11-libbasicobjects0t64_0.6.2-2.1build1_arm64.deb ... 159s Unpacking libbasicobjects0t64:arm64 (0.6.2-2.1build1) ... 159s Selecting previously unselected package libcares2:arm64. 159s Preparing to unpack .../12-libcares2_1.27.0-1.0ubuntu1_arm64.deb ... 159s Unpacking libcares2:arm64 (1.27.0-1.0ubuntu1) ... 159s Selecting previously unselected package libcollection4t64:arm64. 159s Preparing to unpack .../13-libcollection4t64_0.6.2-2.1build1_arm64.deb ... 159s Unpacking libcollection4t64:arm64 (0.6.2-2.1build1) ... 159s Selecting previously unselected package libcrack2:arm64. 159s Preparing to unpack .../14-libcrack2_2.9.6-5.1build2_arm64.deb ... 159s Unpacking libcrack2:arm64 (2.9.6-5.1build2) ... 159s Selecting previously unselected package libdhash1t64:arm64. 159s Preparing to unpack .../15-libdhash1t64_0.6.2-2.1build1_arm64.deb ... 159s Unpacking libdhash1t64:arm64 (0.6.2-2.1build1) ... 159s Selecting previously unselected package libevent-2.1-7t64:arm64. 159s Preparing to unpack .../16-libevent-2.1-7t64_2.1.12-stable-9ubuntu2_arm64.deb ... 159s Unpacking libevent-2.1-7t64:arm64 (2.1.12-stable-9ubuntu2) ... 159s Selecting previously unselected package libpath-utils1t64:arm64. 159s Preparing to unpack .../17-libpath-utils1t64_0.6.2-2.1build1_arm64.deb ... 159s Unpacking libpath-utils1t64:arm64 (0.6.2-2.1build1) ... 159s Selecting previously unselected package libref-array1t64:arm64. 159s Preparing to unpack .../18-libref-array1t64_0.6.2-2.1build1_arm64.deb ... 159s Unpacking libref-array1t64:arm64 (0.6.2-2.1build1) ... 159s Selecting previously unselected package libini-config5t64:arm64. 159s Preparing to unpack .../19-libini-config5t64_0.6.2-2.1build1_arm64.deb ... 159s Unpacking libini-config5t64:arm64 (0.6.2-2.1build1) ... 159s Selecting previously unselected package libipa-hbac0t64. 159s Preparing to unpack .../20-libipa-hbac0t64_2.9.4-1.1ubuntu6.2_arm64.deb ... 159s Unpacking libipa-hbac0t64 (2.9.4-1.1ubuntu6.2) ... 159s Selecting previously unselected package libjose0:arm64. 159s Preparing to unpack .../21-libjose0_13-1_arm64.deb ... 159s Unpacking libjose0:arm64 (13-1) ... 159s Selecting previously unselected package libverto-libevent1t64:arm64. 159s Preparing to unpack .../22-libverto-libevent1t64_0.3.1-1.2ubuntu3_arm64.deb ... 159s Unpacking libverto-libevent1t64:arm64 (0.3.1-1.2ubuntu3) ... 159s Selecting previously unselected package libverto1t64:arm64. 159s Preparing to unpack .../23-libverto1t64_0.3.1-1.2ubuntu3_arm64.deb ... 159s Unpacking libverto1t64:arm64 (0.3.1-1.2ubuntu3) ... 159s Selecting previously unselected package libkrad0:arm64. 159s Preparing to unpack .../24-libkrad0_1.20.1-6ubuntu2.2_arm64.deb ... 159s Unpacking libkrad0:arm64 (1.20.1-6ubuntu2.2) ... 159s Selecting previously unselected package libtalloc2:arm64. 159s Preparing to unpack .../25-libtalloc2_2.4.2-1build2_arm64.deb ... 159s Unpacking libtalloc2:arm64 (2.4.2-1build2) ... 160s Selecting previously unselected package libtdb1:arm64. 160s Preparing to unpack .../26-libtdb1_1.4.10-1build1_arm64.deb ... 160s Unpacking libtdb1:arm64 (1.4.10-1build1) ... 160s Selecting previously unselected package libtevent0t64:arm64. 160s Preparing to unpack .../27-libtevent0t64_0.16.1-2build1_arm64.deb ... 160s Unpacking libtevent0t64:arm64 (0.16.1-2build1) ... 160s Selecting previously unselected package libldb2:arm64. 160s Preparing to unpack .../28-libldb2_2%3a2.8.0+samba4.19.5+dfsg-4ubuntu9_arm64.deb ... 160s Unpacking libldb2:arm64 (2:2.8.0+samba4.19.5+dfsg-4ubuntu9) ... 160s Selecting previously unselected package libnfsidmap1:arm64. 160s Preparing to unpack .../29-libnfsidmap1_1%3a2.6.4-3ubuntu5_arm64.deb ... 160s Unpacking libnfsidmap1:arm64 (1:2.6.4-3ubuntu5) ... 160s Selecting previously unselected package libnss-sudo. 160s Preparing to unpack .../30-libnss-sudo_1.9.15p5-3ubuntu5_all.deb ... 160s Unpacking libnss-sudo (1.9.15p5-3ubuntu5) ... 160s Selecting previously unselected package libpwquality-common. 160s Preparing to unpack .../31-libpwquality-common_1.4.5-3build1_all.deb ... 160s Unpacking libpwquality-common (1.4.5-3build1) ... 160s Selecting previously unselected package libpwquality1:arm64. 160s Preparing to unpack .../32-libpwquality1_1.4.5-3build1_arm64.deb ... 160s Unpacking libpwquality1:arm64 (1.4.5-3build1) ... 160s Selecting previously unselected package libpam-pwquality:arm64. 160s Preparing to unpack .../33-libpam-pwquality_1.4.5-3build1_arm64.deb ... 160s Unpacking libpam-pwquality:arm64 (1.4.5-3build1) ... 160s Selecting previously unselected package libwbclient0:arm64. 160s Preparing to unpack .../34-libwbclient0_2%3a4.19.5+dfsg-4ubuntu9_arm64.deb ... 160s Unpacking libwbclient0:arm64 (2:4.19.5+dfsg-4ubuntu9) ... 160s Selecting previously unselected package samba-libs:arm64. 160s Preparing to unpack .../35-samba-libs_2%3a4.19.5+dfsg-4ubuntu9_arm64.deb ... 160s Unpacking samba-libs:arm64 (2:4.19.5+dfsg-4ubuntu9) ... 160s Selecting previously unselected package libsmbclient0:arm64. 160s Preparing to unpack .../36-libsmbclient0_2%3a4.19.5+dfsg-4ubuntu9_arm64.deb ... 160s Unpacking libsmbclient0:arm64 (2:4.19.5+dfsg-4ubuntu9) ... 160s Selecting previously unselected package libnss-sss:arm64. 160s Preparing to unpack .../37-libnss-sss_2.9.4-1.1ubuntu6.2_arm64.deb ... 160s Unpacking libnss-sss:arm64 (2.9.4-1.1ubuntu6.2) ... 160s Selecting previously unselected package libpam-sss:arm64. 160s Preparing to unpack .../38-libpam-sss_2.9.4-1.1ubuntu6.2_arm64.deb ... 160s Unpacking libpam-sss:arm64 (2.9.4-1.1ubuntu6.2) ... 160s Selecting previously unselected package python3-sss. 160s Preparing to unpack .../39-python3-sss_2.9.4-1.1ubuntu6.2_arm64.deb ... 160s Unpacking python3-sss (2.9.4-1.1ubuntu6.2) ... 160s Selecting previously unselected package libsss-certmap0. 160s Preparing to unpack .../40-libsss-certmap0_2.9.4-1.1ubuntu6.2_arm64.deb ... 160s Unpacking libsss-certmap0 (2.9.4-1.1ubuntu6.2) ... 160s Selecting previously unselected package libsss-idmap0. 160s Preparing to unpack .../41-libsss-idmap0_2.9.4-1.1ubuntu6.2_arm64.deb ... 160s Unpacking libsss-idmap0 (2.9.4-1.1ubuntu6.2) ... 160s Selecting previously unselected package libsss-nss-idmap0. 160s Preparing to unpack .../42-libsss-nss-idmap0_2.9.4-1.1ubuntu6.2_arm64.deb ... 160s Unpacking libsss-nss-idmap0 (2.9.4-1.1ubuntu6.2) ... 160s Selecting previously unselected package sssd-common. 160s Preparing to unpack .../43-sssd-common_2.9.4-1.1ubuntu6.2_arm64.deb ... 160s Unpacking sssd-common (2.9.4-1.1ubuntu6.2) ... 160s Selecting previously unselected package sssd-idp. 160s Preparing to unpack .../44-sssd-idp_2.9.4-1.1ubuntu6.2_arm64.deb ... 160s Unpacking sssd-idp (2.9.4-1.1ubuntu6.2) ... 161s Selecting previously unselected package sssd-passkey. 161s Preparing to unpack .../45-sssd-passkey_2.9.4-1.1ubuntu6.2_arm64.deb ... 161s Unpacking sssd-passkey (2.9.4-1.1ubuntu6.2) ... 161s Selecting previously unselected package libipa-hbac-dev. 161s Preparing to unpack .../46-libipa-hbac-dev_2.9.4-1.1ubuntu6.2_arm64.deb ... 161s Unpacking libipa-hbac-dev (2.9.4-1.1ubuntu6.2) ... 161s Selecting previously unselected package libsss-certmap-dev. 161s Preparing to unpack .../47-libsss-certmap-dev_2.9.4-1.1ubuntu6.2_arm64.deb ... 161s Unpacking libsss-certmap-dev (2.9.4-1.1ubuntu6.2) ... 161s Selecting previously unselected package libsss-idmap-dev. 161s Preparing to unpack .../48-libsss-idmap-dev_2.9.4-1.1ubuntu6.2_arm64.deb ... 161s Unpacking libsss-idmap-dev (2.9.4-1.1ubuntu6.2) ... 161s Selecting previously unselected package libsss-nss-idmap-dev. 161s Preparing to unpack .../49-libsss-nss-idmap-dev_2.9.4-1.1ubuntu6.2_arm64.deb ... 161s Unpacking libsss-nss-idmap-dev (2.9.4-1.1ubuntu6.2) ... 161s Selecting previously unselected package libsss-sudo. 161s Preparing to unpack .../50-libsss-sudo_2.9.4-1.1ubuntu6.2_arm64.deb ... 161s Unpacking libsss-sudo (2.9.4-1.1ubuntu6.2) ... 161s Selecting previously unselected package python3-libipa-hbac. 161s Preparing to unpack .../51-python3-libipa-hbac_2.9.4-1.1ubuntu6.2_arm64.deb ... 161s Unpacking python3-libipa-hbac (2.9.4-1.1ubuntu6.2) ... 161s Selecting previously unselected package python3-libsss-nss-idmap. 161s Preparing to unpack .../52-python3-libsss-nss-idmap_2.9.4-1.1ubuntu6.2_arm64.deb ... 161s Unpacking python3-libsss-nss-idmap (2.9.4-1.1ubuntu6.2) ... 161s Selecting previously unselected package sssd-ad-common. 161s Preparing to unpack .../53-sssd-ad-common_2.9.4-1.1ubuntu6.2_arm64.deb ... 161s Unpacking sssd-ad-common (2.9.4-1.1ubuntu6.2) ... 161s Selecting previously unselected package sssd-krb5-common. 161s Preparing to unpack .../54-sssd-krb5-common_2.9.4-1.1ubuntu6.2_arm64.deb ... 161s Unpacking sssd-krb5-common (2.9.4-1.1ubuntu6.2) ... 161s Selecting previously unselected package sssd-ad. 161s Preparing to unpack .../55-sssd-ad_2.9.4-1.1ubuntu6.2_arm64.deb ... 161s Unpacking sssd-ad (2.9.4-1.1ubuntu6.2) ... 161s Selecting previously unselected package sssd-ipa. 161s Preparing to unpack .../56-sssd-ipa_2.9.4-1.1ubuntu6.2_arm64.deb ... 161s Unpacking sssd-ipa (2.9.4-1.1ubuntu6.2) ... 161s Selecting previously unselected package sssd-krb5. 161s Preparing to unpack .../57-sssd-krb5_2.9.4-1.1ubuntu6.2_arm64.deb ... 161s Unpacking sssd-krb5 (2.9.4-1.1ubuntu6.2) ... 161s Selecting previously unselected package sssd-ldap. 161s Preparing to unpack .../58-sssd-ldap_2.9.4-1.1ubuntu6.2_arm64.deb ... 161s Unpacking sssd-ldap (2.9.4-1.1ubuntu6.2) ... 161s Selecting previously unselected package sssd-proxy. 161s Preparing to unpack .../59-sssd-proxy_2.9.4-1.1ubuntu6.2_arm64.deb ... 161s Unpacking sssd-proxy (2.9.4-1.1ubuntu6.2) ... 161s Selecting previously unselected package sssd. 161s Preparing to unpack .../60-sssd_2.9.4-1.1ubuntu6.2_arm64.deb ... 161s Unpacking sssd (2.9.4-1.1ubuntu6.2) ... 161s Selecting previously unselected package sssd-dbus. 161s Preparing to unpack .../61-sssd-dbus_2.9.4-1.1ubuntu6.2_arm64.deb ... 161s Unpacking sssd-dbus (2.9.4-1.1ubuntu6.2) ... 162s Selecting previously unselected package sssd-kcm. 162s Preparing to unpack .../62-sssd-kcm_2.9.4-1.1ubuntu6.2_arm64.deb ... 162s Unpacking sssd-kcm (2.9.4-1.1ubuntu6.2) ... 162s Selecting previously unselected package sssd-tools. 162s Preparing to unpack .../63-sssd-tools_2.9.4-1.1ubuntu6.2_arm64.deb ... 162s Unpacking sssd-tools (2.9.4-1.1ubuntu6.2) ... 162s Setting up libpwquality-common (1.4.5-3build1) ... 162s Setting up libnfsidmap1:arm64 (1:2.6.4-3ubuntu5) ... 162s Setting up libsss-idmap0 (2.9.4-1.1ubuntu6.2) ... 162s Setting up libbasicobjects0t64:arm64 (0.6.2-2.1build1) ... 162s Setting up libipa-hbac0t64 (2.9.4-1.1ubuntu6.2) ... 162s Setting up libsss-idmap-dev (2.9.4-1.1ubuntu6.2) ... 162s Setting up libref-array1t64:arm64 (0.6.2-2.1build1) ... 162s Setting up libipa-hbac-dev (2.9.4-1.1ubuntu6.2) ... 162s Setting up libtdb1:arm64 (1.4.10-1build1) ... 162s Setting up libcollection4t64:arm64 (0.6.2-2.1build1) ... 162s Setting up libevent-2.1-7t64:arm64 (2.1.12-stable-9ubuntu2) ... 162s Setting up ldap-utils (2.6.7+dfsg-1~exp1ubuntu8.1) ... 162s Setting up libjose0:arm64 (13-1) ... 162s Setting up libwbclient0:arm64 (2:4.19.5+dfsg-4ubuntu9) ... 162s Setting up libtalloc2:arm64 (2.4.2-1build2) ... 162s Setting up libpath-utils1t64:arm64 (0.6.2-2.1build1) ... 162s Setting up libavahi-common-data:arm64 (0.8-13ubuntu6) ... 162s Setting up libcares2:arm64 (1.27.0-1.0ubuntu1) ... 162s Setting up libdhash1t64:arm64 (0.6.2-2.1build1) ... 162s Setting up libtcl8.6:arm64 (8.6.14+dfsg-1build1) ... 162s Setting up libltdl7:arm64 (2.4.7-7build1) ... 162s Setting up libcrack2:arm64 (2.9.6-5.1build2) ... 162s Setting up libodbc2:arm64 (2.3.12-1ubuntu0.24.04.1) ... 162s Setting up python3-libipa-hbac (2.9.4-1.1ubuntu6.2) ... 162s Setting up libnss-sudo (1.9.15p5-3ubuntu5) ... 162s Setting up libsss-nss-idmap0 (2.9.4-1.1ubuntu6.2) ... 162s Setting up libini-config5t64:arm64 (0.6.2-2.1build1) ... 162s Setting up libtevent0t64:arm64 (0.16.1-2build1) ... 162s Setting up libnss-sss:arm64 (2.9.4-1.1ubuntu6.2) ... 162s Setting up slapd (2.6.7+dfsg-1~exp1ubuntu8.1) ... 162s Creating new user openldap... done. 162s Creating initial configuration... done. 162s Creating LDAP directory... done. 162s Setting up tcl8.6 (8.6.14+dfsg-1build1) ... 162s Setting up libsss-sudo (2.9.4-1.1ubuntu6.2) ... 162s Setting up libsss-nss-idmap-dev (2.9.4-1.1ubuntu6.2) ... 162s Setting up libavahi-common3:arm64 (0.8-13ubuntu6) ... 162s Setting up tcl-expect:arm64 (5.45.4-3) ... 162s Setting up libsss-certmap0 (2.9.4-1.1ubuntu6.2) ... 162s Setting up libpwquality1:arm64 (1.4.5-3build1) ... 162s Setting up python3-libsss-nss-idmap (2.9.4-1.1ubuntu6.2) ... 162s Setting up libldb2:arm64 (2:2.8.0+samba4.19.5+dfsg-4ubuntu9) ... 162s Setting up libavahi-client3:arm64 (0.8-13ubuntu6) ... 162s Setting up expect (5.45.4-3) ... 162s Setting up libpam-pwquality:arm64 (1.4.5-3build1) ... 163s Setting up samba-libs:arm64 (2:4.19.5+dfsg-4ubuntu9) ... 163s Setting up libsss-certmap-dev (2.9.4-1.1ubuntu6.2) ... 163s Setting up python3-sss (2.9.4-1.1ubuntu6.2) ... 163s Setting up libsmbclient0:arm64 (2:4.19.5+dfsg-4ubuntu9) ... 163s Setting up libpam-sss:arm64 (2.9.4-1.1ubuntu6.2) ... 163s Setting up sssd-common (2.9.4-1.1ubuntu6.2) ... 163s Creating SSSD system user & group... 163s warn: The home directory `/var/lib/sss' already exists. Not touching this directory. 163s warn: Warning: The home directory `/var/lib/sss' does not belong to the user you are currently creating. 163s Warning: found usr.sbin.sssd in /etc/apparmor.d/force-complain, forcing complain mode 163s Warning from /etc/apparmor.d/usr.sbin.sssd (/etc/apparmor.d/usr.sbin.sssd line 63): Caching disabled for: 'usr.sbin.sssd' due to force complain 164s Created symlink /etc/systemd/system/sssd.service.wants/sssd-autofs.socket → /usr/lib/systemd/system/sssd-autofs.socket. 164s Created symlink /etc/systemd/system/sssd.service.wants/sssd-nss.socket → /usr/lib/systemd/system/sssd-nss.socket. 164s Created symlink /etc/systemd/system/sssd.service.wants/sssd-pam-priv.socket → /usr/lib/systemd/system/sssd-pam-priv.socket. 164s Created symlink /etc/systemd/system/sssd.service.wants/sssd-pam.socket → /usr/lib/systemd/system/sssd-pam.socket. 164s Created symlink /etc/systemd/system/sssd.service.wants/sssd-ssh.socket → /usr/lib/systemd/system/sssd-ssh.socket. 165s Created symlink /etc/systemd/system/sssd.service.wants/sssd-sudo.socket → /usr/lib/systemd/system/sssd-sudo.socket. 165s Created symlink /etc/systemd/system/multi-user.target.wants/sssd.service → /usr/lib/systemd/system/sssd.service. 165s sssd-autofs.service is a disabled or a static unit, not starting it. 165s sssd-nss.service is a disabled or a static unit, not starting it. 165s sssd-pam.service is a disabled or a static unit, not starting it. 165s sssd-ssh.service is a disabled or a static unit, not starting it. 165s sssd-sudo.service is a disabled or a static unit, not starting it. 165s Could not execute systemctl: at /usr/bin/deb-systemd-invoke line 148. 165s Setting up sssd-proxy (2.9.4-1.1ubuntu6.2) ... 165s Setting up sssd-kcm (2.9.4-1.1ubuntu6.2) ... 166s Created symlink /etc/systemd/system/sockets.target.wants/sssd-kcm.socket → /usr/lib/systemd/system/sssd-kcm.socket. 166s sssd-kcm.service is a disabled or a static unit, not starting it. 166s Setting up sssd-dbus (2.9.4-1.1ubuntu6.2) ... 166s sssd-ifp.service is a disabled or a static unit, not starting it. 166s Setting up sssd-ad-common (2.9.4-1.1ubuntu6.2) ... 166s Created symlink /etc/systemd/system/sssd.service.wants/sssd-pac.socket → /usr/lib/systemd/system/sssd-pac.socket. 167s sssd-pac.service is a disabled or a static unit, not starting it. 167s Could not execute systemctl: at /usr/bin/deb-systemd-invoke line 148. 167s Setting up sssd-krb5-common (2.9.4-1.1ubuntu6.2) ... 167s Setting up sssd-krb5 (2.9.4-1.1ubuntu6.2) ... 167s Setting up sssd-ldap (2.9.4-1.1ubuntu6.2) ... 167s Setting up sssd-ad (2.9.4-1.1ubuntu6.2) ... 167s Setting up sssd-tools (2.9.4-1.1ubuntu6.2) ... 167s Setting up sssd-ipa (2.9.4-1.1ubuntu6.2) ... 167s Setting up sssd (2.9.4-1.1ubuntu6.2) ... 167s Setting up libverto-libevent1t64:arm64 (0.3.1-1.2ubuntu3) ... 167s Setting up libverto1t64:arm64 (0.3.1-1.2ubuntu3) ... 167s Setting up libkrad0:arm64 (1.20.1-6ubuntu2.2) ... 167s Setting up sssd-passkey (2.9.4-1.1ubuntu6.2) ... 167s Setting up sssd-idp (2.9.4-1.1ubuntu6.2) ... 167s Processing triggers for libc-bin (2.39-0ubuntu8.3) ... 167s Processing triggers for ufw (0.36.2-6) ... 167s Processing triggers for man-db (2.12.0-4build2) ... 168s Processing triggers for dbus (1.14.10-4ubuntu4.1) ... 174s autopkgtest [12:06:36]: test ldap-user-group-ldap-auth: [----------------------- 174s + . debian/tests/util 174s + . debian/tests/common-tests 174s + mydomain=example.com 174s + myhostname=ldap.example.com 174s + mysuffix=dc=example,dc=com 174s + admin_dn=cn=admin,dc=example,dc=com 174s + admin_pw=secret 174s + ldap_user=testuser1 174s + ldap_user_pw=testuser1secret 174s + ldap_group=ldapusers 174s + adjust_hostname ldap.example.com 174s + local myhostname=ldap.example.com 174s + echo ldap.example.com 174s + hostname ldap.example.com 174s + grep -qE ldap.example.com /etc/hosts 174s + echo 127.0.1.10 ldap.example.com 174s + reconfigure_slapd 174s + debconf-set-selections 174s + rm -rf /var/backups/*slapd* /var/backups/unknown*ldapdb 174s + dpkg-reconfigure -fnoninteractive -pcritical slapd 174s Backing up /etc/ldap/slapd.d in /var/backups/slapd-2.6.7+dfsg-1~exp1ubuntu8.1... done. 174s Moving old database directory to /var/backups: 174s - directory unknown... done. 174s Creating initial configuration... done. 174s Creating LDAP directory... done. 175s + generate_certs ldap.example.com 175s + local cn=ldap.example.com 175s + local cert=/etc/ldap/server.pem 175s + local key=/etc/ldap/server.key 175s + local cnf=/etc/ldap/openssl.cnf 175s + cat 175s + openssl req -new -x509 -nodes -out /etc/ldap/server.pem -keyout /etc/ldap/server.key -config /etc/ldap/openssl.cnf 175s ..modifying entry "cn=config" 175s 175s adding new entry "ou=People,dc=example,dc=com" 175s 175s adding new entry "ou=Group,dc=example,dc=com" 175s 175s adding new entry "uid=testuser1,ou=People,dc=example,dc=com" 175s 175s adding new entry "cn=testuser1,ou=Group,dc=example,dc=com" 175s 175s adding new entry "cn=ldapusers,ou=Group,dc=example,dc=com" 175s 175s ......++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 175s ............++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 175s ----- 175s + chmod 0640 /etc/ldap/server.key 175s + chgrp openldap /etc/ldap/server.key 175s + [ ! -f /etc/ldap/server.pem ] 175s + [ ! -f /etc/ldap/server.key ] 175s + enable_ldap_ssl 175s + cat 175s + cat 175s + ldapmodify -H ldapi:/// -Y EXTERNAL -Q 175s + populate_ldap_rfc2307 175s + cat 175s + ldapadd -x -D cn=admin,dc=example,dc=com -w secret 175s + configure_sssd_ldap_rfc2307 175s + cat 175s + chmod 0600 /etc/sssd/sssd.conf 175s + systemctl restart sssd 175s Assert local user databases do not have our LDAP test data 175s + enable_pam_mkhomedir 175s + grep -qE ^session.*pam_mkhomedir\.so /etc/pam.d/common-session 175s + echo session optional pam_mkhomedir.so 175s + run_common_tests 175s + echo Assert local user databases do not have our LDAP test data 175s + check_local_user testuser1 175s + local local_user=testuser1 175s + grep -q ^testuser1 /etc/passwd 175s + check_local_group testuser1 175s + local local_group=testuser1 175s + grep -q ^testuser1 /etc/group 175s + check_local_group ldapusers 175s + local local_group=ldapusers 175s + grep -q ^ldapusers /etc/group 175s The LDAP user is known to the system via getent 175s + echo The LDAP user is known to the system via getent 175s + check_getent_user testuser1 175s + local getent_user=testuser1 175s + local output 175s + getent passwd testuser1 175s + output=testuser1:*:10001:10001:testuser1:/home/testuser1:/bin/bash 175s + [ -z testuser1:*:10001:10001:testuser1:/home/testuser1:/bin/bash ] 175s + echo The LDAP user's private group is known to the system via getent 175s + check_getent_group testuser1 175s + local getent_group=testuser1 175s + local output 175s The LDAP user's private group is known to the system via getent 175s + getent group testuser1 175s The LDAP group ldapusers is known to the system via getent 175s + output=testuser1:*:10001:testuser1 175s + [ -z testuser1:*:10001:testuser1 ] 175s + echo The LDAP group ldapusers is known to the system via getent 175s + check_getent_group ldapusers 175s + local getent_group=ldapusers 175s + local output 175s + getent group ldapusers 175s The id(1) command can resolve the group membership of the LDAP user 175s + output=ldapusers:*:10100:testuser1 175s + [ -z ldapusers:*:10100:testuser1 ] 175s + echo The id(1) command can resolve the group membership of the LDAP user 175s + id -Gn testuser1 175s The LDAP user can login on a terminal 175s + output=testuser1 ldapusers 175s + [ testuser1 ldapusers != testuser1 ldapusers ] 175s + echo The LDAP user can login on a terminal 175s + /usr/bin/expect -f debian/tests/login.exp testuser1 testuser1secret 175s spawn login 175s ldap.example.com login: testuser1 175s Password: 175s Welcome to Ubuntu 24.04.1 LTS (GNU/Linux 6.8.0-51-generic aarch64) 175s 175s * Documentation: https://help.ubuntu.com 175s * Management: https://landscape.canonical.com 175s * Support: https://ubuntu.com/pro 175s 175s 175s The programs included with the Ubuntu system are free software; 175s the exact distribution terms for each program are described in the 175s individual files in /usr/share/doc/*/copyright. 175s 175s Ubuntu comes with ABSOLUTELY NO WARRANTY, to the extent permitted by 175s applicable law. 175s 175s 175s The programs included with the Ubuntu system are free software; 175s the exact distribution terms for each program are described in the 175s individual files in /usr/share/doc/*/copyright. 175s 175s Ubuntu comes with ABSOLUTELY NO WARRANTY, to the extent permitted by 175s applicable law. 175s 175s Creating directory '/home/testuser1'. 175s [?2004htestuser1@ldap:~$ id -un 175s [?2004l testuser1 176s [?2004htestuser1@ldap:~$ autopkgtest [12:06:38]: test ldap-user-group-ldap-auth: -----------------------] 176s autopkgtest [12:06:38]: test ldap-user-group-ldap-auth: - - - - - - - - - - results - - - - - - - - - - 176s ldap-user-group-ldap-auth PASS 177s autopkgtest [12:06:39]: test ldap-user-group-krb5-auth: preparing testbed 177s Reading package lists... 177s Building dependency tree... 177s Reading state information... 178s Starting pkgProblemResolver with broken count: 0 178s Starting 2 pkgProblemResolver with broken count: 0 178s Done 178s The following NEW packages will be installed: 178s krb5-admin-server krb5-config krb5-kdc krb5-user libgssrpc4t64 178s libkadm5clnt-mit12 libkadm5srv-mit12 libkdb5-10t64 179s 0 upgraded, 8 newly installed, 0 to remove and 0 not upgraded. 179s Need to get 597 kB of archives. 179s After this operation, 2914 kB of additional disk space will be used. 179s Get:1 http://ftpmaster.internal/ubuntu noble/main arm64 krb5-config all 2.7 [22.0 kB] 179s Get:2 http://ftpmaster.internal/ubuntu noble-updates/main arm64 libgssrpc4t64 arm64 1.20.1-6ubuntu2.2 [57.9 kB] 179s Get:3 http://ftpmaster.internal/ubuntu noble-updates/main arm64 libkadm5clnt-mit12 arm64 1.20.1-6ubuntu2.2 [40.0 kB] 179s Get:4 http://ftpmaster.internal/ubuntu noble-updates/main arm64 libkdb5-10t64 arm64 1.20.1-6ubuntu2.2 [40.5 kB] 179s Get:5 http://ftpmaster.internal/ubuntu noble-updates/main arm64 libkadm5srv-mit12 arm64 1.20.1-6ubuntu2.2 [53.4 kB] 179s Get:6 http://ftpmaster.internal/ubuntu noble-updates/universe arm64 krb5-user arm64 1.20.1-6ubuntu2.2 [108 kB] 179s Get:7 http://ftpmaster.internal/ubuntu noble-updates/universe arm64 krb5-kdc arm64 1.20.1-6ubuntu2.2 [180 kB] 179s Get:8 http://ftpmaster.internal/ubuntu noble-updates/universe arm64 krb5-admin-server arm64 1.20.1-6ubuntu2.2 [94.9 kB] 179s Preconfiguring packages ... 181s Fetched 597 kB in 1s (1030 kB/s) 181s Selecting previously unselected package krb5-config. 181s (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 114244 files and directories currently installed.) 181s Preparing to unpack .../0-krb5-config_2.7_all.deb ... 181s Unpacking krb5-config (2.7) ... 181s Selecting previously unselected package libgssrpc4t64:arm64. 181s Preparing to unpack .../1-libgssrpc4t64_1.20.1-6ubuntu2.2_arm64.deb ... 181s Unpacking libgssrpc4t64:arm64 (1.20.1-6ubuntu2.2) ... 181s Selecting previously unselected package libkadm5clnt-mit12:arm64. 181s Preparing to unpack .../2-libkadm5clnt-mit12_1.20.1-6ubuntu2.2_arm64.deb ... 181s Unpacking libkadm5clnt-mit12:arm64 (1.20.1-6ubuntu2.2) ... 181s Selecting previously unselected package libkdb5-10t64:arm64. 181s Preparing to unpack .../3-libkdb5-10t64_1.20.1-6ubuntu2.2_arm64.deb ... 181s Unpacking libkdb5-10t64:arm64 (1.20.1-6ubuntu2.2) ... 181s Selecting previously unselected package libkadm5srv-mit12:arm64. 181s Preparing to unpack .../4-libkadm5srv-mit12_1.20.1-6ubuntu2.2_arm64.deb ... 181s Unpacking libkadm5srv-mit12:arm64 (1.20.1-6ubuntu2.2) ... 181s Selecting previously unselected package krb5-user. 181s Preparing to unpack .../5-krb5-user_1.20.1-6ubuntu2.2_arm64.deb ... 181s Unpacking krb5-user (1.20.1-6ubuntu2.2) ... 181s Selecting previously unselected package krb5-kdc. 181s Preparing to unpack .../6-krb5-kdc_1.20.1-6ubuntu2.2_arm64.deb ... 181s Unpacking krb5-kdc (1.20.1-6ubuntu2.2) ... 181s Selecting previously unselected package krb5-admin-server. 181s Preparing to unpack .../7-krb5-admin-server_1.20.1-6ubuntu2.2_arm64.deb ... 181s Unpacking krb5-admin-server (1.20.1-6ubuntu2.2) ... 181s Setting up libgssrpc4t64:arm64 (1.20.1-6ubuntu2.2) ... 181s Setting up krb5-config (2.7) ... 181s Setting up libkadm5clnt-mit12:arm64 (1.20.1-6ubuntu2.2) ... 181s Setting up libkdb5-10t64:arm64 (1.20.1-6ubuntu2.2) ... 181s Setting up libkadm5srv-mit12:arm64 (1.20.1-6ubuntu2.2) ... 181s Setting up krb5-user (1.20.1-6ubuntu2.2) ... 181s update-alternatives: using /usr/bin/kinit.mit to provide /usr/bin/kinit (kinit) in auto mode 181s update-alternatives: using /usr/bin/klist.mit to provide /usr/bin/klist (klist) in auto mode 181s update-alternatives: using /usr/bin/kswitch.mit to provide /usr/bin/kswitch (kswitch) in auto mode 181s update-alternatives: using /usr/bin/ksu.mit to provide /usr/bin/ksu (ksu) in auto mode 181s update-alternatives: using /usr/bin/kpasswd.mit to provide /usr/bin/kpasswd (kpasswd) in auto mode 181s update-alternatives: using /usr/bin/kdestroy.mit to provide /usr/bin/kdestroy (kdestroy) in auto mode 181s update-alternatives: using /usr/bin/kadmin.mit to provide /usr/bin/kadmin (kadmin) in auto mode 181s update-alternatives: using /usr/bin/ktutil.mit to provide /usr/bin/ktutil (ktutil) in auto mode 181s Setting up krb5-kdc (1.20.1-6ubuntu2.2) ... 182s Created symlink /etc/systemd/system/multi-user.target.wants/krb5-kdc.service → /usr/lib/systemd/system/krb5-kdc.service. 182s Could not execute systemctl: at /usr/bin/deb-systemd-invoke line 148. 182s Setting up krb5-admin-server (1.20.1-6ubuntu2.2) ... 183s Created symlink /etc/systemd/system/multi-user.target.wants/krb5-admin-server.service → /usr/lib/systemd/system/krb5-admin-server.service. 183s Processing triggers for man-db (2.12.0-4build2) ... 184s Processing triggers for libc-bin (2.39-0ubuntu8.3) ... 190s autopkgtest [12:06:52]: test ldap-user-group-krb5-auth: [----------------------- 190s + . debian/tests/util 190s + . debian/tests/common-tests 190s + mydomain=example.com 190s + myhostname=ldap.example.com 190s + mysuffix=dc=example,dc=com 190s + myrealm=EXAMPLE.COM 190s + admin_dn=cn=admin,dc=example,dc=com 190s + admin_pw=secret 190s + ldap_user=testuser1 190s + ldap_user_pw=testuser1secret 190s + kerberos_principal_pw=testuser1kerberos 190s + ldap_group=ldapusers 190s + adjust_hostname ldap.example.com 190s + local myhostname=ldap.example.com 190s + echo ldap.example.com 190s + hostname ldap.example.com 190s + grep -qE ldap.example.com /etc/hosts 190s + reconfigure_slapd 190s + debconf-set-selections 190s + rm -rf /var/backups/slapd-2.6.7+dfsg-1~exp1ubuntu8.1 /var/backups/unknown-2.6.7+dfsg-1~exp1ubuntu8.1-20250109-120636.ldapdb 190s + dpkg-reconfigure -fnoninteractive -pcritical slapd 190s Backing up /etc/ldap/slapd.d in /var/backups/slapd-2.6.7+dfsg-1~exp1ubuntu8.1... done. 190s Moving old database directory to /var/backups: 190s - directory unknown... done. 190s Creating initial configuration... done. 190s Creating LDAP directory... done. 191s + generate_certs ldap.example.com 191s + local cn=ldap.example.com 191s + local cert=/etc/ldap/server.pem 191s + local key=/etc/ldap/server.key 191s + local cnf=/etc/ldap/openssl.cnf 191s + cat 191s + openssl req -new -x509 -nodes -out /etc/ldap/server.pem -keyout /etc/ldap/server.key -config /etc/ldap/openssl.cnf 191s ...................................++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 191s ...++++++++++++++++++++++++++++++modifying entry "cn=config" 191s 191s adding new entry "ou=People,dc=example,dc=com" 191s 191s adding new entry "ou=Group,dc=example,dc=com" 191s 191s adding new entry "uid=testuser1,ou=People,dc=example,dc=com" 191s 191s adding new entry "cn=testuser1,ou=Group,dc=example,dc=com" 191s 191s adding new entry "cn=ldapusers,ou=Group,dc=example,dc=com" 191s 191s ++++++++++++++++++++++++++++++++++ 191s ----- 191s + chmod 0640 /etc/ldap/server.key 191s + chgrp openldap /etc/ldap/server.key 191s + [ ! -f /etc/ldap/server.pem ] 191s + [ ! -f /etc/ldap/server.key ] 191s + enable_ldap_ssl 191s + cat 191s + cat 191s + ldapmodify -H ldapi:/// -Y EXTERNAL -Q 191s + populate_ldap_rfc2307 191s + cat 191s + ldapadd -x -D cn=admin,dc=example,dc=com -w secret 191s + create_realm EXAMPLE.COM ldap.example.com 191s + local realm_name=EXAMPLE.COM 191s + local kerberos_server=ldap.example.com 191s + rm -rf /var/lib/krb5kdc/* 191s + rm -rf /etc/krb5kdc/kdc.conf 191s + rm -f /etc/krb5.keytab 191s + cat 191s + cat 191s + echo # */admin * 191s + kdb5_util create -s -P secretpassword 191s Initializing database '/var/lib/krb5kdc/principal' for realm 'EXAMPLE.COM', 191s master key name 'K/M@EXAMPLE.COM' 191s + systemctl restart krb5-kdc.service krb5-admin-server.service 191s + create_krb_principal testuser1 testuser1kerberos 191s + local principal=testuser1 191s + local password=testuser1kerberos 191s + kadmin.local -q addprinc -pw testuser1kerberos testuser1 191s No policy specified for testuser1@EXAMPLE.COM; defaulting to no policy 191s Authenticating as principal root/admin@EXAMPLE.COM with password. 191s Principal "testuser1@EXAMPLE.COM" created. 191s + configure_sssd_ldap_rfc2307_krb5_auth 191s + cat 191s + chmod 0600 /etc/sssd/sssd.conf 191s + systemctl restart sssd 191s + enable_pam_mkhomedir 191s + grep -qE ^session.*pam_mkhomedir\.so /etc/pam.d/common-session 191s Assert local user databases do not have our LDAP test data 191s + run_common_tests 191s + echo Assert local user databases do not have our LDAP test data 191s + check_local_user testuser1 191s + local local_user=testuser1 191s + grep -q ^testuser1 /etc/passwd 191s + check_local_group testuser1 191s + local local_group=testuser1 191s + grep -q ^testuser1 /etc/group 191s + check_local_group ldapusers 191s + local local_group=ldapusers 191s + grep -q ^ldapusers /etc/group 191s The LDAP user is known to the system via getent 191s + echo The LDAP user is known to the system via getent 191s + check_getent_user testuser1 191s + local getent_user=testuser1 191s + local output 191s + getent passwd testuser1 191s The LDAP user's private group is known to the system via getent 191s + output=testuser1:*:10001:10001:testuser1:/home/testuser1:/bin/bash 191s + [ -z testuser1:*:10001:10001:testuser1:/home/testuser1:/bin/bash ] 191s + echo The LDAP user's private group is known to the system via getent 191s + check_getent_group testuser1 191s + local getent_group=testuser1 191s + local output 191s + getent group testuser1 191s The LDAP group ldapusers is known to the system via getent 191s + output=testuser1:*:10001:testuser1 191s + [ -z testuser1:*:10001:testuser1 ] 191s + echo The LDAP group ldapusers is known to the system via getent 191s + check_getent_group ldapusers 191s + local getent_group=ldapusers 191s + local output 191s + getent group ldapusers 191s + output=ldapusers:*:10100:testuser1 191s + [ -z ldapusers:*:10100:testuser1 ] 191s + echo The id(1) command can resolve the group membership of the LDAP user 191s The id(1) command can resolve the group membership of the LDAP user 191s + id -Gn testuser1 191s The Kerberos principal can login on a terminal 191s + output=testuser1 ldapusers 191s + [ testuser1 ldapusers != testuser1 ldapusers ] 191s + echo The Kerberos principal can login on a terminal 191s + kdestroy 191s + /usr/bin/expect -f debian/tests/login.exp testuser1 testuser1kerberos testuser1@EXAMPLE.COM 191s spawn login 191s ldap.example.com login: testuser1 191s Password: 192s Welcome to Ubuntu 24.04.1 LTS (GNU/Linux 6.8.0-51-generic aarch64) 192s 192s * Documentation: https://help.ubuntu.com 192s * Management: https://landscape.canonical.com 192s * Support: https://ubuntu.com/pro 192s 192s 192s The programs included with the Ubuntu system are free software; 192s the exact distribution terms for each program are described in the 192s individual files in /usr/share/doc/*/copyright. 192s 192s Ubuntu comes with ABSOLUTELY NO WARRANTY, to the extent permitted by 192s applicable law. 192s 192s [?2004htestuser1@ldap:~$ id -un 192s [?2004l testuser1 192s [?2004htestuser1@ldap:~$ klist 192s [?2004l Ticket cache: FILE:/tmp/krb5cc_10001_sm1NPq 192s Default principal: testuser1@EXAMPLE.COM 192s 192s autopkgtest [12:06:54]: test ldap-user-group-krb5-auth: -----------------------] 192s ldap-user-group-krb5-auth PASS 192s autopkgtest [12:06:54]: test ldap-user-group-krb5-auth: - - - - - - - - - - results - - - - - - - - - - 193s autopkgtest [12:06:55]: test sssd-softhism2-certificates-tests.sh: preparing testbed 334s autopkgtest [12:09:16]: testbed dpkg architecture: arm64 334s autopkgtest [12:09:16]: testbed apt version: 2.7.14build2 334s autopkgtest [12:09:16]: @@@@@@@@@@@@@@@@@@@@ test bed setup 335s autopkgtest [12:09:17]: testbed release detected to be: noble 335s autopkgtest [12:09:17]: updating testbed package index (apt update) 336s Get:1 http://ftpmaster.internal/ubuntu noble-proposed InRelease [265 kB] 336s Hit:2 http://ftpmaster.internal/ubuntu noble InRelease 336s Hit:3 http://ftpmaster.internal/ubuntu noble-updates InRelease 336s Hit:4 http://ftpmaster.internal/ubuntu noble-security InRelease 336s Get:5 http://ftpmaster.internal/ubuntu noble-proposed/universe Sources [81.5 kB] 336s Get:6 http://ftpmaster.internal/ubuntu noble-proposed/restricted Sources [4008 B] 336s Get:7 http://ftpmaster.internal/ubuntu noble-proposed/main Sources [73.8 kB] 336s Get:8 http://ftpmaster.internal/ubuntu noble-proposed/multiverse Sources [1704 B] 336s Get:9 http://ftpmaster.internal/ubuntu noble-proposed/main arm64 Packages [136 kB] 336s Get:10 http://ftpmaster.internal/ubuntu noble-proposed/main arm64 c-n-f Metadata [3756 B] 336s Get:11 http://ftpmaster.internal/ubuntu noble-proposed/restricted arm64 Packages [74.1 kB] 336s Get:12 http://ftpmaster.internal/ubuntu noble-proposed/restricted arm64 c-n-f Metadata [352 B] 336s Get:13 http://ftpmaster.internal/ubuntu noble-proposed/universe arm64 Packages [461 kB] 336s Get:14 http://ftpmaster.internal/ubuntu noble-proposed/universe arm64 c-n-f Metadata [9620 B] 336s Get:15 http://ftpmaster.internal/ubuntu noble-proposed/multiverse arm64 Packages [772 B] 336s Get:16 http://ftpmaster.internal/ubuntu noble-proposed/multiverse arm64 c-n-f Metadata [344 B] 339s Fetched 1113 kB in 1s (1282 kB/s) 340s Reading package lists... 341s Reading package lists... 341s Building dependency tree... 341s Reading state information... 342s Calculating upgrade... 342s The following package was automatically installed and is no longer required: 342s python3-netifaces 342s Use 'sudo apt autoremove' to remove it. 342s The following packages will be upgraded: 342s libnetplan1 netplan-generator netplan.io python3-netplan 342s 4 upgraded, 0 newly installed, 0 to remove and 0 not upgraded. 342s Need to get 280 kB of archives. 342s After this operation, 89.1 kB of additional disk space will be used. 342s Get:1 http://ftpmaster.internal/ubuntu noble-proposed/main arm64 netplan-generator arm64 1.1.1-1~ubuntu24.04.1 [60.5 kB] 343s Get:2 http://ftpmaster.internal/ubuntu noble-proposed/main arm64 python3-netplan arm64 1.1.1-1~ubuntu24.04.1 [22.9 kB] 343s Get:3 http://ftpmaster.internal/ubuntu noble-proposed/main arm64 netplan.io arm64 1.1.1-1~ubuntu24.04.1 [68.6 kB] 343s Get:4 http://ftpmaster.internal/ubuntu noble-proposed/main arm64 libnetplan1 arm64 1.1.1-1~ubuntu24.04.1 [128 kB] 343s Fetched 280 kB in 0s (668 kB/s) 343s (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 112962 files and directories currently installed.) 343s Preparing to unpack .../netplan-generator_1.1.1-1~ubuntu24.04.1_arm64.deb ... 343s Adding 'diversion of /lib/systemd/system-generators/netplan to /lib/systemd/system-generators/netplan.usr-is-merged by netplan-generator' 343s Unpacking netplan-generator (1.1.1-1~ubuntu24.04.1) over (1.0.1-1ubuntu2~24.04.1) ... 343s Preparing to unpack .../python3-netplan_1.1.1-1~ubuntu24.04.1_arm64.deb ... 343s Unpacking python3-netplan (1.1.1-1~ubuntu24.04.1) over (1.0.1-1ubuntu2~24.04.1) ... 343s Preparing to unpack .../netplan.io_1.1.1-1~ubuntu24.04.1_arm64.deb ... 343s Unpacking netplan.io (1.1.1-1~ubuntu24.04.1) over (1.0.1-1ubuntu2~24.04.1) ... 344s Preparing to unpack .../libnetplan1_1.1.1-1~ubuntu24.04.1_arm64.deb ... 344s Unpacking libnetplan1:arm64 (1.1.1-1~ubuntu24.04.1) over (1.0.1-1ubuntu2~24.04.1) ... 344s Setting up libnetplan1:arm64 (1.1.1-1~ubuntu24.04.1) ... 344s Setting up python3-netplan (1.1.1-1~ubuntu24.04.1) ... 344s Setting up netplan-generator (1.1.1-1~ubuntu24.04.1) ... 344s Removing 'diversion of /lib/systemd/system-generators/netplan to /lib/systemd/system-generators/netplan.usr-is-merged by netplan-generator' 344s Setting up netplan.io (1.1.1-1~ubuntu24.04.1) ... 344s Processing triggers for libc-bin (2.39-0ubuntu8.3) ... 344s Processing triggers for man-db (2.12.0-4build2) ... 345s Processing triggers for dbus (1.14.10-4ubuntu4.1) ... 345s Reading package lists... 345s Building dependency tree... 345s Reading state information... 346s The following packages will be REMOVED: 346s python3-netifaces* 346s 0 upgraded, 0 newly installed, 1 to remove and 2 not upgraded. 346s After this operation, 99.3 kB disk space will be freed. 346s (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 112963 files and directories currently installed.) 346s Removing python3-netifaces:arm64 (0.11.0-2build3) ... 346s autopkgtest [12:09:28]: upgrading testbed (apt dist-upgrade and autopurge) 346s Reading package lists... 347s Building dependency tree... 347s Reading state information... 347s Calculating upgrade...Starting pkgProblemResolver with broken count: 0 347s Starting 2 pkgProblemResolver with broken count: 0 347s Done 348s Entering ResolveByKeep 348s 349s The following packages will be upgraded: 349s login passwd 349s 2 upgraded, 0 newly installed, 0 to remove and 0 not upgraded. 349s Need to get 1039 kB of archives. 349s After this operation, 4096 B disk space will be freed. 349s Get:1 http://ftpmaster.internal/ubuntu noble-proposed/main arm64 login arm64 1:4.13+dfsg1-4ubuntu3.3 [201 kB] 349s Get:2 http://ftpmaster.internal/ubuntu noble-proposed/main arm64 passwd arm64 1:4.13+dfsg1-4ubuntu3.3 [839 kB] 350s Fetched 1039 kB in 1s (1688 kB/s) 350s (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 112953 files and directories currently installed.) 350s Preparing to unpack .../login_1%3a4.13+dfsg1-4ubuntu3.3_arm64.deb ... 350s Unpacking login (1:4.13+dfsg1-4ubuntu3.3) over (1:4.13+dfsg1-4ubuntu3.2) ... 350s Setting up login (1:4.13+dfsg1-4ubuntu3.3) ... 350s Installing new version of config file /etc/pam.d/login ... 350s (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 112953 files and directories currently installed.) 350s Preparing to unpack .../passwd_1%3a4.13+dfsg1-4ubuntu3.3_arm64.deb ... 350s Unpacking passwd (1:4.13+dfsg1-4ubuntu3.3) over (1:4.13+dfsg1-4ubuntu3.2) ... 350s Setting up passwd (1:4.13+dfsg1-4ubuntu3.3) ... 350s Processing triggers for man-db (2.12.0-4build2) ... 352s Reading package lists... 352s Building dependency tree... 352s Reading state information... 352s Starting pkgProblemResolver with broken count: 0 353s Starting 2 pkgProblemResolver with broken count: 0 353s Done 353s 0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded. 356s Reading package lists... 357s Building dependency tree... 357s Reading state information... 357s Starting pkgProblemResolver with broken count: 0 357s Starting 2 pkgProblemResolver with broken count: 0 357s Done 358s The following NEW packages will be installed: 358s gnutls-bin libavahi-client3 libavahi-common-data libavahi-common3 358s libbasicobjects0t64 libcares2 libcollection4t64 libcrack2 libdhash1t64 358s libevent-2.1-7t64 libgnutls-dane0t64 libini-config5t64 libipa-hbac0t64 358s libldb2 libnfsidmap1 libnss-sss libpam-pwquality libpam-sss 358s libpath-utils1t64 libpwquality-common libpwquality1 libref-array1t64 358s libsmbclient0 libsofthsm2 libsss-certmap0 libsss-idmap0 libsss-nss-idmap0 358s libtalloc2 libtdb1 libtevent0t64 libunbound8 libwbclient0 python3-sss 358s samba-libs softhsm2 softhsm2-common sssd sssd-ad sssd-ad-common sssd-common 358s sssd-ipa sssd-krb5 sssd-krb5-common sssd-ldap sssd-proxy 358s 0 upgraded, 45 newly installed, 0 to remove and 0 not upgraded. 358s Need to get 10.1 MB of archives. 358s After this operation, 48.7 MB of additional disk space will be used. 358s Get:1 http://ftpmaster.internal/ubuntu noble/main arm64 libevent-2.1-7t64 arm64 2.1.12-stable-9ubuntu2 [140 kB] 358s Get:2 http://ftpmaster.internal/ubuntu noble-updates/main arm64 libunbound8 arm64 1.19.2-1ubuntu3.3 [425 kB] 358s Get:3 http://ftpmaster.internal/ubuntu noble-updates/main arm64 libgnutls-dane0t64 arm64 3.8.3-1.1ubuntu3.2 [23.5 kB] 358s Get:4 http://ftpmaster.internal/ubuntu noble-updates/universe arm64 gnutls-bin arm64 3.8.3-1.1ubuntu3.2 [267 kB] 358s Get:5 http://ftpmaster.internal/ubuntu noble/main arm64 libavahi-common-data arm64 0.8-13ubuntu6 [29.6 kB] 358s Get:6 http://ftpmaster.internal/ubuntu noble/main arm64 libavahi-common3 arm64 0.8-13ubuntu6 [23.3 kB] 358s Get:7 http://ftpmaster.internal/ubuntu noble/main arm64 libavahi-client3 arm64 0.8-13ubuntu6 [27.2 kB] 358s Get:8 http://ftpmaster.internal/ubuntu noble/main arm64 libbasicobjects0t64 arm64 0.6.2-2.1build1 [5850 B] 358s Get:9 http://ftpmaster.internal/ubuntu noble/main arm64 libcares2 arm64 1.27.0-1.0ubuntu1 [74.1 kB] 358s Get:10 http://ftpmaster.internal/ubuntu noble/main arm64 libcollection4t64 arm64 0.6.2-2.1build1 [23.5 kB] 358s Get:11 http://ftpmaster.internal/ubuntu noble/main arm64 libcrack2 arm64 2.9.6-5.1build2 [28.9 kB] 358s Get:12 http://ftpmaster.internal/ubuntu noble/main arm64 libdhash1t64 arm64 0.6.2-2.1build1 [8882 B] 358s Get:13 http://ftpmaster.internal/ubuntu noble/main arm64 libpath-utils1t64 arm64 0.6.2-2.1build1 [9120 B] 358s Get:14 http://ftpmaster.internal/ubuntu noble/main arm64 libref-array1t64 arm64 0.6.2-2.1build1 [7322 B] 358s Get:15 http://ftpmaster.internal/ubuntu noble/main arm64 libini-config5t64 arm64 0.6.2-2.1build1 [44.6 kB] 358s Get:16 http://ftpmaster.internal/ubuntu noble-updates/main arm64 libipa-hbac0t64 arm64 2.9.4-1.1ubuntu6.2 [17.3 kB] 358s Get:17 http://ftpmaster.internal/ubuntu noble/main arm64 libtalloc2 arm64 2.4.2-1build2 [26.7 kB] 358s Get:18 http://ftpmaster.internal/ubuntu noble/main arm64 libtdb1 arm64 1.4.10-1build1 [48.5 kB] 359s Get:19 http://ftpmaster.internal/ubuntu noble/main arm64 libtevent0t64 arm64 0.16.1-2build1 [42.3 kB] 359s Get:20 http://ftpmaster.internal/ubuntu noble/main arm64 libldb2 arm64 2:2.8.0+samba4.19.5+dfsg-4ubuntu9 [188 kB] 359s Get:21 http://ftpmaster.internal/ubuntu noble/main arm64 libnfsidmap1 arm64 1:2.6.4-3ubuntu5 [48.2 kB] 359s Get:22 http://ftpmaster.internal/ubuntu noble/main arm64 libpwquality-common all 1.4.5-3build1 [7748 B] 359s Get:23 http://ftpmaster.internal/ubuntu noble/main arm64 libpwquality1 arm64 1.4.5-3build1 [13.3 kB] 359s Get:24 http://ftpmaster.internal/ubuntu noble/main arm64 libpam-pwquality arm64 1.4.5-3build1 [11.7 kB] 359s Get:25 http://ftpmaster.internal/ubuntu noble/main arm64 libwbclient0 arm64 2:4.19.5+dfsg-4ubuntu9 [71.4 kB] 359s Get:26 http://ftpmaster.internal/ubuntu noble/main arm64 samba-libs arm64 2:4.19.5+dfsg-4ubuntu9 [6061 kB] 359s Get:27 http://ftpmaster.internal/ubuntu noble/main arm64 libsmbclient0 arm64 2:4.19.5+dfsg-4ubuntu9 [62.1 kB] 359s Get:28 http://ftpmaster.internal/ubuntu noble-updates/main arm64 libnss-sss arm64 2.9.4-1.1ubuntu6.2 [32.2 kB] 359s Get:29 http://ftpmaster.internal/ubuntu noble-updates/main arm64 libpam-sss arm64 2.9.4-1.1ubuntu6.2 [49.4 kB] 359s Get:30 http://ftpmaster.internal/ubuntu noble/universe arm64 softhsm2-common arm64 2.6.1-2.2ubuntu3 [6196 B] 359s Get:31 http://ftpmaster.internal/ubuntu noble/universe arm64 libsofthsm2 arm64 2.6.1-2.2ubuntu3 [247 kB] 359s Get:32 http://ftpmaster.internal/ubuntu noble-updates/main arm64 libsss-certmap0 arm64 2.9.4-1.1ubuntu6.2 [46.5 kB] 359s Get:33 http://ftpmaster.internal/ubuntu noble-updates/main arm64 libsss-idmap0 arm64 2.9.4-1.1ubuntu6.2 [22.5 kB] 359s Get:34 http://ftpmaster.internal/ubuntu noble-updates/main arm64 libsss-nss-idmap0 arm64 2.9.4-1.1ubuntu6.2 [30.9 kB] 359s Get:35 http://ftpmaster.internal/ubuntu noble-updates/main arm64 python3-sss arm64 2.9.4-1.1ubuntu6.2 [47.1 kB] 359s Get:36 http://ftpmaster.internal/ubuntu noble/universe arm64 softhsm2 arm64 2.6.1-2.2ubuntu3 [167 kB] 359s Get:37 http://ftpmaster.internal/ubuntu noble-updates/main arm64 sssd-common arm64 2.9.4-1.1ubuntu6.2 [1147 kB] 359s Get:38 http://ftpmaster.internal/ubuntu noble-updates/main arm64 sssd-ad-common arm64 2.9.4-1.1ubuntu6.2 [75.5 kB] 359s Get:39 http://ftpmaster.internal/ubuntu noble-updates/main arm64 sssd-krb5-common arm64 2.9.4-1.1ubuntu6.2 [87.8 kB] 359s Get:40 http://ftpmaster.internal/ubuntu noble-updates/main arm64 sssd-ad arm64 2.9.4-1.1ubuntu6.2 [135 kB] 359s Get:41 http://ftpmaster.internal/ubuntu noble-updates/main arm64 sssd-ipa arm64 2.9.4-1.1ubuntu6.2 [220 kB] 359s Get:42 http://ftpmaster.internal/ubuntu noble-updates/main arm64 sssd-krb5 arm64 2.9.4-1.1ubuntu6.2 [14.3 kB] 359s Get:43 http://ftpmaster.internal/ubuntu noble-updates/main arm64 sssd-ldap arm64 2.9.4-1.1ubuntu6.2 [31.3 kB] 359s Get:44 http://ftpmaster.internal/ubuntu noble-updates/main arm64 sssd-proxy arm64 2.9.4-1.1ubuntu6.2 [44.6 kB] 359s Get:45 http://ftpmaster.internal/ubuntu noble-updates/main arm64 sssd arm64 2.9.4-1.1ubuntu6.2 [4124 B] 360s Fetched 10.1 MB in 1s (7699 kB/s) 360s Selecting previously unselected package libevent-2.1-7t64:arm64. 360s (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 112953 files and directories currently installed.) 360s Preparing to unpack .../00-libevent-2.1-7t64_2.1.12-stable-9ubuntu2_arm64.deb ... 360s Unpacking libevent-2.1-7t64:arm64 (2.1.12-stable-9ubuntu2) ... 360s Selecting previously unselected package libunbound8:arm64. 360s Preparing to unpack .../01-libunbound8_1.19.2-1ubuntu3.3_arm64.deb ... 360s Unpacking libunbound8:arm64 (1.19.2-1ubuntu3.3) ... 360s Selecting previously unselected package libgnutls-dane0t64:arm64. 360s Preparing to unpack .../02-libgnutls-dane0t64_3.8.3-1.1ubuntu3.2_arm64.deb ... 360s Unpacking libgnutls-dane0t64:arm64 (3.8.3-1.1ubuntu3.2) ... 360s Selecting previously unselected package gnutls-bin. 360s Preparing to unpack .../03-gnutls-bin_3.8.3-1.1ubuntu3.2_arm64.deb ... 360s Unpacking gnutls-bin (3.8.3-1.1ubuntu3.2) ... 360s Selecting previously unselected package libavahi-common-data:arm64. 360s Preparing to unpack .../04-libavahi-common-data_0.8-13ubuntu6_arm64.deb ... 360s Unpacking libavahi-common-data:arm64 (0.8-13ubuntu6) ... 360s Selecting previously unselected package libavahi-common3:arm64. 360s Preparing to unpack .../05-libavahi-common3_0.8-13ubuntu6_arm64.deb ... 360s Unpacking libavahi-common3:arm64 (0.8-13ubuntu6) ... 360s Selecting previously unselected package libavahi-client3:arm64. 360s Preparing to unpack .../06-libavahi-client3_0.8-13ubuntu6_arm64.deb ... 360s Unpacking libavahi-client3:arm64 (0.8-13ubuntu6) ... 360s Selecting previously unselected package libbasicobjects0t64:arm64. 360s Preparing to unpack .../07-libbasicobjects0t64_0.6.2-2.1build1_arm64.deb ... 360s Unpacking libbasicobjects0t64:arm64 (0.6.2-2.1build1) ... 360s Selecting previously unselected package libcares2:arm64. 360s Preparing to unpack .../08-libcares2_1.27.0-1.0ubuntu1_arm64.deb ... 360s Unpacking libcares2:arm64 (1.27.0-1.0ubuntu1) ... 360s Selecting previously unselected package libcollection4t64:arm64. 360s Preparing to unpack .../09-libcollection4t64_0.6.2-2.1build1_arm64.deb ... 360s Unpacking libcollection4t64:arm64 (0.6.2-2.1build1) ... 360s Selecting previously unselected package libcrack2:arm64. 360s Preparing to unpack .../10-libcrack2_2.9.6-5.1build2_arm64.deb ... 360s Unpacking libcrack2:arm64 (2.9.6-5.1build2) ... 360s Selecting previously unselected package libdhash1t64:arm64. 360s Preparing to unpack .../11-libdhash1t64_0.6.2-2.1build1_arm64.deb ... 360s Unpacking libdhash1t64:arm64 (0.6.2-2.1build1) ... 360s Selecting previously unselected package libpath-utils1t64:arm64. 360s Preparing to unpack .../12-libpath-utils1t64_0.6.2-2.1build1_arm64.deb ... 360s Unpacking libpath-utils1t64:arm64 (0.6.2-2.1build1) ... 360s Selecting previously unselected package libref-array1t64:arm64. 360s Preparing to unpack .../13-libref-array1t64_0.6.2-2.1build1_arm64.deb ... 360s Unpacking libref-array1t64:arm64 (0.6.2-2.1build1) ... 360s Selecting previously unselected package libini-config5t64:arm64. 360s Preparing to unpack .../14-libini-config5t64_0.6.2-2.1build1_arm64.deb ... 360s Unpacking libini-config5t64:arm64 (0.6.2-2.1build1) ... 360s Selecting previously unselected package libipa-hbac0t64. 360s Preparing to unpack .../15-libipa-hbac0t64_2.9.4-1.1ubuntu6.2_arm64.deb ... 360s Unpacking libipa-hbac0t64 (2.9.4-1.1ubuntu6.2) ... 360s Selecting previously unselected package libtalloc2:arm64. 360s Preparing to unpack .../16-libtalloc2_2.4.2-1build2_arm64.deb ... 360s Unpacking libtalloc2:arm64 (2.4.2-1build2) ... 360s Selecting previously unselected package libtdb1:arm64. 360s Preparing to unpack .../17-libtdb1_1.4.10-1build1_arm64.deb ... 360s Unpacking libtdb1:arm64 (1.4.10-1build1) ... 360s Selecting previously unselected package libtevent0t64:arm64. 360s Preparing to unpack .../18-libtevent0t64_0.16.1-2build1_arm64.deb ... 360s Unpacking libtevent0t64:arm64 (0.16.1-2build1) ... 360s Selecting previously unselected package libldb2:arm64. 361s Preparing to unpack .../19-libldb2_2%3a2.8.0+samba4.19.5+dfsg-4ubuntu9_arm64.deb ... 361s Unpacking libldb2:arm64 (2:2.8.0+samba4.19.5+dfsg-4ubuntu9) ... 361s Selecting previously unselected package libnfsidmap1:arm64. 361s Preparing to unpack .../20-libnfsidmap1_1%3a2.6.4-3ubuntu5_arm64.deb ... 361s Unpacking libnfsidmap1:arm64 (1:2.6.4-3ubuntu5) ... 361s Selecting previously unselected package libpwquality-common. 361s Preparing to unpack .../21-libpwquality-common_1.4.5-3build1_all.deb ... 361s Unpacking libpwquality-common (1.4.5-3build1) ... 361s Selecting previously unselected package libpwquality1:arm64. 361s Preparing to unpack .../22-libpwquality1_1.4.5-3build1_arm64.deb ... 361s Unpacking libpwquality1:arm64 (1.4.5-3build1) ... 361s Selecting previously unselected package libpam-pwquality:arm64. 361s Preparing to unpack .../23-libpam-pwquality_1.4.5-3build1_arm64.deb ... 361s Unpacking libpam-pwquality:arm64 (1.4.5-3build1) ... 361s Selecting previously unselected package libwbclient0:arm64. 361s Preparing to unpack .../24-libwbclient0_2%3a4.19.5+dfsg-4ubuntu9_arm64.deb ... 361s Unpacking libwbclient0:arm64 (2:4.19.5+dfsg-4ubuntu9) ... 361s Selecting previously unselected package samba-libs:arm64. 361s Preparing to unpack .../25-samba-libs_2%3a4.19.5+dfsg-4ubuntu9_arm64.deb ... 361s Unpacking samba-libs:arm64 (2:4.19.5+dfsg-4ubuntu9) ... 361s Selecting previously unselected package libsmbclient0:arm64. 361s Preparing to unpack .../26-libsmbclient0_2%3a4.19.5+dfsg-4ubuntu9_arm64.deb ... 361s Unpacking libsmbclient0:arm64 (2:4.19.5+dfsg-4ubuntu9) ... 361s Selecting previously unselected package libnss-sss:arm64. 361s Preparing to unpack .../27-libnss-sss_2.9.4-1.1ubuntu6.2_arm64.deb ... 361s Unpacking libnss-sss:arm64 (2.9.4-1.1ubuntu6.2) ... 361s Selecting previously unselected package libpam-sss:arm64. 361s Preparing to unpack .../28-libpam-sss_2.9.4-1.1ubuntu6.2_arm64.deb ... 361s Unpacking libpam-sss:arm64 (2.9.4-1.1ubuntu6.2) ... 361s Selecting previously unselected package softhsm2-common. 361s Preparing to unpack .../29-softhsm2-common_2.6.1-2.2ubuntu3_arm64.deb ... 361s Unpacking softhsm2-common (2.6.1-2.2ubuntu3) ... 361s Selecting previously unselected package libsofthsm2. 361s Preparing to unpack .../30-libsofthsm2_2.6.1-2.2ubuntu3_arm64.deb ... 361s Unpacking libsofthsm2 (2.6.1-2.2ubuntu3) ... 361s Selecting previously unselected package libsss-certmap0. 361s Preparing to unpack .../31-libsss-certmap0_2.9.4-1.1ubuntu6.2_arm64.deb ... 361s Unpacking libsss-certmap0 (2.9.4-1.1ubuntu6.2) ... 361s Selecting previously unselected package libsss-idmap0. 361s Preparing to unpack .../32-libsss-idmap0_2.9.4-1.1ubuntu6.2_arm64.deb ... 361s Unpacking libsss-idmap0 (2.9.4-1.1ubuntu6.2) ... 361s Selecting previously unselected package libsss-nss-idmap0. 361s Preparing to unpack .../33-libsss-nss-idmap0_2.9.4-1.1ubuntu6.2_arm64.deb ... 361s Unpacking libsss-nss-idmap0 (2.9.4-1.1ubuntu6.2) ... 361s Selecting previously unselected package python3-sss. 361s Preparing to unpack .../34-python3-sss_2.9.4-1.1ubuntu6.2_arm64.deb ... 361s Unpacking python3-sss (2.9.4-1.1ubuntu6.2) ... 361s Selecting previously unselected package softhsm2. 361s Preparing to unpack .../35-softhsm2_2.6.1-2.2ubuntu3_arm64.deb ... 361s Unpacking softhsm2 (2.6.1-2.2ubuntu3) ... 361s Selecting previously unselected package sssd-common. 361s Preparing to unpack .../36-sssd-common_2.9.4-1.1ubuntu6.2_arm64.deb ... 361s Unpacking sssd-common (2.9.4-1.1ubuntu6.2) ... 362s Selecting previously unselected package sssd-ad-common. 362s Preparing to unpack .../37-sssd-ad-common_2.9.4-1.1ubuntu6.2_arm64.deb ... 362s Unpacking sssd-ad-common (2.9.4-1.1ubuntu6.2) ... 362s Selecting previously unselected package sssd-krb5-common. 362s Preparing to unpack .../38-sssd-krb5-common_2.9.4-1.1ubuntu6.2_arm64.deb ... 362s Unpacking sssd-krb5-common (2.9.4-1.1ubuntu6.2) ... 362s Selecting previously unselected package sssd-ad. 362s Preparing to unpack .../39-sssd-ad_2.9.4-1.1ubuntu6.2_arm64.deb ... 362s Unpacking sssd-ad (2.9.4-1.1ubuntu6.2) ... 362s Selecting previously unselected package sssd-ipa. 362s Preparing to unpack .../40-sssd-ipa_2.9.4-1.1ubuntu6.2_arm64.deb ... 362s Unpacking sssd-ipa (2.9.4-1.1ubuntu6.2) ... 362s Selecting previously unselected package sssd-krb5. 362s Preparing to unpack .../41-sssd-krb5_2.9.4-1.1ubuntu6.2_arm64.deb ... 362s Unpacking sssd-krb5 (2.9.4-1.1ubuntu6.2) ... 362s Selecting previously unselected package sssd-ldap. 362s Preparing to unpack .../42-sssd-ldap_2.9.4-1.1ubuntu6.2_arm64.deb ... 362s Unpacking sssd-ldap (2.9.4-1.1ubuntu6.2) ... 362s Selecting previously unselected package sssd-proxy. 362s Preparing to unpack .../43-sssd-proxy_2.9.4-1.1ubuntu6.2_arm64.deb ... 362s Unpacking sssd-proxy (2.9.4-1.1ubuntu6.2) ... 362s Selecting previously unselected package sssd. 362s Preparing to unpack .../44-sssd_2.9.4-1.1ubuntu6.2_arm64.deb ... 362s Unpacking sssd (2.9.4-1.1ubuntu6.2) ... 362s Setting up libpwquality-common (1.4.5-3build1) ... 362s Setting up softhsm2-common (2.6.1-2.2ubuntu3) ... 362s 362s Creating config file /etc/softhsm/softhsm2.conf with new version 362s Setting up libnfsidmap1:arm64 (1:2.6.4-3ubuntu5) ... 362s Setting up libsss-idmap0 (2.9.4-1.1ubuntu6.2) ... 362s Setting up libbasicobjects0t64:arm64 (0.6.2-2.1build1) ... 362s Setting up libipa-hbac0t64 (2.9.4-1.1ubuntu6.2) ... 362s Setting up libref-array1t64:arm64 (0.6.2-2.1build1) ... 362s Setting up libtdb1:arm64 (1.4.10-1build1) ... 362s Setting up libcollection4t64:arm64 (0.6.2-2.1build1) ... 362s Setting up libevent-2.1-7t64:arm64 (2.1.12-stable-9ubuntu2) ... 362s Setting up libwbclient0:arm64 (2:4.19.5+dfsg-4ubuntu9) ... 362s Setting up libtalloc2:arm64 (2.4.2-1build2) ... 362s Setting up libpath-utils1t64:arm64 (0.6.2-2.1build1) ... 362s Setting up libunbound8:arm64 (1.19.2-1ubuntu3.3) ... 362s Setting up libgnutls-dane0t64:arm64 (3.8.3-1.1ubuntu3.2) ... 362s Setting up libavahi-common-data:arm64 (0.8-13ubuntu6) ... 362s Setting up libcares2:arm64 (1.27.0-1.0ubuntu1) ... 362s Setting up libdhash1t64:arm64 (0.6.2-2.1build1) ... 362s Setting up libcrack2:arm64 (2.9.6-5.1build2) ... 362s Setting up libsss-nss-idmap0 (2.9.4-1.1ubuntu6.2) ... 362s Setting up libini-config5t64:arm64 (0.6.2-2.1build1) ... 362s Setting up libtevent0t64:arm64 (0.16.1-2build1) ... 362s Setting up libnss-sss:arm64 (2.9.4-1.1ubuntu6.2) ... 362s Setting up gnutls-bin (3.8.3-1.1ubuntu3.2) ... 362s Setting up libsofthsm2 (2.6.1-2.2ubuntu3) ... 362s Setting up softhsm2 (2.6.1-2.2ubuntu3) ... 362s Setting up libavahi-common3:arm64 (0.8-13ubuntu6) ... 362s Setting up libsss-certmap0 (2.9.4-1.1ubuntu6.2) ... 362s Setting up libpwquality1:arm64 (1.4.5-3build1) ... 362s Setting up libldb2:arm64 (2:2.8.0+samba4.19.5+dfsg-4ubuntu9) ... 362s Setting up libavahi-client3:arm64 (0.8-13ubuntu6) ... 362s Setting up libpam-pwquality:arm64 (1.4.5-3build1) ... 362s Setting up samba-libs:arm64 (2:4.19.5+dfsg-4ubuntu9) ... 362s Setting up python3-sss (2.9.4-1.1ubuntu6.2) ... 363s Setting up libsmbclient0:arm64 (2:4.19.5+dfsg-4ubuntu9) ... 363s Setting up libpam-sss:arm64 (2.9.4-1.1ubuntu6.2) ... 363s Setting up sssd-common (2.9.4-1.1ubuntu6.2) ... 363s Creating SSSD system user & group... 363s warn: The home directory `/var/lib/sss' already exists. Not touching this directory. 363s warn: Warning: The home directory `/var/lib/sss' does not belong to the user you are currently creating. 363s Warning: found usr.sbin.sssd in /etc/apparmor.d/force-complain, forcing complain mode 363s Warning from /etc/apparmor.d/usr.sbin.sssd (/etc/apparmor.d/usr.sbin.sssd line 63): Caching disabled for: 'usr.sbin.sssd' due to force complain 363s Created symlink /etc/systemd/system/sssd.service.wants/sssd-autofs.socket → /usr/lib/systemd/system/sssd-autofs.socket. 364s Created symlink /etc/systemd/system/sssd.service.wants/sssd-nss.socket → /usr/lib/systemd/system/sssd-nss.socket. 364s Created symlink /etc/systemd/system/sssd.service.wants/sssd-pam-priv.socket → /usr/lib/systemd/system/sssd-pam-priv.socket. 364s Created symlink /etc/systemd/system/sssd.service.wants/sssd-pam.socket → /usr/lib/systemd/system/sssd-pam.socket. 364s Created symlink /etc/systemd/system/sssd.service.wants/sssd-ssh.socket → /usr/lib/systemd/system/sssd-ssh.socket. 365s Created symlink /etc/systemd/system/sssd.service.wants/sssd-sudo.socket → /usr/lib/systemd/system/sssd-sudo.socket. 