0s autopkgtest [20:58:16]: starting date and time: 2024-11-29 20:58:16+0000 0s autopkgtest [20:58:16]: git checkout: be626eda Fix armhf LXD image generation for plucky 0s autopkgtest [20:58:16]: host juju-7f2275-prod-proposed-migration-environment-9; command line: /home/ubuntu/autopkgtest/runner/autopkgtest --output-dir /tmp/autopkgtest-work.esg_2god/out --timeout-copy=6000 --setup-commands 'ln -s /dev/null /etc/systemd/system/bluetooth.service; printf "http_proxy=http://squid.internal:3128\nhttps_proxy=http://squid.internal:3128\nno_proxy=127.0.0.1,127.0.1.1,login.ubuntu.com,localhost,localdomain,novalocal,internal,archive.ubuntu.com,ports.ubuntu.com,security.ubuntu.com,ddebs.ubuntu.com,changelogs.ubuntu.com,keyserver.ubuntu.com,launchpadlibrarian.net,launchpadcontent.net,launchpad.net,10.24.0.0/24,keystone.ps5.canonical.com,objectstorage.prodstack5.canonical.com\n" >> /etc/environment' --apt-pocket=proposed=src:shadow --apt-upgrade sssd --timeout-short=300 --timeout-copy=20000 --timeout-build=20000 --env=ADT_TEST_TRIGGERS=shadow/1:4.13+dfsg1-4ubuntu3.3 -- lxd -r lxd-armhf-10.145.243.21 lxd-armhf-10.145.243.21:autopkgtest/ubuntu/noble/armhf 34s autopkgtest [20:58:50]: testbed dpkg architecture: armhf 38s autopkgtest [20:58:54]: testbed apt version: 2.7.14build2 45s autopkgtest [20:59:01]: @@@@@@@@@@@@@@@@@@@@ test bed setup 48s autopkgtest [20:59:04]: testbed release detected to be: None 60s autopkgtest [20:59:16]: updating testbed package index (apt update) 62s Get:1 http://ftpmaster.internal/ubuntu noble-proposed InRelease [265 kB] 63s Hit:2 http://ftpmaster.internal/ubuntu noble InRelease 63s Get:3 http://ftpmaster.internal/ubuntu noble-updates InRelease [126 kB] 63s Get:4 http://ftpmaster.internal/ubuntu noble-security InRelease [126 kB] 63s Get:5 http://ftpmaster.internal/ubuntu noble-proposed/multiverse Sources [8604 B] 63s Get:6 http://ftpmaster.internal/ubuntu noble-proposed/universe Sources [92.1 kB] 63s Get:7 http://ftpmaster.internal/ubuntu noble-proposed/restricted Sources [17.3 kB] 63s Get:8 http://ftpmaster.internal/ubuntu noble-proposed/main Sources [103 kB] 63s Get:9 http://ftpmaster.internal/ubuntu noble-proposed/main armhf Packages [154 kB] 63s Get:10 http://ftpmaster.internal/ubuntu noble-proposed/main armhf c-n-f Metadata [3332 B] 63s Get:11 http://ftpmaster.internal/ubuntu noble-proposed/restricted armhf Packages [1384 B] 63s Get:12 http://ftpmaster.internal/ubuntu noble-proposed/restricted armhf c-n-f Metadata [116 B] 63s Get:13 http://ftpmaster.internal/ubuntu noble-proposed/universe armhf Packages [441 kB] 63s Get:14 http://ftpmaster.internal/ubuntu noble-proposed/universe armhf c-n-f Metadata [5088 B] 63s Get:15 http://ftpmaster.internal/ubuntu noble-proposed/multiverse armhf Packages [972 B] 63s Get:16 http://ftpmaster.internal/ubuntu noble-proposed/multiverse armhf c-n-f Metadata [116 B] 63s Get:17 http://ftpmaster.internal/ubuntu noble-updates/universe Sources [352 kB] 63s Get:18 http://ftpmaster.internal/ubuntu noble-updates/main Sources [301 kB] 63s Get:19 http://ftpmaster.internal/ubuntu noble-updates/main armhf Packages [413 kB] 63s Get:20 http://ftpmaster.internal/ubuntu noble-updates/universe armhf Packages [610 kB] 63s Get:21 http://ftpmaster.internal/ubuntu noble-security/main Sources [127 kB] 63s Get:22 http://ftpmaster.internal/ubuntu noble-security/main armhf Packages [250 kB] 64s Get:23 http://ftpmaster.internal/ubuntu noble-security/universe armhf Packages [464 kB] 66s Fetched 3863 kB in 1s (2882 kB/s) 67s Reading package lists... 76s autopkgtest [20:59:32]: upgrading testbed (apt dist-upgrade and autopurge) 79s Reading package lists... 79s Building dependency tree... 79s Reading state information... 80s Calculating upgrade...Starting pkgProblemResolver with broken count: 0 80s Starting 2 pkgProblemResolver with broken count: 0 80s Done 81s Entering ResolveByKeep 81s 82s The following packages will be upgraded: 82s dmidecode login passwd vim-common vim-tiny xxd 82s 6 upgraded, 0 newly installed, 0 to remove and 0 not upgraded. 82s Need to get 2190 kB of archives. 82s After this operation, 4096 B disk space will be freed. 82s Get:1 http://ftpmaster.internal/ubuntu noble-proposed/main armhf login armhf 1:4.13+dfsg1-4ubuntu3.3 [200 kB] 82s Get:2 http://ftpmaster.internal/ubuntu noble-proposed/main armhf passwd armhf 1:4.13+dfsg1-4ubuntu3.3 [817 kB] 82s Get:3 http://ftpmaster.internal/ubuntu noble-updates/main armhf vim-tiny armhf 2:9.1.0016-1ubuntu7.5 [666 kB] 82s Get:4 http://ftpmaster.internal/ubuntu noble-updates/main armhf vim-common all 2:9.1.0016-1ubuntu7.5 [385 kB] 82s Get:5 http://ftpmaster.internal/ubuntu noble-updates/main armhf xxd armhf 2:9.1.0016-1ubuntu7.5 [62.9 kB] 82s Get:6 http://ftpmaster.internal/ubuntu noble-updates/main armhf dmidecode armhf 3.5-3ubuntu0.1 [58.8 kB] 83s Fetched 2190 kB in 1s (2710 kB/s) 83s (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 57985 files and directories currently installed.) 83s Preparing to unpack .../login_1%3a4.13+dfsg1-4ubuntu3.3_armhf.deb ... 83s Unpacking login (1:4.13+dfsg1-4ubuntu3.3) over (1:4.13+dfsg1-4ubuntu3.2) ... 83s Setting up login (1:4.13+dfsg1-4ubuntu3.3) ... 83s Installing new version of config file /etc/pam.d/login ... 83s (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 57985 files and directories currently installed.) 83s Preparing to unpack .../passwd_1%3a4.13+dfsg1-4ubuntu3.3_armhf.deb ... 83s Unpacking passwd (1:4.13+dfsg1-4ubuntu3.3) over (1:4.13+dfsg1-4ubuntu3.2) ... 83s Setting up passwd (1:4.13+dfsg1-4ubuntu3.3) ... 83s (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 57985 files and directories currently installed.) 83s Preparing to unpack .../vim-tiny_2%3a9.1.0016-1ubuntu7.5_armhf.deb ... 83s Unpacking vim-tiny (2:9.1.0016-1ubuntu7.5) over (2:9.1.0016-1ubuntu7.4) ... 83s Preparing to unpack .../vim-common_2%3a9.1.0016-1ubuntu7.5_all.deb ... 83s Unpacking vim-common (2:9.1.0016-1ubuntu7.5) over (2:9.1.0016-1ubuntu7.4) ... 84s Preparing to unpack .../xxd_2%3a9.1.0016-1ubuntu7.5_armhf.deb ... 84s Unpacking xxd (2:9.1.0016-1ubuntu7.5) over (2:9.1.0016-1ubuntu7.4) ... 84s Preparing to unpack .../dmidecode_3.5-3ubuntu0.1_armhf.deb ... 84s Unpacking dmidecode (3.5-3ubuntu0.1) over (3.5-3build1) ... 84s Setting up xxd (2:9.1.0016-1ubuntu7.5) ... 84s Setting up vim-common (2:9.1.0016-1ubuntu7.5) ... 84s Setting up dmidecode (3.5-3ubuntu0.1) ... 84s Setting up vim-tiny (2:9.1.0016-1ubuntu7.5) ... 84s Processing triggers for man-db (2.12.0-4build2) ... 88s Reading package lists... 89s Building dependency tree... 89s Reading state information... 90s Starting pkgProblemResolver with broken count: 0 90s Starting 2 pkgProblemResolver with broken count: 0 90s Done 92s 0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded. 95s autopkgtest [20:59:51]: rebooting testbed after setup commands that affected boot 150s autopkgtest [21:00:46]: testbed running kernel: Linux 6.8.0-49-generic #49~22.04.1-Ubuntu SMP PREEMPT_DYNAMIC Wed Nov 6 18:12:14 UTC 2 187s autopkgtest [21:01:23]: @@@@@@@@@@@@@@@@@@@@ apt-source sssd 369s Get:1 http://ftpmaster.internal/ubuntu noble-updates/main sssd 2.9.4-1.1ubuntu6.1 (dsc) [5064 B] 369s Get:2 http://ftpmaster.internal/ubuntu noble-updates/main sssd 2.9.4-1.1ubuntu6.1 (tar) [7983 kB] 369s Get:3 http://ftpmaster.internal/ubuntu noble-updates/main sssd 2.9.4-1.1ubuntu6.1 (diff) [51.3 kB] 369s gpgv: Signature made Mon Jun 10 14:26:32 2024 UTC 369s gpgv: using RSA key 50C4A0DDCF31E452CEB19B516569D855A744BE93 369s gpgv: Can't check signature: No public key 369s dpkg-source: warning: cannot verify inline signature for ./sssd_2.9.4-1.1ubuntu6.1.dsc: no acceptable signature found 370s autopkgtest [21:04:26]: testing package sssd version 2.9.4-1.1ubuntu6.1 383s autopkgtest [21:04:39]: build not needed 399s autopkgtest [21:04:55]: test ldap-user-group-ldap-auth: preparing testbed 401s Reading package lists... 402s Building dependency tree... 402s Reading state information... 403s Starting pkgProblemResolver with broken count: 0 403s Starting 2 pkgProblemResolver with broken count: 0 403s Done 405s The following NEW packages will be installed: 405s expect ldap-utils libavahi-client3 libavahi-common-data libavahi-common3 405s libbasicobjects0t64 libcares2 libcollection4t64 libcrack2 libdhash1t64 405s libevent-2.1-7t64 libini-config5t64 libipa-hbac-dev libipa-hbac0t64 libjose0 405s libkrad0 libldb2 libltdl7 libnfsidmap1 libnss-sss libnss-sudo libodbc2 405s libpam-pwquality libpam-sss libpath-utils1t64 libpwquality-common 405s libpwquality1 libref-array1t64 libsmbclient0 libsss-certmap-dev 405s libsss-certmap0 libsss-idmap-dev libsss-idmap0 libsss-nss-idmap-dev 405s libsss-nss-idmap0 libsss-sudo libtalloc2 libtcl8.6 libtdb1 libtevent0t64 405s libverto-libevent1t64 libverto1t64 libwbclient0 python3-libipa-hbac 405s python3-libsss-nss-idmap python3-sss samba-libs slapd sssd sssd-ad 405s sssd-ad-common sssd-common sssd-dbus sssd-idp sssd-ipa sssd-kcm sssd-krb5 405s sssd-krb5-common sssd-ldap sssd-passkey sssd-proxy sssd-tools tcl-expect 405s tcl8.6 405s 0 upgraded, 64 newly installed, 0 to remove and 0 not upgraded. 405s Need to get 11.9 MB of archives. 405s After this operation, 35.9 MB of additional disk space will be used. 405s Get:1 http://ftpmaster.internal/ubuntu noble/main armhf libltdl7 armhf 2.4.7-7build1 [37.6 kB] 405s Get:2 http://ftpmaster.internal/ubuntu noble-updates/main armhf libodbc2 armhf 2.3.12-1ubuntu0.24.04.1 [144 kB] 405s Get:3 http://ftpmaster.internal/ubuntu noble-updates/main armhf slapd armhf 2.6.7+dfsg-1~exp1ubuntu8.1 [1434 kB] 406s Get:4 http://ftpmaster.internal/ubuntu noble/main armhf libtcl8.6 armhf 8.6.14+dfsg-1build1 [903 kB] 406s Get:5 http://ftpmaster.internal/ubuntu noble/main armhf tcl8.6 armhf 8.6.14+dfsg-1build1 [14.6 kB] 406s Get:6 http://ftpmaster.internal/ubuntu noble/universe armhf tcl-expect armhf 5.45.4-3 [99.5 kB] 406s Get:7 http://ftpmaster.internal/ubuntu noble/universe armhf expect armhf 5.45.4-3 [136 kB] 406s Get:8 http://ftpmaster.internal/ubuntu noble-updates/main armhf ldap-utils armhf 2.6.7+dfsg-1~exp1ubuntu8.1 [133 kB] 406s Get:9 http://ftpmaster.internal/ubuntu noble/main armhf libavahi-common-data armhf 0.8-13ubuntu6 [29.7 kB] 406s Get:10 http://ftpmaster.internal/ubuntu noble/main armhf libavahi-common3 armhf 0.8-13ubuntu6 [20.2 kB] 406s Get:11 http://ftpmaster.internal/ubuntu noble/main armhf libavahi-client3 armhf 0.8-13ubuntu6 [24.2 kB] 406s Get:12 http://ftpmaster.internal/ubuntu noble/main armhf libbasicobjects0t64 armhf 0.6.2-2.1build1 [5410 B] 406s Get:13 http://ftpmaster.internal/ubuntu noble/main armhf libcares2 armhf 1.27.0-1.0ubuntu1 [62.7 kB] 406s Get:14 http://ftpmaster.internal/ubuntu noble/main armhf libcollection4t64 armhf 0.6.2-2.1build1 [18.7 kB] 406s Get:15 http://ftpmaster.internal/ubuntu noble/main armhf libcrack2 armhf 2.9.6-5.1build2 [27.4 kB] 406s Get:16 http://ftpmaster.internal/ubuntu noble/main armhf libdhash1t64 armhf 0.6.2-2.1build1 [7880 B] 406s Get:17 http://ftpmaster.internal/ubuntu noble/main armhf libevent-2.1-7t64 armhf 2.1.12-stable-9ubuntu2 [127 kB] 406s Get:18 http://ftpmaster.internal/ubuntu noble/main armhf libpath-utils1t64 armhf 0.6.2-2.1build1 [7766 B] 406s Get:19 http://ftpmaster.internal/ubuntu noble/main armhf libref-array1t64 armhf 0.6.2-2.1build1 [6330 B] 406s Get:20 http://ftpmaster.internal/ubuntu noble/main armhf libini-config5t64 armhf 0.6.2-2.1build1 [37.2 kB] 406s Get:21 http://ftpmaster.internal/ubuntu noble-updates/main armhf libipa-hbac0t64 armhf 2.9.4-1.1ubuntu6.1 [17.1 kB] 406s Get:22 http://ftpmaster.internal/ubuntu noble/universe armhf libjose0 armhf 13-1 [39.4 kB] 406s Get:23 http://ftpmaster.internal/ubuntu noble/main armhf libverto-libevent1t64 armhf 0.3.1-1.2ubuntu3 [6324 B] 406s Get:24 http://ftpmaster.internal/ubuntu noble/main armhf libverto1t64 armhf 0.3.1-1.2ubuntu3 [9364 B] 406s Get:25 http://ftpmaster.internal/ubuntu noble-updates/main armhf libkrad0 armhf 1.20.1-6ubuntu2.2 [20.1 kB] 406s Get:26 http://ftpmaster.internal/ubuntu noble/main armhf libtalloc2 armhf 2.4.2-1build2 [25.9 kB] 406s Get:27 http://ftpmaster.internal/ubuntu noble/main armhf libtdb1 armhf 1.4.10-1build1 [43.1 kB] 406s Get:28 http://ftpmaster.internal/ubuntu noble/main armhf libtevent0t64 armhf 0.16.1-2build1 [38.1 kB] 406s Get:29 http://ftpmaster.internal/ubuntu noble/main armhf libldb2 armhf 2:2.8.0+samba4.19.5+dfsg-4ubuntu9 [163 kB] 406s Get:30 http://ftpmaster.internal/ubuntu noble/main armhf libnfsidmap1 armhf 1:2.6.4-3ubuntu5 [54.6 kB] 406s Get:31 http://ftpmaster.internal/ubuntu noble/universe armhf libnss-sudo all 1.9.15p5-3ubuntu5 [15.2 kB] 406s Get:32 http://ftpmaster.internal/ubuntu noble/main armhf libpwquality-common all 1.4.5-3build1 [7748 B] 406s Get:33 http://ftpmaster.internal/ubuntu noble/main armhf libpwquality1 armhf 1.4.5-3build1 [12.2 kB] 406s Get:34 http://ftpmaster.internal/ubuntu noble/main armhf libpam-pwquality armhf 1.4.5-3build1 [11.4 kB] 406s Get:35 http://ftpmaster.internal/ubuntu noble/main armhf libwbclient0 armhf 2:4.19.5+dfsg-4ubuntu9 [67.5 kB] 406s Get:36 http://ftpmaster.internal/ubuntu noble/main armhf samba-libs armhf 2:4.19.5+dfsg-4ubuntu9 [5693 kB] 406s Get:37 http://ftpmaster.internal/ubuntu noble/main armhf libsmbclient0 armhf 2:4.19.5+dfsg-4ubuntu9 [57.4 kB] 406s Get:38 http://ftpmaster.internal/ubuntu noble-updates/main armhf libnss-sss armhf 2.9.4-1.1ubuntu6.1 [29.4 kB] 406s Get:39 http://ftpmaster.internal/ubuntu noble-updates/main armhf libpam-sss armhf 2.9.4-1.1ubuntu6.1 [45.3 kB] 406s Get:40 http://ftpmaster.internal/ubuntu noble-updates/main armhf python3-sss armhf 2.9.4-1.1ubuntu6.1 [46.0 kB] 406s Get:41 http://ftpmaster.internal/ubuntu noble-updates/main armhf libsss-certmap0 armhf 2.9.4-1.1ubuntu6.1 [42.7 kB] 406s Get:42 http://ftpmaster.internal/ubuntu noble-updates/main armhf libsss-idmap0 armhf 2.9.4-1.1ubuntu6.1 [20.3 kB] 406s Get:43 http://ftpmaster.internal/ubuntu noble-updates/main armhf libsss-nss-idmap0 armhf 2.9.4-1.1ubuntu6.1 [27.7 kB] 406s Get:44 http://ftpmaster.internal/ubuntu noble-updates/main armhf sssd-common armhf 2.9.4-1.1ubuntu6.1 [1068 kB] 406s Get:45 http://ftpmaster.internal/ubuntu noble-updates/universe armhf sssd-idp armhf 2.9.4-1.1ubuntu6.1 [24.8 kB] 406s Get:46 http://ftpmaster.internal/ubuntu noble-updates/universe armhf sssd-passkey armhf 2.9.4-1.1ubuntu6.1 [29.2 kB] 406s Get:47 http://ftpmaster.internal/ubuntu noble-updates/main armhf libipa-hbac-dev armhf 2.9.4-1.1ubuntu6.1 [6668 B] 406s Get:48 http://ftpmaster.internal/ubuntu noble-updates/main armhf libsss-certmap-dev armhf 2.9.4-1.1ubuntu6.1 [5738 B] 406s Get:49 http://ftpmaster.internal/ubuntu noble-updates/main armhf libsss-idmap-dev armhf 2.9.4-1.1ubuntu6.1 [8384 B] 406s Get:50 http://ftpmaster.internal/ubuntu noble-updates/main armhf libsss-nss-idmap-dev armhf 2.9.4-1.1ubuntu6.1 [6716 B] 406s Get:51 http://ftpmaster.internal/ubuntu noble-updates/universe armhf libsss-sudo armhf 2.9.4-1.1ubuntu6.1 [19.7 kB] 406s Get:52 http://ftpmaster.internal/ubuntu noble-updates/universe armhf python3-libipa-hbac armhf 2.9.4-1.1ubuntu6.1 [14.6 kB] 406s Get:53 http://ftpmaster.internal/ubuntu noble-updates/universe armhf python3-libsss-nss-idmap armhf 2.9.4-1.1ubuntu6.1 [8404 B] 406s Get:54 http://ftpmaster.internal/ubuntu noble-updates/main armhf sssd-ad-common armhf 2.9.4-1.1ubuntu6.1 [69.2 kB] 406s Get:55 http://ftpmaster.internal/ubuntu noble-updates/main armhf sssd-krb5-common armhf 2.9.4-1.1ubuntu6.1 [81.2 kB] 407s Get:56 http://ftpmaster.internal/ubuntu noble-updates/main armhf sssd-ad armhf 2.9.4-1.1ubuntu6.1 [129 kB] 407s Get:57 http://ftpmaster.internal/ubuntu noble-updates/main armhf sssd-ipa armhf 2.9.4-1.1ubuntu6.1 [212 kB] 407s Get:58 http://ftpmaster.internal/ubuntu noble-updates/main armhf sssd-krb5 armhf 2.9.4-1.1ubuntu6.1 [14.1 kB] 407s Get:59 http://ftpmaster.internal/ubuntu noble-updates/main armhf sssd-ldap armhf 2.9.4-1.1ubuntu6.1 [31.1 kB] 407s Get:60 http://ftpmaster.internal/ubuntu noble-updates/main armhf sssd-proxy armhf 2.9.4-1.1ubuntu6.1 [43.5 kB] 407s Get:61 http://ftpmaster.internal/ubuntu noble-updates/main armhf sssd armhf 2.9.4-1.1ubuntu6.1 [4122 B] 407s Get:62 http://ftpmaster.internal/ubuntu noble-updates/main armhf sssd-dbus armhf 2.9.4-1.1ubuntu6.1 [94.2 kB] 407s Get:63 http://ftpmaster.internal/ubuntu noble-updates/universe armhf sssd-kcm armhf 2.9.4-1.1ubuntu6.1 [129 kB] 407s Get:64 http://ftpmaster.internal/ubuntu noble-updates/main armhf sssd-tools armhf 2.9.4-1.1ubuntu6.1 [94.9 kB] 407s Preconfiguring packages ... 407s Fetched 11.9 MB in 2s (7822 kB/s) 407s Selecting previously unselected package libltdl7:armhf. 408s (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 57985 files and directories currently installed.) 408s Preparing to unpack .../00-libltdl7_2.4.7-7build1_armhf.deb ... 408s Unpacking libltdl7:armhf (2.4.7-7build1) ... 408s Selecting previously unselected package libodbc2:armhf. 408s Preparing to unpack .../01-libodbc2_2.3.12-1ubuntu0.24.04.1_armhf.deb ... 408s Unpacking libodbc2:armhf (2.3.12-1ubuntu0.24.04.1) ... 408s Selecting previously unselected package slapd. 408s Preparing to unpack .../02-slapd_2.6.7+dfsg-1~exp1ubuntu8.1_armhf.deb ... 408s Unpacking slapd (2.6.7+dfsg-1~exp1ubuntu8.1) ... 408s Selecting previously unselected package libtcl8.6:armhf. 408s Preparing to unpack .../03-libtcl8.6_8.6.14+dfsg-1build1_armhf.deb ... 408s Unpacking libtcl8.6:armhf (8.6.14+dfsg-1build1) ... 408s Selecting previously unselected package tcl8.6. 408s Preparing to unpack .../04-tcl8.6_8.6.14+dfsg-1build1_armhf.deb ... 408s Unpacking tcl8.6 (8.6.14+dfsg-1build1) ... 408s Selecting previously unselected package tcl-expect:armhf. 408s Preparing to unpack .../05-tcl-expect_5.45.4-3_armhf.deb ... 408s Unpacking tcl-expect:armhf (5.45.4-3) ... 408s Selecting previously unselected package expect. 408s Preparing to unpack .../06-expect_5.45.4-3_armhf.deb ... 408s Unpacking expect (5.45.4-3) ... 408s Selecting previously unselected package ldap-utils. 408s Preparing to unpack .../07-ldap-utils_2.6.7+dfsg-1~exp1ubuntu8.1_armhf.deb ... 408s Unpacking ldap-utils (2.6.7+dfsg-1~exp1ubuntu8.1) ... 408s Selecting previously unselected package libavahi-common-data:armhf. 408s Preparing to unpack .../08-libavahi-common-data_0.8-13ubuntu6_armhf.deb ... 408s Unpacking libavahi-common-data:armhf (0.8-13ubuntu6) ... 409s Selecting previously unselected package libavahi-common3:armhf. 409s Preparing to unpack .../09-libavahi-common3_0.8-13ubuntu6_armhf.deb ... 409s Unpacking libavahi-common3:armhf (0.8-13ubuntu6) ... 409s Selecting previously unselected package libavahi-client3:armhf. 409s Preparing to unpack .../10-libavahi-client3_0.8-13ubuntu6_armhf.deb ... 409s Unpacking libavahi-client3:armhf (0.8-13ubuntu6) ... 409s Selecting previously unselected package libbasicobjects0t64:armhf. 409s Preparing to unpack .../11-libbasicobjects0t64_0.6.2-2.1build1_armhf.deb ... 409s Unpacking libbasicobjects0t64:armhf (0.6.2-2.1build1) ... 409s Selecting previously unselected package libcares2:armhf. 409s Preparing to unpack .../12-libcares2_1.27.0-1.0ubuntu1_armhf.deb ... 409s Unpacking libcares2:armhf (1.27.0-1.0ubuntu1) ... 409s Selecting previously unselected package libcollection4t64:armhf. 409s Preparing to unpack .../13-libcollection4t64_0.6.2-2.1build1_armhf.deb ... 409s Unpacking libcollection4t64:armhf (0.6.2-2.1build1) ... 409s Selecting previously unselected package libcrack2:armhf. 409s Preparing to unpack .../14-libcrack2_2.9.6-5.1build2_armhf.deb ... 409s Unpacking libcrack2:armhf (2.9.6-5.1build2) ... 409s Selecting previously unselected package libdhash1t64:armhf. 409s Preparing to unpack .../15-libdhash1t64_0.6.2-2.1build1_armhf.deb ... 409s Unpacking libdhash1t64:armhf (0.6.2-2.1build1) ... 409s Selecting previously unselected package libevent-2.1-7t64:armhf. 409s Preparing to unpack .../16-libevent-2.1-7t64_2.1.12-stable-9ubuntu2_armhf.deb ... 409s Unpacking libevent-2.1-7t64:armhf (2.1.12-stable-9ubuntu2) ... 409s Selecting previously unselected package libpath-utils1t64:armhf. 409s Preparing to unpack .../17-libpath-utils1t64_0.6.2-2.1build1_armhf.deb ... 409s Unpacking libpath-utils1t64:armhf (0.6.2-2.1build1) ... 409s Selecting previously unselected package libref-array1t64:armhf. 409s Preparing to unpack .../18-libref-array1t64_0.6.2-2.1build1_armhf.deb ... 409s Unpacking libref-array1t64:armhf (0.6.2-2.1build1) ... 409s Selecting previously unselected package libini-config5t64:armhf. 409s Preparing to unpack .../19-libini-config5t64_0.6.2-2.1build1_armhf.deb ... 409s Unpacking libini-config5t64:armhf (0.6.2-2.1build1) ... 409s Selecting previously unselected package libipa-hbac0t64. 409s Preparing to unpack .../20-libipa-hbac0t64_2.9.4-1.1ubuntu6.1_armhf.deb ... 409s Unpacking libipa-hbac0t64 (2.9.4-1.1ubuntu6.1) ... 409s Selecting previously unselected package libjose0:armhf. 409s Preparing to unpack .../21-libjose0_13-1_armhf.deb ... 409s Unpacking libjose0:armhf (13-1) ... 409s Selecting previously unselected package libverto-libevent1t64:armhf. 409s Preparing to unpack .../22-libverto-libevent1t64_0.3.1-1.2ubuntu3_armhf.deb ... 409s Unpacking libverto-libevent1t64:armhf (0.3.1-1.2ubuntu3) ... 409s Selecting previously unselected package libverto1t64:armhf. 409s Preparing to unpack .../23-libverto1t64_0.3.1-1.2ubuntu3_armhf.deb ... 409s Unpacking libverto1t64:armhf (0.3.1-1.2ubuntu3) ... 409s Selecting previously unselected package libkrad0:armhf. 409s Preparing to unpack .../24-libkrad0_1.20.1-6ubuntu2.2_armhf.deb ... 409s Unpacking libkrad0:armhf (1.20.1-6ubuntu2.2) ... 410s Selecting previously unselected package libtalloc2:armhf. 410s Preparing to unpack .../25-libtalloc2_2.4.2-1build2_armhf.deb ... 410s Unpacking libtalloc2:armhf (2.4.2-1build2) ... 410s Selecting previously unselected package libtdb1:armhf. 410s Preparing to unpack .../26-libtdb1_1.4.10-1build1_armhf.deb ... 410s Unpacking libtdb1:armhf (1.4.10-1build1) ... 410s Selecting previously unselected package libtevent0t64:armhf. 410s Preparing to unpack .../27-libtevent0t64_0.16.1-2build1_armhf.deb ... 410s Unpacking libtevent0t64:armhf (0.16.1-2build1) ... 410s Selecting previously unselected package libldb2:armhf. 410s Preparing to unpack .../28-libldb2_2%3a2.8.0+samba4.19.5+dfsg-4ubuntu9_armhf.deb ... 410s Unpacking libldb2:armhf (2:2.8.0+samba4.19.5+dfsg-4ubuntu9) ... 410s Selecting previously unselected package libnfsidmap1:armhf. 410s Preparing to unpack .../29-libnfsidmap1_1%3a2.6.4-3ubuntu5_armhf.deb ... 410s Unpacking libnfsidmap1:armhf (1:2.6.4-3ubuntu5) ... 410s Selecting previously unselected package libnss-sudo. 410s Preparing to unpack .../30-libnss-sudo_1.9.15p5-3ubuntu5_all.deb ... 410s Unpacking libnss-sudo (1.9.15p5-3ubuntu5) ... 410s Selecting previously unselected package libpwquality-common. 410s Preparing to unpack .../31-libpwquality-common_1.4.5-3build1_all.deb ... 410s Unpacking libpwquality-common (1.4.5-3build1) ... 410s Selecting previously unselected package libpwquality1:armhf. 410s Preparing to unpack .../32-libpwquality1_1.4.5-3build1_armhf.deb ... 410s Unpacking libpwquality1:armhf (1.4.5-3build1) ... 410s Selecting previously unselected package libpam-pwquality:armhf. 410s Preparing to unpack .../33-libpam-pwquality_1.4.5-3build1_armhf.deb ... 410s Unpacking libpam-pwquality:armhf (1.4.5-3build1) ... 410s Selecting previously unselected package libwbclient0:armhf. 410s Preparing to unpack .../34-libwbclient0_2%3a4.19.5+dfsg-4ubuntu9_armhf.deb ... 410s Unpacking libwbclient0:armhf (2:4.19.5+dfsg-4ubuntu9) ... 410s Selecting previously unselected package samba-libs:armhf. 410s Preparing to unpack .../35-samba-libs_2%3a4.19.5+dfsg-4ubuntu9_armhf.deb ... 410s Unpacking samba-libs:armhf (2:4.19.5+dfsg-4ubuntu9) ... 410s Selecting previously unselected package libsmbclient0:armhf. 411s Preparing to unpack .../36-libsmbclient0_2%3a4.19.5+dfsg-4ubuntu9_armhf.deb ... 411s Unpacking libsmbclient0:armhf (2:4.19.5+dfsg-4ubuntu9) ... 411s Selecting previously unselected package libnss-sss:armhf. 411s Preparing to unpack .../37-libnss-sss_2.9.4-1.1ubuntu6.1_armhf.deb ... 411s Unpacking libnss-sss:armhf (2.9.4-1.1ubuntu6.1) ... 411s Selecting previously unselected package libpam-sss:armhf. 411s Preparing to unpack .../38-libpam-sss_2.9.4-1.1ubuntu6.1_armhf.deb ... 411s Unpacking libpam-sss:armhf (2.9.4-1.1ubuntu6.1) ... 411s Selecting previously unselected package python3-sss. 411s Preparing to unpack .../39-python3-sss_2.9.4-1.1ubuntu6.1_armhf.deb ... 411s Unpacking python3-sss (2.9.4-1.1ubuntu6.1) ... 411s Selecting previously unselected package libsss-certmap0. 411s Preparing to unpack .../40-libsss-certmap0_2.9.4-1.1ubuntu6.1_armhf.deb ... 411s Unpacking libsss-certmap0 (2.9.4-1.1ubuntu6.1) ... 411s Selecting previously unselected package libsss-idmap0. 411s Preparing to unpack .../41-libsss-idmap0_2.9.4-1.1ubuntu6.1_armhf.deb ... 411s Unpacking libsss-idmap0 (2.9.4-1.1ubuntu6.1) ... 411s Selecting previously unselected package libsss-nss-idmap0. 411s Preparing to unpack .../42-libsss-nss-idmap0_2.9.4-1.1ubuntu6.1_armhf.deb ... 411s Unpacking libsss-nss-idmap0 (2.9.4-1.1ubuntu6.1) ... 411s Selecting previously unselected package sssd-common. 411s Preparing to unpack .../43-sssd-common_2.9.4-1.1ubuntu6.1_armhf.deb ... 411s Unpacking sssd-common (2.9.4-1.1ubuntu6.1) ... 411s Selecting previously unselected package sssd-idp. 411s Preparing to unpack .../44-sssd-idp_2.9.4-1.1ubuntu6.1_armhf.deb ... 411s Unpacking sssd-idp (2.9.4-1.1ubuntu6.1) ... 411s Selecting previously unselected package sssd-passkey. 411s Preparing to unpack .../45-sssd-passkey_2.9.4-1.1ubuntu6.1_armhf.deb ... 411s Unpacking sssd-passkey (2.9.4-1.1ubuntu6.1) ... 411s Selecting previously unselected package libipa-hbac-dev. 411s Preparing to unpack .../46-libipa-hbac-dev_2.9.4-1.1ubuntu6.1_armhf.deb ... 411s Unpacking libipa-hbac-dev (2.9.4-1.1ubuntu6.1) ... 411s Selecting previously unselected package libsss-certmap-dev. 411s Preparing to unpack .../47-libsss-certmap-dev_2.9.4-1.1ubuntu6.1_armhf.deb ... 411s Unpacking libsss-certmap-dev (2.9.4-1.1ubuntu6.1) ... 411s Selecting previously unselected package libsss-idmap-dev. 411s Preparing to unpack .../48-libsss-idmap-dev_2.9.4-1.1ubuntu6.1_armhf.deb ... 411s Unpacking libsss-idmap-dev (2.9.4-1.1ubuntu6.1) ... 411s Selecting previously unselected package libsss-nss-idmap-dev. 411s Preparing to unpack .../49-libsss-nss-idmap-dev_2.9.4-1.1ubuntu6.1_armhf.deb ... 411s Unpacking libsss-nss-idmap-dev (2.9.4-1.1ubuntu6.1) ... 411s Selecting previously unselected package libsss-sudo. 411s Preparing to unpack .../50-libsss-sudo_2.9.4-1.1ubuntu6.1_armhf.deb ... 411s Unpacking libsss-sudo (2.9.4-1.1ubuntu6.1) ... 411s Selecting previously unselected package python3-libipa-hbac. 411s Preparing to unpack .../51-python3-libipa-hbac_2.9.4-1.1ubuntu6.1_armhf.deb ... 411s Unpacking python3-libipa-hbac (2.9.4-1.1ubuntu6.1) ... 411s Selecting previously unselected package python3-libsss-nss-idmap. 411s Preparing to unpack .../52-python3-libsss-nss-idmap_2.9.4-1.1ubuntu6.1_armhf.deb ... 411s Unpacking python3-libsss-nss-idmap (2.9.4-1.1ubuntu6.1) ... 412s Selecting previously unselected package sssd-ad-common. 412s Preparing to unpack .../53-sssd-ad-common_2.9.4-1.1ubuntu6.1_armhf.deb ... 412s Unpacking sssd-ad-common (2.9.4-1.1ubuntu6.1) ... 412s Selecting previously unselected package sssd-krb5-common. 412s Preparing to unpack .../54-sssd-krb5-common_2.9.4-1.1ubuntu6.1_armhf.deb ... 412s Unpacking sssd-krb5-common (2.9.4-1.1ubuntu6.1) ... 412s Selecting previously unselected package sssd-ad. 412s Preparing to unpack .../55-sssd-ad_2.9.4-1.1ubuntu6.1_armhf.deb ... 412s Unpacking sssd-ad (2.9.4-1.1ubuntu6.1) ... 412s Selecting previously unselected package sssd-ipa. 412s Preparing to unpack .../56-sssd-ipa_2.9.4-1.1ubuntu6.1_armhf.deb ... 412s Unpacking sssd-ipa (2.9.4-1.1ubuntu6.1) ... 412s Selecting previously unselected package sssd-krb5. 412s Preparing to unpack .../57-sssd-krb5_2.9.4-1.1ubuntu6.1_armhf.deb ... 412s Unpacking sssd-krb5 (2.9.4-1.1ubuntu6.1) ... 412s Selecting previously unselected package sssd-ldap. 412s Preparing to unpack .../58-sssd-ldap_2.9.4-1.1ubuntu6.1_armhf.deb ... 412s Unpacking sssd-ldap (2.9.4-1.1ubuntu6.1) ... 412s Selecting previously unselected package sssd-proxy. 412s Preparing to unpack .../59-sssd-proxy_2.9.4-1.1ubuntu6.1_armhf.deb ... 412s Unpacking sssd-proxy (2.9.4-1.1ubuntu6.1) ... 412s Selecting previously unselected package sssd. 412s Preparing to unpack .../60-sssd_2.9.4-1.1ubuntu6.1_armhf.deb ... 412s Unpacking sssd (2.9.4-1.1ubuntu6.1) ... 412s Selecting previously unselected package sssd-dbus. 412s Preparing to unpack .../61-sssd-dbus_2.9.4-1.1ubuntu6.1_armhf.deb ... 412s Unpacking sssd-dbus (2.9.4-1.1ubuntu6.1) ... 412s Selecting previously unselected package sssd-kcm. 412s Preparing to unpack .../62-sssd-kcm_2.9.4-1.1ubuntu6.1_armhf.deb ... 412s Unpacking sssd-kcm (2.9.4-1.1ubuntu6.1) ... 412s Selecting previously unselected package sssd-tools. 412s Preparing to unpack .../63-sssd-tools_2.9.4-1.1ubuntu6.1_armhf.deb ... 412s Unpacking sssd-tools (2.9.4-1.1ubuntu6.1) ... 412s Setting up libpwquality-common (1.4.5-3build1) ... 412s Setting up libnfsidmap1:armhf (1:2.6.4-3ubuntu5) ... 412s Setting up libsss-idmap0 (2.9.4-1.1ubuntu6.1) ... 412s Setting up libbasicobjects0t64:armhf (0.6.2-2.1build1) ... 412s Setting up libipa-hbac0t64 (2.9.4-1.1ubuntu6.1) ... 412s Setting up libsss-idmap-dev (2.9.4-1.1ubuntu6.1) ... 412s Setting up libref-array1t64:armhf (0.6.2-2.1build1) ... 412s Setting up libipa-hbac-dev (2.9.4-1.1ubuntu6.1) ... 412s Setting up libtdb1:armhf (1.4.10-1build1) ... 412s Setting up libcollection4t64:armhf (0.6.2-2.1build1) ... 412s Setting up libevent-2.1-7t64:armhf (2.1.12-stable-9ubuntu2) ... 412s Setting up ldap-utils (2.6.7+dfsg-1~exp1ubuntu8.1) ... 412s Setting up libjose0:armhf (13-1) ... 412s Setting up libwbclient0:armhf (2:4.19.5+dfsg-4ubuntu9) ... 412s Setting up libtalloc2:armhf (2.4.2-1build2) ... 412s Setting up libpath-utils1t64:armhf (0.6.2-2.1build1) ... 412s Setting up libavahi-common-data:armhf (0.8-13ubuntu6) ... 412s Setting up libcares2:armhf (1.27.0-1.0ubuntu1) ... 412s Setting up libdhash1t64:armhf (0.6.2-2.1build1) ... 412s Setting up libtcl8.6:armhf (8.6.14+dfsg-1build1) ... 412s Setting up libltdl7:armhf (2.4.7-7build1) ... 412s Setting up libcrack2:armhf (2.9.6-5.1build2) ... 412s Setting up libodbc2:armhf (2.3.12-1ubuntu0.24.04.1) ... 412s Setting up python3-libipa-hbac (2.9.4-1.1ubuntu6.1) ... 412s Setting up libnss-sudo (1.9.15p5-3ubuntu5) ... 412s Setting up libsss-nss-idmap0 (2.9.4-1.1ubuntu6.1) ... 412s Setting up libini-config5t64:armhf (0.6.2-2.1build1) ... 412s Setting up libtevent0t64:armhf (0.16.1-2build1) ... 412s Setting up libnss-sss:armhf (2.9.4-1.1ubuntu6.1) ... 412s Setting up slapd (2.6.7+dfsg-1~exp1ubuntu8.1) ... 413s Creating new user openldap... done. 413s Creating initial configuration... done. 413s Creating LDAP directory... done. 413s apparmor_parser: Unable to replace "/usr/sbin/slapd". apparmor_parser: Access denied. You need policy admin privileges to manage profiles. 413s 414s Setting up tcl8.6 (8.6.14+dfsg-1build1) ... 414s Setting up libsss-sudo (2.9.4-1.1ubuntu6.1) ... 414s Setting up libsss-nss-idmap-dev (2.9.4-1.1ubuntu6.1) ... 414s Setting up libavahi-common3:armhf (0.8-13ubuntu6) ... 414s Setting up tcl-expect:armhf (5.45.4-3) ... 414s Setting up libsss-certmap0 (2.9.4-1.1ubuntu6.1) ... 414s Setting up libpwquality1:armhf (1.4.5-3build1) ... 414s Setting up python3-libsss-nss-idmap (2.9.4-1.1ubuntu6.1) ... 414s Setting up libldb2:armhf (2:2.8.0+samba4.19.5+dfsg-4ubuntu9) ... 414s Setting up libavahi-client3:armhf (0.8-13ubuntu6) ... 414s Setting up expect (5.45.4-3) ... 414s Setting up libpam-pwquality:armhf (1.4.5-3build1) ... 414s Setting up samba-libs:armhf (2:4.19.5+dfsg-4ubuntu9) ... 414s Setting up libsss-certmap-dev (2.9.4-1.1ubuntu6.1) ... 414s Setting up python3-sss (2.9.4-1.1ubuntu6.1) ... 415s Setting up libsmbclient0:armhf (2:4.19.5+dfsg-4ubuntu9) ... 415s Setting up libpam-sss:armhf (2.9.4-1.1ubuntu6.1) ... 415s Setting up sssd-common (2.9.4-1.1ubuntu6.1) ... 415s Creating SSSD system user & group... 415s warn: The home directory `/var/lib/sss' already exists. Not touching this directory. 415s warn: Warning: The home directory `/var/lib/sss' does not belong to the user you are currently creating. 415s Warning: found usr.sbin.sssd in /etc/apparmor.d/force-complain, forcing complain mode 415s apparmor_parser: Unable to replace "/usr/sbin/sssd". apparmor_parser: Access denied. You need policy admin privileges to manage profiles. 415s 416s Created symlink /etc/systemd/system/sssd.service.wants/sssd-autofs.socket → /usr/lib/systemd/system/sssd-autofs.socket. 416s Created symlink /etc/systemd/system/sssd.service.wants/sssd-nss.socket → /usr/lib/systemd/system/sssd-nss.socket. 417s Created symlink /etc/systemd/system/sssd.service.wants/sssd-pam-priv.socket → /usr/lib/systemd/system/sssd-pam-priv.socket. 417s Created symlink /etc/systemd/system/sssd.service.wants/sssd-pam.socket → /usr/lib/systemd/system/sssd-pam.socket. 417s Created symlink /etc/systemd/system/sssd.service.wants/sssd-ssh.socket → /usr/lib/systemd/system/sssd-ssh.socket. 418s Created symlink /etc/systemd/system/sssd.service.wants/sssd-sudo.socket → /usr/lib/systemd/system/sssd-sudo.socket. 418s Created symlink /etc/systemd/system/multi-user.target.wants/sssd.service → /usr/lib/systemd/system/sssd.service. 418s sssd-autofs.service is a disabled or a static unit, not starting it. 418s sssd-nss.service is a disabled or a static unit, not starting it. 418s sssd-pam.service is a disabled or a static unit, not starting it. 418s sssd-ssh.service is a disabled or a static unit, not starting it. 418s sssd-sudo.service is a disabled or a static unit, not starting it. 418s Could not execute systemctl: at /usr/bin/deb-systemd-invoke line 148. 418s Setting up sssd-proxy (2.9.4-1.1ubuntu6.1) ... 418s Setting up sssd-kcm (2.9.4-1.1ubuntu6.1) ... 419s Created symlink /etc/systemd/system/sockets.target.wants/sssd-kcm.socket → /usr/lib/systemd/system/sssd-kcm.socket. 419s sssd-kcm.service is a disabled or a static unit, not starting it. 419s Setting up sssd-dbus (2.9.4-1.1ubuntu6.1) ... 419s sssd-ifp.service is a disabled or a static unit, not starting it. 419s Setting up sssd-ad-common (2.9.4-1.1ubuntu6.1) ... 420s Created symlink /etc/systemd/system/sssd.service.wants/sssd-pac.socket → /usr/lib/systemd/system/sssd-pac.socket. 420s sssd-pac.service is a disabled or a static unit, not starting it. 420s Could not execute systemctl: at /usr/bin/deb-systemd-invoke line 148. 420s Setting up sssd-krb5-common (2.9.4-1.1ubuntu6.1) ... 420s Setting up sssd-krb5 (2.9.4-1.1ubuntu6.1) ... 420s Setting up sssd-ldap (2.9.4-1.1ubuntu6.1) ... 420s Setting up sssd-ad (2.9.4-1.1ubuntu6.1) ... 420s Setting up sssd-tools (2.9.4-1.1ubuntu6.1) ... 420s Setting up sssd-ipa (2.9.4-1.1ubuntu6.1) ... 420s Setting up sssd (2.9.4-1.1ubuntu6.1) ... 420s Setting up libverto-libevent1t64:armhf (0.3.1-1.2ubuntu3) ... 420s Setting up libverto1t64:armhf (0.3.1-1.2ubuntu3) ... 420s Setting up libkrad0:armhf (1.20.1-6ubuntu2.2) ... 420s Setting up sssd-passkey (2.9.4-1.1ubuntu6.1) ... 420s Setting up sssd-idp (2.9.4-1.1ubuntu6.1) ... 420s Processing triggers for libc-bin (2.39-0ubuntu8.3) ... 420s Processing triggers for ufw (0.36.2-6) ... 420s Processing triggers for man-db (2.12.0-4build2) ... 421s Processing triggers for dbus (1.14.10-4ubuntu4.1) ... 504s autopkgtest [21:06:40]: test ldap-user-group-ldap-auth: [----------------------- 507s + . debian/tests/util 507s + . debian/tests/common-tests 507s + mydomain=example.com 507s + myhostname=ldap.example.com 507s + mysuffix=dc=example,dc=com 507s + admin_dn=cn=admin,dc=example,dc=com 507s + admin_pw=secret 507s + ldap_user=testuser1 507s + ldap_user_pw=testuser1secret 507s + ldap_group=ldapusers 507s + adjust_hostname ldap.example.com 507s + local myhostname=ldap.example.com 507s + echo ldap.example.com 507s + hostname ldap.example.com 507s + grep -qE ldap.example.com /etc/hosts 507s + echo 127.0.1.10 ldap.example.com 507s + reconfigure_slapd 507s + debconf-set-selections 507s + rm -rf /var/backups/*slapd* /var/backups/unknown*ldapdb 507s + dpkg-reconfigure -fnoninteractive -pcritical slapd 507s Backing up /etc/ldap/slapd.d in /var/backups/slapd-2.6.7+dfsg-1~exp1ubuntu8.1... done. 507s Moving old database directory to /var/backups: 507s - directory unknown... done. 508s Creating initial configuration... done. 508s Creating LDAP directory... done. 508s apparmor_parser: Unable to replace "/usr/sbin/slapd". apparmor_parser: Access denied. You need policy admin privileges to manage profiles. 508s 508s + generate_certs ldap.example.com 508s + local cn=ldap.example.com 508s + local cert=/etc/ldap/server.pem 508s + local key=/etc/ldap/server.key 508s + local cnf=/etc/ldap/openssl.cnf 508s + cat 508s + openssl req -new -x509 -nodes -out /etc/ldap/server.pem -keyout /etc/ldap/server.key -config /etc/ldap/openssl.cnf 508s .++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 508s .............................................++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 508s ----- 508s + chmod 0640 /etc/ldap/server.key 508s + chgrp openldap /etc/ldap/server.key 508s + [ ! -f /etc/ldap/server.pem ] 508s + [ ! -f /etc/ldap/server.key ] 508s + enable_ldap_ssl 508s + cat 508s + cat 508s + ldapmodify -H ldapi:/// -Y EXTERNAL -Q 508s modifying entry "cn=config" 508s 508s + populate_ldap_rfc2307 508s + cat 508s + ldapadd -x -D cn=admin,dc=example,dc=com -w secret 508s adding new entry "ou=People,dc=example,dc=com" 508s 508s adding new entry "ou=Group,dc=example,dc=com" 508s 508s adding new entry "uid=testuser1,ou=People,dc=example,dc=com" 508s 508s adding new entry "cn=testuser1,ou=Group,dc=example,dc=com" 508s 508s adding new entry "cn=ldapusers,ou=Group,dc=example,dc=com" 508s 508s + configure_sssd_ldap_rfc2307 508s + cat 508s + chmod 0600 /etc/sssd/sssd.conf 508s + systemctl restart sssd 509s + enable_pam_mkhomedir 509s + grep -qE ^session.*pam_mkhomedir\.so /etc/pam.d/common-session 509s Assert local user databases do not have our LDAP test data 509s + echo session optional pam_mkhomedir.so 509s + run_common_tests 509s + echo Assert local user databases do not have our LDAP test data 509s + check_local_user testuser1 509s + local local_user=testuser1 509s + grep -q ^testuser1 /etc/passwd 509s + check_local_group testuser1 509s + local local_group=testuser1 509s + grep -q ^testuser1 /etc/group 509s + check_local_group ldapusers 509s + local local_group=ldapusers 509s + grep -q ^ldapusers /etc/group 509s + echo The LDAP user is known to the system via getent 509s + check_getent_user testuser1 509s + local getent_user=testuser1 509s + local output 509s + getent passwd testuser1 509s The LDAP user is known to the system via getent 509s + output=testuser1:*:10001:10001:testuser1:/home/testuser1:/bin/bash 509s The LDAP user's private group is known to the system via getent 509s + [ -z testuser1:*:10001:10001:testuser1:/home/testuser1:/bin/bash ] 509s + echo The LDAP user's private group is known to the system via getent 509s + check_getent_group testuser1 509s + local getent_group=testuser1 509s + local output 509s + getent group testuser1 509s The LDAP group ldapusers is known to the system via getent 509s + output=testuser1:*:10001:testuser1 509s + [ -z testuser1:*:10001:testuser1 ] 509s + echo The LDAP group ldapusers is known to the system via getent 509s + check_getent_group ldapusers 509s + local getent_group=ldapusers 509s + local output 509s + getent group ldapusers 509s The id(1) command can resolve the group membership of the LDAP user 509s + output=ldapusers:*:10100:testuser1 509s + [ -z ldapusers:*:10100:testuser1 ] 509s + echo The id(1) command can resolve the group membership of the LDAP user 509s + id -Gn testuser1 509s The LDAP user can login on a terminal 509s + output=testuser1 ldapusers 509s + [ testuser1 ldapusers != testuser1 ldapusers ] 509s + echo The LDAP user can login on a terminal 509s + /usr/bin/expect -f debian/tests/login.exp testuser1 testuser1secret 509s spawn login 509s ldap.example.com login: testuser1 509s Password: 509s Welcome to Ubuntu 24.04.1 LTS (GNU/Linux 6.8.0-49-generic armv7l) 509s 509s * Documentation: https://help.ubuntu.com 509s * Management: https://landscape.canonical.com 509s * Support: https://ubuntu.com/pro 509s 509s The programs included with the Ubuntu system are free software; 509s the exact distribution terms for each program are described in the 509s individual files in /usr/share/doc/*/copyright. 509s 509s Ubuntu comes with ABSOLUTELY NO WARRANTY, to the extent permitted by 509s applicable law. 509s 509s 509s The programs included with the Ubuntu system are free software; 509s the exact distribution terms for each program are described in the 509s individual files in /usr/share/doc/*/copyright. 509s 509s Ubuntu comes with ABSOLUTELY NO WARRANTY, to the extent permitted by 509s applicable law. 509s 509s Creating directory '/home/testuser1'. 509s testuser1@ldap:~$ id -un 509s testuser1 510s testuser1@ldap:~$ autopkgtest [21:06:46]: test ldap-user-group-ldap-auth: -----------------------] 514s autopkgtest [21:06:50]: test ldap-user-group-ldap-auth: - - - - - - - - - - results - - - - - - - - - - 514s ldap-user-group-ldap-auth PASS 520s autopkgtest [21:06:56]: test ldap-user-group-krb5-auth: preparing testbed 522s Reading package lists... 522s Building dependency tree... 522s Reading state information... 523s Starting pkgProblemResolver with broken count: 0 523s Starting 2 pkgProblemResolver with broken count: 0 523s Done 524s The following NEW packages will be installed: 524s krb5-admin-server krb5-config krb5-kdc krb5-user libgssrpc4t64 524s libkadm5clnt-mit12 libkadm5srv-mit12 libkdb5-10t64 524s 0 upgraded, 8 newly installed, 0 to remove and 0 not upgraded. 524s Need to get 561 kB of archives. 524s After this operation, 1649 kB of additional disk space will be used. 524s Get:1 http://ftpmaster.internal/ubuntu noble/main armhf krb5-config all 2.7 [22.0 kB] 524s Get:2 http://ftpmaster.internal/ubuntu noble-updates/main armhf libgssrpc4t64 armhf 1.20.1-6ubuntu2.2 [51.5 kB] 524s Get:3 http://ftpmaster.internal/ubuntu noble-updates/main armhf libkadm5clnt-mit12 armhf 1.20.1-6ubuntu2.2 [35.2 kB] 524s Get:4 http://ftpmaster.internal/ubuntu noble-updates/main armhf libkdb5-10t64 armhf 1.20.1-6ubuntu2.2 [35.0 kB] 524s Get:5 http://ftpmaster.internal/ubuntu noble-updates/main armhf libkadm5srv-mit12 armhf 1.20.1-6ubuntu2.2 [45.8 kB] 524s Get:6 http://ftpmaster.internal/ubuntu noble-updates/universe armhf krb5-user armhf 1.20.1-6ubuntu2.2 [110 kB] 524s Get:7 http://ftpmaster.internal/ubuntu noble-updates/universe armhf krb5-kdc armhf 1.20.1-6ubuntu2.2 [170 kB] 524s Get:8 http://ftpmaster.internal/ubuntu noble-updates/universe armhf krb5-admin-server armhf 1.20.1-6ubuntu2.2 [91.1 kB] 525s Preconfiguring packages ... 