365s Created symlink /etc/systemd/system/multi-user.target.wants/sssd.service → /usr/lib/systemd/system/sssd.service. 365s sssd-autofs.service is a disabled or a static unit, not starting it. 365s sssd-nss.service is a disabled or a static unit, not starting it. 365s sssd-pam.service is a disabled or a static unit, not starting it. 365s sssd-ssh.service is a disabled or a static unit, not starting it. 365s sssd-sudo.service is a disabled or a static unit, not starting it. 365s Could not execute systemctl: at /usr/bin/deb-systemd-invoke line 148. 365s Setting up sssd-proxy (2.9.4-1.1ubuntu6.2) ... 365s Setting up sssd-ad-common (2.9.4-1.1ubuntu6.2) ... 365s Created symlink /etc/systemd/system/sssd.service.wants/sssd-pac.socket → /usr/lib/systemd/system/sssd-pac.socket. 366s sssd-pac.service is a disabled or a static unit, not starting it. 366s Could not execute systemctl: at /usr/bin/deb-systemd-invoke line 148. 366s Setting up sssd-krb5-common (2.9.4-1.1ubuntu6.2) ... 366s Setting up sssd-krb5 (2.9.4-1.1ubuntu6.2) ... 366s Setting up sssd-ldap (2.9.4-1.1ubuntu6.2) ... 366s Setting up sssd-ad (2.9.4-1.1ubuntu6.2) ... 366s Setting up sssd-ipa (2.9.4-1.1ubuntu6.2) ... 366s Setting up sssd (2.9.4-1.1ubuntu6.2) ... 366s Processing triggers for man-db (2.12.0-4build2) ... 367s Processing triggers for libc-bin (2.39-0ubuntu8.3) ... 384s autopkgtest [12:10:06]: test sssd-softhism2-certificates-tests.sh: [----------------------- 384s + '[' -z ubuntu ']' 384s + required_tools=(p11tool openssl softhsm2-util) 384s + for cmd in "${required_tools[@]}" 384s + command -v p11tool 384s + for cmd in "${required_tools[@]}" 384s + command -v openssl 384s + for cmd in "${required_tools[@]}" 384s + command -v softhsm2-util 384s + PIN=053350 384s +++ find /usr/lib/softhsm/libsofthsm2.so 384s +++ head -n 1 384s ++ realpath /usr/lib/softhsm/libsofthsm2.so 384s + SOFTHSM2_MODULE=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so 384s + SSSD_P11_CHILD=/usr/libexec/sssd/p11_child 384s + TOKEN_ID=00112233445566778899FFAABBCCDDEEFF012345 384s + '[' '!' -v NO_SSSD_TESTS ']' 384s + '[' '!' -x /usr/libexec/sssd/p11_child ']' 384s + ca_db_arg=ca_db 384s ++ /usr/libexec/sssd/p11_child --help 384s + p11_child_help='Usage: p11_child [OPTION...] 384s -d, --debug-level=INT Debug level 384s --debug-timestamps=INT Add debug timestamps 384s --debug-microseconds=INT Show timestamps with microseconds 384s --dumpable=INT Allow core dumps 384s --debug-fd=INT An open file descriptor for the debug 384s logs 384s --logger=stderr|files|journald Set logger 384s --auth Run in auth mode 384s --pre Run in pre-auth mode 384s --wait_for_card Wait until card is available 384s --verification Run in verification mode 384s --pin Expect PIN on stdin 384s --keypad Expect PIN on keypad 384s --verify=STRING Tune validation 384s --ca_db=STRING CA DB to use 384s --module_name=STRING Module name for authentication 384s --token_name=STRING Token name for authentication 384s --key_id=STRING Key ID for authentication 384s --label=STRING Label for authentication 384s --certificate=STRING certificate to verify, base64 encoded 384s --uri=STRING PKCS#11 URI to restrict selection 384s --chain-id=LONG Tevent chain ID used for logging 384s purposes 384s 384s Help options: 384s -?, --help Show this help message 384s --usage Display brief usage message' 384s + echo 'Usage: p11_child [OPTION...] 384s -d, --debug-level=INT Debug level 384s --debug-timestamps=INT Add debug timestamps 384s --debug-microseconds=INT Show timestamps with microseconds 384s --dumpable=INT Allow core dumps 384s --debug-fd=INT An open file descriptor for the debug 384s logs 384s --logger=stderr|files|journald Set logger 384s --auth Run in auth mode 384s --pre Run in pre-auth mode 384s --wait_for_card Wait until card is available 384s --verification Run in verification mode 384s --pin Expect PIN on stdin 384s --keypad Expect PIN on keypad 384s --verify=STRING Tune validation 384s --ca_db=STRING CA DB to use 384s --module_name=STRING Module name for authentication 384s --token_name=STRING Token name for authentication 384s --key_id=STRING Key ID for authentication 384s --label=STRING Label for authentication 384s --certificate=STRING certificate to verify, base64 encoded 384s --uri=STRING PKCS#11 URI to restrict selection 384s --chain-id=LONG Tevent chain ID used for logging 384s purposes 384s 384s Help options: 384s -?, --help Show this help message 384s --usage Display brief usage message' 384s + grep nssdb -qs 384s + echo 'Usage: p11_child [OPTION...] 384s -d, --debug-level=INT Debug level 384s --debug-timestamps=INT Add debug timestamps 384s --debug-microseconds=INT Show timestamps with microseconds 384s --dumpable=INT Allow core dumps 384s --debug-fd=INT An open file descriptor for the debug 384s logs 384s --logger=stderr|files|journald Set logger 384s --auth Run in auth mode 384s --pre Run in pre-auth mode 384s --wait_for_card Wait until card is available 384s --verification Run in verification mode 384s --pin Expect PIN on stdin 384s --keypad Expect PIN on keypad 384s --verify=STRING Tune validation 384s --ca_db=STRING CA DB to use 384s --module_name=STRING Module name for authentication 384s --token_name=STRING Token name for authentication 384s --key_id=STRING Key ID for authentication 384s --label=STRING Label for authentication 384s --certificate=STRING certificate to verify, base64 encoded 384s --uri=STRING PKCS#11 URI to restrict selection 384s --chain-id=LONG Tevent chain ID used for logging 384s purposes 384s 384s Help options: 384s -?, --help Show this help message 384s --usage Display brief usage message' 384s + grep -qs -- --ca_db 384s + '[' '!' -e /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so ']' 384s ++ mktemp -d -t sssd-softhsm2-XXXXXX 384s + tmpdir=/tmp/sssd-softhsm2-cNC6UN 384s + keys_size=1024 384s + [[ ! -v KEEP_TEMPORARY_FILES ]] 384s + trap 'rm -rf "$tmpdir"' EXIT 384s + trap 'set +x; echo -e "\nUnexpected failure!!!"' ERR 384s + echo -n 01 384s + touch /tmp/sssd-softhsm2-cNC6UN/index.txt 384s + mkdir -p /tmp/sssd-softhsm2-cNC6UN/new_certs 384s + cat 384s + root_ca_key_pass=pass:random-root-CA-password-29353 384s + openssl genrsa -aes256 -out /tmp/sssd-softhsm2-cNC6UN/test-root-CA-key.pem -passout pass:random-root-CA-password-29353 1024 384s + openssl req -passin pass:random-root-CA-password-29353 -batch -config /tmp/sssd-softhsm2-cNC6UN/test-root-CA.config -x509 -new -nodes -key /tmp/sssd-softhsm2-cNC6UN/test-root-CA-key.pem -sha256 -days 1024 -set_serial 0 -extensions v3_ca -out /tmp/sssd-softhsm2-cNC6UN/test-root-CA.pem 384s + openssl x509 -noout -in /tmp/sssd-softhsm2-cNC6UN/test-root-CA.pem 384s + cat 384s + intermediate_ca_key_pass=pass:random-intermediate-CA-password-8019 384s + openssl genrsa -aes256 -out /tmp/sssd-softhsm2-cNC6UN/test-intermediate-CA-key.pem -passout pass:random-intermediate-CA-password-8019 1024 384s + openssl req -batch -new -nodes -passin pass:random-intermediate-CA-password-8019 -config /tmp/sssd-softhsm2-cNC6UN/test-intermediate-CA.config -key /tmp/sssd-softhsm2-cNC6UN/test-intermediate-CA-key.pem -passout pass:random-root-CA-password-29353 -sha256 -extensions v3_ca -out /tmp/sssd-softhsm2-cNC6UN/test-intermediate-CA-certificate-request.pem 384s + openssl req -text -noout -in /tmp/sssd-softhsm2-cNC6UN/test-intermediate-CA-certificate-request.pem 384s Certificate Request: 384s Data: 384s Version: 1 (0x0) 384s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate CA 384s Subject Public Key Info: 384s Public Key Algorithm: rsaEncryption 384s Public-Key: (1024 bit) 384s Modulus: 384s 00:e1:01:01:e3:ac:a6:06:d8:d3:fa:2d:0e:22:cc: 384s f2:22:7b:98:6e:a7:3f:d3:ca:b6:c0:51:ef:22:5b: 384s 44:51:4b:b7:56:20:8e:3e:ed:94:71:05:c1:56:3e: 384s a3:2b:9d:9e:ea:da:c7:b1:9d:8a:49:a4:69:01:28: 384s 2a:de:42:67:5b:97:81:ff:c2:3e:2f:59:bf:3e:49: 384s 11:15:38:d6:6c:a1:ca:cd:3b:c3:d9:73:e0:ad:20: 384s b1:59:f2:61:af:b7:b4:0d:be:77:fd:52:f9:55:3e: 384s 98:db:b7:a9:b7:fd:32:79:1a:fe:2e:21:5e:f0:62: 384s 69:e5:15:c9:44:7e:32:cf:b7 384s Exponent: 65537 (0x10001) 384s Attributes: 384s (none) 384s Requested Extensions: 384s Signature Algorithm: sha256WithRSAEncryption 384s Signature Value: 384s 81:5e:52:e8:30:21:f7:f3:64:ec:35:66:30:3b:0b:f3:dc:04: 384s 53:96:c5:df:ba:44:b6:e7:14:73:c7:95:ef:b8:b6:62:3a:0f: 384s f6:b7:7e:9b:ef:24:bd:aa:40:cf:10:1b:cb:1e:a7:03:29:41: 384s 3a:4b:d3:1b:9d:80:e2:9e:73:e7:38:3e:d1:6e:63:06:7b:92: 384s da:a5:8a:16:b2:ed:a8:2e:41:51:27:7c:74:4a:e3:5b:87:f1: 384s b5:42:db:75:7b:fe:45:f0:19:47:47:67:aa:78:7f:44:90:8b: 384s c8:70:b2:cc:96:99:65:d2:ff:35:0b:65:e1:43:e0:2f:69:be: 384s 40:52 384s + openssl ca -batch -notext -config /tmp/sssd-softhsm2-cNC6UN/test-root-CA.config -passin pass:random-root-CA-password-29353 -keyfile /tmp/sssd-softhsm2-cNC6UN/test-root-CA-key.pem -in /tmp/sssd-softhsm2-cNC6UN/test-intermediate-CA-certificate-request.pem -days 365 -extensions v3_intermediate_ca -out /tmp/sssd-softhsm2-cNC6UN/test-intermediate-CA.pem 384s Using configuration from /tmp/sssd-softhsm2-cNC6UN/test-root-CA.config 384s Check that the request matches the signature 384s Signature ok 384s Certificate Details: 384s Serial Number: 1 (0x1) 384s Validity 384s Not Before: Jan 9 12:10:06 2025 GMT 384s Not After : Jan 9 12:10:06 2026 GMT 384s Subject: 384s organizationName = Test Organization 384s organizationalUnitName = Test Organization Unit 384s commonName = Test Organization Intermediate CA 384s X509v3 extensions: 384s X509v3 Subject Key Identifier: 384s 63:C4:30:16:A5:B3:27:8C:E7:20:C0:84:1D:EE:E8:B3:A7:B5:01:96 384s X509v3 Authority Key Identifier: 384s keyid:6E:D3:0A:4C:9D:E5:42:DA:2B:DF:4E:F6:12:BF:35:56:DD:B2:47:CF 384s DirName:/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root CA 384s serial:00 384s X509v3 Basic Constraints: 384s CA:TRUE 384s X509v3 Key Usage: critical 384s Digital Signature, Certificate Sign, CRL Sign 384s Certificate is to be certified until Jan 9 12:10:06 2026 GMT (365 days) 384s 384s Write out database with 1 new entries 384s Database updated 384s + openssl x509 -noout -in /tmp/sssd-softhsm2-cNC6UN/test-intermediate-CA.pem 384s + openssl verify -CAfile /tmp/sssd-softhsm2-cNC6UN/test-root-CA.pem /tmp/sssd-softhsm2-cNC6UN/test-intermediate-CA.pem 384s /tmp/sssd-softhsm2-cNC6UN/test-intermediate-CA.pem: OK 384s + cat 384s + sub_intermediate_ca_key_pass=pass:random-sub-intermediate-CA-password-20880 384s + openssl genrsa -aes256 -out /tmp/sssd-softhsm2-cNC6UN/test-sub-intermediate-CA-key.pem -passout pass:random-sub-intermediate-CA-password-20880 1024 384s + openssl req -batch -new -nodes -passin pass:random-sub-intermediate-CA-password-20880 -config /tmp/sssd-softhsm2-cNC6UN/test-sub-intermediate-CA.config -key /tmp/sssd-softhsm2-cNC6UN/test-sub-intermediate-CA-key.pem -passout pass:random-intermediate-CA-password-8019 -sha256 -extensions v3_ca -out /tmp/sssd-softhsm2-cNC6UN/test-sub-intermediate-CA-certificate-request.pem 384s + openssl req -text -noout -in /tmp/sssd-softhsm2-cNC6UN/test-sub-intermediate-CA-certificate-request.pem 384s Certificate Request: 384s Data: 384s Version: 1 (0x0) 384s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate CA 384s Subject Public Key Info: 384s Public Key Algorithm: rsaEncryption 384s Public-Key: (1024 bit) 384s Modulus: 384s 00:c7:a9:04:0e:90:21:6c:8e:58:d7:47:6d:57:9c: 384s 27:9b:01:52:ca:49:5b:81:f3:88:58:b2:e4:6a:d4: 384s 10:9a:96:79:1b:c9:bd:eb:54:fd:de:89:f3:4c:e6: 384s 22:1f:a5:70:62:ad:6b:36:d3:63:04:69:30:3f:c2: 384s 86:bc:14:00:d3:2d:33:ea:25:d3:a3:7c:bb:35:60: 384s 7e:ff:38:72:24:1c:22:ae:78:b8:d2:c8:f7:2c:dc: 384s 72:ee:41:b8:da:dc:0f:b3:d5:57:33:30:5c:c2:95: 384s 0f:ee:8a:87:2a:1c:22:63:97:30:21:cf:83:7f:8e: 384s 21:0a:c9:70:fe:c1:e3:72:93 384s Exponent: 65537 (0x10001) 384s Attributes: 384s (none) 384s Requested Extensions: 384s Signature Algorithm: sha256WithRSAEncryption 384s Signature Value: 384s a7:09:3d:62:5a:fe:b8:b3:31:8a:d1:5e:21:f5:a0:3e:65:2d: 384s 5f:5c:93:c5:30:36:d6:1e:37:e5:0b:fb:f2:9a:fe:bd:78:2c: 384s d1:2d:4a:81:20:85:51:9b:08:07:7d:dc:e5:22:e6:03:fe:eb: 384s 02:20:92:98:22:c5:fd:54:4d:a3:71:f9:25:a3:8d:19:a1:22: 384s 36:9f:84:00:a1:86:f6:f0:51:c4:0f:03:85:fb:ee:3a:17:a3: 384s 0a:4a:5d:aa:ca:5c:93:d1:1a:67:ec:db:52:08:32:42:8f:b8: 384s 29:d0:f9:ac:ee:50:3f:8b:ab:bf:94:68:bd:13:1d:04:e9:19: 384s bd:c0 384s + openssl ca -batch -notext -config /tmp/sssd-softhsm2-cNC6UN/test-intermediate-CA.config -passin pass:random-intermediate-CA-password-8019 -keyfile /tmp/sssd-softhsm2-cNC6UN/test-intermediate-CA-key.pem -in /tmp/sssd-softhsm2-cNC6UN/test-sub-intermediate-CA-certificate-request.pem -days 365 -extensions v3_intermediate_ca -out /tmp/sssd-softhsm2-cNC6UN/test-sub-intermediate-CA.pem 384s Using configuration from /tmp/sssd-softhsm2-cNC6UN/test-intermediate-CA.config 384s Check that the request matches the signature 384s Signature ok 384s Certificate Details: 384s Serial Number: 2 (0x2) 384s Validity 384s Not Before: Jan 9 12:10:06 2025 GMT 384s Not After : Jan 9 12:10:06 2026 GMT 384s Subject: 384s organizationName = Test Organization 384s organizationalUnitName = Test Organization Unit 384s commonName = Test Organization Sub Intermediate CA 384s X509v3 extensions: 384s X509v3 Subject Key Identifier: 384s AB:27:67:54:F1:46:56:41:A3:1F:C6:9B:C6:2D:67:24:87:86:F2:30 384s X509v3 Authority Key Identifier: 384s keyid:63:C4:30:16:A5:B3:27:8C:E7:20:C0:84:1D:EE:E8:B3:A7:B5:01:96 384s DirName:/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root CA 384s serial:01 384s X509v3 Basic Constraints: 384s CA:TRUE 384s X509v3 Key Usage: critical 384s Digital Signature, Certificate Sign, CRL Sign 384s Certificate is to be certified until Jan 9 12:10:06 2026 GMT (365 days) 384s 384s Write out database with 1 new entries 384s Database updated 384s + openssl x509 -noout -in /tmp/sssd-softhsm2-cNC6UN/test-sub-intermediate-CA.pem 384s + openssl verify -partial_chain -CAfile /tmp/sssd-softhsm2-cNC6UN/test-intermediate-CA.pem /tmp/sssd-softhsm2-cNC6UN/test-sub-intermediate-CA.pem 384s /tmp/sssd-softhsm2-cNC6UN/test-sub-intermediate-CA.pem: OK 384s + expect_fail openssl verify -CAfile /tmp/sssd-softhsm2-cNC6UN/test-root-CA.pem /tmp/sssd-softhsm2-cNC6UN/test-sub-intermediate-CA.pem 384s + local cmd=openssl 384s + shift 384s + openssl verify -CAfile /tmp/sssd-softhsm2-cNC6UN/test-root-CA.pem /tmp/sssd-softhsm2-cNC6UN/test-sub-intermediate-CA.pem 384s O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate CA 384s error 20 at 0 depth lookup: unable to get local issuer certificate 384s error /tmp/sssd-softhsm2-cNC6UN/test-sub-intermediate-CA.pem: verification failed 384s + cat 384s + root_ca_trusted_cert_0001_key_pass=pass:random-root-ca-trusted-cert-0001-27971 384s + openssl genrsa -aes256 -out /tmp/sssd-softhsm2-cNC6UN/test-root-CA-trusted-certificate-0001-key.pem -passout pass:random-root-ca-trusted-cert-0001-27971 1024 385s + openssl req -new -nodes -reqexts req_exts -passin pass:random-root-ca-trusted-cert-0001-27971 -key /tmp/sssd-softhsm2-cNC6UN/test-root-CA-trusted-certificate-0001-key.pem -config /tmp/sssd-softhsm2-cNC6UN/test-root-CA-trusted-certificate-0001.config -out /tmp/sssd-softhsm2-cNC6UN/test-root-CA-trusted-certificate-0001-request.pem 385s + openssl req -text -noout -in /tmp/sssd-softhsm2-cNC6UN/test-root-CA-trusted-certificate-0001-request.pem 385s Certificate Request: 385s Data: 385s Version: 1 (0x0) 385s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root Trusted Certificate 0001 385s Subject Public Key Info: 385s Public Key Algorithm: rsaEncryption 385s Public-Key: (1024 bit) 385s Modulus: 385s 00:d5:6a:80:8b:d7:af:83:7b:fd:b2:78:54:4b:96: 385s 3e:c9:d4:77:61:e2:34:c2:5a:d4:14:3e:ed:7f:44: 385s dc:03:b9:cb:a4:9f:06:dc:ad:c3:09:62:b0:05:ea: 385s 37:a5:e6:85:6a:0c:6d:a3:c8:8c:44:5f:1d:c2:d0: 385s e3:89:20:51:04:ee:bf:f5:28:07:2e:40:ca:2e:7f: 385s 72:f5:61:94:e4:d9:6a:50:e5:69:55:ee:13:cd:7d: 385s 99:30:8f:97:0f:4c:c0:d2:19:7f:1b:c3:87:9e:fd: 385s 9a:5b:6a:59:df:2a:c4:bb:0a:6b:7a:89:23:8b:dd: 385s 28:f7:64:44:34:14:a2:db:bb 385s Exponent: 65537 (0x10001) 385s Attributes: 385s Requested Extensions: 385s X509v3 Basic Constraints: 385s CA:FALSE 385s Netscape Cert Type: 385s SSL Client, S/MIME 385s Netscape Comment: 385s Test Organization Root CA trusted Certificate 385s X509v3 Subject Key Identifier: 385s AD:3A:B0:92:7B:7E:31:FF:CB:AF:F3:C0:CA:1F:B7:D2:DE:4E:D1:88 385s X509v3 Key Usage: critical 385s Digital Signature, Non Repudiation, Key Encipherment 385s X509v3 Extended Key Usage: 385s TLS Web Client Authentication, E-mail Protection 385s X509v3 Subject Alternative Name: 385s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 385s Signature Algorithm: sha256WithRSAEncryption 385s Signature Value: 385s 8f:b2:7a:5c:5e:6b:a8:18:d9:df:3d:1c:59:a3:bc:03:a9:07: 385s ac:80:36:1e:b3:0f:7a:62:a0:4a:13:8c:d1:f5:d6:3b:bc:9b: 385s a2:17:2a:eb:a5:38:14:3d:1b:0e:5d:98:03:b7:4e:72:2b:6a: 385s 13:c2:84:dc:3b:3b:f0:4f:41:48:a0:12:4c:e5:0c:1a:b7:fc: 385s 28:1a:31:1a:04:25:ee:22:3c:1a:ca:eb:e1:48:f2:96:c7:d3: 385s 92:d5:49:b9:b5:07:11:63:d6:22:ef:39:42:c1:f8:99:a0:f3: 385s ef:2e:df:9d:9e:02:9e:cc:49:fb:61:78:ea:3f:f9:99:cf:e5: 385s 56:0a 385s + openssl ca -batch -notext -config /tmp/sssd-softhsm2-cNC6UN/test-root-CA.config -passin pass:random-root-CA-password-29353 -keyfile /tmp/sssd-softhsm2-cNC6UN/test-root-CA-key.pem -in /tmp/sssd-softhsm2-cNC6UN/test-root-CA-trusted-certificate-0001-request.pem -days 365 -extensions usr_cert -out /tmp/sssd-softhsm2-cNC6UN/test-root-CA-trusted-certificate-0001.pem 385s Using configuration from /tmp/sssd-softhsm2-cNC6UN/test-root-CA.config 385s Check that the request matches the signature 385s Signature ok 385s Certificate Details: 385s Serial Number: 3 (0x3) 385s Validity 385s Not Before: Jan 9 12:10:07 2025 GMT 385s Not After : Jan 9 12:10:07 2026 GMT 385s Subject: 385s organizationName = Test Organization 385s organizationalUnitName = Test Organization Unit 385s commonName = Test Organization Root Trusted Certificate 0001 385s X509v3 extensions: 385s X509v3 Authority Key Identifier: 385s 6E:D3:0A:4C:9D:E5:42:DA:2B:DF:4E:F6:12:BF:35:56:DD:B2:47:CF 385s X509v3 Basic Constraints: 385s CA:FALSE 385s Netscape Cert Type: 385s SSL Client, S/MIME 385s Netscape Comment: 385s Test Organization Root CA trusted Certificate 385s X509v3 Subject Key Identifier: 385s AD:3A:B0:92:7B:7E:31:FF:CB:AF:F3:C0:CA:1F:B7:D2:DE:4E:D1:88 385s X509v3 Key Usage: critical 385s Digital Signature, Non Repudiation, Key Encipherment 385s X509v3 Extended Key Usage: 385s TLS Web Client Authentication, E-mail Protection 385s X509v3 Subject Alternative Name: 385s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 385s Certificate is to be certified until Jan 9 12:10:07 2026 GMT (365 days) 385s 385s Write out database with 1 new entries 385s Database updated 385s + openssl x509 -noout -in /tmp/sssd-softhsm2-cNC6UN/test-root-CA-trusted-certificate-0001.pem 385s + openssl verify -CAfile /tmp/sssd-softhsm2-cNC6UN/test-root-CA.pem /tmp/sssd-softhsm2-cNC6UN/test-root-CA-trusted-certificate-0001.pem 385s /tmp/sssd-softhsm2-cNC6UN/test-root-CA-trusted-certificate-0001.pem: OK 385s + expect_fail openssl verify -CAfile /tmp/sssd-softhsm2-cNC6UN/test-intermediate-CA.pem /tmp/sssd-softhsm2-cNC6UN/test-root-CA-trusted-certificate-0001.pem 385s + local cmd=openssl 385s + shift 385s + openssl verify -CAfile /tmp/sssd-softhsm2-cNC6UN/test-intermediate-CA.pem /tmp/sssd-softhsm2-cNC6UN/test-root-CA-trusted-certificate-0001.pem 385s O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root Trusted Certificate 0001 385s error 20 at 0 depth lookup: unable to get local issuer certificate 385s error /tmp/sssd-softhsm2-cNC6UN/test-root-CA-trusted-certificate-0001.pem: verification failed 385s + cat 385s + intermediate_ca_trusted_cert_0001_key_pass=pass:random-intermediate-ca-trusted-cert-0001-24497 385s + openssl genrsa -aes256 -out /tmp/sssd-softhsm2-cNC6UN/test-intermediate-CA-trusted-certificate-0001-key.pem -passout pass:random-intermediate-ca-trusted-cert-0001-24497 1024 385s + openssl req -new -nodes -reqexts req_exts -passin pass:random-intermediate-ca-trusted-cert-0001-24497 -key /tmp/sssd-softhsm2-cNC6UN/test-intermediate-CA-trusted-certificate-0001-key.pem -config /tmp/sssd-softhsm2-cNC6UN/test-intermediate-CA-trusted-certificate-0001.config -out /tmp/sssd-softhsm2-cNC6UN/test-intermediate-CA-trusted-certificate-0001-request.pem 385s + openssl req -text -noout -in /tmp/sssd-softhsm2-cNC6UN/test-intermediate-CA-trusted-certificate-0001-request.pem 385s Certificate Request: 385s Data: 385s Version: 1 (0x0) 385s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate Trusted Certificate 0001 385s Subject Public Key Info: 385s Public Key Algorithm: rsaEncryption 385s Public-Key: (1024 bit) 385s Modulus: 385s 00:b1:6e:60:63:13:c4:19:ed:cc:84:2a:33:83:53: 385s c2:bb:be:dc:32:63:3f:b3:d2:e5:9a:59:f7:19:35: 385s 51:be:c2:9e:3e:d7:59:63:0c:b2:b9:d2:1e:de:49: 385s 8f:33:d2:ed:4f:26:40:39:2e:91:e7:7d:3c:53:6e: 385s 84:e5:ef:41:c2:ba:ac:6d:a6:61:98:92:aa:c3:31: 385s 0b:11:c8:1c:66:f7:ba:ca:c1:b7:c3:19:d5:c2:42: 385s 8d:87:83:1f:0f:24:8b:57:36:92:7e:24:84:16:8e: 385s 8e:2b:5f:8f:60:3a:ba:01:12:6d:d2:a9:f6:6e:b9: 385s 09:f6:96:b1:ed:f3:27:7d:ed 385s Exponent: 65537 (0x10001) 385s Attributes: 385s Requested Extensions: 385s X509v3 Basic Constraints: 385s CA:FALSE 385s Netscape Cert Type: 385s SSL Client, S/MIME 385s Netscape Comment: 385s Test Organization Intermediate CA trusted Certificate 385s X509v3 Subject Key Identifier: 385s 36:C4:87:0D:2E:0D:92:8F:3A:D1:FD:4B:F9:1C:DD:8B:BB:4B:42:A7 385s X509v3 Key Usage: critical 385s Digital Signature, Non Repudiation, Key Encipherment 385s X509v3 Extended Key Usage: 385s TLS Web Client Authentication, E-mail Protection 385s X509v3 Subject Alternative Name: 385s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 385s Signature Algorithm: sha256WithRSAEncryption 385s Signature Value: 385s aa:c8:0e:ed:e7:b5:17:e9:f9:1d:14:44:48:55:ad:bb:f9:56: 385s 51:40:18:11:5b:7a:42:9b:aa:68:d4:84:7b:51:86:c7:f3:04: 385s b3:e6:6d:70:e5:73:b7:58:35:68:fd:86:c3:a9:e2:30:92:e7: 385s 28:29:f9:42:45:95:eb:f4:8f:85:e2:03:93:74:a9:d1:c2:ea: 385s 9a:5e:65:71:38:dd:5a:a0:94:e0:ae:c8:69:d5:95:70:df:ff: 385s bc:54:04:fd:ae:f7:61:e3:4f:18:8d:7f:4b:25:3c:10:be:fa: 385s 8f:58:a0:4c:31:36:a1:d1:6c:da:e2:a1:fb:e3:5e:27:04:6f: 385s e8:83 385s + openssl ca -passin pass:random-intermediate-CA-password-8019 -config /tmp/sssd-softhsm2-cNC6UN/test-intermediate-CA.config -batch -notext -keyfile /tmp/sssd-softhsm2-cNC6UN/test-intermediate-CA-key.pem -in /tmp/sssd-softhsm2-cNC6UN/test-intermediate-CA-trusted-certificate-0001-request.pem -days 365 -extensions usr_cert -out /tmp/sssd-softhsm2-cNC6UN/test-intermediate-CA-trusted-certificate-0001.pem 385s Using configuration from /tmp/sssd-softhsm2-cNC6UN/test-intermediate-CA.config 385s Check that the request matches the signature 385s Signature ok 385s Certificate Details: 385s Serial Number: 4 (0x4) 385s Validity 385s Not Before: Jan 9 12:10:07 2025 GMT 385s Not After : Jan 9 12:10:07 2026 GMT 385s Subject: 385s organizationName = Test Organization 385s organizationalUnitName = Test Organization Unit 385s commonName = Test Organization Intermediate Trusted Certificate 0001 385s X509v3 extensions: 385s X509v3 Authority Key Identifier: 385s 63:C4:30:16:A5:B3:27:8C:E7:20:C0:84:1D:EE:E8:B3:A7:B5:01:96 385s X509v3 Basic Constraints: 385s CA:FALSE 385s Netscape Cert Type: 385s SSL Client, S/MIME 385s Netscape Comment: 385s Test Organization Intermediate CA trusted Certificate 385s X509v3 Subject Key Identifier: 385s 36:C4:87:0D:2E:0D:92:8F:3A:D1:FD:4B:F9:1C:DD:8B:BB:4B:42:A7 385s X509v3 Key Usage: critical 385s Digital Signature, Non Repudiation, Key Encipherment 385s X509v3 Extended Key Usage: 385s TLS Web Client Authentication, E-mail Protection 385s X509v3 Subject Alternative Name: 385s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 385s Certificate is to be certified until Jan 9 12:10:07 2026 GMT (365 days) 385s 385s Write out database with 1 new entries 385s Database updated 385s + openssl x509 -noout -in /tmp/sssd-softhsm2-cNC6UN/test-intermediate-CA-trusted-certificate-0001.pem 385s This certificate should not be trusted fully 385s + echo 'This certificate should not be trusted fully' 385s + expect_fail openssl verify -CAfile /tmp/sssd-softhsm2-cNC6UN/test-intermediate-CA.pem /tmp/sssd-softhsm2-cNC6UN/test-intermediate-CA-trusted-certificate-0001.pem 385s + local cmd=openssl 385s + shift 385s + openssl verify -CAfile /tmp/sssd-softhsm2-cNC6UN/test-intermediate-CA.pem /tmp/sssd-softhsm2-cNC6UN/test-intermediate-CA-trusted-certificate-0001.pem 385s O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate CA 385s error 2 at 1 depth lookup: unable to get issuer certificate 385s error /tmp/sssd-softhsm2-cNC6UN/test-intermediate-CA-trusted-certificate-0001.pem: verification failed 385s + openssl verify -partial_chain -CAfile /tmp/sssd-softhsm2-cNC6UN/test-intermediate-CA.pem /tmp/sssd-softhsm2-cNC6UN/test-intermediate-CA-trusted-certificate-0001.pem 385s /tmp/sssd-softhsm2-cNC6UN/test-intermediate-CA-trusted-certificate-0001.pem: OK 385s + cat 385s + sub_intermediate_ca_trusted_cert_0001_key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-90 385s + openssl genrsa -aes256 -out /tmp/sssd-softhsm2-cNC6UN/test-sub-intermediate-CA-trusted-certificate-0001-key.pem -passout pass:random-sub-intermediate-ca-trusted-cert-0001-90 1024 385s + openssl req -new -nodes -reqexts req_exts -passin pass:random-sub-intermediate-ca-trusted-cert-0001-90 -key /tmp/sssd-softhsm2-cNC6UN/test-sub-intermediate-CA-trusted-certificate-0001-key.pem -config /tmp/sssd-softhsm2-cNC6UN/test-sub-intermediate-CA-trusted-certificate-0001.config -out /tmp/sssd-softhsm2-cNC6UN/test-sub-intermediate-CA-trusted-certificate-0001-request.pem 385s + openssl req -text -noout -in /tmp/sssd-softhsm2-cNC6UN/test-sub-intermediate-CA-trusted-certificate-0001-request.pem 385s Certificate Request: 385s Data: 385s Version: 1 (0x0) 385s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate Trusted Certificate 0001 385s Subject Public Key Info: 385s Public Key Algorithm: rsaEncryption 385s Public-Key: (1024 bit) 385s Modulus: 385s 00:9b:3e:64:a4:1e:a6:1b:8c:68:12:3d:98:85:a0: 385s 26:2a:69:3e:97:8f:a0:58:fc:98:d1:bc:7c:4e:f8: 385s 80:93:d8:10:98:21:8a:95:14:60:1e:3d:c4:82:6c: 385s a8:78:ff:35:f0:06:9a:2b:11:1f:38:67:90:d9:73: 385s c5:93:0f:8b:4a:6e:38:23:b8:d1:f2:cd:54:c1:82: 385s 78:bc:f2:9c:ee:f0:37:04:23:58:bc:a8:b0:23:cb: 385s 49:18:90:1a:10:3f:ff:c3:7e:de:d3:8c:22:97:e4: 385s 47:9c:5e:2b:9e:c6:b0:fd:80:9c:42:8d:73:af:00: 385s 18:09:70:e4:60:3a:d0:d2:13 385s Exponent: 65537 (0x10001) 385s Attributes: 385s Requested Extensions: 385s X509v3 Basic Constraints: 385s CA:FALSE 385s Netscape Cert Type: 385s SSL Client, S/MIME 385s Netscape Comment: 385s Test Organization Sub Intermediate CA trusted Certificate 385s X509v3 Subject Key Identifier: 385s 89:E7:74:59:19:78:DD:C7:26:F9:05:49:DE:69:C5:F5:78:1A:4D:5E 385s X509v3 Key Usage: critical 385s Digital Signature, Non Repudiation, Key Encipherment 385s X509v3 Extended Key Usage: 385s TLS Web Client Authentication, E-mail Protection 385s X509v3 Subject Alternative Name: 385s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 385s Signature Algorithm: sha256WithRSAEncryption 385s Signature Value: 385s 00:96:ff:41:36:6d:8c:2a:07:2b:a3:4b:87:bb:5a:67:44:28: 385s b3:0c:61:ed:f3:3f:98:77:d7:d6:c0:f3:54:74:a4:cd:18:bd: 385s b5:38:54:f5:e6:e6:9b:11:af:48:67:75:a2:42:7e:89:50:0a: 385s 32:d3:2a:e7:39:36:c4:b0:9a:75:eb:eb:7d:4d:9c:cc:cf:96: 385s 11:6c:94:6b:b7:e5:e8:f2:91:ef:cf:5e:3f:46:bf:50:16:f3: 385s 14:15:13:74:06:c7:57:3f:68:be:7d:86:64:22:3b:7d:fb:b5: 385s a6:77:21:0f:ca:6a:1e:c0:bd:8d:51:48:0a:c0:b6:b1:b5:cd: 385s b7:ca 385s + openssl ca -passin pass:random-sub-intermediate-CA-password-20880 -config /tmp/sssd-softhsm2-cNC6UN/test-sub-intermediate-CA.config -batch -notext -keyfile /tmp/sssd-softhsm2-cNC6UN/test-sub-intermediate-CA-key.pem -in /tmp/sssd-softhsm2-cNC6UN/test-sub-intermediate-CA-trusted-certificate-0001-request.pem -days 365 -extensions usr_cert -out /tmp/sssd-softhsm2-cNC6UN/test-sub-intermediate-CA-trusted-certificate-0001.pem 385s Using configuration from /tmp/sssd-softhsm2-cNC6UN/test-sub-intermediate-CA.config 385s Check that the request matches the signature 385s Signature ok 385s Certificate Details: 385s Serial Number: 5 (0x5) 385s Validity 385s Not Before: Jan 9 12:10:07 2025 GMT 385s Not After : Jan 9 12:10:07 2026 GMT 385s Subject: 385s organizationName = Test Organization 385s organizationalUnitName = Test Organization Unit 385s commonName = Test Organization Sub Intermediate Trusted Certificate 0001 385s X509v3 extensions: 385s X509v3 Authority Key Identifier: 385s AB:27:67:54:F1:46:56:41:A3:1F:C6:9B:C6:2D:67:24:87:86:F2:30 385s X509v3 Basic Constraints: 385s CA:FALSE 385s Netscape Cert Type: 385s SSL Client, S/MIME 385s Netscape Comment: 385s Test Organization Sub Intermediate CA trusted Certificate 385s X509v3 Subject Key Identifier: 385s 89:E7:74:59:19:78:DD:C7:26:F9:05:49:DE:69:C5:F5:78:1A:4D:5E 385s X509v3 Key Usage: critical 385s Digital Signature, Non Repudiation, Key Encipherment 385s X509v3 Extended Key Usage: 385s TLS Web Client Authentication, E-mail Protection 385s X509v3 Subject Alternative Name: 385s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 385s Certificate is to be certified until Jan 9 12:10:07 2026 GMT (365 days) 385s 385s Write out database with 1 new entries 385s Database updated 385s + openssl x509 -noout -in /tmp/sssd-softhsm2-cNC6UN/test-sub-intermediate-CA-trusted-certificate-0001.pem 385s This certificate should not be trusted fully 385s + echo 'This certificate should not be trusted fully' 385s + expect_fail openssl verify -CAfile /tmp/sssd-softhsm2-cNC6UN/test-sub-intermediate-CA.pem /tmp/sssd-softhsm2-cNC6UN/test-sub-intermediate-CA-trusted-certificate-0001.pem 385s + local cmd=openssl 385s + shift 385s + openssl verify -CAfile /tmp/sssd-softhsm2-cNC6UN/test-sub-intermediate-CA.pem /tmp/sssd-softhsm2-cNC6UN/test-sub-intermediate-CA-trusted-certificate-0001.pem 385s O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate CA 385s error 2 at 1 depth lookup: unable to get issuer certificate 385s error /tmp/sssd-softhsm2-cNC6UN/test-sub-intermediate-CA-trusted-certificate-0001.pem: verification failed 385s + expect_fail openssl verify -CAfile /tmp/sssd-softhsm2-cNC6UN/test-intermediate-CA.pem /tmp/sssd-softhsm2-cNC6UN/test-sub-intermediate-CA-trusted-certificate-0001.pem 385s + local cmd=openssl 385s + shift 385s + openssl verify -CAfile /tmp/sssd-softhsm2-cNC6UN/test-intermediate-CA.pem /tmp/sssd-softhsm2-cNC6UN/test-sub-intermediate-CA-trusted-certificate-0001.pem 385s O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate Trusted Certificate 0001 385s error 20 at 0 depth lookup: unable to get local issuer certificate 385s error /tmp/sssd-softhsm2-cNC6UN/test-sub-intermediate-CA-trusted-certificate-0001.pem: verification failed 385s + openssl verify -partial_chain -CAfile /tmp/sssd-softhsm2-cNC6UN/test-sub-intermediate-CA.pem /tmp/sssd-softhsm2-cNC6UN/test-sub-intermediate-CA-trusted-certificate-0001.pem 385s /tmp/sssd-softhsm2-cNC6UN/test-sub-intermediate-CA-trusted-certificate-0001.pem: OK 385s + expect_fail openssl verify -partial_chain -CAfile /tmp/sssd-softhsm2-cNC6UN/test-intermediate-CA.pem /tmp/sssd-softhsm2-cNC6UN/test-sub-intermediate-CA-trusted-certificate-0001.pem 385s + local cmd=openssl 385s + shift 385s + openssl verify -partial_chain -CAfile /tmp/sssd-softhsm2-cNC6UN/test-intermediate-CA.pem /tmp/sssd-softhsm2-cNC6UN/test-sub-intermediate-CA-trusted-certificate-0001.pem 385s Building a the full-chain CA file... 385s O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate Trusted Certificate 0001 385s error 20 at 0 depth lookup: unable to get local issuer certificate 385s error /tmp/sssd-softhsm2-cNC6UN/test-sub-intermediate-CA-trusted-certificate-0001.pem: verification failed 385s + echo 'Building a the full-chain CA file...' 385s + cat /tmp/sssd-softhsm2-cNC6UN/test-root-CA.pem /tmp/sssd-softhsm2-cNC6UN/test-intermediate-CA.pem /tmp/sssd-softhsm2-cNC6UN/test-sub-intermediate-CA.pem 385s + cat /tmp/sssd-softhsm2-cNC6UN/test-root-CA.pem /tmp/sssd-softhsm2-cNC6UN/test-intermediate-CA.pem 385s + cat /tmp/sssd-softhsm2-cNC6UN/test-intermediate-CA.pem /tmp/sssd-softhsm2-cNC6UN/test-sub-intermediate-CA.pem 385s + openssl crl2pkcs7 -nocrl -certfile /tmp/sssd-softhsm2-cNC6UN/test-full-chain-CA.pem 385s + openssl pkcs7 -print_certs -noout 385s subject=O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root CA 385s issuer=O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root CA 385s 385s subject=O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate CA 385s issuer=O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root CA 385s 385s subject=O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate CA 385s issuer=O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate CA 385s 385s + openssl verify -CAfile /tmp/sssd-softhsm2-cNC6UN/test-full-chain-CA.pem /tmp/sssd-softhsm2-cNC6UN/test-intermediate-CA.pem 385s /tmp/sssd-softhsm2-cNC6UN/test-intermediate-CA.pem: OK 385s + openssl verify -CAfile /tmp/sssd-softhsm2-cNC6UN/test-full-chain-CA.pem /tmp/sssd-softhsm2-cNC6UN/test-root-CA-trusted-certificate-0001.pem 385s /tmp/sssd-softhsm2-cNC6UN/test-root-CA-trusted-certificate-0001.pem: OK 385s + openssl verify -CAfile /tmp/sssd-softhsm2-cNC6UN/test-full-chain-CA.pem /tmp/sssd-softhsm2-cNC6UN/test-intermediate-CA-trusted-certificate-0001.pem 385s /tmp/sssd-softhsm2-cNC6UN/test-intermediate-CA-trusted-certificate-0001.pem: OK 385s + openssl verify -CAfile /tmp/sssd-softhsm2-cNC6UN/test-full-chain-CA.pem /tmp/sssd-softhsm2-cNC6UN/test-root-intermediate-chain-CA.pem 385s /tmp/sssd-softhsm2-cNC6UN/test-root-intermediate-chain-CA.pem: OK 385s + openssl verify -CAfile /tmp/sssd-softhsm2-cNC6UN/test-full-chain-CA.pem /tmp/sssd-softhsm2-cNC6UN/test-sub-intermediate-CA-trusted-certificate-0001.pem 385s /tmp/sssd-softhsm2-cNC6UN/test-sub-intermediate-CA-trusted-certificate-0001.pem: OK 385s + echo 'Certificates generation completed!' 385s Certificates generation completed! 385s + [[ -v NO_SSSD_TESTS ]] 385s + invalid_certificate /tmp/sssd-softhsm2-cNC6UN/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-27971 /dev/null 385s + check_certificate /tmp/sssd-softhsm2-cNC6UN/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-27971 /dev/null 385s + local certificate=/tmp/sssd-softhsm2-cNC6UN/test-root-CA-trusted-certificate-0001.pem 385s + local key_pass=pass:random-root-ca-trusted-cert-0001-27971 385s + local key_ring=/dev/null 385s + local verify_option= 385s + prepare_softhsm2_card /tmp/sssd-softhsm2-cNC6UN/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-27971 385s + local certificate=/tmp/sssd-softhsm2-cNC6UN/test-root-CA-trusted-certificate-0001.pem 385s + local key_pass=pass:random-root-ca-trusted-cert-0001-27971 385s + local key_cn 385s + local key_name 385s + local tokens_dir 385s + local output_cert_file 385s + token_name= 385s ++ basename /tmp/sssd-softhsm2-cNC6UN/test-root-CA-trusted-certificate-0001.pem .pem 385s + key_name=test-root-CA-trusted-certificate-0001 385s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-cNC6UN/test-root-CA-trusted-certificate-0001.pem 385s ++ sed -n 's/ *commonName *= //p' 385s + key_cn='Test Organization Root Trusted Certificate 0001' 385s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 385s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-cNC6UN/softhsm2-test-root-CA-trusted-certificate-0001.conf 385s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-cNC6UN/softhsm2-test-root-CA-trusted-certificate-0001.conf 385s ++ basename /tmp/sssd-softhsm2-cNC6UN/softhsm2-test-root-CA-trusted-certificate-0001.conf .conf 385s + tokens_dir=/tmp/sssd-softhsm2-cNC6UN/softhsm2-test-root-CA-trusted-certificate-0001 385s + token_name='Test Organization Root Tr Token' 385s + '[' '!' -e /tmp/sssd-softhsm2-cNC6UN/softhsm2-test-root-CA-trusted-certificate-0001.conf ']' 385s + local key_file 385s + local decrypted_key 385s + mkdir -p /tmp/sssd-softhsm2-cNC6UN/softhsm2-test-root-CA-trusted-certificate-0001 385s + key_file=/tmp/sssd-softhsm2-cNC6UN/test-root-CA-trusted-certificate-0001-key.pem 385s + decrypted_key=/tmp/sssd-softhsm2-cNC6UN/test-root-CA-trusted-certificate-0001-key-decrypted.pem 385s + cat 385s + softhsm2-util --init-token --label 'Test Organization Root Tr Token' --pin 053350 --so-pin 053350 --free 385s Slot 0 has a free/uninitialized token. 385s The token has been initialized and is reassigned to slot 1911228031 385s + softhsm2-util --show-slots 385s Available slots: 385s Slot 1911228031 385s Slot info: 385s Description: SoftHSM slot ID 0x71eb067f 385s Manufacturer ID: SoftHSM project 385s Hardware version: 2.6 385s Firmware version: 2.6 385s Token present: yes 385s Token info: 385s Manufacturer ID: SoftHSM project 385s Model: SoftHSM v2 385s Hardware version: 2.6 385s Firmware version: 2.6 385s Serial number: bbb6960bf1eb067f 385s Initialized: yes 385s User PIN init.: yes 385s Label: Test Organization Root Tr Token 385s Slot 1 385s Slot info: 385s Description: SoftHSM slot ID 0x1 385s Manufacturer ID: SoftHSM project 385s Hardware version: 2.6 385s Firmware version: 2.6 385s Token present: yes 385s Token info: 385s Manufacturer ID: SoftHSM project 385s Model: SoftHSM v2 385s Hardware version: 2.6 385s Firmware version: 2.6 385s Serial number: 385s Initialized: no 385s User PIN init.: no 385s Label: 385s + p11tool --provider=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so --write --no-mark-private --load-certificate=/tmp/sssd-softhsm2-cNC6UN/test-root-CA-trusted-certificate-0001.pem --login --set-pin=053350 --label 'Test Organization Root Trusted Certificate 0001' --id 00112233445566778899FFAABBCCDDEEFF012345 385s + openssl rsa -passin pass:random-root-ca-trusted-cert-0001-27971 -in /tmp/sssd-softhsm2-cNC6UN/test-root-CA-trusted-certificate-0001-key.pem -out /tmp/sssd-softhsm2-cNC6UN/test-root-CA-trusted-certificate-0001-key-decrypted.pem 385s writing RSA key 385s + p11tool --provider=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so --write --load-privkey=/tmp/sssd-softhsm2-cNC6UN/test-root-CA-trusted-certificate-0001-key-decrypted.pem --login --set-pin=053350 --label 'Test Organization Root Trusted Certificate 0001 Key' --id 00112233445566778899FFAABBCCDDEEFF012345 385s + rm /tmp/sssd-softhsm2-cNC6UN/test-root-CA-trusted-certificate-0001-key-decrypted.pem 385s + p11tool --provider=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so --list-all 385s Object 0: 385s URL: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=bbb6960bf1eb067f;token=Test%20Organization%20Root%20Tr%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Root%20Trusted%20Certificate%200001;type=cert 385s Type: X.509 Certificate (RSA-1024) 385s Expires: Fri Jan 9 12:10:07 2026 385s Label: Test Organization Root Trusted Certificate 0001 385s ID: 00:11:22:33:44:55:66:77:88:99:ff:aa:bb:cc:dd:ee:ff:01:23:45 385s 385s + echo 'Test Organization Root Tr Token' 385s + '[' -n '' ']' 385s Test Organization Root Tr Token 385s + local output_base_name=SSSD-child-13658 385s + local output_file=/tmp/sssd-softhsm2-cNC6UN/SSSD-child-13658.output 385s + output_cert_file=/tmp/sssd-softhsm2-cNC6UN/SSSD-child-13658.pem 385s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so '' --ca_db=/dev/null 385s [p11_child[3077]] [main] (0x0400): p11_child started. 385s [p11_child[3077]] [main] (0x2000): Running in [pre-auth] mode. 385s [p11_child[3077]] [main] (0x2000): Running with effective IDs: [0][0]. 385s [p11_child[3077]] [main] (0x2000): Running with real IDs [0][0]. 385s [p11_child[3077]] [init_verification] (0x0040): X509_LOOKUP_load_file [/dev/null] failed [92274824][error:05800088:x509 certificate routines::no certificate or crl found]. 385s [p11_child[3077]] [do_work] (0x0040): init_verification failed. 385s [p11_child[3077]] [main] (0x0020): p11_child failed (5) 385s + return 2 385s + valid_certificate /tmp/sssd-softhsm2-cNC6UN/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-27971 /dev/null no_verification 385s + check_certificate /tmp/sssd-softhsm2-cNC6UN/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-27971 /dev/null no_verification 385s + local certificate=/tmp/sssd-softhsm2-cNC6UN/test-root-CA-trusted-certificate-0001.pem 385s + local key_pass=pass:random-root-ca-trusted-cert-0001-27971 385s + local key_ring=/dev/null 385s + local verify_option=no_verification 385s + prepare_softhsm2_card /tmp/sssd-softhsm2-cNC6UN/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-27971 385s + local certificate=/tmp/sssd-softhsm2-cNC6UN/test-root-CA-trusted-certificate-0001.pem 385s + local key_pass=pass:random-root-ca-trusted-cert-0001-27971 385s + local key_cn 385s + local key_name 385s + local tokens_dir 385s + local output_cert_file 385s + token_name= 385s ++ basename /tmp/sssd-softhsm2-cNC6UN/test-root-CA-trusted-certificate-0001.pem .pem 385s + key_name=test-root-CA-trusted-certificate-0001 385s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-cNC6UN/test-root-CA-trusted-certificate-0001.pem 385s ++ sed -n 's/ *commonName *= //p' 385s + key_cn='Test Organization Root Trusted Certificate 0001' 385s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 385s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-cNC6UN/softhsm2-test-root-CA-trusted-certificate-0001.conf 385s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-cNC6UN/softhsm2-test-root-CA-trusted-certificate-0001.conf 385s ++ basename /tmp/sssd-softhsm2-cNC6UN/softhsm2-test-root-CA-trusted-certificate-0001.conf .conf 385s + tokens_dir=/tmp/sssd-softhsm2-cNC6UN/softhsm2-test-root-CA-trusted-certificate-0001 385s + token_name='Test Organization Root Tr Token' 385s + '[' '!' -e /tmp/sssd-softhsm2-cNC6UN/softhsm2-test-root-CA-trusted-certificate-0001.conf ']' 385s + '[' '!' -d /tmp/sssd-softhsm2-cNC6UN/softhsm2-test-root-CA-trusted-certificate-0001 ']' 385s + echo 'Test Organization Root Tr Token' 385s + '[' -n no_verification ']' 385s + local verify_arg=--verify=no_verification 385s + local output_base_name=SSSD-child-9828 385s + local output_file=/tmp/sssd-softhsm2-cNC6UN/SSSD-child-9828.output 385s + output_cert_file=/tmp/sssd-softhsm2-cNC6UN/SSSD-child-9828.pem 385s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so --verify=no_verification --ca_db=/dev/null 385s Test Organization Root Tr Token 385s [p11_child[3083]] [main] (0x0400): p11_child started. 385s [p11_child[3083]] [main] (0x2000): Running in [pre-auth] mode. 385s [p11_child[3083]] [main] (0x2000): Running with effective IDs: [0][0]. 385s [p11_child[3083]] [main] (0x2000): Running with real IDs [0][0]. 385s [p11_child[3083]] [parse_cert_verify_opts] (0x0020): Found 'no_verification' option, disabling verification completely. This should not be used in production. 385s [p11_child[3083]] [do_card] (0x4000): Module List: 385s [p11_child[3083]] [do_card] (0x4000): common name: [softhsm2]. 385s [p11_child[3083]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 385s [p11_child[3083]] [do_card] (0x4000): Description [SoftHSM slot ID 0x71eb067f] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 385s [p11_child[3083]] [do_card] (0x4000): Token label [Test Organization Root Tr Token]. 385s [p11_child[3083]] [do_card] (0x4000): Found [Test Organization Root Tr Token] in slot [SoftHSM slot ID 0x71eb067f][1911228031] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 385s [p11_child[3083]] [do_card] (0x4000): Login NOT required. 385s [p11_child[3083]] [read_certs] (0x4000): found cert[Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] 385s [p11_child[3083]] [do_card] (0x4000): /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so (null) Test Organization Root Tr Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 385s [p11_child[3083]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x71eb067f;slot-manufacturer=SoftHSM%20project;slot-id=1911228031;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=bbb6960bf1eb067f;token=Test%20Organization%20Root%20Tr%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Root%20Trusted%20Certificate%200001;type=cert. 385s [p11_child[3083]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 385s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-cNC6UN/SSSD-child-9828.output 385s + echo '-----BEGIN CERTIFICATE-----' 385s + tail -n1 /tmp/sssd-softhsm2-cNC6UN/SSSD-child-9828.output 385s + echo '-----END CERTIFICATE-----' 385s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-cNC6UN/SSSD-child-9828.pem 385s Certificate: 385s Data: 385s Version: 3 (0x2) 385s Serial Number: 3 (0x3) 385s Signature Algorithm: sha256WithRSAEncryption 385s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root CA 385s Validity 385s Not Before: Jan 9 12:10:07 2025 GMT 385s Not After : Jan 9 12:10:07 2026 GMT 385s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root Trusted Certificate 0001 385s Subject Public Key Info: 385s Public Key Algorithm: rsaEncryption 385s Public-Key: (1024 bit) 385s Modulus: 385s 00:d5:6a:80:8b:d7:af:83:7b:fd:b2:78:54:4b:96: 385s 3e:c9:d4:77:61:e2:34:c2:5a:d4:14:3e:ed:7f:44: 385s dc:03:b9:cb:a4:9f:06:dc:ad:c3:09:62:b0:05:ea: 385s 37:a5:e6:85:6a:0c:6d:a3:c8:8c:44:5f:1d:c2:d0: 385s e3:89:20:51:04:ee:bf:f5:28:07:2e:40:ca:2e:7f: 385s 72:f5:61:94:e4:d9:6a:50:e5:69:55:ee:13:cd:7d: 385s 99:30:8f:97:0f:4c:c0:d2:19:7f:1b:c3:87:9e:fd: 385s 9a:5b:6a:59:df:2a:c4:bb:0a:6b:7a:89:23:8b:dd: 385s 28:f7:64:44:34:14:a2:db:bb 385s Exponent: 65537 (0x10001) 385s X509v3 extensions: 385s X509v3 Authority Key Identifier: 385s 6E:D3:0A:4C:9D:E5:42:DA:2B:DF:4E:F6:12:BF:35:56:DD:B2:47:CF 385s X509v3 Basic Constraints: 385s CA:FALSE 385s Netscape Cert Type: 385s SSL Client, S/MIME 385s Netscape Comment: 385s Test Organization Root CA trusted Certificate 385s X509v3 Subject Key Identifier: 385s AD:3A:B0:92:7B:7E:31:FF:CB:AF:F3:C0:CA:1F:B7:D2:DE:4E:D1:88 385s X509v3 Key Usage: critical 385s Digital Signature, Non Repudiation, Key Encipherment 385s X509v3 Extended Key Usage: 385s TLS Web Client Authentication, E-mail Protection 385s X509v3 Subject Alternative Name: 385s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 385s Signature Algorithm: sha256WithRSAEncryption 385s Signature Value: 385s bd:b3:20:2b:44:ba:3d:26:42:db:16:da:36:0f:f0:a5:e6:b2: 385s 6a:b7:8f:c9:b1:90:5a:39:02:d3:28:90:be:92:1e:48:a7:c3: 385s b9:b7:31:dc:d2:37:a3:2b:d5:88:cd:5d:d9:e2:fe:9d:86:d0: 385s 4d:0c:e1:9f:26:e8:64:a1:56:05:e1:1a:37:a5:f1:42:0d:3a: 385s 21:89:94:93:c8:5f:05:33:92:4f:ec:99:82:b8:b7:bf:d6:22: 385s 13:25:a9:78:9e:a9:08:77:9f:e8:9b:4e:4e:d1:73:d8:52:3f: 385s 0d:05:37:29:b9:7b:23:7c:86:f9:69:57:fe:9e:23:4d:dd:d8: 385s 9b:e8 385s + local found_md5 expected_md5 385s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-cNC6UN/test-root-CA-trusted-certificate-0001.pem 385s + expected_md5=Modulus=D56A808BD7AF837BFDB278544B963EC9D47761E234C25AD4143EED7F44DC03B9CBA49F06DCADC30962B005EA37A5E6856A0C6DA3C88C445F1DC2D0E389205104EEBFF528072E40CA2E7F72F56194E4D96A50E56955EE13CD7D99308F970F4CC0D2197F1BC3879EFD9A5B6A59DF2AC4BB0A6B7A89238BDD28F764443414A2DBBB 385s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-cNC6UN/SSSD-child-9828.pem 385s + found_md5=Modulus=D56A808BD7AF837BFDB278544B963EC9D47761E234C25AD4143EED7F44DC03B9CBA49F06DCADC30962B005EA37A5E6856A0C6DA3C88C445F1DC2D0E389205104EEBFF528072E40CA2E7F72F56194E4D96A50E56955EE13CD7D99308F970F4CC0D2197F1BC3879EFD9A5B6A59DF2AC4BB0A6B7A89238BDD28F764443414A2DBBB 385s + '[' Modulus=D56A808BD7AF837BFDB278544B963EC9D47761E234C25AD4143EED7F44DC03B9CBA49F06DCADC30962B005EA37A5E6856A0C6DA3C88C445F1DC2D0E389205104EEBFF528072E40CA2E7F72F56194E4D96A50E56955EE13CD7D99308F970F4CC0D2197F1BC3879EFD9A5B6A59DF2AC4BB0A6B7A89238BDD28F764443414A2DBBB '!=' Modulus=D56A808BD7AF837BFDB278544B963EC9D47761E234C25AD4143EED7F44DC03B9CBA49F06DCADC30962B005EA37A5E6856A0C6DA3C88C445F1DC2D0E389205104EEBFF528072E40CA2E7F72F56194E4D96A50E56955EE13CD7D99308F970F4CC0D2197F1BC3879EFD9A5B6A59DF2AC4BB0A6B7A89238BDD28F764443414A2DBBB ']' 385s + output_file=/tmp/sssd-softhsm2-cNC6UN/SSSD-child-9828-auth.output 385s ++ basename /tmp/sssd-softhsm2-cNC6UN/SSSD-child-9828-auth.output .output 385s + output_cert_file=/tmp/sssd-softhsm2-cNC6UN/SSSD-child-9828-auth.pem 385s + echo -n 053350 385s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/dev/null --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 --verify=no_verification --token_name 'Test Organization Root Tr Token' --module_name /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so 385s [p11_child[3091]] [main] (0x0400): p11_child started. 385s [p11_child[3091]] [main] (0x2000): Running in [auth] mode. 385s [p11_child[3091]] [main] (0x2000): Running with effective IDs: [0][0]. 385s [p11_child[3091]] [main] (0x2000): Running with real IDs [0][0]. 385s [p11_child[3091]] [parse_cert_verify_opts] (0x0020): Found 'no_verification' option, disabling verification completely. This should not be used in production. 385s [p11_child[3091]] [do_card] (0x4000): Module List: 385s [p11_child[3091]] [do_card] (0x4000): common name: [softhsm2]. 385s [p11_child[3091]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 385s [p11_child[3091]] [do_card] (0x4000): Description [SoftHSM slot ID 0x71eb067f] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 385s [p11_child[3091]] [do_card] (0x4000): Token label [Test Organization Root Tr Token]. 385s [p11_child[3091]] [do_card] (0x4000): Found [Test Organization Root Tr Token] in slot [SoftHSM slot ID 0x71eb067f][1911228031] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 385s [p11_child[3091]] [do_card] (0x4000): Login required. 385s [p11_child[3091]] [read_certs] (0x4000): found cert[Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] 385s [p11_child[3091]] [do_card] (0x4000): /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so Test Organization Root Tr Token Test Organization Root Tr Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 385s [p11_child[3091]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x71eb067f;slot-manufacturer=SoftHSM%20project;slot-id=1911228031;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=bbb6960bf1eb067f;token=Test%20Organization%20Root%20Tr%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Root%20Trusted%20Certificate%200001;type=cert. 385s [p11_child[3091]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 385s [p11_child[3091]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 385s [p11_child[3091]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 385s [p11_child[3091]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 385s [p11_child[3091]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 385s [p11_child[3091]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 385s [p11_child[3091]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 385s [p11_child[3091]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 385s [p11_child[3091]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 385s [p11_child[3091]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 385s [p11_child[3091]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 385s [p11_child[3091]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 385s [p11_child[3091]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 385s [p11_child[3091]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 385s [p11_child[3091]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 385s [p11_child[3091]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 385s [p11_child[3091]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 385s [p11_child[3091]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 385s [p11_child[3091]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 385s [p11_child[3091]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 385s [p11_child[3091]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 385s [p11_child[3091]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 385s [p11_child[3091]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 385s [p11_child[3091]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 385s [p11_child[3091]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 385s [p11_child[3091]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 385s [p11_child[3091]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 385s [p11_child[3091]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 385s [p11_child[3091]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 385s [p11_child[3091]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 385s [p11_child[3091]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 385s [p11_child[3091]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 385s [p11_child[3091]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 385s [p11_child[3091]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 385s [p11_child[3091]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 385s [p11_child[3091]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 385s [p11_child[3091]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 385s [p11_child[3091]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 385s [p11_child[3091]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 385s [p11_child[3091]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 385s [p11_child[3091]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 385s [p11_child[3091]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 385s [p11_child[3091]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 385s [p11_child[3091]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 385s [p11_child[3091]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 385s [p11_child[3091]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 385s [p11_child[3091]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 385s [p11_child[3091]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 385s [p11_child[3091]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 385s [p11_child[3091]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 385s [p11_child[3091]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 385s [p11_child[3091]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 385s [p11_child[3091]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 385s [p11_child[3091]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 385s [p11_child[3091]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 385s [p11_child[3091]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 385s [p11_child[3091]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 385s [p11_child[3091]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 385s [p11_child[3091]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 385s [p11_child[3091]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 385s [p11_child[3091]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 385s [p11_child[3091]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 385s [p11_child[3091]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 385s [p11_child[3091]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 385s [p11_child[3091]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 385s [p11_child[3091]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 385s [p11_child[3091]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 385s [p11_child[3091]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 385s [p11_child[3091]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 385s [p11_child[3091]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 385s [p11_child[3091]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 385s [p11_child[3091]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 385s [p11_child[3091]] [do_card] (0x4000): Certificate verified and validated. 385s [p11_child[3091]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 385s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-cNC6UN/SSSD-child-9828-auth.output 385s + echo '-----BEGIN CERTIFICATE-----' 385s + tail -n1 /tmp/sssd-softhsm2-cNC6UN/SSSD-child-9828-auth.output 385s + echo '-----END CERTIFICATE-----' 385s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-cNC6UN/SSSD-child-9828-auth.pem 385s Certificate: 385s Data: 385s Version: 3 (0x2) 385s Serial Number: 3 (0x3) 385s Signature Algorithm: sha256WithRSAEncryption 385s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root CA 385s Validity 385s Not Before: Jan 9 12:10:07 2025 GMT 385s Not After : Jan 9 12:10:07 2026 GMT 385s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root Trusted Certificate 0001 385s Subject Public Key Info: 385s Public Key Algorithm: rsaEncryption 385s Public-Key: (1024 bit) 385s Modulus: 385s 00:d5:6a:80:8b:d7:af:83:7b:fd:b2:78:54:4b:96: 385s 3e:c9:d4:77:61:e2:34:c2:5a:d4:14:3e:ed:7f:44: 385s dc:03:b9:cb:a4:9f:06:dc:ad:c3:09:62:b0:05:ea: 385s 37:a5:e6:85:6a:0c:6d:a3:c8:8c:44:5f:1d:c2:d0: 385s e3:89:20:51:04:ee:bf:f5:28:07:2e:40:ca:2e:7f: 385s 72:f5:61:94:e4:d9:6a:50:e5:69:55:ee:13:cd:7d: 385s 99:30:8f:97:0f:4c:c0:d2:19:7f:1b:c3:87:9e:fd: 385s 9a:5b:6a:59:df:2a:c4:bb:0a:6b:7a:89:23:8b:dd: 385s 28:f7:64:44:34:14:a2:db:bb 385s Exponent: 65537 (0x10001) 385s X509v3 extensions: 385s X509v3 Authority Key Identifier: 385s 6E:D3:0A:4C:9D:E5:42:DA:2B:DF:4E:F6:12:BF:35:56:DD:B2:47:CF 385s X509v3 Basic Constraints: 385s CA:FALSE 385s Netscape Cert Type: 385s SSL Client, S/MIME 385s Netscape Comment: 385s Test Organization Root CA trusted Certificate 385s X509v3 Subject Key Identifier: 385s AD:3A:B0:92:7B:7E:31:FF:CB:AF:F3:C0:CA:1F:B7:D2:DE:4E:D1:88 385s X509v3 Key Usage: critical 385s Digital Signature, Non Repudiation, Key Encipherment 385s X509v3 Extended Key Usage: 385s TLS Web Client Authentication, E-mail Protection 385s X509v3 Subject Alternative Name: 385s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 385s Signature Algorithm: sha256WithRSAEncryption 385s Signature Value: 385s bd:b3:20:2b:44:ba:3d:26:42:db:16:da:36:0f:f0:a5:e6:b2: 385s 6a:b7:8f:c9:b1:90:5a:39:02:d3:28:90:be:92:1e:48:a7:c3: 385s b9:b7:31:dc:d2:37:a3:2b:d5:88:cd:5d:d9:e2:fe:9d:86:d0: 385s 4d:0c:e1:9f:26:e8:64:a1:56:05:e1:1a:37:a5:f1:42:0d:3a: 385s 21:89:94:93:c8:5f:05:33:92:4f:ec:99:82:b8:b7:bf:d6:22: 385s 13:25:a9:78:9e:a9:08:77:9f:e8:9b:4e:4e:d1:73:d8:52:3f: 385s 0d:05:37:29:b9:7b:23:7c:86:f9:69:57:fe:9e:23:4d:dd:d8: 385s 9b:e8 385s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-cNC6UN/SSSD-child-9828-auth.pem 385s + found_md5=Modulus=D56A808BD7AF837BFDB278544B963EC9D47761E234C25AD4143EED7F44DC03B9CBA49F06DCADC30962B005EA37A5E6856A0C6DA3C88C445F1DC2D0E389205104EEBFF528072E40CA2E7F72F56194E4D96A50E56955EE13CD7D99308F970F4CC0D2197F1BC3879EFD9A5B6A59DF2AC4BB0A6B7A89238BDD28F764443414A2DBBB 385s + '[' Modulus=D56A808BD7AF837BFDB278544B963EC9D47761E234C25AD4143EED7F44DC03B9CBA49F06DCADC30962B005EA37A5E6856A0C6DA3C88C445F1DC2D0E389205104EEBFF528072E40CA2E7F72F56194E4D96A50E56955EE13CD7D99308F970F4CC0D2197F1BC3879EFD9A5B6A59DF2AC4BB0A6B7A89238BDD28F764443414A2DBBB '!