525s Fetched 561 kB in 1s (1062 kB/s) 525s Selecting previously unselected package krb5-config. 525s (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 59275 files and directories currently installed.) 525s Preparing to unpack .../0-krb5-config_2.7_all.deb ... 525s Unpacking krb5-config (2.7) ... 525s Selecting previously unselected package libgssrpc4t64:armhf. 525s Preparing to unpack .../1-libgssrpc4t64_1.20.1-6ubuntu2.2_armhf.deb ... 525s Unpacking libgssrpc4t64:armhf (1.20.1-6ubuntu2.2) ... 525s Selecting previously unselected package libkadm5clnt-mit12:armhf. 525s Preparing to unpack .../2-libkadm5clnt-mit12_1.20.1-6ubuntu2.2_armhf.deb ... 525s Unpacking libkadm5clnt-mit12:armhf (1.20.1-6ubuntu2.2) ... 525s Selecting previously unselected package libkdb5-10t64:armhf. 525s Preparing to unpack .../3-libkdb5-10t64_1.20.1-6ubuntu2.2_armhf.deb ... 525s Unpacking libkdb5-10t64:armhf (1.20.1-6ubuntu2.2) ... 525s Selecting previously unselected package libkadm5srv-mit12:armhf. 525s Preparing to unpack .../4-libkadm5srv-mit12_1.20.1-6ubuntu2.2_armhf.deb ... 525s Unpacking libkadm5srv-mit12:armhf (1.20.1-6ubuntu2.2) ... 525s Selecting previously unselected package krb5-user. 525s Preparing to unpack .../5-krb5-user_1.20.1-6ubuntu2.2_armhf.deb ... 525s Unpacking krb5-user (1.20.1-6ubuntu2.2) ... 525s Selecting previously unselected package krb5-kdc. 525s Preparing to unpack .../6-krb5-kdc_1.20.1-6ubuntu2.2_armhf.deb ... 525s Unpacking krb5-kdc (1.20.1-6ubuntu2.2) ... 525s Selecting previously unselected package krb5-admin-server. 525s Preparing to unpack .../7-krb5-admin-server_1.20.1-6ubuntu2.2_armhf.deb ... 525s Unpacking krb5-admin-server (1.20.1-6ubuntu2.2) ... 526s Setting up libgssrpc4t64:armhf (1.20.1-6ubuntu2.2) ... 526s Setting up krb5-config (2.7) ... 526s Setting up libkadm5clnt-mit12:armhf (1.20.1-6ubuntu2.2) ... 526s Setting up libkdb5-10t64:armhf (1.20.1-6ubuntu2.2) ... 526s Setting up libkadm5srv-mit12:armhf (1.20.1-6ubuntu2.2) ... 526s Setting up krb5-user (1.20.1-6ubuntu2.2) ... 526s update-alternatives: using /usr/bin/kinit.mit to provide /usr/bin/kinit (kinit) in auto mode 526s update-alternatives: using /usr/bin/klist.mit to provide /usr/bin/klist (klist) in auto mode 526s update-alternatives: using /usr/bin/kswitch.mit to provide /usr/bin/kswitch (kswitch) in auto mode 526s update-alternatives: using /usr/bin/ksu.mit to provide /usr/bin/ksu (ksu) in auto mode 526s update-alternatives: using /usr/bin/kpasswd.mit to provide /usr/bin/kpasswd (kpasswd) in auto mode 526s update-alternatives: using /usr/bin/kdestroy.mit to provide /usr/bin/kdestroy (kdestroy) in auto mode 526s update-alternatives: using /usr/bin/kadmin.mit to provide /usr/bin/kadmin (kadmin) in auto mode 526s update-alternatives: using /usr/bin/ktutil.mit to provide /usr/bin/ktutil (ktutil) in auto mode 526s Setting up krb5-kdc (1.20.1-6ubuntu2.2) ... 527s Created symlink /etc/systemd/system/multi-user.target.wants/krb5-kdc.service → /usr/lib/systemd/system/krb5-kdc.service. 527s Could not execute systemctl: at /usr/bin/deb-systemd-invoke line 148. 527s Setting up krb5-admin-server (1.20.1-6ubuntu2.2) ... 528s Created symlink /etc/systemd/system/multi-user.target.wants/krb5-admin-server.service → /usr/lib/systemd/system/krb5-admin-server.service. 528s Processing triggers for man-db (2.12.0-4build2) ... 529s Processing triggers for libc-bin (2.39-0ubuntu8.3) ... 607s autopkgtest [21:08:23]: test ldap-user-group-krb5-auth: [----------------------- 611s + . debian/tests/util 611s + . debian/tests/common-tests 611s + mydomain=example.com 611s + myhostname=ldap.example.com 611s + mysuffix=dc=example,dc=com 611s + myrealm=EXAMPLE.COM 611s + admin_dn=cn=admin,dc=example,dc=com 611s + admin_pw=secret 611s + ldap_user=testuser1 611s + ldap_user_pw=testuser1secret 611s + kerberos_principal_pw=testuser1kerberos 611s + ldap_group=ldapusers 611s + adjust_hostname ldap.example.com 611s + local myhostname=ldap.example.com 611s + echo ldap.example.com 611s + hostname ldap.example.com 611s + grep -qE ldap.example.com /etc/hosts 611s + reconfigure_slapd 611s + debconf-set-selections 611s + rm -rf /var/backups/slapd-2.6.7+dfsg-1~exp1ubuntu8.1 /var/backups/unknown-2.6.7+dfsg-1~exp1ubuntu8.1-20241129-210643.ldapdb 611s + dpkg-reconfigure -fnoninteractive -pcritical slapd 611s Backing up /etc/ldap/slapd.d in /var/backups/slapd-2.6.7+dfsg-1~exp1ubuntu8.1... done. 611s Moving old database directory to /var/backups: 611s - directory unknown... done. 611s Creating initial configuration... done. 611s Creating LDAP directory... done. 612s apparmor_parser: Unable to replace "/usr/sbin/slapd". apparmor_parser: Access denied. You need policy admin privileges to manage profiles. 612s 612s + generate_certs ldap.example.com 612s + local cn=ldap.example.com 612s + local cert=/etc/ldap/server.pem 612s + local key=/etc/ldap/server.key 612s + local cnf=/etc/ldap/openssl.cnf 612s + cat 612s + openssl req -new -x509 -nodes -out /etc/ldap/server.pem -keyout /etc/ldap/server.key -config /etc/ldap/openssl.cnf 612s ....++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 612s ........................................++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 612s ----- 612s + chmod 0640 /etc/ldap/server.key 612s + chgrp openldap /etc/ldap/server.key 612s + [ ! -f /etc/ldap/server.pem ] 612s + [ ! -f /etc/ldap/server.key ] 612s + enable_ldap_ssl 612s + cat 612s + cat 612s + ldapmodify -H ldapi:/// -Y EXTERNAL -Q 612s modifying entry "cn=config" 612s 612s + populate_ldap_rfc2307 612s + cat 612s + ldapadd -x -D cn=admin,dc=example,dc=com -w secret 612s adding new entry "ou=People,dc=example,dc=com" 612s 612s adding new entry "ou=Group,dc=example,dc=com" 612s 612s adding new entry "uid=testuser1,ou=People,dc=example,dc=com" 612s 612s adding new entry "cn=testuser1,ou=Group,dc=example,dc=com" 612s 612s adding new entry "cn=ldapusers,ou=Group,dc=example,dc=com" 612s 612s + create_realm EXAMPLE.COM ldap.example.com 612s + local realm_name=EXAMPLE.COM 612s + local kerberos_server=ldap.example.com 612s + rm -rf /var/lib/krb5kdc/* 612s + rm -rf /etc/krb5kdc/kdc.conf 612s + rm -f /etc/krb5.keytab 612s + cat 612s + cat 612s + echo # */admin * 612s + kdb5_util create -s -P secretpassword 612s Initializing database '/var/lib/krb5kdc/principal' for realm 'EXAMPLE.COM', 612s master key name 'K/M@EXAMPLE.COM' 612s + systemctl restart krb5-kdc.service krb5-admin-server.service 612s + create_krb_principal testuser1 testuser1kerberos 612s + local principal=testuser1 612s + local password=testuser1kerberos 612s + kadmin.local -q addprinc -pw testuser1kerberos testuser1 612s No policy specified for testuser1@EXAMPLE.COM; defaulting to no policy 612s Authenticating as principal root/admin@EXAMPLE.COM with password. 612s Principal "testuser1@EXAMPLE.COM" created. 612s + configure_sssd_ldap_rfc2307_krb5_auth 612s + cat 612s + chmod 0600 /etc/sssd/sssd.conf 612s + systemctl restart sssd 612s + enable_pam_mkhomedir 612s + grep -qE ^session.*pam_mkhomedir\.so /etc/pam.d/common-session 612s + run_common_tests 612s + echo Assert local user databases do not have our LDAP test data 612s + check_local_user testuser1 612s Assert local user databases do not have our LDAP test data 612s + local local_user=testuser1 612s + grep -q ^testuser1 /etc/passwd 612s + check_local_group testuser1 612s + local local_group=testuser1 612s + grep -q ^testuser1 /etc/group 612s + check_local_group ldapusers 612s + local local_group=ldapusers 612s + grep -q ^ldapusers /etc/group 612s The LDAP user is known to the system via getent 612s + echo The LDAP user is known to the system via getent 612s + check_getent_user testuser1 612s + local getent_user=testuser1 612s + local output 612s + getent passwd testuser1 613s The LDAP user's private group is known to the system via getent 613s + output=testuser1:*:10001:10001:testuser1:/home/testuser1:/bin/bash 613s + [ -z testuser1:*:10001:10001:testuser1:/home/testuser1:/bin/bash ] 613s + echo The LDAP user's private group is known to the system via getent 613s + check_getent_group testuser1 613s + local getent_group=testuser1 613s + local output 613s + getent group testuser1 613s The LDAP group ldapusers is known to the system via getent 613s + output=testuser1:*:10001:testuser1 613s + [ -z testuser1:*:10001:testuser1 ] 613s + echo The LDAP group ldapusers is known to the system via getent 613s + check_getent_group ldapusers 613s + local getent_group=ldapusers 613s + local output 613s + getent group ldapusers 613s + output=ldapusers:*:10100:testuser1 613s + [ -z ldapusers:*:10100:testuser1 ] 613s + echo The id(1) command can resolve the group membership of the LDAP user 613s + id -Gn testuser1 613s The id(1) command can resolve the group membership of the LDAP user 613s The Kerberos principal can login on a terminal 613s + output=testuser1 ldapusers 613s + [ testuser1 ldapusers != testuser1 ldapusers ] 613s + echo The Kerberos principal can login on a terminal 613s + kdestroy 613s + /usr/bin/expect -f debian/tests/login.exp testuser1 testuser1kerberos testuser1@EXAMPLE.COM 613s spawn login 613s ldap.example.com login: testuser1 613s Password: 613s Welcome to Ubuntu 24.04.1 LTS (GNU/Linux 6.8.0-49-generic armv7l) 613s 613s * Documentation: https://help.ubuntu.com 613s * Management: https://landscape.canonical.com 613s * Support: https://ubuntu.com/pro 613s 613s 613s The programs included with the Ubuntu system are free software; 613s the exact distribution terms for each program are described in the 613s individual files in /usr/share/doc/*/copyright. 613s 613s Ubuntu comes with ABSOLUTELY NO WARRANTY, to the extent permitted by 613s applicable law. 613s 613s testuser1@ldap:~$ id -un 613s testuser1 613s testuser1@ldap:~$ klist 613s Ticket cache: FILE:/tmp/krb5cc_10001_E5k1Kp 613s Default principal: testuser1@EXAMPLE.COM 613s 613s Valid starting Expires Service principal 613s 11/29/24 21:08:29 11/30/24 07:08:29 krbtgt/EXAMPLE.COM@EXAMPLE.COM 613s renew until 11/30/24 21:08:29 613s testuser1@ldap:~$ autopkgtest [21:08:29]: test ldap-user-group-krb5-auth: -----------------------] 618s autopkgtest [21:08:34]: test ldap-user-group-krb5-auth: - - - - - - - - - - results - - - - - - - - - - 618s ldap-user-group-krb5-auth PASS 623s autopkgtest [21:08:39]: test sssd-softhism2-certificates-tests.sh: preparing testbed 655s autopkgtest [21:09:11]: testbed dpkg architecture: armhf 657s autopkgtest [21:09:13]: testbed apt version: 2.7.14build2 661s autopkgtest [21:09:17]: @@@@@@@@@@@@@@@@@@@@ test bed setup 663s autopkgtest [21:09:19]: testbed release detected to be: noble 671s autopkgtest [21:09:27]: updating testbed package index (apt update) 674s Get:1 http://ftpmaster.internal/ubuntu noble-proposed InRelease [265 kB] 674s Hit:2 http://ftpmaster.internal/ubuntu noble InRelease 674s Get:3 http://ftpmaster.internal/ubuntu noble-updates InRelease [126 kB] 674s Get:4 http://ftpmaster.internal/ubuntu noble-security InRelease [126 kB] 674s Get:5 http://ftpmaster.internal/ubuntu noble-proposed/main Sources [103 kB] 674s Get:6 http://ftpmaster.internal/ubuntu noble-proposed/universe Sources [92.1 kB] 674s Get:7 http://ftpmaster.internal/ubuntu noble-proposed/restricted Sources [17.3 kB] 674s Get:8 http://ftpmaster.internal/ubuntu noble-proposed/multiverse Sources [8604 B] 674s Get:9 http://ftpmaster.internal/ubuntu noble-proposed/main armhf Packages [154 kB] 674s Get:10 http://ftpmaster.internal/ubuntu noble-proposed/main armhf c-n-f Metadata [3332 B] 674s Get:11 http://ftpmaster.internal/ubuntu noble-proposed/restricted armhf Packages [1384 B] 674s Get:12 http://ftpmaster.internal/ubuntu noble-proposed/restricted armhf c-n-f Metadata [116 B] 674s Get:13 http://ftpmaster.internal/ubuntu noble-proposed/universe armhf Packages [441 kB] 674s Get:14 http://ftpmaster.internal/ubuntu noble-proposed/universe armhf c-n-f Metadata [5088 B] 674s Get:15 http://ftpmaster.internal/ubuntu noble-proposed/multiverse armhf Packages [972 B] 674s Get:16 http://ftpmaster.internal/ubuntu noble-proposed/multiverse armhf c-n-f Metadata [116 B] 674s Get:17 http://ftpmaster.internal/ubuntu noble-updates/universe Sources [352 kB] 674s Get:18 http://ftpmaster.internal/ubuntu noble-updates/main Sources [301 kB] 674s Get:19 http://ftpmaster.internal/ubuntu noble-updates/main armhf Packages [413 kB] 674s Get:20 http://ftpmaster.internal/ubuntu noble-updates/universe armhf Packages [610 kB] 675s Get:21 http://ftpmaster.internal/ubuntu noble-security/main Sources [127 kB] 675s Get:22 http://ftpmaster.internal/ubuntu noble-security/main armhf Packages [250 kB] 675s Get:23 http://ftpmaster.internal/ubuntu noble-security/universe armhf Packages [464 kB] 677s Fetched 3863 kB in 1s (2667 kB/s) 678s Reading package lists... 684s autopkgtest [21:09:40]: upgrading testbed (apt dist-upgrade and autopurge) 686s Reading package lists... 687s Building dependency tree... 687s Reading state information... 688s Calculating upgrade...Starting pkgProblemResolver with broken count: 0 688s Starting 2 pkgProblemResolver with broken count: 0 688s Done 689s Entering ResolveByKeep 689s 690s The following packages will be upgraded: 690s dmidecode login passwd vim-common vim-tiny xxd 690s 6 upgraded, 0 newly installed, 0 to remove and 0 not upgraded. 690s Need to get 2190 kB of archives. 690s After this operation, 4096 B disk space will be freed. 690s Get:1 http://ftpmaster.internal/ubuntu noble-proposed/main armhf login armhf 1:4.13+dfsg1-4ubuntu3.3 [200 kB] 690s Get:2 http://ftpmaster.internal/ubuntu noble-proposed/main armhf passwd armhf 1:4.13+dfsg1-4ubuntu3.3 [817 kB] 691s Get:3 http://ftpmaster.internal/ubuntu noble-updates/main armhf vim-tiny armhf 2:9.1.0016-1ubuntu7.5 [666 kB] 691s Get:4 http://ftpmaster.internal/ubuntu noble-updates/main armhf vim-common all 2:9.1.0016-1ubuntu7.5 [385 kB] 691s Get:5 http://ftpmaster.internal/ubuntu noble-updates/main armhf xxd armhf 2:9.1.0016-1ubuntu7.5 [62.9 kB] 691s Get:6 http://ftpmaster.internal/ubuntu noble-updates/main armhf dmidecode armhf 3.5-3ubuntu0.1 [58.8 kB] 691s Fetched 2190 kB in 1s (3530 kB/s) 691s (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 57985 files and directories currently installed.) 691s Preparing to unpack .../login_1%3a4.13+dfsg1-4ubuntu3.3_armhf.deb ... 691s Unpacking login (1:4.13+dfsg1-4ubuntu3.3) over (1:4.13+dfsg1-4ubuntu3.2) ... 691s Setting up login (1:4.13+dfsg1-4ubuntu3.3) ... 691s Installing new version of config file /etc/pam.d/login ... 691s (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 57985 files and directories currently installed.) 691s Preparing to unpack .../passwd_1%3a4.13+dfsg1-4ubuntu3.3_armhf.deb ... 691s Unpacking passwd (1:4.13+dfsg1-4ubuntu3.3) over (1:4.13+dfsg1-4ubuntu3.2) ... 692s Setting up passwd (1:4.13+dfsg1-4ubuntu3.3) ... 692s (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 57985 files and directories currently installed.) 692s Preparing to unpack .../vim-tiny_2%3a9.1.0016-1ubuntu7.5_armhf.deb ... 692s Unpacking vim-tiny (2:9.1.0016-1ubuntu7.5) over (2:9.1.0016-1ubuntu7.4) ... 692s Preparing to unpack .../vim-common_2%3a9.1.0016-1ubuntu7.5_all.deb ... 692s Unpacking vim-common (2:9.1.0016-1ubuntu7.5) over (2:9.1.0016-1ubuntu7.4) ... 692s Preparing to unpack .../xxd_2%3a9.1.0016-1ubuntu7.5_armhf.deb ... 692s Unpacking xxd (2:9.1.0016-1ubuntu7.5) over (2:9.1.0016-1ubuntu7.4) ... 692s Preparing to unpack .../dmidecode_3.5-3ubuntu0.1_armhf.deb ... 692s Unpacking dmidecode (3.5-3ubuntu0.1) over (3.5-3build1) ... 692s Setting up xxd (2:9.1.0016-1ubuntu7.5) ... 692s Setting up vim-common (2:9.1.0016-1ubuntu7.5) ... 692s Setting up dmidecode (3.5-3ubuntu0.1) ... 692s Setting up vim-tiny (2:9.1.0016-1ubuntu7.5) ... 692s Processing triggers for man-db (2.12.0-4build2) ... 696s Reading package lists... 696s Building dependency tree... 696s Reading state information... 696s Starting pkgProblemResolver with broken count: 0 696s Starting 2 pkgProblemResolver with broken count: 0 696s Done 697s 0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded. 699s autopkgtest [21:09:55]: rebooting testbed after setup commands that affected boot 771s Reading package lists... 772s Building dependency tree... 772s Reading state information... 772s Starting pkgProblemResolver with broken count: 0 772s Starting 2 pkgProblemResolver with broken count: 0 772s Done 773s The following NEW packages will be installed: 773s gnutls-bin libavahi-client3 libavahi-common-data libavahi-common3 773s libbasicobjects0t64 libcares2 libcollection4t64 libcrack2 libdhash1t64 773s libevent-2.1-7t64 libgnutls-dane0t64 libini-config5t64 libipa-hbac0t64 773s libldb2 libnfsidmap1 libnss-sss libpam-pwquality libpam-sss 773s libpath-utils1t64 libpwquality-common libpwquality1 libref-array1t64 773s libsmbclient0 libsofthsm2 libsss-certmap0 libsss-idmap0 libsss-nss-idmap0 773s libtalloc2 libtdb1 libtevent0t64 libunbound8 libwbclient0 python3-sss 773s samba-libs softhsm2 softhsm2-common sssd sssd-ad sssd-ad-common sssd-common 773s sssd-ipa sssd-krb5 sssd-krb5-common sssd-ldap sssd-proxy 774s 0 upgraded, 45 newly installed, 0 to remove and 0 not upgraded. 774s Need to get 9541 kB of archives. 774s After this operation, 28.2 MB of additional disk space will be used. 774s Get:1 http://ftpmaster.internal/ubuntu noble/main armhf libevent-2.1-7t64 armhf 2.1.12-stable-9ubuntu2 [127 kB] 774s Get:2 http://ftpmaster.internal/ubuntu noble-updates/main armhf libunbound8 armhf 1.19.2-1ubuntu3.3 [410 kB] 774s Get:3 http://ftpmaster.internal/ubuntu noble-updates/main armhf libgnutls-dane0t64 armhf 3.8.3-1.1ubuntu3.2 [33.3 kB] 774s Get:4 http://ftpmaster.internal/ubuntu noble-updates/universe armhf gnutls-bin armhf 3.8.3-1.1ubuntu3.2 [277 kB] 774s Get:5 http://ftpmaster.internal/ubuntu noble/main armhf libavahi-common-data armhf 0.8-13ubuntu6 [29.7 kB] 774s Get:6 http://ftpmaster.internal/ubuntu noble/main armhf libavahi-common3 armhf 0.8-13ubuntu6 [20.2 kB] 774s Get:7 http://ftpmaster.internal/ubuntu noble/main armhf libavahi-client3 armhf 0.8-13ubuntu6 [24.2 kB] 774s Get:8 http://ftpmaster.internal/ubuntu noble/main armhf libbasicobjects0t64 armhf 0.6.2-2.1build1 [5410 B] 774s Get:9 http://ftpmaster.internal/ubuntu noble/main armhf libcares2 armhf 1.27.0-1.0ubuntu1 [62.7 kB] 774s Get:10 http://ftpmaster.internal/ubuntu noble/main armhf libcollection4t64 armhf 0.6.2-2.1build1 [18.7 kB] 774s Get:11 http://ftpmaster.internal/ubuntu noble/main armhf libcrack2 armhf 2.9.6-5.1build2 [27.4 kB] 774s Get:12 http://ftpmaster.internal/ubuntu noble/main armhf libdhash1t64 armhf 0.6.2-2.1build1 [7880 B] 774s Get:13 http://ftpmaster.internal/ubuntu noble/main armhf libpath-utils1t64 armhf 0.6.2-2.1build1 [7766 B] 774s Get:14 http://ftpmaster.internal/ubuntu noble/main armhf libref-array1t64 armhf 0.6.2-2.1build1 [6330 B] 774s Get:15 http://ftpmaster.internal/ubuntu noble/main armhf libini-config5t64 armhf 0.6.2-2.1build1 [37.2 kB] 774s Get:16 http://ftpmaster.internal/ubuntu noble-updates/main armhf libipa-hbac0t64 armhf 2.9.4-1.1ubuntu6.1 [17.1 kB] 774s Get:17 http://ftpmaster.internal/ubuntu noble/main armhf libtalloc2 armhf 2.4.2-1build2 [25.9 kB] 774s Get:18 http://ftpmaster.internal/ubuntu noble/main armhf libtdb1 armhf 1.4.10-1build1 [43.1 kB] 774s Get:19 http://ftpmaster.internal/ubuntu noble/main armhf libtevent0t64 armhf 0.16.1-2build1 [38.1 kB] 774s Get:20 http://ftpmaster.internal/ubuntu noble/main armhf libldb2 armhf 2:2.8.0+samba4.19.5+dfsg-4ubuntu9 [163 kB] 774s Get:21 http://ftpmaster.internal/ubuntu noble/main armhf libnfsidmap1 armhf 1:2.6.4-3ubuntu5 [54.6 kB] 774s Get:22 http://ftpmaster.internal/ubuntu noble/main armhf libpwquality-common all 1.4.5-3build1 [7748 B] 774s Get:23 http://ftpmaster.internal/ubuntu noble/main armhf libpwquality1 armhf 1.4.5-3build1 [12.2 kB] 774s Get:24 http://ftpmaster.internal/ubuntu noble/main armhf libpam-pwquality armhf 1.4.5-3build1 [11.4 kB] 774s Get:25 http://ftpmaster.internal/ubuntu noble/main armhf libwbclient0 armhf 2:4.19.5+dfsg-4ubuntu9 [67.5 kB] 774s Get:26 http://ftpmaster.internal/ubuntu noble/main armhf samba-libs armhf 2:4.19.5+dfsg-4ubuntu9 [5693 kB] 775s Get:27 http://ftpmaster.internal/ubuntu noble/main armhf libsmbclient0 armhf 2:4.19.5+dfsg-4ubuntu9 [57.4 kB] 775s Get:28 http://ftpmaster.internal/ubuntu noble-updates/main armhf libnss-sss armhf 2.9.4-1.1ubuntu6.1 [29.4 kB] 775s Get:29 http://ftpmaster.internal/ubuntu noble-updates/main armhf libpam-sss armhf 2.9.4-1.1ubuntu6.1 [45.3 kB] 775s Get:30 http://ftpmaster.internal/ubuntu noble/universe armhf softhsm2-common armhf 2.6.1-2.2ubuntu3 [6194 B] 775s Get:31 http://ftpmaster.internal/ubuntu noble/universe armhf libsofthsm2 armhf 2.6.1-2.2ubuntu3 [230 kB] 775s Get:32 http://ftpmaster.internal/ubuntu noble-updates/main armhf libsss-certmap0 armhf 2.9.4-1.1ubuntu6.1 [42.7 kB] 775s Get:33 http://ftpmaster.internal/ubuntu noble-updates/main armhf libsss-idmap0 armhf 2.9.4-1.1ubuntu6.1 [20.3 kB] 775s Get:34 http://ftpmaster.internal/ubuntu noble-updates/main armhf libsss-nss-idmap0 armhf 2.9.4-1.1ubuntu6.1 [27.7 kB] 775s Get:35 http://ftpmaster.internal/ubuntu noble-updates/main armhf python3-sss armhf 2.9.4-1.1ubuntu6.1 [46.0 kB] 775s Get:36 http://ftpmaster.internal/ubuntu noble/universe armhf softhsm2 armhf 2.6.1-2.2ubuntu3 [155 kB] 775s Get:37 http://ftpmaster.internal/ubuntu noble-updates/main armhf sssd-common armhf 2.9.4-1.1ubuntu6.1 [1068 kB] 775s Get:38 http://ftpmaster.internal/ubuntu noble-updates/main armhf sssd-ad-common armhf 2.9.4-1.1ubuntu6.1 [69.2 kB] 775s Get:39 http://ftpmaster.internal/ubuntu noble-updates/main armhf sssd-krb5-common armhf 2.9.4-1.1ubuntu6.1 [81.2 kB] 775s Get:40 http://ftpmaster.internal/ubuntu noble-updates/main armhf sssd-ad armhf 2.9.4-1.1ubuntu6.1 [129 kB] 775s Get:41 http://ftpmaster.internal/ubuntu noble-updates/main armhf sssd-ipa armhf 2.9.4-1.1ubuntu6.1 [212 kB] 775s Get:42 http://ftpmaster.internal/ubuntu noble-updates/main armhf sssd-krb5 armhf 2.9.4-1.1ubuntu6.1 [14.1 kB] 775s Get:43 http://ftpmaster.internal/ubuntu noble-updates/main armhf sssd-ldap armhf 2.9.4-1.1ubuntu6.1 [31.1 kB] 775s Get:44 http://ftpmaster.internal/ubuntu noble-updates/main armhf sssd-proxy armhf 2.9.4-1.1ubuntu6.1 [43.5 kB] 775s Get:45 http://ftpmaster.internal/ubuntu noble-updates/main armhf sssd armhf 2.9.4-1.1ubuntu6.1 [4122 B] 775s Fetched 9541 kB in 1s (6711 kB/s) 775s Selecting previously unselected package libevent-2.1-7t64:armhf. 775s (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 57985 files and directories currently installed.) 775s Preparing to unpack .../00-libevent-2.1-7t64_2.1.12-stable-9ubuntu2_armhf.deb ... 775s Unpacking libevent-2.1-7t64:armhf (2.1.12-stable-9ubuntu2) ... 775s Selecting previously unselected package libunbound8:armhf. 775s Preparing to unpack .../01-libunbound8_1.19.2-1ubuntu3.3_armhf.deb ... 775s Unpacking libunbound8:armhf (1.19.2-1ubuntu3.3) ... 775s Selecting previously unselected package libgnutls-dane0t64:armhf. 775s Preparing to unpack .../02-libgnutls-dane0t64_3.8.3-1.1ubuntu3.2_armhf.deb ... 775s Unpacking libgnutls-dane0t64:armhf (3.8.3-1.1ubuntu3.2) ... 775s Selecting previously unselected package gnutls-bin. 776s Preparing to unpack .../03-gnutls-bin_3.8.3-1.1ubuntu3.2_armhf.deb ... 776s Unpacking gnutls-bin (3.8.3-1.1ubuntu3.2) ... 776s Selecting previously unselected package libavahi-common-data:armhf. 776s Preparing to unpack .../04-libavahi-common-data_0.8-13ubuntu6_armhf.deb ... 776s Unpacking libavahi-common-data:armhf (0.8-13ubuntu6) ... 776s Selecting previously unselected package libavahi-common3:armhf. 776s Preparing to unpack .../05-libavahi-common3_0.8-13ubuntu6_armhf.deb ... 776s Unpacking libavahi-common3:armhf (0.8-13ubuntu6) ... 776s Selecting previously unselected package libavahi-client3:armhf. 776s Preparing to unpack .../06-libavahi-client3_0.8-13ubuntu6_armhf.deb ... 776s Unpacking libavahi-client3:armhf (0.8-13ubuntu6) ... 776s Selecting previously unselected package libbasicobjects0t64:armhf. 776s Preparing to unpack .../07-libbasicobjects0t64_0.6.2-2.1build1_armhf.deb ... 776s Unpacking libbasicobjects0t64:armhf (0.6.2-2.1build1) ... 776s Selecting previously unselected package libcares2:armhf. 776s Preparing to unpack .../08-libcares2_1.27.0-1.0ubuntu1_armhf.deb ... 776s Unpacking libcares2:armhf (1.27.0-1.0ubuntu1) ... 776s Selecting previously unselected package libcollection4t64:armhf. 776s Preparing to unpack .../09-libcollection4t64_0.6.2-2.1build1_armhf.deb ... 776s Unpacking libcollection4t64:armhf (0.6.2-2.1build1) ... 776s Selecting previously unselected package libcrack2:armhf. 776s Preparing to unpack .../10-libcrack2_2.9.6-5.1build2_armhf.deb ... 776s Unpacking libcrack2:armhf (2.9.6-5.1build2) ... 776s Selecting previously unselected package libdhash1t64:armhf. 776s Preparing to unpack .../11-libdhash1t64_0.6.2-2.1build1_armhf.deb ... 776s Unpacking libdhash1t64:armhf (0.6.2-2.1build1) ... 776s Selecting previously unselected package libpath-utils1t64:armhf. 776s Preparing to unpack .../12-libpath-utils1t64_0.6.2-2.1build1_armhf.deb ... 776s Unpacking libpath-utils1t64:armhf (0.6.2-2.1build1) ... 776s Selecting previously unselected package libref-array1t64:armhf. 776s Preparing to unpack .../13-libref-array1t64_0.6.2-2.1build1_armhf.deb ... 776s Unpacking libref-array1t64:armhf (0.6.2-2.1build1) ... 776s Selecting previously unselected package libini-config5t64:armhf. 776s Preparing to unpack .../14-libini-config5t64_0.6.2-2.1build1_armhf.deb ... 776s Unpacking libini-config5t64:armhf (0.6.2-2.1build1) ... 776s Selecting previously unselected package libipa-hbac0t64. 776s Preparing to unpack .../15-libipa-hbac0t64_2.9.4-1.1ubuntu6.1_armhf.deb ... 776s Unpacking libipa-hbac0t64 (2.9.4-1.1ubuntu6.1) ... 776s Selecting previously unselected package libtalloc2:armhf. 776s Preparing to unpack .../16-libtalloc2_2.4.2-1build2_armhf.deb ... 776s Unpacking libtalloc2:armhf (2.4.2-1build2) ... 776s Selecting previously unselected package libtdb1:armhf. 776s Preparing to unpack .../17-libtdb1_1.4.10-1build1_armhf.deb ... 776s Unpacking libtdb1:armhf (1.4.10-1build1) ... 776s Selecting previously unselected package libtevent0t64:armhf. 776s Preparing to unpack .../18-libtevent0t64_0.16.1-2build1_armhf.deb ... 776s Unpacking libtevent0t64:armhf (0.16.1-2build1) ... 776s Selecting previously unselected package libldb2:armhf. 776s Preparing to unpack .../19-libldb2_2%3a2.8.0+samba4.19.5+dfsg-4ubuntu9_armhf.deb ... 776s Unpacking libldb2:armhf (2:2.8.0+samba4.19.5+dfsg-4ubuntu9) ... 776s Selecting previously unselected package libnfsidmap1:armhf. 776s Preparing to unpack .../20-libnfsidmap1_1%3a2.6.4-3ubuntu5_armhf.deb ... 776s Unpacking libnfsidmap1:armhf (1:2.6.4-3ubuntu5) ... 776s Selecting previously unselected package libpwquality-common. 776s Preparing to unpack .../21-libpwquality-common_1.4.5-3build1_all.deb ... 776s Unpacking libpwquality-common (1.4.5-3build1) ... 776s Selecting previously unselected package libpwquality1:armhf. 776s Preparing to unpack .../22-libpwquality1_1.4.5-3build1_armhf.deb ... 776s Unpacking libpwquality1:armhf (1.4.5-3build1) ... 776s Selecting previously unselected package libpam-pwquality:armhf. 776s Preparing to unpack .../23-libpam-pwquality_1.4.5-3build1_armhf.deb ... 776s Unpacking libpam-pwquality:armhf (1.4.5-3build1) ... 776s Selecting previously unselected package libwbclient0:armhf. 776s Preparing to unpack .../24-libwbclient0_2%3a4.19.5+dfsg-4ubuntu9_armhf.deb ... 776s Unpacking libwbclient0:armhf (2:4.19.5+dfsg-4ubuntu9) ... 776s Selecting previously unselected package samba-libs:armhf. 776s Preparing to unpack .../25-samba-libs_2%3a4.19.5+dfsg-4ubuntu9_armhf.deb ... 776s Unpacking samba-libs:armhf (2:4.19.5+dfsg-4ubuntu9) ... 777s Selecting previously unselected package libsmbclient0:armhf. 777s Preparing to unpack .../26-libsmbclient0_2%3a4.19.5+dfsg-4ubuntu9_armhf.deb ... 777s Unpacking libsmbclient0:armhf (2:4.19.5+dfsg-4ubuntu9) ... 777s Selecting previously unselected package libnss-sss:armhf. 777s Preparing to unpack .../27-libnss-sss_2.9.4-1.1ubuntu6.1_armhf.deb ... 777s Unpacking libnss-sss:armhf (2.9.4-1.1ubuntu6.1) ... 777s Selecting previously unselected package libpam-sss:armhf. 777s Preparing to unpack .../28-libpam-sss_2.9.4-1.1ubuntu6.1_armhf.deb ... 777s Unpacking libpam-sss:armhf (2.9.4-1.1ubuntu6.1) ... 777s Selecting previously unselected package softhsm2-common. 777s Preparing to unpack .../29-softhsm2-common_2.6.1-2.2ubuntu3_armhf.deb ... 777s Unpacking softhsm2-common (2.6.1-2.2ubuntu3) ... 777s Selecting previously unselected package libsofthsm2. 777s Preparing to unpack .../30-libsofthsm2_2.6.1-2.2ubuntu3_armhf.deb ... 777s Unpacking libsofthsm2 (2.6.1-2.2ubuntu3) ... 777s Selecting previously unselected package libsss-certmap0. 777s Preparing to unpack .../31-libsss-certmap0_2.9.4-1.1ubuntu6.1_armhf.deb ... 777s Unpacking libsss-certmap0 (2.9.4-1.1ubuntu6.1) ... 777s Selecting previously unselected package libsss-idmap0. 777s Preparing to unpack .../32-libsss-idmap0_2.9.4-1.1ubuntu6.1_armhf.deb ... 777s Unpacking libsss-idmap0 (2.9.4-1.1ubuntu6.1) ... 777s Selecting previously unselected package libsss-nss-idmap0. 777s Preparing to unpack .../33-libsss-nss-idmap0_2.9.4-1.1ubuntu6.1_armhf.deb ... 777s Unpacking libsss-nss-idmap0 (2.9.4-1.1ubuntu6.1) ... 777s Selecting previously unselected package python3-sss. 777s Preparing to unpack .../34-python3-sss_2.9.4-1.1ubuntu6.1_armhf.deb ... 777s Unpacking python3-sss (2.9.4-1.1ubuntu6.1) ... 777s Selecting previously unselected package softhsm2. 777s Preparing to unpack .../35-softhsm2_2.6.1-2.2ubuntu3_armhf.deb ... 777s Unpacking softhsm2 (2.6.1-2.2ubuntu3) ... 777s Selecting previously unselected package sssd-common. 777s Preparing to unpack .../36-sssd-common_2.9.4-1.1ubuntu6.1_armhf.deb ... 777s Unpacking sssd-common (2.9.4-1.1ubuntu6.1) ... 777s Selecting previously unselected package sssd-ad-common. 777s Preparing to unpack .../37-sssd-ad-common_2.9.4-1.1ubuntu6.1_armhf.deb ... 777s Unpacking sssd-ad-common (2.9.4-1.1ubuntu6.1) ... 777s Selecting previously unselected package sssd-krb5-common. 777s Preparing to unpack .../38-sssd-krb5-common_2.9.4-1.1ubuntu6.1_armhf.deb ... 777s Unpacking sssd-krb5-common (2.9.4-1.1ubuntu6.1) ... 777s Selecting previously unselected package sssd-ad. 777s Preparing to unpack .../39-sssd-ad_2.9.4-1.1ubuntu6.1_armhf.deb ... 777s Unpacking sssd-ad (2.9.4-1.1ubuntu6.1) ... 777s Selecting previously unselected package sssd-ipa. 777s Preparing to unpack .../40-sssd-ipa_2.9.4-1.1ubuntu6.1_armhf.deb ... 777s Unpacking sssd-ipa (2.9.4-1.1ubuntu6.1) ... 777s Selecting previously unselected package sssd-krb5. 778s Preparing to unpack .../41-sssd-krb5_2.9.4-1.1ubuntu6.1_armhf.deb ... 778s Unpacking sssd-krb5 (2.9.4-1.1ubuntu6.1) ... 778s Selecting previously unselected package sssd-ldap. 778s Preparing to unpack .../42-sssd-ldap_2.9.4-1.1ubuntu6.1_armhf.deb ... 778s Unpacking sssd-ldap (2.9.4-1.1ubuntu6.1) ... 778s Selecting previously unselected package sssd-proxy. 778s Preparing to unpack .../43-sssd-proxy_2.9.4-1.1ubuntu6.1_armhf.deb ... 778s Unpacking sssd-proxy (2.9.4-1.1ubuntu6.1) ... 778s Selecting previously unselected package sssd. 778s Preparing to unpack .../44-sssd_2.9.4-1.1ubuntu6.1_armhf.deb ... 778s Unpacking sssd (2.9.4-1.1ubuntu6.1) ... 778s Setting up libpwquality-common (1.4.5-3build1) ... 778s Setting up softhsm2-common (2.6.1-2.2ubuntu3) ... 778s 778s Creating config file /etc/softhsm/softhsm2.conf with new version 778s Setting up libnfsidmap1:armhf (1:2.6.4-3ubuntu5) ... 778s Setting up libsss-idmap0 (2.9.4-1.1ubuntu6.1) ... 778s Setting up libbasicobjects0t64:armhf (0.6.2-2.1build1) ... 778s Setting up libipa-hbac0t64 (2.9.4-1.1ubuntu6.1) ... 778s Setting up libref-array1t64:armhf (0.6.2-2.1build1) ... 778s Setting up libtdb1:armhf (1.4.10-1build1) ... 778s Setting up libcollection4t64:armhf (0.6.2-2.1build1) ... 778s Setting up libevent-2.1-7t64:armhf (2.1.12-stable-9ubuntu2) ... 778s Setting up libwbclient0:armhf (2:4.19.5+dfsg-4ubuntu9) ... 778s Setting up libtalloc2:armhf (2.4.2-1build2) ... 778s Setting up libpath-utils1t64:armhf (0.6.2-2.1build1) ... 778s Setting up libunbound8:armhf (1.19.2-1ubuntu3.3) ... 778s Setting up libgnutls-dane0t64:armhf (3.8.3-1.1ubuntu3.2) ... 778s Setting up libavahi-common-data:armhf (0.8-13ubuntu6) ... 778s Setting up libcares2:armhf (1.27.0-1.0ubuntu1) ... 778s Setting up libdhash1t64:armhf (0.6.2-2.1build1) ... 778s Setting up libcrack2:armhf (2.9.6-5.1build2) ... 778s Setting up libsss-nss-idmap0 (2.9.4-1.1ubuntu6.1) ... 778s Setting up libini-config5t64:armhf (0.6.2-2.1build1) ... 778s Setting up libtevent0t64:armhf (0.16.1-2build1) ... 778s Setting up libnss-sss:armhf (2.9.4-1.1ubuntu6.1) ... 778s Setting up gnutls-bin (3.8.3-1.1ubuntu3.2) ... 778s Setting up libsofthsm2 (2.6.1-2.2ubuntu3) ... 778s Setting up softhsm2 (2.6.1-2.2ubuntu3) ... 778s Setting up libavahi-common3:armhf (0.8-13ubuntu6) ... 778s Setting up libsss-certmap0 (2.9.4-1.1ubuntu6.1) ... 778s Setting up libpwquality1:armhf (1.4.5-3build1) ... 778s Setting up libldb2:armhf (2:2.8.0+samba4.19.5+dfsg-4ubuntu9) ... 778s Setting up libavahi-client3:armhf (0.8-13ubuntu6) ... 778s Setting up libpam-pwquality:armhf (1.4.5-3build1) ... 778s Setting up samba-libs:armhf (2:4.19.5+dfsg-4ubuntu9) ... 778s Setting up python3-sss (2.9.4-1.1ubuntu6.1) ... 779s Setting up libsmbclient0:armhf (2:4.19.5+dfsg-4ubuntu9) ... 779s Setting up libpam-sss:armhf (2.9.4-1.1ubuntu6.1) ... 779s Setting up sssd-common (2.9.4-1.1ubuntu6.1) ... 779s Creating SSSD system user & group... 779s warn: The home directory `/var/lib/sss' already exists. Not touching this directory. 779s warn: Warning: The home directory `/var/lib/sss' does not belong to the user you are currently creating. 779s Warning: found usr.sbin.sssd in /etc/apparmor.d/force-complain, forcing complain mode 779s apparmor_parser: Unable to replace "/usr/sbin/sssd". apparmor_parser: Access denied. You need policy admin privileges to manage profiles. 779s 780s Created symlink /etc/systemd/system/sssd.service.wants/sssd-autofs.socket → /usr/lib/systemd/system/sssd-autofs.socket. 780s Created symlink /etc/systemd/system/sssd.service.wants/sssd-nss.socket → /usr/lib/systemd/system/sssd-nss.socket. 780s Created symlink /etc/systemd/system/sssd.service.wants/sssd-pam-priv.socket → /usr/lib/systemd/system/sssd-pam-priv.socket. 780s Created symlink /etc/systemd/system/sssd.service.wants/sssd-pam.socket → /usr/lib/systemd/system/sssd-pam.socket. 781s Created symlink /etc/systemd/system/sssd.service.wants/sssd-ssh.socket → /usr/lib/systemd/system/sssd-ssh.socket. 781s Created symlink /etc/systemd/system/sssd.service.wants/sssd-sudo.socket → /usr/lib/systemd/system/sssd-sudo.socket. 781s Created symlink /etc/systemd/system/multi-user.target.wants/sssd.service → /usr/lib/systemd/system/sssd.service. 782s sssd-autofs.service is a disabled or a static unit, not starting it. 782s sssd-nss.service is a disabled or a static unit, not starting it. 782s sssd-pam.service is a disabled or a static unit, not starting it. 782s sssd-ssh.service is a disabled or a static unit, not starting it. 782s sssd-sudo.service is a disabled or a static unit, not starting it. 782s Could not execute systemctl: at /usr/bin/deb-systemd-invoke line 148. 782s Setting up sssd-proxy (2.9.4-1.1ubuntu6.1) ... 782s Setting up sssd-ad-common (2.9.4-1.1ubuntu6.1) ... 782s Created symlink /etc/systemd/system/sssd.service.wants/sssd-pac.socket → /usr/lib/systemd/system/sssd-pac.socket. 783s sssd-pac.service is a disabled or a static unit, not starting it. 783s Could not execute systemctl: at /usr/bin/deb-systemd-invoke line 148. 783s Setting up sssd-krb5-common (2.9.4-1.1ubuntu6.1) ... 783s Setting up sssd-krb5 (2.9.4-1.1ubuntu6.1) ... 783s Setting up sssd-ldap (2.9.4-1.1ubuntu6.1) ... 783s Setting up sssd-ad (2.9.4-1.1ubuntu6.1) ... 783s Setting up sssd-ipa (2.9.4-1.1ubuntu6.1) ... 783s Setting up sssd (2.9.4-1.1ubuntu6.1) ... 783s Processing triggers for man-db (2.12.0-4build2) ... 783s Processing triggers for libc-bin (2.39-0ubuntu8.3) ... 800s autopkgtest [21:11:36]: test sssd-softhism2-certificates-tests.sh: [----------------------- 802s + '[' -z ubuntu ']' 802s + required_tools=(p11tool openssl softhsm2-util) 802s + for cmd in "${required_tools[@]}" 802s + command -v p11tool 802s + for cmd in "${required_tools[@]}" 802s + command -v openssl 802s + for cmd in "${required_tools[@]}" 802s + command -v softhsm2-util 802s + PIN=053350 802s +++ find /usr/lib/softhsm/libsofthsm2.so 802s +++ head -n 1 802s ++ realpath /usr/lib/softhsm/libsofthsm2.so 802s + SOFTHSM2_MODULE=/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so 802s + SSSD_P11_CHILD=/usr/libexec/sssd/p11_child 802s + TOKEN_ID=00112233445566778899FFAABBCCDDEEFF012345 802s + '[' '!' -v NO_SSSD_TESTS ']' 802s + '[' '!' -x /usr/libexec/sssd/p11_child ']' 802s + ca_db_arg=ca_db 802s ++ /usr/libexec/sssd/p11_child --help 802s + p11_child_help='Usage: p11_child [OPTION...] 802s -d, --debug-level=INT Debug level 802s --debug-timestamps=INT Add debug timestamps 802s --debug-microseconds=INT Show timestamps with microseconds 802s --dumpable=INT Allow core dumps 802s --debug-fd=INT An open file descriptor for the debug 802s logs 802s --logger=stderr|files|journald Set logger 802s --auth Run in auth mode 802s --pre Run in pre-auth mode 802s --wait_for_card Wait until card is available 802s --verification Run in verification mode 802s --pin Expect PIN on stdin 802s --keypad Expect PIN on keypad 802s --verify=STRING Tune validation 802s --ca_db=STRING CA DB to use 802s --module_name=STRING Module name for authentication 802s --token_name=STRING Token name for authentication 802s --key_id=STRING Key ID for authentication 802s --label=STRING Label for authentication 802s --certificate=STRING certificate to verify, base64 encoded 802s --uri=STRING PKCS#11 URI to restrict selection 802s --chain-id=LONG Tevent chain ID used for logging 802s purposes 802s 802s Help options: 802s -?, --help Show this help message 802s --usage Display brief usage message' 802s + echo 'Usage: p11_child [OPTION...] 802s -d, --debug-level=INT Debug level 802s --debug-timestamps=INT Add debug timestamps 802s --debug-microseconds=INT Show timestamps with microseconds 802s --dumpable=INT Allow core dumps 802s --debug-fd=INT An open file descriptor for the debug 802s logs 802s --logger=stderr|files|journald Set logger 802s --auth Run in auth mode 802s --pre Run in pre-auth mode 802s --wait_for_card Wait until card is available 802s --verification Run in verification mode 802s --pin Expect PIN on stdin 802s --keypad Expect PIN on keypad 802s --verify=STRING Tune validation 802s --ca_db=STRING CA DB to use 802s --module_name=STRING Module name for authentication 802s --token_name=STRING Token name for authentication 802s --key_id=STRING Key ID for authentication 802s --label=STRING Label for authentication 802s --certificate=STRING certificate to verify, base64 encoded 802s --uri=STRING PKCS#11 URI to restrict selection 802s --chain-id=LONG Tevent chain ID used for logging 802s purposes 802s 802s Help options: 802s -?, --help Show this help message 802s --usage Display brief usage message' 802s + grep nssdb -qs 802s + echo 'Usage: p11_child [OPTION...] 802s -d, --debug-level=INT Debug level 802s --debug-timestamps=INT Add debug timestamps 802s --debug-microseconds=INT Show timestamps with microseconds 802s --dumpable=INT Allow core dumps 802s --debug-fd=INT An open file descriptor for the debug 802s logs 802s --logger=stderr|files|journald Set logger 802s --auth Run in auth mode 802s --pre Run in pre-auth mode 802s --wait_for_card Wait until card is available 802s --verification Run in verification mode 802s --pin Expect PIN on stdin 802s --keypad Expect PIN on keypad 802s --verify=STRING Tune validation 802s --ca_db=STRING CA DB to use 802s --module_name=STRING Module name for authentication 802s --token_name=STRING Token name for authentication 802s --key_id=STRING Key ID for authentication 802s --label=STRING Label for authentication 802s --certificate=STRING certificate to verify, base64 encoded 802s --uri=STRING PKCS#11 URI to restrict selection 802s --chain-id=LONG Tevent chain ID used for logging 802s purposes 802s 802s Help options: 802s -?, --help Show this help message 802s --usage Display brief usage message' 802s + grep -qs -- --ca_db 802s + '[' '!' -e /usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so ']' 802s ++ mktemp -d -t sssd-softhsm2-XXXXXX 802s + tmpdir=/tmp/sssd-softhsm2-E5oH29 802s + keys_size=1024 802s + [[ ! -v KEEP_TEMPORARY_FILES ]] 802s + trap 'rm -rf "$tmpdir"' EXIT 802s + trap 'set +x; echo -e "\nUnexpected failure!!!"' ERR 802s + echo -n 01 802s + touch /tmp/sssd-softhsm2-E5oH29/index.txt 802s + mkdir -p /tmp/sssd-softhsm2-E5oH29/new_certs 802s + cat 802s + root_ca_key_pass=pass:random-root-CA-password-24025 802s + openssl genrsa -aes256 -out /tmp/sssd-softhsm2-E5oH29/test-root-CA-key.pem -passout pass:random-root-CA-password-24025 1024 802s + openssl req -passin pass:random-root-CA-password-24025 -batch -config /tmp/sssd-softhsm2-E5oH29/test-root-CA.config -x509 -new -nodes -key /tmp/sssd-softhsm2-E5oH29/test-root-CA-key.pem -sha256 -days 1024 -set_serial 0 -extensions v3_ca -out /tmp/sssd-softhsm2-E5oH29/test-root-CA.pem 802s + openssl x509 -noout -in /tmp/sssd-softhsm2-E5oH29/test-root-CA.pem 802s + cat 802s + intermediate_ca_key_pass=pass:random-intermediate-CA-password-31427 802s + openssl genrsa -aes256 -out /tmp/sssd-softhsm2-E5oH29/test-intermediate-CA-key.pem -passout pass:random-intermediate-CA-password-31427 1024 802s + openssl req -batch -new -nodes -passin pass:random-intermediate-CA-password-31427 -config /tmp/sssd-softhsm2-E5oH29/test-intermediate-CA.config -key /tmp/sssd-softhsm2-E5oH29/test-intermediate-CA-key.pem -passout pass:random-root-CA-password-24025 -sha256 -extensions v3_ca -out /tmp/sssd-softhsm2-E5oH29/test-intermediate-CA-certificate-request.pem 802s + openssl req -text -noout -in /tmp/sssd-softhsm2-E5oH29/test-intermediate-CA-certificate-request.pem 802s Certificate Request: 802s Data: 802s Version: 1 (0x0) 802s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate CA 802s Subject Public Key Info: 802s Public Key Algorithm: rsaEncryption 802s Public-Key: (1024 bit) 802s Modulus: 802s 00:d1:bc:a7:a6:3b:eb:20:04:85:16:6a:42:a5:3b: 802s 00:a4:5f:84:9a:33:6e:7f:ad:d9:07:91:a5:69:99: 802s 3c:ac:fd:5d:d3:d3:60:52:cc:b8:b5:2d:65:e8:dc: 802s 48:92:47:a6:64:fc:7c:bd:07:bd:3b:47:84:b4:4f: 802s af:dc:99:2a:b2:a9:58:d7:87:b8:a5:7f:66:6b:64: 802s 4b:11:d8:70:4f:83:a7:d8:8d:c2:17:2c:56:81:65: 802s 29:aa:d2:8b:b8:89:df:e4:55:4b:0e:71:c9:f5:3a: 802s 53:c0:7e:03:3e:62:ba:c0:ab:44:b8:52:5c:f9:b0: 802s d5:16:81:3a:95:af:c6:a1:37 802s Exponent: 65537 (0x10001) 802s Attributes: 802s (none) 802s Requested Extensions: 802s Signature Algorithm: sha256WithRSAEncryption 802s Signature Value: 802s c3:a7:53:28:32:09:b0:f9:4f:8f:a1:99:cf:0b:d5:82:79:b6: 802s a4:79:f2:1a:3e:1e:bd:6f:11:00:1f:e3:fa:38:75:b1:87:9f: 802s 7a:93:dc:9e:86:9e:1c:69:e1:ae:68:c6:5b:27:43:da:5c:e6: 802s 