=' Modulus=D56A808BD7AF837BFDB278544B963EC9D47761E234C25AD4143EED7F44DC03B9CBA49F06DCADC30962B005EA37A5E6856A0C6DA3C88C445F1DC2D0E389205104EEBFF528072E40CA2E7F72F56194E4D96A50E56955EE13CD7D99308F970F4CC0D2197F1BC3879EFD9A5B6A59DF2AC4BB0A6B7A89238BDD28F764443414A2DBBB ']' 385s + valid_certificate /tmp/sssd-softhsm2-cNC6UN/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-27971 /tmp/sssd-softhsm2-cNC6UN/test-root-CA.pem 385s + check_certificate /tmp/sssd-softhsm2-cNC6UN/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-27971 /tmp/sssd-softhsm2-cNC6UN/test-root-CA.pem 385s + local certificate=/tmp/sssd-softhsm2-cNC6UN/test-root-CA-trusted-certificate-0001.pem 385s + local key_pass=pass:random-root-ca-trusted-cert-0001-27971 385s + local key_ring=/tmp/sssd-softhsm2-cNC6UN/test-root-CA.pem 385s + local verify_option= 385s + prepare_softhsm2_card /tmp/sssd-softhsm2-cNC6UN/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-27971 385s + local certificate=/tmp/sssd-softhsm2-cNC6UN/test-root-CA-trusted-certificate-0001.pem 385s + local key_pass=pass:random-root-ca-trusted-cert-0001-27971 385s + local key_cn 385s + local key_name 385s + local tokens_dir 385s + local output_cert_file 385s + token_name= 385s ++ basename /tmp/sssd-softhsm2-cNC6UN/test-root-CA-trusted-certificate-0001.pem .pem 385s + key_name=test-root-CA-trusted-certificate-0001 385s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-cNC6UN/test-root-CA-trusted-certificate-0001.pem 385s ++ sed -n 's/ *commonName *= //p' 385s + key_cn='Test Organization Root Trusted Certificate 0001' 385s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 385s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-cNC6UN/softhsm2-test-root-CA-trusted-certificate-0001.conf 385s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-cNC6UN/softhsm2-test-root-CA-trusted-certificate-0001.conf 385s ++ basename /tmp/sssd-softhsm2-cNC6UN/softhsm2-test-root-CA-trusted-certificate-0001.conf .conf 385s + tokens_dir=/tmp/sssd-softhsm2-cNC6UN/softhsm2-test-root-CA-trusted-certificate-0001 385s + token_name='Test Organization Root Tr Token' 385s + '[' '!' -e /tmp/sssd-softhsm2-cNC6UN/softhsm2-test-root-CA-trusted-certificate-0001.conf ']' 385s + '[' '!' -d /tmp/sssd-softhsm2-cNC6UN/softhsm2-test-root-CA-trusted-certificate-0001 ']' 385s + echo 'Test Organization Root Tr Token' 385s + '[' -n '' ']' 385s + local output_base_name=SSSD-child-27956 385s + local output_file=/tmp/sssd-softhsm2-cNC6UN/SSSD-child-27956.output 385s + output_cert_file=/tmp/sssd-softhsm2-cNC6UN/SSSD-child-27956.pem 385s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so '' --ca_db=/tmp/sssd-softhsm2-cNC6UN/test-root-CA.pem 385s Test Organization Root Tr Token 385s [p11_child[3101]] [main] (0x0400): p11_child started. 385s [p11_child[3101]] [main] (0x2000): Running in [pre-auth] mode. 385s [p11_child[3101]] [main] (0x2000): Running with effective IDs: [0][0]. 385s [p11_child[3101]] [main] (0x2000): Running with real IDs [0][0]. 385s [p11_child[3101]] [do_card] (0x4000): Module List: 385s [p11_child[3101]] [do_card] (0x4000): common name: [softhsm2]. 385s [p11_child[3101]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 385s [p11_child[3101]] [do_card] (0x4000): Description [SoftHSM slot ID 0x71eb067f] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 385s [p11_child[3101]] [do_card] (0x4000): Token label [Test Organization Root Tr Token]. 385s [p11_child[3101]] [do_card] (0x4000): Found [Test Organization Root Tr Token] in slot [SoftHSM slot ID 0x71eb067f][1911228031] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 385s [p11_child[3101]] [do_card] (0x4000): Login NOT required. 385s [p11_child[3101]] [read_certs] (0x4000): found cert[Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] 385s [p11_child[3101]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 385s [p11_child[3101]] [do_card] (0x4000): /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so (null) Test Organization Root Tr Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 385s [p11_child[3101]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x71eb067f;slot-manufacturer=SoftHSM%20project;slot-id=1911228031;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=bbb6960bf1eb067f;token=Test%20Organization%20Root%20Tr%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Root%20Trusted%20Certificate%200001;type=cert. 385s [p11_child[3101]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 385s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-cNC6UN/SSSD-child-27956.output 385s + echo '-----BEGIN CERTIFICATE-----' 385s + tail -n1 /tmp/sssd-softhsm2-cNC6UN/SSSD-child-27956.output 385s + echo '-----END CERTIFICATE-----' 385s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-cNC6UN/SSSD-child-27956.pem 385s + local found_md5 expected_md5 385s Certificate: 385s Data: 385s Version: 3 (0x2) 385s Serial Number: 3 (0x3) 385s Signature Algorithm: sha256WithRSAEncryption 385s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root CA 385s Validity 385s Not Before: Jan 9 12:10:07 2025 GMT 385s Not After : Jan 9 12:10:07 2026 GMT 385s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root Trusted Certificate 0001 385s Subject Public Key Info: 385s Public Key Algorithm: rsaEncryption 385s Public-Key: (1024 bit) 385s Modulus: 385s 00:d5:6a:80:8b:d7:af:83:7b:fd:b2:78:54:4b:96: 385s 3e:c9:d4:77:61:e2:34:c2:5a:d4:14:3e:ed:7f:44: 385s dc:03:b9:cb:a4:9f:06:dc:ad:c3:09:62:b0:05:ea: 385s 37:a5:e6:85:6a:0c:6d:a3:c8:8c:44:5f:1d:c2:d0: 385s e3:89:20:51:04:ee:bf:f5:28:07:2e:40:ca:2e:7f: 385s 72:f5:61:94:e4:d9:6a:50:e5:69:55:ee:13:cd:7d: 385s 99:30:8f:97:0f:4c:c0:d2:19:7f:1b:c3:87:9e:fd: 385s 9a:5b:6a:59:df:2a:c4:bb:0a:6b:7a:89:23:8b:dd: 385s 28:f7:64:44:34:14:a2:db:bb 385s Exponent: 65537 (0x10001) 385s X509v3 extensions: 385s X509v3 Authority Key Identifier: 385s 6E:D3:0A:4C:9D:E5:42:DA:2B:DF:4E:F6:12:BF:35:56:DD:B2:47:CF 385s X509v3 Basic Constraints: 385s CA:FALSE 385s Netscape Cert Type: 385s SSL Client, S/MIME 385s Netscape Comment: 385s Test Organization Root CA trusted Certificate 385s X509v3 Subject Key Identifier: 385s AD:3A:B0:92:7B:7E:31:FF:CB:AF:F3:C0:CA:1F:B7:D2:DE:4E:D1:88 385s X509v3 Key Usage: critical 385s Digital Signature, Non Repudiation, Key Encipherment 385s X509v3 Extended Key Usage: 385s TLS Web Client Authentication, E-mail Protection 385s X509v3 Subject Alternative Name: 385s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 385s Signature Algorithm: sha256WithRSAEncryption 385s Signature Value: 385s bd:b3:20:2b:44:ba:3d:26:42:db:16:da:36:0f:f0:a5:e6:b2: 385s 6a:b7:8f:c9:b1:90:5a:39:02:d3:28:90:be:92:1e:48:a7:c3: 385s b9:b7:31:dc:d2:37:a3:2b:d5:88:cd:5d:d9:e2:fe:9d:86:d0: 385s 4d:0c:e1:9f:26:e8:64:a1:56:05:e1:1a:37:a5:f1:42:0d:3a: 385s 21:89:94:93:c8:5f:05:33:92:4f:ec:99:82:b8:b7:bf:d6:22: 385s 13:25:a9:78:9e:a9:08:77:9f:e8:9b:4e:4e:d1:73:d8:52:3f: 385s 0d:05:37:29:b9:7b:23:7c:86:f9:69:57:fe:9e:23:4d:dd:d8: 385s 9b:e8 385s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-cNC6UN/test-root-CA-trusted-certificate-0001.pem 385s + expected_md5=Modulus=D56A808BD7AF837BFDB278544B963EC9D47761E234C25AD4143EED7F44DC03B9CBA49F06DCADC30962B005EA37A5E6856A0C6DA3C88C445F1DC2D0E389205104EEBFF528072E40CA2E7F72F56194E4D96A50E56955EE13CD7D99308F970F4CC0D2197F1BC3879EFD9A5B6A59DF2AC4BB0A6B7A89238BDD28F764443414A2DBBB 385s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-cNC6UN/SSSD-child-27956.pem 385s + found_md5=Modulus=D56A808BD7AF837BFDB278544B963EC9D47761E234C25AD4143EED7F44DC03B9CBA49F06DCADC30962B005EA37A5E6856A0C6DA3C88C445F1DC2D0E389205104EEBFF528072E40CA2E7F72F56194E4D96A50E56955EE13CD7D99308F970F4CC0D2197F1BC3879EFD9A5B6A59DF2AC4BB0A6B7A89238BDD28F764443414A2DBBB 385s + '[' Modulus=D56A808BD7AF837BFDB278544B963EC9D47761E234C25AD4143EED7F44DC03B9CBA49F06DCADC30962B005EA37A5E6856A0C6DA3C88C445F1DC2D0E389205104EEBFF528072E40CA2E7F72F56194E4D96A50E56955EE13CD7D99308F970F4CC0D2197F1BC3879EFD9A5B6A59DF2AC4BB0A6B7A89238BDD28F764443414A2DBBB '!=' Modulus=D56A808BD7AF837BFDB278544B963EC9D47761E234C25AD4143EED7F44DC03B9CBA49F06DCADC30962B005EA37A5E6856A0C6DA3C88C445F1DC2D0E389205104EEBFF528072E40CA2E7F72F56194E4D96A50E56955EE13CD7D99308F970F4CC0D2197F1BC3879EFD9A5B6A59DF2AC4BB0A6B7A89238BDD28F764443414A2DBBB ']' 385s + output_file=/tmp/sssd-softhsm2-cNC6UN/SSSD-child-27956-auth.output 385s ++ basename /tmp/sssd-softhsm2-cNC6UN/SSSD-child-27956-auth.output .output 385s + output_cert_file=/tmp/sssd-softhsm2-cNC6UN/SSSD-child-27956-auth.pem 385s + echo -n 053350 385s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/tmp/sssd-softhsm2-cNC6UN/test-root-CA.pem --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 '' --token_name 'Test Organization Root Tr Token' --module_name /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so 385s [p11_child[3109]] [main] (0x0400): p11_child started. 385s [p11_child[3109]] [main] (0x2000): Running in [auth] mode. 385s [p11_child[3109]] [main] (0x2000): Running with effective IDs: [0][0]. 385s [p11_child[3109]] [main] (0x2000): Running with real IDs [0][0]. 385s [p11_child[3109]] [do_card] (0x4000): Module List: 385s [p11_child[3109]] [do_card] (0x4000): common name: [softhsm2]. 385s [p11_child[3109]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 385s [p11_child[3109]] [do_card] (0x4000): Description [SoftHSM slot ID 0x71eb067f] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 385s [p11_child[3109]] [do_card] (0x4000): Token label [Test Organization Root Tr Token]. 385s [p11_child[3109]] [do_card] (0x4000): Found [Test Organization Root Tr Token] in slot [SoftHSM slot ID 0x71eb067f][1911228031] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 385s [p11_child[3109]] [do_card] (0x4000): Login required. 386s [p11_child[3109]] [read_certs] (0x4000): found cert[Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] 386s [p11_child[3109]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 386s [p11_child[3109]] [do_card] (0x4000): /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so Test Organization Root Tr Token Test Organization Root Tr Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 386s [p11_child[3109]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x71eb067f;slot-manufacturer=SoftHSM%20project;slot-id=1911228031;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=bbb6960bf1eb067f;token=Test%20Organization%20Root%20Tr%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Root%20Trusted%20Certificate%200001;type=cert. 386s [p11_child[3109]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 386s [p11_child[3109]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 386s [p11_child[3109]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 386s [p11_child[3109]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 386s [p11_child[3109]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 386s [p11_child[3109]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 386s [p11_child[3109]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 386s [p11_child[3109]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 386s [p11_child[3109]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 386s [p11_child[3109]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 386s [p11_child[3109]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 386s [p11_child[3109]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 386s [p11_child[3109]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 386s [p11_child[3109]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 386s [p11_child[3109]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 386s [p11_child[3109]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 386s [p11_child[3109]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 386s [p11_child[3109]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 386s [p11_child[3109]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 386s [p11_child[3109]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 386s [p11_child[3109]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 386s [p11_child[3109]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 386s [p11_child[3109]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 386s [p11_child[3109]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 386s [p11_child[3109]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 386s [p11_child[3109]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 386s [p11_child[3109]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 386s [p11_child[3109]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 386s [p11_child[3109]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 386s [p11_child[3109]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 386s [p11_child[3109]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 386s [p11_child[3109]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 386s [p11_child[3109]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 386s [p11_child[3109]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 386s [p11_child[3109]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 386s [p11_child[3109]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 386s [p11_child[3109]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 386s [p11_child[3109]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 386s [p11_child[3109]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 386s [p11_child[3109]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 386s [p11_child[3109]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 386s [p11_child[3109]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 386s [p11_child[3109]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 386s [p11_child[3109]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 386s [p11_child[3109]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 386s [p11_child[3109]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 386s [p11_child[3109]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 386s [p11_child[3109]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 386s [p11_child[3109]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 386s [p11_child[3109]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 386s [p11_child[3109]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 386s [p11_child[3109]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 386s [p11_child[3109]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 386s [p11_child[3109]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 386s [p11_child[3109]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 386s [p11_child[3109]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 386s [p11_child[3109]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 386s [p11_child[3109]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 386s [p11_child[3109]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 386s [p11_child[3109]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 386s [p11_child[3109]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 386s [p11_child[3109]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 386s [p11_child[3109]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 386s [p11_child[3109]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 386s [p11_child[3109]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 386s [p11_child[3109]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 386s [p11_child[3109]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 386s [p11_child[3109]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 386s [p11_child[3109]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 386s [p11_child[3109]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 386s [p11_child[3109]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 386s [p11_child[3109]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 386s [p11_child[3109]] [do_card] (0x4000): Certificate verified and validated. 386s [p11_child[3109]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 386s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-cNC6UN/SSSD-child-27956-auth.output 386s + echo '-----BEGIN CERTIFICATE-----' 386s + tail -n1 /tmp/sssd-softhsm2-cNC6UN/SSSD-child-27956-auth.output 386s + echo '-----END CERTIFICATE-----' 386s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-cNC6UN/SSSD-child-27956-auth.pem 386s Certificate: 386s Data: 386s Version: 3 (0x2) 386s Serial Number: 3 (0x3) 386s Signature Algorithm: sha256WithRSAEncryption 386s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root CA 386s Validity 386s Not Before: Jan 9 12:10:07 2025 GMT 386s Not After : Jan 9 12:10:07 2026 GMT 386s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root Trusted Certificate 0001 386s Subject Public Key Info: 386s Public Key Algorithm: rsaEncryption 386s Public-Key: (1024 bit) 386s Modulus: 386s 00:d5:6a:80:8b:d7:af:83:7b:fd:b2:78:54:4b:96: 386s 3e:c9:d4:77:61:e2:34:c2:5a:d4:14:3e:ed:7f:44: 386s dc:03:b9:cb:a4:9f:06:dc:ad:c3:09:62:b0:05:ea: 386s 37:a5:e6:85:6a:0c:6d:a3:c8:8c:44:5f:1d:c2:d0: 386s e3:89:20:51:04:ee:bf:f5:28:07:2e:40:ca:2e:7f: 386s 72:f5:61:94:e4:d9:6a:50:e5:69:55:ee:13:cd:7d: 386s 99:30:8f:97:0f:4c:c0:d2:19:7f:1b:c3:87:9e:fd: 386s 9a:5b:6a:59:df:2a:c4:bb:0a:6b:7a:89:23:8b:dd: 386s 28:f7:64:44:34:14:a2:db:bb 386s Exponent: 65537 (0x10001) 386s X509v3 extensions: 386s X509v3 Authority Key Identifier: 386s 6E:D3:0A:4C:9D:E5:42:DA:2B:DF:4E:F6:12:BF:35:56:DD:B2:47:CF 386s X509v3 Basic Constraints: 386s CA:FALSE 386s Netscape Cert Type: 386s SSL Client, S/MIME 386s Netscape Comment: 386s Test Organization Root CA trusted Certificate 386s X509v3 Subject Key Identifier: 386s AD:3A:B0:92:7B:7E:31:FF:CB:AF:F3:C0:CA:1F:B7:D2:DE:4E:D1:88 386s X509v3 Key Usage: critical 386s Digital Signature, Non Repudiation, Key Encipherment 386s X509v3 Extended Key Usage: 386s TLS Web Client Authentication, E-mail Protection 386s X509v3 Subject Alternative Name: 386s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 386s Signature Algorithm: sha256WithRSAEncryption 386s Signature Value: 386s bd:b3:20:2b:44:ba:3d:26:42:db:16:da:36:0f:f0:a5:e6:b2: 386s 6a:b7:8f:c9:b1:90:5a:39:02:d3:28:90:be:92:1e:48:a7:c3: 386s b9:b7:31:dc:d2:37:a3:2b:d5:88:cd:5d:d9:e2:fe:9d:86:d0: 386s 4d:0c:e1:9f:26:e8:64:a1:56:05:e1:1a:37:a5:f1:42:0d:3a: 386s 21:89:94:93:c8:5f:05:33:92:4f:ec:99:82:b8:b7:bf:d6:22: 386s 13:25:a9:78:9e:a9:08:77:9f:e8:9b:4e:4e:d1:73:d8:52:3f: 386s 0d:05:37:29:b9:7b:23:7c:86:f9:69:57:fe:9e:23:4d:dd:d8: 386s 9b:e8 386s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-cNC6UN/SSSD-child-27956-auth.pem 386s + found_md5=Modulus=D56A808BD7AF837BFDB278544B963EC9D47761E234C25AD4143EED7F44DC03B9CBA49F06DCADC30962B005EA37A5E6856A0C6DA3C88C445F1DC2D0E389205104EEBFF528072E40CA2E7F72F56194E4D96A50E56955EE13CD7D99308F970F4CC0D2197F1BC3879EFD9A5B6A59DF2AC4BB0A6B7A89238BDD28F764443414A2DBBB 386s + '[' Modulus=D56A808BD7AF837BFDB278544B963EC9D47761E234C25AD4143EED7F44DC03B9CBA49F06DCADC30962B005EA37A5E6856A0C6DA3C88C445F1DC2D0E389205104EEBFF528072E40CA2E7F72F56194E4D96A50E56955EE13CD7D99308F970F4CC0D2197F1BC3879EFD9A5B6A59DF2AC4BB0A6B7A89238BDD28F764443414A2DBBB '!=' Modulus=D56A808BD7AF837BFDB278544B963EC9D47761E234C25AD4143EED7F44DC03B9CBA49F06DCADC30962B005EA37A5E6856A0C6DA3C88C445F1DC2D0E389205104EEBFF528072E40CA2E7F72F56194E4D96A50E56955EE13CD7D99308F970F4CC0D2197F1BC3879EFD9A5B6A59DF2AC4BB0A6B7A89238BDD28F764443414A2DBBB ']' 386s + valid_certificate /tmp/sssd-softhsm2-cNC6UN/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-27971 /tmp/sssd-softhsm2-cNC6UN/test-root-CA.pem partial_chain 386s + check_certificate /tmp/sssd-softhsm2-cNC6UN/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-27971 /tmp/sssd-softhsm2-cNC6UN/test-root-CA.pem partial_chain 386s + local certificate=/tmp/sssd-softhsm2-cNC6UN/test-root-CA-trusted-certificate-0001.pem 386s + local key_pass=pass:random-root-ca-trusted-cert-0001-27971 386s + local key_ring=/tmp/sssd-softhsm2-cNC6UN/test-root-CA.pem 386s + local verify_option=partial_chain 386s + prepare_softhsm2_card /tmp/sssd-softhsm2-cNC6UN/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-27971 386s + local certificate=/tmp/sssd-softhsm2-cNC6UN/test-root-CA-trusted-certificate-0001.pem 386s + local key_pass=pass:random-root-ca-trusted-cert-0001-27971 386s + local key_cn 386s + local key_name 386s + local tokens_dir 386s + local output_cert_file 386s + token_name= 386s ++ basename /tmp/sssd-softhsm2-cNC6UN/test-root-CA-trusted-certificate-0001.pem .pem 386s + key_name=test-root-CA-trusted-certificate-0001 386s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-cNC6UN/test-root-CA-trusted-certificate-0001.pem 386s ++ sed -n 's/ *commonName *= //p' 386s + key_cn='Test Organization Root Trusted Certificate 0001' 386s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 386s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-cNC6UN/softhsm2-test-root-CA-trusted-certificate-0001.conf 386s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-cNC6UN/softhsm2-test-root-CA-trusted-certificate-0001.conf 386s ++ basename /tmp/sssd-softhsm2-cNC6UN/softhsm2-test-root-CA-trusted-certificate-0001.conf .conf 386s Test Organization Root Tr Token 386s + tokens_dir=/tmp/sssd-softhsm2-cNC6UN/softhsm2-test-root-CA-trusted-certificate-0001 386s + token_name='Test Organization Root Tr Token' 386s + '[' '!' -e /tmp/sssd-softhsm2-cNC6UN/softhsm2-test-root-CA-trusted-certificate-0001.conf ']' 386s + '[' '!' -d /tmp/sssd-softhsm2-cNC6UN/softhsm2-test-root-CA-trusted-certificate-0001 ']' 386s + echo 'Test Organization Root Tr Token' 386s + '[' -n partial_chain ']' 386s + local verify_arg=--verify=partial_chain 386s + local output_base_name=SSSD-child-21761 386s + local output_file=/tmp/sssd-softhsm2-cNC6UN/SSSD-child-21761.output 386s + output_cert_file=/tmp/sssd-softhsm2-cNC6UN/SSSD-child-21761.pem 386s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so --verify=partial_chain --ca_db=/tmp/sssd-softhsm2-cNC6UN/test-root-CA.pem 386s [p11_child[3119]] [main] (0x0400): p11_child started. 386s [p11_child[3119]] [main] (0x2000): Running in [pre-auth] mode. 386s [p11_child[3119]] [main] (0x2000): Running with effective IDs: [0][0]. 386s [p11_child[3119]] [main] (0x2000): Running with real IDs [0][0]. 386s [p11_child[3119]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 386s [p11_child[3119]] [do_card] (0x4000): Module List: 386s [p11_child[3119]] [do_card] (0x4000): common name: [softhsm2]. 386s [p11_child[3119]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 386s [p11_child[3119]] [do_card] (0x4000): Description [SoftHSM slot ID 0x71eb067f] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 386s [p11_child[3119]] [do_card] (0x4000): Token label [Test Organization Root Tr Token]. 386s [p11_child[3119]] [do_card] (0x4000): Found [Test Organization Root Tr Token] in slot [SoftHSM slot ID 0x71eb067f][1911228031] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 386s [p11_child[3119]] [do_card] (0x4000): Login NOT required. 386s [p11_child[3119]] [read_certs] (0x4000): found cert[Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] 386s [p11_child[3119]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 386s [p11_child[3119]] [do_card] (0x4000): /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so (null) Test Organization Root Tr Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 386s [p11_child[3119]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x71eb067f;slot-manufacturer=SoftHSM%20project;slot-id=1911228031;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=bbb6960bf1eb067f;token=Test%20Organization%20Root%20Tr%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Root%20Trusted%20Certificate%200001;type=cert. 386s [p11_child[3119]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 386s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-cNC6UN/SSSD-child-21761.output 386s + echo '-----BEGIN CERTIFICATE-----' 386s + tail -n1 /tmp/sssd-softhsm2-cNC6UN/SSSD-child-21761.output 386s + echo '-----END CERTIFICATE-----' 386s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-cNC6UN/SSSD-child-21761.pem 386s Certificate: 386s Data: 386s Version: 3 (0x2) 386s Serial Number: 3 (0x3) 386s Signature Algorithm: sha256WithRSAEncryption 386s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root CA 386s Validity 386s Not Before: Jan 9 12:10:07 2025 GMT 386s Not After : Jan 9 12:10:07 2026 GMT 386s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root Trusted Certificate 0001 386s Subject Public Key Info: 386s Public Key Algorithm: rsaEncryption 386s Public-Key: (1024 bit) 386s Modulus: 386s 00:d5:6a:80:8b:d7:af:83:7b:fd:b2:78:54:4b:96: 386s 3e:c9:d4:77:61:e2:34:c2:5a:d4:14:3e:ed:7f:44: 386s dc:03:b9:cb:a4:9f:06:dc:ad:c3:09:62:b0:05:ea: 386s 37:a5:e6:85:6a:0c:6d:a3:c8:8c:44:5f:1d:c2:d0: 386s e3:89:20:51:04:ee:bf:f5:28:07:2e:40:ca:2e:7f: 386s 72:f5:61:94:e4:d9:6a:50:e5:69:55:ee:13:cd:7d: 386s 99:30:8f:97:0f:4c:c0:d2:19:7f:1b:c3:87:9e:fd: 386s 9a:5b:6a:59:df:2a:c4:bb:0a:6b:7a:89:23:8b:dd: 386s 28:f7:64:44:34:14:a2:db:bb 386s Exponent: 65537 (0x10001) 386s X509v3 extensions: 386s X509v3 Authority Key Identifier: 386s 6E:D3:0A:4C:9D:E5:42:DA:2B:DF:4E:F6:12:BF:35:56:DD:B2:47:CF 386s X509v3 Basic Constraints: 386s CA:FALSE 386s Netscape Cert Type: 386s SSL Client, S/MIME 386s Netscape Comment: 386s Test Organization Root CA trusted Certificate 386s X509v3 Subject Key Identifier: 386s AD:3A:B0:92:7B:7E:31:FF:CB:AF:F3:C0:CA:1F:B7:D2:DE:4E:D1:88 386s X509v3 Key Usage: critical 386s Digital Signature, Non Repudiation, Key Encipherment 386s X509v3 Extended Key Usage: 386s TLS Web Client Authentication, E-mail Protection 386s X509v3 Subject Alternative Name: 386s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 386s Signature Algorithm: sha256WithRSAEncryption 386s Signature Value: 386s bd:b3:20:2b:44:ba:3d:26:42:db:16:da:36:0f:f0:a5:e6:b2: 386s 6a:b7:8f:c9:b1:90:5a:39:02:d3:28:90:be:92:1e:48:a7:c3: 386s b9:b7:31:dc:d2:37:a3:2b:d5:88:cd:5d:d9:e2:fe:9d:86:d0: 386s 4d:0c:e1:9f:26:e8:64:a1:56:05:e1:1a:37:a5:f1:42:0d:3a: 386s 21:89:94:93:c8:5f:05:33:92:4f:ec:99:82:b8:b7:bf:d6:22: 386s 13:25:a9:78:9e:a9:08:77:9f:e8:9b:4e:4e:d1:73:d8:52:3f: 386s 0d:05:37:29:b9:7b:23:7c:86:f9:69:57:fe:9e:23:4d:dd:d8: 386s 9b:e8 386s + local found_md5 expected_md5 386s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-cNC6UN/test-root-CA-trusted-certificate-0001.pem 386s + expected_md5=Modulus=D56A808BD7AF837BFDB278544B963EC9D47761E234C25AD4143EED7F44DC03B9CBA49F06DCADC30962B005EA37A5E6856A0C6DA3C88C445F1DC2D0E389205104EEBFF528072E40CA2E7F72F56194E4D96A50E56955EE13CD7D99308F970F4CC0D2197F1BC3879EFD9A5B6A59DF2AC4BB0A6B7A89238BDD28F764443414A2DBBB 386s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-cNC6UN/SSSD-child-21761.pem 386s + found_md5=Modulus=D56A808BD7AF837BFDB278544B963EC9D47761E234C25AD4143EED7F44DC03B9CBA49F06DCADC30962B005EA37A5E6856A0C6DA3C88C445F1DC2D0E389205104EEBFF528072E40CA2E7F72F56194E4D96A50E56955EE13CD7D99308F970F4CC0D2197F1BC3879EFD9A5B6A59DF2AC4BB0A6B7A89238BDD28F764443414A2DBBB 386s + '[' Modulus=D56A808BD7AF837BFDB278544B963EC9D47761E234C25AD4143EED7F44DC03B9CBA49F06DCADC30962B005EA37A5E6856A0C6DA3C88C445F1DC2D0E389205104EEBFF528072E40CA2E7F72F56194E4D96A50E56955EE13CD7D99308F970F4CC0D2197F1BC3879EFD9A5B6A59DF2AC4BB0A6B7A89238BDD28F764443414A2DBBB '!=' Modulus=D56A808BD7AF837BFDB278544B963EC9D47761E234C25AD4143EED7F44DC03B9CBA49F06DCADC30962B005EA37A5E6856A0C6DA3C88C445F1DC2D0E389205104EEBFF528072E40CA2E7F72F56194E4D96A50E56955EE13CD7D99308F970F4CC0D2197F1BC3879EFD9A5B6A59DF2AC4BB0A6B7A89238BDD28F764443414A2DBBB ']' 386s + output_file=/tmp/sssd-softhsm2-cNC6UN/SSSD-child-21761-auth.output 386s ++ basename /tmp/sssd-softhsm2-cNC6UN/SSSD-child-21761-auth.output .output 386s + output_cert_file=/tmp/sssd-softhsm2-cNC6UN/SSSD-child-21761-auth.pem 386s + echo -n 053350 386s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/tmp/sssd-softhsm2-cNC6UN/test-root-CA.pem --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 --verify=partial_chain --token_name 'Test Organization Root Tr Token' --module_name /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so 386s [p11_child[3127]] [main] (0x0400): p11_child started. 386s [p11_child[3127]] [main] (0x2000): Running in [auth] mode. 386s [p11_child[3127]] [main] (0x2000): Running with effective IDs: [0][0]. 386s [p11_child[3127]] [main] (0x2000): Running with real IDs [0][0]. 386s [p11_child[3127]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 386s [p11_child[3127]] [do_card] (0x4000): Module List: 386s [p11_child[3127]] [do_card] (0x4000): common name: [softhsm2]. 386s [p11_child[3127]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 386s [p11_child[3127]] [do_card] (0x4000): Description [SoftHSM slot ID 0x71eb067f] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 386s [p11_child[3127]] [do_card] (0x4000): Token label [Test Organization Root Tr Token]. 386s [p11_child[3127]] [do_card] (0x4000): Found [Test Organization Root Tr Token] in slot [SoftHSM slot ID 0x71eb067f][1911228031] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 386s [p11_child[3127]] [do_card] (0x4000): Login required. 386s [p11_child[3127]] [read_certs] (0x4000): found cert[Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] 386s [p11_child[3127]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 386s [p11_child[3127]] [do_card] (0x4000): /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so Test Organization Root Tr Token Test Organization Root Tr Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 386s [p11_child[3127]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x71eb067f;slot-manufacturer=SoftHSM%20project;slot-id=1911228031;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=bbb6960bf1eb067f;token=Test%20Organization%20Root%20Tr%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Root%20Trusted%20Certificate%200001;type=cert. 386s [p11_child[3127]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 386s [p11_child[3127]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 386s [p11_child[3127]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 386s [p11_child[3127]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 386s [p11_child[3127]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 386s [p11_child[3127]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 386s [p11_child[3127]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 386s [p11_child[3127]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 386s [p11_child[3127]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 386s [p11_child[3127]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 386s [p11_child[3127]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 386s [p11_child[3127]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 386s [p11_child[3127]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 386s [p11_child[3127]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 386s [p11_child[3127]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 386s [p11_child[3127]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 386s [p11_child[3127]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 386s [p11_child[3127]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 386s [p11_child[3127]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 386s [p11_child[3127]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 386s [p11_child[3127]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 386s [p11_child[3127]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 386s [p11_child[3127]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 386s [p11_child[3127]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 386s [p11_child[3127]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 386s [p11_child[3127]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 386s [p11_child[3127]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 386s [p11_child[3127]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 386s [p11_child[3127]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 386s [p11_child[3127]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 386s [p11_child[3127]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 386s [p11_child[3127]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 386s [p11_child[3127]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 386s [p11_child[3127]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 386s [p11_child[3127]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 386s [p11_child[3127]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 386s [p11_child[3127]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 386s [p11_child[3127]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 386s [p11_child[3127]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 386s [p11_child[3127]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 386s [p11_child[3127]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 386s [p11_child[3127]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 386s [p11_child[3127]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 386s [p11_child[3127]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 386s [p11_child[3127]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 386s [p11_child[3127]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 386s [p11_child[3127]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 386s [p11_child[3127]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 386s [p11_child[3127]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 386s [p11_child[3127]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 386s [p11_child[3127]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 386s [p11_child[3127]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 386s [p11_child[3127]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 386s [p11_child[3127]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 386s [p11_child[3127]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 386s [p11_child[3127]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 386s [p11_child[3127]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 386s [p11_child[3127]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 386s [p11_child[3127]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 386s [p11_child[3127]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 386s [p11_child[3127]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 386s [p11_child[3127]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 386s [p11_child[3127]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 386s [p11_child[3127]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 386s [p11_child[3127]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 386s [p11_child[3127]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 386s [p11_child[3127]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 386s [p11_child[3127]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 386s [p11_child[3127]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 386s [p11_child[3127]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 386s [p11_child[3127]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 386s [p11_child[3127]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 386s [p11_child[3127]] [do_card] (0x4000): Certificate verified and validated. 386s [p11_child[3127]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 386s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-cNC6UN/SSSD-child-21761-auth.output 386s + echo '-----BEGIN CERTIFICATE-----' 386s + tail -n1 /tmp/sssd-softhsm2-cNC6UN/SSSD-child-21761-auth.output 386s + echo '-----END CERTIFICATE-----' 386s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-cNC6UN/SSSD-child-21761-auth.pem 386s Certificate: 386s Data: 386s Version: 3 (0x2) 386s Serial Number: 3 (0x3) 386s Signature Algorithm: sha256WithRSAEncryption 386s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root CA 386s Validity 386s Not Before: Jan 9 12:10:07 2025 GMT 386s Not After : Jan 9 12:10:07 2026 GMT 386s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root Trusted Certificate 0001 386s Subject Public Key Info: 386s Public Key Algorithm: rsaEncryption 386s Public-Key: (1024 bit) 386s Modulus: 386s 00:d5:6a:80:8b:d7:af:83:7b:fd:b2:78:54:4b:96: 386s 3e:c9:d4:77:61:e2:34:c2:5a:d4:14:3e:ed:7f:44: 386s dc:03:b9:cb:a4:9f:06:dc:ad:c3:09:62:b0:05:ea: 386s 37:a5:e6:85:6a:0c:6d:a3:c8:8c:44:5f:1d:c2:d0: 386s e3:89:20:51:04:ee:bf:f5:28:07:2e:40:ca:2e:7f: 386s 72:f5:61:94:e4:d9:6a:50:e5:69:55:ee:13:cd:7d: 386s 99:30:8f:97:0f:4c:c0:d2:19:7f:1b:c3:87:9e:fd: 386s 9a:5b:6a:59:df:2a:c4:bb:0a:6b:7a:89:23:8b:dd: 386s 28:f7:64:44:34:14:a2:db:bb 386s Exponent: 65537 (0x10001) 386s X509v3 extensions: 386s X509v3 Authority Key Identifier: 386s 6E:D3:0A:4C:9D:E5:42:DA:2B:DF:4E:F6:12:BF:35:56:DD:B2:47:CF 386s X509v3 Basic Constraints: 386s CA:FALSE 386s Netscape Cert Type: 386s SSL Client, S/MIME 386s Netscape Comment: 386s Test Organization Root CA trusted Certificate 386s X509v3 Subject Key Identifier: 386s AD:3A:B0:92:7B:7E:31:FF:CB:AF:F3:C0:CA:1F:B7:D2:DE:4E:D1:88 386s X509v3 Key Usage: critical 386s Digital Signature, Non Repudiation, Key Encipherment 386s X509v3 Extended Key Usage: 386s TLS Web Client Authentication, E-mail Protection 386s X509v3 Subject Alternative Name: 386s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 386s Signature Algorithm: sha256WithRSAEncryption 386s Signature Value: 386s bd:b3:20:2b:44:ba:3d:26:42:db:16:da:36:0f:f0:a5:e6:b2: 386s 6a:b7:8f:c9:b1:90:5a:39:02:d3:28:90:be:92:1e:48:a7:c3: 386s b9:b7:31:dc:d2:37:a3:2b:d5:88:cd:5d:d9:e2:fe:9d:86:d0: 386s 4d:0c:e1:9f:26:e8:64:a1:56:05:e1:1a:37:a5:f1:42:0d:3a: 386s 21:89:94:93:c8:5f:05:33:92:4f:ec:99:82:b8:b7:bf:d6:22: 386s 13:25:a9:78:9e:a9:08:77:9f:e8:9b:4e:4e:d1:73:d8:52:3f: 386s 0d:05:37:29:b9:7b:23:7c:86:f9:69:57:fe:9e:23:4d:dd:d8: 386s 9b:e8 386s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-cNC6UN/SSSD-child-21761-auth.pem 386s + found_md5=Modulus=D56A808BD7AF837BFDB278544B963EC9D47761E234C25AD4143EED7F44DC03B9CBA49F06DCADC30962B005EA37A5E6856A0C6DA3C88C445F1DC2D0E389205104EEBFF528072E40CA2E7F72F56194E4D96A50E56955EE13CD7D99308F970F4CC0D2197F1BC3879EFD9A5B6A59DF2AC4BB0A6B7A89238BDD28F764443414A2DBBB 386s + '[' Modulus=D56A808BD7AF837BFDB278544B963EC9D47761E234C25AD4143EED7F44DC03B9CBA49F06DCADC30962B005EA37A5E6856A0C6DA3C88C445F1DC2D0E389205104EEBFF528072E40CA2E7F72F56194E4D96A50E56955EE13CD7D99308F970F4CC0D2197F1BC3879EFD9A5B6A59DF2AC4BB0A6B7A89238BDD28F764443414A2DBBB '!=' Modulus=D56A808BD7AF837BFDB278544B963EC9D47761E234C25AD4143EED7F44DC03B9CBA49F06DCADC30962B005EA37A5E6856A0C6DA3C88C445F1DC2D0E389205104EEBFF528072E40CA2E7F72F56194E4D96A50E56955EE13CD7D99308F970F4CC0D2197F1BC3879EFD9A5B6A59DF2AC4BB0A6B7A89238BDD28F764443414A2DBBB ']' 386s + valid_certificate /tmp/sssd-softhsm2-cNC6UN/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-27971 /tmp/sssd-softhsm2-cNC6UN/test-full-chain-CA.pem 386s + check_certificate /tmp/sssd-softhsm2-cNC6UN/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-27971 /tmp/sssd-softhsm2-cNC6UN/test-full-chain-CA.pem 386s + local certificate=/tmp/sssd-softhsm2-cNC6UN/test-root-CA-trusted-certificate-0001.pem 386s + local key_pass=pass:random-root-ca-trusted-cert-0001-27971 386s + local key_ring=/tmp/sssd-softhsm2-cNC6UN/test-full-chain-CA.pem 386s + local verify_option= 386s + prepare_softhsm2_card /tmp/sssd-softhsm2-cNC6UN/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-27971 386s + local certificate=/tmp/sssd-softhsm2-cNC6UN/test-root-CA-trusted-certificate-0001.pem 386s + local key_pass=pass:random-root-ca-trusted-cert-0001-27971 386s + local key_cn 386s + local key_name 386s + local tokens_dir 386s + local output_cert_file 386s + token_name= 386s ++ basename /tmp/sssd-softhsm2-cNC6UN/test-root-CA-trusted-certificate-0001.pem .pem 386s + key_name=test-root-CA-trusted-certificate-0001 386s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-cNC6UN/test-root-CA-trusted-certificate-0001.pem 386s ++ sed -n 's/ *commonName *= //p' 386s + key_cn='Test Organization Root Trusted Certificate 0001' 386s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 386s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-cNC6UN/softhsm2-test-root-CA-trusted-certificate-0001.conf 386s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-cNC6UN/softhsm2-test-root-CA-trusted-certificate-0001.conf 386s ++ basename /tmp/sssd-softhsm2-cNC6UN/softhsm2-test-root-CA-trusted-certificate-0001.conf .conf 386s + tokens_dir=/tmp/sssd-softhsm2-cNC6UN/softhsm2-test-root-CA-trusted-certificate-0001 386s + token_name='Test Organization Root Tr Token' 386s + '[' '!' -e /tmp/sssd-softhsm2-cNC6UN/softhsm2-test-root-CA-trusted-certificate-0001.conf ']' 386s + '[' '!' -d /tmp/sssd-softhsm2-cNC6UN/softhsm2-test-root-CA-trusted-certificate-0001 ']' 386s + echo 'Test Organization Root Tr Token' 386s + '[' -n '' ']' 386s + local output_base_name=SSSD-child-231 386s + local output_file=/tmp/sssd-softhsm2-cNC6UN/SSSD-child-231.output 386s + output_cert_file=/tmp/sssd-softhsm2-cNC6UN/SSSD-child-231.pem 386s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so '' --ca_db=/tmp/sssd-softhsm2-cNC6UN/test-full-chain-CA.pem 386s Test Organization Root Tr Token 386s [p11_child[3137]] [main] (0x0400): p11_child started. 386s [p11_child[3137]] [main] (0x2000): Running in [pre-auth] mode. 386s [p11_child[3137]] [main] (0x2000): Running with effective IDs: [0][0]. 386s [p11_child[3137]] [main] (0x2000): Running with real IDs [0][0]. 386s [p11_child[3137]] [do_card] (0x4000): Module List: 386s [p11_child[3137]] [do_card] (0x4000): common name: [softhsm2]. 386s [p11_child[3137]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 386s [p11_child[3137]] [do_card] (0x4000): Description [SoftHSM slot ID 0x71eb067f] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 386s [p11_child[3137]] [do_card] (0x4000): Token label [Test Organization Root Tr Token]. 386s [p11_child[3137]] [do_card] (0x4000): Found [Test Organization Root Tr Token] in slot [SoftHSM slot ID 0x71eb067f][1911228031] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 386s [p11_child[3137]] [do_card] (0x4000): Login NOT required. 386s [p11_child[3137]] [read_certs] (0x4000): found cert[Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] 386s [p11_child[3137]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 386s [p11_child[3137]] [do_card] (0x4000): /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so (null) Test Organization Root Tr Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 386s [p11_child[3137]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x71eb067f;slot-manufacturer=SoftHSM%20project;slot-id=1911228031;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=bbb6960bf1eb067f;token=Test%20Organization%20Root%20Tr%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Root%20Trusted%20Certificate%200001;type=cert. 386s [p11_child[3137]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 386s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-cNC6UN/SSSD-child-231.output 386s + echo '-----BEGIN CERTIFICATE-----' 386s + tail -n1 /tmp/sssd-softhsm2-cNC6UN/SSSD-child-231.output 386s + echo '-----END CERTIFICATE-----' 386s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-cNC6UN/SSSD-child-231.pem 386s + local found_md5 expected_md5 386s Certificate: 386s Data: 386s Version: 3 (0x2) 386s Serial Number: 3 (0x3) 386s Signature Algorithm: sha256WithRSAEncryption 386s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root CA 386s Validity 386s Not Before: Jan 9 12:10:07 2025 GMT 386s Not After : Jan 9 12:10:07 2026 GMT 386s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root Trusted Certificate 0001 386s Subject Public Key Info: 386s Public Key Algorithm: rsaEncryption 386s Public-Key: (1024 bit) 386s Modulus: 386s 00:d5:6a:80:8b:d7:af:83:7b:fd:b2:78:54:4b:96: 386s 3e:c9:d4:77:61:e2:34:c2:5a:d4:14:3e:ed:7f:44: 386s dc:03:b9:cb:a4:9f:06:dc:ad:c3:09:62:b0:05:ea: 386s 37:a5:e6:85:6a:0c:6d:a3:c8:8c:44:5f:1d:c2:d0: 386s e3:89:20:51:04:ee:bf:f5:28:07:2e:40:ca:2e:7f: 386s 72:f5:61:94:e4:d9:6a:50:e5:69:55:ee:13:cd:7d: 386s 99:30:8f:97:0f:4c:c0:d2:19:7f:1b:c3:87:9e:fd: 386s 9a:5b:6a:59:df:2a:c4:bb:0a:6b:7a:89:23:8b:dd: 386s 28:f7:64:44:34:14:a2:db:bb 386s Exponent: 65537 (0x10001) 386s X509v3 extensions: 386s X509v3 Authority Key Identifier: 386s 6E:D3:0A:4C:9D:E5:42:DA:2B:DF:4E:F6:12:BF:35:56:DD:B2:47:CF 386s X509v3 Basic Constraints: 386s CA:FALSE 386s Netscape Cert Type: 386s SSL Client, S/MIME 386s Netscape Comment: 386s Test Organization Root CA trusted Certificate 386s X509v3 Subject Key Identifier: 386s AD:3A:B0:92:7B:7E:31:FF:CB:AF:F3:C0:CA:1F:B7:D2:DE:4E:D1:88 386s X509v3 Key Usage: critical 386s Digital Signature, Non Repudiation, Key Encipherment 386s X509v3 Extended Key Usage: 386s TLS Web Client Authentication, E-mail Protection 386s X509v3 Subject Alternative Name: 386s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 386s Signature Algorithm: sha256WithRSAEncryption 386s Signature Value: 386s bd:b3:20:2b:44:ba:3d:26:42:db:16:da:36:0f:f0:a5:e6:b2: 386s 6a:b7:8f:c9:b1:90:5a:39:02:d3:28:90:be:92:1e:48:a7:c3: 386s b9:b7:31:dc:d2:37:a3:2b:d5:88:cd:5d:d9:e2:fe:9d:86:d0: 386s 4d:0c:e1:9f:26:e8:64:a1:56:05:e1:1a:37:a5:f1:42:0d:3a: 386s 21:89:94:93:c8:5f:05:33:92:4f:ec:99:82:b8:b7:bf:d6:22: 386s 13:25:a9:78:9e:a9:08:77:9f:e8:9b:4e:4e:d1:73:d8:52:3f: 386s 0d:05:37:29:b9:7b:23:7c:86:f9:69:57:fe:9e:23:4d:dd:d8: 386s 9b:e8 386s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-cNC6UN/test-root-CA-trusted-certificate-0001.pem 386s + expected_md5=Modulus=D56A808BD7AF837BFDB278544B963EC9D47761E234C25AD4143EED7F44DC03B9CBA49F06DCADC30962B005EA37A5E6856A0C6DA3C88C445F1DC2D0E389205104EEBFF528072E40CA2E7F72F56194E4D96A50E56955EE13CD7D99308F970F4CC0D2197F1BC3879EFD9A5B6A59DF2AC4BB0A6B7A89238BDD28F764443414A2DBBB 386s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-cNC6UN/SSSD-child-231.pem 386s + found_md5=Modulus=D56A808BD7AF837BFDB278544B963EC9D47761E234C25AD4143EED7F44DC03B9CBA49F06DCADC30962B005EA37A5E6856A0C6DA3C88C445F1DC2D0E389205104EEBFF528072E40CA2E7F72F56194E4D96A50E56955EE13CD7D99308F970F4CC0D2197F1BC3879EFD9A5B6A59DF2AC4BB0A6B7A89238BDD28F764443414A2DBBB 386s + '[' Modulus=D56A808BD7AF837BFDB278544B963EC9D47761E234C25AD4143EED7F44DC03B9CBA49F06DCADC30962B005EA37A5E6856A0C6DA3C88C445F1DC2D0E389205104EEBFF528072E40CA2E7F72F56194E4D96A50E56955EE13CD7D99308F970F4CC0D2197F1BC3879EFD9A5B6A59DF2AC4BB0A6B7A89238BDD28F764443414A2DBBB '!=' Modulus=D56A808BD7AF837BFDB278544B963EC9D47761E234C25AD4143EED7F44DC03B9CBA49F06DCADC30962B005EA37A5E6856A0C6DA3C88C445F1DC2D0E389205104EEBFF528072E40CA2E7F72F56194E4D96A50E56955EE13CD7D99308F970F4CC0D2197F1BC3879EFD9A5B6A59DF2AC4BB0A6B7A89238BDD28F764443414A2DBBB ']' 386s + output_file=/tmp/sssd-softhsm2-cNC6UN/SSSD-child-231-auth.output 386s ++ basename /tmp/sssd-softhsm2-cNC6UN/SSSD-child-231-auth.output .output 386s + output_cert_file=/tmp/sssd-softhsm2-cNC6UN/SSSD-child-231-auth.pem 386s + echo -n 053350 386s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/tmp/sssd-softhsm2-cNC6UN/test-full-chain-CA.pem --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 '' --token_name 'Test Organization Root Tr Token' --module_name /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so 386s [p11_child[3145]] [main] (0x0400): p11_child started. 386s [p11_child[3145]] [main] (0x2000): Running in [auth] mode. 386s [p11_child[3145]] [main] (0x2000): Running with effective IDs: [0][0]. 386s [p11_child[3145]] [main] (0x2000): Running with real IDs [0][0]. 386s [p11_child[3145]] [do_card] (0x4000): Module List: 386s [p11_child[3145]] [do_card] (0x4000): common name: [softhsm2]. 386s [p11_child[3145]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 386s [p11_child[3145]] [do_card] (0x4000): Description [SoftHSM slot ID 0x71eb067f] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 386s [p11_child[3145]] [do_card] (0x4000): Token label [Test Organization Root Tr Token]. 386s [p11_child[3145]] [do_card] (0x4000): Found [Test Organization Root Tr Token] in slot [SoftHSM slot ID 0x71eb067f][1911228031] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 386s [p11_child[3145]] [do_card] (0x4000): Login required. 386s [p11_child[3145]] [read_certs] (0x4000): found cert[Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] 386s [p11_child[3145]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 386s [p11_child[3145]] [do_card] (0x4000): /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so Test Organization Root Tr Token Test Organization Root Tr Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 386s [p11_child[3145]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x71eb067f;slot-manufacturer=SoftHSM%20project;slot-id=1911228031;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=bbb6960bf1eb067f;token=Test%20Organization%20Root%20Tr%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Root%20Trusted%20Certificate%200001;type=cert. 386s [p11_child[3145]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 386s [p11_child[3145]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 386s [p11_child[3145]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 386s [p11_child[3145]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 386s [p11_child[3145]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 386s [p11_child[3145]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 386s [p11_child[3145]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 386s [p11_child[3145]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 386s [p11_child[3145]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 386s [p11_child[3145]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 386s [p11_child[3145]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 386s [p11_child[3145]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 386s [p11_child[3145]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 386s [p11_child[3145]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 386s [p11_child[3145]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 386s [p11_child[3145]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 386s [p11_child[3145]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 386s [p11_child[3145]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 386s [p11_child[3145]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 386s [p11_child[3145]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 386s [p11_child[3145]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 386s [p11_child[3145]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 386s [p11_child[3145]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 386s [p11_child[3145]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 386s [p11_child[3145]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 386s [p11_child[3145]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 386s [p11_child[3145]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 386s [p11_child[3145]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 386s [p11_child[3145]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 386s [p11_child[3145]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 386s [p11_child[3145]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 386s [p11_child[3145]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 386s [p11_child[3145]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 386s [p11_child[3145]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 386s [p11_child[3145]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 386s [p11_child[3145]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 386s [p11_child[3145]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 386s [p11_child[3145]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 386s [p11_child[3145]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 386s [p11_child[3145]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 386s [p11_child[3145]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 386s [p11_child[3145]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 386s [p11_child[3145]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 386s [p11_child[3145]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 386s [p11_child[3145]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 386s [p11_child[3145]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 386s [p11_child[3145]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 386s [p11_child[3145]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 386s [p11_child[3145]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 386s [p11_child[3145]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 386s [p11_child[3145]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 386s [p11_child[3145]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 386s [p11_child[3145]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 386s [p11_child[3145]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 386s [p11_child[3145]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 386s [p11_child[3145]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 386s [p11_child[3145]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 386s [p11_child[3145]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 386s [p11_child[3145]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 386s [p11_child[3145]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 386s [p11_child[3145]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 386s [p11_child[3145]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 386s [p11_child[3145]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 386s [p11_child[3145]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 386s [p11_child[3145]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 386s [p11_child[3145]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 386s [p11_child[3145]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 386s [p11_child[3145]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 386s [p11_child[3145]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 386s [p11_child[3145]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 386s [p11_child[3145]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 386s [p11_child[3145]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 386s [p11_child[3145]] [do_card] (0x4000): Certificate verified and validated. 386s [p11_child[3145]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 386s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-cNC6UN/SSSD-child-231-auth.output 386s + echo '-----BEGIN CERTIFICATE-----' 386s + tail -n1 /tmp/sssd-softhsm2-cNC6UN/SSSD-child-231-auth.output 386s + echo '-----END CERTIFICATE-----' 386s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-cNC6UN/SSSD-child-231-auth.pem 386s Certificate: 386s Data: 386s Version: 3 (0x2) 386s Serial Number: 3 (0x3) 386s Signature Algorithm: sha256WithRSAEncryption 386s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root CA 386s Validity 386s Not Before: Jan 9 12:10:07 2025 GMT 386s Not After : Jan 9 12:10:07 2026 GMT 386s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root Trusted Certificate 0001 386s Subject Public Key Info: 386s Public Key Algorithm: rsaEncryption 386s Public-Key: (1024 bit) 386s Modulus: 386s 00:d5:6a:80:8b:d7:af:83:7b:fd:b2:78:54:4b:96: 386s 3e:c9:d4:77:61:e2:34:c2:5a:d4:14:3e:ed:7f:44: 386s dc:03:b9:cb:a4:9f:06:dc:ad:c3:09:62:b0:05:ea: 386s 37:a5:e6:85:6a:0c:6d:a3:c8:8c:44:5f:1d:c2:d0: 386s e3:89:20:51:04:ee:bf:f5:28:07:2e:40:ca:2e:7f: 386s 72:f5:61:94:e4:d9:6a:50:e5:69:55:ee:13:cd:7d: 386s 99:30:8f:97:0f:4c:c0:d2:19:7f:1b:c3:87:9e:fd: 386s 9a:5b:6a:59:df:2a:c4:bb:0a:6b:7a:89:23:8b:dd: 386s 28:f7:64:44:34:14:a2:db:bb 386s Exponent: 65537 (0x10001) 386s X509v3 extensions: 386s X509v3 Authority Key Identifier: 386s 6E:D3:0A:4C:9D:E5:42:DA:2B:DF:4E:F6:12:BF:35:56:DD:B2:47:CF 386s X509v3 Basic Constraints: 386s CA:FALSE 386s Netscape Cert Type: 386s SSL Client, S/MIME 386s Netscape Comment: 386s Test Organization Root CA trusted Certificate 386s X509v3 Subject Key Identifier: 386s AD:3A:B0:92:7B:7E:31:FF:CB:AF:F3:C0:CA:1F:B7:D2:DE:4E:D1:88 386s X509v3 Key Usage: critical 386s Digital Signature, Non Repudiation, Key Encipherment 386s X509v3 Extended Key Usage: 386s TLS Web Client Authentication, E-mail Protection 386s X509v3 Subject Alternative Name: 386s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 386s Signature Algorithm: sha256WithRSAEncryption 386s Signature Value: 386s bd:b3:20:2b:44:ba:3d:26:42:db:16:da:36:0f:f0:a5:e6:b2: 386s 6a:b7:8f:c9:b1:90:5a:39:02:d3:28:90:be:92:1e:48:a7:c3: 386s b9:b7:31:dc:d2:37:a3:2b:d5:88:cd:5d:d9:e2:fe:9d:86:d0: 386s 4d:0c:e1:9f:26:e8:64:a1:56:05:e1:1a:37:a5:f1:42:0d:3a: 386s 21:89:94:93:c8:5f:05:33:92:4f:ec:99:82:b8:b7:bf:d6:22: 386s 13:25:a9:78:9e:a9:08:77:9f:e8:9b:4e:4e:d1:73:d8:52:3f: 386s 0d:05:37:29:b9:7b:23:7c:86:f9:69:57:fe:9e:23:4d:dd:d8: 386s 9b:e8 386s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-cNC6UN/SSSD-child-231-auth.pem 386s + found_md5=Modulus=D56A808BD7AF837BFDB278544B963EC9D47761E234C25AD4143EED7F44DC03B9CBA49F06DCADC30962B005EA37A5E6856A0C6DA3C88C445F1DC2D0E389205104EEBFF528072E40CA2E7F72F56194E4D96A50E56955EE13CD7D99308F970F4CC0D2197F1BC3879EFD9A5B6A59DF2AC4BB0A6B7A89238BDD28F764443414A2DBBB 386s + '[' Modulus=D56A808BD7AF837BFDB278544B963EC9D47761E234C25AD4143EED7F44DC03B9CBA49F06DCADC30962B005EA37A5E6856A0C6DA3C88C445F1DC2D0E389205104EEBFF528072E40CA2E7F72F56194E4D96A50E56955EE13CD7D99308F970F4CC0D2197F1BC3879EFD9A5B6A59DF2AC4BB0A6B7A89238BDD28F764443414A2DBBB '!=' Modulus=D56A808BD7AF837BFDB278544B963EC9D47761E234C25AD4143EED7F44DC03B9CBA49F06DCADC30962B005EA37A5E6856A0C6DA3C88C445F1DC2D0E389205104EEBFF528072E40CA2E7F72F56194E4D96A50E56955EE13CD7D99308F970F4CC0D2197F1BC3879EFD9A5B6A59DF2AC4BB0A6B7A89238BDD28F764443414A2DBBB ']' 386s + valid_certificate /tmp/sssd-softhsm2-cNC6UN/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-27971 /tmp/sssd-softhsm2-cNC6UN/test-full-chain-CA.pem partial_chain 386s + check_certificate /tmp/sssd-softhsm2-cNC6UN/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-27971 /tmp/sssd-softhsm2-cNC6UN/test-full-chain-CA.pem partial_chain 386s + local certificate=/tmp/sssd-softhsm2-cNC6UN/test-root-CA-trusted-certificate-0001.pem 386s + local key_pass=pass:random-root-ca-trusted-cert-0001-27971 386s + local key_ring=/tmp/sssd-softhsm2-cNC6UN/test-full-chain-CA.pem 386s + local verify_option=partial_chain 386s + prepare_softhsm2_card /tmp/sssd-softhsm2-cNC6UN/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-27971 386s + local certificate=/tmp/sssd-softhsm2-cNC6UN/test-root-CA-trusted-certificate-0001.pem 386s + local key_pass=pass:random-root-ca-trusted-cert-0001-27971 386s + local key_cn 386s + local key_name 386s + local tokens_dir 386s + local output_cert_file 386s + token_name= 386s ++ basename /tmp/sssd-softhsm2-cNC6UN/test-root-CA-trusted-certificate-0001.pem .pem 386s + key_name=test-root-CA-trusted-certificate-0001 386s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-cNC6UN/test-root-CA-trusted-certificate-0001.pem 386s ++ sed -n 's/ *commonName *= //p' 386s + key_cn='Test Organization Root Trusted Certificate 0001' 386s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 386s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-cNC6UN/softhsm2-test-root-CA-trusted-certificate-0001.conf 386s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-cNC6UN/softhsm2-test-root-CA-trusted-certificate-0001.conf 386s ++ basename /tmp/sssd-softhsm2-cNC6UN/softhsm2-test-root-CA-trusted-certificate-0001.conf .conf 386s + tokens_dir=/tmp/sssd-softhsm2-cNC6UN/softhsm2-test-root-CA-trusted-certificate-0001 386s + token_name='Test Organization Root Tr Token' 386s + '[' '!' -e /tmp/sssd-softhsm2-cNC6UN/softhsm2-test-root-CA-trusted-certificate-0001.conf ']' 386s + '[' '!' -d /tmp/sssd-softhsm2-cNC6UN/softhsm2-test-root-CA-trusted-certificate-0001 ']' 386s + echo 'Test Organization Root Tr Token' 386s + '[' -n partial_chain ']' 386s + local verify_arg=--verify=partial_chain 386s + local output_base_name=SSSD-child-11121 386s + local output_file=/tmp/sssd-softhsm2-cNC6UN/SSSD-child-11121.output 386s + output_cert_file=/tmp/sssd-softhsm2-cNC6UN/SSSD-child-11121.pem 386s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so --verify=partial_chain --ca_db=/tmp/sssd-softhsm2-cNC6UN/test-full-chain-CA.pem 386s Test Organization Root Tr Token 386s [p11_child[3155]] [main] (0x0400): p11_child started. 