27:ce:7e:02:23:07:41:97:88:8f:39:25:70:be:0c:2b:d7:65: 802s a4:c2:d3:d0:84:60:7c:bf:f7:bb:db:f7:3a:82:34:59:58:6b: 802s 30:da:ef:01:fc:83:9a:89:e6:01:42:bc:ee:a6:55:ec:86:fd: 802s d9:90:57:4a:c8:65:74:7c:57:88:b9:02:19:41:0c:bd:ed:09: 802s 2d:55 802s + openssl ca -batch -notext -config /tmp/sssd-softhsm2-E5oH29/test-root-CA.config -passin pass:random-root-CA-password-24025 -keyfile /tmp/sssd-softhsm2-E5oH29/test-root-CA-key.pem -in /tmp/sssd-softhsm2-E5oH29/test-intermediate-CA-certificate-request.pem -days 365 -extensions v3_intermediate_ca -out /tmp/sssd-softhsm2-E5oH29/test-intermediate-CA.pem 802s Using configuration from /tmp/sssd-softhsm2-E5oH29/test-root-CA.config 802s Check that the request matches the signature 802s Signature ok 802s Certificate Details: 802s Serial Number: 1 (0x1) 802s Validity 802s Not Before: Nov 29 21:11:38 2024 GMT 802s Not After : Nov 29 21:11:38 2025 GMT 802s Subject: 802s organizationName = Test Organization 802s organizationalUnitName = Test Organization Unit 802s commonName = Test Organization Intermediate CA 802s X509v3 extensions: 802s X509v3 Subject Key Identifier: 802s 82:A1:64:76:5B:87:8B:6F:11:25:51:41:04:15:8F:83:46:EA:1E:A5 802s X509v3 Authority Key Identifier: 802s keyid:AC:6C:80:5C:9D:6C:D2:33:3A:A8:88:D8:C9:AB:2F:E0:DA:8C:E1:F2 802s DirName:/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root CA 802s serial:00 802s X509v3 Basic Constraints: 802s CA:TRUE 802s X509v3 Key Usage: critical 802s Digital Signature, Certificate Sign, CRL Sign 802s Certificate is to be certified until Nov 29 21:11:38 2025 GMT (365 days) 802s 802s Write out database with 1 new entries 802s Database updated 802s + openssl x509 -noout -in /tmp/sssd-softhsm2-E5oH29/test-intermediate-CA.pem 802s + openssl verify -CAfile /tmp/sssd-softhsm2-E5oH29/test-root-CA.pem /tmp/sssd-softhsm2-E5oH29/test-intermediate-CA.pem 802s + cat 802s /tmp/sssd-softhsm2-E5oH29/test-intermediate-CA.pem: OK 802s + sub_intermediate_ca_key_pass=pass:random-sub-intermediate-CA-password-24989 802s + openssl genrsa -aes256 -out /tmp/sssd-softhsm2-E5oH29/test-sub-intermediate-CA-key.pem -passout pass:random-sub-intermediate-CA-password-24989 1024 802s + openssl req -batch -new -nodes -passin pass:random-sub-intermediate-CA-password-24989 -config /tmp/sssd-softhsm2-E5oH29/test-sub-intermediate-CA.config -key /tmp/sssd-softhsm2-E5oH29/test-sub-intermediate-CA-key.pem -passout pass:random-intermediate-CA-password-31427 -sha256 -extensions v3_ca -out /tmp/sssd-softhsm2-E5oH29/test-sub-intermediate-CA-certificate-request.pem 802s + openssl req -text -noout -in /tmp/sssd-softhsm2-E5oH29/test-sub-intermediate-CA-certificate-request.pem 802s + openssl ca -batch -notext -config /tmp/sssd-softhsm2-E5oH29/test-intermediate-CA.config -passin pass:random-intermediate-CA-password-31427 -keyfile /tmp/sssd-softhsm2-E5oH29/test-intermediate-CA-key.pem -in /tmp/sssd-softhsm2-E5oH29/test-sub-intermediate-CA-certificate-request.pem -days 365 -extensions v3_intermediate_ca -out /tmp/sssd-softhsm2-E5oH29/test-sub-intermediate-CA.pem 802s Certificate Request: 802s Data: 802s Version: 1 (0x0) 802s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate CA 802s Subject Public Key Info: 802s Public Key Algorithm: rsaEncryption 802s Public-Key: (1024 bit) 802s Modulus: 802s 00:ee:92:fa:b1:88:f0:72:e7:2d:12:87:26:f5:c1: 802s 7d:64:40:64:b0:41:f0:68:e4:6b:84:65:67:89:4b: 802s 4f:34:63:6f:ef:65:2e:e8:0c:f2:2e:34:3d:ef:91: 802s f4:36:50:3d:bb:ca:b7:3e:70:99:76:be:c0:b6:ec: 802s e8:84:70:25:43:06:91:2a:6f:9e:cf:01:cf:cc:2c: 802s 9a:ac:7e:e0:b9:e3:f2:b6:24:f6:7a:0c:dc:fe:28: 802s 41:98:3e:b4:75:78:86:36:f1:1e:bb:dc:d3:80:26: 802s 51:48:5f:85:9c:d9:29:a6:a2:ac:87:6e:df:5b:ae: 802s 34:b3:12:b0:66:8f:8a:f5:79 802s Exponent: 65537 (0x10001) 802s Attributes: 802s (none) 802s Requested Extensions: 802s Signature Algorithm: sha256WithRSAEncryption 802s Signature Value: 802s 18:a6:66:7a:d3:e5:66:29:8e:ec:df:37:a1:56:42:54:29:94: 802s 34:cd:b0:f3:bb:6b:a3:e6:fc:ff:37:b6:5e:0e:8e:8f:42:86: 802s f3:1b:05:e4:af:45:d4:3d:1f:e5:3f:71:61:fb:04:53:84:d0: 802s 5b:a1:90:73:36:ac:b8:37:e2:9a:d0:42:dd:6f:30:c2:23:bc: 802s f9:a9:cf:80:5c:d6:28:e2:57:36:df:99:c0:a4:89:70:e3:46: 802s ae:bb:cb:e1:49:34:bc:b7:8e:3f:da:22:49:da:2c:8d:e7:6f: 802s 35:42:bc:83:d7:e9:15:75:4f:71:87:35:a3:78:f2:34:e2:57: 802s 6a:23 802s Using configuration from /tmp/sssd-softhsm2-E5oH29/test-intermediate-CA.config 802s Check that the request matches the signature 802s Signature ok 802s Certificate Details: 802s Serial Number: 2 (0x2) 802s Validity 802s Not Before: Nov 29 21:11:38 2024 GMT 802s Not After : Nov 29 21:11:38 2025 GMT 802s Subject: 802s organizationName = Test Organization 802s organizationalUnitName = Test Organization Unit 802s commonName = Test Organization Sub Intermediate CA 802s X509v3 extensions: 802s X509v3 Subject Key Identifier: 802s F3:9A:A4:97:CC:41:9D:FF:8F:D4:6A:64:0F:30:AF:D8:B4:84:92:90 802s X509v3 Authority Key Identifier: 802s keyid:82:A1:64:76:5B:87:8B:6F:11:25:51:41:04:15:8F:83:46:EA:1E:A5 802s DirName:/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root CA 802s serial:01 802s X509v3 Basic Constraints: 802s CA:TRUE 802s X509v3 Key Usage: critical 802s Digital Signature, Certificate Sign, CRL Sign 802s Certificate is to be certified until Nov 29 21:11:38 2025 GMT (365 days) 802s 802s Write out database with 1 new entries 802s Database updated 802s + openssl x509 -noout -in /tmp/sssd-softhsm2-E5oH29/test-sub-intermediate-CA.pem 802s + openssl verify -partial_chain -CAfile /tmp/sssd-softhsm2-E5oH29/test-intermediate-CA.pem /tmp/sssd-softhsm2-E5oH29/test-sub-intermediate-CA.pem 802s /tmp/sssd-softhsm2-E5oH29/test-sub-intermediate-CA.pem: OK 802s + expect_fail openssl verify -CAfile /tmp/sssd-softhsm2-E5oH29/test-root-CA.pem /tmp/sssd-softhsm2-E5oH29/test-sub-intermediate-CA.pem 802s + local cmd=openssl 802s + shift 802s + openssl verify -CAfile /tmp/sssd-softhsm2-E5oH29/test-root-CA.pem /tmp/sssd-softhsm2-E5oH29/test-sub-intermediate-CA.pem 802s O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate CA 802s error 20 at 0 depth lookup: unable to get local issuer certificate 802s error /tmp/sssd-softhsm2-E5oH29/test-sub-intermediate-CA.pem: verification failed 802s + cat 802s + root_ca_trusted_cert_0001_key_pass=pass:random-root-ca-trusted-cert-0001-3473 802s + openssl genrsa -aes256 -out /tmp/sssd-softhsm2-E5oH29/test-root-CA-trusted-certificate-0001-key.pem -passout pass:random-root-ca-trusted-cert-0001-3473 1024 803s + openssl req -new -nodes -reqexts req_exts -passin pass:random-root-ca-trusted-cert-0001-3473 -key /tmp/sssd-softhsm2-E5oH29/test-root-CA-trusted-certificate-0001-key.pem -config /tmp/sssd-softhsm2-E5oH29/test-root-CA-trusted-certificate-0001.config -out /tmp/sssd-softhsm2-E5oH29/test-root-CA-trusted-certificate-0001-request.pem 803s + openssl req -text -noout -in /tmp/sssd-softhsm2-E5oH29/test-root-CA-trusted-certificate-0001-request.pem 803s Certificate Request: 803s Data: 803s Version: 1 (0x0) 803s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root Trusted Certificate 0001 803s Subject Public Key Info: 803s Public Key Algorithm: rsaEncryption 803s Public-Key: (1024 bit) 803s Modulus: 803s 00:9c:b7:dc:3e:b9:41:37:13:73:28:01:af:2e:01: 803s 94:68:77:a3:47:aa:70:77:85:fc:2c:6c:37:37:91: 803s 76:2d:96:6c:26:c1:0c:ae:82:04:b8:d3:0f:94:40: 803s 84:25:dc:91:ca:53:c4:5b:42:fc:f4:1e:45:b6:94: 803s 7a:b6:cf:66:41:2f:ec:82:48:9c:5d:a4:49:b0:bf: 803s 79:1c:8b:9a:bb:14:2b:a5:2f:8b:eb:67:f0:a9:1c: 803s d7:7f:04:c7:3c:c5:7c:99:a2:a6:61:43:12:e2:f5: 803s 69:30:5f:e0:21:3e:d7:6e:92:b7:03:b6:fe:45:e3: 803s 9c:04:ec:f3:20:1e:dd:1c:8b 803s Exponent: 65537 (0x10001) 803s Attributes: 803s Requested Extensions: 803s X509v3 Basic Constraints: 803s CA:FALSE 803s Netscape Cert Type: 803s SSL Client, S/MIME 803s Netscape Comment: 803s Test Organization Root CA trusted Certificate 803s X509v3 Subject Key Identifier: 803s D5:B2:13:8F:08:D1:02:00:53:38:1F:75:9C:23:46:F0:1D:9E:AA:C2 803s X509v3 Key Usage: critical 803s Digital Signature, Non Repudiation, Key Encipherment 803s X509v3 Extended Key Usage: 803s TLS Web Client Authentication, E-mail Protection 803s X509v3 Subject Alternative Name: 803s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 803s Signature Algorithm: sha256WithRSAEncryption 803s Signature Value: 803s 43:38:99:ba:97:3e:82:f3:c7:88:06:9d:9c:d9:1d:1f:96:9b: 803s 47:20:a3:98:f2:81:d2:88:90:cd:ec:e5:4d:56:e1:55:8d:05: 803s 99:bc:2d:f3:79:b7:19:27:c7:3c:86:f2:a4:e0:53:06:15:38: 803s 40:66:40:de:08:9c:79:cc:25:05:3c:ef:c4:6b:0a:7d:3e:53: 803s 4d:37:48:71:f2:e4:22:58:39:63:a3:13:fe:87:65:53:df:27: 803s 85:fe:f7:66:25:ed:31:0f:b8:26:75:b5:34:b2:c7:92:af:4c: 803s 16:76:69:af:42:f4:a6:ef:0e:3e:95:39:3d:fa:cd:db:d1:8b: 803s 3f:98 803s + openssl ca -batch -notext -config /tmp/sssd-softhsm2-E5oH29/test-root-CA.config -passin pass:random-root-CA-password-24025 -keyfile /tmp/sssd-softhsm2-E5oH29/test-root-CA-key.pem -in /tmp/sssd-softhsm2-E5oH29/test-root-CA-trusted-certificate-0001-request.pem -days 365 -extensions usr_cert -out /tmp/sssd-softhsm2-E5oH29/test-root-CA-trusted-certificate-0001.pem 803s Using configuration from /tmp/sssd-softhsm2-E5oH29/test-root-CA.config 803s Check that the request matches the signature 803s Signature ok 803s Certificate Details: 803s Serial Number: 3 (0x3) 803s Validity 803s Not Before: Nov 29 21:11:39 2024 GMT 803s Not After : Nov 29 21:11:39 2025 GMT 803s Subject: 803s organizationName = Test Organization 803s organizationalUnitName = Test Organization Unit 803s commonName = Test Organization Root Trusted Certificate 0001 803s X509v3 extensions: 803s X509v3 Authority Key Identifier: 803s AC:6C:80:5C:9D:6C:D2:33:3A:A8:88:D8:C9:AB:2F:E0:DA:8C:E1:F2 803s X509v3 Basic Constraints: 803s CA:FALSE 803s Netscape Cert Type: 803s SSL Client, S/MIME 803s Netscape Comment: 803s Test Organization Root CA trusted Certificate 803s X509v3 Subject Key Identifier: 803s D5:B2:13:8F:08:D1:02:00:53:38:1F:75:9C:23:46:F0:1D:9E:AA:C2 803s X509v3 Key Usage: critical 803s Digital Signature, Non Repudiation, Key Encipherment 803s X509v3 Extended Key Usage: 803s TLS Web Client Authentication, E-mail Protection 803s X509v3 Subject Alternative Name: 803s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 803s Certificate is to be certified until Nov 29 21:11:39 2025 GMT (365 days) 803s 803s Write out database with 1 new entries 803s Database updated 803s + openssl x509 -noout -in /tmp/sssd-softhsm2-E5oH29/test-root-CA-trusted-certificate-0001.pem 803s + openssl verify -CAfile /tmp/sssd-softhsm2-E5oH29/test-root-CA.pem /tmp/sssd-softhsm2-E5oH29/test-root-CA-trusted-certificate-0001.pem 803s + expect_fail openssl verify -CAfile /tmp/sssd-softhsm2-E5oH29/test-intermediate-CA.pem /tmp/sssd-softhsm2-E5oH29/test-root-CA-trusted-certificate-0001.pem 803s + local cmd=openssl 803s + shift 803s + openssl verify -CAfile /tmp/sssd-softhsm2-E5oH29/test-intermediate-CA.pem /tmp/sssd-softhsm2-E5oH29/test-root-CA-trusted-certificate-0001.pem 803s /tmp/sssd-softhsm2-E5oH29/test-root-CA-trusted-certificate-0001.pem: OK 803s O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root Trusted Certificate 0001 803s error 20 at 0 depth lookup: unable to get local issuer certificate 803s error /tmp/sssd-softhsm2-E5oH29/test-root-CA-trusted-certificate-0001.pem: verification failed 803s + cat 803s + intermediate_ca_trusted_cert_0001_key_pass=pass:random-intermediate-ca-trusted-cert-0001-5509 803s + openssl genrsa -aes256 -out /tmp/sssd-softhsm2-E5oH29/test-intermediate-CA-trusted-certificate-0001-key.pem -passout pass:random-intermediate-ca-trusted-cert-0001-5509 1024 803s + openssl req -new -nodes -reqexts req_exts -passin pass:random-intermediate-ca-trusted-cert-0001-5509 -key /tmp/sssd-softhsm2-E5oH29/test-intermediate-CA-trusted-certificate-0001-key.pem -config /tmp/sssd-softhsm2-E5oH29/test-intermediate-CA-trusted-certificate-0001.config -out /tmp/sssd-softhsm2-E5oH29/test-intermediate-CA-trusted-certificate-0001-request.pem 803s + openssl req -text -noout -in /tmp/sssd-softhsm2-E5oH29/test-intermediate-CA-trusted-certificate-0001-request.pem 803s Certificate Request: 803s Data: 803s Version: 1 (0x0) 803s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate Trusted Certificate 0001 803s Subject Public Key Info: 803s Public Key Algorithm: rsaEncryption 803s Public-Key: (1024 bit) 803s Modulus: 803s 00:a7:49:bc:0a:c8:36:d1:d9:06:11:d9:ec:c3:1b: 803s 2e:5b:db:de:ee:3d:e1:ae:73:68:bc:30:76:0e:c7: 803s 1f:b9:89:34:d7:71:3a:98:1f:c9:6e:d2:12:82:64: 803s 93:4a:11:4d:f6:e6:5b:a3:cb:7a:1e:83:79:67:71: 803s 96:be:d8:62:16:75:ac:26:4e:4e:43:bb:dd:fb:48: 803s 85:7f:0c:96:96:13:91:fb:4f:6f:d1:77:10:0a:6e: 803s de:b8:56:93:26:7d:e9:f2:fe:98:0c:29:e8:33:f3: 803s ba:b0:9e:5d:5b:c0:c5:96:26:f8:67:a8:22:ee:b6: 803s 23:89:45:10:fd:41:05:3a:7b 803s Exponent: 65537 (0x10001) 803s Attributes: 803s Requested Extensions: 803s X509v3 Basic Constraints: 803s CA:FALSE 803s Netscape Cert Type: 803s SSL Client, S/MIME 803s Netscape Comment: 803s Test Organization Intermediate CA trusted Certificate 803s X509v3 Subject Key Identifier: 803s F5:B3:7E:9D:EB:BA:5D:04:CD:34:DA:B7:C8:00:71:D1:DE:DE:FE:42 803s X509v3 Key Usage: critical 803s Digital Signature, Non Repudiation, Key Encipherment 803s X509v3 Extended Key Usage: 803s TLS Web Client Authentication, E-mail Protection 803s X509v3 Subject Alternative Name: 803s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 803s Signature Algorithm: sha256WithRSAEncryption 803s Signature Value: 803s 5c:97:01:c4:0b:9e:57:e6:57:f7:c0:3f:55:70:c0:9e:9f:0a: 803s 3b:32:7f:47:b5:1c:2a:68:48:f1:56:f9:20:be:c1:98:ba:9b: 803s 90:4e:50:d0:9f:45:2b:04:86:86:2d:51:9d:42:72:17:a5:fa: 803s ed:10:9f:eb:f8:22:0b:25:b1:ad:1b:be:28:e9:61:1e:8b:55: 803s e0:da:d6:f8:d9:af:33:35:69:50:db:4c:1d:3d:0a:03:10:3f: 803s 68:bc:a5:04:30:a6:cd:15:63:75:a3:67:9b:f3:d7:42:d6:21: 803s ba:f0:67:30:aa:e6:2f:33:59:21:9d:05:13:96:a9:7e:59:eb: 803s ea:43 803s + openssl ca -passin pass:random-intermediate-CA-password-31427 -config /tmp/sssd-softhsm2-E5oH29/test-intermediate-CA.config -batch -notext -keyfile /tmp/sssd-softhsm2-E5oH29/test-intermediate-CA-key.pem -in /tmp/sssd-softhsm2-E5oH29/test-intermediate-CA-trusted-certificate-0001-request.pem -days 365 -extensions usr_cert -out /tmp/sssd-softhsm2-E5oH29/test-intermediate-CA-trusted-certificate-0001.pem 803s Using configuration from /tmp/sssd-softhsm2-E5oH29/test-intermediate-CA.config 803s Check that the request matches the signature 803s Signature ok 803s Certificate Details: 803s Serial Number: 4 (0x4) 803s Validity 803s Not Before: Nov 29 21:11:39 2024 GMT 803s Not After : Nov 29 21:11:39 2025 GMT 803s Subject: 803s organizationName = Test Organization 803s organizationalUnitName = Test Organization Unit 803s commonName = Test Organization Intermediate Trusted Certificate 0001 803s X509v3 extensions: 803s X509v3 Authority Key Identifier: 803s 82:A1:64:76:5B:87:8B:6F:11:25:51:41:04:15:8F:83:46:EA:1E:A5 803s X509v3 Basic Constraints: 803s CA:FALSE 803s Netscape Cert Type: 803s SSL Client, S/MIME 803s Netscape Comment: 803s Test Organization Intermediate CA trusted Certificate 803s X509v3 Subject Key Identifier: 803s F5:B3:7E:9D:EB:BA:5D:04:CD:34:DA:B7:C8:00:71:D1:DE:DE:FE:42 803s X509v3 Key Usage: critical 803s Digital Signature, Non Repudiation, Key Encipherment 803s X509v3 Extended Key Usage: 803s TLS Web Client Authentication, E-mail Protection 803s X509v3 Subject Alternative Name: 803s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 803s Certificate is to be certified until Nov 29 21:11:39 2025 GMT (365 days) 803s 803s Write out database with 1 new entries 803s Database updated 803s + openssl x509 -noout -in /tmp/sssd-softhsm2-E5oH29/test-intermediate-CA-trusted-certificate-0001.pem 803s + echo 'This certificate should not be trusted fully' 803s + expect_fail openssl verify -CAfile /tmp/sssd-softhsm2-E5oH29/test-intermediate-CA.pem /tmp/sssd-softhsm2-E5oH29/test-intermediate-CA-trusted-certificate-0001.pem 803s + local cmd=openssl 803s + shift 803s + openssl verify -CAfile /tmp/sssd-softhsm2-E5oH29/test-intermediate-CA.pem /tmp/sssd-softhsm2-E5oH29/test-intermediate-CA-trusted-certificate-0001.pem 803s This certificate should not be trusted fully 803s O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate CA 803s error 2 at 1 depth lookup: unable to get issuer certificate 803s error /tmp/sssd-softhsm2-E5oH29/test-intermediate-CA-trusted-certificate-0001.pem: verification failed 803s + openssl verify -partial_chain -CAfile /tmp/sssd-softhsm2-E5oH29/test-intermediate-CA.pem /tmp/sssd-softhsm2-E5oH29/test-intermediate-CA-trusted-certificate-0001.pem 803s + cat 803s /tmp/sssd-softhsm2-E5oH29/test-intermediate-CA-trusted-certificate-0001.pem: OK 803s + sub_intermediate_ca_trusted_cert_0001_key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-1093 803s + openssl genrsa -aes256 -out /tmp/sssd-softhsm2-E5oH29/test-sub-intermediate-CA-trusted-certificate-0001-key.pem -passout pass:random-sub-intermediate-ca-trusted-cert-0001-1093 1024 803s + openssl req -new -nodes -reqexts req_exts -passin pass:random-sub-intermediate-ca-trusted-cert-0001-1093 -key /tmp/sssd-softhsm2-E5oH29/test-sub-intermediate-CA-trusted-certificate-0001-key.pem -config /tmp/sssd-softhsm2-E5oH29/test-sub-intermediate-CA-trusted-certificate-0001.config -out /tmp/sssd-softhsm2-E5oH29/test-sub-intermediate-CA-trusted-certificate-0001-request.pem 803s + openssl req -text -noout -in /tmp/sssd-softhsm2-E5oH29/test-sub-intermediate-CA-trusted-certificate-0001-request.pem 803s Certificate Request: 803s Data: 803s Version: 1 (0x0) 803s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate Trusted Certificate 0001 803s Subject Public Key Info: 803s Public Key Algorithm: rsaEncryption 803s Public-Key: (1024 bit) 803s Modulus: 803s 00:c4:1f:84:cc:68:4f:99:5f:4d:e6:08:35:e2:35: 803s 98:00:7d:17:77:6b:96:5c:3c:30:e3:18:a6:48:cf: 803s b5:09:de:ed:c4:6b:a2:3a:58:9d:79:ee:4a:82:a2: 803s 6b:ed:a1:78:86:51:b4:7a:46:7d:d7:73:e2:fc:8d: 803s 76:d6:ef:be:85:ae:a5:b3:97:7c:f7:4d:a6:e0:7c: 803s e1:8d:22:7d:60:cb:6e:e7:47:7c:c7:ce:97:e3:9a: 803s fd:f7:ac:1a:b8:6d:8d:f3:27:23:45:e4:1f:4e:aa: 803s a2:22:6a:97:dd:da:83:9d:52:25:bf:79:c8:9f:89: 803s d1:88:a6:de:82:8d:b9:d1:5d 803s Exponent: 65537 (0x10001) 803s Attributes: 803s Requested Extensions: 803s X509v3 Basic Constraints: 803s CA:FALSE 803s Netscape Cert Type: 803s SSL Client, S/MIME 803s Netscape Comment: 803s Test Organization Sub Intermediate CA trusted Certificate 803s X509v3 Subject Key Identifier: 803s 7E:CF:6C:A9:A2:D0:08:FB:4E:30:A4:52:93:DD:CA:C0:BA:3D:81:A1 803s X509v3 Key Usage: critical 803s Digital Signature, Non Repudiation, Key Encipherment 803s X509v3 Extended Key Usage: 803s TLS Web Client Authentication, E-mail Protection 803s X509v3 Subject Alternative Name: 803s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 803s Signature Algorithm: sha256WithRSAEncryption 803s Signature Value: 803s b1:0b:7e:3d:46:cf:66:79:d7:1c:3a:14:82:45:8a:69:0f:ca: 803s d6:bb:84:4b:94:3a:1f:2d:c7:49:42:fa:eb:20:32:73:c8:18: 803s a4:6f:99:77:3f:97:67:44:21:20:43:a4:c4:54:11:6f:23:95: 803s fe:c4:6a:60:95:ec:59:57:d0:36:7b:c4:c8:76:7b:57:a7:56: 803s 4f:dc:41:82:a3:34:02:ae:f1:70:76:6f:7e:20:e4:32:b0:6d: 803s 7b:20:ab:9b:04:92:c0:67:f0:37:aa:63:06:0a:47:b2:58:10: 803s 0d:c2:20:94:c1:00:a1:46:7f:67:46:d7:c7:d8:11:34:0a:7c: 803s 72:83 803s + openssl ca -passin pass:random-sub-intermediate-CA-password-24989 -config /tmp/sssd-softhsm2-E5oH29/test-sub-intermediate-CA.config -batch -notext -keyfile /tmp/sssd-softhsm2-E5oH29/test-sub-intermediate-CA-key.pem -in /tmp/sssd-softhsm2-E5oH29/test-sub-intermediate-CA-trusted-certificate-0001-request.pem -days 365 -extensions usr_cert -out /tmp/sssd-softhsm2-E5oH29/test-sub-intermediate-CA-trusted-certificate-0001.pem 803s Using configuration from /tmp/sssd-softhsm2-E5oH29/test-sub-intermediate-CA.config 803s Check that the request matches the signature 803s Signature ok 803s Certificate Details: 803s Serial Number: 5 (0x5) 803s Validity 803s Not Before: Nov 29 21:11:39 2024 GMT 803s Not After : Nov 29 21:11:39 2025 GMT 803s Subject: 803s organizationName = Test Organization 803s organizationalUnitName = Test Organization Unit 803s commonName = Test Organization Sub Intermediate Trusted Certificate 0001 803s X509v3 extensions: 803s X509v3 Authority Key Identifier: 803s F3:9A:A4:97:CC:41:9D:FF:8F:D4:6A:64:0F:30:AF:D8:B4:84:92:90 803s X509v3 Basic Constraints: 803s CA:FALSE 803s Netscape Cert Type: 803s SSL Client, S/MIME 803s Netscape Comment: 803s Test Organization Sub Intermediate CA trusted Certificate 803s X509v3 Subject Key Identifier: 803s 7E:CF:6C:A9:A2:D0:08:FB:4E:30:A4:52:93:DD:CA:C0:BA:3D:81:A1 803s X509v3 Key Usage: critical 803s Digital Signature, Non Repudiation, Key Encipherment 803s X509v3 Extended Key Usage: 803s TLS Web Client Authentication, E-mail Protection 803s X509v3 Subject Alternative Name: 803s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 803s Certificate is to be certified until Nov 29 21:11:39 2025 GMT (365 days) 803s 803s Write out database with 1 new entries 803s Database updated 803s + openssl x509 -noout -in /tmp/sssd-softhsm2-E5oH29/test-sub-intermediate-CA-trusted-certificate-0001.pem 803s + echo 'This certificate should not be trusted fully' 803s + expect_fail openssl verify -CAfile /tmp/sssd-softhsm2-E5oH29/test-sub-intermediate-CA.pem /tmp/sssd-softhsm2-E5oH29/test-sub-intermediate-CA-trusted-certificate-0001.pem 803s + local cmd=openssl 803s + shift 803s + openssl verify -CAfile /tmp/sssd-softhsm2-E5oH29/test-sub-intermediate-CA.pem /tmp/sssd-softhsm2-E5oH29/test-sub-intermediate-CA-trusted-certificate-0001.pem 803s This certificate should not be trusted fully 803s O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate CA 803s error 2 at 1 depth lookup: unable to get issuer certificate 803s error /tmp/sssd-softhsm2-E5oH29/test-sub-intermediate-CA-trusted-certificate-0001.pem: verification failed 803s + expect_fail openssl verify -CAfile /tmp/sssd-softhsm2-E5oH29/test-intermediate-CA.pem /tmp/sssd-softhsm2-E5oH29/test-sub-intermediate-CA-trusted-certificate-0001.pem 803s + local cmd=openssl 803s + shift 803s + openssl verify -CAfile /tmp/sssd-softhsm2-E5oH29/test-intermediate-CA.pem /tmp/sssd-softhsm2-E5oH29/test-sub-intermediate-CA-trusted-certificate-0001.pem 803s O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate Trusted Certificate 0001 803s error 20 at 0 depth lookup: unable to get local issuer certificate 803s error /tmp/sssd-softhsm2-E5oH29/test-sub-intermediate-CA-trusted-certificate-0001.pem: verification failed 803s + openssl verify -partial_chain -CAfile /tmp/sssd-softhsm2-E5oH29/test-sub-intermediate-CA.pem /tmp/sssd-softhsm2-E5oH29/test-sub-intermediate-CA-trusted-certificate-0001.pem 803s + expect_fail openssl verify -partial_chain -CAfile /tmp/sssd-softhsm2-E5oH29/test-intermediate-CA.pem /tmp/sssd-softhsm2-E5oH29/test-sub-intermediate-CA-trusted-certificate-0001.pem 803s + local cmd=openssl 803s + shift 803s + openssl verify -partial_chain -CAfile /tmp/sssd-softhsm2-E5oH29/test-intermediate-CA.pem /tmp/sssd-softhsm2-E5oH29/test-sub-intermediate-CA-trusted-certificate-0001.pem 803s /tmp/sssd-softhsm2-E5oH29/test-sub-intermediate-CA-trusted-certificate-0001.pem: OK 803s O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate Trusted Certificate 0001 803s error 20 at 0 depth lookup: unable to get local issuer certificate 803s error /tmp/sssd-softhsm2-E5oH29/test-sub-intermediate-CA-trusted-certificate-0001.pem: verification failed 803s + echo 'Building a the full-chain CA file...' 803s + cat /tmp/sssd-softhsm2-E5oH29/test-root-CA.pem /tmp/sssd-softhsm2-E5oH29/test-intermediate-CA.pem /tmp/sssd-softhsm2-E5oH29/test-sub-intermediate-CA.pem 803s Building a the full-chain CA file... 803s + cat /tmp/sssd-softhsm2-E5oH29/test-root-CA.pem /tmp/sssd-softhsm2-E5oH29/test-intermediate-CA.pem 803s + cat /tmp/sssd-softhsm2-E5oH29/test-intermediate-CA.pem /tmp/sssd-softhsm2-E5oH29/test-sub-intermediate-CA.pem 803s + openssl crl2pkcs7 -nocrl -certfile /tmp/sssd-softhsm2-E5oH29/test-full-chain-CA.pem 803s + openssl pkcs7 -print_certs -noout 803s + openssl verify -CAfile /tmp/sssd-softhsm2-E5oH29/test-full-chain-CA.pem /tmp/sssd-softhsm2-E5oH29/test-intermediate-CA.pem 803s subject=O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root CA 803s issuer=O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root CA 803s 803s subject=O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate CA 803s issuer=O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root CA 803s 803s subject=O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate CA 803s issuer=O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate CA 803s 803s + openssl verify -CAfile /tmp/sssd-softhsm2-E5oH29/test-full-chain-CA.pem /tmp/sssd-softhsm2-E5oH29/test-root-CA-trusted-certificate-0001.pem 803s /tmp/sssd-softhsm2-E5oH29/test-intermediate-CA.pem: OK 803s + openssl verify -CAfile /tmp/sssd-softhsm2-E5oH29/test-full-chain-CA.pem /tmp/sssd-softhsm2-E5oH29/test-intermediate-CA-trusted-certificate-0001.pem 803s /tmp/sssd-softhsm2-E5oH29/test-root-CA-trusted-certificate-0001.pem: OK 803s + openssl verify -CAfile /tmp/sssd-softhsm2-E5oH29/test-full-chain-CA.pem /tmp/sssd-softhsm2-E5oH29/test-root-intermediate-chain-CA.pem 803s /tmp/sssd-softhsm2-E5oH29/test-intermediate-CA-trusted-certificate-0001.pem: OK 803s /tmp/sssd-softhsm2-E5oH29/test-root-intermediate-chain-CA.pem: OK 803s + openssl verify -CAfile /tmp/sssd-softhsm2-E5oH29/test-full-chain-CA.pem /tmp/sssd-softhsm2-E5oH29/test-sub-intermediate-CA-trusted-certificate-0001.pem 803s /tmp/sssd-softhsm2-E5oH29/test-sub-intermediate-CA-trusted-certificate-0001.pem: OK 803s Certificates generation completed! 803s + echo 'Certificates generation completed!' 803s + [[ -v NO_SSSD_TESTS ]] 803s + invalid_certificate /tmp/sssd-softhsm2-E5oH29/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-3473 /dev/null 803s + check_certificate /tmp/sssd-softhsm2-E5oH29/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-3473 /dev/null 803s + local certificate=/tmp/sssd-softhsm2-E5oH29/test-root-CA-trusted-certificate-0001.pem 803s + local key_pass=pass:random-root-ca-trusted-cert-0001-3473 803s + local key_ring=/dev/null 803s + local verify_option= 803s + prepare_softhsm2_card /tmp/sssd-softhsm2-E5oH29/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-3473 803s + local certificate=/tmp/sssd-softhsm2-E5oH29/test-root-CA-trusted-certificate-0001.pem 803s + local key_pass=pass:random-root-ca-trusted-cert-0001-3473 803s + local key_cn 803s + local key_name 803s + local tokens_dir 803s + local output_cert_file 803s + token_name= 803s ++ basename /tmp/sssd-softhsm2-E5oH29/test-root-CA-trusted-certificate-0001.pem .pem 803s + key_name=test-root-CA-trusted-certificate-0001 803s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-E5oH29/test-root-CA-trusted-certificate-0001.pem 803s ++ sed -n 's/ *commonName *= //p' 803s + key_cn='Test Organization Root Trusted Certificate 0001' 803s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 803s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-E5oH29/softhsm2-test-root-CA-trusted-certificate-0001.conf 803s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-E5oH29/softhsm2-test-root-CA-trusted-certificate-0001.conf 803s ++ basename /tmp/sssd-softhsm2-E5oH29/softhsm2-test-root-CA-trusted-certificate-0001.conf .conf 803s + tokens_dir=/tmp/sssd-softhsm2-E5oH29/softhsm2-test-root-CA-trusted-certificate-0001 803s + token_name='Test Organization Root Tr Token' 803s + '[' '!' -e /tmp/sssd-softhsm2-E5oH29/softhsm2-test-root-CA-trusted-certificate-0001.conf ']' 803s + local key_file 803s + local decrypted_key 803s + mkdir -p /tmp/sssd-softhsm2-E5oH29/softhsm2-test-root-CA-trusted-certificate-0001 803s + key_file=/tmp/sssd-softhsm2-E5oH29/test-root-CA-trusted-certificate-0001-key.pem 803s + decrypted_key=/tmp/sssd-softhsm2-E5oH29/test-root-CA-trusted-certificate-0001-key-decrypted.pem 803s + cat 803s + softhsm2-util --init-token --label 'Test Organization Root Tr Token' --pin 053350 --so-pin 053350 --free 803s Slot 0 has a free/uninitialized token. 803s The token has been initialized and is reassigned to slot 740361052 803s + softhsm2-util --show-slots 803s Available slots: 803s Slot 740361052 803s Slot info: 803s Description: SoftHSM slot ID 0x2c21035c 803s Manufacturer ID: SoftHSM project 803s Hardware version: 2.6 803s Firmware version: 2.6 803s Token present: yes 803s Token info: 803s Manufacturer ID: SoftHSM project 803s Model: SoftHSM v2 803s Hardware version: 2.6 803s Firmware version: 2.6 803s Serial number: d88ad9af2c21035c 803s Initialized: yes 803s User PIN init.: yes 803s Label: Test Organization Root Tr Token 803s Slot 1 803s Slot info: 803s Description: SoftHSM slot ID 0x1 803s Manufacturer ID: SoftHSM project 803s Hardware version: 2.6 803s Firmware version: 2.6 803s Token present: yes 803s Token info: 803s Manufacturer ID: SoftHSM project 803s Model: SoftHSM v2 803s Hardware version: 2.6 803s Firmware version: 2.6 803s Serial number: 803s Initialized: no 803s User PIN init.: no 803s Label: 803s + p11tool --provider=/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so --write --no-mark-private --load-certificate=/tmp/sssd-softhsm2-E5oH29/test-root-CA-trusted-certificate-0001.pem --login --set-pin=053350 --label 'Test Organization Root Trusted Certificate 0001' --id 00112233445566778899FFAABBCCDDEEFF012345 803s + openssl rsa -passin pass:random-root-ca-trusted-cert-0001-3473 -in /tmp/sssd-softhsm2-E5oH29/test-root-CA-trusted-certificate-0001-key.pem -out /tmp/sssd-softhsm2-E5oH29/test-root-CA-trusted-certificate-0001-key-decrypted.pem 803s writing RSA key 803s + p11tool --provider=/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so --write --load-privkey=/tmp/sssd-softhsm2-E5oH29/test-root-CA-trusted-certificate-0001-key-decrypted.pem --login --set-pin=053350 --label 'Test Organization Root Trusted Certificate 0001 Key' --id 00112233445566778899FFAABBCCDDEEFF012345 803s + rm /tmp/sssd-softhsm2-E5oH29/test-root-CA-trusted-certificate-0001-key-decrypted.pem 803s + p11tool --provider=/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so --list-all 803s Object 0: 803s URL: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=d88ad9af2c21035c;token=Test%20Organization%20Root%20Tr%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Root%20Trusted%20Certificate%200001;type=cert 803s Type: X.509 Certificate (RSA-1024) 803s Expires: Sat Nov 29 21:11:39 2025 803s Label: Test Organization Root Trusted Certificate 0001 803s ID: 00:11:22:33:44:55:66:77:88:99:ff:aa:bb:cc:dd:ee:ff:01:23:45 803s 803s + echo 'Test Organization Root Tr Token' 803s + '[' -n '' ']' 803s + local output_base_name=SSSD-child-14872 803s + local output_file=/tmp/sssd-softhsm2-E5oH29/SSSD-child-14872.output 803s + output_cert_file=/tmp/sssd-softhsm2-E5oH29/SSSD-child-14872.pem 803s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so '' --ca_db=/dev/null 803s Test Organization Root Tr Token 803s [p11_child[1551]] [main] (0x0400): p11_child started. 803s [p11_child[1551]] [main] (0x2000): Running in [pre-auth] mode. 803s [p11_child[1551]] [main] (0x2000): Running with effective IDs: [0][0]. 803s [p11_child[1551]] [main] (0x2000): Running with real IDs [0][0]. 803s [p11_child[1551]] [init_verification] (0x0040): X509_LOOKUP_load_file [/dev/null] failed [92274824][error:05800088:x509 certificate routines::no certificate or crl found]. 803s [p11_child[1551]] [do_work] (0x0040): init_verification failed. 803s [p11_child[1551]] [main] (0x0020): p11_child failed (5) 803s + return 2 803s + valid_certificate /tmp/sssd-softhsm2-E5oH29/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-3473 /dev/null no_verification 803s + check_certificate /tmp/sssd-softhsm2-E5oH29/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-3473 /dev/null no_verification 803s + local certificate=/tmp/sssd-softhsm2-E5oH29/test-root-CA-trusted-certificate-0001.pem 803s + local key_pass=pass:random-root-ca-trusted-cert-0001-3473 803s + local key_ring=/dev/null 803s + local verify_option=no_verification 803s + prepare_softhsm2_card /tmp/sssd-softhsm2-E5oH29/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-3473 803s + local certificate=/tmp/sssd-softhsm2-E5oH29/test-root-CA-trusted-certificate-0001.pem 803s + local key_pass=pass:random-root-ca-trusted-cert-0001-3473 803s + local key_cn 803s + local key_name 803s + local tokens_dir 803s + local output_cert_file 803s + token_name= 803s ++ basename /tmp/sssd-softhsm2-E5oH29/test-root-CA-trusted-certificate-0001.pem .pem 803s + key_name=test-root-CA-trusted-certificate-0001 803s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-E5oH29/test-root-CA-trusted-certificate-0001.pem 803s ++ sed -n 's/ *commonName *= //p' 803s + key_cn='Test Organization Root Trusted Certificate 0001' 803s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 803s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-E5oH29/softhsm2-test-root-CA-trusted-certificate-0001.conf 803s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-E5oH29/softhsm2-test-root-CA-trusted-certificate-0001.conf 803s ++ basename /tmp/sssd-softhsm2-E5oH29/softhsm2-test-root-CA-trusted-certificate-0001.conf .conf 803s + tokens_dir=/tmp/sssd-softhsm2-E5oH29/softhsm2-test-root-CA-trusted-certificate-0001 803s + token_name='Test Organization Root Tr Token' 803s + '[' '!' -e /tmp/sssd-softhsm2-E5oH29/softhsm2-test-root-CA-trusted-certificate-0001.conf ']' 803s + '[' '!' -d /tmp/sssd-softhsm2-E5oH29/softhsm2-test-root-CA-trusted-certificate-0001 ']' 803s + echo 'Test Organization Root Tr Token' 803s + '[' -n no_verification ']' 803s + local verify_arg=--verify=no_verification 803s + local output_base_name=SSSD-child-11847 803s + local output_file=/tmp/sssd-softhsm2-E5oH29/SSSD-child-11847.output 803s + output_cert_file=/tmp/sssd-softhsm2-E5oH29/SSSD-child-11847.pem 803s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so --verify=no_verification --ca_db=/dev/null 803s Test Organization Root Tr Token 803s [p11_child[1557]] [main] (0x0400): p11_child started. 803s [p11_child[1557]] [main] (0x2000): Running in [pre-auth] mode. 803s [p11_child[1557]] [main] (0x2000): Running with effective IDs: [0][0]. 803s [p11_child[1557]] [main] (0x2000): Running with real IDs [0][0]. 803s [p11_child[1557]] [parse_cert_verify_opts] (0x0020): Found 'no_verification' option, disabling verification completely. This should not be used in production. 803s [p11_child[1557]] [do_card] (0x4000): Module List: 803s [p11_child[1557]] [do_card] (0x4000): common name: [softhsm2]. 803s [p11_child[1557]] [do_card] (0x4000): dll name: [/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so]. 803s [p11_child[1557]] [do_card] (0x4000): Description [SoftHSM slot ID 0x2c21035c] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 803s [p11_child[1557]] [do_card] (0x4000): Token label [Test Organization Root Tr Token]. 803s [p11_child[1557]] [do_card] (0x4000): Found [Test Organization Root Tr Token] in slot [SoftHSM slot ID 0x2c21035c][740361052] of module [0][/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so]. 803s [p11_child[1557]] [do_card] (0x4000): Login NOT required. 803s [p11_child[1557]] [read_certs] (0x4000): found cert[Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] 803s [p11_child[1557]] [do_card] (0x4000): /usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so /usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so (null) Test Organization Root Tr Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 803s [p11_child[1557]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x2c21035c;slot-manufacturer=SoftHSM%20project;slot-id=740361052;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=d88ad9af2c21035c;token=Test%20Organization%20Root%20Tr%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Root%20Trusted%20Certificate%200001;type=cert. 803s [p11_child[1557]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 803s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-E5oH29/SSSD-child-11847.output 803s + echo '-----BEGIN CERTIFICATE-----' 803s + tail -n1 /tmp/sssd-softhsm2-E5oH29/SSSD-child-11847.output 803s + echo '-----END CERTIFICATE-----' 803s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-E5oH29/SSSD-child-11847.pem 803s + local found_md5 expected_md5 803s Certificate: 803s Data: 803s Version: 3 (0x2) 803s Serial Number: 3 (0x3) 803s Signature Algorithm: sha256WithRSAEncryption 803s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root CA 803s Validity 803s Not Before: Nov 29 21:11:39 2024 GMT 803s Not After : Nov 29 21:11:39 2025 GMT 803s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root Trusted Certificate 0001 803s Subject Public Key Info: 803s Public Key Algorithm: rsaEncryption 803s Public-Key: (1024 bit) 803s Modulus: 803s 00:9c:b7:dc:3e:b9:41:37:13:73:28:01:af:2e:01: 803s 94:68:77:a3:47:aa:70:77:85:fc:2c:6c:37:37:91: 803s 76:2d:96:6c:26:c1:0c:ae:82:04:b8:d3:0f:94:40: 803s 84:25:dc:91:ca:53:c4:5b:42:fc:f4:1e:45:b6:94: 803s 7a:b6:cf:66:41:2f:ec:82:48:9c:5d:a4:49:b0:bf: 803s 79:1c:8b:9a:bb:14:2b:a5:2f:8b:eb:67:f0:a9:1c: 803s d7:7f:04:c7:3c:c5:7c:99:a2:a6:61:43:12:e2:f5: 803s 69:30:5f:e0:21:3e:d7:6e:92:b7:03:b6:fe:45:e3: 803s 9c:04:ec:f3:20:1e:dd:1c:8b 803s Exponent: 65537 (0x10001) 803s X509v3 extensions: 803s X509v3 Authority Key Identifier: 803s AC:6C:80:5C:9D:6C:D2:33:3A:A8:88:D8:C9:AB:2F:E0:DA:8C:E1:F2 803s X509v3 Basic Constraints: 803s CA:FALSE 803s Netscape Cert Type: 803s SSL Client, S/MIME 803s Netscape Comment: 803s Test Organization Root CA trusted Certificate 803s X509v3 Subject Key Identifier: 803s D5:B2:13:8F:08:D1:02:00:53:38:1F:75:9C:23:46:F0:1D:9E:AA:C2 803s X509v3 Key Usage: critical 803s Digital Signature, Non Repudiation, Key Encipherment 803s X509v3 Extended Key Usage: 803s TLS Web Client Authentication, E-mail Protection 803s X509v3 Subject Alternative Name: 803s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 803s Signature Algorithm: sha256WithRSAEncryption 803s Signature Value: 803s d9:ce:3d:cf:eb:f5:67:fa:bd:55:94:f0:54:0b:a1:59:f7:76: 803s 7c:31:0e:b9:28:64:54:f1:19:31:76:95:40:13:6e:9b:25:65: 803s 38:ab:ab:56:a5:3a:0b:20:83:7e:b4:d3:ef:c0:3c:0e:23:6a: 803s 51:04:f0:29:1d:a9:d6:4e:17:79:8c:8c:6b:6f:00:cc:f5:9f: 803s 8d:f9:30:00:0d:f6:c6:f8:37:fb:e0:60:b7:c5:18:32:ee:f4: 803s 34:c4:0f:ad:59:c7:b4:d3:2a:6b:20:9d:25:48:bd:e8:29:e9: 803s cb:48:3c:0c:79:65:f6:4b:c6:c7:d9:b5:78:2e:1c:20:67:1d: 803s 51:90 803s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-E5oH29/test-root-CA-trusted-certificate-0001.pem 803s + expected_md5=Modulus=9CB7DC3EB9413713732801AF2E01946877A347AA707785FC2C6C373791762D966C26C10CAE8204B8D30F94408425DC91CA53C45B42FCF41E45B6947AB6CF66412FEC82489C5DA449B0BF791C8B9ABB142BA52F8BEB67F0A91CD77F04C73CC57C99A2A6614312E2F569305FE0213ED76E92B703B6FE45E39C04ECF3201EDD1C8B 803s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-E5oH29/SSSD-child-11847.pem 803s + found_md5=Modulus=9CB7DC3EB9413713732801AF2E01946877A347AA707785FC2C6C373791762D966C26C10CAE8204B8D30F94408425DC91CA53C45B42FCF41E45B6947AB6CF66412FEC82489C5DA449B0BF791C8B9ABB142BA52F8BEB67F0A91CD77F04C73CC57C99A2A6614312E2F569305FE0213ED76E92B703B6FE45E39C04ECF3201EDD1C8B 803s + '[' Modulus=9CB7DC3EB9413713732801AF2E01946877A347AA707785FC2C6C373791762D966C26C10CAE8204B8D30F94408425DC91CA53C45B42FCF41E45B6947AB6CF66412FEC82489C5DA449B0BF791C8B9ABB142BA52F8BEB67F0A91CD77F04C73CC57C99A2A6614312E2F569305FE0213ED76E92B703B6FE45E39C04ECF3201EDD1C8B '!=' Modulus=9CB7DC3EB9413713732801AF2E01946877A347AA707785FC2C6C373791762D966C26C10CAE8204B8D30F94408425DC91CA53C45B42FCF41E45B6947AB6CF66412FEC82489C5DA449B0BF791C8B9ABB142BA52F8BEB67F0A91CD77F04C73CC57C99A2A6614312E2F569305FE0213ED76E92B703B6FE45E39C04ECF3201EDD1C8B ']' 803s + output_file=/tmp/sssd-softhsm2-E5oH29/SSSD-child-11847-auth.output 803s ++ basename /tmp/sssd-softhsm2-E5oH29/SSSD-child-11847-auth.output .output 803s + output_cert_file=/tmp/sssd-softhsm2-E5oH29/SSSD-child-11847-auth.pem 803s + echo -n 053350 803s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/dev/null --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 --verify=no_verification --token_name 'Test Organization Root Tr Token' --module_name /usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so 803s [p11_child[1565]] [main] (0x0400): p11_child started. 803s [p11_child[1565]] [main] (0x2000): Running in [auth] mode. 803s [p11_child[1565]] [main] (0x2000): Running with effective IDs: [0][0]. 803s [p11_child[1565]] [main] (0x2000): Running with real IDs [0][0]. 803s [p11_child[1565]] [parse_cert_verify_opts] (0x0020): Found 'no_verification' option, disabling verification completely. This should not be used in production. 803s [p11_child[1565]] [do_card] (0x4000): Module List: 803s [p11_child[1565]] [do_card] (0x4000): common name: [softhsm2]. 803s [p11_child[1565]] [do_card] (0x4000): dll name: [/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so]. 803s [p11_child[1565]] [do_card] (0x4000): Description [SoftHSM slot ID 0x2c21035c] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 803s [p11_child[1565]] [do_card] (0x4000): Token label [Test Organization Root Tr Token]. 803s [p11_child[1565]] [do_card] (0x4000): Found [Test Organization Root Tr Token] in slot [SoftHSM slot ID 0x2c21035c][740361052] of module [0][/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so]. 803s [p11_child[1565]] [do_card] (0x4000): Login required. 