386s [p11_child[3155]] [main] (0x2000): Running in [pre-auth] mode. 386s [p11_child[3155]] [main] (0x2000): Running with effective IDs: [0][0]. 386s [p11_child[3155]] [main] (0x2000): Running with real IDs [0][0]. 386s [p11_child[3155]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 386s [p11_child[3155]] [do_card] (0x4000): Module List: 386s [p11_child[3155]] [do_card] (0x4000): common name: [softhsm2]. 386s [p11_child[3155]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 386s [p11_child[3155]] [do_card] (0x4000): Description [SoftHSM slot ID 0x71eb067f] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 386s [p11_child[3155]] [do_card] (0x4000): Token label [Test Organization Root Tr Token]. 386s [p11_child[3155]] [do_card] (0x4000): Found [Test Organization Root Tr Token] in slot [SoftHSM slot ID 0x71eb067f][1911228031] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 386s [p11_child[3155]] [do_card] (0x4000): Login NOT required. 386s [p11_child[3155]] [read_certs] (0x4000): found cert[Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] 386s [p11_child[3155]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 386s [p11_child[3155]] [do_card] (0x4000): /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so (null) Test Organization Root Tr Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 386s [p11_child[3155]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x71eb067f;slot-manufacturer=SoftHSM%20project;slot-id=1911228031;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=bbb6960bf1eb067f;token=Test%20Organization%20Root%20Tr%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Root%20Trusted%20Certificate%200001;type=cert. 386s [p11_child[3155]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 386s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-cNC6UN/SSSD-child-11121.output 386s + echo '-----BEGIN CERTIFICATE-----' 386s + tail -n1 /tmp/sssd-softhsm2-cNC6UN/SSSD-child-11121.output 386s + echo '-----END CERTIFICATE-----' 386s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-cNC6UN/SSSD-child-11121.pem 386s Certificate: 386s Data: 386s Version: 3 (0x2) 386s Serial Number: 3 (0x3) 386s Signature Algorithm: sha256WithRSAEncryption 386s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root CA 386s Validity 386s Not Before: Jan 9 12:10:07 2025 GMT 386s Not After : Jan 9 12:10:07 2026 GMT 386s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root Trusted Certificate 0001 386s Subject Public Key Info: 386s Public Key Algorithm: rsaEncryption 386s Public-Key: (1024 bit) 386s Modulus: 386s 00:d5:6a:80:8b:d7:af:83:7b:fd:b2:78:54:4b:96: 386s 3e:c9:d4:77:61:e2:34:c2:5a:d4:14:3e:ed:7f:44: 386s dc:03:b9:cb:a4:9f:06:dc:ad:c3:09:62:b0:05:ea: 386s 37:a5:e6:85:6a:0c:6d:a3:c8:8c:44:5f:1d:c2:d0: 386s e3:89:20:51:04:ee:bf:f5:28:07:2e:40:ca:2e:7f: 386s 72:f5:61:94:e4:d9:6a:50:e5:69:55:ee:13:cd:7d: 386s 99:30:8f:97:0f:4c:c0:d2:19:7f:1b:c3:87:9e:fd: 386s 9a:5b:6a:59:df:2a:c4:bb:0a:6b:7a:89:23:8b:dd: 386s 28:f7:64:44:34:14:a2:db:bb 386s Exponent: 65537 (0x10001) 386s X509v3 extensions: 386s X509v3 Authority Key Identifier: 386s 6E:D3:0A:4C:9D:E5:42:DA:2B:DF:4E:F6:12:BF:35:56:DD:B2:47:CF 386s X509v3 Basic Constraints: 386s CA:FALSE 386s Netscape Cert Type: 386s SSL Client, S/MIME 386s Netscape Comment: 386s Test Organization Root CA trusted Certificate 386s X509v3 Subject Key Identifier: 386s AD:3A:B0:92:7B:7E:31:FF:CB:AF:F3:C0:CA:1F:B7:D2:DE:4E:D1:88 386s X509v3 Key Usage: critical 386s Digital Signature, Non Repudiation, Key Encipherment 386s X509v3 Extended Key Usage: 386s TLS Web Client Authentication, E-mail Protection 386s X509v3 Subject Alternative Name: 386s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 386s Signature Algorithm: sha256WithRSAEncryption 386s Signature Value: 386s bd:b3:20:2b:44:ba:3d:26:42:db:16:da:36:0f:f0:a5:e6:b2: 386s 6a:b7:8f:c9:b1:90:5a:39:02:d3:28:90:be:92:1e:48:a7:c3: 386s b9:b7:31:dc:d2:37:a3:2b:d5:88:cd:5d:d9:e2:fe:9d:86:d0: 386s 4d:0c:e1:9f:26:e8:64:a1:56:05:e1:1a:37:a5:f1:42:0d:3a: 386s 21:89:94:93:c8:5f:05:33:92:4f:ec:99:82:b8:b7:bf:d6:22: 386s 13:25:a9:78:9e:a9:08:77:9f:e8:9b:4e:4e:d1:73:d8:52:3f: 386s 0d:05:37:29:b9:7b:23:7c:86:f9:69:57:fe:9e:23:4d:dd:d8: 386s 9b:e8 386s + local found_md5 expected_md5 386s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-cNC6UN/test-root-CA-trusted-certificate-0001.pem 386s + expected_md5=Modulus=D56A808BD7AF837BFDB278544B963EC9D47761E234C25AD4143EED7F44DC03B9CBA49F06DCADC30962B005EA37A5E6856A0C6DA3C88C445F1DC2D0E389205104EEBFF528072E40CA2E7F72F56194E4D96A50E56955EE13CD7D99308F970F4CC0D2197F1BC3879EFD9A5B6A59DF2AC4BB0A6B7A89238BDD28F764443414A2DBBB 386s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-cNC6UN/SSSD-child-11121.pem 386s + found_md5=Modulus=D56A808BD7AF837BFDB278544B963EC9D47761E234C25AD4143EED7F44DC03B9CBA49F06DCADC30962B005EA37A5E6856A0C6DA3C88C445F1DC2D0E389205104EEBFF528072E40CA2E7F72F56194E4D96A50E56955EE13CD7D99308F970F4CC0D2197F1BC3879EFD9A5B6A59DF2AC4BB0A6B7A89238BDD28F764443414A2DBBB 386s + '[' Modulus=D56A808BD7AF837BFDB278544B963EC9D47761E234C25AD4143EED7F44DC03B9CBA49F06DCADC30962B005EA37A5E6856A0C6DA3C88C445F1DC2D0E389205104EEBFF528072E40CA2E7F72F56194E4D96A50E56955EE13CD7D99308F970F4CC0D2197F1BC3879EFD9A5B6A59DF2AC4BB0A6B7A89238BDD28F764443414A2DBBB '!=' Modulus=D56A808BD7AF837BFDB278544B963EC9D47761E234C25AD4143EED7F44DC03B9CBA49F06DCADC30962B005EA37A5E6856A0C6DA3C88C445F1DC2D0E389205104EEBFF528072E40CA2E7F72F56194E4D96A50E56955EE13CD7D99308F970F4CC0D2197F1BC3879EFD9A5B6A59DF2AC4BB0A6B7A89238BDD28F764443414A2DBBB ']' 386s + output_file=/tmp/sssd-softhsm2-cNC6UN/SSSD-child-11121-auth.output 386s ++ basename /tmp/sssd-softhsm2-cNC6UN/SSSD-child-11121-auth.output .output 386s + output_cert_file=/tmp/sssd-softhsm2-cNC6UN/SSSD-child-11121-auth.pem 386s + echo -n 053350 386s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/tmp/sssd-softhsm2-cNC6UN/test-full-chain-CA.pem --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 --verify=partial_chain --token_name 'Test Organization Root Tr Token' --module_name /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so 386s [p11_child[3163]] [main] (0x0400): p11_child started. 386s [p11_child[3163]] [main] (0x2000): Running in [auth] mode. 386s [p11_child[3163]] [main] (0x2000): Running with effective IDs: [0][0]. 386s [p11_child[3163]] [main] (0x2000): Running with real IDs [0][0]. 386s [p11_child[3163]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 386s [p11_child[3163]] [do_card] (0x4000): Module List: 386s [p11_child[3163]] [do_card] (0x4000): common name: [softhsm2]. 386s [p11_child[3163]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 386s [p11_child[3163]] [do_card] (0x4000): Description [SoftHSM slot ID 0x71eb067f] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 386s [p11_child[3163]] [do_card] (0x4000): Token label [Test Organization Root Tr Token]. 386s [p11_child[3163]] [do_card] (0x4000): Found [Test Organization Root Tr Token] in slot [SoftHSM slot ID 0x71eb067f][1911228031] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 386s [p11_child[3163]] [do_card] (0x4000): Login required. 386s [p11_child[3163]] [read_certs] (0x4000): found cert[Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] 386s [p11_child[3163]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 386s [p11_child[3163]] [do_card] (0x4000): /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so Test Organization Root Tr Token Test Organization Root Tr Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 386s [p11_child[3163]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x71eb067f;slot-manufacturer=SoftHSM%20project;slot-id=1911228031;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=bbb6960bf1eb067f;token=Test%20Organization%20Root%20Tr%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Root%20Trusted%20Certificate%200001;type=cert. 386s [p11_child[3163]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 386s [p11_child[3163]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 386s [p11_child[3163]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 386s [p11_child[3163]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 386s [p11_child[3163]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 386s [p11_child[3163]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 386s [p11_child[3163]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 386s [p11_child[3163]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 386s [p11_child[3163]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 386s [p11_child[3163]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 386s [p11_child[3163]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 386s [p11_child[3163]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 386s [p11_child[3163]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 386s [p11_child[3163]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 386s [p11_child[3163]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 386s [p11_child[3163]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 386s [p11_child[3163]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 386s [p11_child[3163]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 386s [p11_child[3163]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 386s [p11_child[3163]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 386s [p11_child[3163]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 386s [p11_child[3163]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 386s [p11_child[3163]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 386s [p11_child[3163]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 386s [p11_child[3163]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 386s [p11_child[3163]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 386s [p11_child[3163]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 386s [p11_child[3163]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 386s [p11_child[3163]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 386s [p11_child[3163]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 386s [p11_child[3163]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 386s [p11_child[3163]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 386s [p11_child[3163]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 386s [p11_child[3163]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 386s [p11_child[3163]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 386s [p11_child[3163]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 386s [p11_child[3163]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 386s [p11_child[3163]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 386s [p11_child[3163]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 386s [p11_child[3163]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 386s [p11_child[3163]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 386s [p11_child[3163]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 386s [p11_child[3163]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 386s [p11_child[3163]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 386s [p11_child[3163]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 386s [p11_child[3163]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 386s [p11_child[3163]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 386s [p11_child[3163]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 386s [p11_child[3163]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 386s [p11_child[3163]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 386s [p11_child[3163]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 386s [p11_child[3163]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 386s [p11_child[3163]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 386s [p11_child[3163]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 386s [p11_child[3163]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 386s [p11_child[3163]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 386s [p11_child[3163]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 386s [p11_child[3163]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 386s [p11_child[3163]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 386s [p11_child[3163]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 386s [p11_child[3163]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 386s [p11_child[3163]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 386s [p11_child[3163]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 386s [p11_child[3163]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 386s [p11_child[3163]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 386s [p11_child[3163]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 386s [p11_child[3163]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 386s [p11_child[3163]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 386s [p11_child[3163]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 386s [p11_child[3163]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 386s [p11_child[3163]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 386s [p11_child[3163]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 386s [p11_child[3163]] [do_card] (0x4000): Certificate verified and validated. 386s [p11_child[3163]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 386s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-cNC6UN/SSSD-child-11121-auth.output 386s + echo '-----BEGIN CERTIFICATE-----' 386s + tail -n1 /tmp/sssd-softhsm2-cNC6UN/SSSD-child-11121-auth.output 386s + echo '-----END CERTIFICATE-----' 386s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-cNC6UN/SSSD-child-11121-auth.pem 386s Certificate: 386s Data: 386s Version: 3 (0x2) 386s Serial Number: 3 (0x3) 386s Signature Algorithm: sha256WithRSAEncryption 386s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root CA 386s Validity 386s Not Before: Jan 9 12:10:07 2025 GMT 386s Not After : Jan 9 12:10:07 2026 GMT 386s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root Trusted Certificate 0001 386s Subject Public Key Info: 386s Public Key Algorithm: rsaEncryption 386s Public-Key: (1024 bit) 386s Modulus: 386s 00:d5:6a:80:8b:d7:af:83:7b:fd:b2:78:54:4b:96: 386s 3e:c9:d4:77:61:e2:34:c2:5a:d4:14:3e:ed:7f:44: 386s dc:03:b9:cb:a4:9f:06:dc:ad:c3:09:62:b0:05:ea: 386s 37:a5:e6:85:6a:0c:6d:a3:c8:8c:44:5f:1d:c2:d0: 386s e3:89:20:51:04:ee:bf:f5:28:07:2e:40:ca:2e:7f: 386s 72:f5:61:94:e4:d9:6a:50:e5:69:55:ee:13:cd:7d: 386s 99:30:8f:97:0f:4c:c0:d2:19:7f:1b:c3:87:9e:fd: 386s 9a:5b:6a:59:df:2a:c4:bb:0a:6b:7a:89:23:8b:dd: 386s 28:f7:64:44:34:14:a2:db:bb 386s Exponent: 65537 (0x10001) 386s X509v3 extensions: 386s X509v3 Authority Key Identifier: 386s 6E:D3:0A:4C:9D:E5:42:DA:2B:DF:4E:F6:12:BF:35:56:DD:B2:47:CF 386s X509v3 Basic Constraints: 386s CA:FALSE 386s Netscape Cert Type: 386s SSL Client, S/MIME 386s Netscape Comment: 386s Test Organization Root CA trusted Certificate 386s X509v3 Subject Key Identifier: 386s AD:3A:B0:92:7B:7E:31:FF:CB:AF:F3:C0:CA:1F:B7:D2:DE:4E:D1:88 386s X509v3 Key Usage: critical 386s Digital Signature, Non Repudiation, Key Encipherment 386s X509v3 Extended Key Usage: 386s TLS Web Client Authentication, E-mail Protection 386s X509v3 Subject Alternative Name: 386s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 386s Signature Algorithm: sha256WithRSAEncryption 386s Signature Value: 386s bd:b3:20:2b:44:ba:3d:26:42:db:16:da:36:0f:f0:a5:e6:b2: 386s 6a:b7:8f:c9:b1:90:5a:39:02:d3:28:90:be:92:1e:48:a7:c3: 386s b9:b7:31:dc:d2:37:a3:2b:d5:88:cd:5d:d9:e2:fe:9d:86:d0: 386s 4d:0c:e1:9f:26:e8:64:a1:56:05:e1:1a:37:a5:f1:42:0d:3a: 386s 21:89:94:93:c8:5f:05:33:92:4f:ec:99:82:b8:b7:bf:d6:22: 386s 13:25:a9:78:9e:a9:08:77:9f:e8:9b:4e:4e:d1:73:d8:52:3f: 386s 0d:05:37:29:b9:7b:23:7c:86:f9:69:57:fe:9e:23:4d:dd:d8: 386s 9b:e8 386s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-cNC6UN/SSSD-child-11121-auth.pem 386s + found_md5=Modulus=D56A808BD7AF837BFDB278544B963EC9D47761E234C25AD4143EED7F44DC03B9CBA49F06DCADC30962B005EA37A5E6856A0C6DA3C88C445F1DC2D0E389205104EEBFF528072E40CA2E7F72F56194E4D96A50E56955EE13CD7D99308F970F4CC0D2197F1BC3879EFD9A5B6A59DF2AC4BB0A6B7A89238BDD28F764443414A2DBBB 386s + '[' Modulus=D56A808BD7AF837BFDB278544B963EC9D47761E234C25AD4143EED7F44DC03B9CBA49F06DCADC30962B005EA37A5E6856A0C6DA3C88C445F1DC2D0E389205104EEBFF528072E40CA2E7F72F56194E4D96A50E56955EE13CD7D99308F970F4CC0D2197F1BC3879EFD9A5B6A59DF2AC4BB0A6B7A89238BDD28F764443414A2DBBB '!=' Modulus=D56A808BD7AF837BFDB278544B963EC9D47761E234C25AD4143EED7F44DC03B9CBA49F06DCADC30962B005EA37A5E6856A0C6DA3C88C445F1DC2D0E389205104EEBFF528072E40CA2E7F72F56194E4D96A50E56955EE13CD7D99308F970F4CC0D2197F1BC3879EFD9A5B6A59DF2AC4BB0A6B7A89238BDD28F764443414A2DBBB ']' 386s + invalid_certificate /tmp/sssd-softhsm2-cNC6UN/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-27971 /tmp/sssd-softhsm2-cNC6UN/test-intermediate-CA.pem 386s + check_certificate /tmp/sssd-softhsm2-cNC6UN/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-27971 /tmp/sssd-softhsm2-cNC6UN/test-intermediate-CA.pem 386s + local certificate=/tmp/sssd-softhsm2-cNC6UN/test-root-CA-trusted-certificate-0001.pem 386s + local key_pass=pass:random-root-ca-trusted-cert-0001-27971 386s + local key_ring=/tmp/sssd-softhsm2-cNC6UN/test-intermediate-CA.pem 386s + local verify_option= 386s + prepare_softhsm2_card /tmp/sssd-softhsm2-cNC6UN/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-27971 386s + local certificate=/tmp/sssd-softhsm2-cNC6UN/test-root-CA-trusted-certificate-0001.pem 386s + local key_pass=pass:random-root-ca-trusted-cert-0001-27971 386s + local key_cn 386s + local key_name 386s + local tokens_dir 386s + local output_cert_file 386s + token_name= 386s ++ basename /tmp/sssd-softhsm2-cNC6UN/test-root-CA-trusted-certificate-0001.pem .pem 386s + key_name=test-root-CA-trusted-certificate-0001 386s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-cNC6UN/test-root-CA-trusted-certificate-0001.pem 386s ++ sed -n 's/ *commonName *= //p' 386s + key_cn='Test Organization Root Trusted Certificate 0001' 386s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 386s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-cNC6UN/softhsm2-test-root-CA-trusted-certificate-0001.conf 386s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-cNC6UN/softhsm2-test-root-CA-trusted-certificate-0001.conf 386s ++ basename /tmp/sssd-softhsm2-cNC6UN/softhsm2-test-root-CA-trusted-certificate-0001.conf .conf 386s Test Organization Root Tr Token 386s + tokens_dir=/tmp/sssd-softhsm2-cNC6UN/softhsm2-test-root-CA-trusted-certificate-0001 386s + token_name='Test Organization Root Tr Token' 386s + '[' '!' -e /tmp/sssd-softhsm2-cNC6UN/softhsm2-test-root-CA-trusted-certificate-0001.conf ']' 386s + '[' '!' -d /tmp/sssd-softhsm2-cNC6UN/softhsm2-test-root-CA-trusted-certificate-0001 ']' 386s + echo 'Test Organization Root Tr Token' 386s + '[' -n '' ']' 386s + local output_base_name=SSSD-child-32383 386s + local output_file=/tmp/sssd-softhsm2-cNC6UN/SSSD-child-32383.output 386s + output_cert_file=/tmp/sssd-softhsm2-cNC6UN/SSSD-child-32383.pem 386s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so '' --ca_db=/tmp/sssd-softhsm2-cNC6UN/test-intermediate-CA.pem 386s [p11_child[3173]] [main] (0x0400): p11_child started. 386s [p11_child[3173]] [main] (0x2000): Running in [pre-auth] mode. 386s [p11_child[3173]] [main] (0x2000): Running with effective IDs: [0][0]. 386s [p11_child[3173]] [main] (0x2000): Running with real IDs [0][0]. 386s [p11_child[3173]] [do_card] (0x4000): Module List: 386s [p11_child[3173]] [do_card] (0x4000): common name: [softhsm2]. 386s [p11_child[3173]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 386s [p11_child[3173]] [do_card] (0x4000): Description [SoftHSM slot ID 0x71eb067f] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 386s [p11_child[3173]] [do_card] (0x4000): Token label [Test Organization Root Tr Token]. 386s [p11_child[3173]] [do_card] (0x4000): Found [Test Organization Root Tr Token] in slot [SoftHSM slot ID 0x71eb067f][1911228031] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 386s [p11_child[3173]] [do_card] (0x4000): Login NOT required. 386s [p11_child[3173]] [read_certs] (0x4000): found cert[Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] 386s [p11_child[3173]] [do_verification] (0x0040): X509_verify_cert failed [0]. 386s [p11_child[3173]] [do_verification] (0x0040): X509_verify_cert failed [20][unable to get local issuer certificate]. 386s [p11_child[3173]] [read_certs] (0x0040): Certificate [Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] not valid, skipping. 386s [p11_child[3173]] [do_card] (0x4000): No certificate found. 386s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-cNC6UN/SSSD-child-32383.output 386s + return 2 386s + invalid_certificate /tmp/sssd-softhsm2-cNC6UN/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-27971 /tmp/sssd-softhsm2-cNC6UN/test-intermediate-CA.pem partial_chain 386s + check_certificate /tmp/sssd-softhsm2-cNC6UN/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-27971 /tmp/sssd-softhsm2-cNC6UN/test-intermediate-CA.pem partial_chain 386s + local certificate=/tmp/sssd-softhsm2-cNC6UN/test-root-CA-trusted-certificate-0001.pem 386s + local key_pass=pass:random-root-ca-trusted-cert-0001-27971 386s + local key_ring=/tmp/sssd-softhsm2-cNC6UN/test-intermediate-CA.pem 386s + local verify_option=partial_chain 386s + prepare_softhsm2_card /tmp/sssd-softhsm2-cNC6UN/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-27971 386s + local certificate=/tmp/sssd-softhsm2-cNC6UN/test-root-CA-trusted-certificate-0001.pem 386s + local key_pass=pass:random-root-ca-trusted-cert-0001-27971 386s + local key_cn 386s + local key_name 386s + local tokens_dir 386s + local output_cert_file 386s + token_name= 386s ++ basename /tmp/sssd-softhsm2-cNC6UN/test-root-CA-trusted-certificate-0001.pem .pem 386s + key_name=test-root-CA-trusted-certificate-0001 386s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-cNC6UN/test-root-CA-trusted-certificate-0001.pem 386s ++ sed -n 's/ *commonName *= //p' 386s + key_cn='Test Organization Root Trusted Certificate 0001' 386s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 386s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-cNC6UN/softhsm2-test-root-CA-trusted-certificate-0001.conf 386s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-cNC6UN/softhsm2-test-root-CA-trusted-certificate-0001.conf 386s ++ basename /tmp/sssd-softhsm2-cNC6UN/softhsm2-test-root-CA-trusted-certificate-0001.conf .conf 386s + tokens_dir=/tmp/sssd-softhsm2-cNC6UN/softhsm2-test-root-CA-trusted-certificate-0001 386s + token_name='Test Organization Root Tr Token' 386s + '[' '!' -e /tmp/sssd-softhsm2-cNC6UN/softhsm2-test-root-CA-trusted-certificate-0001.conf ']' 386s + '[' '!' -d /tmp/sssd-softhsm2-cNC6UN/softhsm2-test-root-CA-trusted-certificate-0001 ']' 386s + echo 'Test Organization Root Tr Token' 386s + '[' -n partial_chain ']' 386s + local verify_arg=--verify=partial_chain 386s + local output_base_name=SSSD-child-454 386s + local output_file=/tmp/sssd-softhsm2-cNC6UN/SSSD-child-454.output 386s + output_cert_file=/tmp/sssd-softhsm2-cNC6UN/SSSD-child-454.pem 386s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so --verify=partial_chain --ca_db=/tmp/sssd-softhsm2-cNC6UN/test-intermediate-CA.pem 386s Test Organization Root Tr Token 386s [p11_child[3180]] [main] (0x0400): p11_child started. 386s [p11_child[3180]] [main] (0x2000): Running in [pre-auth] mode. 386s [p11_child[3180]] [main] (0x2000): Running with effective IDs: [0][0]. 386s [p11_child[3180]] [main] (0x2000): Running with real IDs [0][0]. 386s [p11_child[3180]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 386s [p11_child[3180]] [do_card] (0x4000): Module List: 386s [p11_child[3180]] [do_card] (0x4000): common name: [softhsm2]. 386s [p11_child[3180]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 386s [p11_child[3180]] [do_card] (0x4000): Description [SoftHSM slot ID 0x71eb067f] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 386s [p11_child[3180]] [do_card] (0x4000): Token label [Test Organization Root Tr Token]. 386s [p11_child[3180]] [do_card] (0x4000): Found [Test Organization Root Tr Token] in slot [SoftHSM slot ID 0x71eb067f][1911228031] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 386s [p11_child[3180]] [do_card] (0x4000): Login NOT required. 386s [p11_child[3180]] [read_certs] (0x4000): found cert[Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] 386s [p11_child[3180]] [do_verification] (0x0040): X509_verify_cert failed [0]. 386s [p11_child[3180]] [do_verification] (0x0040): X509_verify_cert failed [20][unable to get local issuer certificate]. 386s [p11_child[3180]] [read_certs] (0x0040): Certificate [Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] not valid, skipping. 386s [p11_child[3180]] [do_card] (0x4000): No certificate found. 386s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-cNC6UN/SSSD-child-454.output 386s + return 2 386s + invalid_certificate /tmp/sssd-softhsm2-cNC6UN/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-24497 /dev/null 386s + check_certificate /tmp/sssd-softhsm2-cNC6UN/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-24497 /dev/null 386s + local certificate=/tmp/sssd-softhsm2-cNC6UN/test-intermediate-CA-trusted-certificate-0001.pem 386s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-24497 386s + local key_ring=/dev/null 386s + local verify_option= 386s + prepare_softhsm2_card /tmp/sssd-softhsm2-cNC6UN/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-24497 386s + local certificate=/tmp/sssd-softhsm2-cNC6UN/test-intermediate-CA-trusted-certificate-0001.pem 386s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-24497 386s + local key_cn 386s + local key_name 386s + local tokens_dir 386s + local output_cert_file 386s + token_name= 386s ++ basename /tmp/sssd-softhsm2-cNC6UN/test-intermediate-CA-trusted-certificate-0001.pem .pem 386s + key_name=test-intermediate-CA-trusted-certificate-0001 386s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-cNC6UN/test-intermediate-CA-trusted-certificate-0001.pem 386s ++ sed -n 's/ *commonName *= //p' 387s + key_cn='Test Organization Intermediate Trusted Certificate 0001' 387s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 387s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-cNC6UN/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 387s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-cNC6UN/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 387s ++ basename /tmp/sssd-softhsm2-cNC6UN/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf .conf 387s + tokens_dir=/tmp/sssd-softhsm2-cNC6UN/softhsm2-test-intermediate-CA-trusted-certificate-0001 387s + token_name='Test Organization Interme Token' 387s + '[' '!' -e /tmp/sssd-softhsm2-cNC6UN/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf ']' 387s + local key_file 387s + local decrypted_key 387s + mkdir -p /tmp/sssd-softhsm2-cNC6UN/softhsm2-test-intermediate-CA-trusted-certificate-0001 387s + key_file=/tmp/sssd-softhsm2-cNC6UN/test-intermediate-CA-trusted-certificate-0001-key.pem 387s + decrypted_key=/tmp/sssd-softhsm2-cNC6UN/test-intermediate-CA-trusted-certificate-0001-key-decrypted.pem 387s + cat 387s + softhsm2-util --init-token --label 'Test Organization Interme Token' --pin 053350 --so-pin 053350 --free 387s Slot 0 has a free/uninitialized token. 387s The token has been initialized and is reassigned to slot 487136616 387s + softhsm2-util --show-slots 387s Available slots: 387s Slot 487136616 387s Slot info: 387s Description: SoftHSM slot ID 0x1d091d68 387s Manufacturer ID: SoftHSM project 387s Hardware version: 2.6 387s Firmware version: 2.6 387s Token present: yes 387s Token info: 387s Manufacturer ID: SoftHSM project 387s Model: SoftHSM v2 387s Hardware version: 2.6 387s Firmware version: 2.6 387s Serial number: 9ba389089d091d68 387s Initialized: yes 387s User PIN init.: yes 387s Label: Test Organization Interme Token 387s Slot 1 387s Slot info: 387s Description: SoftHSM slot ID 0x1 387s Manufacturer ID: SoftHSM project 387s Hardware version: 2.6 387s Firmware version: 2.6 387s Token present: yes 387s Token info: 387s Manufacturer ID: SoftHSM project 387s Model: SoftHSM v2 387s Hardware version: 2.6 387s Firmware version: 2.6 387s Serial number: 387s Initialized: no 387s User PIN init.: no 387s Label: 387s + p11tool --provider=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so --write --no-mark-private --load-certificate=/tmp/sssd-softhsm2-cNC6UN/test-intermediate-CA-trusted-certificate-0001.pem --login --set-pin=053350 --label 'Test Organization Intermediate Trusted Certificate 0001' --id 00112233445566778899FFAABBCCDDEEFF012345 387s + openssl rsa -passin pass:random-intermediate-ca-trusted-cert-0001-24497 -in /tmp/sssd-softhsm2-cNC6UN/test-intermediate-CA-trusted-certificate-0001-key.pem -out /tmp/sssd-softhsm2-cNC6UN/test-intermediate-CA-trusted-certificate-0001-key-decrypted.pem 387s writing RSA key 387s + p11tool --provider=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so --write --load-privkey=/tmp/sssd-softhsm2-cNC6UN/test-intermediate-CA-trusted-certificate-0001-key-decrypted.pem --login --set-pin=053350 --label 'Test Organization Intermediate Trusted Certificate 0001 Key' --id 00112233445566778899FFAABBCCDDEEFF012345 387s + rm /tmp/sssd-softhsm2-cNC6UN/test-intermediate-CA-trusted-certificate-0001-key-decrypted.pem 387s + p11tool --provider=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so --list-all 387s + echo 'Test Organization Interme Token' 387s + '[' -n '' ']' 387s + local output_base_name=SSSD-child-9262 387s + local output_file=/tmp/sssd-softhsm2-cNC6UN/SSSD-child-9262.output 387s + output_cert_file=/tmp/sssd-softhsm2-cNC6UN/SSSD-child-9262.pem 387s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so '' --ca_db=/dev/null 387s Object 0: 387s URL: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=9ba389089d091d68;token=Test%20Organization%20Interme%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Intermediate%20Trusted%20Certificate%200001;type=cert 387s Type: X.509 Certificate (RSA-1024) 387s Expires: Fri Jan 9 12:10:07 2026 387s Label: Test Organization Intermediate Trusted Certificate 0001 387s ID: 00:11:22:33:44:55:66:77:88:99:ff:aa:bb:cc:dd:ee:ff:01:23:45 387s 387s Test Organization Interme Token 387s [p11_child[3196]] [main] (0x0400): p11_child started. 387s [p11_child[3196]] [main] (0x2000): Running in [pre-auth] mode. 387s [p11_child[3196]] [main] (0x2000): Running with effective IDs: [0][0]. 387s [p11_child[3196]] [main] (0x2000): Running with real IDs [0][0]. 387s [p11_child[3196]] [init_verification] (0x0040): X509_LOOKUP_load_file [/dev/null] failed [92274824][error:05800088:x509 certificate routines::no certificate or crl found]. 387s [p11_child[3196]] [do_work] (0x0040): init_verification failed. 387s [p11_child[3196]] [main] (0x0020): p11_child failed (5) 387s + return 2 387s + valid_certificate /tmp/sssd-softhsm2-cNC6UN/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-24497 /dev/null no_verification 387s + check_certificate /tmp/sssd-softhsm2-cNC6UN/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-24497 /dev/null no_verification 387s + local certificate=/tmp/sssd-softhsm2-cNC6UN/test-intermediate-CA-trusted-certificate-0001.pem 387s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-24497 387s + local key_ring=/dev/null 387s + local verify_option=no_verification 387s + prepare_softhsm2_card /tmp/sssd-softhsm2-cNC6UN/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-24497 387s + local certificate=/tmp/sssd-softhsm2-cNC6UN/test-intermediate-CA-trusted-certificate-0001.pem 387s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-24497 387s + local key_cn 387s + local key_name 387s + local tokens_dir 387s + local output_cert_file 387s + token_name= 387s ++ basename /tmp/sssd-softhsm2-cNC6UN/test-intermediate-CA-trusted-certificate-0001.pem .pem 387s + key_name=test-intermediate-CA-trusted-certificate-0001 387s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-cNC6UN/test-intermediate-CA-trusted-certificate-0001.pem 387s ++ sed -n 's/ *commonName *= //p' 387s + key_cn='Test Organization Intermediate Trusted Certificate 0001' 387s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 387s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-cNC6UN/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 387s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-cNC6UN/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 387s ++ basename /tmp/sssd-softhsm2-cNC6UN/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf .conf 387s Test Organization Interme Token 387s + tokens_dir=/tmp/sssd-softhsm2-cNC6UN/softhsm2-test-intermediate-CA-trusted-certificate-0001 387s + token_name='Test Organization Interme Token' 387s + '[' '!' -e /tmp/sssd-softhsm2-cNC6UN/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf ']' 387s + '[' '!' -d /tmp/sssd-softhsm2-cNC6UN/softhsm2-test-intermediate-CA-trusted-certificate-0001 ']' 387s + echo 'Test Organization Interme Token' 387s + '[' -n no_verification ']' 387s + local verify_arg=--verify=no_verification 387s + local output_base_name=SSSD-child-13239 387s + local output_file=/tmp/sssd-softhsm2-cNC6UN/SSSD-child-13239.output 387s + output_cert_file=/tmp/sssd-softhsm2-cNC6UN/SSSD-child-13239.pem 387s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so --verify=no_verification --ca_db=/dev/null 387s [p11_child[3202]] [main] (0x0400): p11_child started. 387s [p11_child[3202]] [main] (0x2000): Running in [pre-auth] mode. 387s [p11_child[3202]] [main] (0x2000): Running with effective IDs: [0][0]. 387s [p11_child[3202]] [main] (0x2000): Running with real IDs [0][0]. 387s [p11_child[3202]] [parse_cert_verify_opts] (0x0020): Found 'no_verification' option, disabling verification completely. This should not be used in production. 387s [p11_child[3202]] [do_card] (0x4000): Module List: 387s [p11_child[3202]] [do_card] (0x4000): common name: [softhsm2]. 387s [p11_child[3202]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 387s [p11_child[3202]] [do_card] (0x4000): Description [SoftHSM slot ID 0x1d091d68] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 387s [p11_child[3202]] [do_card] (0x4000): Token label [Test Organization Interme Token]. 387s [p11_child[3202]] [do_card] (0x4000): Found [Test Organization Interme Token] in slot [SoftHSM slot ID 0x1d091d68][487136616] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 387s [p11_child[3202]] [do_card] (0x4000): Login NOT required. 387s [p11_child[3202]] [read_certs] (0x4000): found cert[Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] 387s [p11_child[3202]] [do_card] (0x4000): /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so (null) Test Organization Interme Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 387s [p11_child[3202]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x1d091d68;slot-manufacturer=SoftHSM%20project;slot-id=487136616;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=9ba389089d091d68;token=Test%20Organization%20Interme%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Intermediate%20Trusted%20Certificate%200001;type=cert. 387s [p11_child[3202]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 387s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-cNC6UN/SSSD-child-13239.output 387s + echo '-----BEGIN CERTIFICATE-----' 387s + tail -n1 /tmp/sssd-softhsm2-cNC6UN/SSSD-child-13239.output 387s + echo '-----END CERTIFICATE-----' 387s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-cNC6UN/SSSD-child-13239.pem 387s + local found_md5 expected_md5 387s Certificate: 387s Data: 387s Version: 3 (0x2) 387s Serial Number: 4 (0x4) 387s Signature Algorithm: sha256WithRSAEncryption 387s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate CA 387s Validity 387s Not Before: Jan 9 12:10:07 2025 GMT 387s Not After : Jan 9 12:10:07 2026 GMT 387s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate Trusted Certificate 0001 387s Subject Public Key Info: 387s Public Key Algorithm: rsaEncryption 387s Public-Key: (1024 bit) 387s Modulus: 387s 00:b1:6e:60:63:13:c4:19:ed:cc:84:2a:33:83:53: 387s c2:bb:be:dc:32:63:3f:b3:d2:e5:9a:59:f7:19:35: 387s 51:be:c2:9e:3e:d7:59:63:0c:b2:b9:d2:1e:de:49: 387s 8f:33:d2:ed:4f:26:40:39:2e:91:e7:7d:3c:53:6e: 387s 84:e5:ef:41:c2:ba:ac:6d:a6:61:98:92:aa:c3:31: 387s 0b:11:c8:1c:66:f7:ba:ca:c1:b7:c3:19:d5:c2:42: 387s 8d:87:83:1f:0f:24:8b:57:36:92:7e:24:84:16:8e: 387s 8e:2b:5f:8f:60:3a:ba:01:12:6d:d2:a9:f6:6e:b9: 387s 09:f6:96:b1:ed:f3:27:7d:ed 387s Exponent: 65537 (0x10001) 387s X509v3 extensions: 387s X509v3 Authority Key Identifier: 387s 63:C4:30:16:A5:B3:27:8C:E7:20:C0:84:1D:EE:E8:B3:A7:B5:01:96 387s X509v3 Basic Constraints: 387s CA:FALSE 387s Netscape Cert Type: 387s SSL Client, S/MIME 387s Netscape Comment: 387s Test Organization Intermediate CA trusted Certificate 387s X509v3 Subject Key Identifier: 387s 36:C4:87:0D:2E:0D:92:8F:3A:D1:FD:4B:F9:1C:DD:8B:BB:4B:42:A7 387s X509v3 Key Usage: critical 387s Digital Signature, Non Repudiation, Key Encipherment 387s X509v3 Extended Key Usage: 387s TLS Web Client Authentication, E-mail Protection 387s X509v3 Subject Alternative Name: 387s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 387s Signature Algorithm: sha256WithRSAEncryption 387s Signature Value: 387s 8c:24:d1:54:da:34:8b:41:4f:02:7d:54:3e:1e:5d:21:63:a6: 387s a9:dc:b1:95:b3:ce:78:c5:26:02:67:34:04:7b:38:8f:c2:54: 387s f2:ee:46:4e:30:43:6d:c7:2d:f3:fb:97:9e:e7:d1:ab:08:da: 387s c3:38:59:ca:11:da:c2:fa:8a:d0:cf:c1:6d:80:f0:df:64:bc: 387s e7:da:cd:b7:2c:64:1d:90:54:03:f7:28:15:cb:f1:6f:cd:b4: 387s 6e:2c:32:cf:b4:6d:59:47:a8:c4:29:0f:51:cc:14:e6:4e:12: 387s 73:48:04:18:5c:d3:d5:52:76:87:4c:bf:13:b1:4a:e1:45:c2: 387s 5c:22 387s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-cNC6UN/test-intermediate-CA-trusted-certificate-0001.pem 387s + expected_md5=Modulus=B16E606313C419EDCC842A338353C2BBBEDC32633FB3D2E59A59F7193551BEC29E3ED759630CB2B9D21EDE498F33D2ED4F2640392E91E77D3C536E84E5EF41C2BAAC6DA6619892AAC3310B11C81C66F7BACAC1B7C319D5C2428D87831F0F248B5736927E2484168E8E2B5F8F603ABA01126DD2A9F66EB909F696B1EDF3277DED 387s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-cNC6UN/SSSD-child-13239.pem 387s + found_md5=Modulus=B16E606313C419EDCC842A338353C2BBBEDC32633FB3D2E59A59F7193551BEC29E3ED759630CB2B9D21EDE498F33D2ED4F2640392E91E77D3C536E84E5EF41C2BAAC6DA6619892AAC3310B11C81C66F7BACAC1B7C319D5C2428D87831F0F248B5736927E2484168E8E2B5F8F603ABA01126DD2A9F66EB909F696B1EDF3277DED 387s + '[' Modulus=B16E606313C419EDCC842A338353C2BBBEDC32633FB3D2E59A59F7193551BEC29E3ED759630CB2B9D21EDE498F33D2ED4F2640392E91E77D3C536E84E5EF41C2BAAC6DA6619892AAC3310B11C81C66F7BACAC1B7C319D5C2428D87831F0F248B5736927E2484168E8E2B5F8F603ABA01126DD2A9F66EB909F696B1EDF3277DED '!=' Modulus=B16E606313C419EDCC842A338353C2BBBEDC32633FB3D2E59A59F7193551BEC29E3ED759630CB2B9D21EDE498F33D2ED4F2640392E91E77D3C536E84E5EF41C2BAAC6DA6619892AAC3310B11C81C66F7BACAC1B7C319D5C2428D87831F0F248B5736927E2484168E8E2B5F8F603ABA01126DD2A9F66EB909F696B1EDF3277DED ']' 387s + output_file=/tmp/sssd-softhsm2-cNC6UN/SSSD-child-13239-auth.output 387s ++ basename /tmp/sssd-softhsm2-cNC6UN/SSSD-child-13239-auth.output .output 387s + output_cert_file=/tmp/sssd-softhsm2-cNC6UN/SSSD-child-13239-auth.pem 387s + echo -n 053350 387s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/dev/null --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 --verify=no_verification --token_name 'Test Organization Interme Token' --module_name /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so 387s [p11_child[3210]] [main] (0x0400): p11_child started. 387s [p11_child[3210]] [main] (0x2000): Running in [auth] mode. 387s [p11_child[3210]] [main] (0x2000): Running with effective IDs: [0][0]. 387s [p11_child[3210]] [main] (0x2000): Running with real IDs [0][0]. 387s [p11_child[3210]] [parse_cert_verify_opts] (0x0020): Found 'no_verification' option, disabling verification completely. This should not be used in production. 387s [p11_child[3210]] [do_card] (0x4000): Module List: 387s [p11_child[3210]] [do_card] (0x4000): common name: [softhsm2]. 387s [p11_child[3210]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 387s [p11_child[3210]] [do_card] (0x4000): Description [SoftHSM slot ID 0x1d091d68] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 387s [p11_child[3210]] [do_card] (0x4000): Token label [Test Organization Interme Token]. 387s [p11_child[3210]] [do_card] (0x4000): Found [Test Organization Interme Token] in slot [SoftHSM slot ID 0x1d091d68][487136616] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 387s [p11_child[3210]] [do_card] (0x4000): Login required. 387s [p11_child[3210]] [read_certs] (0x4000): found cert[Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] 387s [p11_child[3210]] [do_card] (0x4000): /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so Test Organization Interme Token Test Organization Interme Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 387s [p11_child[3210]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x1d091d68;slot-manufacturer=SoftHSM%20project;slot-id=487136616;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=9ba389089d091d68;token=Test%20Organization%20Interme%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Intermediate%20Trusted%20Certificate%200001;type=cert. 387s [p11_child[3210]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 387s [p11_child[3210]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 387s [p11_child[3210]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 387s [p11_child[3210]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 387s [p11_child[3210]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 387s [p11_child[3210]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 387s [p11_child[3210]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 387s [p11_child[3210]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 387s [p11_child[3210]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 387s [p11_child[3210]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 387s [p11_child[3210]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 387s [p11_child[3210]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 387s [p11_child[3210]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 387s [p11_child[3210]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 387s [p11_child[3210]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 387s [p11_child[3210]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 387s [p11_child[3210]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 387s [p11_child[3210]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 387s [p11_child[3210]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 387s [p11_child[3210]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 387s [p11_child[3210]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 387s [p11_child[3210]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 387s [p11_child[3210]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 387s [p11_child[3210]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 387s [p11_child[3210]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 387s [p11_child[3210]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 387s [p11_child[3210]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 387s [p11_child[3210]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 387s [p11_child[3210]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 387s [p11_child[3210]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 387s [p11_child[3210]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 387s [p11_child[3210]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 387s [p11_child[3210]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 387s [p11_child[3210]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 387s [p11_child[3210]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 387s [p11_child[3210]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 387s [p11_child[3210]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 387s [p11_child[3210]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 387s [p11_child[3210]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 387s [p11_child[3210]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 387s [p11_child[3210]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 387s [p11_child[3210]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 387s [p11_child[3210]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 387s [p11_child[3210]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 387s [p11_child[3210]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 387s [p11_child[3210]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 387s [p11_child[3210]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 387s [p11_child[3210]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 387s [p11_child[3210]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 387s [p11_child[3210]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 387s [p11_child[3210]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 387s [p11_child[3210]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 387s [p11_child[3210]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 387s [p11_child[3210]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 387s [p11_child[3210]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 387s [p11_child[3210]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 387s [p11_child[3210]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 387s [p11_child[3210]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 387s [p11_child[3210]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 387s [p11_child[3210]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 387s [p11_child[3210]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 387s [p11_child[3210]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 387s [p11_child[3210]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 387s [p11_child[3210]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 387s [p11_child[3210]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 387s [p11_child[3210]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 387s [p11_child[3210]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 387s [p11_child[3210]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 387s [p11_child[3210]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 387s [p11_child[3210]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 387s [p11_child[3210]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 387s [p11_child[3210]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 387s [p11_child[3210]] [do_card] (0x4000): Certificate verified and validated. 387s [p11_child[3210]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 387s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-cNC6UN/SSSD-child-13239-auth.output 387s + echo '-----BEGIN CERTIFICATE-----' 387s + tail -n1 /tmp/sssd-softhsm2-cNC6UN/SSSD-child-13239-auth.output 387s + echo '-----END CERTIFICATE-----' 387s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-cNC6UN/SSSD-child-13239-auth.pem 387s Certificate: 387s Data: 387s Version: 3 (0x2) 387s Serial Number: 4 (0x4) 387s Signature Algorithm: sha256WithRSAEncryption 387s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate CA 387s Validity 387s Not Before: Jan 9 12:10:07 2025 GMT 387s Not After : Jan 9 12:10:07 2026 GMT 387s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate Trusted Certificate 0001 387s Subject Public Key Info: 387s Public Key Algorithm: rsaEncryption 387s Public-Key: (1024 bit) 387s Modulus: 387s 00:b1:6e:60:63:13:c4:19:ed:cc:84:2a:33:83:53: 387s c2:bb:be:dc:32:63:3f:b3:d2:e5:9a:59:f7:19:35: 387s 51:be:c2:9e:3e:d7:59:63:0c:b2:b9:d2:1e:de:49: 387s 8f:33:d2:ed:4f:26:40:39:2e:91:e7:7d:3c:53:6e: 387s 84:e5:ef:41:c2:ba:ac:6d:a6:61:98:92:aa:c3:31: 387s 0b:11:c8:1c:66:f7:ba:ca:c1:b7:c3:19:d5:c2:42: 387s 8d:87:83:1f:0f:24:8b:57:36:92:7e:24:84:16:8e: 387s 8e:2b:5f:8f:60:3a:ba:01:12:6d:d2:a9:f6:6e:b9: 387s 09:f6:96:b1:ed:f3:27:7d:ed 387s Exponent: 65537 (0x10001) 387s X509v3 extensions: 387s X509v3 Authority Key Identifier: 387s 63:C4:30:16:A5:B3:27:8C:E7:20:C0:84:1D:EE:E8:B3:A7:B5:01:96 387s X509v3 Basic Constraints: 387s CA:FALSE 387s Netscape Cert Type: 387s SSL Client, S/MIME 387s Netscape Comment: 387s Test Organization Intermediate CA trusted Certificate 387s X509v3 Subject Key Identifier: 387s 36:C4:87:0D:2E:0D:92:8F:3A:D1:FD:4B:F9:1C:DD:8B:BB:4B:42:A7 387s X509v3 Key Usage: critical 387s Digital Signature, Non Repudiation, Key Encipherment 387s X509v3 Extended Key Usage: 387s TLS Web Client Authentication, E-mail Protection 387s X509v3 Subject Alternative Name: 387s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 387s Signature Algorithm: sha256WithRSAEncryption 387s Signature Value: 387s 8c:24:d1:54:da:34:8b:41:4f:02:7d:54:3e:1e:5d:21:63:a6: 387s a9:dc:b1:95:b3:ce:78:c5:26:02:67:34:04:7b:38:8f:c2:54: 387s f2:ee:46:4e:30:43:6d:c7:2d:f3:fb:97:9e:e7:d1:ab:08:da: 387s c3:38:59:ca:11:da:c2:fa:8a:d0:cf:c1:6d:80:f0:df:64:bc: 387s e7:da:cd:b7:2c:64:1d:90:54:03:f7:28:15:cb:f1:6f:cd:b4: 387s 6e:2c:32:cf:b4:6d:59:47:a8:c4:29:0f:51:cc:14:e6:4e:12: 387s 73:48:04:18:5c:d3:d5:52:76:87:4c:bf:13:b1:4a:e1:45:c2: 387s 5c:22 387s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-cNC6UN/SSSD-child-13239-auth.pem 387s + found_md5=Modulus=B16E606313C419EDCC842A338353C2BBBEDC32633FB3D2E59A59F7193551BEC29E3ED759630CB2B9D21EDE498F33D2ED4F2640392E91E77D3C536E84E5EF41C2BAAC6DA6619892AAC3310B11C81C66F7BACAC1B7C319D5C2428D87831F0F248B5736927E2484168E8E2B5F8F603ABA01126DD2A9F66EB909F696B1EDF3277DED 387s + '[' Modulus=B16E606313C419EDCC842A338353C2BBBEDC32633FB3D2E59A59F7193551BEC29E3ED759630CB2B9D21EDE498F33D2ED4F2640392E91E77D3C536E84E5EF41C2BAAC6DA6619892AAC3310B11C81C66F7BACAC1B7C319D5C2428D87831F0F248B5736927E2484168E8E2B5F8F603ABA01126DD2A9F66EB909F696B1EDF3277DED '!=' Modulus=B16E606313C419EDCC842A338353C2BBBEDC32633FB3D2E59A59F7193551BEC29E3ED759630CB2B9D21EDE498F33D2ED4F2640392E91E77D3C536E84E5EF41C2BAAC6DA6619892AAC3310B11C81C66F7BACAC1B7C319D5C2428D87831F0F248B5736927E2484168E8E2B5F8F603ABA01126DD2A9F66EB909F696B1EDF3277DED ']' 387s + invalid_certificate /tmp/sssd-softhsm2-cNC6UN/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-24497 /tmp/sssd-softhsm2-cNC6UN/test-root-CA.pem 387s + check_certificate /tmp/sssd-softhsm2-cNC6UN/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-24497 /tmp/sssd-softhsm2-cNC6UN/test-root-CA.pem 387s + local certificate=/tmp/sssd-softhsm2-cNC6UN/test-intermediate-CA-trusted-certificate-0001.pem 387s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-24497 387s + local key_ring=/tmp/sssd-softhsm2-cNC6UN/test-root-CA.pem 387s + local verify_option= 387s + prepare_softhsm2_card /tmp/sssd-softhsm2-cNC6UN/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-24497 387s + local certificate=/tmp/sssd-softhsm2-cNC6UN/test-intermediate-CA-trusted-certificate-0001.pem 387s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-24497 387s + local key_cn 387s + local key_name 387s + local tokens_dir 387s + local output_cert_file 387s + token_name= 387s ++ basename /tmp/sssd-softhsm2-cNC6UN/test-intermediate-CA-trusted-certificate-0001.pem .pem 387s + key_name=test-intermediate-CA-trusted-certificate-0001 387s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-cNC6UN/test-intermediate-CA-trusted-certificate-0001.pem 387s ++ sed -n 's/ *commonName *= //p' 387s + key_cn='Test Organization Intermediate Trusted Certificate 0001' 387s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 387s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-cNC6UN/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 387s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-cNC6UN/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 387s ++ basename /tmp/sssd-softhsm2-cNC6UN/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf .conf 387s + tokens_dir=/tmp/sssd-softhsm2-cNC6UN/softhsm2-test-intermediate-CA-trusted-certificate-0001 387s + token_name='Test Organization Interme Token' 387s + '[' '!' -e /tmp/sssd-softhsm2-cNC6UN/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf ']' 387s + '[' '!' -d /tmp/sssd-softhsm2-cNC6UN/softhsm2-test-intermediate-CA-trusted-certificate-0001 ']' 387s + echo 'Test Organization Interme Token' 387s + '[' -n '' ']' 387s + local output_base_name=SSSD-child-9161 387s + local output_file=/tmp/sssd-softhsm2-cNC6UN/SSSD-child-9161.output 387s + output_cert_file=/tmp/sssd-softhsm2-cNC6UN/SSSD-child-9161.pem 387s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so '' --ca_db=/tmp/sssd-softhsm2-cNC6UN/test-root-CA.pem 387s Test Organization Interme Token 387s [p11_child[3220]] [main] (0x0400): p11_child started. 387s [p11_child[3220]] [main] (0x2000): Running in [pre-auth] mode. 387s [p11_child[3220]] [main] (0x2000): Running with effective IDs: [0][0]. 387s [p11_child[3220]] [main] (0x2000): Running with real IDs [0][0]. 387s [p11_child[3220]] [do_card] (0x4000): Module List: 387s [p11_child[3220]] [do_card] (0x4000): common name: [softhsm2]. 387s [p11_child[3220]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 387s [p11_child[3220]] [do_card] (0x4000): Description [SoftHSM slot ID 0x1d091d68] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 387s [p11_child[3220]] [do_card] (0x4000): Token label [Test Organization Interme Token]. 387s [p11_child[3220]] [do_card] (0x4000): Found [Test Organization Interme Token] in slot [SoftHSM slot ID 0x1d091d68][487136616] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 387s [p11_child[3220]] [do_card] (0x4000): Login NOT required. 387s [p11_child[3220]] [read_certs] (0x4000): found cert[Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] 387s [p11_child[3220]] [do_verification] (0x0040): X509_verify_cert failed [0]. 387s [p11_child[3220]] [do_verification] (0x0040): X509_verify_cert failed [20][unable to get local issuer certificate]. 387s [p11_child[3220]] [read_certs] (0x0040): Certificate [Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] not valid, skipping. 387s [p11_child[3220]] [do_card] (0x4000): No certificate found. 387s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-cNC6UN/SSSD-child-9161.output 387s + return 2 387s + invalid_certificate /tmp/sssd-softhsm2-cNC6UN/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-24497 /tmp/sssd-softhsm2-cNC6UN/test-root-CA.pem partial_chain 387s + check_certificate /tmp/sssd-softhsm2-cNC6UN/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-24497 /tmp/sssd-softhsm2-cNC6UN/test-root-CA.pem partial_chain 387s + local certificate=/tmp/sssd-softhsm2-cNC6UN/test-intermediate-CA-trusted-certificate-0001.pem 387s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-24497 387s + local key_ring=/tmp/sssd-softhsm2-cNC6UN/test-root-CA.pem 387s + local verify_option=partial_chain 387s + prepare_softhsm2_card /tmp/sssd-softhsm2-cNC6UN/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-24497 387s + local certificate=/tmp/sssd-softhsm2-cNC6UN/test-intermediate-CA-trusted-certificate-0001.pem 387s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-24497 387s + local key_cn 387s + local key_name 387s + local tokens_dir 387s + local output_cert_file 387s + token_name= 387s ++ basename /tmp/sssd-softhsm2-cNC6UN/test-intermediate-CA-trusted-certificate-0001.pem .pem 387s + key_name=test-intermediate-CA-trusted-certificate-0001 387s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-cNC6UN/test-intermediate-CA-trusted-certificate-0001.pem 387s ++ sed -n 's/ *commonName *= //p' 387s + key_cn='Test Organization Intermediate Trusted Certificate 0001' 387s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 387s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-cNC6UN/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 387s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-cNC6UN/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 387s ++ basename /tmp/sssd-softhsm2-cNC6UN/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf .conf 387s Test Organization Interme Token 387s + tokens_dir=/tmp/sssd-softhsm2-cNC6UN/softhsm2-test-intermediate-CA-trusted-certificate-0001 387s + token_name='Test Organization Interme Token' 387s + '[' '!' -e /tmp/sssd-softhsm2-cNC6UN/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf ']' 387s + '[' '!' -d /tmp/sssd-softhsm2-cNC6UN/softhsm2-test-intermediate-CA-trusted-certificate-0001 ']' 387s + echo 'Test Organization Interme Token' 387s + '[' -n partial_chain ']' 387s + local verify_arg=--verify=partial_chain 387s + local output_base_name=SSSD-child-21455 387s + local output_file=/tmp/sssd-softhsm2-cNC6UN/SSSD-child-21455.output 387s + output_cert_file=/tmp/sssd-softhsm2-cNC6UN/SSSD-child-21455.pem 387s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so --verify=partial_chain --ca_db=/tmp/sssd-softhsm2-cNC6UN/test-root-CA.pem 387s [p11_child[3227]] [main] (0x0400): p11_child started. 387s [p11_child[3227]] [main] (0x2000): Running in [pre-auth] mode. 387s [p11_child[3227]] [main] (0x2000): Running with effective IDs: [0][0]. 387s [p11_child[3227]] [main] (0x2000): Running with real IDs [0][0]. 387s [p11_child[3227]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 387s [p11_child[3227]] [do_card] (0x4000): Module List: 387s [p11_child[3227]] [do_card] (0x4000): common name: [softhsm2]. 387s [p11_child[3227]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 387s [p11_child[3227]] [do_card] (0x4000): Description [SoftHSM slot ID 0x1d091d68] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 387s [p11_child[3227]] [do_card] (0x4000): Token label [Test Organization Interme Token]. 387s [p11_child[3227]] [do_card] (0x4000): Found [Test Organization Interme Token] in slot [SoftHSM slot ID 0x1d091d68][487136616] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 387s [p11_child[3227]] [do_card] (0x4000): Login NOT required. 387s [p11_child[3227]] [read_certs] (0x4000): found cert[Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] 387s [p11_child[3227]] [do_verification] (0x0040): X509_verify_cert failed [0]. 