803s [p11_child[1565]] [read_certs] (0x4000): found cert[Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] 803s [p11_child[1565]] [do_card] (0x4000): /usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so /usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so Test Organization Root Tr Token Test Organization Root Tr Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 803s [p11_child[1565]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x2c21035c;slot-manufacturer=SoftHSM%20project;slot-id=740361052;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=d88ad9af2c21035c;token=Test%20Organization%20Root%20Tr%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Root%20Trusted%20Certificate%200001;type=cert. 803s [p11_child[1565]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 803s [p11_child[1565]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 803s [p11_child[1565]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 803s [p11_child[1565]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 803s [p11_child[1565]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 803s [p11_child[1565]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 803s [p11_child[1565]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 803s [p11_child[1565]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 803s [p11_child[1565]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 803s [p11_child[1565]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 803s [p11_child[1565]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 803s [p11_child[1565]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 803s [p11_child[1565]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 803s [p11_child[1565]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 803s [p11_child[1565]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 803s [p11_child[1565]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 803s [p11_child[1565]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 803s [p11_child[1565]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 803s [p11_child[1565]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 803s [p11_child[1565]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 803s [p11_child[1565]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 803s [p11_child[1565]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 803s [p11_child[1565]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 803s [p11_child[1565]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 803s [p11_child[1565]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 803s [p11_child[1565]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 803s [p11_child[1565]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 803s [p11_child[1565]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 803s [p11_child[1565]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 803s [p11_child[1565]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 803s [p11_child[1565]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 803s [p11_child[1565]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 803s [p11_child[1565]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 803s [p11_child[1565]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 803s [p11_child[1565]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 803s [p11_child[1565]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 803s [p11_child[1565]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 803s [p11_child[1565]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 803s [p11_child[1565]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 803s [p11_child[1565]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 803s [p11_child[1565]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 803s [p11_child[1565]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 803s [p11_child[1565]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 803s [p11_child[1565]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 803s [p11_child[1565]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 803s [p11_child[1565]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 803s [p11_child[1565]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 803s [p11_child[1565]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 803s [p11_child[1565]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 803s [p11_child[1565]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 803s [p11_child[1565]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 803s [p11_child[1565]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 803s [p11_child[1565]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 803s [p11_child[1565]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 803s [p11_child[1565]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 803s [p11_child[1565]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 803s [p11_child[1565]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 803s [p11_child[1565]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 803s [p11_child[1565]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 803s [p11_child[1565]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 803s [p11_child[1565]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 803s [p11_child[1565]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 803s [p11_child[1565]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 803s [p11_child[1565]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 803s [p11_child[1565]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 803s [p11_child[1565]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 803s [p11_child[1565]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 803s [p11_child[1565]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 803s [p11_child[1565]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 803s [p11_child[1565]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 803s [p11_child[1565]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 803s [p11_child[1565]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 803s [p11_child[1565]] [do_card] (0x4000): Certificate verified and validated. 803s [p11_child[1565]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 803s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-E5oH29/SSSD-child-11847-auth.output 803s + echo '-----BEGIN CERTIFICATE-----' 803s + tail -n1 /tmp/sssd-softhsm2-E5oH29/SSSD-child-11847-auth.output 803s + echo '-----END CERTIFICATE-----' 803s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-E5oH29/SSSD-child-11847-auth.pem 804s Certificate: 804s Data: 804s Version: 3 (0x2) 804s Serial Number: 3 (0x3) 804s Signature Algorithm: sha256WithRSAEncryption 804s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root CA 804s Validity 804s Not Before: Nov 29 21:11:39 2024 GMT 804s Not After : Nov 29 21:11:39 2025 GMT 804s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root Trusted Certificate 0001 804s Subject Public Key Info: 804s Public Key Algorithm: rsaEncryption 804s Public-Key: (1024 bit) 804s Modulus: 804s 00:9c:b7:dc:3e:b9:41:37:13:73:28:01:af:2e:01: 804s 94:68:77:a3:47:aa:70:77:85:fc:2c:6c:37:37:91: 804s 76:2d:96:6c:26:c1:0c:ae:82:04:b8:d3:0f:94:40: 804s 84:25:dc:91:ca:53:c4:5b:42:fc:f4:1e:45:b6:94: 804s 7a:b6:cf:66:41:2f:ec:82:48:9c:5d:a4:49:b0:bf: 804s 79:1c:8b:9a:bb:14:2b:a5:2f:8b:eb:67:f0:a9:1c: 804s d7:7f:04:c7:3c:c5:7c:99:a2:a6:61:43:12:e2:f5: 804s 69:30:5f:e0:21:3e:d7:6e:92:b7:03:b6:fe:45:e3: 804s 9c:04:ec:f3:20:1e:dd:1c:8b 804s Exponent: 65537 (0x10001) 804s X509v3 extensions: 804s X509v3 Authority Key Identifier: 804s AC:6C:80:5C:9D:6C:D2:33:3A:A8:88:D8:C9:AB:2F:E0:DA:8C:E1:F2 804s X509v3 Basic Constraints: 804s CA:FALSE 804s Netscape Cert Type: 804s SSL Client, S/MIME 804s Netscape Comment: 804s Test Organization Root CA trusted Certificate 804s X509v3 Subject Key Identifier: 804s D5:B2:13:8F:08:D1:02:00:53:38:1F:75:9C:23:46:F0:1D:9E:AA:C2 804s X509v3 Key Usage: critical 804s Digital Signature, Non Repudiation, Key Encipherment 804s X509v3 Extended Key Usage: 804s TLS Web Client Authentication, E-mail Protection 804s X509v3 Subject Alternative Name: 804s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 804s Signature Algorithm: sha256WithRSAEncryption 804s Signature Value: 804s d9:ce:3d:cf:eb:f5:67:fa:bd:55:94:f0:54:0b:a1:59:f7:76: 804s 7c:31:0e:b9:28:64:54:f1:19:31:76:95:40:13:6e:9b:25:65: 804s 38:ab:ab:56:a5:3a:0b:20:83:7e:b4:d3:ef:c0:3c:0e:23:6a: 804s 51:04:f0:29:1d:a9:d6:4e:17:79:8c:8c:6b:6f:00:cc:f5:9f: 804s 8d:f9:30:00:0d:f6:c6:f8:37:fb:e0:60:b7:c5:18:32:ee:f4: 804s 34:c4:0f:ad:59:c7:b4:d3:2a:6b:20:9d:25:48:bd:e8:29:e9: 804s cb:48:3c:0c:79:65:f6:4b:c6:c7:d9:b5:78:2e:1c:20:67:1d: 804s 51:90 804s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-E5oH29/SSSD-child-11847-auth.pem 804s + found_md5=Modulus=9CB7DC3EB9413713732801AF2E01946877A347AA707785FC2C6C373791762D966C26C10CAE8204B8D30F94408425DC91CA53C45B42FCF41E45B6947AB6CF66412FEC82489C5DA449B0BF791C8B9ABB142BA52F8BEB67F0A91CD77F04C73CC57C99A2A6614312E2F569305FE0213ED76E92B703B6FE45E39C04ECF3201EDD1C8B 804s + '[' Modulus=9CB7DC3EB9413713732801AF2E01946877A347AA707785FC2C6C373791762D966C26C10CAE8204B8D30F94408425DC91CA53C45B42FCF41E45B6947AB6CF66412FEC82489C5DA449B0BF791C8B9ABB142BA52F8BEB67F0A91CD77F04C73CC57C99A2A6614312E2F569305FE0213ED76E92B703B6FE45E39C04ECF3201EDD1C8B '!=' Modulus=9CB7DC3EB9413713732801AF2E01946877A347AA707785FC2C6C373791762D966C26C10CAE8204B8D30F94408425DC91CA53C45B42FCF41E45B6947AB6CF66412FEC82489C5DA449B0BF791C8B9ABB142BA52F8BEB67F0A91CD77F04C73CC57C99A2A6614312E2F569305FE0213ED76E92B703B6FE45E39C04ECF3201EDD1C8B ']' 804s + valid_certificate /tmp/sssd-softhsm2-E5oH29/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-3473 /tmp/sssd-softhsm2-E5oH29/test-root-CA.pem 804s + check_certificate /tmp/sssd-softhsm2-E5oH29/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-3473 /tmp/sssd-softhsm2-E5oH29/test-root-CA.pem 804s + local certificate=/tmp/sssd-softhsm2-E5oH29/test-root-CA-trusted-certificate-0001.pem 804s + local key_pass=pass:random-root-ca-trusted-cert-0001-3473 804s + local key_ring=/tmp/sssd-softhsm2-E5oH29/test-root-CA.pem 804s + local verify_option= 804s + prepare_softhsm2_card /tmp/sssd-softhsm2-E5oH29/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-3473 804s + local certificate=/tmp/sssd-softhsm2-E5oH29/test-root-CA-trusted-certificate-0001.pem 804s + local key_pass=pass:random-root-ca-trusted-cert-0001-3473 804s + local key_cn 804s + local key_name 804s + local tokens_dir 804s + local output_cert_file 804s + token_name= 804s ++ basename /tmp/sssd-softhsm2-E5oH29/test-root-CA-trusted-certificate-0001.pem .pem 804s + key_name=test-root-CA-trusted-certificate-0001 804s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-E5oH29/test-root-CA-trusted-certificate-0001.pem 804s ++ sed -n 's/ *commonName *= //p' 804s Test Organization Root Tr Token 804s Certificate: 804s Data: 804s Version: 3 (0x2) 804s Serial Number: 3 (0x3) 804s Signature Algorithm: sha256WithRSAEncryption 804s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root CA 804s Validity 804s Not Before: Nov 29 21:11:39 2024 GMT 804s Not After : Nov 29 21:11:39 2025 GMT 804s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root Trusted Certificate 0001 804s Subject Public Key Info: 804s Public Key Algorithm: rsaEncryption 804s Public-Key: (1024 bit) 804s Modulus: 804s 00:9c:b7:dc:3e:b9:41:37:13:73:28:01:af:2e:01: 804s 94:68:77:a3:47:aa:70:77:85:fc:2c:6c:37:37:91: 804s 76:2d:96:6c:26:c1:0c:ae:82:04:b8:d3:0f:94:40: 804s 84:25:dc:91:ca:53:c4:5b:42:fc:f4:1e:45:b6:94: 804s 7a:b6:cf:66:41:2f:ec:82:48:9c:5d:a4:49:b0:bf: 804s 79:1c:8b:9a:bb:14:2b:a5:2f:8b:eb:67:f0:a9:1c: 804s d7:7f:04:c7:3c:c5:7c:99:a2:a6:61:43:12:e2:f5: 804s 69:30:5f:e0:21:3e:d7:6e:92:b7:03:b6:fe:45:e3: 804s 9c:04:ec:f3:20:1e:dd:1c:8b 804s Exponent: 65537 (0x10001) 804s X509v3 extensions: 804s X509v3 Authority Key Identifier: 804s AC:6C:80:5C:9D:6C:D2:33:3A:A8:88:D8:C9:AB:2F:E0:DA:8C:E1:F2 804s X509v3 Basic Constraints: 804s CA:FALSE 804s Netscape Cert Type: 804s SSL Client, S/MIME 804s Netscape Comment: 804s Test Organization Root CA trusted Certificate 804s X509v3 Subject Key Identifier: 804s D5:B2:13:8F:08:D1:02:00:53:38:1F:75:9C:23:46:F0:1D:9E:AA:C2 804s X509v3 Key Usage: critical 804s Digital Signature, Non Repudiation, Key Encipherment 804s X509v3 Extended Key Usage: 804s TLS Web Client Authentication, E-mail Protection 804s X509v3 Subject Alternative Name: 804s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 804s Signature Algorithm: sha256WithRSAEncryption 804s Signature Value: 804s d9:ce:3d:cf:eb:f5:67:fa:bd:55:94:f0:54:0b:a1:59:f7:76: 804s 7c:31:0e:b9:28:64:54:f1:19:31:76:95:40:13:6e:9b:25:65: 804s 38:ab:ab:56:a5:3a:0b:20:83:7e:b4:d3:ef:c0:3c:0e:23:6a: 804s 51:04:f0:29:1d:a9:d6:4e:17:79:8c:8c:6b:6f:00:cc:f5:9f: 804s 8d:f9:30:00:0d:f6:c6:f8:37:fb:e0:60:b7:c5:18:32:ee:f4: 804s 34:c4:0f:ad:59:c7:b4:d3:2a:6b:20:9d:25:48:bd:e8:29:e9: 804s cb:48:3c:0c:79:65:f6:4b:c6:c7:d9:b5:78:2e:1c:20:67:1d: 804s 51:90 804s + key_cn='Test Organization Root Trusted Certificate 0001' 804s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 804s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-E5oH29/softhsm2-test-root-CA-trusted-certificate-0001.conf 804s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-E5oH29/softhsm2-test-root-CA-trusted-certificate-0001.conf 804s ++ basename /tmp/sssd-softhsm2-E5oH29/softhsm2-test-root-CA-trusted-certificate-0001.conf .conf 804s + tokens_dir=/tmp/sssd-softhsm2-E5oH29/softhsm2-test-root-CA-trusted-certificate-0001 804s + token_name='Test Organization Root Tr Token' 804s + '[' '!' -e /tmp/sssd-softhsm2-E5oH29/softhsm2-test-root-CA-trusted-certificate-0001.conf ']' 804s + '[' '!' -d /tmp/sssd-softhsm2-E5oH29/softhsm2-test-root-CA-trusted-certificate-0001 ']' 804s + echo 'Test Organization Root Tr Token' 804s + '[' -n '' ']' 804s + local output_base_name=SSSD-child-16898 804s + local output_file=/tmp/sssd-softhsm2-E5oH29/SSSD-child-16898.output 804s + output_cert_file=/tmp/sssd-softhsm2-E5oH29/SSSD-child-16898.pem 804s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so '' --ca_db=/tmp/sssd-softhsm2-E5oH29/test-root-CA.pem 804s [p11_child[1575]] [main] (0x0400): p11_child started. 804s [p11_child[1575]] [main] (0x2000): Running in [pre-auth] mode. 804s [p11_child[1575]] [main] (0x2000): Running with effective IDs: [0][0]. 804s [p11_child[1575]] [main] (0x2000): Running with real IDs [0][0]. 804s [p11_child[1575]] [do_card] (0x4000): Module List: 804s [p11_child[1575]] [do_card] (0x4000): common name: [softhsm2]. 804s [p11_child[1575]] [do_card] (0x4000): dll name: [/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so]. 804s [p11_child[1575]] [do_card] (0x4000): Description [SoftHSM slot ID 0x2c21035c] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 804s [p11_child[1575]] [do_card] (0x4000): Token label [Test Organization Root Tr Token]. 804s [p11_child[1575]] [do_card] (0x4000): Found [Test Organization Root Tr Token] in slot [SoftHSM slot ID 0x2c21035c][740361052] of module [0][/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so]. 804s [p11_child[1575]] [do_card] (0x4000): Login NOT required. 804s [p11_child[1575]] [read_certs] (0x4000): found cert[Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] 804s [p11_child[1575]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 804s [p11_child[1575]] [do_card] (0x4000): /usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so /usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so (null) Test Organization Root Tr Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 804s [p11_child[1575]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x2c21035c;slot-manufacturer=SoftHSM%20project;slot-id=740361052;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=d88ad9af2c21035c;token=Test%20Organization%20Root%20Tr%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Root%20Trusted%20Certificate%200001;type=cert. 804s [p11_child[1575]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 804s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-E5oH29/SSSD-child-16898.output 804s + echo '-----BEGIN CERTIFICATE-----' 804s + tail -n1 /tmp/sssd-softhsm2-E5oH29/SSSD-child-16898.output 804s + echo '-----END CERTIFICATE-----' 804s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-E5oH29/SSSD-child-16898.pem 804s + local found_md5 expected_md5 804s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-E5oH29/test-root-CA-trusted-certificate-0001.pem 804s + expected_md5=Modulus=9CB7DC3EB9413713732801AF2E01946877A347AA707785FC2C6C373791762D966C26C10CAE8204B8D30F94408425DC91CA53C45B42FCF41E45B6947AB6CF66412FEC82489C5DA449B0BF791C8B9ABB142BA52F8BEB67F0A91CD77F04C73CC57C99A2A6614312E2F569305FE0213ED76E92B703B6FE45E39C04ECF3201EDD1C8B 804s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-E5oH29/SSSD-child-16898.pem 804s + found_md5=Modulus=9CB7DC3EB9413713732801AF2E01946877A347AA707785FC2C6C373791762D966C26C10CAE8204B8D30F94408425DC91CA53C45B42FCF41E45B6947AB6CF66412FEC82489C5DA449B0BF791C8B9ABB142BA52F8BEB67F0A91CD77F04C73CC57C99A2A6614312E2F569305FE0213ED76E92B703B6FE45E39C04ECF3201EDD1C8B 804s + '[' Modulus=9CB7DC3EB9413713732801AF2E01946877A347AA707785FC2C6C373791762D966C26C10CAE8204B8D30F94408425DC91CA53C45B42FCF41E45B6947AB6CF66412FEC82489C5DA449B0BF791C8B9ABB142BA52F8BEB67F0A91CD77F04C73CC57C99A2A6614312E2F569305FE0213ED76E92B703B6FE45E39C04ECF3201EDD1C8B '!=' Modulus=9CB7DC3EB9413713732801AF2E01946877A347AA707785FC2C6C373791762D966C26C10CAE8204B8D30F94408425DC91CA53C45B42FCF41E45B6947AB6CF66412FEC82489C5DA449B0BF791C8B9ABB142BA52F8BEB67F0A91CD77F04C73CC57C99A2A6614312E2F569305FE0213ED76E92B703B6FE45E39C04ECF3201EDD1C8B ']' 804s + output_file=/tmp/sssd-softhsm2-E5oH29/SSSD-child-16898-auth.output 804s ++ basename /tmp/sssd-softhsm2-E5oH29/SSSD-child-16898-auth.output .output 804s + output_cert_file=/tmp/sssd-softhsm2-E5oH29/SSSD-child-16898-auth.pem 804s + echo -n 053350 804s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/tmp/sssd-softhsm2-E5oH29/test-root-CA.pem --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 '' --token_name 'Test Organization Root Tr Token' --module_name /usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so 804s [p11_child[1583]] [main] (0x0400): p11_child started. 804s [p11_child[1583]] [main] (0x2000): Running in [auth] mode. 804s [p11_child[1583]] [main] (0x2000): Running with effective IDs: [0][0]. 804s [p11_child[1583]] [main] (0x2000): Running with real IDs [0][0]. 804s [p11_child[1583]] [do_card] (0x4000): Module List: 804s [p11_child[1583]] [do_card] (0x4000): common name: [softhsm2]. 804s [p11_child[1583]] [do_card] (0x4000): dll name: [/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so]. 804s [p11_child[1583]] [do_card] (0x4000): Description [SoftHSM slot ID 0x2c21035c] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 804s [p11_child[1583]] [do_card] (0x4000): Token label [Test Organization Root Tr Token]. 804s [p11_child[1583]] [do_card] (0x4000): Found [Test Organization Root Tr Token] in slot [SoftHSM slot ID 0x2c21035c][740361052] of module [0][/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so]. 804s [p11_child[1583]] [do_card] (0x4000): Login required. 804s [p11_child[1583]] [read_certs] (0x4000): found cert[Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] 804s [p11_child[1583]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 804s [p11_child[1583]] [do_card] (0x4000): /usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so /usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so Test Organization Root Tr Token Test Organization Root Tr Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 804s [p11_child[1583]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x2c21035c;slot-manufacturer=SoftHSM%20project;slot-id=740361052;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=d88ad9af2c21035c;token=Test%20Organization%20Root%20Tr%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Root%20Trusted%20Certificate%200001;type=cert. 804s [p11_child[1583]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 804s [p11_child[1583]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 804s [p11_child[1583]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 804s [p11_child[1583]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 804s [p11_child[1583]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 804s [p11_child[1583]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 804s [p11_child[1583]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 804s [p11_child[1583]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 804s [p11_child[1583]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 804s [p11_child[1583]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 804s [p11_child[1583]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 804s [p11_child[1583]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 804s [p11_child[1583]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 804s [p11_child[1583]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 804s [p11_child[1583]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 804s [p11_child[1583]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 804s [p11_child[1583]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 804s [p11_child[1583]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 804s [p11_child[1583]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 804s [p11_child[1583]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 804s [p11_child[1583]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 804s [p11_child[1583]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 804s [p11_child[1583]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 804s [p11_child[1583]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 804s [p11_child[1583]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 804s [p11_child[1583]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 804s [p11_child[1583]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 804s [p11_child[1583]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 804s [p11_child[1583]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 804s [p11_child[1583]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 804s [p11_child[1583]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 804s [p11_child[1583]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 804s [p11_child[1583]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 804s [p11_child[1583]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 804s [p11_child[1583]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 804s [p11_child[1583]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 804s [p11_child[1583]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 804s [p11_child[1583]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 804s [p11_child[1583]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 804s [p11_child[1583]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 804s [p11_child[1583]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 804s [p11_child[1583]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 804s [p11_child[1583]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 804s [p11_child[1583]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 804s [p11_child[1583]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 804s [p11_child[1583]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 804s [p11_child[1583]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 804s [p11_child[1583]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 804s [p11_child[1583]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 804s [p11_child[1583]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 804s [p11_child[1583]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 804s [p11_child[1583]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 804s [p11_child[1583]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 804s [p11_child[1583]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 804s [p11_child[1583]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 804s [p11_child[1583]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 804s [p11_child[1583]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 804s [p11_child[1583]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 804s [p11_child[1583]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 804s [p11_child[1583]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 804s [p11_child[1583]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 804s [p11_child[1583]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 804s [p11_child[1583]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 804s [p11_child[1583]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 804s [p11_child[1583]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 804s [p11_child[1583]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 804s [p11_child[1583]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 804s [p11_child[1583]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 804s [p11_child[1583]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 804s [p11_child[1583]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 804s [p11_child[1583]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 804s [p11_child[1583]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 804s [p11_child[1583]] [do_card] (0x4000): Certificate verified and validated. 