387s [p11_child[3227]] [do_verification] (0x0040): X509_verify_cert failed [20][unable to get local issuer certificate]. 387s [p11_child[3227]] [read_certs] (0x0040): Certificate [Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] not valid, skipping. 387s [p11_child[3227]] [do_card] (0x4000): No certificate found. 387s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-cNC6UN/SSSD-child-21455.output 387s + return 2 387s + valid_certificate /tmp/sssd-softhsm2-cNC6UN/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-24497 /tmp/sssd-softhsm2-cNC6UN/test-full-chain-CA.pem 387s + check_certificate /tmp/sssd-softhsm2-cNC6UN/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-24497 /tmp/sssd-softhsm2-cNC6UN/test-full-chain-CA.pem 387s + local certificate=/tmp/sssd-softhsm2-cNC6UN/test-intermediate-CA-trusted-certificate-0001.pem 387s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-24497 387s + local key_ring=/tmp/sssd-softhsm2-cNC6UN/test-full-chain-CA.pem 387s + local verify_option= 387s + prepare_softhsm2_card /tmp/sssd-softhsm2-cNC6UN/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-24497 387s + local certificate=/tmp/sssd-softhsm2-cNC6UN/test-intermediate-CA-trusted-certificate-0001.pem 387s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-24497 387s + local key_cn 387s + local key_name 387s + local tokens_dir 387s + local output_cert_file 387s + token_name= 387s ++ basename /tmp/sssd-softhsm2-cNC6UN/test-intermediate-CA-trusted-certificate-0001.pem .pem 387s + key_name=test-intermediate-CA-trusted-certificate-0001 387s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-cNC6UN/test-intermediate-CA-trusted-certificate-0001.pem 387s ++ sed -n 's/ *commonName *= //p' 387s + key_cn='Test Organization Intermediate Trusted Certificate 0001' 387s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 387s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-cNC6UN/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 387s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-cNC6UN/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 387s ++ basename /tmp/sssd-softhsm2-cNC6UN/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf .conf 387s Test Organization Interme Token 387s + tokens_dir=/tmp/sssd-softhsm2-cNC6UN/softhsm2-test-intermediate-CA-trusted-certificate-0001 387s + token_name='Test Organization Interme Token' 387s + '[' '!' -e /tmp/sssd-softhsm2-cNC6UN/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf ']' 387s + '[' '!' -d /tmp/sssd-softhsm2-cNC6UN/softhsm2-test-intermediate-CA-trusted-certificate-0001 ']' 387s + echo 'Test Organization Interme Token' 387s + '[' -n '' ']' 387s + local output_base_name=SSSD-child-28501 387s + local output_file=/tmp/sssd-softhsm2-cNC6UN/SSSD-child-28501.output 387s + output_cert_file=/tmp/sssd-softhsm2-cNC6UN/SSSD-child-28501.pem 387s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so '' --ca_db=/tmp/sssd-softhsm2-cNC6UN/test-full-chain-CA.pem 387s [p11_child[3234]] [main] (0x0400): p11_child started. 387s [p11_child[3234]] [main] (0x2000): Running in [pre-auth] mode. 387s [p11_child[3234]] [main] (0x2000): Running with effective IDs: [0][0]. 387s [p11_child[3234]] [main] (0x2000): Running with real IDs [0][0]. 387s [p11_child[3234]] [do_card] (0x4000): Module List: 387s [p11_child[3234]] [do_card] (0x4000): common name: [softhsm2]. 387s [p11_child[3234]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 387s [p11_child[3234]] [do_card] (0x4000): Description [SoftHSM slot ID 0x1d091d68] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 387s [p11_child[3234]] [do_card] (0x4000): Token label [Test Organization Interme Token]. 387s [p11_child[3234]] [do_card] (0x4000): Found [Test Organization Interme Token] in slot [SoftHSM slot ID 0x1d091d68][487136616] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 387s [p11_child[3234]] [do_card] (0x4000): Login NOT required. 387s [p11_child[3234]] [read_certs] (0x4000): found cert[Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] 387s [p11_child[3234]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 387s [p11_child[3234]] [do_card] (0x4000): /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so (null) Test Organization Interme Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 387s [p11_child[3234]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x1d091d68;slot-manufacturer=SoftHSM%20project;slot-id=487136616;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=9ba389089d091d68;token=Test%20Organization%20Interme%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Intermediate%20Trusted%20Certificate%200001;type=cert. 387s [p11_child[3234]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 387s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-cNC6UN/SSSD-child-28501.output 387s + echo '-----BEGIN CERTIFICATE-----' 387s + tail -n1 /tmp/sssd-softhsm2-cNC6UN/SSSD-child-28501.output 387s + echo '-----END CERTIFICATE-----' 387s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-cNC6UN/SSSD-child-28501.pem 387s Certificate: 387s Data: 387s Version: 3 (0x2) 387s Serial Number: 4 (0x4) 387s Signature Algorithm: sha256WithRSAEncryption 387s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate CA 387s Validity 387s Not Before: Jan 9 12:10:07 2025 GMT 387s Not After : Jan 9 12:10:07 2026 GMT 387s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate Trusted Certificate 0001 387s Subject Public Key Info: 387s Public Key Algorithm: rsaEncryption 387s Public-Key: (1024 bit) 387s Modulus: 387s 00:b1:6e:60:63:13:c4:19:ed:cc:84:2a:33:83:53: 387s c2:bb:be:dc:32:63:3f:b3:d2:e5:9a:59:f7:19:35: 387s 51:be:c2:9e:3e:d7:59:63:0c:b2:b9:d2:1e:de:49: 387s 8f:33:d2:ed:4f:26:40:39:2e:91:e7:7d:3c:53:6e: 387s 84:e5:ef:41:c2:ba:ac:6d:a6:61:98:92:aa:c3:31: 387s 0b:11:c8:1c:66:f7:ba:ca:c1:b7:c3:19:d5:c2:42: 387s 8d:87:83:1f:0f:24:8b:57:36:92:7e:24:84:16:8e: 387s 8e:2b:5f:8f:60:3a:ba:01:12:6d:d2:a9:f6:6e:b9: 387s 09:f6:96:b1:ed:f3:27:7d:ed 387s Exponent: 65537 (0x10001) 387s X509v3 extensions: 387s X509v3 Authority Key Identifier: 387s 63:C4:30:16:A5:B3:27:8C:E7:20:C0:84:1D:EE:E8:B3:A7:B5:01:96 387s X509v3 Basic Constraints: 387s CA:FALSE 387s Netscape Cert Type: 387s SSL Client, S/MIME 387s Netscape Comment: 387s Test Organization Intermediate CA trusted Certificate 387s X509v3 Subject Key Identifier: 387s 36:C4:87:0D:2E:0D:92:8F:3A:D1:FD:4B:F9:1C:DD:8B:BB:4B:42:A7 387s X509v3 Key Usage: critical 387s Digital Signature, Non Repudiation, Key Encipherment 387s X509v3 Extended Key Usage: 387s TLS Web Client Authentication, E-mail Protection 387s X509v3 Subject Alternative Name: 387s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 387s Signature Algorithm: sha256WithRSAEncryption 387s Signature Value: 387s 8c:24:d1:54:da:34:8b:41:4f:02:7d:54:3e:1e:5d:21:63:a6: 387s a9:dc:b1:95:b3:ce:78:c5:26:02:67:34:04:7b:38:8f:c2:54: 387s f2:ee:46:4e:30:43:6d:c7:2d:f3:fb:97:9e:e7:d1:ab:08:da: 387s c3:38:59:ca:11:da:c2:fa:8a:d0:cf:c1:6d:80:f0:df:64:bc: 387s e7:da:cd:b7:2c:64:1d:90:54:03:f7:28:15:cb:f1:6f:cd:b4: 387s 6e:2c:32:cf:b4:6d:59:47:a8:c4:29:0f:51:cc:14:e6:4e:12: 387s 73:48:04:18:5c:d3:d5:52:76:87:4c:bf:13:b1:4a:e1:45:c2: 387s 5c:22 387s + local found_md5 expected_md5 387s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-cNC6UN/test-intermediate-CA-trusted-certificate-0001.pem 387s + expected_md5=Modulus=B16E606313C419EDCC842A338353C2BBBEDC32633FB3D2E59A59F7193551BEC29E3ED759630CB2B9D21EDE498F33D2ED4F2640392E91E77D3C536E84E5EF41C2BAAC6DA6619892AAC3310B11C81C66F7BACAC1B7C319D5C2428D87831F0F248B5736927E2484168E8E2B5F8F603ABA01126DD2A9F66EB909F696B1EDF3277DED 387s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-cNC6UN/SSSD-child-28501.pem 387s + found_md5=Modulus=B16E606313C419EDCC842A338353C2BBBEDC32633FB3D2E59A59F7193551BEC29E3ED759630CB2B9D21EDE498F33D2ED4F2640392E91E77D3C536E84E5EF41C2BAAC6DA6619892AAC3310B11C81C66F7BACAC1B7C319D5C2428D87831F0F248B5736927E2484168E8E2B5F8F603ABA01126DD2A9F66EB909F696B1EDF3277DED 387s + '[' Modulus=B16E606313C419EDCC842A338353C2BBBEDC32633FB3D2E59A59F7193551BEC29E3ED759630CB2B9D21EDE498F33D2ED4F2640392E91E77D3C536E84E5EF41C2BAAC6DA6619892AAC3310B11C81C66F7BACAC1B7C319D5C2428D87831F0F248B5736927E2484168E8E2B5F8F603ABA01126DD2A9F66EB909F696B1EDF3277DED '!=' Modulus=B16E606313C419EDCC842A338353C2BBBEDC32633FB3D2E59A59F7193551BEC29E3ED759630CB2B9D21EDE498F33D2ED4F2640392E91E77D3C536E84E5EF41C2BAAC6DA6619892AAC3310B11C81C66F7BACAC1B7C319D5C2428D87831F0F248B5736927E2484168E8E2B5F8F603ABA01126DD2A9F66EB909F696B1EDF3277DED ']' 387s + output_file=/tmp/sssd-softhsm2-cNC6UN/SSSD-child-28501-auth.output 387s ++ basename /tmp/sssd-softhsm2-cNC6UN/SSSD-child-28501-auth.output .output 387s + output_cert_file=/tmp/sssd-softhsm2-cNC6UN/SSSD-child-28501-auth.pem 387s + echo -n 053350 387s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/tmp/sssd-softhsm2-cNC6UN/test-full-chain-CA.pem --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 '' --token_name 'Test Organization Interme Token' --module_name /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so 387s [p11_child[3242]] [main] (0x0400): p11_child started. 387s [p11_child[3242]] [main] (0x2000): Running in [auth] mode. 387s [p11_child[3242]] [main] (0x2000): Running with effective IDs: [0][0]. 387s [p11_child[3242]] [main] (0x2000): Running with real IDs [0][0]. 387s [p11_child[3242]] [do_card] (0x4000): Module List: 387s [p11_child[3242]] [do_card] (0x4000): common name: [softhsm2]. 387s [p11_child[3242]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 387s [p11_child[3242]] [do_card] (0x4000): Description [SoftHSM slot ID 0x1d091d68] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 387s [p11_child[3242]] [do_card] (0x4000): Token label [Test Organization Interme Token]. 387s [p11_child[3242]] [do_card] (0x4000): Found [Test Organization Interme Token] in slot [SoftHSM slot ID 0x1d091d68][487136616] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 387s [p11_child[3242]] [do_card] (0x4000): Login required. 387s [p11_child[3242]] [read_certs] (0x4000): found cert[Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] 387s [p11_child[3242]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 387s [p11_child[3242]] [do_card] (0x4000): /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so Test Organization Interme Token Test Organization Interme Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 387s [p11_child[3242]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x1d091d68;slot-manufacturer=SoftHSM%20project;slot-id=487136616;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=9ba389089d091d68;token=Test%20Organization%20Interme%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Intermediate%20Trusted%20Certificate%200001;type=cert. 387s [p11_child[3242]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 387s [p11_child[3242]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 387s [p11_child[3242]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 387s [p11_child[3242]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 387s [p11_child[3242]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 387s [p11_child[3242]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 387s [p11_child[3242]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 387s [p11_child[3242]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 387s [p11_child[3242]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 387s [p11_child[3242]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 387s [p11_child[3242]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 387s [p11_child[3242]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 387s [p11_child[3242]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 387s [p11_child[3242]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 387s [p11_child[3242]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 387s [p11_child[3242]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 387s [p11_child[3242]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 387s [p11_child[3242]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 387s [p11_child[3242]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 387s [p11_child[3242]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 387s [p11_child[3242]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 387s [p11_child[3242]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 387s [p11_child[3242]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 387s [p11_child[3242]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 387s [p11_child[3242]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 387s [p11_child[3242]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 387s [p11_child[3242]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 387s [p11_child[3242]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 387s [p11_child[3242]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 387s [p11_child[3242]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 387s [p11_child[3242]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 387s [p11_child[3242]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 387s [p11_child[3242]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 387s [p11_child[3242]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 387s [p11_child[3242]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 387s [p11_child[3242]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 387s [p11_child[3242]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 387s [p11_child[3242]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 387s [p11_child[3242]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 387s [p11_child[3242]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 387s [p11_child[3242]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 387s [p11_child[3242]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 387s [p11_child[3242]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 387s [p11_child[3242]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 387s [p11_child[3242]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 387s [p11_child[3242]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 387s [p11_child[3242]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 387s [p11_child[3242]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 387s [p11_child[3242]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 387s [p11_child[3242]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 387s [p11_child[3242]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 387s [p11_child[3242]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 387s [p11_child[3242]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 387s [p11_child[3242]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 387s [p11_child[3242]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 387s [p11_child[3242]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 387s [p11_child[3242]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 387s [p11_child[3242]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 387s [p11_child[3242]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 387s [p11_child[3242]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 387s [p11_child[3242]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 387s [p11_child[3242]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 387s [p11_child[3242]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 387s [p11_child[3242]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 387s [p11_child[3242]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 387s [p11_child[3242]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 387s [p11_child[3242]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 387s [p11_child[3242]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 387s [p11_child[3242]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 387s [p11_child[3242]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 387s [p11_child[3242]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 387s [p11_child[3242]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 387s [p11_child[3242]] [do_card] (0x4000): Certificate verified and validated. 387s [p11_child[3242]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 387s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-cNC6UN/SSSD-child-28501-auth.output 387s + echo '-----BEGIN CERTIFICATE-----' 387s + tail -n1 /tmp/sssd-softhsm2-cNC6UN/SSSD-child-28501-auth.output 387s + echo '-----END CERTIFICATE-----' 387s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-cNC6UN/SSSD-child-28501-auth.pem 388s Certificate: 388s Data: 388s Version: 3 (0x2) 388s Serial Number: 4 (0x4) 388s Signature Algorithm: sha256WithRSAEncryption 388s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate CA 388s Validity 388s Not Before: Jan 9 12:10:07 2025 GMT 388s Not After : Jan 9 12:10:07 2026 GMT 388s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate Trusted Certificate 0001 388s Subject Public Key Info: 388s Public Key Algorithm: rsaEncryption 388s Public-Key: (1024 bit) 388s Modulus: 388s 00:b1:6e:60:63:13:c4:19:ed:cc:84:2a:33:83:53: 388s c2:bb:be:dc:32:63:3f:b3:d2:e5:9a:59:f7:19:35: 388s 51:be:c2:9e:3e:d7:59:63:0c:b2:b9:d2:1e:de:49: 388s 8f:33:d2:ed:4f:26:40:39:2e:91:e7:7d:3c:53:6e: 388s 84:e5:ef:41:c2:ba:ac:6d:a6:61:98:92:aa:c3:31: 388s 0b:11:c8:1c:66:f7:ba:ca:c1:b7:c3:19:d5:c2:42: 388s 8d:87:83:1f:0f:24:8b:57:36:92:7e:24:84:16:8e: 388s 8e:2b:5f:8f:60:3a:ba:01:12:6d:d2:a9:f6:6e:b9: 388s 09:f6:96:b1:ed:f3:27:7d:ed 388s Exponent: 65537 (0x10001) 388s X509v3 extensions: 388s X509v3 Authority Key Identifier: 388s 63:C4:30:16:A5:B3:27:8C:E7:20:C0:84:1D:EE:E8:B3:A7:B5:01:96 388s X509v3 Basic Constraints: 388s CA:FALSE 388s Netscape Cert Type: 388s SSL Client, S/MIME 388s Netscape Comment: 388s Test Organization Intermediate CA trusted Certificate 388s X509v3 Subject Key Identifier: 388s 36:C4:87:0D:2E:0D:92:8F:3A:D1:FD:4B:F9:1C:DD:8B:BB:4B:42:A7 388s X509v3 Key Usage: critical 388s Digital Signature, Non Repudiation, Key Encipherment 388s X509v3 Extended Key Usage: 388s TLS Web Client Authentication, E-mail Protection 388s X509v3 Subject Alternative Name: 388s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 388s Signature Algorithm: sha256WithRSAEncryption 388s Signature Value: 388s 8c:24:d1:54:da:34:8b:41:4f:02:7d:54:3e:1e:5d:21:63:a6: 388s a9:dc:b1:95:b3:ce:78:c5:26:02:67:34:04:7b:38:8f:c2:54: 388s f2:ee:46:4e:30:43:6d:c7:2d:f3:fb:97:9e:e7:d1:ab:08:da: 388s c3:38:59:ca:11:da:c2:fa:8a:d0:cf:c1:6d:80:f0:df:64:bc: 388s e7:da:cd:b7:2c:64:1d:90:54:03:f7:28:15:cb:f1:6f:cd:b4: 388s 6e:2c:32:cf:b4:6d:59:47:a8:c4:29:0f:51:cc:14:e6:4e:12: 388s 73:48:04:18:5c:d3:d5:52:76:87:4c:bf:13:b1:4a:e1:45:c2: 388s 5c:22 388s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-cNC6UN/SSSD-child-28501-auth.pem 388s + found_md5=Modulus=B16E606313C419EDCC842A338353C2BBBEDC32633FB3D2E59A59F7193551BEC29E3ED759630CB2B9D21EDE498F33D2ED4F2640392E91E77D3C536E84E5EF41C2BAAC6DA6619892AAC3310B11C81C66F7BACAC1B7C319D5C2428D87831F0F248B5736927E2484168E8E2B5F8F603ABA01126DD2A9F66EB909F696B1EDF3277DED 388s + '[' Modulus=B16E606313C419EDCC842A338353C2BBBEDC32633FB3D2E59A59F7193551BEC29E3ED759630CB2B9D21EDE498F33D2ED4F2640392E91E77D3C536E84E5EF41C2BAAC6DA6619892AAC3310B11C81C66F7BACAC1B7C319D5C2428D87831F0F248B5736927E2484168E8E2B5F8F603ABA01126DD2A9F66EB909F696B1EDF3277DED '!=' Modulus=B16E606313C419EDCC842A338353C2BBBEDC32633FB3D2E59A59F7193551BEC29E3ED759630CB2B9D21EDE498F33D2ED4F2640392E91E77D3C536E84E5EF41C2BAAC6DA6619892AAC3310B11C81C66F7BACAC1B7C319D5C2428D87831F0F248B5736927E2484168E8E2B5F8F603ABA01126DD2A9F66EB909F696B1EDF3277DED ']' 388s + valid_certificate /tmp/sssd-softhsm2-cNC6UN/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-24497 /tmp/sssd-softhsm2-cNC6UN/test-full-chain-CA.pem partial_chain 388s + check_certificate /tmp/sssd-softhsm2-cNC6UN/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-24497 /tmp/sssd-softhsm2-cNC6UN/test-full-chain-CA.pem partial_chain 388s + local certificate=/tmp/sssd-softhsm2-cNC6UN/test-intermediate-CA-trusted-certificate-0001.pem 388s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-24497 388s + local key_ring=/tmp/sssd-softhsm2-cNC6UN/test-full-chain-CA.pem 388s + local verify_option=partial_chain 388s + prepare_softhsm2_card /tmp/sssd-softhsm2-cNC6UN/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-24497 388s + local certificate=/tmp/sssd-softhsm2-cNC6UN/test-intermediate-CA-trusted-certificate-0001.pem 388s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-24497 388s + local key_cn 388s + local key_name 388s + local tokens_dir 388s + local output_cert_file 388s + token_name= 388s ++ basename /tmp/sssd-softhsm2-cNC6UN/test-intermediate-CA-trusted-certificate-0001.pem .pem 388s Test Organization Interme Token 388s Certificate: 388s Data: 388s Version: 3 (0x2) 388s Serial Number: 4 (0x4) 388s Signature Algorithm: sha256WithRSAEncryption 388s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate CA 388s Validity 388s Not Before: Jan 9 12:10:07 2025 GMT 388s Not After : Jan 9 12:10:07 2026 GMT 388s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate Trusted Certificate 0001 388s Subject Public Key Info: 388s Public Key Algorithm: rsaEncryption 388s Public-Key: (1024 bit) 388s Modulus: 388s 00:b1:6e:60:63:13:c4:19:ed:cc:84:2a:33:83:53: 388s c2:bb:be:dc:32:63:3f:b3:d2:e5:9a:59:f7:19:35: 388s 51:be:c2:9e:3e:d7:59:63:0c:b2:b9:d2:1e:de:49: 388s 8f:33:d2:ed:4f:26:40:39:2e:91:e7:7d:3c:53:6e: 388s 84:e5:ef:41:c2:ba:ac:6d:a6:61:98:92:aa:c3:31: 388s 0b:11:c8:1c:66:f7:ba:ca:c1:b7:c3:19:d5:c2:42: 388s 8d:87:83:1f:0f:24:8b:57:36:92:7e:24:84:16:8e: 388s 8e:2b:5f:8f:60:3a:ba:01:12:6d:d2:a9:f6:6e:b9: 388s 09:f6:96:b1:ed:f3:27:7d:ed 388s Exponent: 65537 (0x10001) 388s X509v3 extensions: 388s X509v3 Authority Key Identifier: 388s 63:C4:30:16:A5:B3:27:8C:E7:20:C0:84:1D:EE:E8:B3:A7:B5:01:96 388s X509v3 Basic Constraints: 388s CA:FALSE 388s Netscape Cert Type: 388s SSL Client, S/MIME 388s Netscape Comment: 388s Test Organization Intermediate CA trusted Certificate 388s X509v3 Subject Key Identifier: 388s 36:C4:87:0D:2E:0D:92:8F:3A:D1:FD:4B:F9:1C:DD:8B:BB:4B:42:A7 388s X509v3 Key Usage: critical 388s Digital Signature, Non Repudiation, Key Encipherment 388s X509v3 Extended Key Usage: 388s TLS Web Client Authentication, E-mail Protection 388s X509v3 Subject Alternative Name: 388s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 388s Signature Algorithm: sha256WithRSAEncryption 388s Signature Value: 388s 8c:24:d1:54:da:34:8b:41:4f:02:7d:54:3e:1e:5d:21:63:a6: 388s a9:dc:b1:95:b3:ce:78:c5:26:02:67:34:04:7b:38:8f:c2:54: 388s f2:ee:46:4e:30:43:6d:c7:2d:f3:fb:97:9e:e7:d1:ab:08:da: 388s c3:38:59:ca:11:da:c2:fa:8a:d0:cf:c1:6d:80:f0:df:64:bc: 388s e7:da:cd:b7:2c:64:1d:90:54:03:f7:28:15:cb:f1:6f:cd:b4: 388s 6e:2c:32:cf:b4:6d:59:47:a8:c4:29:0f:51:cc:14:e6:4e:12: 388s 73:48:04:18:5c:d3:d5:52:76:87:4c:bf:13:b1:4a:e1:45:c2: 388s 5c:22 388s Certificate: 388s Data: 388s Version: 3 (0x2) 388s Serial Number: 4 (0x4) 388s Signature Algorithm: sha256WithRSAEncryption 388s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate CA 388s Validity 388s Not Before: Jan 9 12:10:07 2025 GMT 388s Not After : Jan 9 12:10:07 2026 GMT 388s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate Trusted Certificate 0001 388s Subject Public Key Info: 388s Public Key Algorithm: rsaEncryption 388s Public-Key: (1024 bit) 388s Modulus: 388s 00:b1:6e:60:63:13:c4:19:ed:cc:84:2a:33:83:53: 388s c2:bb:be:dc:32:63:3f:b3:d2:e5:9a:59:f7:19:35: 388s 51:be:c2:9e:3e:d7:59:63:0c:b2:b9:d2:1e:de:49: 388s 8f:33:d2:ed:4f:26:40:39:2e:91:e7:7d:3c:53:6e: 388s 84:e5:ef:41:c2:ba:ac:6d:a6:61:98:92:aa:c3:31: 388s 0b:11:c8:1c:66:f7:ba:ca:c1:b7:c3:19:d5:c2:42: 388s 8d:87:83:1f:0f:24:8b:57:36:92:7e:24:84:16:8e: 388s 8e:2b:5f:8f:60:3a:ba:01:12:6d:d2:a9:f6:6e:b9: 388s 09:f6:96:b1:ed:f3:27:7d:ed 388s Exponent: 65537 (0x10001) 388s X509v3 extensions: 388s X509v3 Authority Key Identifier: 388s 63:C4:30:16:A5:B3:27:8C:E7:20:C0:84:1D:EE:E8:B3:A7:B5:01:96 388s X509v3 Basic Constraints: 388s CA:FALSE 388s Netscape Cert Type: 388s SSL Client, S/MIME 388s Netscape Comment: 388s Test Organization Intermediate CA trusted Certificate 388s X509v3 Subject Key Identifier: 388s 36:C4:87:0D:2E:0D:92:8F:3A:D1:FD:4B:F9:1C:DD:8B:BB:4B:42:A7 388s X509v3 Key Usage: critical 388s Digital Signature, Non Repudiation, Key Encipherment 388s X509v3 Extended Key Usage: 388s TLS Web Client Authentication, E-mail Protection 388s X509v3 Subject Alternative Name: 388s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 388s Signature Algorithm: sha256WithRSAEncryption 388s Signature Value: 388s 8c:24:d1:54:da:34:8b:41:4f:02:7d:54:3e:1e:5d:21:63:a6: 388s a9:dc:b1:95:b3:ce:78:c5:26:02:67:34:04:7b:38:8f:c2:54: 388s f2:ee:46:4e:30:43:6d:c7:2d:f3:fb:97:9e:e7:d1:ab:08:da: 388s c3:38:59:ca:11:da:c2:fa:8a:d0:cf:c1:6d:80:f0:df:64:bc: 388s e7:da:cd:b7:2c:64:1d:90:54:03:f7:28:15:cb:f1:6f:cd:b4: 388s 6e:2c:32:cf:b4:6d:59:47:a8:c4:29:0f:51:cc:14:e6:4e:12: 388s 73:48:04:18:5c:d3:d5:52:76:87:4c:bf:13:b1:4a:e1:45:c2: 388s 5c:22 388s Test Organization Interme Token 388s Test Organization Interme Token 388s Certificate: 388s Data: 388s Version: 3 (0x2) 388s Serial Number: 4 (0x4) 388s Signature Algorithm: sha256WithRSAEncryption 388s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate CA 388s Validity 388s Not Before: Jan 9 12:10:07 2025 GMT 388s Not After : Jan 9 12:10:07 2026 GMT 388s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate Trusted Certificate 0001 388s Subject Public Key Info: 388s Public Key Algorithm: rsaEncryption 388s Public-Key: (1024 bit) 388s Modulus: 388s 00:b1:6e:60:63:13:c4:19:ed:cc:84:2a:33:83:53: 388s c2:bb:be:dc:32:63:3f:b3:d2:e5:9a:59:f7:19:35: 388s 51:be:c2:9e:3e:d7:59:63:0c:b2:b9:d2:1e:de:49: 388s 8f:33:d2:ed:4f:26:40:39:2e:91:e7:7d:3c:53:6e: 388s 84:e5:ef:41:c2:ba:ac:6d:a6:61:98:92:aa:c3:31: 388s 0b:11:c8:1c:66:f7:ba:ca:c1:b7:c3:19:d5:c2:42: 388s 8d:87:83:1f:0f:24:8b:57:36:92:7e:24:84:16:8e: 388s 8e:2b:5f:8f:60:3a:ba:01:12:6d:d2:a9:f6:6e:b9: 388s 09:f6:96:b1:ed:f3:27:7d:ed 388s Exponent: 65537 (0x10001) 388s X509v3 extensions: 388s X509v3 Authority Key Identifier: 388s 63:C4:30:16:A5:B3:27:8C:E7:20:C0:84:1D:EE:E8:B3:A7:B5:01:96 388s X509v3 Basic Constraints: 388s CA:FALSE 388s Netscape Cert Type: 388s SSL Client, S/MIME 388s Netscape Comment: 388s Test Organization Intermediate CA trusted Certificate 388s X509v3 Subject Key Identifier: 388s 36:C4:87:0D:2E:0D:92:8F:3A:D1:FD:4B:F9:1C:DD:8B:BB:4B:42:A7 388s X509v3 Key Usage: critical 388s Digital Signature, Non Repudiation, Key Encipherment 388s X509v3 Extended Key Usage: 388s TLS Web Client Authentication, E-mail Protection 388s X509v3 Subject Alternative Name: 388s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 388s Signature Algorithm: sha256WithRSAEncryption 388s Signature Value: 388s 8c:24:d1:54:da:34:8b:41:4f:02:7d:54:3e:1e:5d:21:63:a6: 388s a9:dc:b1:95:b3:ce:78:c5:26:02:67:34:04:7b:38:8f:c2:54: 388s f2:ee:46:4e:30:43:6d:c7:2d:f3:fb:97:9e:e7:d1:ab:08:da: 388s c3:38:59:ca:11:da:c2:fa:8a:d0:cf:c1:6d:80:f0:df:64:bc: 388s e7:da:cd:b7:2c:64:1d:90:54:03:f7:28:15:cb:f1:6f:cd:b4: 388s 6e:2c:32:cf:b4:6d:59:47:a8:c4:29:0f:51:cc:14:e6:4e:12: 388s 73:48:04:18:5c:d3:d5:52:76:87:4c:bf:13:b1:4a:e1:45:c2: 388s 5c:22 388s + key_name=test-intermediate-CA-trusted-certificate-0001 388s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-cNC6UN/test-intermediate-CA-trusted-certificate-0001.pem 388s ++ sed -n 's/ *commonName *= //p' 388s + key_cn='Test Organization Intermediate Trusted Certificate 0001' 388s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 388s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-cNC6UN/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 388s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-cNC6UN/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 388s ++ basename /tmp/sssd-softhsm2-cNC6UN/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf .conf 388s + tokens_dir=/tmp/sssd-softhsm2-cNC6UN/softhsm2-test-intermediate-CA-trusted-certificate-0001 388s + token_name='Test Organization Interme Token' 388s + '[' '!' -e /tmp/sssd-softhsm2-cNC6UN/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf ']' 388s + '[' '!' -d /tmp/sssd-softhsm2-cNC6UN/softhsm2-test-intermediate-CA-trusted-certificate-0001 ']' 388s + echo 'Test Organization Interme Token' 388s + '[' -n partial_chain ']' 388s + local verify_arg=--verify=partial_chain 388s + local output_base_name=SSSD-child-29847 388s + local output_file=/tmp/sssd-softhsm2-cNC6UN/SSSD-child-29847.output 388s + output_cert_file=/tmp/sssd-softhsm2-cNC6UN/SSSD-child-29847.pem 388s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so --verify=partial_chain --ca_db=/tmp/sssd-softhsm2-cNC6UN/test-full-chain-CA.pem 388s [p11_child[3252]] [main] (0x0400): p11_child started. 388s [p11_child[3252]] [main] (0x2000): Running in [pre-auth] mode. 388s [p11_child[3252]] [main] (0x2000): Running with effective IDs: [0][0]. 388s [p11_child[3252]] [main] (0x2000): Running with real IDs [0][0]. 388s [p11_child[3252]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 388s [p11_child[3252]] [do_card] (0x4000): Module List: 388s [p11_child[3252]] [do_card] (0x4000): common name: [softhsm2]. 388s [p11_child[3252]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 388s [p11_child[3252]] [do_card] (0x4000): Description [SoftHSM slot ID 0x1d091d68] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 388s [p11_child[3252]] [do_card] (0x4000): Token label [Test Organization Interme Token]. 388s [p11_child[3252]] [do_card] (0x4000): Found [Test Organization Interme Token] in slot [SoftHSM slot ID 0x1d091d68][487136616] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 388s [p11_child[3252]] [do_card] (0x4000): Login NOT required. 388s [p11_child[3252]] [read_certs] (0x4000): found cert[Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] 388s [p11_child[3252]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 388s [p11_child[3252]] [do_card] (0x4000): /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so (null) Test Organization Interme Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 388s [p11_child[3252]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x1d091d68;slot-manufacturer=SoftHSM%20project;slot-id=487136616;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=9ba389089d091d68;token=Test%20Organization%20Interme%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Intermediate%20Trusted%20Certificate%200001;type=cert. 388s [p11_child[3252]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 388s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-cNC6UN/SSSD-child-29847.output 388s + echo '-----BEGIN CERTIFICATE-----' 388s + tail -n1 /tmp/sssd-softhsm2-cNC6UN/SSSD-child-29847.output 388s + echo '-----END CERTIFICATE-----' 388s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-cNC6UN/SSSD-child-29847.pem 388s + local found_md5 expected_md5 388s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-cNC6UN/test-intermediate-CA-trusted-certificate-0001.pem 388s + expected_md5=Modulus=B16E606313C419EDCC842A338353C2BBBEDC32633FB3D2E59A59F7193551BEC29E3ED759630CB2B9D21EDE498F33D2ED4F2640392E91E77D3C536E84E5EF41C2BAAC6DA6619892AAC3310B11C81C66F7BACAC1B7C319D5C2428D87831F0F248B5736927E2484168E8E2B5F8F603ABA01126DD2A9F66EB909F696B1EDF3277DED 388s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-cNC6UN/SSSD-child-29847.pem 388s + found_md5=Modulus=B16E606313C419EDCC842A338353C2BBBEDC32633FB3D2E59A59F7193551BEC29E3ED759630CB2B9D21EDE498F33D2ED4F2640392E91E77D3C536E84E5EF41C2BAAC6DA6619892AAC3310B11C81C66F7BACAC1B7C319D5C2428D87831F0F248B5736927E2484168E8E2B5F8F603ABA01126DD2A9F66EB909F696B1EDF3277DED 388s + '[' Modulus=B16E606313C419EDCC842A338353C2BBBEDC32633FB3D2E59A59F7193551BEC29E3ED759630CB2B9D21EDE498F33D2ED4F2640392E91E77D3C536E84E5EF41C2BAAC6DA6619892AAC3310B11C81C66F7BACAC1B7C319D5C2428D87831F0F248B5736927E2484168E8E2B5F8F603ABA01126DD2A9F66EB909F696B1EDF3277DED '!=' Modulus=B16E606313C419EDCC842A338353C2BBBEDC32633FB3D2E59A59F7193551BEC29E3ED759630CB2B9D21EDE498F33D2ED4F2640392E91E77D3C536E84E5EF41C2BAAC6DA6619892AAC3310B11C81C66F7BACAC1B7C319D5C2428D87831F0F248B5736927E2484168E8E2B5F8F603ABA01126DD2A9F66EB909F696B1EDF3277DED ']' 388s + output_file=/tmp/sssd-softhsm2-cNC6UN/SSSD-child-29847-auth.output 388s ++ basename /tmp/sssd-softhsm2-cNC6UN/SSSD-child-29847-auth.output .output 388s + output_cert_file=/tmp/sssd-softhsm2-cNC6UN/SSSD-child-29847-auth.pem 388s + echo -n 053350 388s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/tmp/sssd-softhsm2-cNC6UN/test-full-chain-CA.pem --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 --verify=partial_chain --token_name 'Test Organization Interme Token' --module_name /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so 388s [p11_child[3260]] [main] (0x0400): p11_child started. 388s [p11_child[3260]] [main] (0x2000): Running in [auth] mode. 388s [p11_child[3260]] [main] (0x2000): Running with effective IDs: [0][0]. 388s [p11_child[3260]] [main] (0x2000): Running with real IDs [0][0]. 388s [p11_child[3260]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 388s [p11_child[3260]] [do_card] (0x4000): Module List: 388s [p11_child[3260]] [do_card] (0x4000): common name: [softhsm2]. 388s [p11_child[3260]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 388s [p11_child[3260]] [do_card] (0x4000): Description [SoftHSM slot ID 0x1d091d68] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 388s [p11_child[3260]] [do_card] (0x4000): Token label [Test Organization Interme Token]. 388s [p11_child[3260]] [do_card] (0x4000): Found [Test Organization Interme Token] in slot [SoftHSM slot ID 0x1d091d68][487136616] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 388s [p11_child[3260]] [do_card] (0x4000): Login required. 388s [p11_child[3260]] [read_certs] (0x4000): found cert[Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] 388s [p11_child[3260]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 388s [p11_child[3260]] [do_card] (0x4000): /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so Test Organization Interme Token Test Organization Interme Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 388s [p11_child[3260]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x1d091d68;slot-manufacturer=SoftHSM%20project;slot-id=487136616;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=9ba389089d091d68;token=Test%20Organization%20Interme%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Intermediate%20Trusted%20Certificate%200001;type=cert. 388s [p11_child[3260]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 388s [p11_child[3260]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 388s [p11_child[3260]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 388s [p11_child[3260]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 388s [p11_child[3260]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 388s [p11_child[3260]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 388s [p11_child[3260]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 388s [p11_child[3260]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 388s [p11_child[3260]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 388s [p11_child[3260]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 388s [p11_child[3260]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 388s [p11_child[3260]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 388s [p11_child[3260]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 388s [p11_child[3260]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 388s [p11_child[3260]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 388s [p11_child[3260]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 388s [p11_child[3260]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 388s [p11_child[3260]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 388s [p11_child[3260]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 388s [p11_child[3260]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 388s [p11_child[3260]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 388s [p11_child[3260]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 388s [p11_child[3260]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 388s [p11_child[3260]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 388s [p11_child[3260]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 388s [p11_child[3260]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 388s [p11_child[3260]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 388s [p11_child[3260]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 388s [p11_child[3260]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 388s [p11_child[3260]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 388s [p11_child[3260]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 388s [p11_child[3260]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 388s [p11_child[3260]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 388s [p11_child[3260]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 388s [p11_child[3260]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 388s [p11_child[3260]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 388s [p11_child[3260]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 388s [p11_child[3260]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 388s [p11_child[3260]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 388s [p11_child[3260]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 388s [p11_child[3260]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 388s [p11_child[3260]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 388s [p11_child[3260]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 388s [p11_child[3260]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 388s [p11_child[3260]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 388s [p11_child[3260]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 388s [p11_child[3260]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 388s [p11_child[3260]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 388s [p11_child[3260]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 388s [p11_child[3260]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 388s [p11_child[3260]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 388s [p11_child[3260]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 388s [p11_child[3260]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 388s [p11_child[3260]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 388s [p11_child[3260]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 388s [p11_child[3260]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 388s [p11_child[3260]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 388s [p11_child[3260]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 388s [p11_child[3260]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 388s [p11_child[3260]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 388s [p11_child[3260]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 388s [p11_child[3260]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 388s [p11_child[3260]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 388s [p11_child[3260]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 388s [p11_child[3260]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 388s [p11_child[3260]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 388s [p11_child[3260]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 388s [p11_child[3260]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 388s [p11_child[3260]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 388s [p11_child[3260]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 388s [p11_child[3260]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 388s [p11_child[3260]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 388s [p11_child[3260]] [do_card] (0x4000): Certificate verified and validated. 388s [p11_child[3260]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 388s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-cNC6UN/SSSD-child-29847-auth.output 388s + echo '-----BEGIN CERTIFICATE-----' 388s + tail -n1 /tmp/sssd-softhsm2-cNC6UN/SSSD-child-29847-auth.output 388s + echo '-----END CERTIFICATE-----' 388s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-cNC6UN/SSSD-child-29847-auth.pem 388s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-cNC6UN/SSSD-child-29847-auth.pem 388s + found_md5=Modulus=B16E606313C419EDCC842A338353C2BBBEDC32633FB3D2E59A59F7193551BEC29E3ED759630CB2B9D21EDE498F33D2ED4F2640392E91E77D3C536E84E5EF41C2BAAC6DA6619892AAC3310B11C81C66F7BACAC1B7C319D5C2428D87831F0F248B5736927E2484168E8E2B5F8F603ABA01126DD2A9F66EB909F696B1EDF3277DED 388s + '[' Modulus=B16E606313C419EDCC842A338353C2BBBEDC32633FB3D2E59A59F7193551BEC29E3ED759630CB2B9D21EDE498F33D2ED4F2640392E91E77D3C536E84E5EF41C2BAAC6DA6619892AAC3310B11C81C66F7BACAC1B7C319D5C2428D87831F0F248B5736927E2484168E8E2B5F8F603ABA01126DD2A9F66EB909F696B1EDF3277DED '!=' Modulus=B16E606313C419EDCC842A338353C2BBBEDC32633FB3D2E59A59F7193551BEC29E3ED759630CB2B9D21EDE498F33D2ED4F2640392E91E77D3C536E84E5EF41C2BAAC6DA6619892AAC3310B11C81C66F7BACAC1B7C319D5C2428D87831F0F248B5736927E2484168E8E2B5F8F603ABA01126DD2A9F66EB909F696B1EDF3277DED ']' 388s + invalid_certificate /tmp/sssd-softhsm2-cNC6UN/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-24497 /tmp/sssd-softhsm2-cNC6UN/test-intermediate-CA.pem 388s + check_certificate /tmp/sssd-softhsm2-cNC6UN/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-24497 /tmp/sssd-softhsm2-cNC6UN/test-intermediate-CA.pem 388s + local certificate=/tmp/sssd-softhsm2-cNC6UN/test-intermediate-CA-trusted-certificate-0001.pem 388s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-24497 388s + local key_ring=/tmp/sssd-softhsm2-cNC6UN/test-intermediate-CA.pem 388s + local verify_option= 388s + prepare_softhsm2_card /tmp/sssd-softhsm2-cNC6UN/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-24497 388s + local certificate=/tmp/sssd-softhsm2-cNC6UN/test-intermediate-CA-trusted-certificate-0001.pem 388s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-24497 388s + local key_cn 388s + local key_name 388s + local tokens_dir 388s + local output_cert_file 388s + token_name= 388s ++ basename /tmp/sssd-softhsm2-cNC6UN/test-intermediate-CA-trusted-certificate-0001.pem .pem 388s + key_name=test-intermediate-CA-trusted-certificate-0001 388s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-cNC6UN/test-intermediate-CA-trusted-certificate-0001.pem 388s ++ sed -n 's/ *commonName *= //p' 388s + key_cn='Test Organization Intermediate Trusted Certificate 0001' 388s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 388s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-cNC6UN/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 388s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-cNC6UN/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 388s ++ basename /tmp/sssd-softhsm2-cNC6UN/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf .conf 388s + tokens_dir=/tmp/sssd-softhsm2-cNC6UN/softhsm2-test-intermediate-CA-trusted-certificate-0001 388s + token_name='Test Organization Interme Token' 388s + '[' '!' -e /tmp/sssd-softhsm2-cNC6UN/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf ']' 388s + '[' '!' -d /tmp/sssd-softhsm2-cNC6UN/softhsm2-test-intermediate-CA-trusted-certificate-0001 ']' 388s + echo 'Test Organization Interme Token' 388s + '[' -n '' ']' 388s + local output_base_name=SSSD-child-14070 388s + local output_file=/tmp/sssd-softhsm2-cNC6UN/SSSD-child-14070.output 388s + output_cert_file=/tmp/sssd-softhsm2-cNC6UN/SSSD-child-14070.pem 388s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so '' --ca_db=/tmp/sssd-softhsm2-cNC6UN/test-intermediate-CA.pem 388s [p11_child[3270]] [main] (0x0400): p11_child started. 388s [p11_child[3270]] [main] (0x2000): Running in [pre-auth] mode. 388s [p11_child[3270]] [main] (0x2000): Running with effective IDs: [0][0]. 388s [p11_child[3270]] [main] (0x2000): Running with real IDs [0][0]. 388s [p11_child[3270]] [do_card] (0x4000): Module List: 388s [p11_child[3270]] [do_card] (0x4000): common name: [softhsm2]. 388s [p11_child[3270]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 388s [p11_child[3270]] [do_card] (0x4000): Description [SoftHSM slot ID 0x1d091d68] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 388s [p11_child[3270]] [do_card] (0x4000): Token label [Test Organization Interme Token]. 388s [p11_child[3270]] [do_card] (0x4000): Found [Test Organization Interme Token] in slot [SoftHSM slot ID 0x1d091d68][487136616] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 388s [p11_child[3270]] [do_card] (0x4000): Login NOT required. 388s [p11_child[3270]] [read_certs] (0x4000): found cert[Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] 388s [p11_child[3270]] [do_verification] (0x0040): X509_verify_cert failed [0]. 388s [p11_child[3270]] [do_verification] (0x0040): X509_verify_cert failed [2][unable to get issuer certificate]. 388s [p11_child[3270]] [read_certs] (0x0040): Certificate [Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] not valid, skipping. 388s [p11_child[3270]] [do_card] (0x4000): No certificate found. 388s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-cNC6UN/SSSD-child-14070.output 388s + return 2 388s + valid_certificate /tmp/sssd-softhsm2-cNC6UN/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-24497 /tmp/sssd-softhsm2-cNC6UN/test-intermediate-CA.pem partial_chain 388s + check_certificate /tmp/sssd-softhsm2-cNC6UN/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-24497 /tmp/sssd-softhsm2-cNC6UN/test-intermediate-CA.pem partial_chain 388s + local certificate=/tmp/sssd-softhsm2-cNC6UN/test-intermediate-CA-trusted-certificate-0001.pem 388s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-24497 388s + local key_ring=/tmp/sssd-softhsm2-cNC6UN/test-intermediate-CA.pem 388s + local verify_option=partial_chain 388s + prepare_softhsm2_card /tmp/sssd-softhsm2-cNC6UN/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-24497 388s + local certificate=/tmp/sssd-softhsm2-cNC6UN/test-intermediate-CA-trusted-certificate-0001.pem 388s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-24497 388s + local key_cn 388s + local key_name 388s + local tokens_dir 388s + local output_cert_file 388s + token_name= 388s ++ basename /tmp/sssd-softhsm2-cNC6UN/test-intermediate-CA-trusted-certificate-0001.pem .pem 388s + key_name=test-intermediate-CA-trusted-certificate-0001 388s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-cNC6UN/test-intermediate-CA-trusted-certificate-0001.pem 388s ++ sed -n 's/ *commonName *= //p' 388s + key_cn='Test Organization Intermediate Trusted Certificate 0001' 388s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 388s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-cNC6UN/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 388s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-cNC6UN/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 388s ++ basename /tmp/sssd-softhsm2-cNC6UN/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf .conf 388s + tokens_dir=/tmp/sssd-softhsm2-cNC6UN/softhsm2-test-intermediate-CA-trusted-certificate-0001 388s + token_name='Test Organization Interme Token' 388s + '[' '!' -e /tmp/sssd-softhsm2-cNC6UN/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf ']' 388s + '[' '!' -d /tmp/sssd-softhsm2-cNC6UN/softhsm2-test-intermediate-CA-trusted-certificate-0001 ']' 388s + echo 'Test Organization Interme Token' 388s + '[' -n partial_chain ']' 388s + local verify_arg=--verify=partial_chain 388s + local output_base_name=SSSD-child-29492 388s + local output_file=/tmp/sssd-softhsm2-cNC6UN/SSSD-child-29492.output 388s + output_cert_file=/tmp/sssd-softhsm2-cNC6UN/SSSD-child-29492.pem 388s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so --verify=partial_chain --ca_db=/tmp/sssd-softhsm2-cNC6UN/test-intermediate-CA.pem 388s [p11_child[3277]] [main] (0x0400): p11_child started. 388s [p11_child[3277]] [main] (0x2000): Running in [pre-auth] mode. 388s [p11_child[3277]] [main] (0x2000): Running with effective IDs: [0][0]. 388s [p11_child[3277]] [main] (0x2000): Running with real IDs [0][0]. 388s [p11_child[3277]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 388s [p11_child[3277]] [do_card] (0x4000): Module List: 388s [p11_child[3277]] [do_card] (0x4000): common name: [softhsm2]. 388s [p11_child[3277]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 388s [p11_child[3277]] [do_card] (0x4000): Description [SoftHSM slot ID 0x1d091d68] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 388s [p11_child[3277]] [do_card] (0x4000): Token label [Test Organization Interme Token]. 388s [p11_child[3277]] [do_card] (0x4000): Found [Test Organization Interme Token] in slot [SoftHSM slot ID 0x1d091d68][487136616] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 388s [p11_child[3277]] [do_card] (0x4000): Login NOT required. 388s [p11_child[3277]] [read_certs] (0x4000): found cert[Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] 388s [p11_child[3277]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 388s [p11_child[3277]] [do_card] (0x4000): /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so (null) Test Organization Interme Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 388s [p11_child[3277]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x1d091d68;slot-manufacturer=SoftHSM%20project;slot-id=487136616;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=9ba389089d091d68;token=Test%20Organization%20Interme%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Intermediate%20Trusted%20Certificate%200001;type=cert. 388s [p11_child[3277]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 388s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-cNC6UN/SSSD-child-29492.output 388s + echo '-----BEGIN CERTIFICATE-----' 388s + tail -n1 /tmp/sssd-softhsm2-cNC6UN/SSSD-child-29492.output 388s + echo '-----END CERTIFICATE-----' 388s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-cNC6UN/SSSD-child-29492.pem 388s + local found_md5 expected_md5 388s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-cNC6UN/test-intermediate-CA-trusted-certificate-0001.pem 388s + expected_md5=Modulus=B16E606313C419EDCC842A338353C2BBBEDC32633FB3D2E59A59F7193551BEC29E3ED759630CB2B9D21EDE498F33D2ED4F2640392E91E77D3C536E84E5EF41C2BAAC6DA6619892AAC3310B11C81C66F7BACAC1B7C319D5C2428D87831F0F248B5736927E2484168E8E2B5F8F603ABA01126DD2A9F66EB909F696B1EDF3277DED 388s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-cNC6UN/SSSD-child-29492.pem 388s + found_md5=Modulus=B16E606313C419EDCC842A338353C2BBBEDC32633FB3D2E59A59F7193551BEC29E3ED759630CB2B9D21EDE498F33D2ED4F2640392E91E77D3C536E84E5EF41C2BAAC6DA6619892AAC3310B11C81C66F7BACAC1B7C319D5C2428D87831F0F248B5736927E2484168E8E2B5F8F603ABA01126DD2A9F66EB909F696B1EDF3277DED 388s + '[' Modulus=B16E606313C419EDCC842A338353C2BBBEDC32633FB3D2E59A59F7193551BEC29E3ED759630CB2B9D21EDE498F33D2ED4F2640392E91E77D3C536E84E5EF41C2BAAC6DA6619892AAC3310B11C81C66F7BACAC1B7C319D5C2428D87831F0F248B5736927E2484168E8E2B5F8F603ABA01126DD2A9F66EB909F696B1EDF3277DED '!=' Modulus=B16E606313C419EDCC842A338353C2BBBEDC32633FB3D2E59A59F7193551BEC29E3ED759630CB2B9D21EDE498F33D2ED4F2640392E91E77D3C536E84E5EF41C2BAAC6DA6619892AAC3310B11C81C66F7BACAC1B7C319D5C2428D87831F0F248B5736927E2484168E8E2B5F8F603ABA01126DD2A9F66EB909F696B1EDF3277DED ']' 388s + output_file=/tmp/sssd-softhsm2-cNC6UN/SSSD-child-29492-auth.output 388s ++ basename /tmp/sssd-softhsm2-cNC6UN/SSSD-child-29492-auth.output .output 388s + output_cert_file=/tmp/sssd-softhsm2-cNC6UN/SSSD-child-29492-auth.pem 388s + echo -n 053350 388s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/tmp/sssd-softhsm2-cNC6UN/test-intermediate-CA.pem --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 --verify=partial_chain --token_name 'Test Organization Interme Token' --module_name /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so 388s [p11_child[3285]] [main] (0x0400): p11_child started. 388s [p11_child[3285]] [main] (0x2000): Running in [auth] mode. 388s [p11_child[3285]] [main] (0x2000): Running with effective IDs: [0][0]. 388s [p11_child[3285]] [main] (0x2000): Running with real IDs [0][0]. 388s [p11_child[3285]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 388s [p11_child[3285]] [do_card] (0x4000): Module List: 388s [p11_child[3285]] [do_card] (0x4000): common name: [softhsm2]. 388s [p11_child[3285]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 388s [p11_child[3285]] [do_card] (0x4000): Description [SoftHSM slot ID 0x1d091d68] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 388s [p11_child[3285]] [do_card] (0x4000): Token label [Test Organization Interme Token]. 388s [p11_child[3285]] [do_card] (0x4000): Found [Test Organization Interme Token] in slot [SoftHSM slot ID 0x1d091d68][487136616] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 388s [p11_child[3285]] [do_card] (0x4000): Login required. 388s [p11_child[3285]] [read_certs] (0x4000): found cert[Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] 388s [p11_child[3285]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 388s [p11_child[3285]] [do_card] (0x4000): /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so Test Organization Interme Token Test Organization Interme Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 388s [p11_child[3285]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x1d091d68;slot-manufacturer=SoftHSM%20project;slot-id=487136616;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=9ba389089d091d68;token=Test%20Organization%20Interme%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Intermediate%20Trusted%20Certificate%200001;type=cert. 388s [p11_child[3285]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 388s [p11_child[3285]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 388s [p11_child[3285]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 388s [p11_child[3285]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 388s [p11_child[3285]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 388s [p11_child[3285]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 388s [p11_child[3285]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 388s [p11_child[3285]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 388s [p11_child[3285]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 388s [p11_child[3285]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 388s [p11_child[3285]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 388s [p11_child[3285]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 388s [p11_child[3285]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 388s [p11_child[3285]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 388s [p11_child[3285]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 388s [p11_child[3285]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 388s [p11_child[3285]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 388s [p11_child[3285]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 388s [p11_child[3285]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 388s [p11_child[3285]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 388s [p11_child[3285]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 388s [p11_child[3285]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 388s [p11_child[3285]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 388s [p11_child[3285]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 388s [p11_child[3285]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 388s [p11_child[3285]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 388s [p11_child[3285]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 388s [p11_child[3285]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 388s [p11_child[3285]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 388s [p11_child[3285]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 388s [p11_child[3285]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 388s [p11_child[3285]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 388s [p11_child[3285]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 388s [p11_child[3285]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 388s [p11_child[3285]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 388s [p11_child[3285]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 388s [p11_child[3285]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 388s [p11_child[3285]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 388s [p11_child[3285]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 388s [p11_child[3285]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 388s [p11_child[3285]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 388s [p11_child[3285]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 388s [p11_child[3285]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 388s [p11_child[3285]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 388s [p11_child[3285]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 388s [p11_child[3285]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 388s [p11_child[3285]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 388s [p11_child[3285]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 388s [p11_child[3285]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 388s [p11_child[3285]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 388s [p11_child[3285]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 388s [p11_child[3285]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 388s [p11_child[3285]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 388s [p11_child[3285]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 388s [p11_child[3285]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 388s [p11_child[3285]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 388s [p11_child[3285]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 388s [p11_child[3285]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 388s [p11_child[3285]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 388s [p11_child[3285]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 388s [p11_child[3285]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 388s [p11_child[3285]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 388s [p11_child[3285]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 388s [p11_child[3285]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 388s [p11_child[3285]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 388s [p11_child[3285]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 388s [p11_child[3285]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 388s [p11_child[3285]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 388s [p11_child[3285]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 388s [p11_child[3285]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 388s [p11_child[3285]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 388s [p11_child[3285]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 388s [p11_child[3285]] [do_card] (0x4000): Certificate verified and validated. 388s [p11_child[3285]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 388s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-cNC6UN/SSSD-child-29492-auth.output 388s + echo '-----BEGIN CERTIFICATE-----' 388s + tail -n1 /tmp/sssd-softhsm2-cNC6UN/SSSD-child-29492-auth.output 388s + echo '-----END CERTIFICATE-----' 388s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-cNC6UN/SSSD-child-29492-auth.pem 388s Certificate: 388s Data: 388s Version: 3 (0x2) 388s Serial Number: 4 (0x4) 388s Signature Algorithm: sha256WithRSAEncryption 388s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate CA 388s Validity 388s Not Before: Jan 9 12:10:07 2025 GMT 388s Not After : Jan 9 12:10:07 2026 GMT 388s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate Trusted Certificate 0001 388s Subject Public Key Info: 388s Public Key Algorithm: rsaEncryption 388s Public-Key: (1024 bit) 388s Modulus: 388s 00:b1:6e:60:63:13:c4:19:ed:cc:84:2a:33:83:53: 388s c2:bb:be:dc:32:63:3f:b3:d2:e5:9a:59:f7:19:35: 388s 51:be:c2:9e:3e:d7:59:63:0c:b2:b9:d2:1e:de:49: 388s 8f:33:d2:ed:4f:26:40:39:2e:91:e7:7d:3c:53:6e: 388s 84:e5:ef:41:c2:ba:ac:6d:a6:61:98:92:aa:c3:31: 388s 0b:11:c8:1c:66:f7:ba:ca:c1:b7:c3:19:d5:c2:42: 388s 8d:87:83:1f:0f:24:8b:57:36:92:7e:24:84:16:8e: 388s 8e:2b:5f:8f:60:3a:ba:01:12:6d:d2:a9:f6:6e:b9: 388s 09:f6:96:b1:ed:f3:27:7d:ed 388s Exponent: 65537 (0x10001) 388s X509v3 extensions: 388s X509v3 Authority Key Identifier: 388s 63:C4:30:16:A5:B3:27:8C:E7:20:C0:84:1D:EE:E8:B3:A7:B5:01:96 388s X509v3 Basic Constraints: 388s CA:FALSE 388s Netscape Cert Type: 388s SSL Client, S/MIME 388s Netscape Comment: 388s Test Organization Intermediate CA trusted Certificate 388s X509v3 Subject Key Identifier: 388s 36:C4:87:0D:2E:0D:92:8F:3A:D1:FD:4B:F9:1C:DD:8B:BB:4B:42:A7 388s X509v3 Key Usage: critical 388s Digital Signature, Non Repudiation, Key Encipherment 388s X509v3 Extended Key Usage: 388s TLS Web Client Authentication, E-mail Protection 388s X509v3 Subject Alternative Name: 388s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 388s Signature Algorithm: sha256WithRSAEncryption 388s Signature Value: 388s 8c:24:d1:54:da:34:8b:41:4f:02:7d:54:3e:1e:5d:21:63:a6: 388s a9:dc:b1:95:b3:ce:78:c5:26:02:67:34:04:7b:38:8f:c2:54: 388s f2:ee:46:4e:30:43:6d:c7:2d:f3:fb:97:9e:e7:d1:ab:08:da: 388s c3:38:59:ca:11:da:c2:fa:8a:d0:cf:c1:6d:80:f0:df:64:bc: 388s e7:da:cd:b7:2c:64:1d:90:54:03:f7:28:15:cb:f1:6f:cd:b4: 388s 6e:2c:32:cf:b4:6d:59:47:a8:c4:29:0f:51:cc:14:e6:4e:12: 388s 73:48:04:18:5c:d3:d5:52:76:87:4c:bf:13:b1:4a:e1:45:c2: 388s 5c:22 388s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-cNC6UN/SSSD-child-29492-auth.pem 388s + found_md5=Modulus=B16E606313C419EDCC842A338353C2BBBEDC32633FB3D2E59A59F7193551BEC29E3ED759630CB2B9D21EDE498F33D2ED4F2640392E91E77D3C536E84E5EF41C2BAAC6DA6619892AAC3310B11C81C66F7BACAC1B7C319D5C2428D87831F0F248B5736927E2484168E8E2B5F8F603ABA01126DD2A9F66EB909F696B1EDF3277DED 388s + '[' Modulus=B16E606313C419EDCC842A338353C2BBBEDC32633FB3D2E59A59F7193551BEC29E3ED759630CB2B9D21EDE498F33D2ED4F2640392E91E77D3C536E84E5EF41C2BAAC6DA6619892AAC3310B11C81C66F7BACAC1B7C319D5C2428D87831F0F248B5736927E2484168E8E2B5F8F603ABA01126DD2A9F66EB909F696B1EDF3277DED '!=' Modulus=B16E606313C419EDCC842A338353C2BBBEDC32633FB3D2E59A59F7193551BEC29E3ED759630CB2B9D21EDE498F33D2ED4F2640392E91E77D3C536E84E5EF41C2BAAC6DA6619892AAC3310B11C81C66F7BACAC1B7C319D5C2428D87831F0F248B5736927E2484168E8E2B5F8F603ABA01126DD2A9F66EB909F696B1EDF3277DED ']' 388s + invalid_certificate /tmp/sssd-softhsm2-cNC6UN/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-90 /tmp/sssd-softhsm2-cNC6UN/test-root-CA.pem 388s + check_certificate /tmp/sssd-softhsm2-cNC6UN/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-90 /tmp/sssd-softhsm2-cNC6UN/test-root-CA.pem 388s + local certificate=/tmp/sssd-softhsm2-cNC6UN/test-sub-intermediate-CA-trusted-certificate-0001.pem 388s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-90 388s + local key_ring=/tmp/sssd-softhsm2-cNC6UN/test-root-CA.pem 388s + local verify_option= 388s + prepare_softhsm2_card /tmp/sssd-softhsm2-cNC6UN/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-90 388s + local certificate=/tmp/sssd-softhsm2-cNC6UN/test-sub-intermediate-CA-trusted-certificate-0001.pem 388s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-90 388s + local key_cn 388s + local key_name 388s + local tokens_dir 388s + local output_cert_file 388s + token_name= 388s ++ basename /tmp/sssd-softhsm2-cNC6UN/test-sub-intermediate-CA-trusted-certificate-0001.pem .pem 388s + key_name=test-sub-intermediate-CA-trusted-certificate-0001 388s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-cNC6UN/test-sub-intermediate-CA-trusted-certificate-0001.pem 388s ++ sed -n 's/ *commonName *= //p' 388s + key_cn='Test Organization Sub Intermediate Trusted Certificate 0001' 388s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 388s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-cNC6UN/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 388s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-cNC6UN/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 388s ++ basename /tmp/sssd-softhsm2-cNC6UN/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf .conf 388s + tokens_dir=/tmp/sssd-softhsm2-cNC6UN/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 388s + token_name='Test Organization Sub Int Token' 388s + '[' '!' -e /tmp/sssd-softhsm2-cNC6UN/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf ']' 388s + local key_file 388s + local decrypted_key 388s + mkdir -p /tmp/sssd-softhsm2-cNC6UN/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 388s + key_file=/tmp/sssd-softhsm2-cNC6UN/test-sub-intermediate-CA-trusted-certificate-0001-key.pem 388s + decrypted_key=/tmp/sssd-softhsm2-cNC6UN/test-sub-intermediate-CA-trusted-certificate-0001-key-decrypted.pem 388s + cat 388s + softhsm2-util --init-token --label 'Test Organization Sub Int Token' --pin 053350 --so-pin 053350 --free 388s Slot 0 has a free/uninitialized token. 388s The token has been initialized and is reassigned to slot 2080928914 388s + softhsm2-util --show-slots 388s Available slots: 388s Slot 2080928914 388s Slot info: 388s Description: SoftHSM slot ID 0x7c087492 388s Manufacturer ID: SoftHSM project 388s Hardware version: 2.6 388s Firmware version: 2.6 388s Token present: yes 388s Token info: 388s Manufacturer ID: SoftHSM project 388s Model: SoftHSM v2 388s Hardware version: 2.6 388s Firmware version: 2.6 388s Serial number: d93ba498fc087492 388s Initialized: yes 388s User PIN init.: yes 388s Label: Test Organization Sub Int Token 388s Slot 1 388s Slot info: 388s Description: SoftHSM slot ID 0x1 388s Manufacturer ID: SoftHSM project 388s Hardware version: 2.6 388s Firmware version: 2.6 388s Token present: yes 388s Token info: 388s Manufacturer ID: SoftHSM project 388s Model: SoftHSM v2 388s Hardware version: 2.6 388s Firmware version: 2.6 388s Serial number: 388s Initialized: no 388s User PIN init.: no 388s Label: 388s + p11tool --provider=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so --write --no-mark-private --load-certificate=/tmp/sssd-softhsm2-cNC6UN/test-sub-intermediate-CA-trusted-certificate-0001.pem --login --set-pin=053350 --label 'Test Organization Sub Intermediate Trusted Certificate 0001' --id 00112233445566778899FFAABBCCDDEEFF012345 388s + openssl rsa -passin pass:random-sub-intermediate-ca-trusted-cert-0001-90 -in /tmp/sssd-softhsm2-cNC6UN/test-sub-intermediate-CA-trusted-certificate-0001-key.pem -out /tmp/sssd-softhsm2-cNC6UN/test-sub-intermediate-CA-trusted-certificate-0001-key-decrypted.pem 388s writing RSA key 388s + p11tool --provider=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so --write --load-privkey=/tmp/sssd-softhsm2-cNC6UN/test-sub-intermediate-CA-trusted-certificate-0001-key-decrypted.pem --login --set-pin=053350 --label 'Test Organization Sub Intermediate Trusted Certificate 0001 Key' --id 00112233445566778899FFAABBCCDDEEFF012345 388s + rm /tmp/sssd-softhsm2-cNC6UN/test-sub-intermediate-CA-trusted-certificate-0001-key-decrypted.pem 388s + p11tool --provider=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so --list-all 388s Object 0: 388s URL: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=d93ba498fc087492;token=Test%20Organization%20Sub%20Int%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Sub%20Intermediate%20Trusted%20Certificate%200001;type=cert 388s Type: X.509 Certificate (RSA-1024) 388s Expires: Fri Jan 9 12:10:07 2026 388s Label: Test Organization Sub Intermediate Trusted Certificate 0001 388s ID: 00:11:22:33:44:55:66:77:88:99:ff:aa:bb:cc:dd:ee:ff:01:23:45 388s 388s + echo 'Test Organization Sub Int Token' 388s + '[' -n '' ']' 388s + local output_base_name=SSSD-child-27340 388s + local output_file=/tmp/sssd-softhsm2-cNC6UN/SSSD-child-27340.output 388s + output_cert_file=/tmp/sssd-softhsm2-cNC6UN/SSSD-child-27340.pem 388s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so '' --ca_db=/tmp/sssd-softhsm2-cNC6UN/test-root-CA.pem 388s Test Organization Sub Int Token 388s [p11_child[3304]] [main] (0x0400): p11_child started. 388s [p11_child[3304]] [main] (0x2000): Running in [pre-auth] mode. 388s [p11_child[3304]] [main] (0x2000): Running with effective IDs: [0][0]. 388s [p11_child[3304]] [main] (0x2000): Running with real IDs [0][0]. 388s [p11_child[3304]] [do_card] (0x4000): Module List: 388s [p11_child[3304]] [do_card] (0x4000): common name: [softhsm2]. 388s [p11_child[3304]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 388s [p11_child[3304]] [do_card] (0x4000): Description [SoftHSM slot ID 0x7c087492] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 388s [p11_child[3304]] [do_card] (0x4000): Token label [Test Organization Sub Int Token]. 388s [p11_child[3304]] [do_card] (0x4000): Found [Test Organization Sub Int Token] in slot [SoftHSM slot ID 0x7c087492][2080928914] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 388s [p11_child[3304]] [do_card] (0x4000): Login NOT required. 388s [p11_child[3304]] [read_certs] (0x4000): found cert[Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] 388s [p11_child[3304]] [do_verification] (0x0040): X509_verify_cert failed [0]. 388s [p11_child[3304]] [do_verification] (0x0040): X509_verify_cert failed [20][unable to get local issuer certificate]. 388s [p11_child[3304]] [read_certs] (0x0040): Certificate [Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] not valid, skipping. 388s [p11_child[3304]] [do_card] (0x4000): No certificate found. 388s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-cNC6UN/SSSD-child-27340.output 388s + return 2 388s + invalid_certificate /tmp/sssd-softhsm2-cNC6UN/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-90 /tmp/sssd-softhsm2-cNC6UN/test-root-CA.pem partial_chain 388s + check_certificate /tmp/sssd-softhsm2-cNC6UN/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-90 /tmp/sssd-softhsm2-cNC6UN/test-root-CA.pem partial_chain 388s + local certificate=/tmp/sssd-softhsm2-cNC6UN/test-sub-intermediate-CA-trusted-certificate-0001.pem 388s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-90 388s + local key_ring=/tmp/sssd-softhsm2-cNC6UN/test-root-CA.pem 388s + local verify_option=partial_chain 388s + prepare_softhsm2_card /tmp/sssd-softhsm2-cNC6UN/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-90 388s + local certificate=/tmp/sssd-softhsm2-cNC6UN/test-sub-intermediate-CA-trusted-certificate-0001.pem 388s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-90 388s + local key_cn 388s + local key_name 388s + local tokens_dir 388s + local output_cert_file 388s + token_name= 388s ++ basename /tmp/sssd-softhsm2-cNC6UN/test-sub-intermediate-CA-trusted-certificate-0001.pem .pem 388s + key_name=test-sub-intermediate-CA-trusted-certificate-0001 388s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-cNC6UN/test-sub-intermediate-CA-trusted-certificate-0001.pem 388s ++ sed -n 's/ *commonName *= //p' 388s + key_cn='Test Organization Sub Intermediate Trusted Certificate 0001' 388s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 388s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-cNC6UN/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 388s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-cNC6UN/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 388s ++ basename /tmp/sssd-softhsm2-cNC6UN/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf .conf 388s Test Organization Sub Int Token 388s + tokens_dir=/tmp/sssd-softhsm2-cNC6UN/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 388s + token_name='Test Organization Sub Int Token' 388s + '[' '!' -e /tmp/sssd-softhsm2-cNC6UN/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf ']' 388s + '[' '!' -d /tmp/sssd-softhsm2-cNC6UN/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 ']' 388s + echo 'Test Organization Sub Int Token' 388s + '[' -n partial_chain ']' 388s + local verify_arg=--verify=partial_chain 388s + local output_base_name=SSSD-child-24060 388s + local output_file=/tmp/sssd-softhsm2-cNC6UN/SSSD-child-24060.output 388s + output_cert_file=/tmp/sssd-softhsm2-cNC6UN/SSSD-child-24060.pem 388s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so --verify=partial_chain --ca_db=/tmp/sssd-softhsm2-cNC6UN/test-root-CA.pem 388s [p11_child[3311]] [main] (0x0400): p11_child started. 388s [p11_child[3311]] [main] (0x2000): Running in [pre-auth] mode. 388s [p11_child[3311]] [main] (0x2000): Running with effective IDs: [0][0]. 388s [p11_child[3311]] [main] (0x2000): Running with real IDs [0][0]. 388s [p11_child[3311]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 388s [p11_child[3311]] [do_card] (0x4000): Module List: 388s [p11_child[3311]] [do_card] (0x4000): common name: [softhsm2]. 388s [p11_child[3311]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 388s [p11_child[3311]] [do_card] (0x4000): Description [SoftHSM slot ID 0x7c087492] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 388s [p11_child[3311]] [do_card] (0x4000): Token label [Test Organization Sub Int Token]. 388s [p11_child[3311]] [do_card] (0x4000): Found [Test Organization Sub Int Token] in slot [SoftHSM slot ID 0x7c087492][2080928914] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 388s [p11_child[3311]] [do_card] (0x4000): Login NOT required. 388s [p11_child[3311]] [read_certs] (0x4000): found cert[Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] 388s [p11_child[3311]] [do_verification] (0x0040): X509_verify_cert failed [0]. 388s [p11_child[3311]] [do_verification] (0x0040): X509_verify_cert failed [20][unable to get local issuer certificate]. 388s [p11_child[3311]] [read_certs] (0x0040): Certificate [Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] not valid, skipping. 388s [p11_child[3311]] [do_card] (0x4000): No certificate found. 388s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-cNC6UN/SSSD-child-24060.output 388s + return 2 388s + valid_certificate /tmp/sssd-softhsm2-cNC6UN/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-90 /tmp/sssd-softhsm2-cNC6UN/test-full-chain-CA.pem 388s + check_certificate /tmp/sssd-softhsm2-cNC6UN/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-90 /tmp/sssd-softhsm2-cNC6UN/test-full-chain-CA.pem 388s + local certificate=/tmp/sssd-softhsm2-cNC6UN/test-sub-intermediate-CA-trusted-certificate-0001.pem 388s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-90 388s + local key_ring=/tmp/sssd-softhsm2-cNC6UN/test-full-chain-CA.pem 388s + local verify_option= 388s + prepare_softhsm2_card /tmp/sssd-softhsm2-cNC6UN/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-90 388s + local certificate=/tmp/sssd-softhsm2-cNC6UN/test-sub-intermediate-CA-trusted-certificate-0001.pem 388s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-90 388s + local key_cn 388s + local key_name 388s + local tokens_dir 388s + local output_cert_file 388s + token_name= 388s ++ basename /tmp/sssd-softhsm2-cNC6UN/test-sub-intermediate-CA-trusted-certificate-0001.pem .pem 388s + key_name=test-sub-intermediate-CA-trusted-certificate-0001 388s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-cNC6UN/test-sub-intermediate-CA-trusted-certificate-0001.pem 388s ++ sed -n 's/ *commonName *= //p' 388s + key_cn='Test Organization Sub Intermediate Trusted Certificate 0001' 388s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 388s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-cNC6UN/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 388s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-cNC6UN/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 388s ++ basename /tmp/sssd-softhsm2-cNC6UN/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf .conf 388s Test Organization Sub Int Token 388s + tokens_dir=/tmp/sssd-softhsm2-cNC6UN/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 388s + token_name='Test Organization Sub Int Token' 388s + '[' '!' -e /tmp/sssd-softhsm2-cNC6UN/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf ']' 388s + '[' '!' -d /tmp/sssd-softhsm2-cNC6UN/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 ']' 388s + echo 'Test Organization Sub Int Token' 388s + '[' -n '' ']' 388s + local output_base_name=SSSD-child-23668 388s + local output_file=/tmp/sssd-softhsm2-cNC6UN/SSSD-child-23668.output 388s + output_cert_file=/tmp/sssd-softhsm2-cNC6UN/SSSD-child-23668.pem 388s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so '' --ca_db=/tmp/sssd-softhsm2-cNC6UN/test-full-chain-CA.pem 388s [p11_child[3318]] [main] (0x0400): p11_child started. 388s [p11_child[3318]] [main] (0x2000): Running in [pre-auth] mode. 388s [p11_child[3318]] [main] (0x2000): Running with effective IDs: [0][0]. 388s [p11_child[3318]] [main] (0x2000): Running with real IDs [0][0]. 388s [p11_child[3318]] [do_card] (0x4000): Module List: 388s [p11_child[3318]] [do_card] (0x4000): common name: [softhsm2]. 388s [p11_child[3318]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 388s [p11_child[3318]] [do_card] (0x4000): Description [SoftHSM slot ID 0x7c087492] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 388s [p11_child[3318]] [do_card] (0x4000): Token label [Test Organization Sub Int Token]. 388s [p11_child[3318]] [do_card] (0x4000): Found [Test Organization Sub Int Token] in slot [SoftHSM slot ID 0x7c087492][2080928914] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 388s [p11_child[3318]] [do_card] (0x4000): Login NOT required. 388s [p11_child[3318]] [read_certs] (0x4000): found cert[Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] 388s [p11_child[3318]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 388s [p11_child[3318]] [do_card] (0x4000): /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so (null) Test Organization Sub Int Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 388s [p11_child[3318]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x7c087492;slot-manufacturer=SoftHSM%20project;slot-id=2080928914;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=d93ba498fc087492;token=Test%20Organization%20Sub%20Int%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Sub%20Intermediate%20Trusted%20Certificate%200001;type=cert. 388s [p11_child[3318]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 388s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-cNC6UN/SSSD-child-23668.output 388s + echo '-----BEGIN CERTIFICATE-----' 388s + tail -n1 /tmp/sssd-softhsm2-cNC6UN/SSSD-child-23668.output 388s + echo '-----END CERTIFICATE-----' 388s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-cNC6UN/SSSD-child-23668.pem 388s Certificate: 388s Data: 388s Version: 3 (0x2) 388s Serial Number: 5 (0x5) 388s Signature Algorithm: sha256WithRSAEncryption 388s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate CA 388s Validity 388s Not Before: Jan 9 12:10:07 2025 GMT 388s Not After : Jan 9 12:10:07 2026 GMT 388s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate Trusted Certificate 0001 388s Subject Public Key Info: 388s Public Key Algorithm: rsaEncryption 388s Public-Key: (1024 bit) 388s Modulus: 388s 00:9b:3e:64:a4:1e:a6:1b:8c:68:12:3d:98:85:a0: 388s 26:2a:69:3e:97:8f:a0:58:fc:98:d1:bc:7c:4e:f8: 388s 80:93:d8:10:98:21:8a:95:14:60:1e:3d:c4:82:6c: 388s a8:78:ff:35:f0:06:9a:2b:11:1f:38:67:90:d9:73: 388s c5:93:0f:8b:4a:6e:38:23:b8:d1:f2:cd:54:c1:82: 388s 78:bc:f2:9c:ee:f0:37:04:23:58:bc:a8:b0:23:cb: 388s 49:18:90:1a:10:3f:ff:c3:7e:de:d3:8c:22:97:e4: 388s 47:9c:5e:2b:9e:c6:b0:fd:80:9c:42:8d:73:af:00: 388s 18:09:70:e4:60:3a:d0:d2:13 388s Exponent: 65537 (0x10001) 388s X509v3 extensions: 388s X509v3 Authority Key Identifier: 388s AB:27:67:54:F1:46:56:41:A3:1F:C6:9B:C6:2D:67:24:87:86:F2:30 388s X509v3 Basic Constraints: 388s CA:FALSE 388s Netscape Cert Type: 388s SSL Client, S/MIME 388s Netscape Comment: 388s Test Organization Sub Intermediate CA trusted Certificate 388s X509v3 Subject Key Identifier: 388s 89:E7:74:59:19:78:DD:C7:26:F9:05:49:DE:69:C5:F5:78:1A:4D:5E 388s X509v3 Key Usage: critical 388s Digital Signature, Non Repudiation, Key Encipherment 388s X509v3 Extended Key Usage: 388s TLS Web Client Authentication, E-mail Protection 388s X509v3 Subject Alternative Name: 388s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 388s Signature Algorithm: sha256WithRSAEncryption 388s Signature Value: 388s 4c:2d:af:ac:18:50:05:3e:ee:0a:0f:9c:c6:af:a7:1a:9d:c0: 388s 7a:5e:04:db:e5:31:08:26:97:13:be:f8:4c:df:3c:c6:e7:1e: 388s de:84:50:41:9b:03:a3:ff:c9:74:b2:a1:75:22:4e:eb:28:36: 388s aa:2a:da:d0:eb:1b:0c:8e:7a:85:b3:d8:44:d7:83:1b:7e:e7: 388s ea:9f:26:07:e0:71:d5:ee:17:a1:4c:6c:c7:65:02:70:70:13: 388s 47:09:38:ec:8a:6f:ca:9f:46:ab:6e:d1:a8:d1:3e:2b:1a:6c: 388s f8:d1:dd:e5:e7:5a:c7:e0:56:63:cc:e9:80:fd:4a:c7:00:7f: 388s 40:a0 388s + local found_md5 expected_md5 388s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-cNC6UN/test-sub-intermediate-CA-trusted-certificate-0001.pem 388s + expected_md5=Modulus=9B3E64A41EA61B8C68123D9885A0262A693E978FA058FC98D1BC7C4EF88093D81098218A9514601E3DC4826CA878FF35F0069A2B111F386790D973C5930F8B4A6E3823B8D1F2CD54C18278BCF29CEEF037042358BCA8B023CB4918901A103FFFC37EDED38C2297E4479C5E2B9EC6B0FD809C428D73AF00180970E4603AD0D213 388s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-cNC6UN/SSSD-child-23668.pem 388s + found_md5=Modulus=9B3E64A41EA61B8C68123D9885A0262A693E978FA058FC98D1BC7C4EF88093D81098218A9514601E3DC4826CA878FF35F0069A2B111F386790D973C5930F8B4A6E3823B8D1F2CD54C18278BCF29CEEF037042358BCA8B023CB4918901A103FFFC37EDED38C2297E4479C5E2B9EC6B0FD809C428D73AF00180970E4603AD0D213 388s + '[' Modulus=9B3E64A41EA61B8C68123D9885A0262A693E978FA058FC98D1BC7C4EF88093D81098218A9514601E3DC4826CA878FF35F0069A2B111F386790D973C5930F8B4A6E3823B8D1F2CD54C18278BCF29CEEF037042358BCA8B023CB4918901A103FFFC37EDED38C2297E4479C5E2B9EC6B0FD809C428D73AF00180970E4603AD0D213 '!=' Modulus=9B3E64A41EA61B8C68123D9885A0262A693E978FA058FC98D1BC7C4EF88093D81098218A9514601E3DC4826CA878FF35F0069A2B111F386790D973C5930F8B4A6E3823B8D1F2CD54C18278BCF29CEEF037042358BCA8B023CB4918901A103FFFC37EDED38C2297E4479C5E2B9EC6B0FD809C428D73AF00180970E4603AD0D213 ']' 388s + output_file=/tmp/sssd-softhsm2-cNC6UN/SSSD-child-23668-auth.output 388s ++ basename /tmp/sssd-softhsm2-cNC6UN/SSSD-child-23668-auth.output .output 388s + output_cert_file=/tmp/sssd-softhsm2-cNC6UN/SSSD-child-23668-auth.pem 388s + echo -n 053350 388s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/tmp/sssd-softhsm2-cNC6UN/test-full-chain-CA.pem --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 '' --token_name 'Test Organization Sub Int Token' --module_name /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so 388s [p11_child[3326]] [main] (0x0400): p11_child started. 388s [p11_child[3326]] [main] (0x2000): Running in [auth] mode. 388s [p11_child[3326]] [main] (0x2000): Running with effective IDs: [0][0]. 388s [p11_child[3326]] [main] (0x2000): Running with real IDs [0][0]. 388s [p11_child[3326]] [do_card] (0x4000): Module List: 388s [p11_child[3326]] [do_card] (0x4000): common name: [softhsm2]. 388s [p11_child[3326]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 388s [p11_child[3326]] [do_card] (0x4000): Description [SoftHSM slot ID 0x7c087492] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 388s [p11_child[3326]] [do_card] (0x4000): Token label [Test Organization Sub Int Token]. 388s [p11_child[3326]] [do_card] (0x4000): Found [Test Organization Sub Int Token] in slot [SoftHSM slot ID 0x7c087492][2080928914] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 388s [p11_child[3326]] [do_card] (0x4000): Login required. 388s [p11_child[3326]] [read_certs] (0x4000): found cert[Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] 388s [p11_child[3326]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 388s [p11_child[3326]] [do_card] (0x4000): /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so Test Organization Sub Int Token Test Organization Sub Int Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 388s [p11_child[3326]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x7c087492;slot-manufacturer=SoftHSM%20project;slot-id=2080928914;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=d93ba498fc087492;token=Test%20Organization%20Sub%20Int%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Sub%20Intermediate%20Trusted%20Certificate%200001;type=cert. 388s [p11_child[3326]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 388s [p11_child[3326]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 388s [p11_child[3326]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 388s [p11_child[3326]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 388s [p11_child[3326]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 388s [p11_child[3326]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 388s [p11_child[3326]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 388s [p11_child[3326]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 388s [p11_child[3326]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 388s [p11_child[3326]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 388s [p11_child[3326]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 388s [p11_child[3326]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 388s [p11_child[3326]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 388s [p11_child[3326]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 388s [p11_child[3326]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 388s [p11_child[3326]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 388s [p11_child[3326]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 388s [p11_child[3326]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 388s [p11_child[3326]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 388s [p11_child[3326]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 388s [p11_child[3326]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 388s [p11_child[3326]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 388s [p11_child[3326]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 388s [p11_child[3326]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 388s [p11_child[3326]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 388s [p11_child[3326]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 388s [p11_child[3326]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 388s [p11_child[3326]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 388s [p11_child[3326]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 388s [p11_child[3326]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 388s [p11_child[3326]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 388s [p11_child[3326]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 388s [p11_child[3326]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 388s [p11_child[3326]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 388s [p11_child[3326]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 388s [p11_child[3326]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 388s [p11_child[3326]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 388s [p11_child[3326]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 388s [p11_child[3326]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 388s [p11_child[3326]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 388s [p11_child[3326]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 388s [p11_child[3326]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 388s [p11_child[3326]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 388s [p11_child[3326]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 388s [p11_child[3326]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 388s [p11_child[3326]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 388s [p11_child[3326]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 388s [p11_child[3326]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 388s [p11_child[3326]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 388s [p11_child[3326]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 388s [p11_child[3326]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 388s [p11_child[3326]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 388s [p11_child[3326]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 388s [p11_child[3326]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 388s [p11_child[3326]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 388s [p11_child[3326]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 388s [p11_child[3326]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 388s [p11_child[3326]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 388s [p11_child[3326]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 388s [p11_child[3326]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 388s [p11_child[3326]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 388s [p11_child[3326]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 388s [p11_child[3326]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 388s [p11_child[3326]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 388s [p11_child[3326]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 388s [p11_child[3326]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 388s [p11_child[3326]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 388s [p11_child[3326]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 388s [p11_child[3326]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 388s [p11_child[3326]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 388s [p11_child[3326]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 388s [p11_child[3326]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 388s [p11_child[3326]] [do_card] (0x4000): Certificate verified and validated. 388s [p11_child[3326]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 388s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-cNC6UN/SSSD-child-23668-auth.output 388s + echo '-----BEGIN CERTIFICATE-----' 388s + tail -n1 /tmp/sssd-softhsm2-cNC6UN/SSSD-child-23668-auth.output 388s + echo '-----END CERTIFICATE-----' 388s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-cNC6UN/SSSD-child-23668-auth.pem 388s Certificate: 388s Data: 388s Version: 3 (0x2) 388s Serial Number: 5 (0x5) 388s Signature Algorithm: sha256WithRSAEncryption 388s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate CA 388s Validity 388s Not Before: Jan 9 12:10:07 2025 GMT 388s Not After : Jan 9 12:10:07 2026 GMT 388s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate Trusted Certificate 0001 388s Subject Public Key Info: 388s Public Key Algorithm: rsaEncryption 388s Public-Key: (1024 bit) 388s Modulus: 388s 00:9b:3e:64:a4:1e:a6:1b:8c:68:12:3d:98:85:a0: 388s 26:2a:69:3e:97:8f:a0:58:fc:98:d1:bc:7c:4e:f8: 388s 80:93:d8:10:98:21:8a:95:14:60:1e:3d:c4:82:6c: 388s a8:78:ff:35:f0:06:9a:2b:11:1f:38:67:90:d9:73: 388s c5:93:0f:8b:4a:6e:38:23:b8:d1:f2:cd:54:c1:82: 388s 78:bc:f2:9c:ee:f0:37:04:23:58:bc:a8:b0:23:cb: 388s 49:18:90:1a:10:3f:ff:c3:7e:de:d3:8c:22:97:e4: 388s 47:9c:5e:2b:9e:c6:b0:fd:80:9c:42:8d:73:af:00: 388s 18:09:70:e4:60:3a:d0:d2:13 388s Exponent: 65537 (0x10001) 388s X509v3 extensions: 388s X509v3 Authority Key Identifier: 388s AB:27:67:54:F1:46:56:41:A3:1F:C6:9B:C6:2D:67:24:87:86:F2:30 388s X509v3 Basic Constraints: 388s CA:FALSE 388s Netscape Cert Type: 388s SSL Client, S/MIME 388s Netscape Comment: 388s Test Organization Sub Intermediate CA trusted Certificate 388s X509v3 Subject Key Identifier: 388s 89:E7:74:59:19:78:DD:C7:26:F9:05:49:DE:69:C5:F5:78:1A:4D:5E 388s X509v3 Key Usage: critical 388s Digital Signature, Non Repudiation, Key Encipherment 388s X509v3 Extended Key Usage: 388s TLS Web Client Authentication, E-mail Protection 388s X509v3 Subject Alternative Name: 388s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 388s Signature Algorithm: sha256WithRSAEncryption 388s Signature Value: 388s 4c:2d:af:ac:18:50:05:3e:ee:0a:0f:9c:c6:af:a7:1a:9d:c0: 388s 7a:5e:04:db:e5:31:08:26:97:13:be:f8:4c:df:3c:c6:e7:1e: 388s de:84:50:41:9b:03:a3:ff:c9:74:b2:a1:75:22:4e:eb:28:36: 388s aa:2a:da:d0:eb:1b:0c:8e:7a:85:b3:d8:44:d7:83:1b:7e:e7: 388s ea:9f:26:07:e0:71:d5:ee:17:a1:4c:6c:c7:65:02:70:70:13: 388s 47:09:38:ec:8a:6f:ca:9f:46:ab:6e:d1:a8:d1:3e:2b:1a:6c: 388s f8:d1:dd:e5:e7:5a:c7:e0:56:63:cc:e9:80:fd:4a:c7:00:7f: 388s 40:a0 388s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-cNC6UN/SSSD-child-23668-auth.pem 388s + found_md5=Modulus=9B3E64A41EA61B8C68123D9885A0262A693E978FA058FC98D1BC7C4EF88093D81098218A9514601E3DC4826CA878FF35F0069A2B111F386790D973C5930F8B4A6E3823B8D1F2CD54C18278BCF29CEEF037042358BCA8B023CB4918901A103FFFC37EDED38C2297E4479C5E2B9EC6B0FD809C428D73AF00180970E4603AD0D213 388s + '[' Modulus=9B3E64A41EA61B8C68123D9885A0262A693E978FA058FC98D1BC7C4EF88093D81098218A9514601E3DC4826CA878FF35F0069A2B111F386790D973C5930F8B4A6E3823B8D1F2CD54C18278BCF29CEEF037042358BCA8B023CB4918901A103FFFC37EDED38C2297E4479C5E2B9EC6B0FD809C428D73AF00180970E4603AD0D213 '!=' Modulus=9B3E64A41EA61B8C68123D9885A0262A693E978FA058FC98D1BC7C4EF88093D81098218A9514601E3DC4826CA878FF35F0069A2B111F386790D973C5930F8B4A6E3823B8D1F2CD54C18278BCF29CEEF037042358BCA8B023CB4918901A103FFFC37EDED38C2297E4479C5E2B9EC6B0FD809C428D73AF00180970E4603AD0D213 ']' 388s + valid_certificate /tmp/sssd-softhsm2-cNC6UN/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-90 /tmp/sssd-softhsm2-cNC6UN/test-full-chain-CA.pem partial_chain 388s + check_certificate /tmp/sssd-softhsm2-cNC6UN/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-90 /tmp/sssd-softhsm2-cNC6UN/test-full-chain-CA.pem partial_chain 388s + local certificate=/tmp/sssd-softhsm2-cNC6UN/test-sub-intermediate-CA-trusted-certificate-0001.pem 388s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-90 388s + local key_ring=/tmp/sssd-softhsm2-cNC6UN/test-full-chain-CA.pem 388s + local verify_option=partial_chain 388s + prepare_softhsm2_card /tmp/sssd-softhsm2-cNC6UN/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-90 388s + local certificate=/tmp/sssd-softhsm2-cNC6UN/test-sub-intermediate-CA-trusted-certificate-0001.pem 388s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-90 388s + local key_cn 388s + local key_name 388s + local tokens_dir 388s + local output_cert_file 388s + token_name= 388s ++ basename /tmp/sssd-softhsm2-cNC6UN/test-sub-intermediate-CA-trusted-certificate-0001.pem .pem 388s + key_name=test-sub-intermediate-CA-trusted-certificate-0001 388s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-cNC6UN/test-sub-intermediate-CA-trusted-certificate-0001.pem 388s ++ sed -n 's/ *commonName *= //p' 388s + key_cn='Test Organization Sub Intermediate Trusted Certificate 0001' 388s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 388s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-cNC6UN/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 388s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-cNC6UN/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 388s ++ basename /tmp/sssd-softhsm2-cNC6UN/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf .conf 388s Test Organization Sub Int Token 388s + tokens_dir=/tmp/sssd-softhsm2-cNC6UN/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 388s + token_name='Test Organization Sub Int Token' 388s + '[' '!' -e /tmp/sssd-softhsm2-cNC6UN/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf ']' 388s + '[' '!' -d /tmp/sssd-softhsm2-cNC6UN/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 ']' 388s + echo 'Test Organization Sub Int Token' 388s + '[' -n partial_chain ']' 388s + local verify_arg=--verify=partial_chain 388s + local output_base_name=SSSD-child-15804 388s + local output_file=/tmp/sssd-softhsm2-cNC6UN/SSSD-child-15804.output 388s + output_cert_file=/tmp/sssd-softhsm2-cNC6UN/SSSD-child-15804.pem 388s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so --verify=partial_chain --ca_db=/tmp/sssd-softhsm2-cNC6UN/test-full-chain-CA.pem 388s [p11_child[3336]] [main] (0x0400): p11_child started. 388s [p11_child[3336]] [main] (0x2000): Running in [pre-auth] mode. 388s [p11_child[3336]] [main] (0x2000): Running with effective IDs: [0][0]. 388s [p11_child[3336]] [main] (0x2000): Running with real IDs [0][0]. 388s [p11_child[3336]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 388s [p11_child[3336]] [do_card] (0x4000): Module List: 388s [p11_child[3336]] [do_card] (0x4000): common name: [softhsm2]. 388s [p11_child[3336]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 388s [p11_child[3336]] [do_card] (0x4000): Description [SoftHSM slot ID 0x7c087492] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 388s [p11_child[3336]] [do_card] (0x4000): Token label [Test Organization Sub Int Token]. 388s [p11_child[3336]] [do_card] (0x4000): Found [Test Organization Sub Int Token] in slot [SoftHSM slot ID 0x7c087492][2080928914] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 388s [p11_child[3336]] [do_card] (0x4000): Login NOT required. 388s [p11_child[3336]] [read_certs] (0x4000): found cert[Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] 388s [p11_child[3336]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 388s [p11_child[3336]] [do_card] (0x4000): /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so (null) Test Organization Sub Int Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 388s [p11_child[3336]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x7c087492;slot-manufacturer=SoftHSM%20project;slot-id=2080928914;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=d93ba498fc087492;token=Test%20Organization%20Sub%20Int%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Sub%20Intermediate%20Trusted%20Certificate%200001;type=cert. 388s [p11_child[3336]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 388s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-cNC6UN/SSSD-child-15804.output 388s + echo '-----BEGIN CERTIFICATE-----' 388s + tail -n1 /tmp/sssd-softhsm2-cNC6UN/SSSD-child-15804.output 388s + echo '-----END CERTIFICATE-----' 388s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-cNC6UN/SSSD-child-15804.pem 388s Certificate: 388s Data: 388s Version: 3 (0x2) 388s Serial Number: 5 (0x5) 388s Signature Algorithm: sha256WithRSAEncryption 388s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate CA 388s Validity 388s Not Before: Jan 9 12:10:07 2025 GMT 388s Not After : Jan 9 12:10:07 2026 GMT 388s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate Trusted Certificate 0001 388s Subject Public Key Info: 388s Public Key Algorithm: rsaEncryption 388s Public-Key: (1024 bit) 388s Modulus: 388s 00:9b:3e:64:a4:1e:a6:1b:8c:68:12:3d:98:85:a0: 388s 26:2a:69:3e:97:8f:a0:58:fc:98:d1:bc:7c:4e:f8: 388s 80:93:d8:10:98:21:8a:95:14:60:1e:3d:c4:82:6c: 388s a8:78:ff:35:f0:06:9a:2b:11:1f:38:67:90:d9:73: 388s c5:93:0f:8b:4a:6e:38:23:b8:d1:f2:cd:54:c1:82: 388s 78:bc:f2:9c:ee:f0:37:04:23:58:bc:a8:b0:23:cb: 388s 49:18:90:1a:10:3f:ff:c3:7e:de:d3:8c:22:97:e4: 388s 47:9c:5e:2b:9e:c6:b0:fd:80:9c:42:8d:73:af:00: 388s 18:09:70:e4:60:3a:d0:d2:13 388s Exponent: 65537 (0x10001) 388s X509v3 extensions: 388s X509v3 Authority Key Identifier: 388s AB:27:67:54:F1:46:56:41:A3:1F:C6:9B:C6:2D:67:24:87:86:F2:30 388s X509v3 Basic Constraints: 388s CA:FALSE 388s Netscape Cert Type: 388s SSL Client, S/MIME 388s Netscape Comment: 388s Test Organization Sub Intermediate CA trusted Certificate 388s X509v3 Subject Key Identifier: 388s 89:E7:74:59:19:78:DD:C7:26:F9:05:49:DE:69:C5:F5:78:1A:4D:5E 388s X509v3 Key Usage: critical 388s Digital Signature, Non Repudiation, Key Encipherment 388s X509v3 Extended Key Usage: 388s TLS Web Client Authentication, E-mail Protection 388s X509v3 Subject Alternative Name: 388s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 388s Signature Algorithm: sha256WithRSAEncryption 388s Signature Value: 388s 4c:2d:af:ac:18:50:05:3e:ee:0a:0f:9c:c6:af:a7:1a:9d:c0: 388s 7a:5e:04:db:e5:31:08:26:97:13:be:f8:4c:df:3c:c6:e7:1e: 388s de:84:50:41:9b:03:a3:ff:c9:74:b2:a1:75:22:4e:eb:28:36: 388s aa:2a:da:d0:eb:1b:0c:8e:7a:85:b3:d8:44:d7:83:1b:7e:e7: 388s ea:9f:26:07:e0:71:d5:ee:17:a1:4c:6c:c7:65:02:70:70:13: 388s 47:09:38:ec:8a:6f:ca:9f:46:ab:6e:d1:a8:d1:3e:2b:1a:6c: 388s f8:d1:dd:e5:e7:5a:c7:e0:56:63:cc:e9:80:fd:4a:c7:00:7f: 388s 40:a0 388s + local found_md5 expected_md5 388s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-cNC6UN/test-sub-intermediate-CA-trusted-certificate-0001.pem 388s + expected_md5=Modulus=9B3E64A41EA61B8C68123D9885A0262A693E978FA058FC98D1BC7C4EF88093D81098218A9514601E3DC4826CA878FF35F0069A2B111F386790D973C5930F8B4A6E3823B8D1F2CD54C18278BCF29CEEF037042358BCA8B023CB4918901A103FFFC37EDED38C2297E4479C5E2B9EC6B0FD809C428D73AF00180970E4603AD0D213 388s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-cNC6UN/SSSD-child-15804.pem 388s + found_md5=Modulus=9B3E64A41EA61B8C68123D9885A0262A693E978FA058FC98D1BC7C4EF88093D81098218A9514601E3DC4826CA878FF35F0069A2B111F386790D973C5930F8B4A6E3823B8D1F2CD54C18278BCF29CEEF037042358BCA8B023CB4918901A103FFFC37EDED38C2297E4479C5E2B9EC6B0FD809C428D73AF00180970E4603AD0D213 388s + '[' Modulus=9B3E64A41EA61B8C68123D9885A0262A693E978FA058FC98D1BC7C4EF88093D81098218A9514601E3DC4826CA878FF35F0069A2B111F386790D973C5930F8B4A6E3823B8D1F2CD54C18278BCF29CEEF037042358BCA8B023CB4918901A103FFFC37EDED38C2297E4479C5E2B9EC6B0FD809C428D73AF00180970E4603AD0D213 '!=' Modulus=9B3E64A41EA61B8C68123D9885A0262A693E978FA058FC98D1BC7C4EF88093D81098218A9514601E3DC4826CA878FF35F0069A2B111F386790D973C5930F8B4A6E3823B8D1F2CD54C18278BCF29CEEF037042358BCA8B023CB4918901A103FFFC37EDED38C2297E4479C5E2B9EC6B0FD809C428D73AF00180970E4603AD0D213 ']' 388s + output_file=/tmp/sssd-softhsm2-cNC6UN/SSSD-child-15804-auth.output 388s ++ basename /tmp/sssd-softhsm2-cNC6UN/SSSD-child-15804-auth.output .output 388s + output_cert_file=/tmp/sssd-softhsm2-cNC6UN/SSSD-child-15804-auth.pem 388s + echo -n 053350 388s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/tmp/sssd-softhsm2-cNC6UN/test-full-chain-CA.pem --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 --verify=partial_chain --token_name 'Test Organization Sub Int Token' --module_name /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so 388s [p11_child[3344]] [main] (0x0400): p11_child started. 388s [p11_child[3344]] [main] (0x2000): Running in [auth] mode. 388s [p11_child[3344]] [main] (0x2000): Running with effective IDs: [0][0]. 388s [p11_child[3344]] [main] (0x2000): Running with real IDs [0][0]. 388s [p11_child[3344]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 388s [p11_child[3344]] [do_card] (0x4000): Module List: 388s [p11_child[3344]] [do_card] (0x4000): common name: [softhsm2]. 388s [p11_child[3344]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 388s [p11_child[3344]] [do_card] (0x4000): Description [SoftHSM slot ID 0x7c087492] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 388s [p11_child[3344]] [do_card] (0x4000): Token label [Test Organization Sub Int Token]. 388s [p11_child[3344]] [do_card] (0x4000): Found [Test Organization Sub Int Token] in slot [SoftHSM slot ID 0x7c087492][2080928914] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 388s [p11_child[3344]] [do_card] (0x4000): Login required. 388s [p11_child[3344]] [read_certs] (0x4000): found cert[Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] 388s [p11_child[3344]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 388s [p11_child[3344]] [do_card] (0x4000): /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so Test Organization Sub Int Token Test Organization Sub Int Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 388s [p11_child[3344]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x7c087492;slot-manufacturer=SoftHSM%20project;slot-id=2080928914;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=d93ba498fc087492;token=Test%20Organization%20Sub%20Int%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Sub%20Intermediate%20Trusted%20Certificate%200001;type=cert. 388s [p11_child[3344]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 388s [p11_child[3344]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 388s [p11_child[3344]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 388s [p11_child[3344]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 388s [p11_child[3344]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 388s [p11_child[3344]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 388s [p11_child[3344]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 388s [p11_child[3344]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 388s [p11_child[3344]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 388s [p11_child[3344]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 388s [p11_child[3344]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 388s [p11_child[3344]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 388s [p11_child[3344]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 388s [p11_child[3344]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 388s [p11_child[3344]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 388s [p11_child[3344]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 388s [p11_child[3344]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 388s [p11_child[3344]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 388s [p11_child[3344]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 388s [p11_child[3344]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 388s [p11_child[3344]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 388s [p11_child[3344]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 388s [p11_child[3344]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 388s [p11_child[3344]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 388s [p11_child[3344]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 388s [p11_child[3344]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 388s [p11_child[3344]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 388s [p11_child[3344]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 388s [p11_child[3344]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 388s [p11_child[3344]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 388s [p11_child[3344]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 388s [p11_child[3344]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 388s [p11_child[3344]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 388s [p11_child[3344]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 388s [p11_child[3344]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 388s [p11_child[3344]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 388s [p11_child[3344]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 388s [p11_child[3344]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 388s [p11_child[3344]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 388s [p11_child[3344]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 388s [p11_child[3344]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 388s [p11_child[3344]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 388s [p11_child[3344]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 388s [p11_child[3344]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 388s [p11_child[3344]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 388s [p11_child[3344]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 388s [p11_child[3344]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 388s [p11_child[3344]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 388s [p11_child[3344]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 388s [p11_child[3344]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 388s [p11_child[3344]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 388s [p11_child[3344]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 388s [p11_child[3344]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 388s [p11_child[3344]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 388s [p11_child[3344]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 388s [p11_child[3344]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 388s [p11_child[3344]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 388s [p11_child[3344]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 388s [p11_child[3344]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 388s [p11_child[3344]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 388s [p11_child[3344]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 388s [p11_child[3344]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 388s [p11_child[3344]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 388s [p11_child[3344]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 388s [p11_child[3344]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 388s [p11_child[3344]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 388s [p11_child[3344]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 388s [p11_child[3344]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 388s [p11_child[3344]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 388s [p11_child[3344]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 388s [p11_child[3344]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 388s [p11_child[3344]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 388s [p11_child[3344]] [do_card] (0x4000): Certificate verified and validated. 388s [p11_child[3344]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 388s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-cNC6UN/SSSD-child-15804-auth.output 388s + echo '-----BEGIN CERTIFICATE-----' 388s + tail -n1 /tmp/sssd-softhsm2-cNC6UN/SSSD-child-15804-auth.output 388s + echo '-----END CERTIFICATE-----' 388s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-cNC6UN/SSSD-child-15804-auth.pem 388s Certificate: 388s Data: 388s Version: 3 (0x2) 388s Serial Number: 5 (0x5) 388s Signature Algorithm: sha256WithRSAEncryption 388s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate CA 388s Validity 388s Not Before: Jan 9 12:10:07 2025 GMT 388s Not After : Jan 9 12:10:07 2026 GMT 388s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate Trusted Certificate 0001 388s Subject Public Key Info: 388s Public Key Algorithm: rsaEncryption 388s Public-Key: (1024 bit) 388s Modulus: 388s 00:9b:3e:64:a4:1e:a6:1b:8c:68:12:3d:98:85:a0: 388s 26:2a:69:3e:97:8f:a0:58:fc:98:d1:bc:7c:4e:f8: 388s 80:93:d8:10:98:21:8a:95:14:60:1e:3d:c4:82:6c: 388s a8:78:ff:35:f0:06:9a:2b:11:1f:38:67:90:d9:73: 388s c5:93:0f:8b:4a:6e:38:23:b8:d1:f2:cd:54:c1:82: 388s 78:bc:f2:9c:ee:f0:37:04:23:58:bc:a8:b0:23:cb: 388s 49:18:90:1a:10:3f:ff:c3:7e:de:d3:8c:22:97:e4: 388s 47:9c:5e:2b:9e:c6:b0:fd:80:9c:42:8d:73:af:00: 388s 18:09:70:e4:60:3a:d0:d2:13 388s Exponent: 65537 (0x10001) 388s X509v3 extensions: 388s X509v3 Authority Key Identifier: 388s AB:27:67:54:F1:46:56:41:A3:1F:C6:9B:C6:2D:67:24:87:86:F2:30 388s X509v3 Basic Constraints: 388s CA:FALSE 388s Netscape Cert Type: 388s SSL Client, S/MIME 388s Netscape Comment: 388s Test Organization Sub Intermediate CA trusted Certificate 388s X509v3 Subject Key Identifier: 388s 89:E7:74:59:19:78:DD:C7:26:F9:05:49:DE:69:C5:F5:78:1A:4D:5E 388s X509v3 Key Usage: critical 388s Digital Signature, Non Repudiation, Key Encipherment 388s X509v3 Extended Key Usage: 388s TLS Web Client Authentication, E-mail Protection 388s X509v3 Subject Alternative Name: 388s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 388s Signature Algorithm: sha256WithRSAEncryption 388s Signature Value: 388s 4c:2d:af:ac:18:50:05:3e:ee:0a:0f:9c:c6:af:a7:1a:9d:c0: 388s 7a:5e:04:db:e5:31:08:26:97:13:be:f8:4c:df:3c:c6:e7:1e: 388s de:84:50:41:9b:03:a3:ff:c9:74:b2:a1:75:22:4e:eb:28:36: 388s aa:2a:da:d0:eb:1b:0c:8e:7a:85:b3:d8:44:d7:83:1b:7e:e7: 388s ea:9f:26:07:e0:71:d5:ee:17:a1:4c:6c:c7:65:02:70:70:13: 388s 47:09:38:ec:8a:6f:ca:9f:46:ab:6e:d1:a8:d1:3e:2b:1a:6c: 388s f8:d1:dd:e5:e7:5a:c7:e0:56:63:cc:e9:80:fd:4a:c7:00:7f: 388s 40:a0 388s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-cNC6UN/SSSD-child-15804-auth.pem 389s + found_md5=Modulus=9B3E64A41EA61B8C68123D9885A0262A693E978FA058FC98D1BC7C4EF88093D81098218A9514601E3DC4826CA878FF35F0069A2B111F386790D973C5930F8B4A6E3823B8D1F2CD54C18278BCF29CEEF037042358BCA8B023CB4918901A103FFFC37EDED38C2297E4479C5E2B9EC6B0FD809C428D73AF00180970E4603AD0D213 389s + '[' Modulus=9B3E64A41EA61B8C68123D9885A0262A693E978FA058FC98D1BC7C4EF88093D81098218A9514601E3DC4826CA878FF35F0069A2B111F386790D973C5930F8B4A6E3823B8D1F2CD54C18278BCF29CEEF037042358BCA8B023CB4918901A103FFFC37EDED38C2297E4479C5E2B9EC6B0FD809C428D73AF00180970E4603AD0D213 '!=' Modulus=9B3E64A41EA61B8C68123D9885A0262A693E978FA058FC98D1BC7C4EF88093D81098218A9514601E3DC4826CA878FF35F0069A2B111F386790D973C5930F8B4A6E3823B8D1F2CD54C18278BCF29CEEF037042358BCA8B023CB4918901A103FFFC37EDED38C2297E4479C5E2B9EC6B0FD809C428D73AF00180970E4603AD0D213 ']' 389s + invalid_certificate /tmp/sssd-softhsm2-cNC6UN/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-90 /tmp/sssd-softhsm2-cNC6UN/test-sub-intermediate-CA.pem 389s + check_certificate /tmp/sssd-softhsm2-cNC6UN/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-90 /tmp/sssd-softhsm2-cNC6UN/test-sub-intermediate-CA.pem 389s + local certificate=/tmp/sssd-softhsm2-cNC6UN/test-sub-intermediate-CA-trusted-certificate-0001.pem 389s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-90 389s + local key_ring=/tmp/sssd-softhsm2-cNC6UN/test-sub-intermediate-CA.pem 389s + local verify_option= 389s + prepare_softhsm2_card /tmp/sssd-softhsm2-cNC6UN/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-90 389s + local certificate=/tmp/sssd-softhsm2-cNC6UN/test-sub-intermediate-CA-trusted-certificate-0001.pem 389s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-90 389s + local key_cn 389s + local key_name 389s + local tokens_dir 389s + local output_cert_file 389s + token_name= 389s ++ basename /tmp/sssd-softhsm2-cNC6UN/test-sub-intermediate-CA-trusted-certificate-0001.pem .pem 389s + key_name=test-sub-intermediate-CA-trusted-certificate-0001 389s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-cNC6UN/test-sub-intermediate-CA-trusted-certificate-0001.pem 389s ++ sed -n 's/ *commonName *= //p' 389s + key_cn='Test Organization Sub Intermediate Trusted Certificate 0001' 389s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 389s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-cNC6UN/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 389s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-cNC6UN/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 389s ++ basename /tmp/sssd-softhsm2-cNC6UN/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf .conf 389s + tokens_dir=/tmp/sssd-softhsm2-cNC6UN/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 389s + token_name='Test Organization Sub Int Token' 389s + '[' '!' -e /tmp/sssd-softhsm2-cNC6UN/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf ']' 389s Test Organization Sub Int Token 389s + '[' '!' -d /tmp/sssd-softhsm2-cNC6UN/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 ']' 389s + echo 'Test Organization Sub Int Token' 389s + '[' -n '' ']' 389s + local output_base_name=SSSD-child-16960 389s + local output_file=/tmp/sssd-softhsm2-cNC6UN/SSSD-child-16960.output 389s + output_cert_file=/tmp/sssd-softhsm2-cNC6UN/SSSD-child-16960.pem 389s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so '' --ca_db=/tmp/sssd-softhsm2-cNC6UN/test-sub-intermediate-CA.pem 389s [p11_child[3354]] [main] (0x0400): p11_child started. 389s [p11_child[3354]] [main] (0x2000): Running in [pre-auth] mode. 389s [p11_child[3354]] [main] (0x2000): Running with effective IDs: [0][0]. 389s [p11_child[3354]] [main] (0x2000): Running with real IDs [0][0]. 389s [p11_child[3354]] [do_card] (0x4000): Module List: 389s [p11_child[3354]] [do_card] (0x4000): common name: [softhsm2]. 389s [p11_child[3354]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 389s [p11_child[3354]] [do_card] (0x4000): Description [SoftHSM slot ID 0x7c087492] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 389s [p11_child[3354]] [do_card] (0x4000): Token label [Test Organization Sub Int Token]. 389s [p11_child[3354]] [do_card] (0x4000): Found [Test Organization Sub Int Token] in slot [SoftHSM slot ID 0x7c087492][2080928914] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 389s [p11_child[3354]] [do_card] (0x4000): Login NOT required. 389s [p11_child[3354]] [read_certs] (0x4000): found cert[Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] 389s [p11_child[3354]] [do_verification] (0x0040): X509_verify_cert failed [0]. 389s [p11_child[3354]] [do_verification] (0x0040): X509_verify_cert failed [2][unable to get issuer certificate]. 389s [p11_child[3354]] [read_certs] (0x0040): Certificate [Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] not valid, skipping. 389s [p11_child[3354]] [do_card] (0x4000): No certificate found. 389s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-cNC6UN/SSSD-child-16960.output 389s + return 2 389s + invalid_certificate /tmp/sssd-softhsm2-cNC6UN/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-90 /tmp/sssd-softhsm2-cNC6UN/test-root-intermediate-chain-CA.pem partial_chain 389s + check_certificate /tmp/sssd-softhsm2-cNC6UN/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-90 /tmp/sssd-softhsm2-cNC6UN/test-root-intermediate-chain-CA.pem partial_chain 389s + local certificate=/tmp/sssd-softhsm2-cNC6UN/test-sub-intermediate-CA-trusted-certificate-0001.pem 389s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-90 389s + local key_ring=/tmp/sssd-softhsm2-cNC6UN/test-root-intermediate-chain-CA.pem 389s + local verify_option=partial_chain 389s + prepare_softhsm2_card /tmp/sssd-softhsm2-cNC6UN/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-90 389s + local certificate=/tmp/sssd-softhsm2-cNC6UN/test-sub-intermediate-CA-trusted-certificate-0001.pem 389s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-90 389s + local key_cn 389s + local key_name 389s + local tokens_dir 389s + local output_cert_file 389s + token_name= 389s ++ basename /tmp/sssd-softhsm2-cNC6UN/test-sub-intermediate-CA-trusted-certificate-0001.pem .pem 389s + key_name=test-sub-intermediate-CA-trusted-certificate-0001 389s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-cNC6UN/test-sub-intermediate-CA-trusted-certificate-0001.pem 389s ++ sed -n 's/ *commonName *= //p' 389s + key_cn='Test Organization Sub Intermediate Trusted Certificate 0001' 389s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 389s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-cNC6UN/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 389s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-cNC6UN/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 389s ++ basename /tmp/sssd-softhsm2-cNC6UN/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf .conf 389s Test Organization Sub Int Token 389s + tokens_dir=/tmp/sssd-softhsm2-cNC6UN/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 389s + token_name='Test Organization Sub Int Token' 389s + '[' '!' -e /tmp/sssd-softhsm2-cNC6UN/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf ']' 389s + '[' '!' -d /tmp/sssd-softhsm2-cNC6UN/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 ']' 389s + echo 'Test Organization Sub Int Token' 389s + '[' -n partial_chain ']' 389s + local verify_arg=--verify=partial_chain 389s + local output_base_name=SSSD-child-6729 389s + local output_file=/tmp/sssd-softhsm2-cNC6UN/SSSD-child-6729.output 389s + output_cert_file=/tmp/sssd-softhsm2-cNC6UN/SSSD-child-6729.pem 389s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so --verify=partial_chain --ca_db=/tmp/sssd-softhsm2-cNC6UN/test-root-intermediate-chain-CA.pem 389s [p11_child[3361]] [main] (0x0400): p11_child started. 389s [p11_child[3361]] [main] (0x2000): Running in [pre-auth] mode. 389s [p11_child[3361]] [main] (0x2000): Running with effective IDs: [0][0]. 389s [p11_child[3361]] [main] (0x2000): Running with real IDs [0][0]. 389s [p11_child[3361]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 389s [p11_child[3361]] [do_card] (0x4000): Module List: 389s [p11_child[3361]] [do_card] (0x4000): common name: [softhsm2]. 389s [p11_child[3361]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 389s [p11_child[3361]] [do_card] (0x4000): Description [SoftHSM slot ID 0x7c087492] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 389s [p11_child[3361]] [do_card] (0x4000): Token label [Test Organization Sub Int Token]. 389s [p11_child[3361]] [do_card] (0x4000): Found [Test Organization Sub Int Token] in slot [SoftHSM slot ID 0x7c087492][2080928914] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 389s [p11_child[3361]] [do_card] (0x4000): Login NOT required. 389s [p11_child[3361]] [read_certs] (0x4000): found cert[Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] 389s [p11_child[3361]] [do_verification] (0x0040): X509_verify_cert failed [0]. 389s [p11_child[3361]] [do_verification] (0x0040): X509_verify_cert failed [20][unable to get local issuer certificate]. 389s [p11_child[3361]] [read_certs] (0x0040): Certificate [Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] not valid, skipping. 389s [p11_child[3361]] [do_card] (0x4000): No certificate found. 389s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-cNC6UN/SSSD-child-6729.output 389s + return 2 389s + valid_certificate /tmp/sssd-softhsm2-cNC6UN/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-90 /tmp/sssd-softhsm2-cNC6UN/test-sub-intermediate-CA.pem partial_chain 389s + check_certificate /tmp/sssd-softhsm2-cNC6UN/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-90 /tmp/sssd-softhsm2-cNC6UN/test-sub-intermediate-CA.pem partial_chain 389s + local certificate=/tmp/sssd-softhsm2-cNC6UN/test-sub-intermediate-CA-trusted-certificate-0001.pem 389s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-90 389s + local key_ring=/tmp/sssd-softhsm2-cNC6UN/test-sub-intermediate-CA.pem 389s + local verify_option=partial_chain 389s + prepare_softhsm2_card /tmp/sssd-softhsm2-cNC6UN/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-90 389s + local certificate=/tmp/sssd-softhsm2-cNC6UN/test-sub-intermediate-CA-trusted-certificate-0001.pem 389s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-90 389s + local key_cn 389s + local key_name 389s + local tokens_dir 389s + local output_cert_file 389s + token_name= 389s ++ basename /tmp/sssd-softhsm2-cNC6UN/test-sub-intermediate-CA-trusted-certificate-0001.pem .pem 389s + key_name=test-sub-intermediate-CA-trusted-certificate-0001 389s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-cNC6UN/test-sub-intermediate-CA-trusted-certificate-0001.pem 389s ++ sed -n 's/ *commonName *= //p' 389s + key_cn='Test Organization Sub Intermediate Trusted Certificate 0001' 389s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 389s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-cNC6UN/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 389s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-cNC6UN/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 389s ++ basename /tmp/sssd-softhsm2-cNC6UN/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf .conf 389s + tokens_dir=/tmp/sssd-softhsm2-cNC6UN/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 389s + token_name='Test Organization Sub Int Token' 389s + '[' '!' -e /tmp/sssd-softhsm2-cNC6UN/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf ']' 389s + '[' '!' -d /tmp/sssd-softhsm2-cNC6UN/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 ']' 389s + echo 'Test Organization Sub Int Token' 389s Test Organization Sub Int Token 389s + '[' -n partial_chain ']' 389s + local verify_arg=--verify=partial_chain 389s + local output_base_name=SSSD-child-32342 389s + local output_file=/tmp/sssd-softhsm2-cNC6UN/SSSD-child-32342.output 389s + output_cert_file=/tmp/sssd-softhsm2-cNC6UN/SSSD-child-32342.pem 389s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so --verify=partial_chain --ca_db=/tmp/sssd-softhsm2-cNC6UN/test-sub-intermediate-CA.pem 389s [p11_child[3368]] [main] (0x0400): p11_child started. 389s [p11_child[3368]] [main] (0x2000): Running in [pre-auth] mode. 389s [p11_child[3368]] [main] (0x2000): Running with effective IDs: [0][0]. 389s [p11_child[3368]] [main] (0x2000): Running with real IDs [0][0]. 389s [p11_child[3368]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 389s [p11_child[3368]] [do_card] (0x4000): Module List: 389s [p11_child[3368]] [do_card] (0x4000): common name: [softhsm2]. 389s [p11_child[3368]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 389s [p11_child[3368]] [do_card] (0x4000): Description [SoftHSM slot ID 0x7c087492] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 389s [p11_child[3368]] [do_card] (0x4000): Token label [Test Organization Sub Int Token]. 389s [p11_child[3368]] [do_card] (0x4000): Found [Test Organization Sub Int Token] in slot [SoftHSM slot ID 0x7c087492][2080928914] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 389s [p11_child[3368]] [do_card] (0x4000): Login NOT required. 389s [p11_child[3368]] [read_certs] (0x4000): found cert[Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] 389s [p11_child[3368]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 389s [p11_child[3368]] [do_card] (0x4000): /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so (null) Test Organization Sub Int Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 389s [p11_child[3368]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x7c087492;slot-manufacturer=SoftHSM%20project;slot-id=2080928914;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=d93ba498fc087492;token=Test%20Organization%20Sub%20Int%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Sub%20Intermediate%20Trusted%20Certificate%200001;type=cert. 389s [p11_child[3368]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 389s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-cNC6UN/SSSD-child-32342.output 389s + echo '-----BEGIN CERTIFICATE-----' 389s + tail -n1 /tmp/sssd-softhsm2-cNC6UN/SSSD-child-32342.output 389s + echo '-----END CERTIFICATE-----' 389s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-cNC6UN/SSSD-child-32342.pem 389s Certificate: 389s Data: 389s Version: 3 (0x2) 389s Serial Number: 5 (0x5) 389s Signature Algorithm: sha256WithRSAEncryption 389s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate CA 389s Validity 389s Not Before: Jan 9 12:10:07 2025 GMT 389s Not After : Jan 9 12:10:07 2026 GMT 389s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate Trusted Certificate 0001 389s Subject Public Key Info: 389s Public Key Algorithm: rsaEncryption 389s Public-Key: (1024 bit) 389s Modulus: 389s 00:9b:3e:64:a4:1e:a6:1b:8c:68:12:3d:98:85:a0: 389s 26:2a:69:3e:97:8f:a0:58:fc:98:d1:bc:7c:4e:f8: 389s 80:93:d8:10:98:21:8a:95:14:60:1e:3d:c4:82:6c: 389s a8:78:ff:35:f0:06:9a:2b:11:1f:38:67:90:d9:73: 389s c5:93:0f:8b:4a:6e:38:23:b8:d1:f2:cd:54:c1:82: 389s 78:bc:f2:9c:ee:f0:37:04:23:58:bc:a8:b0:23:cb: 389s 49:18:90:1a:10:3f:ff:c3:7e:de:d3:8c:22:97:e4: 389s 47:9c:5e:2b:9e:c6:b0:fd:80:9c:42:8d:73:af:00: 389s 18:09:70:e4:60:3a:d0:d2:13 389s Exponent: 65537 (0x10001) 389s X509v3 extensions: 389s X509v3 Authority Key Identifier: 389s AB:27:67:54:F1:46:56:41:A3:1F:C6:9B:C6:2D:67:24:87:86:F2:30 389s X509v3 Basic Constraints: 389s CA:FALSE 389s Netscape Cert Type: 389s SSL Client, S/MIME 389s Netscape Comment: 389s Test Organization Sub Intermediate CA trusted Certificate 389s X509v3 Subject Key Identifier: 389s 89:E7:74:59:19:78:DD:C7:26:F9:05:49:DE:69:C5:F5:78:1A:4D:5E 389s X509v3 Key Usage: critical 389s Digital Signature, Non Repudiation, Key Encipherment 389s X509v3 Extended Key Usage: 389s TLS Web Client Authentication, E-mail Protection 389s X509v3 Subject Alternative Name: 389s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 389s Signature Algorithm: sha256WithRSAEncryption 389s Signature Value: 389s 4c:2d:af:ac:18:50:05:3e:ee:0a:0f:9c:c6:af:a7:1a:9d:c0: 389s 7a:5e:04:db:e5:31:08:26:97:13:be:f8:4c:df:3c:c6:e7:1e: 389s de:84:50:41:9b:03:a3:ff:c9:74:b2:a1:75:22:4e:eb:28:36: 389s aa:2a:da:d0:eb:1b:0c:8e:7a:85:b3:d8:44:d7:83:1b:7e:e7: 389s ea:9f:26:07:e0:71:d5:ee:17:a1:4c:6c:c7:65:02:70:70:13: 389s 47:09:38:ec:8a:6f:ca:9f:46:ab:6e:d1:a8:d1:3e:2b:1a:6c: 389s f8:d1:dd:e5:e7:5a:c7:e0:56:63:cc:e9:80:fd:4a:c7:00:7f: 389s 40:a0 389s + local found_md5 expected_md5 389s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-cNC6UN/test-sub-intermediate-CA-trusted-certificate-0001.pem 389s + expected_md5=Modulus=9B3E64A41EA61B8C68123D9885A0262A693E978FA058FC98D1BC7C4EF88093D81098218A9514601E3DC4826CA878FF35F0069A2B111F386790D973C5930F8B4A6E3823B8D1F2CD54C18278BCF29CEEF037042358BCA8B023CB4918901A103FFFC37EDED38C2297E4479C5E2B9EC6B0FD809C428D73AF00180970E4603AD0D213 389s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-cNC6UN/SSSD-child-32342.pem 389s + found_md5=Modulus=9B3E64A41EA61B8C68123D9885A0262A693E978FA058FC98D1BC7C4EF88093D81098218A9514601E3DC4826CA878FF35F0069A2B111F386790D973C5930F8B4A6E3823B8D1F2CD54C18278BCF29CEEF037042358BCA8B023CB4918901A103FFFC37EDED38C2297E4479C5E2B9EC6B0FD809C428D73AF00180970E4603AD0D213 389s + '[' Modulus=9B3E64A41EA61B8C68123D9885A0262A693E978FA058FC98D1BC7C4EF88093D81098218A9514601E3DC4826CA878FF35F0069A2B111F386790D973C5930F8B4A6E3823B8D1F2CD54C18278BCF29CEEF037042358BCA8B023CB4918901A103FFFC37EDED38C2297E4479C5E2B9EC6B0FD809C428D73AF00180970E4603AD0D213 '!=' Modulus=9B3E64A41EA61B8C68123D9885A0262A693E978FA058FC98D1BC7C4EF88093D81098218A9514601E3DC4826CA878FF35F0069A2B111F386790D973C5930F8B4A6E3823B8D1F2CD54C18278BCF29CEEF037042358BCA8B023CB4918901A103FFFC37EDED38C2297E4479C5E2B9EC6B0FD809C428D73AF00180970E4603AD0D213 ']' 389s + output_file=/tmp/sssd-softhsm2-cNC6UN/SSSD-child-32342-auth.output 389s ++ basename /tmp/sssd-softhsm2-cNC6UN/SSSD-child-32342-auth.output .output 389s + output_cert_file=/tmp/sssd-softhsm2-cNC6UN/SSSD-child-32342-auth.pem 389s + echo -n 053350 389s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/tmp/sssd-softhsm2-cNC6UN/test-sub-intermediate-CA.pem --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 --verify=partial_chain --token_name 'Test Organization Sub Int Token' --module_name /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so 389s [p11_child[3376]] [main] (0x0400): p11_child started. 389s [p11_child[3376]] [main] (0x2000): Running in [auth] mode. 389s [p11_child[3376]] [main] (0x2000): Running with effective IDs: [0][0]. 389s [p11_child[3376]] [main] (0x2000): Running with real IDs [0][0]. 389s [p11_child[3376]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 389s [p11_child[3376]] [do_card] (0x4000): Module List: 389s [p11_child[3376]] [do_card] (0x4000): common name: [softhsm2]. 389s [p11_child[3376]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 389s [p11_child[3376]] [do_card] (0x4000): Description [SoftHSM slot ID 0x7c087492] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 389s [p11_child[3376]] [do_card] (0x4000): Token label [Test Organization Sub Int Token]. 389s [p11_child[3376]] [do_card] (0x4000): Found [Test Organization Sub Int Token] in slot [SoftHSM slot ID 0x7c087492][2080928914] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 389s [p11_child[3376]] [do_card] (0x4000): Login required. 389s [p11_child[3376]] [read_certs] (0x4000): found cert[Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] 389s [p11_child[3376]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 389s [p11_child[3376]] [do_card] (0x4000): /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so Test Organization Sub Int Token Test Organization Sub Int Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 389s [p11_child[3376]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x7c087492;slot-manufacturer=SoftHSM%20project;slot-id=2080928914;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=d93ba498fc087492;token=Test%20Organization%20Sub%20Int%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Sub%20Intermediate%20Trusted%20Certificate%200001;type=cert. 389s [p11_child[3376]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 389s [p11_child[3376]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 389s [p11_child[3376]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 389s [p11_child[3376]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 389s [p11_child[3376]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 389s [p11_child[3376]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 389s [p11_child[3376]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 389s [p11_child[3376]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 389s [p11_child[3376]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 389s [p11_child[3376]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 389s [p11_child[3376]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 389s [p11_child[3376]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 389s [p11_child[3376]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 389s [p11_child[3376]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 389s [p11_child[3376]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 389s [p11_child[3376]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 389s [p11_child[3376]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 389s [p11_child[3376]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 389s [p11_child[3376]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 389s [p11_child[3376]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 389s [p11_child[3376]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 389s [p11_child[3376]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 389s [p11_child[3376]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 389s [p11_child[3376]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 389s [p11_child[3376]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 389s [p11_child[3376]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 389s [p11_child[3376]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 389s [p11_child[3376]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 389s [p11_child[3376]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 389s [p11_child[3376]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 389s [p11_child[3376]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 389s [p11_child[3376]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 389s [p11_child[3376]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 389s [p11_child[3376]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 389s [p11_child[3376]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 389s [p11_child[3376]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 389s [p11_child[3376]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 389s [p11_child[3376]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 389s [p11_child[3376]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 389s [p11_child[3376]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 389s [p11_child[3376]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 389s [p11_child[3376]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 389s [p11_child[3376]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 389s [p11_child[3376]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 389s [p11_child[3376]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 389s [p11_child[3376]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 389s [p11_child[3376]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 389s [p11_child[3376]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 389s [p11_child[3376]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 389s [p11_child[3376]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 389s [p11_child[3376]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 389s [p11_child[3376]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 389s [p11_child[3376]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 389s [p11_child[3376]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 389s [p11_child[3376]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 389s [p11_child[3376]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 389s [p11_child[3376]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 389s [p11_child[3376]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 389s [p11_child[3376]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 389s [p11_child[3376]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 389s [p11_child[3376]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 389s [p11_child[3376]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 389s [p11_child[3376]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 389s [p11_child[3376]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 389s [p11_child[3376]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 389s [p11_child[3376]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 389s [p11_child[3376]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 389s [p11_child[3376]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 389s [p11_child[3376]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 389s [p11_child[3376]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 389s [p11_child[3376]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 389s [p11_child[3376]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 389s [p11_child[3376]] [do_card] (0x4000): Certificate verified and validated. 389s [p11_child[3376]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 389s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-cNC6UN/SSSD-child-32342-auth.output 389s + echo '-----BEGIN CERTIFICATE-----' 389s + tail -n1 /tmp/sssd-softhsm2-cNC6UN/SSSD-child-32342-auth.output 389s + echo '-----END CERTIFICATE-----' 389s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-cNC6UN/SSSD-child-32342-auth.pem 389s Certificate: 389s Data: 389s Version: 3 (0x2) 389s Serial Number: 5 (0x5) 389s Signature Algorithm: sha256WithRSAEncryption 389s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate CA 389s Validity 389s Not Before: Jan 9 12:10:07 2025 GMT 389s Not After : Jan 9 12:10:07 2026 GMT 389s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate Trusted Certificate 0001 389s Subject Public Key Info: 389s Public Key Algorithm: rsaEncryption 389s Public-Key: (1024 bit) 389s Modulus: 389s 00:9b:3e:64:a4:1e:a6:1b:8c:68:12:3d:98:85:a0: 389s 26:2a:69:3e:97:8f:a0:58:fc:98:d1:bc:7c:4e:f8: 389s 80:93:d8:10:98:21:8a:95:14:60:1e:3d:c4:82:6c: 389s a8:78:ff:35:f0:06:9a:2b:11:1f:38:67:90:d9:73: 389s c5:93:0f:8b:4a:6e:38:23:b8:d1:f2:cd:54:c1:82: 389s 78:bc:f2:9c:ee:f0:37:04:23:58:bc:a8:b0:23:cb: 389s 49:18:90:1a:10:3f:ff:c3:7e:de:d3:8c:22:97:e4: 389s 47:9c:5e:2b:9e:c6:b0:fd:80:9c:42:8d:73:af:00: 389s 18:09:70:e4:60:3a:d0:d2:13 389s Exponent: 65537 (0x10001) 389s X509v3 extensions: 389s X509v3 Authority Key Identifier: 389s AB:27:67:54:F1:46:56:41:A3:1F:C6:9B:C6:2D:67:24:87:86:F2:30 389s X509v3 Basic Constraints: 389s CA:FALSE 389s Netscape Cert Type: 389s SSL Client, S/MIME 389s Netscape Comment: 389s Test Organization Sub Intermediate CA trusted Certificate 389s X509v3 Subject Key Identifier: 389s 89:E7:74:59:19:78:DD:C7:26:F9:05:49:DE:69:C5:F5:78:1A:4D:5E 389s X509v3 Key Usage: critical 389s Digital Signature, Non Repudiation, Key Encipherment 389s X509v3 Extended Key Usage: 389s TLS Web Client Authentication, E-mail Protection 389s X509v3 Subject Alternative Name: 389s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 389s Signature Algorithm: sha256WithRSAEncryption 389s Signature Value: 389s 4c:2d:af:ac:18:50:05:3e:ee:0a:0f:9c:c6:af:a7:1a:9d:c0: 389s 7a:5e:04:db:e5:31:08:26:97:13:be:f8:4c:df:3c:c6:e7:1e: 389s de:84:50:41:9b:03:a3:ff:c9:74:b2:a1:75:22:4e:eb:28:36: 389s aa:2a:da:d0:eb:1b:0c:8e:7a:85:b3:d8:44:d7:83:1b:7e:e7: 389s ea:9f:26:07:e0:71:d5:ee:17:a1:4c:6c:c7:65:02:70:70:13: 389s 47:09:38:ec:8a:6f:ca:9f:46:ab:6e:d1:a8:d1:3e:2b:1a:6c: 389s f8:d1:dd:e5:e7:5a:c7:e0:56:63:cc:e9:80:fd:4a:c7:00:7f: 389s 40:a0 389s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-cNC6UN/SSSD-child-32342-auth.pem 389s + found_md5=Modulus=9B3E64A41EA61B8C68123D9885A0262A693E978FA058FC98D1BC7C4EF88093D81098218A9514601E3DC4826CA878FF35F0069A2B111F386790D973C5930F8B4A6E3823B8D1F2CD54C18278BCF29CEEF037042358BCA8B023CB4918901A103FFFC37EDED38C2297E4479C5E2B9EC6B0FD809C428D73AF00180970E4603AD0D213 389s + '[' Modulus=9B3E64A41EA61B8C68123D9885A0262A693E978FA058FC98D1BC7C4EF88093D81098218A9514601E3DC4826CA878FF35F0069A2B111F386790D973C5930F8B4A6E3823B8D1F2CD54C18278BCF29CEEF037042358BCA8B023CB4918901A103FFFC37EDED38C2297E4479C5E2B9EC6B0FD809C428D73AF00180970E4603AD0D213 '!=' Modulus=9B3E64A41EA61B8C68123D9885A0262A693E978FA058FC98D1BC7C4EF88093D81098218A9514601E3DC4826CA878FF35F0069A2B111F386790D973C5930F8B4A6E3823B8D1F2CD54C18278BCF29CEEF037042358BCA8B023CB4918901A103FFFC37EDED38C2297E4479C5E2B9EC6B0FD809C428D73AF00180970E4603AD0D213 ']' 389s + valid_certificate /tmp/sssd-softhsm2-cNC6UN/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-90 /tmp/sssd-softhsm2-cNC6UN/test-intermediate-sub-chain-CA.pem partial_chain 389s + check_certificate /tmp/sssd-softhsm2-cNC6UN/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-90 /tmp/sssd-softhsm2-cNC6UN/test-intermediate-sub-chain-CA.pem partial_chain 389s + local certificate=/tmp/sssd-softhsm2-cNC6UN/test-sub-intermediate-CA-trusted-certificate-0001.pem 389s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-90 389s + local key_ring=/tmp/sssd-softhsm2-cNC6UN/test-intermediate-sub-chain-CA.pem 389s + local verify_option=partial_chain 389s + prepare_softhsm2_card /tmp/sssd-softhsm2-cNC6UN/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-90 389s + local certificate=/tmp/sssd-softhsm2-cNC6UN/test-sub-intermediate-CA-trusted-certificate-0001.pem 389s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-90 389s + local key_cn 389s + local key_name 389s + local tokens_dir 389s + local output_cert_file 389s + token_name= 389s ++ basename /tmp/sssd-softhsm2-cNC6UN/test-sub-intermediate-CA-trusted-certificate-0001.pem .pem 389s + key_name=test-sub-intermediate-CA-trusted-certificate-0001 389s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-cNC6UN/test-sub-intermediate-CA-trusted-certificate-0001.pem 389s ++ sed -n 's/ *commonName *= //p' 389s + key_cn='Test Organization Sub Intermediate Trusted Certificate 0001' 389s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 389s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-cNC6UN/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 389s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-cNC6UN/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 389s ++ basename /tmp/sssd-softhsm2-cNC6UN/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf .conf 389s Test Organization Sub Int Token 389s + tokens_dir=/tmp/sssd-softhsm2-cNC6UN/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 389s + token_name='Test Organization Sub Int Token' 389s + '[' '!' -e /tmp/sssd-softhsm2-cNC6UN/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf ']' 389s + '[' '!' -d /tmp/sssd-softhsm2-cNC6UN/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 ']' 389s + echo 'Test Organization Sub Int Token' 389s + '[' -n partial_chain ']' 389s + local verify_arg=--verify=partial_chain 389s + local output_base_name=SSSD-child-3337 389s + local output_file=/tmp/sssd-softhsm2-cNC6UN/SSSD-child-3337.output 389s + output_cert_file=/tmp/sssd-softhsm2-cNC6UN/SSSD-child-3337.pem 389s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so --verify=partial_chain --ca_db=/tmp/sssd-softhsm2-cNC6UN/test-intermediate-sub-chain-CA.pem 389s [p11_child[3386]] [main] (0x0400): p11_child started. 389s [p11_child[3386]] [main] (0x2000): Running in [pre-auth] mode. 389s [p11_child[3386]] [main] (0x2000): Running with effective IDs: [0][0]. 389s [p11_child[3386]] [main] (0x2000): Running with real IDs [0][0]. 389s [p11_child[3386]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 389s [p11_child[3386]] [do_card] (0x4000): Module List: 389s [p11_child[3386]] [do_card] (0x4000): common name: [softhsm2]. 389s [p11_child[3386]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 389s [p11_child[3386]] [do_card] (0x4000): Description [SoftHSM slot ID 0x7c087492] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 389s [p11_child[3386]] [do_card] (0x4000): Token label [Test Organization Sub Int Token]. 389s [p11_child[3386]] [do_card] (0x4000): Found [Test Organization Sub Int Token] in slot [SoftHSM slot ID 0x7c087492][2080928914] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 389s [p11_child[3386]] [do_card] (0x4000): Login NOT required. 389s [p11_child[3386]] [read_certs] (0x4000): found cert[Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] 389s [p11_child[3386]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 389s [p11_child[3386]] [do_card] (0x4000): /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so (null) Test Organization Sub Int Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 389s [p11_child[3386]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x7c087492;slot-manufacturer=SoftHSM%20project;slot-id=2080928914;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=d93ba498fc087492;token=Test%20Organization%20Sub%20Int%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Sub%20Intermediate%20Trusted%20Certificate%200001;type=cert. 389s [p11_child[3386]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 389s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-cNC6UN/SSSD-child-3337.output 389s + echo '-----BEGIN CERTIFICATE-----' 389s + tail -n1 /tmp/sssd-softhsm2-cNC6UN/SSSD-child-3337.output 389s + echo '-----END CERTIFICATE-----' 389s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-cNC6UN/SSSD-child-3337.pem 389s Certificate: 389s Data: 389s Version: 3 (0x2) 389s Serial Number: 5 (0x5) 389s Signature Algorithm: sha256WithRSAEncryption 389s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate CA 389s Validity 389s Not Before: Jan 9 12:10:07 2025 GMT 389s Not After : Jan 9 12:10:07 2026 GMT 389s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate Trusted Certificate 0001 389s Subject Public Key Info: 389s Public Key Algorithm: rsaEncryption 389s Public-Key: (1024 bit) 389s Modulus: 389s 00:9b:3e:64:a4:1e:a6:1b:8c:68:12:3d:98:85:a0: 389s 26:2a:69:3e:97:8f:a0:58:fc:98:d1:bc:7c:4e:f8: 389s 80:93:d8:10:98:21:8a:95:14:60:1e:3d:c4:82:6c: 389s a8:78:ff:35:f0:06:9a:2b:11:1f:38:67:90:d9:73: 389s c5:93:0f:8b:4a:6e:38:23:b8:d1:f2:cd:54:c1:82: 389s 78:bc:f2:9c:ee:f0:37:04:23:58:bc:a8:b0:23:cb: 389s 49:18:90:1a:10:3f:ff:c3:7e:de:d3:8c:22:97:e4: 389s 47:9c:5e:2b:9e:c6:b0:fd:80:9c:42:8d:73:af:00: 389s 18:09:70:e4:60:3a:d0:d2:13 389s Exponent: 65537 (0x10001) 389s X509v3 extensions: 389s X509v3 Authority Key Identifier: 389s AB:27:67:54:F1:46:56:41:A3:1F:C6:9B:C6:2D:67:24:87:86:F2:30 389s X509v3 Basic Constraints: 389s CA:FALSE 389s Netscape Cert Type: 389s SSL Client, S/MIME 389s Netscape Comment: 389s Test Organization Sub Intermediate CA trusted Certificate 389s X509v3 Subject Key Identifier: 389s 89:E7:74:59:19:78:DD:C7:26:F9:05:49:DE:69:C5:F5:78:1A:4D:5E 389s X509v3 Key Usage: critical 389s Digital Signature, Non Repudiation, Key Encipherment 389s X509v3 Extended Key Usage: 389s TLS Web Client Authentication, E-mail Protection 389s X509v3 Subject Alternative Name: 389s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 389s Signature Algorithm: sha256WithRSAEncryption 389s Signature Value: 389s 4c:2d:af:ac:18:50:05:3e:ee:0a:0f:9c:c6:af:a7:1a:9d:c0: 389s 7a:5e:04:db:e5:31:08:26:97:13:be:f8:4c:df:3c:c6:e7:1e: 389s de:84:50:41:9b:03:a3:ff:c9:74:b2:a1:75:22:4e:eb:28:36: 389s aa:2a:da:d0:eb:1b:0c:8e:7a:85:b3:d8:44:d7:83:1b:7e:e7: 389s ea:9f:26:07:e0:71:d5:ee:17:a1:4c:6c:c7:65:02:70:70:13: 389s 47:09:38:ec:8a:6f:ca:9f:46:ab:6e:d1:a8:d1:3e:2b:1a:6c: 389s f8:d1:dd:e5:e7:5a:c7:e0:56:63:cc:e9:80:fd:4a:c7:00:7f: 389s 40:a0 389s + local found_md5 expected_md5 389s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-cNC6UN/test-sub-intermediate-CA-trusted-certificate-0001.pem 389s + expected_md5=Modulus=9B3E64A41EA61B8C68123D9885A0262A693E978FA058FC98D1BC7C4EF88093D81098218A9514601E3DC4826CA878FF35F0069A2B111F386790D973C5930F8B4A6E3823B8D1F2CD54C18278BCF29CEEF037042358BCA8B023CB4918901A103FFFC37EDED38C2297E4479C5E2B9EC6B0FD809C428D73AF00180970E4603AD0D213 389s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-cNC6UN/SSSD-child-3337.pem 389s + found_md5=Modulus=9B3E64A41EA61B8C68123D9885A0262A693E978FA058FC98D1BC7C4EF88093D81098218A9514601E3DC4826CA878FF35F0069A2B111F386790D973C5930F8B4A6E3823B8D1F2CD54C18278BCF29CEEF037042358BCA8B023CB4918901A103FFFC37EDED38C2297E4479C5E2B9EC6B0FD809C428D73AF00180970E4603AD0D213 389s + '[' Modulus=9B3E64A41EA61B8C68123D9885A0262A693E978FA058FC98D1BC7C4EF88093D81098218A9514601E3DC4826CA878FF35F0069A2B111F386790D973C5930F8B4A6E3823B8D1F2CD54C18278BCF29CEEF037042358BCA8B023CB4918901A103FFFC37EDED38C2297E4479C5E2B9EC6B0FD809C428D73AF00180970E4603AD0D213 '!=' Modulus=9B3E64A41EA61B8C68123D9885A0262A693E978FA058FC98D1BC7C4EF88093D81098218A9514601E3DC4826CA878FF35F0069A2B111F386790D973C5930F8B4A6E3823B8D1F2CD54C18278BCF29CEEF037042358BCA8B023CB4918901A103FFFC37EDED38C2297E4479C5E2B9EC6B0FD809C428D73AF00180970E4603AD0D213 ']' 389s + output_file=/tmp/sssd-softhsm2-cNC6UN/SSSD-child-3337-auth.output 389s ++ basename /tmp/sssd-softhsm2-cNC6UN/SSSD-child-3337-auth.output .output 389s + output_cert_file=/tmp/sssd-softhsm2-cNC6UN/SSSD-child-3337-auth.pem 389s + echo -n 053350 389s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/tmp/sssd-softhsm2-cNC6UN/test-intermediate-sub-chain-CA.pem --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 --verify=partial_chain --token_name 'Test Organization Sub Int Token' --module_name /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so 389s [p11_child[3394]] [main] (0x0400): p11_child started. 389s [p11_child[3394]] [main] (0x2000): Running in [auth] mode. 389s [p11_child[3394]] [main] (0x2000): Running with effective IDs: [0][0]. 389s [p11_child[3394]] [main] (0x2000): Running with real IDs [0][0]. 389s [p11_child[3394]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 389s [p11_child[3394]] [do_card] (0x4000): Module List: 389s [p11_child[3394]] [do_card] (0x4000): common name: [softhsm2]. 389s [p11_child[3394]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 389s [p11_child[3394]] [do_card] (0x4000): Description [SoftHSM slot ID 0x7c087492] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 389s [p11_child[3394]] [do_card] (0x4000): Token label [Test Organization Sub Int Token]. 389s [p11_child[3394]] [do_card] (0x4000): Found [Test Organization Sub Int Token] in slot [SoftHSM slot ID 0x7c087492][2080928914] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 389s [p11_child[3394]] [do_card] (0x4000): Login required. 389s [p11_child[3394]] [read_certs] (0x4000): found cert[Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] 389s [p11_child[3394]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 389s [p11_child[3394]] [do_card] (0x4000): /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so Test Organization Sub Int Token Test Organization Sub Int Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 389s [p11_child[3394]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x7c087492;slot-manufacturer=SoftHSM%20project;slot-id=2080928914;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=d93ba498fc087492;token=Test%20Organization%20Sub%20Int%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Sub%20Intermediate%20Trusted%20Certificate%200001;type=cert. 389s [p11_child[3394]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 389s [p11_child[3394]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 389s [p11_child[3394]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 389s [p11_child[3394]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 389s [p11_child[3394]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 389s [p11_child[3394]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 389s [p11_child[3394]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 389s [p11_child[3394]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 389s [p11_child[3394]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 389s [p11_child[3394]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 389s [p11_child[3394]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 389s [p11_child[3394]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 389s [p11_child[3394]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 389s [p11_child[3394]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 389s [p11_child[3394]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 389s [p11_child[3394]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 389s [p11_child[3394]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 389s [p11_child[3394]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 389s [p11_child[3394]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 389s [p11_child[3394]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 389s [p11_child[3394]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 389s [p11_child[3394]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 389s [p11_child[3394]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 389s [p11_child[3394]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 389s [p11_child[3394]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 389s [p11_child[3394]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 389s [p11_child[3394]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 389s [p11_child[3394]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 389s [p11_child[3394]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 389s [p11_child[3394]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 389s [p11_child[3394]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 389s [p11_child[3394]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 389s [p11_child[3394]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 389s [p11_child[3394]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 389s [p11_child[3394]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 389s [p11_child[3394]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 389s [p11_child[3394]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 389s [p11_child[3394]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 389s [p11_child[3394]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 389s [p11_child[3394]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 389s [p11_child[3394]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 389s [p11_child[3394]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 389s [p11_child[3394]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 389s [p11_child[3394]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 389s [p11_child[3394]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 389s [p11_child[3394]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 389s [p11_child[3394]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 389s [p11_child[3394]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 389s [p11_child[3394]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 389s [p11_child[3394]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 389s [p11_child[3394]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 389s [p11_child[3394]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 389s [p11_child[3394]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 389s [p11_child[3394]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 389s [p11_child[3394]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 389s [p11_child[3394]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 389s [p11_child[3394]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 389s [p11_child[3394]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 389s [p11_child[3394]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 389s [p11_child[3394]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 389s [p11_child[3394]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 389s [p11_child[3394]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 389s [p11_child[3394]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 389s [p11_child[3394]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 389s [p11_child[3394]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 389s [p11_child[3394]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 389s [p11_child[3394]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 389s [p11_child[3394]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 389s [p11_child[3394]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 389s [p11_child[3394]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 389s [p11_child[3394]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 389s [p11_child[3394]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 389s [p11_child[3394]] [do_card] (0x4000): Certificate verified and validated. 389s [p11_child[3394]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 389s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-cNC6UN/SSSD-child-3337-auth.output 389s + echo '-----BEGIN CERTIFICATE-----' 389s + tail -n1 /tmp/sssd-softhsm2-cNC6UN/SSSD-child-3337-auth.output 389s + echo '-----END CERTIFICATE-----' 389s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-cNC6UN/SSSD-child-3337-auth.pem 389s Certificate: 389s Data: 389s Version: 3 (0x2) 389s Serial Number: 5 (0x5) 389s Signature Algorithm: sha256WithRSAEncryption 389s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate CA 389s Validity 389s Not Before: Jan 9 12:10:07 2025 GMT 389s Not After : Jan 9 12:10:07 2026 GMT 389s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate Trusted Certificate 0001 389s Subject Public Key Info: 389s Public Key Algorithm: rsaEncryption 389s Public-Key: (1024 bit) 389s Modulus: 389s 00:9b:3e:64:a4:1e:a6:1b:8c:68:12:3d:98:85:a0: 389s 26:2a:69:3e:97:8f:a0:58:fc:98:d1:bc:7c:4e:f8: 389s 80:93:d8:10:98:21:8a:95:14:60:1e:3d:c4:82:6c: 389s a8:78:ff:35:f0:06:9a:2b:11:1f:38:67:90:d9:73: 389s c5:93:0f:8b:4a:6e:38:23:b8:d1:f2:cd:54:c1:82: 389s 78:bc:f2:9c:ee:f0:37:04:23:58:bc:a8:b0:23:cb: 389s 49:18:90:1a:10:3f:ff:c3:7e:de:d3:8c:22:97:e4: 389s 47:9c:5e:2b:9e:c6:b0:fd:80:9c:42:8d:73:af:00: 389s 18:09:70:e4:60:3a:d0:d2:13 389s Exponent: 65537 (0x10001) 389s X509v3 extensions: 389s X509v3 Authority Key Identifier: 389s AB:27:67:54:F1:46:56:41:A3:1F:C6:9B:C6:2D:67:24:87:86:F2:30 389s X509v3 Basic Constraints: 389s CA:FALSE 389s Netscape Cert Type: 389s SSL Client, S/MIME 389s Netscape Comment: 389s Test Organization Sub Intermediate CA trusted Certificate 389s X509v3 Subject Key Identifier: 389s 89:E7:74:59:19:78:DD:C7:26:F9:05:49:DE:69:C5:F5:78:1A:4D:5E 389s X509v3 Key Usage: critical 389s Digital Signature, Non Repudiation, Key Encipherment 389s X509v3 Extended Key Usage: 389s TLS Web Client Authentication, E-mail Protection 389s X509v3 Subject Alternative Name: 389s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 389s Signature Algorithm: sha256WithRSAEncryption 389s Signature Value: 389s 4c:2d:af:ac:18:50:05:3e:ee:0a:0f:9c:c6:af:a7:1a:9d:c0: 389s 7a:5e:04:db:e5:31:08:26:97:13:be:f8:4c:df:3c:c6:e7:1e: 389s de:84:50:41:9b:03:a3:ff:c9:74:b2:a1:75:22:4e:eb:28:36: 389s aa:2a:da:d0:eb:1b:0c:8e:7a:85:b3:d8:44:d7:83:1b:7e:e7: 389s ea:9f:26:07:e0:71:d5:ee:17:a1:4c:6c:c7:65:02:70:70:13: 389s 47:09:38:ec:8a:6f:ca:9f:46:ab:6e:d1:a8:d1:3e:2b:1a:6c: 389s f8:d1:dd:e5:e7:5a:c7:e0:56:63:cc:e9:80:fd:4a:c7:00:7f: 389s 40:a0 389s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-cNC6UN/SSSD-child-3337-auth.pem 389s 389s Test completed, Root CA and intermediate issued certificates verified! 389s + found_md5=Modulus=9B3E64A41EA61B8C68123D9885A0262A693E978FA058FC98D1BC7C4EF88093D81098218A9514601E3DC4826CA878FF35F0069A2B111F386790D973C5930F8B4A6E3823B8D1F2CD54C18278BCF29CEEF037042358BCA8B023CB4918901A103FFFC37EDED38C2297E4479C5E2B9EC6B0FD809C428D73AF00180970E4603AD0D213 389s + '[' Modulus=9B3E64A41EA61B8C68123D9885A0262A693E978FA058FC98D1BC7C4EF88093D81098218A9514601E3DC4826CA878FF35F0069A2B111F386790D973C5930F8B4A6E3823B8D1F2CD54C18278BCF29CEEF037042358BCA8B023CB4918901A103FFFC37EDED38C2297E4479C5E2B9EC6B0FD809C428D73AF00180970E4603AD0D213 '!=' Modulus=9B3E64A41EA61B8C68123D9885A0262A693E978FA058FC98D1BC7C4EF88093D81098218A9514601E3DC4826CA878FF35F0069A2B111F386790D973C5930F8B4A6E3823B8D1F2CD54C18278BCF29CEEF037042358BCA8B023CB4918901A103FFFC37EDED38C2297E4479C5E2B9EC6B0FD809C428D73AF00180970E4603AD0D213 ']' 389s + set +x 389s autopkgtest [12:10:11]: test sssd-softhism2-certificates-tests.sh: -----------------------] 390s sssd-softhism2-certificates-tests.sh PASS 390s autopkgtest [12:10:12]: test sssd-softhism2-certificates-tests.sh: - - - - - - - - - - results - - - - - - - - - - 390s autopkgtest [12:10:12]: test sssd-smart-card-pam-auth-configs: preparing testbed 391s Reading package lists... 391s Building dependency tree... 391s Reading state information... 391s Starting pkgProblemResolver with broken count: 0 391s Starting 2 pkgProblemResolver with broken count: 0 391s Done 392s The following NEW packages will be installed: 392s pamtester 392s 0 upgraded, 1 newly installed, 0 to remove and 0 not upgraded. 392s Need to get 12.3 kB of archives. 392s After this operation, 36.9 kB of additional disk space will be used. 392s Get:1 http://ftpmaster.internal/ubuntu noble/universe arm64 pamtester arm64 0.1.2-4 [12.3 kB] 393s Fetched 12.3 kB in 0s (70.6 kB/s) 393s Selecting previously unselected package pamtester. 393s (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 113550 files and directories currently installed.) 393s Preparing to unpack .../pamtester_0.1.2-4_arm64.deb ... 393s Unpacking pamtester (0.1.2-4) ... 393s Setting up pamtester (0.1.2-4) ... 393s Processing triggers for man-db (2.12.0-4build2) ... 394s autopkgtest [12:10:16]: test sssd-smart-card-pam-auth-configs: env OFFLINE_MODE=1 bash debian/tests/sssd-smart-card-pam-auth-configs-tester.sh 394s autopkgtest [12:10:16]: test sssd-smart-card-pam-auth-configs: [----------------------- 394s + '[' -z ubuntu ']' 394s + export DEBIAN_FRONTEND=noninteractive 394s + DEBIAN_FRONTEND=noninteractive 394s + required_tools=(pamtester softhsm2-util sssd) 394s + [[ ! -v OFFLINE_MODE ]] 394s + for cmd in "${required_tools[@]}" 394s + command -v pamtester 394s + for cmd in "${required_tools[@]}" 394s + command -v softhsm2-util 394s + for cmd in "${required_tools[@]}" 394s + command -v sssd 394s + PIN=123456 394s ++ mktemp -d -t sssd-softhsm2-certs-XXXXXX 394s + tmpdir=/tmp/sssd-softhsm2-certs-0PWW87 394s + backupsdir= 394s + alternative_pam_configs=(sss-smart-card-optional sss-smart-card-required) 394s + declare -a restore_paths 394s + declare -a delete_paths 394s + trap handle_exit EXIT 394s ++ dirname debian/tests/sssd-smart-card-pam-auth-configs-tester.sh 394s + tester=debian/tests/sssd-softhism2-certificates-tests.sh 394s + '[' '!' -e debian/tests/sssd-softhism2-certificates-tests.sh ']' 394s + '[' '!' -e debian/tests/sssd-softhism2-certificates-tests.sh ']' 394s + export PIN TEST_TMPDIR=/tmp/sssd-softhsm2-certs-0PWW87 GENERATE_SMART_CARDS=1 KEEP_TEMPORARY_FILES=1 NO_SSSD_TESTS=1 394s + TEST_TMPDIR=/tmp/sssd-softhsm2-certs-0PWW87 394s + GENERATE_SMART_CARDS=1 394s + KEEP_TEMPORARY_FILES=1 394s + NO_SSSD_TESTS=1 394s + bash debian/tests/sssd-softhism2-certificates-tests.sh 394s + '[' -z ubuntu ']' 394s + required_tools=(p11tool openssl softhsm2-util) 394s + for cmd in "${required_tools[@]}" 394s + command -v p11tool 394s + for cmd in "${required_tools[@]}" 394s + command -v openssl 394s + for cmd in "${required_tools[@]}" 394s + command -v softhsm2-util 394s + PIN=123456 394s +++ find /usr/lib/softhsm/libsofthsm2.so 394s +++ head -n 1 394s ++ realpath /usr/lib/softhsm/libsofthsm2.so 394s + SOFTHSM2_MODULE=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so 394s + SSSD_P11_CHILD=/usr/libexec/sssd/p11_child 394s + TOKEN_ID=00112233445566778899FFAABBCCDDEEFF012345 394s + '[' '!' -v NO_SSSD_TESTS ']' 394s + '[' '!' -e /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so ']' 394s + tmpdir=/tmp/sssd-softhsm2-certs-0PWW87 394s + keys_size=1024 394s + [[ ! -v KEEP_TEMPORARY_FILES ]] 394s + trap 'set +x; echo -e "\nUnexpected failure!!!"' ERR 394s + echo -n 01 394s + touch /tmp/sssd-softhsm2-certs-0PWW87/index.txt 394s + mkdir -p /tmp/sssd-softhsm2-certs-0PWW87/new_certs 394s + cat 394s + root_ca_key_pass=pass:random-root-CA-password-29366 394s + openssl genrsa -aes256 -out /tmp/sssd-softhsm2-certs-0PWW87/test-root-CA-key.pem -passout pass:random-root-CA-password-29366 1024 394s + openssl req -passin pass:random-root-CA-password-29366 -batch -config /tmp/sssd-softhsm2-certs-0PWW87/test-root-CA.config -x509 -new -nodes -key /tmp/sssd-softhsm2-certs-0PWW87/test-root-CA-key.pem -sha256 -days 1024 -set_serial 0 -extensions v3_ca -out /tmp/sssd-softhsm2-certs-0PWW87/test-root-CA.pem 394s + openssl x509 -noout -in /tmp/sssd-softhsm2-certs-0PWW87/test-root-CA.pem 394s + cat 394s + intermediate_ca_key_pass=pass:random-intermediate-CA-password-17952 394s + openssl genrsa -aes256 -out /tmp/sssd-softhsm2-certs-0PWW87/test-intermediate-CA-key.pem -passout pass:random-intermediate-CA-password-17952 1024 395s + openssl req -batch -new -nodes -passin pass:random-intermediate-CA-password-17952 -config /tmp/sssd-softhsm2-certs-0PWW87/test-intermediate-CA.config -key /tmp/sssd-softhsm2-certs-0PWW87/test-intermediate-CA-key.pem -passout pass:random-root-CA-password-29366 -sha256 -extensions v3_ca -out /tmp/sssd-softhsm2-certs-0PWW87/test-intermediate-CA-certificate-request.pem 395s + openssl req -text -noout -in /tmp/sssd-softhsm2-certs-0PWW87/test-intermediate-CA-certificate-request.pem 395s Certificate Request: 395s Data: 395s Version: 1 (0x0) 395s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate CA 395s Subject Public Key Info: 395s Public Key Algorithm: rsaEncryption 395s Public-Key: (1024 bit) 395s Modulus: 395s 00:c4:73:40:39:0d:77:04:e4:58:9e:06:12:75:51: 395s 21:54:26:3e:8b:df:74:97:b1:6e:8a:d5:29:28:42: 395s 8c:9d:a8:06:c4:5f:37:55:87:e9:6a:bb:d8:a0:d2: 395s 97:53:9f:83:a2:22:3b:33:90:73:e4:07:da:dc:75: 395s 78:cf:d4:29:d5:34:93:fa:59:1c:ba:49:01:e7:c4: 395s 6a:da:e0:1d:24:e0:03:f8:90:c3:4d:0f:bd:6e:9c: 395s 6f:b7:4e:70:c8:5e:82:bc:12:01:bb:86:49:39:f1: 395s 93:0e:72:d1:89:9d:03:7a:91:3b:5b:9b:26:84:9e: 395s bc:4d:b2:13:10:7c:44:69:99 395s Exponent: 65537 (0x10001) 395s Attributes: 395s (none) 395s Requested Extensions: 395s Signature Algorithm: sha256WithRSAEncryption 395s Signature Value: 395s 58:94:c5:73:5d:43:6d:c8:b7:d9:71:21:fd:39:73:0c:ce:87: 395s 7d:50:ee:48:86:8d:57:2f:64:61:5e:8a:f4:3a:2d:26:b5:b1: 395s 7b:70:e2:13:b7:72:cf:b9:d6:28:54:7b:93:4f:4e:9b:1c:d3: 395s 7d:b9:ed:07:2a:1f:30:15:2e:ed:bb:9c:74:9a:8f:10:0f:3e: 395s 22:73:2e:29:25:0e:b5:3b:5b:e3:8d:83:8b:da:e1:8b:e2:c6: 395s 00:8d:c2:79:4c:4d:5f:30:fa:e4:d1:7e:b9:0e:7f:99:b4:75: 395s 28:c6:53:39:57:1f:40:f8:78:fb:db:75:0b:c8:3c:96:6d:59: 395s 21:11 395s + openssl ca -batch -notext -config /tmp/sssd-softhsm2-certs-0PWW87/test-root-CA.config -passin pass:random-root-CA-password-29366 -keyfile /tmp/sssd-softhsm2-certs-0PWW87/test-root-CA-key.pem -in /tmp/sssd-softhsm2-certs-0PWW87/test-intermediate-CA-certificate-request.pem -days 365 -extensions v3_intermediate_ca -out /tmp/sssd-softhsm2-certs-0PWW87/test-intermediate-CA.pem 395s Using configuration from /tmp/sssd-softhsm2-certs-0PWW87/test-root-CA.config 395s Check that the request matches the signature 395s Signature ok 395s Certificate Details: 395s Serial Number: 1 (0x1) 395s Validity 395s Not Before: Jan 9 12:10:17 2025 GMT 395s Not After : Jan 9 12:10:17 2026 GMT 395s Subject: 395s organizationName = Test Organization 395s organizationalUnitName = Test Organization Unit 395s commonName = Test Organization Intermediate CA 395s X509v3 extensions: 395s X509v3 Subject Key Identifier: 395s A2:2A:CE:DE:00:5C:D9:B9:52:71:BB:BB:81:84:3B:6F:A4:BC:9A:5F 395s X509v3 Authority Key Identifier: 395s keyid:B5:32:A8:65:32:3D:49:23:05:B4:5F:CA:87:F9:84:C4:81:68:F1:9A 395s DirName:/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root CA 395s serial:00 395s X509v3 Basic Constraints: 395s CA:TRUE 395s X509v3 Key Usage: critical 395s Digital Signature, Certificate Sign, CRL Sign 395s Certificate is to be certified until Jan 9 12:10:17 2026 GMT (365 days) 395s 395s Write out database with 1 new entries 395s Database updated 395s + openssl x509 -noout -in /tmp/sssd-softhsm2-certs-0PWW87/test-intermediate-CA.pem 395s + openssl verify -CAfile /tmp/sssd-softhsm2-certs-0PWW87/test-root-CA.pem /tmp/sssd-softhsm2-certs-0PWW87/test-intermediate-CA.pem 395s /tmp/sssd-softhsm2-certs-0PWW87/test-intermediate-CA.pem: OK 395s + cat 395s + sub_intermediate_ca_key_pass=pass:random-sub-intermediate-CA-password-24395 395s + openssl genrsa -aes256 -out /tmp/sssd-softhsm2-certs-0PWW87/test-sub-intermediate-CA-key.pem -passout pass:random-sub-intermediate-CA-password-24395 1024 395s + openssl req -batch -new -nodes -passin pass:random-sub-intermediate-CA-password-24395 -config /tmp/sssd-softhsm2-certs-0PWW87/test-sub-intermediate-CA.config -key /tmp/sssd-softhsm2-certs-0PWW87/test-sub-intermediate-CA-key.pem -passout pass:random-intermediate-CA-password-17952 -sha256 -extensions v3_ca -out /tmp/sssd-softhsm2-certs-0PWW87/test-sub-intermediate-CA-certificate-request.pem 395s + openssl req -text -noout -in /tmp/sssd-softhsm2-certs-0PWW87/test-sub-intermediate-CA-certificate-request.pem 395s Certificate Request: 395s Data: 395s Version: 1 (0x0) 395s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate CA 395s Subject Public Key Info: 395s Public Key Algorithm: rsaEncryption 395s Public-Key: (1024 bit) 395s Modulus: 395s 00:e9:34:6f:8c:aa:c4:c2:d8:6b:f2:94:d4:59:8f: 395s 2d:27:6f:9e:65:c5:27:5c:3c:58:e8:82:9e:91:00: 395s e6:24:da:da:47:cc:62:90:01:ac:6d:ad:01:46:be: 395s ae:df:b4:6d:b9:2c:a6:60:5e:a7:9e:b2:ce:4a:d8: 395s 29:f8:1a:5d:7e:4f:32:7d:1c:df:9b:90:aa:09:c2: 395s 4f:7d:01:64:df:a6:e7:5e:f9:fc:28:2b:89:ce:55: 395s 12:8d:6c:30:22:33:ce:d5:85:e9:e7:7e:3b:08:d9: 395s aa:48:8b:79:b7:e3:52:33:eb:ca:df:54:98:85:ce: 395s 5e:cc:ba:4c:c7:1f:3e:4c:27 395s Exponent: 65537 (0x10001) 395s Attributes: 395s (none) 395s Requested Extensions: 395s Signature Algorithm: sha256WithRSAEncryption 395s Signature Value: 395s 3e:ad:22:55:df:2a:28:8a:9f:d0:e8:59:87:e0:fd:27:07:a5: 395s e1:2d:30:6f:d0:19:23:d6:ac:b3:0d:5c:f7:72:e0:8e:69:a0: 395s 6d:98:9f:b4:a3:48:18:7c:cd:28:a8:6a:81:9e:40:42:f7:40: 395s b3:58:2c:29:10:ab:9c:77:af:de:f3:67:7e:98:45:25:a9:a8: 395s bf:53:5d:46:01:2b:ca:18:75:ae:29:c5:bc:af:ca:dc:c7:49: 395s 4d:e7:39:88:f0:2c:bd:1f:03:ad:48:65:5d:c9:3f:e3:b4:1b: 395s aa:10:91:70:22:5c:bb:ac:f4:11:e2:a4:20:9f:e1:7b:1a:e2: 395s d0:fe 395s + openssl ca -batch -notext -config /tmp/sssd-softhsm2-certs-0PWW87/test-intermediate-CA.config -passin pass:random-intermediate-CA-password-17952 -keyfile /tmp/sssd-softhsm2-certs-0PWW87/test-intermediate-CA-key.pem -in /tmp/sssd-softhsm2-certs-0PWW87/test-sub-intermediate-CA-certificate-request.pem -days 365 -extensions v3_intermediate_ca -out /tmp/sssd-softhsm2-certs-0PWW87/test-sub-intermediate-CA.pem 395s Using configuration from /tmp/sssd-softhsm2-certs-0PWW87/test-intermediate-CA.config 395s Check that the request matches the signature 395s Signature ok 395s Certificate Details: 395s Serial Number: 2 (0x2) 395s Validity 395s Not Before: Jan 9 12:10:17 2025 GMT 395s Not After : Jan 9 12:10:17 2026 GMT 395s Subject: 395s organizationName = Test Organization 395s organizationalUnitName = Test Organization Unit 395s commonName = Test Organization Sub Intermediate CA 395s X509v3 extensions: 395s X509v3 Subject Key Identifier: 395s 01:A6:89:27:A5:BB:DA:0A:01:AD:65:53:A5:A4:F3:D4:27:61:2E:3A 395s X509v3 Authority Key Identifier: 395s keyid:A2:2A:CE:DE:00:5C:D9:B9:52:71:BB:BB:81:84:3B:6F:A4:BC:9A:5F 395s DirName:/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root CA 395s serial:01 395s X509v3 Basic Constraints: 395s CA:TRUE 395s X509v3 Key Usage: critical 395s Digital Signature, Certificate Sign, CRL Sign 395s Certificate is to be certified until Jan 9 12:10:17 2026 GMT (365 days) 395s 395s Write out database with 1 new entries 395s Database updated 395s + openssl x509 -noout -in /tmp/sssd-softhsm2-certs-0PWW87/test-sub-intermediate-CA.pem 395s + openssl verify -partial_chain -CAfile /tmp/sssd-softhsm2-certs-0PWW87/test-intermediate-CA.pem /tmp/sssd-softhsm2-certs-0PWW87/test-sub-intermediate-CA.pem 395s /tmp/sssd-softhsm2-certs-0PWW87/test-sub-intermediate-CA.pem: OK 395s + expect_fail openssl verify -CAfile /tmp/sssd-softhsm2-certs-0PWW87/test-root-CA.pem /tmp/sssd-softhsm2-certs-0PWW87/test-sub-intermediate-CA.pem 395s + local cmd=openssl 395s + shift 395s + openssl verify -CAfile /tmp/sssd-softhsm2-certs-0PWW87/test-root-CA.pem /tmp/sssd-softhsm2-certs-0PWW87/test-sub-intermediate-CA.pem 395s O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate CA 395s error 20 at 0 depth lookup: unable to get local issuer certificate 395s error /tmp/sssd-softhsm2-certs-0PWW87/test-sub-intermediate-CA.pem: verification failed 395s + cat 395s + root_ca_trusted_cert_0001_key_pass=pass:random-root-ca-trusted-cert-0001-10935 395s + openssl genrsa -aes256 -out /tmp/sssd-softhsm2-certs-0PWW87/test-root-CA-trusted-certificate-0001-key.pem -passout pass:random-root-ca-trusted-cert-0001-10935 1024 395s + openssl req -new -nodes -reqexts req_exts -passin pass:random-root-ca-trusted-cert-0001-10935 -key /tmp/sssd-softhsm2-certs-0PWW87/test-root-CA-trusted-certificate-0001-key.pem -config /tmp/sssd-softhsm2-certs-0PWW87/test-root-CA-trusted-certificate-0001.config -out /tmp/sssd-softhsm2-certs-0PWW87/test-root-CA-trusted-certificate-0001-request.pem 395s + openssl req -text -noout -in /tmp/sssd-softhsm2-certs-0PWW87/test-root-CA-trusted-certificate-0001-request.pem 395s Certificate Request: 395s Data: 395s Version: 1 (0x0) 395s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root Trusted Certificate 0001 395s Subject Public Key Info: 395s Public Key Algorithm: rsaEncryption 395s Public-Key: (1024 bit) 395s Modulus: 395s 00:e1:e1:87:06:a8:23:81:57:6d:75:ce:78:b5:b7: 395s 73:bf:cb:bd:dd:25:d8:1f:06:f4:2b:32:f4:1f:8f: 395s 2f:90:13:d6:8c:2c:c6:b9:e0:bc:d3:43:17:da:f1: 395s e3:f4:3f:94:63:3e:c2:1e:c1:ce:4e:aa:97:52:21: 395s c2:8e:5f:a0:a4:37:93:4f:05:11:de:bf:2c:49:47: 395s 7d:ff:4f:4b:15:93:01:9b:25:e0:99:8d:46:7d:1b: 395s d7:5c:3d:f7:f1:16:63:bb:62:da:8e:c2:77:11:3c: 395s de:8f:e5:65:30:5f:9e:ff:90:c4:c5:70:01:a9:1a: 395s b8:de:bd:f7:f3:21:6f:30:41 395s Exponent: 65537 (0x10001) 395s Attributes: 395s Requested Extensions: 395s X509v3 Basic Constraints: 395s CA:FALSE 395s Netscape Cert Type: 395s SSL Client, S/MIME 395s Netscape Comment: 395s Test Organization Root CA trusted Certificate 395s X509v3 Subject Key Identifier: 395s BD:D8:F2:42:FC:5B:21:59:AC:7D:62:E4:45:24:6B:D9:B2:D4:09:2A 395s X509v3 Key Usage: critical 395s Digital Signature, Non Repudiation, Key Encipherment 395s X509v3 Extended Key Usage: 395s TLS Web Client Authentication, E-mail Protection 395s X509v3 Subject Alternative Name: 395s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 395s Signature Algorithm: sha256WithRSAEncryption 395s Signature Value: 395s 3d:dd:17:15:67:67:06:11:3a:97:38:a8:44:4c:96:26:30:c1: 395s 91:d1:e0:d6:1c:35:71:89:e8:af:31:3f:8d:05:22:f3:75:e9: 395s 74:01:8f:d5:70:3d:36:92:c7:a0:04:8c:6f:6f:36:a9:89:12: 395s 81:e1:d4:65:61:a0:24:45:90:79:25:47:4e:c8:f2:81:a1:ee: 395s 8a:0f:20:c5:ca:1e:76:a8:6a:5f:a3:3f:b6:cb:1c:d5:04:68: 395s 57:17:36:8a:e4:cb:36:94:19:1a:39:0d:2d:ee:0b:98:91:c9: 395s 55:4d:57:6e:0c:8e:c0:f3:e9:fc:ce:69:32:6b:d1:56:3f:c3: 395s ec:b9 395s + openssl ca -batch -notext -config /tmp/sssd-softhsm2-certs-0PWW87/test-root-CA.config -passin pass:random-root-CA-password-29366 -keyfile /tmp/sssd-softhsm2-certs-0PWW87/test-root-CA-key.pem -in /tmp/sssd-softhsm2-certs-0PWW87/test-root-CA-trusted-certificate-0001-request.pem -days 365 -extensions usr_cert -out /tmp/sssd-softhsm2-certs-0PWW87/test-root-CA-trusted-certificate-0001.pem 395s Using configuration from /tmp/sssd-softhsm2-certs-0PWW87/test-root-CA.config 395s Check that the request matches the signature 395s Signature ok 395s Certificate Details: 395s Serial Number: 3 (0x3) 395s Validity 395s Not Before: Jan 9 12:10:17 2025 GMT 395s Not After : Jan 9 12:10:17 2026 GMT 395s Subject: 395s organizationName = Test Organization 395s organizationalUnitName = Test Organization Unit 395s commonName = Test Organization Root Trusted Certificate 0001 395s X509v3 extensions: 395s X509v3 Authority Key Identifier: 395s B5:32:A8:65:32:3D:49:23:05:B4:5F:CA:87:F9:84:C4:81:68:F1:9A 395s X509v3 Basic Constraints: 395s CA:FALSE 395s Netscape Cert Type: 395s SSL Client, S/MIME 395s Netscape Comment: 395s Test Organization Root CA trusted Certificate 395s X509v3 Subject Key Identifier: 395s BD:D8:F2:42:FC:5B:21:59:AC:7D:62:E4:45:24:6B:D9:B2:D4:09:2A 395s X509v3 Key Usage: critical 395s Digital Signature, Non Repudiation, Key Encipherment 395s X509v3 Extended Key Usage: 395s TLS Web Client Authentication, E-mail Protection 395s X509v3 Subject Alternative Name: 395s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 395s Certificate is to be certified until Jan 9 12:10:17 2026 GMT (365 days) 395s 395s Write out database with 1 new entries 395s Database updated 395s + openssl x509 -noout -in /tmp/sssd-softhsm2-certs-0PWW87/test-root-CA-trusted-certificate-0001.pem 395s + openssl verify -CAfile /tmp/sssd-softhsm2-certs-0PWW87/test-root-CA.pem /tmp/sssd-softhsm2-certs-0PWW87/test-root-CA-trusted-certificate-0001.pem 395s /tmp/sssd-softhsm2-certs-0PWW87/test-root-CA-trusted-certificate-0001.pem: OK 395s + expect_fail openssl verify -CAfile /tmp/sssd-softhsm2-certs-0PWW87/test-intermediate-CA.pem /tmp/sssd-softhsm2-certs-0PWW87/test-root-CA-trusted-certificate-0001.pem 395s + local cmd=openssl 395s + shift 395s + openssl verify -CAfile /tmp/sssd-softhsm2-certs-0PWW87/test-intermediate-CA.pem /tmp/sssd-softhsm2-certs-0PWW87/test-root-CA-trusted-certificate-0001.pem 395s O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root Trusted Certificate 0001 395s error 20 at 0 depth lookup: unable to get local issuer certificate 395s error /tmp/sssd-softhsm2-certs-0PWW87/test-root-CA-trusted-certificate-0001.pem: verification failed 395s + cat 395s + intermediate_ca_trusted_cert_0001_key_pass=pass:random-intermediate-ca-trusted-cert-0001-11705 395s + openssl genrsa -aes256 -out /tmp/sssd-softhsm2-certs-0PWW87/test-intermediate-CA-trusted-certificate-0001-key.pem -passout pass:random-intermediate-ca-trusted-cert-0001-11705 1024 395s + openssl req -new -nodes -reqexts req_exts -passin pass:random-intermediate-ca-trusted-cert-0001-11705 -key /tmp/sssd-softhsm2-certs-0PWW87/test-intermediate-CA-trusted-certificate-0001-key.pem -config /tmp/sssd-softhsm2-certs-0PWW87/test-intermediate-CA-trusted-certificate-0001.config -out /tmp/sssd-softhsm2-certs-0PWW87/test-intermediate-CA-trusted-certificate-0001-request.pem 395s + openssl req -text -noout -in /tmp/sssd-softhsm2-certs-0PWW87/test-intermediate-CA-trusted-certificate-0001-request.pem 395s Certificate Request: 395s Data: 395s Version: 1 (0x0) 395s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate Trusted Certificate 0001 395s Subject Public Key Info: 395s Public Key Algorithm: rsaEncryption 395s Public-Key: (1024 bit) 395s Modulus: 395s 00:e6:a2:4b:9d:39:08:96:3c:f8:f5:91:f3:58:df: 395s fd:bc:70:fe:7b:19:24:81:e2:58:39:dd:3a:cd:46: 395s ef:ea:9d:08:62:fc:d0:22:4d:85:89:16:db:c3:a2: 395s 1e:f7:5f:ac:54:af:ba:a2:5b:52:0d:a0:2d:f6:db: 395s 70:e9:e0:d3:54:d3:5d:a2:b6:02:e8:00:ed:5a:ea: 395s 84:2f:fc:42:a7:9a:5f:2f:e1:ca:67:da:5f:49:18: 395s 5a:b0:2e:48:f3:66:4f:ff:0f:ba:93:8b:88:94:39: 395s 6a:a8:c9:6e:04:3e:63:cc:bf:08:16:7a:b1:df:9f: 395s 54:ec:ac:1e:91:dd:59:f5:cf 395s Exponent: 65537 (0x10001) 395s Attributes: 395s Requested Extensions: 395s X509v3 Basic Constraints: 395s CA:FALSE 395s Netscape Cert Type: 395s SSL Client, S/MIME 395s Netscape Comment: 395s Test Organization Intermediate CA trusted Certificate 395s X509v3 Subject Key Identifier: 395s C9:52:B8:2D:FB:54:B3:9A:C1:A5:CB:A2:D4:FA:CF:2C:AB:BF:2F:E7 395s X509v3 Key Usage: critical 395s Digital Signature, Non Repudiation, Key Encipherment 395s X509v3 Extended Key Usage: 395s TLS Web Client Authentication, E-mail Protection 395s X509v3 Subject Alternative Name: 395s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 395s Signature Algorithm: sha256WithRSAEncryption 395s Signature Value: 395s d0:f5:2f:ed:92:fc:da:0d:6f:a3:1e:66:68:07:4d:80:03:22: 395s cc:a6:db:f9:0b:c7:e3:32:df:10:a9:7e:d5:29:a5:da:c1:da: 395s 64:ff:21:66:e5:54:38:dc:20:d1:8d:01:0d:28:c7:3b:43:ea: 395s 69:ba:56:a5:f0:0d:12:ba:4e:75:f9:f4:b5:e1:a6:5e:e9:13: 395s 57:3d:d0:62:d5:fb:8f:0a:68:d1:b3:11:58:c6:f4:45:45:58: 395s 16:36:2f:de:2b:6f:cb:46:3e:43:b5:2d:12:fc:fd:09:9f:f8: 395s 22:b8:33:21:b7:94:63:e7:e1:95:a9:33:f8:07:96:ce:e4:30: 395s 96:c6 395s + openssl ca -passin pass:random-intermediate-CA-password-17952 -config /tmp/sssd-softhsm2-certs-0PWW87/test-intermediate-CA.config -batch -notext -keyfile /tmp/sssd-softhsm2-certs-0PWW87/test-intermediate-CA-key.pem -in /tmp/sssd-softhsm2-certs-0PWW87/test-intermediate-CA-trusted-certificate-0001-request.pem -days 365 -extensions usr_cert -out /tmp/sssd-softhsm2-certs-0PWW87/test-intermediate-CA-trusted-certificate-0001.pem 395s Using configuration from /tmp/sssd-softhsm2-certs-0PWW87/test-intermediate-CA.config 395s Check that the request matches the signature 395s Signature ok 395s Certificate Details: 395s Serial Number: 4 (0x4) 395s Validity 395s Not Before: Jan 9 12:10:17 2025 GMT 395s Not After : Jan 9 12:10:17 2026 GMT 395s Subject: 395s organizationName = Test Organization 395s organizationalUnitName = Test Organization Unit 395s commonName = Test Organization Intermediate Trusted Certificate 0001 395s X509v3 extensions: 395s X509v3 Authority Key Identifier: 395s A2:2A:CE:DE:00:5C:D9:B9:52:71:BB:BB:81:84:3B:6F:A4:BC:9A:5F 395s X509v3 Basic Constraints: 395s CA:FALSE 395s Netscape Cert Type: 395s SSL Client, S/MIME 395s Netscape Comment: 395s Test Organization Intermediate CA trusted Certificate 395s X509v3 Subject Key Identifier: 395s C9:52:B8:2D:FB:54:B3:9A:C1:A5:CB:A2:D4:FA:CF:2C:AB:BF:2F:E7 395s X509v3 Key Usage: critical 395s Digital Signature, Non Repudiation, Key Encipherment 395s X509v3 Extended Key Usage: 395s TLS Web Client Authentication, E-mail Protection 395s X509v3 Subject Alternative Name: 395s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 395s Certificate is to be certified until Jan 9 12:10:17 2026 GMT (365 days) 395s 395s Write out database with 1 new entries 395s Database updated 395s + openssl x509 -noout -in /tmp/sssd-softhsm2-certs-0PWW87/test-intermediate-CA-trusted-certificate-0001.pem 395s This certificate should not be trusted fully 395s + echo 'This certificate should not be trusted fully' 395s + expect_fail openssl verify -CAfile /tmp/sssd-softhsm2-certs-0PWW87/test-intermediate-CA.pem /tmp/sssd-softhsm2-certs-0PWW87/test-intermediate-CA-trusted-certificate-0001.pem 395s + local cmd=openssl 395s + shift 395s + openssl verify -CAfile /tmp/sssd-softhsm2-certs-0PWW87/test-intermediate-CA.pem /tmp/sssd-softhsm2-certs-0PWW87/test-intermediate-CA-trusted-certificate-0001.pem 395s O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate CA 395s error 2 at 1 depth lookup: unable to get issuer certificate 395s error /tmp/sssd-softhsm2-certs-0PWW87/test-intermediate-CA-trusted-certificate-0001.pem: verification failed 395s + openssl verify -partial_chain -CAfile /tmp/sssd-softhsm2-certs-0PWW87/test-intermediate-CA.pem /tmp/sssd-softhsm2-certs-0PWW87/test-intermediate-CA-trusted-certificate-0001.pem 395s /tmp/sssd-softhsm2-certs-0PWW87/test-intermediate-CA-trusted-certificate-0001.pem: OK 395s + cat 395s + sub_intermediate_ca_trusted_cert_0001_key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-1446 395s + openssl genrsa -aes256 -out /tmp/sssd-softhsm2-certs-0PWW87/test-sub-intermediate-CA-trusted-certificate-0001-key.pem -passout pass:random-sub-intermediate-ca-trusted-cert-0001-1446 1024 395s + openssl req -new -nodes -reqexts req_exts -passin pass:random-sub-intermediate-ca-trusted-cert-0001-1446 -key /tmp/sssd-softhsm2-certs-0PWW87/test-sub-intermediate-CA-trusted-certificate-0001-key.pem -config /tmp/sssd-softhsm2-certs-0PWW87/test-sub-intermediate-CA-trusted-certificate-0001.config -out /tmp/sssd-softhsm2-certs-0PWW87/test-sub-intermediate-CA-trusted-certificate-0001-request.pem 395s + openssl req -text -noout -in /tmp/sssd-softhsm2-certs-0PWW87/test-sub-intermediate-CA-trusted-certificate-0001-request.pem 395s Certificate Request: 395s Data: 395s Version: 1 (0x0) 395s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate Trusted Certificate 0001 395s Subject Public Key Info: 395s Public Key Algorithm: rsaEncryption 395s Public-Key: (1024 bit) 395s Modulus: 395s 00:a7:1b:03:22:53:50:f3:c0:8d:10:ea:1e:b8:fc: 395s 63:dd:bf:41:c3:e6:f3:e7:bc:de:ef:77:4c:35:3f: 395s 9e:1c:96:e8:e1:be:22:4f:a8:6f:ee:eb:4f:67:45: 395s 78:a2:e0:4d:65:11:6f:a6:f0:ff:61:a3:0b:12:be: 395s 7c:e7:80:2c:bc:ea:2a:c3:fb:05:7d:74:5a:84:a7: 395s 6b:02:77:62:c4:39:db:2e:e7:82:39:ac:ca:db:65: 395s f7:94:4a:37:a1:70:8c:ad:22:9d:ea:39:8f:53:a1: 395s cc:24:dc:5f:24:09:ce:73:34:df:ce:04:94:2a:69: 395s e9:72:24:09:0e:6b:1c:3d:f7 395s Exponent: 65537 (0x10001) 395s Attributes: 395s Requested Extensions: 395s X509v3 Basic Constraints: 395s CA:FALSE 395s Netscape Cert Type: 395s SSL Client, S/MIME 395s Netscape Comment: 395s Test Organization Sub Intermediate CA trusted Certificate 395s X509v3 Subject Key Identifier: 395s 08:DA:D7:55:64:7E:CC:89:87:D3:99:A3:D7:9E:52:7D:45:47:F0:9E 395s X509v3 Key Usage: critical 395s Digital Signature, Non Repudiation, Key Encipherment 395s X509v3 Extended Key Usage: 395s TLS Web Client Authentication, E-mail Protection 395s X509v3 Subject Alternative Name: 395s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 395s Signature Algorithm: sha256WithRSAEncryption 395s Signature Value: 395s 71:5e:97:7b:80:bc:46:dc:0a:ea:45:d3:7e:6d:a3:8e:e5:b0: 395s 02:53:6c:6a:90:6a:5e:75:aa:67:9b:b1:64:86:96:c3:ae:db: 395s 76:17:a9:33:9a:a9:57:19:38:41:2f:52:11:d6:e3:27:88:59: 395s 10:df:df:47:3c:f1:59:93:5a:cf:bf:af:ef:34:e7:40:84:8e: 395s 49:3e:bd:35:67:ab:c7:ba:84:f1:8b:0c:1a:70:39:6d:0f:41: 395s 55:68:dd:42:7c:21:97:ea:6f:83:88:ad:06:42:c2:12:d4:fd: 395s 8a:1a:65:e2:84:3f:5a:03:0f:89:22:ba:96:0b:0f:9a:fe:08: 395s bb:6c 395s + openssl ca -passin pass:random-sub-intermediate-CA-password-24395 -config /tmp/sssd-softhsm2-certs-0PWW87/test-sub-intermediate-CA.config -batch -notext -keyfile /tmp/sssd-softhsm2-certs-0PWW87/test-sub-intermediate-CA-key.pem -in /tmp/sssd-softhsm2-certs-0PWW87/test-sub-intermediate-CA-trusted-certificate-0001-request.pem -days 365 -extensions usr_cert -out /tmp/sssd-softhsm2-certs-0PWW87/test-sub-intermediate-CA-trusted-certificate-0001.pem 395s Using configuration from /tmp/sssd-softhsm2-certs-0PWW87/test-sub-intermediate-CA.config 395s Check that the request matches the signature 395s Signature ok 395s Certificate Details: 395s Serial Number: 5 (0x5) 395s Validity 395s Not Before: Jan 9 12:10:17 2025 GMT 395s Not After : Jan 9 12:10:17 2026 GMT 395s Subject: 395s organizationName = Test Organization 395s organizationalUnitName = Test Organization Unit 395s commonName = Test Organization Sub Intermediate Trusted Certificate 0001 395s X509v3 extensions: 395s X509v3 Authority Key Identifier: 395s 01:A6:89:27:A5:BB:DA:0A:01:AD:65:53:A5:A4:F3:D4:27:61:2E:3A 395s X509v3 Basic Constraints: 395s CA:FALSE 395s Netscape Cert Type: 395s SSL Client, S/MIME 395s Netscape Comment: 395s Test Organization Sub Intermediate CA trusted Certificate 395s X509v3 Subject Key Identifier: 395s 08:DA:D7:55:64:7E:CC:89:87:D3:99:A3:D7:9E:52:7D:45:47:F0:9E 395s X509v3 Key Usage: critical 395s Digital Signature, Non Repudiation, Key Encipherment 395s X509v3 Extended Key Usage: 395s TLS Web Client Authentication, E-mail Protection 395s X509v3 Subject Alternative Name: 395s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 395s Certificate is to be certified until Jan 9 12:10:17 2026 GMT (365 days) 395s 395s Write out database with 1 new entries 395s Database updated 395s + openssl x509 -noout -in /tmp/sssd-softhsm2-certs-0PWW87/test-sub-intermediate-CA-trusted-certificate-0001.pem 395s + echo 'This certificate should not be trusted fully' 395s + expect_fail openssl verify -CAfile /tmp/sssd-softhsm2-certs-0PWW87/test-sub-intermediate-CA.pem /tmp/sssd-softhsm2-certs-0PWW87/test-sub-intermediate-CA-trusted-certificate-0001.pem 395s + local cmd=openssl 395s + shift 395s + openssl verify -CAfile /tmp/sssd-softhsm2-certs-0PWW87/test-sub-intermediate-CA.pem /tmp/sssd-softhsm2-certs-0PWW87/test-sub-intermediate-CA-trusted-certificate-0001.pem 395s This certificate should not be trusted fully 395s O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate CA 395s error 2 at 1 depth lookup: unable to get issuer certificate 395s error /tmp/sssd-softhsm2-certs-0PWW87/test-sub-intermediate-CA-trusted-certificate-0001.pem: verification failed 395s + expect_fail openssl verify -CAfile /tmp/sssd-softhsm2-certs-0PWW87/test-intermediate-CA.pem /tmp/sssd-softhsm2-certs-0PWW87/test-sub-intermediate-CA-trusted-certificate-0001.pem 395s + local cmd=openssl 395s + shift 395s + openssl verify -CAfile /tmp/sssd-softhsm2-certs-0PWW87/test-intermediate-CA.pem /tmp/sssd-softhsm2-certs-0PWW87/test-sub-intermediate-CA-trusted-certificate-0001.pem 395s O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate Trusted Certificate 0001 395s error 20 at 0 depth lookup: unable to get local issuer certificate 395s error /tmp/sssd-softhsm2-certs-0PWW87/test-sub-intermediate-CA-trusted-certificate-0001.pem: verification failed 395s + openssl verify -partial_chain -CAfile /tmp/sssd-softhsm2-certs-0PWW87/test-sub-intermediate-CA.pem /tmp/sssd-softhsm2-certs-0PWW87/test-sub-intermediate-CA-trusted-certificate-0001.pem 395s /tmp/sssd-softhsm2-certs-0PWW87/test-sub-intermediate-CA-trusted-certificate-0001.pem: OK 395s + expect_fail openssl verify -partial_chain -CAfile /tmp/sssd-softhsm2-certs-0PWW87/test-intermediate-CA.pem /tmp/sssd-softhsm2-certs-0PWW87/test-sub-intermediate-CA-trusted-certificate-0001.pem 395s + local cmd=openssl 395s + shift 395s + openssl verify -partial_chain -CAfile /tmp/sssd-softhsm2-certs-0PWW87/test-intermediate-CA.pem /tmp/sssd-softhsm2-certs-0PWW87/test-sub-intermediate-CA-trusted-certificate-0001.pem 395s O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate Trusted Certificate 0001 395s error 20 at 0 depth lookup: unable to get local issuer certificate 395s error /tmp/sssd-softhsm2-certs-0PWW87/test-sub-intermediate-CA-trusted-certificate-0001.pem: verification failed 395s + echo 'Building a the full-chain CA file...' 395s Building a the full-chain CA file... 395s + cat /tmp/sssd-softhsm2-certs-0PWW87/test-root-CA.pem /tmp/sssd-softhsm2-certs-0PWW87/test-intermediate-CA.pem /tmp/sssd-softhsm2-certs-0PWW87/test-sub-intermediate-CA.pem 395s + cat /tmp/sssd-softhsm2-certs-0PWW87/test-root-CA.pem /tmp/sssd-softhsm2-certs-0PWW87/test-intermediate-CA.pem 395s + cat /tmp/sssd-softhsm2-certs-0PWW87/test-intermediate-CA.pem /tmp/sssd-softhsm2-certs-0PWW87/test-sub-intermediate-CA.pem 395s + openssl crl2pkcs7 -nocrl -certfile /tmp/sssd-softhsm2-certs-0PWW87/test-full-chain-CA.pem 395s + openssl pkcs7 -print_certs -noout 395s subject=O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root CA 395s issuer=O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root CA 395s 395s subject=O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate CA 395s issuer=O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root CA 395s 395s subject=O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate CA 395s issuer=O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate CA 395s 395s + openssl verify -CAfile /tmp/sssd-softhsm2-certs-0PWW87/test-full-chain-CA.pem /tmp/sssd-softhsm2-certs-0PWW87/test-intermediate-CA.pem 395s /tmp/sssd-softhsm2-certs-0PWW87/test-intermediate-CA.pem: OK 395s + openssl verify -CAfile /tmp/sssd-softhsm2-certs-0PWW87/test-full-chain-CA.pem /tmp/sssd-softhsm2-certs-0PWW87/test-root-CA-trusted-certificate-0001.pem 395s + openssl verify -CAfile /tmp/sssd-softhsm2-certs-0PWW87/test-full-chain-CA.pem /tmp/sssd-softhsm2-certs-0PWW87/test-intermediate-CA-trusted-certificate-0001.pem 395s /tmp/sssd-softhsm2-certs-0PWW87/test-root-CA-trusted-certificate-0001.pem: OK 395s /tmp/sssd-softhsm2-certs-0PWW87/test-intermediate-CA-trusted-certificate-0001.pem: OK 395s + openssl verify -CAfile /tmp/sssd-softhsm2-certs-0PWW87/test-full-chain-CA.pem /tmp/sssd-softhsm2-certs-0PWW87/test-root-intermediate-chain-CA.pem 395s /tmp/sssd-softhsm2-certs-0PWW87/test-root-intermediate-chain-CA.pem: OK 395s + openssl verify -CAfile /tmp/sssd-softhsm2-certs-0PWW87/test-full-chain-CA.pem /tmp/sssd-softhsm2-certs-0PWW87/test-sub-intermediate-CA-trusted-certificate-0001.pem 395s + echo 'Certificates generation completed!' 395s /tmp/sssd-softhsm2-certs-0PWW87/test-sub-intermediate-CA-trusted-certificate-0001.pem: OK 395s + [[ -v NO_SSSD_TESTS ]] 395s + [[ -v GENERATE_SMART_CARDS ]] 395s + prepare_softhsm2_card /tmp/sssd-softhsm2-certs-0PWW87/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-10935 395s + local certificate=/tmp/sssd-softhsm2-certs-0PWW87/test-root-CA-trusted-certificate-0001.pem 395s + local key_pass=pass:random-root-ca-trusted-cert-0001-10935 395s + local key_cn 395s + local key_name 395s + local tokens_dir 395s + local output_cert_file 395s + token_name= 395s Certificates generation completed! 395s ++ basename /tmp/sssd-softhsm2-certs-0PWW87/test-root-CA-trusted-certificate-0001.pem .pem 395s + key_name=test-root-CA-trusted-certificate-0001 395s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-certs-0PWW87/test-root-CA-trusted-certificate-0001.pem 395s ++ sed -n 's/ *commonName *= //p' 395s + key_cn='Test Organization Root Trusted Certificate 0001' 395s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 395s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-certs-0PWW87/softhsm2-test-root-CA-trusted-certificate-0001.conf 395s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-certs-0PWW87/softhsm2-test-root-CA-trusted-certificate-0001.conf 395s ++ basename /tmp/sssd-softhsm2-certs-0PWW87/softhsm2-test-root-CA-trusted-certificate-0001.conf .conf 395s + tokens_dir=/tmp/sssd-softhsm2-certs-0PWW87/softhsm2-test-root-CA-trusted-certificate-0001 395s + token_name='Test Organization Root Tr Token' 395s + '[' '!' -e /tmp/sssd-softhsm2-certs-0PWW87/softhsm2-test-root-CA-trusted-certificate-0001.conf ']' 395s + local key_file 395s + local decrypted_key 395s + mkdir -p /tmp/sssd-softhsm2-certs-0PWW87/softhsm2-test-root-CA-trusted-certificate-0001 395s + key_file=/tmp/sssd-softhsm2-certs-0PWW87/test-root-CA-trusted-certificate-0001-key.pem 395s + decrypted_key=/tmp/sssd-softhsm2-certs-0PWW87/test-root-CA-trusted-certificate-0001-key-decrypted.pem 395s + cat 395s + softhsm2-util --init-token --label 'Test Organization Root Tr Token' --pin 123456 --so-pin 123456 --free 395s Slot 0 has a free/uninitialized token. 395s The token has been initialized and is reassigned to slot 611436926 395s + softhsm2-util --show-slots 395s Available slots: 395s Slot 611436926 395s Slot info: 395s Description: SoftHSM slot ID 0x2471c97e 395s Manufacturer ID: SoftHSM project 395s Hardware version: 2.6 395s Firmware version: 2.6 395s Token present: yes 395s Token info: 395s Manufacturer ID: SoftHSM project 395s Model: SoftHSM v2 395s Hardware version: 2.6 395s Firmware version: 2.6 395s Serial number: 9d40c8d6a471c97e 395s Initialized: yes 395s User PIN init.: yes 395s Label: Test Organization Root Tr Token 395s Slot 1 395s Slot info: 395s Description: SoftHSM slot ID 0x1 395s Manufacturer ID: SoftHSM project 395s Hardware version: 2.6 395s Firmware version: 2.6 395s Token present: yes 395s Token info: 395s Manufacturer ID: SoftHSM project 395s Model: SoftHSM v2 395s Hardware version: 2.6 395s Firmware version: 2.6 395s Serial number: 395s Initialized: no 395s User PIN init.: no 395s Label: 395s + p11tool --provider=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so --write --no-mark-private --load-certificate=/tmp/sssd-softhsm2-certs-0PWW87/test-root-CA-trusted-certificate-0001.pem --login --set-pin=123456 --label 'Test Organization Root Trusted Certificate 0001' --id 00112233445566778899FFAABBCCDDEEFF012345 395s + openssl rsa -passin pass:random-root-ca-trusted-cert-0001-10935 -in /tmp/sssd-softhsm2-certs-0PWW87/test-root-CA-trusted-certificate-0001-key.pem -out /tmp/sssd-softhsm2-certs-0PWW87/test-root-CA-trusted-certificate-0001-key-decrypted.pem 395s writing RSA key 395s + p11tool --provider=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so --write --load-privkey=/tmp/sssd-softhsm2-certs-0PWW87/test-root-CA-trusted-certificate-0001-key-decrypted.pem --login --set-pin=123456 --label 'Test Organization Root Trusted Certificate 0001 Key' --id 00112233445566778899FFAABBCCDDEEFF012345 395s + rm /tmp/sssd-softhsm2-certs-0PWW87/test-root-CA-trusted-certificate-0001-key-decrypted.pem 395s + p11tool --provider=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so --list-all 395s Object 0: 395s URL: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=9d40c8d6a471c97e;token=Test%20Organization%20Root%20Tr%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Root%20Trusted%20Certificate%200001;type=cert 395s Type: X.509 Certificate (RSA-1024) 395s Expires: Fri Jan 9 12:10:17 2026 395s Label: Test Organization Root Trusted Certificate 0001 395s ID: 00:11:22:33:44:55:66:77:88:99:ff:aa:bb:cc:dd:ee:ff:01:23:45 395s 395s Test Organization Root Tr Token 395s + echo 'Test Organization Root Tr Token' 395s + prepare_softhsm2_card /tmp/sssd-softhsm2-certs-0PWW87/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-11705 395s + local certificate=/tmp/sssd-softhsm2-certs-0PWW87/test-intermediate-CA-trusted-certificate-0001.pem 395s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-11705 395s + local key_cn 395s + local key_name 395s + local tokens_dir 395s + local output_cert_file 395s + token_name= 395s ++ basename /tmp/sssd-softhsm2-certs-0PWW87/test-intermediate-CA-trusted-certificate-0001.pem .pem 395s + key_name=test-intermediate-CA-trusted-certificate-0001 395s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-certs-0PWW87/test-intermediate-CA-trusted-certificate-0001.pem 395s ++ sed -n 's/ *commonName *= //p' 395s + key_cn='Test Organization Intermediate Trusted Certificate 0001' 395s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 395s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-certs-0PWW87/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 395s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-certs-0PWW87/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 395s ++ basename /tmp/sssd-softhsm2-certs-0PWW87/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf .conf 395s + tokens_dir=/tmp/sssd-softhsm2-certs-0PWW87/softhsm2-test-intermediate-CA-trusted-certificate-0001 395s + token_name='Test Organization Interme Token' 395s + '[' '!' -e /tmp/sssd-softhsm2-certs-0PWW87/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf ']' 395s + local key_file 395s + local decrypted_key 395s + mkdir -p /tmp/sssd-softhsm2-certs-0PWW87/softhsm2-test-intermediate-CA-trusted-certificate-0001 395s + key_file=/tmp/sssd-softhsm2-certs-0PWW87/test-intermediate-CA-trusted-certificate-0001-key.pem 395s + decrypted_key=/tmp/sssd-softhsm2-certs-0PWW87/test-intermediate-CA-trusted-certificate-0001-key-decrypted.pem 395s + cat 395s + softhsm2-util --init-token --label 'Test Organization Interme Token' --pin 123456 --so-pin 123456 --free 395s Slot 0 has a free/uninitialized token. 395s The token has been initialized and is reassigned to slot 1927699724 395s + softhsm2-util --show-slots 395s Available slots: 395s Slot 1927699724 395s Slot info: 395s Description: SoftHSM slot ID 0x72e65d0c 395s Manufacturer ID: SoftHSM project 395s Hardware version: 2.6 395s Firmware version: 2.6 395s Token present: yes 395s Token info: 395s Manufacturer ID: SoftHSM project 395s Model: SoftHSM v2 395s Hardware version: 2.6 395s Firmware version: 2.6 395s Serial number: 8ca7dc6bf2e65d0c 395s Initialized: yes 395s User PIN init.: yes 395s Label: Test Organization Interme Token 395s Slot 1 395s Slot info: 395s Description: SoftHSM slot ID 0x1 395s Manufacturer ID: SoftHSM project 395s Hardware version: 2.6 395s Firmware version: 2.6 395s Token present: yes 395s Token info: 395s Manufacturer ID: SoftHSM project 395s Model: SoftHSM v2 395s Hardware version: 2.6 395s Firmware version: 2.6 395s Serial number: 395s Initialized: no 395s User PIN init.: no 395s Label: 395s + p11tool --provider=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so --write --no-mark-private --load-certificate=/tmp/sssd-softhsm2-certs-0PWW87/test-intermediate-CA-trusted-certificate-0001.pem --login --set-pin=123456 --label 'Test Organization Intermediate Trusted Certificate 0001' --id 00112233445566778899FFAABBCCDDEEFF012345 395s + openssl rsa -passin pass:random-intermediate-ca-trusted-cert-0001-11705 -in /tmp/sssd-softhsm2-certs-0PWW87/test-intermediate-CA-trusted-certificate-0001-key.pem -out /tmp/sssd-softhsm2-certs-0PWW87/test-intermediate-CA-trusted-certificate-0001-key-decrypted.pem 395s writing RSA key 395s + p11tool --provider=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so --write --load-privkey=/tmp/sssd-softhsm2-certs-0PWW87/test-intermediate-CA-trusted-certificate-0001-key-decrypted.pem --login --set-pin=123456 --label 'Test Organization Intermediate Trusted Certificate 0001 Key' --id 00112233445566778899FFAABBCCDDEEFF012345 395s + rm /tmp/sssd-softhsm2-certs-0PWW87/test-intermediate-CA-trusted-certificate-0001-key-decrypted.pem 395s + p11tool --provider=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so --list-all 395s + echo 'Test Organization Interme Token' 395s Object 0: 395s URL: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=8ca7dc6bf2e65d0c;token=Test%20Organization%20Interme%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Intermediate%20Trusted%20Certificate%200001;type=cert 395s Type: X.509 Certificate (RSA-1024) 395s Expires: Fri Jan 9 12:10:17 2026 395s Label: Test Organization Intermediate Trusted Certificate 0001 395s ID: 00:11:22:33:44:55:66:77:88:99:ff:aa:bb:cc:dd:ee:ff:01:23:45 395s 395s Test Organization Interme Token 395s + prepare_softhsm2_card /tmp/sssd-softhsm2-certs-0PWW87/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-1446 395s + local certificate=/tmp/sssd-softhsm2-certs-0PWW87/test-sub-intermediate-CA-trusted-certificate-0001.pem 395s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-1446 395s + local key_cn 395s + local key_name 395s + local tokens_dir 395s + local output_cert_file 395s + token_name= 395s ++ basename /tmp/sssd-softhsm2-certs-0PWW87/test-sub-intermediate-CA-trusted-certificate-0001.pem .pem 395s + key_name=test-sub-intermediate-CA-trusted-certificate-0001 395s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-certs-0PWW87/test-sub-intermediate-CA-trusted-certificate-0001.pem 395s ++ sed -n 's/ *commonName *= //p' 395s + key_cn='Test Organization Sub Intermediate Trusted Certificate 0001' 395s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 395s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-certs-0PWW87/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 395s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-certs-0PWW87/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 395s ++ basename /tmp/sssd-softhsm2-certs-0PWW87/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf .conf 395s + tokens_dir=/tmp/sssd-softhsm2-certs-0PWW87/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 395s + token_name='Test Organization Sub Int Token' 395s + '[' '!' -e /tmp/sssd-softhsm2-certs-0PWW87/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf ']' 395s + local key_file 395s + local decrypted_key 395s + mkdir -p /tmp/sssd-softhsm2-certs-0PWW87/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 395s + key_file=/tmp/sssd-softhsm2-certs-0PWW87/test-sub-intermediate-CA-trusted-certificate-0001-key.pem 395s + decrypted_key=/tmp/sssd-softhsm2-certs-0PWW87/test-sub-intermediate-CA-trusted-certificate-0001-key-decrypted.pem 395s + cat 395s + softhsm2-util --init-token --label 'Test Organization Sub Int Token' --pin 123456 --so-pin 123456 --free 395s + softhsm2-util --show-slots 395s Slot 0 has a free/uninitialized token. 395s The token has been initialized and is reassigned to slot 67266391 395s Available slots: 395s Slot 67266391 395s Slot info: 395s Description: SoftHSM slot ID 0x4026757 395s Manufacturer ID: SoftHSM project 395s Hardware version: 2.6 395s Firmware version: 2.6 395s Token present: yes 395s Token info: 395s Manufacturer ID: SoftHSM project 395s Model: SoftHSM v2 395s Hardware version: 2.6 395s Firmware version: 2.6 395s Serial number: 1133cc1504026757 395s Initialized: yes 395s User PIN init.: yes 395s Label: Test Organization Sub Int Token 395s Slot 1 395s Slot info: 395s Description: SoftHSM slot ID 0x1 395s Manufacturer ID: SoftHSM project 395s Hardware version: 2.6 395s Firmware version: 2.6 395s Token present: yes 395s Token info: 395s Manufacturer ID: SoftHSM project 395s Model: SoftHSM v2 395s Hardware version: 2.6 395s Firmware version: 2.6 395s Serial number: 395s Initialized: no 395s User PIN init.: no 395s Label: 395s + p11tool --provider=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so --write --no-mark-private --load-certificate=/tmp/sssd-softhsm2-certs-0PWW87/test-sub-intermediate-CA-trusted-certificate-0001.pem --login --set-pin=123456 --label 'Test Organization Sub Intermediate Trusted Certificate 0001' --id 00112233445566778899FFAABBCCDDEEFF012345 395s + openssl rsa -passin pass:random-sub-intermediate-ca-trusted-cert-0001-1446 -in /tmp/sssd-softhsm2-certs-0PWW87/test-sub-intermediate-CA-trusted-certificate-0001-key.pem -out /tmp/sssd-softhsm2-certs-0PWW87/test-sub-intermediate-CA-trusted-certificate-0001-key-decrypted.pem 395s writing RSA key 395s + p11tool --provider=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so --write --load-privkey=/tmp/sssd-softhsm2-certs-0PWW87/test-sub-intermediate-CA-trusted-certificate-0001-key-decrypted.pem --login --set-pin=123456 --label 'Test Organization Sub Intermediate Trusted Certificate 0001 Key' --id 00112233445566778899FFAABBCCDDEEFF012345 395s + rm /tmp/sssd-softhsm2-certs-0PWW87/test-sub-intermediate-CA-trusted-certificate-0001-key-decrypted.pem 395s + p11tool --provider=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so --list-all 395s Object 0: 395s URL: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=1133cc1504026757;token=Test%20Organization%20Sub%20Int%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Sub%20Intermediate%20Trusted%20Certificate%200001;type=cert 395s Type: X.509 Certificate (RSA-1024) 395s Expires: Fri Jan 9 12:10:17 2026 395s Label: Test Organization Sub Intermediate Trusted Certificate 0001 395s ID: 00:11:22:33:44:55:66:77:88:99:ff:aa:bb:cc:dd:ee:ff:01:23:45 395s 395s Test Organization Sub Int Token 395s + echo 'Test Organization Sub Int Token' 395s + echo 'Certificates generation completed!' 395s + exit 0 395s Certificates generation completed! 395s + find /tmp/sssd-softhsm2-certs-0PWW87 -type d -exec chmod 777 '{}' ';' 395s + find /tmp/sssd-softhsm2-certs-0PWW87 -type f -exec chmod 666 '{}' ';' 396s + backup_file /etc/sssd/sssd.conf 396s + '[' -z '' ']' 396s ++ mktemp -d -t sssd-softhsm2-backups-XXXXXX 396s + backupsdir=/tmp/sssd-softhsm2-backups-11VWAa 396s + '[' -e /etc/sssd/sssd.conf ']' 396s + delete_paths+=("$1") 396s + rm -f /etc/sssd/sssd.conf 396s ++ runuser -u ubuntu -- sh -c 'echo ~' 396s + user_home=/home/ubuntu 396s + mkdir -p /home/ubuntu 396s + chown ubuntu:ubuntu /home/ubuntu 396s ++ runuser -u ubuntu -- sh -c 'echo ${XDG_CONFIG_HOME:-~/.config}' 396s + user_config=/home/ubuntu/.config 396s + system_config=/etc 396s + softhsm2_conf_paths=("${AUTOPKGTEST_NORMAL_USER}:$user_config/softhsm2/softhsm2.conf" "root:$system_config/softhsm/softhsm2.conf") 396s + for path_pair in "${softhsm2_conf_paths[@]}" 396s + IFS=: 396s + read -r -a path 396s + path=/home/ubuntu/.config/softhsm2/softhsm2.conf 396s + backup_file /home/ubuntu/.config/softhsm2/softhsm2.conf 396s + '[' -z /tmp/sssd-softhsm2-backups-11VWAa ']' 396s + '[' -e /home/ubuntu/.config/softhsm2/softhsm2.conf ']' 396s + delete_paths+=("$1") 396s + rm -f /home/ubuntu/.config/softhsm2/softhsm2.conf 396s + for path_pair in "${softhsm2_conf_paths[@]}" 396s + IFS=: 396s + read -r -a path 396s + path=/etc/softhsm/softhsm2.conf 396s + backup_file /etc/softhsm/softhsm2.conf 396s + '[' -z /tmp/sssd-softhsm2-backups-11VWAa ']' 396s + '[' -e /etc/softhsm/softhsm2.conf ']' 396s ++ dirname /etc/softhsm/softhsm2.conf 396s + local back_dir=/tmp/sssd-softhsm2-backups-11VWAa//etc/softhsm 396s ++ basename /etc/softhsm/softhsm2.conf 396s + local back_path=/tmp/sssd-softhsm2-backups-11VWAa//etc/softhsm/softhsm2.conf 396s + '[' '!' -e /tmp/sssd-softhsm2-backups-11VWAa//etc/softhsm/softhsm2.conf ']' 396s + mkdir -p /tmp/sssd-softhsm2-backups-11VWAa//etc/softhsm 396s + cp -a /etc/softhsm/softhsm2.conf /tmp/sssd-softhsm2-backups-11VWAa//etc/softhsm/softhsm2.conf 396s + restore_paths+=("$back_path") 396s + rm -f /etc/softhsm/softhsm2.conf 396s + test_authentication login /tmp/sssd-softhsm2-certs-0PWW87/softhsm2-test-root-CA-trusted-certificate-0001.conf /tmp/sssd-softhsm2-certs-0PWW87/test-full-chain-CA.pem 396s + pam_service=login 396s + certificate_config=/tmp/sssd-softhsm2-certs-0PWW87/softhsm2-test-root-CA-trusted-certificate-0001.conf 396s + ca_db=/tmp/sssd-softhsm2-certs-0PWW87/test-full-chain-CA.pem 396s + verification_options= 396s + mkdir -p -m 700 /etc/sssd 396s + echo 'Using CA DB '\''/tmp/sssd-softhsm2-certs-0PWW87/test-full-chain-CA.pem'\'' with verification options: '\'''\''' 396s + cat 396s Using CA DB '/tmp/sssd-softhsm2-certs-0PWW87/test-full-chain-CA.pem' with verification options: '' 396s + chmod 600 /etc/sssd/sssd.conf 396s + for path_pair in "${softhsm2_conf_paths[@]}" 396s + IFS=: 396s + read -r -a path 396s + user=ubuntu 396s + path=/home/ubuntu/.config/softhsm2/softhsm2.conf 396s ++ dirname /home/ubuntu/.config/softhsm2/softhsm2.conf 396s + runuser -u ubuntu -- mkdir -p /home/ubuntu/.config/softhsm2 396s + runuser -u ubuntu -- ln -sf /tmp/sssd-softhsm2-certs-0PWW87/softhsm2-test-root-CA-trusted-certificate-0001.conf /home/ubuntu/.config/softhsm2/softhsm2.conf 396s + runuser -u ubuntu -- softhsm2-util --show-slots 396s + grep 'Test Organization' 396s Label: Test Organization Root Tr Token 396s + for path_pair in "${softhsm2_conf_paths[@]}" 396s + IFS=: 396s + read -r -a path 396s + user=root 396s + path=/etc/softhsm/softhsm2.conf 396s ++ dirname /etc/softhsm/softhsm2.conf 396s + runuser -u root -- mkdir -p /etc/softhsm 396s + runuser -u root -- ln -sf /tmp/sssd-softhsm2-certs-0PWW87/softhsm2-test-root-CA-trusted-certificate-0001.conf /etc/softhsm/softhsm2.conf 396s + runuser -u root -- softhsm2-util --show-slots 396s + grep 'Test Organization' 396s Label: Test Organization Root Tr Token 396s + systemctl restart sssd 396s + pam-auth-update --disable sss-smart-card-optional sss-smart-card-required 396s + for alternative in "${alternative_pam_configs[@]}" 396s + pam-auth-update --enable sss-smart-card-optional 396s + cat /etc/pam.d/common-auth 396s # 396s # /etc/pam.d/common-auth - authentication settings common to all services 396s # 396s # This file is included from other service-specific PAM config files, 396s # and should contain a list of the authentication modules that define 396s # the central authentication scheme for use on the system 396s # (e.g., /etc/shadow, LDAP, Kerberos, etc.). The default is to use the 396s # traditional Unix authentication mechanisms. 396s # 396s # As of pam 1.0.1-6, this file is managed by pam-auth-update by default. 396s # To take advantage of this, it is recommended that you configure any 396s # local modules either before or after the default block, and use 396s # pam-auth-update to manage selection of other modules. See 396s # pam-auth-update(8) for details. 396s 396s # here are the per-package modules (the "Primary" block) 396s auth [success=3 default=ignore] pam_sss.so allow_missing_name try_cert_auth 396s auth [success=2 default=ignore] pam_unix.so nullok try_first_pass 396s auth [success=1 default=ignore] pam_sss.so use_first_pass 396s # here's the fallback if no module succeeds 396s auth requisite pam_deny.so 396s # prime the stack with a positive return value if there isn't one already; 396s # this avoids us returning an error just because nothing sets a success code 396s # since the modules above will each just jump around 396s auth required pam_permit.so 396s # and here are more per-package modules (the "Additional" block) 396s auth optional pam_cap.so 396s # end of pam-auth-update config 396s + echo -n -e 123456 396s + runuser -u ubuntu -- pamtester -v login ubuntu authenticate 396s pamtester: invoking pam_start(login, ubuntu, ...) 396s pamtester: performing operation - authenticate 396s PIN for Test Organization Root Tr Token: pamtester: successfully authenticated 396s + echo -n -e 123456 396s + runuser -u ubuntu -- pamtester -v login '' authenticate 396s pamtester: invoking pam_start(login, , ...) 396s pamtester: performing operation - authenticate 396s PIN for Test Organization Root Tr Token: pamtester: successfully authenticated 396s + echo -n -e wrong123456 396s + runuser -u ubuntu -- pamtester -v login ubuntu authenticate 396s pamtester: invoking pam_start(login, ubuntu, ...) 396s pamtester: performing operation - authenticate 400s PIN for Test Organization Root Tr Token: Password: pamtester: Authentication failure 400s + echo -n -e wrong123456 400s + runuser -u ubuntu -- pamtester -v login '' authenticate 400s pamtester: invoking pam_start(login, , ...) 400s pamtester: performing operation - authenticate 403s PIN for Test Organization Root Tr Token: Password: pamtester: Authentication failure 403s + echo -n -e 123456 403s + pamtester -v login root authenticate 403s pamtester: invoking pam_start(login, root, ...) 403s pamtester: performing operation - authenticate 407s Password: pamtester: Authentication failure 407s + for alternative in "${alternative_pam_configs[@]}" 407s + pam-auth-update --enable sss-smart-card-required 407s PAM configuration 407s ----------------- 407s 407s Incompatible PAM profiles selected. 407s 407s The following PAM profiles cannot be used together: 407s 407s SSS required smart card authentication, SSS optional smart card 407s authentication 407s 407s Please select a different set of modules to enable. 407s 407s + cat /etc/pam.d/common-auth 407s # 407s # /etc/pam.d/common-auth - authentication settings common to all services 407s # 407s # This file is included from other service-specific PAM config files, 407s # and should contain a list of the authentication modules that define 407s # the central authentication scheme for use on the system 407s # (e.g., /etc/shadow, LDAP, Kerberos, etc.). The default is to use the 407s # traditional Unix authentication mechanisms. 407s # 407s # As of pam 1.0.1-6, this file is managed by pam-auth-update by default. 407s # To take advantage of this, it is recommended that you configure any 407s # local modules either before or after the default block, and use 407s # pam-auth-update to manage selection of other modules. See 407s # pam-auth-update(8) for details. 407s 407s # here are the per-package modules (the "Primary" block) 407s auth [success=3 ignore=ignore default=die] pam_sss.so allow_missing_name require_cert_auth 407s auth [success=2 default=ignore] pam_unix.so nullok try_first_pass 407s auth [success=1 default=ignore] pam_sss.so use_first_pass 407s # here's the fallback if no module succeeds 407s auth requisite pam_deny.so 407s # prime the stack with a positive return value if there isn't one already; 407s # this avoids us returning an error just because nothing sets a success code 407s # since the modules above will each just jump around 407s auth required pam_permit.so 407s # and here are more per-package modules (the "Additional" block) 407s auth optional pam_cap.so 407s # end of pam-auth-update config 407s + echo -n -e 123456 407s + runuser -u ubuntu -- pamtester -v login ubuntu authenticate 407s pamtester: invoking pam_start(login, ubuntu, ...) 407s pamtester: performing operation - authenticate 407s PIN for Test Organization Root Tr Token: pamtester: successfully authenticated 407s + echo -n -e 123456 407s + runuser -u ubuntu -- pamtester -v login '' authenticate 407s pamtester: invoking pam_start(login, , ...) 407s pamtester: performing operation - authenticate 407s PIN for Test Organization Root Tr Token: pamtester: successfully authenticated 407s + echo -n -e wrong123456 407s + runuser -u ubuntu -- pamtester -v login ubuntu authenticate 407s pamtester: invoking pam_start(login, ubuntu, ...) 407s pamtester: performing operation - authenticate 410s PIN for Test Organization Root Tr Token: pamtester: Authentication failure 410s + echo -n -e wrong123456 410s + runuser -u ubuntu -- pamtester -v login '' authenticate 410s pamtester: invoking pam_start(login, , ...) 410s pamtester: performing operation - authenticate 414s PIN for Test Organization Root Tr Token: pamtester: Authentication failure 414s + echo -n -e 123456 414s + pamtester -v login root authenticate 414s pamtester: invoking pam_start(login, root, ...) 414s pamtester: performing operation - authenticate 417s pamtester: Authentication service cannot retrieve authentication info 417s + test_authentication login /tmp/sssd-softhsm2-certs-0PWW87/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf /tmp/sssd-softhsm2-certs-0PWW87/test-full-chain-CA.pem 417s + pam_service=login 417s + certificate_config=/tmp/sssd-softhsm2-certs-0PWW87/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 417s + ca_db=/tmp/sssd-softhsm2-certs-0PWW87/test-full-chain-CA.pem 417s + verification_options= 417s + mkdir -p -m 700 /etc/sssd 417s + echo 'Using CA DB '\''/tmp/sssd-softhsm2-certs-0PWW87/test-full-chain-CA.pem'\'' with verification options: '\'''\''' 417s + cat 417s Using CA DB '/tmp/sssd-softhsm2-certs-0PWW87/test-full-chain-CA.pem' with verification options: '' 417s + chmod 600 /etc/sssd/sssd.conf 417s + for path_pair in "${softhsm2_conf_paths[@]}" 417s + IFS=: 417s + read -r -a path 417s + user=ubuntu 417s + path=/home/ubuntu/.config/softhsm2/softhsm2.conf 417s ++ dirname /home/ubuntu/.config/softhsm2/softhsm2.conf 417s + runuser -u ubuntu -- mkdir -p /home/ubuntu/.config/softhsm2 417s + runuser -u ubuntu -- ln -sf /tmp/sssd-softhsm2-certs-0PWW87/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf /home/ubuntu/.config/softhsm2/softhsm2.conf 417s + runuser -u ubuntu -- softhsm2-util --show-slots 417s + grep 'Test Organization' 417s + for path_pair in "${softhsm2_conf_paths[@]}" 417s + IFS=: 417s + read -r -a path 417s + user=root 417s + path=/etc/softhsm/softhsm2.conf 417s ++ dirname /etc/softhsm/softhsm2.conf 417s + runuser -u root -- mkdir -p /etc/softhsm 417s + runuser -u root -- ln -sf /tmp/sssd-softhsm2-certs-0PWW87/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf /etc/softhsm/softhsm2.conf 417s + runuser -u root -- softhsm2-util --show-slots 417s + grep 'Test Organization' 417s Label: Test Organization Sub Int Token 417s Label: Test Organization Sub Int Token 417s + systemctl restart sssd 417s + pam-auth-update --disable sss-smart-card-optional sss-smart-card-required 418s + for alternative in "${alternative_pam_configs[@]}" 418s + pam-auth-update --enable sss-smart-card-optional 418s + cat /etc/pam.d/common-auth 418s # 418s # /etc/pam.d/common-auth - authentication settings common to all services 418s # 418s # This file is included from other service-specific PAM config files, 418s # and should contain a list of the authentication modules that define 418s # the central authentication scheme for use on the system 418s # (e.g., /etc/shadow, LDAP, Kerberos, etc.). The default is to use the 418s # traditional Unix authentication mechanisms. 418s # 418s # As of pam 1.0.1-6, this file is managed by pam-auth-update by default. 418s # To take advantage of this, it is recommended that you configure any 418s # local modules either before or after the default block, and use 418s # pam-auth-update to manage selection of other modules. See 418s # pam-auth-update(8) for details. 418s 418s # here are the per-package modules (the "Primary" block) 418s auth [success=3 default=ignore] pam_sss.so allow_missing_name try_cert_auth 418s auth [success=2 default=ignore] pam_unix.so nullok try_first_pass 418s auth [success=1 default=ignore] pam_sss.so use_first_pass 418s # here's the fallback if no module succeeds 418s auth requisite pam_deny.so 418s # prime the stack with a positive return value if there isn't one already; 418s # this avoids us returning an error just because nothing sets a success code 418s # since the modules above will each just jump around 418s auth required pam_permit.so 418s # and here are more per-package modules (the "Additional" block) 418s auth optional pam_cap.so 418s # end of pam-auth-update config 418s + echo -n -e 123456 418s + runuser -u ubuntu -- pamtester -v login ubuntu authenticate 418s pamtester: invoking pam_start(login, ubuntu, ...) 418s pamtester: performing operation - authenticate 418s PIN for Test Organization Sub Int Token: pamtester: successfully authenticated 418s + echo -n -e 123456 418s + runuser -u ubuntu -- pamtester -v login '' authenticate 418s pamtester: invoking pam_start(login, , ...) 418s pamtester: performing operation - authenticate 418s PIN for Test Organization Sub Int Token: pamtester: successfully authenticated 418s + echo -n -e wrong123456 418s + runuser -u ubuntu -- pamtester -v login ubuntu authenticate 418s pamtester: invoking pam_start(login, ubuntu, ...) 418s pamtester: performing operation - authenticate 421s PIN for Test Organization Sub Int Token: Password: pamtester: Authentication failure 421s + echo -n -e wrong123456 421s + runuser -u ubuntu -- pamtester -v login '' authenticate 421s pamtester: invoking pam_start(login, , ...) 421s pamtester: performing operation - authenticate 425s PIN for Test Organization Sub Int Token: Password: pamtester: Authentication failure 425s + echo -n -e 123456 425s + pamtester -v login root authenticate 425s pamtester: invoking pam_start(login, root, ...) 425s pamtester: performing operation - authenticate 427s Password: pamtester: Authentication failure 427s + for alternative in "${alternative_pam_configs[@]}" 427s + pam-auth-update --enable sss-smart-card-required 427s PAM configuration 427s ----------------- 427s 427s Incompatible PAM profiles selected. 427s 427s The following PAM profiles cannot be used together: 427s 427s SSS required smart card authentication, SSS optional smart card 427s authentication 427s 427s Please select a different set of modules to enable. 427s 427s + cat /etc/pam.d/common-auth 427s # 427s # /etc/pam.d/common-auth - authentication settings common to all services 427s # 427s # This file is included from other service-specific PAM config files, 427s # and should contain a list of the authentication modules that define 427s # the central authentication scheme for use on the system 427s # (e.g., /etc/shadow, LDAP, Kerberos, etc.). The default is to use the 427s # traditional Unix authentication mechanisms. 427s # 427s # As of pam 1.0.1-6, this file is managed by pam-auth-update by default. 427s # To take advantage of this, it is recommended that you configure any 427s # local modules either before or after the default block, and use 427s # pam-auth-update to manage selection of other modules. See 427s # pam-auth-update(8) for details. 427s 427s # here are the per-package modules (the "Primary" block) 427s auth [success=3 ignore=ignore default=die] pam_sss.so allow_missing_name require_cert_auth 427s auth [success=2 default=ignore] pam_unix.so nullok try_first_pass 427s auth [success=1 default=ignore] pam_sss.so use_first_pass 427s # here's the fallback if no module succeeds 427s auth requisite pam_deny.so 427s # prime the stack with a positive return value if there isn't one already; 427s # this avoids us returning an error just because nothing sets a success code 427s # since the modules above will each just jump around 427s auth required pam_permit.so 427s # and here are more per-package modules (the "Additional" block) 427s auth optional pam_cap.so 427s # end of pam-auth-update config 427s + echo -n -e 123456 427s + runuser -u ubuntu -- pamtester -v login ubuntu authenticate 427s pamtester: invoking pam_start(login, ubuntu, ...) 427s pamtester: performing operation - authenticate 427s PIN for Test Organization Sub Int Token: pamtester: successfully authenticated 427s + echo -n -e 123456 427s + runuser -u ubuntu -- pamtester -v login '' authenticate 427s pamtester: invoking pam_start(login, , ...) 427s pamtester: performing operation - authenticate 428s PIN for Test Organization Sub Int Token: pamtester: successfully authenticated 428s + echo -n -e wrong123456 428s + runuser -u ubuntu -- pamtester -v login ubuntu authenticate 428s pamtester: invoking pam_start(login, ubuntu, ...) 428s pamtester: performing operation - authenticate 430s PIN for Test Organization Sub Int Token: pamtester: Authentication failure 430s + echo -n -e wrong123456 430s + runuser -u ubuntu -- pamtester -v login '' authenticate 430s pamtester: invoking pam_start(login, , ...) 430s pamtester: performing operation - authenticate 433s PIN for Test Organization Sub Int Token: pamtester: Authentication failure 433s + echo -n -e 123456 433s + pamtester -v login root authenticate 433s pamtester: invoking pam_start(login, root, ...) 433s pamtester: performing operation - authenticate 437s pamtester: Authentication service cannot retrieve authentication info 437s + test_authentication login /tmp/sssd-softhsm2-certs-0PWW87/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf /tmp/sssd-softhsm2-certs-0PWW87/test-sub-intermediate-CA.pem partial_chain 437s + pam_service=login 437s + certificate_config=/tmp/sssd-softhsm2-certs-0PWW87/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 437s + ca_db=/tmp/sssd-softhsm2-certs-0PWW87/test-sub-intermediate-CA.pem 437s + verification_options=partial_chain 437s + mkdir -p -m 700 /etc/sssd 437s Using CA DB '/tmp/sssd-softhsm2-certs-0PWW87/test-sub-intermediate-CA.pem' with verification options: 'partial_chain' 437s + echo 'Using CA DB '\''/tmp/sssd-softhsm2-certs-0PWW87/test-sub-intermediate-CA.pem'\'' with verification options: '\''partial_chain'\''' 437s + cat 437s + chmod 600 /etc/sssd/sssd.conf 437s + for path_pair in "${softhsm2_conf_paths[@]}" 437s + IFS=: 437s + read -r -a path 437s + user=ubuntu 437s + path=/home/ubuntu/.config/softhsm2/softhsm2.conf 437s ++ dirname /home/ubuntu/.config/softhsm2/softhsm2.conf 437s + runuser -u ubuntu -- mkdir -p /home/ubuntu/.config/softhsm2 437s + runuser -u ubuntu -- ln -sf /tmp/sssd-softhsm2-certs-0PWW87/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf /home/ubuntu/.config/softhsm2/softhsm2.conf 437s + runuser -u ubuntu -- softhsm2-util --show-slots 437s + grep 'Test Organization' 437s Label: Test Organization Sub Int Token 437s + for path_pair in "${softhsm2_conf_paths[@]}" 437s + IFS=: 437s + read -r -a path 437s + user=root 437s + path=/etc/softhsm/softhsm2.conf 437s ++ dirname /etc/softhsm/softhsm2.conf 437s + runuser -u root -- mkdir -p /etc/softhsm 437s + runuser -u root -- ln -sf /tmp/sssd-softhsm2-certs-0PWW87/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf /etc/softhsm/softhsm2.conf 437s + runuser -u root -- softhsm2-util --show-slots 437s + grep 'Test Organization' 437s Label: Test Organization Sub Int Token 437s + systemctl restart sssd 437s + pam-auth-update --disable sss-smart-card-optional sss-smart-card-required 438s + for alternative in "${alternative_pam_configs[@]}" 438s + pam-auth-update --enable sss-smart-card-optional 438s + cat /etc/pam.d/common-auth 438s # 438s # /etc/pam.d/common-auth - authentication settings common to all services 438s # 438s # This file is included from other service-specific PAM config files, 438s # and should contain a list of the authentication modules that define 438s # the central authentication scheme for use on the system 438s # (e.g., /etc/shadow, LDAP, Kerberos, etc.). The default is to use the 438s # traditional Unix authentication mechanisms. 438s # 438s # As of pam 1.0.1-6, this file is managed by pam-auth-update by default. 438s # To take advantage of this, it is recommended that you configure any 438s # local modules either before or after the default block, and use 438s # pam-auth-update to manage selection of other modules. See 438s # pam-auth-update(8) for details. 438s 438s # here are the per-package modules (the "Primary" block) 438s auth [success=3 default=ignore] pam_sss.so allow_missing_name try_cert_auth 438s auth [success=2 default=ignore] pam_unix.so nullok try_first_pass 438s auth [success=1 default=ignore] pam_sss.so use_first_pass 438s # here's the fallback if no module succeeds 438s auth requisite pam_deny.so 438s # prime the stack with a positive return value if there isn't one already; 438s # this avoids us returning an error just because nothing sets a success code 438s # since the modules above will each just jump around 438s auth required pam_permit.so 438s # and here are more per-package modules (the "Additional" block) 438s auth optional pam_cap.so 438s # end of pam-auth-update config 438s + echo -n -e 123456 438s + runuser -u ubuntu -- pamtester -v login ubuntu authenticate 438s pamtester: invoking pam_start(login, ubuntu, ...) 438s pamtester: performing operation - authenticate 438s PIN for Test Organization Sub Int Token: pamtester: successfully authenticated 438s + echo -n -e 123456 438s + runuser -u ubuntu -- pamtester -v login '' authenticate 438s pamtester: invoking pam_start(login, , ...) 438s pamtester: performing operation - authenticate 438s PIN for Test Organization Sub Int Token: pamtester: successfully authenticated 438s + echo -n -e wrong123456 438s + runuser -u ubuntu -- pamtester -v login ubuntu authenticate 438s pamtester: invoking pam_start(login, ubuntu, ...) 438s pamtester: performing operation - authenticate 441s PIN for Test Organization Sub Int Token: Password: pamtester: Authentication failure 441s + echo -n -e wrong123456 441s + runuser -u ubuntu -- pamtester -v login '' authenticate 441s pamtester: invoking pam_start(login, , ...) 441s pamtester: performing operation - authenticate 445s PIN for Test Organization Sub Int Token: Password: pamtester: Authentication failure 445s + echo -n -e 123456 445s + pamtester -v login root authenticate 445s pamtester: invoking pam_start(login, root, ...) 445s pamtester: performing operation - authenticate 449s Password: pamtester: Authentication failure 449s + for alternative in "${alternative_pam_configs[@]}" 449s + pam-auth-update --enable sss-smart-card-required 449s PAM configuration 449s ----------------- 449s 449s Incompatible PAM profiles selected. 449s 449s The following PAM profiles cannot be used together: 449s 449s SSS required smart card authentication, SSS optional smart card 449s authentication 449s 449s Please select a different set of modules to enable. 449s 449s + cat /etc/pam.d/common-auth 449s # 449s # /etc/pam.d/common-auth - authentication settings common to all services 449s # 449s # This file is included from other service-specific PAM config files, 449s # and should contain a list of the authentication modules that define 449s # the central authentication scheme for use on the system 449s # (e.g., /etc/shadow, LDAP, Kerberos, etc.). The default is to use the 449s # traditional Unix authentication mechanisms. 449s # 449s # As of pam 1.0.1-6, this file is managed by pam-auth-update by default. 449s # To take advantage of this, it is recommended that you configure any 449s # local modules either before or after the default block, and use 449s # pam-auth-update to manage selection of other modules. See 449s # pam-auth-update(8) for details. 449s 449s # here are the per-package modules (the "Primary" block) 449s auth [success=3 ignore=ignore default=die] pam_sss.so allow_missing_name require_cert_auth 449s auth [success=2 default=ignore] pam_unix.so nullok try_first_pass 449s auth [success=1 default=ignore] pam_sss.so use_first_pass 449s # here's the fallback if no module succeeds 449s auth requisite pam_deny.so 449s # prime the stack with a positive return value if there isn't one already; 449s # this avoids us returning an error just because nothing sets a success code 449s # since the modules above will each just jump around 449s auth required pam_permit.so 449s # and here are more per-package modules (the "Additional" block) 449s auth optional pam_cap.so 449s # end of pam-auth-update config 449s + echo -n -e 123456 449s + runuser -u ubuntu -- pamtester -v login ubuntu authenticate 449s pamtester: invoking pam_start(login, ubuntu, ...) 449s pamtester: performing operation - authenticate 449s PIN for Test Organization Sub Int Token: pamtester: successfully authenticated 449s + echo -n -e 123456 449s + runuser -u ubuntu -- pamtester -v login '' authenticate 449s pamtester: invoking pam_start(login, , ...) 449s pamtester: performing operation - authenticate 449s PIN for Test Organization Sub Int Token: pamtester: successfully authenticated 449s + echo -n -e wrong123456 449s + runuser -u ubuntu -- pamtester -v login ubuntu authenticate 449s pamtester: invoking pam_start(login, ubuntu, ...) 449s pamtester: performing operation - authenticate 452s PIN for Test Organization Sub Int Token: pamtester: Authentication failure 452s + echo -n -e wrong123456 452s + runuser -u ubuntu -- pamtester -v login '' authenticate 452s pamtester: invoking pam_start(login, , ...) 452s pamtester: performing operation - authenticate 456s PIN for Test Organization Sub Int Token: pamtester: Authentication failure 456s + echo -n -e 123456 456s + pamtester -v login root authenticate 456s pamtester: invoking pam_start(login, root, ...) 456s pamtester: performing operation - authenticate 460s pamtester: Authentication service cannot retrieve authentication info 460s + handle_exit 460s + exit_code=0 460s + restore_changes 460s + for path in "${restore_paths[@]}" 460s + local original_path 460s ++ realpath --strip --relative-base=/tmp/sssd-softhsm2-backups-11VWAa /tmp/sssd-softhsm2-backups-11VWAa//etc/softhsm/softhsm2.conf 460s + original_path=/etc/softhsm/softhsm2.conf 460s + rm /etc/softhsm/softhsm2.conf 460s + mv /tmp/sssd-softhsm2-backups-11VWAa//etc/softhsm/softhsm2.conf /etc/softhsm/softhsm2.conf 460s + for path in "${delete_paths[@]}" 460s + rm -f /etc/sssd/sssd.conf 460s + for path in "${delete_paths[@]}" 460s + rm -f /home/ubuntu/.config/softhsm2/softhsm2.conf 460s + pam-auth-update --disable sss-smart-card-optional sss-smart-card-required 460s + '[' -e /etc/sssd/sssd.conf ']' 460s + systemctl stop sssd 460s + '[' -e /etc/softhsm/softhsm2.conf ']' 460s + chmod 600 /etc/softhsm/softhsm2.conf 460s + rm -rf /tmp/sssd-softhsm2-certs-0PWW87 460s + '[' 0 = 0 ']' 460s + rm -rf /tmp/sssd-softhsm2-backups-11VWAa 460s + set +x 460s Script completed successfully! 460s autopkgtest [12:11:22]: test sssd-smart-card-pam-auth-configs: -----------------------] 461s sssd-smart-card-pam-auth-configs PASS 461s autopkgtest [12:11:23]: test sssd-smart-card-pam-auth-configs: - - - - - - - - - - results - - - - - - - - - - 461s autopkgtest [12:11:23]: @@@@@@@@@@@@@@@@@@@@ summary 461s ldap-user-group-ldap-auth PASS 461s ldap-user-group-krb5-auth PASS 461s sssd-softhism2-certificates-tests.sh PASS 461s sssd-smart-card-pam-auth-configs PASS 479s nova [W] Using flock in prodstack6-arm64 479s Creating nova instance adt-noble-arm64-sssd-20250109-120342-juju-7f2275-prod-proposed-migration-environment-20-cb7df331-2e34-45aa-bc40-f8e98d75330d from image adt/ubuntu-noble-arm64-server-20250108.img (UUID 8d8c5c12-bc52-45e1-9a93-ff12d5aeeefa)... 479s nova [W] Timed out waiting for 92d692b9-c8bb-431a-8eda-c46436567d4b to get deleted. 479s nova [W] Using flock in prodstack6-arm64 479s Creating nova instance adt-noble-arm64-sssd-20250109-120342-juju-7f2275-prod-proposed-migration-environment-20-cb7df331-2e34-45aa-bc40-f8e98d75330d from image adt/ubuntu-noble-arm64-server-20250108.img (UUID 8d8c5c12-bc52-45e1-9a93-ff12d5aeeefa)... 479s nova [W] Timed out waiting for da7620d1-135b-4820-97d9-a9fccd78fecb to get deleted.