804s [p11_child[1583]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 804s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-E5oH29/SSSD-child-16898-auth.output 804s + echo '-----BEGIN CERTIFICATE-----' 804s + tail -n1 /tmp/sssd-softhsm2-E5oH29/SSSD-child-16898-auth.output 804s + echo '-----END CERTIFICATE-----' 804s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-E5oH29/SSSD-child-16898-auth.pem 804s Certificate: 804s Data: 804s Version: 3 (0x2) 804s Serial Number: 3 (0x3) 804s Signature Algorithm: sha256WithRSAEncryption 804s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root CA 804s Validity 804s Not Before: Nov 29 21:11:39 2024 GMT 804s Not After : Nov 29 21:11:39 2025 GMT 804s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root Trusted Certificate 0001 804s Subject Public Key Info: 804s Public Key Algorithm: rsaEncryption 804s Public-Key: (1024 bit) 804s Modulus: 804s 00:9c:b7:dc:3e:b9:41:37:13:73:28:01:af:2e:01: 804s 94:68:77:a3:47:aa:70:77:85:fc:2c:6c:37:37:91: 804s 76:2d:96:6c:26:c1:0c:ae:82:04:b8:d3:0f:94:40: 804s 84:25:dc:91:ca:53:c4:5b:42:fc:f4:1e:45:b6:94: 804s 7a:b6:cf:66:41:2f:ec:82:48:9c:5d:a4:49:b0:bf: 804s 79:1c:8b:9a:bb:14:2b:a5:2f:8b:eb:67:f0:a9:1c: 804s d7:7f:04:c7:3c:c5:7c:99:a2:a6:61:43:12:e2:f5: 804s 69:30:5f:e0:21:3e:d7:6e:92:b7:03:b6:fe:45:e3: 804s 9c:04:ec:f3:20:1e:dd:1c:8b 804s Exponent: 65537 (0x10001) 804s X509v3 extensions: 804s X509v3 Authority Key Identifier: 804s AC:6C:80:5C:9D:6C:D2:33:3A:A8:88:D8:C9:AB:2F:E0:DA:8C:E1:F2 804s X509v3 Basic Constraints: 804s CA:FALSE 804s Netscape Cert Type: 804s SSL Client, S/MIME 804s Netscape Comment: 804s Test Organization Root CA trusted Certificate 804s X509v3 Subject Key Identifier: 804s D5:B2:13:8F:08:D1:02:00:53:38:1F:75:9C:23:46:F0:1D:9E:AA:C2 804s X509v3 Key Usage: critical 804s Digital Signature, Non Repudiation, Key Encipherment 804s X509v3 Extended Key Usage: 804s TLS Web Client Authentication, E-mail Protection 804s X509v3 Subject Alternative Name: 804s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 804s Signature Algorithm: sha256WithRSAEncryption 804s Signature Value: 804s d9:ce:3d:cf:eb:f5:67:fa:bd:55:94:f0:54:0b:a1:59:f7:76: 804s 7c:31:0e:b9:28:64:54:f1:19:31:76:95:40:13:6e:9b:25:65: 804s 38:ab:ab:56:a5:3a:0b:20:83:7e:b4:d3:ef:c0:3c:0e:23:6a: 804s 51:04:f0:29:1d:a9:d6:4e:17:79:8c:8c:6b:6f:00:cc:f5:9f: 804s 8d:f9:30:00:0d:f6:c6:f8:37:fb:e0:60:b7:c5:18:32:ee:f4: 804s 34:c4:0f:ad:59:c7:b4:d3:2a:6b:20:9d:25:48:bd:e8:29:e9: 804s cb:48:3c:0c:79:65:f6:4b:c6:c7:d9:b5:78:2e:1c:20:67:1d: 804s 51:90 804s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-E5oH29/SSSD-child-16898-auth.pem 804s + found_md5=Modulus=9CB7DC3EB9413713732801AF2E01946877A347AA707785FC2C6C373791762D966C26C10CAE8204B8D30F94408425DC91CA53C45B42FCF41E45B6947AB6CF66412FEC82489C5DA449B0BF791C8B9ABB142BA52F8BEB67F0A91CD77F04C73CC57C99A2A6614312E2F569305FE0213ED76E92B703B6FE45E39C04ECF3201EDD1C8B 804s + '[' Modulus=9CB7DC3EB9413713732801AF2E01946877A347AA707785FC2C6C373791762D966C26C10CAE8204B8D30F94408425DC91CA53C45B42FCF41E45B6947AB6CF66412FEC82489C5DA449B0BF791C8B9ABB142BA52F8BEB67F0A91CD77F04C73CC57C99A2A6614312E2F569305FE0213ED76E92B703B6FE45E39C04ECF3201EDD1C8B '!=' Modulus=9CB7DC3EB9413713732801AF2E01946877A347AA707785FC2C6C373791762D966C26C10CAE8204B8D30F94408425DC91CA53C45B42FCF41E45B6947AB6CF66412FEC82489C5DA449B0BF791C8B9ABB142BA52F8BEB67F0A91CD77F04C73CC57C99A2A6614312E2F569305FE0213ED76E92B703B6FE45E39C04ECF3201EDD1C8B ']' 804s + valid_certificate /tmp/sssd-softhsm2-E5oH29/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-3473 /tmp/sssd-softhsm2-E5oH29/test-root-CA.pem partial_chain 804s + check_certificate /tmp/sssd-softhsm2-E5oH29/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-3473 /tmp/sssd-softhsm2-E5oH29/test-root-CA.pem partial_chain 804s + local certificate=/tmp/sssd-softhsm2-E5oH29/test-root-CA-trusted-certificate-0001.pem 804s + local key_pass=pass:random-root-ca-trusted-cert-0001-3473 804s + local key_ring=/tmp/sssd-softhsm2-E5oH29/test-root-CA.pem 804s + local verify_option=partial_chain 804s + prepare_softhsm2_card /tmp/sssd-softhsm2-E5oH29/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-3473 804s + local certificate=/tmp/sssd-softhsm2-E5oH29/test-root-CA-trusted-certificate-0001.pem 804s + local key_pass=pass:random-root-ca-trusted-cert-0001-3473 804s + local key_cn 804s + local key_name 804s + local tokens_dir 804s + local output_cert_file 804s + token_name= 804s ++ basename /tmp/sssd-softhsm2-E5oH29/test-root-CA-trusted-certificate-0001.pem .pem 804s + key_name=test-root-CA-trusted-certificate-0001 804s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-E5oH29/test-root-CA-trusted-certificate-0001.pem 804s ++ sed -n 's/ *commonName *= //p' 804s + key_cn='Test Organization Root Trusted Certificate 0001' 804s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 804s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-E5oH29/softhsm2-test-root-CA-trusted-certificate-0001.conf 804s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-E5oH29/softhsm2-test-root-CA-trusted-certificate-0001.conf 804s ++ basename /tmp/sssd-softhsm2-E5oH29/softhsm2-test-root-CA-trusted-certificate-0001.conf .conf 804s + tokens_dir=/tmp/sssd-softhsm2-E5oH29/softhsm2-test-root-CA-trusted-certificate-0001 804s + token_name='Test Organization Root Tr Token' 804s + '[' '!' -e /tmp/sssd-softhsm2-E5oH29/softhsm2-test-root-CA-trusted-certificate-0001.conf ']' 804s + '[' '!' -d /tmp/sssd-softhsm2-E5oH29/softhsm2-test-root-CA-trusted-certificate-0001 ']' 804s + echo 'Test Organization Root Tr Token' 804s + '[' -n partial_chain ']' 804s + local verify_arg=--verify=partial_chain 804s + local output_base_name=SSSD-child-29690 804s + local output_file=/tmp/sssd-softhsm2-E5oH29/SSSD-child-29690.output 804s + output_cert_file=/tmp/sssd-softhsm2-E5oH29/SSSD-child-29690.pem 804s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so --verify=partial_chain --ca_db=/tmp/sssd-softhsm2-E5oH29/test-root-CA.pem 804s Test Organization Root Tr Token 804s [p11_child[1593]] [main] (0x0400): p11_child started. 804s [p11_child[1593]] [main] (0x2000): Running in [pre-auth] mode. 804s [p11_child[1593]] [main] (0x2000): Running with effective IDs: [0][0]. 804s [p11_child[1593]] [main] (0x2000): Running with real IDs [0][0]. 804s [p11_child[1593]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 804s [p11_child[1593]] [do_card] (0x4000): Module List: 804s [p11_child[1593]] [do_card] (0x4000): common name: [softhsm2]. 804s [p11_child[1593]] [do_card] (0x4000): dll name: [/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so]. 804s [p11_child[1593]] [do_card] (0x4000): Description [SoftHSM slot ID 0x2c21035c] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 804s [p11_child[1593]] [do_card] (0x4000): Token label [Test Organization Root Tr Token]. 804s [p11_child[1593]] [do_card] (0x4000): Found [Test Organization Root Tr Token] in slot [SoftHSM slot ID 0x2c21035c][740361052] of module [0][/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so]. 804s [p11_child[1593]] [do_card] (0x4000): Login NOT required. 804s [p11_child[1593]] [read_certs] (0x4000): found cert[Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] 804s [p11_child[1593]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 804s [p11_child[1593]] [do_card] (0x4000): /usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so /usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so (null) Test Organization Root Tr Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 804s [p11_child[1593]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x2c21035c;slot-manufacturer=SoftHSM%20project;slot-id=740361052;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=d88ad9af2c21035c;token=Test%20Organization%20Root%20Tr%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Root%20Trusted%20Certificate%200001;type=cert. 804s [p11_child[1593]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 804s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-E5oH29/SSSD-child-29690.output 804s + echo '-----BEGIN CERTIFICATE-----' 804s + tail -n1 /tmp/sssd-softhsm2-E5oH29/SSSD-child-29690.output 804s + echo '-----END CERTIFICATE-----' 804s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-E5oH29/SSSD-child-29690.pem 804s Certificate: 804s Data: 804s Version: 3 (0x2) 804s Serial Number: 3 (0x3) 804s Signature Algorithm: sha256WithRSAEncryption 804s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root CA 804s Validity 804s Not Before: Nov 29 21:11:39 2024 GMT 804s Not After : Nov 29 21:11:39 2025 GMT 804s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root Trusted Certificate 0001 804s Subject Public Key Info: 804s Public Key Algorithm: rsaEncryption 804s Public-Key: (1024 bit) 804s Modulus: 804s 00:9c:b7:dc:3e:b9:41:37:13:73:28:01:af:2e:01: 804s 94:68:77:a3:47:aa:70:77:85:fc:2c:6c:37:37:91: 804s 76:2d:96:6c:26:c1:0c:ae:82:04:b8:d3:0f:94:40: 804s 84:25:dc:91:ca:53:c4:5b:42:fc:f4:1e:45:b6:94: 804s 7a:b6:cf:66:41:2f:ec:82:48:9c:5d:a4:49:b0:bf: 804s 79:1c:8b:9a:bb:14:2b:a5:2f:8b:eb:67:f0:a9:1c: 804s d7:7f:04:c7:3c:c5:7c:99:a2:a6:61:43:12:e2:f5: 804s 69:30:5f:e0:21:3e:d7:6e:92:b7:03:b6:fe:45:e3: 804s 9c:04:ec:f3:20:1e:dd:1c:8b 804s Exponent: 65537 (0x10001) 804s X509v3 extensions: 804s X509v3 Authority Key Identifier: 804s AC:6C:80:5C:9D:6C:D2:33:3A:A8:88:D8:C9:AB:2F:E0:DA:8C:E1:F2 804s X509v3 Basic Constraints: 804s CA:FALSE 804s Netscape Cert Type: 804s SSL Client, S/MIME 804s Netscape Comment: 804s Test Organization Root CA trusted Certificate 804s X509v3 Subject Key Identifier: 804s D5:B2:13:8F:08:D1:02:00:53:38:1F:75:9C:23:46:F0:1D:9E:AA:C2 804s X509v3 Key Usage: critical 804s Digital Signature, Non Repudiation, Key Encipherment 804s X509v3 Extended Key Usage: 804s TLS Web Client Authentication, E-mail Protection 804s X509v3 Subject Alternative Name: 804s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 804s Signature Algorithm: sha256WithRSAEncryption 804s Signature Value: 804s d9:ce:3d:cf:eb:f5:67:fa:bd:55:94:f0:54:0b:a1:59:f7:76: 804s 7c:31:0e:b9:28:64:54:f1:19:31:76:95:40:13:6e:9b:25:65: 804s 38:ab:ab:56:a5:3a:0b:20:83:7e:b4:d3:ef:c0:3c:0e:23:6a: 804s 51:04:f0:29:1d:a9:d6:4e:17:79:8c:8c:6b:6f:00:cc:f5:9f: 804s 8d:f9:30:00:0d:f6:c6:f8:37:fb:e0:60:b7:c5:18:32:ee:f4: 804s 34:c4:0f:ad:59:c7:b4:d3:2a:6b:20:9d:25:48:bd:e8:29:e9: 804s cb:48:3c:0c:79:65:f6:4b:c6:c7:d9:b5:78:2e:1c:20:67:1d: 804s 51:90 804s + local found_md5 expected_md5 804s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-E5oH29/test-root-CA-trusted-certificate-0001.pem 804s + expected_md5=Modulus=9CB7DC3EB9413713732801AF2E01946877A347AA707785FC2C6C373791762D966C26C10CAE8204B8D30F94408425DC91CA53C45B42FCF41E45B6947AB6CF66412FEC82489C5DA449B0BF791C8B9ABB142BA52F8BEB67F0A91CD77F04C73CC57C99A2A6614312E2F569305FE0213ED76E92B703B6FE45E39C04ECF3201EDD1C8B 804s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-E5oH29/SSSD-child-29690.pem 804s + found_md5=Modulus=9CB7DC3EB9413713732801AF2E01946877A347AA707785FC2C6C373791762D966C26C10CAE8204B8D30F94408425DC91CA53C45B42FCF41E45B6947AB6CF66412FEC82489C5DA449B0BF791C8B9ABB142BA52F8BEB67F0A91CD77F04C73CC57C99A2A6614312E2F569305FE0213ED76E92B703B6FE45E39C04ECF3201EDD1C8B 804s + '[' Modulus=9CB7DC3EB9413713732801AF2E01946877A347AA707785FC2C6C373791762D966C26C10CAE8204B8D30F94408425DC91CA53C45B42FCF41E45B6947AB6CF66412FEC82489C5DA449B0BF791C8B9ABB142BA52F8BEB67F0A91CD77F04C73CC57C99A2A6614312E2F569305FE0213ED76E92B703B6FE45E39C04ECF3201EDD1C8B '!=' Modulus=9CB7DC3EB9413713732801AF2E01946877A347AA707785FC2C6C373791762D966C26C10CAE8204B8D30F94408425DC91CA53C45B42FCF41E45B6947AB6CF66412FEC82489C5DA449B0BF791C8B9ABB142BA52F8BEB67F0A91CD77F04C73CC57C99A2A6614312E2F569305FE0213ED76E92B703B6FE45E39C04ECF3201EDD1C8B ']' 804s + output_file=/tmp/sssd-softhsm2-E5oH29/SSSD-child-29690-auth.output 804s ++ basename /tmp/sssd-softhsm2-E5oH29/SSSD-child-29690-auth.output .output 804s + output_cert_file=/tmp/sssd-softhsm2-E5oH29/SSSD-child-29690-auth.pem 804s + echo -n 053350 804s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/tmp/sssd-softhsm2-E5oH29/test-root-CA.pem --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 --verify=partial_chain --token_name 'Test Organization Root Tr Token' --module_name /usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so 804s [p11_child[1601]] [main] (0x0400): p11_child started. 804s [p11_child[1601]] [main] (0x2000): Running in [auth] mode. 804s [p11_child[1601]] [main] (0x2000): Running with effective IDs: [0][0]. 804s [p11_child[1601]] [main] (0x2000): Running with real IDs [0][0]. 804s [p11_child[1601]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 804s [p11_child[1601]] [do_card] (0x4000): Module List: 804s [p11_child[1601]] [do_card] (0x4000): common name: [softhsm2]. 804s [p11_child[1601]] [do_card] (0x4000): dll name: [/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so]. 804s [p11_child[1601]] [do_card] (0x4000): Description [SoftHSM slot ID 0x2c21035c] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 804s [p11_child[1601]] [do_card] (0x4000): Token label [Test Organization Root Tr Token]. 804s [p11_child[1601]] [do_card] (0x4000): Found [Test Organization Root Tr Token] in slot [SoftHSM slot ID 0x2c21035c][740361052] of module [0][/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so]. 804s [p11_child[1601]] [do_card] (0x4000): Login required. 804s [p11_child[1601]] [read_certs] (0x4000): found cert[Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] 804s [p11_child[1601]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 804s [p11_child[1601]] [do_card] (0x4000): /usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so /usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so Test Organization Root Tr Token Test Organization Root Tr Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 804s [p11_child[1601]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x2c21035c;slot-manufacturer=SoftHSM%20project;slot-id=740361052;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=d88ad9af2c21035c;token=Test%20Organization%20Root%20Tr%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Root%20Trusted%20Certificate%200001;type=cert. 804s [p11_child[1601]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 804s [p11_child[1601]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 804s [p11_child[1601]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 804s [p11_child[1601]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 804s [p11_child[1601]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 804s [p11_child[1601]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 804s [p11_child[1601]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 804s [p11_child[1601]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 804s [p11_child[1601]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 804s [p11_child[1601]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 804s [p11_child[1601]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 804s [p11_child[1601]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 804s [p11_child[1601]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 804s [p11_child[1601]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 804s [p11_child[1601]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 804s [p11_child[1601]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 804s [p11_child[1601]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 804s [p11_child[1601]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 804s [p11_child[1601]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 804s [p11_child[1601]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 804s [p11_child[1601]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 804s [p11_child[1601]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 804s [p11_child[1601]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 804s [p11_child[1601]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 804s [p11_child[1601]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 804s [p11_child[1601]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 804s [p11_child[1601]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 804s [p11_child[1601]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 804s [p11_child[1601]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 804s [p11_child[1601]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 804s [p11_child[1601]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 804s [p11_child[1601]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 804s [p11_child[1601]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 804s [p11_child[1601]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 804s [p11_child[1601]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 804s [p11_child[1601]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 804s [p11_child[1601]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 804s [p11_child[1601]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 804s [p11_child[1601]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 804s [p11_child[1601]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 804s [p11_child[1601]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 804s [p11_child[1601]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 804s [p11_child[1601]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 804s [p11_child[1601]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 804s [p11_child[1601]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 804s [p11_child[1601]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 804s [p11_child[1601]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 804s [p11_child[1601]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 804s [p11_child[1601]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 804s [p11_child[1601]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 804s [p11_child[1601]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 804s [p11_child[1601]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 804s [p11_child[1601]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 804s [p11_child[1601]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 804s [p11_child[1601]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 804s [p11_child[1601]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 804s [p11_child[1601]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 804s [p11_child[1601]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 804s [p11_child[1601]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 804s [p11_child[1601]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 804s [p11_child[1601]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 804s [p11_child[1601]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 804s [p11_child[1601]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 804s [p11_child[1601]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 804s [p11_child[1601]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 804s [p11_child[1601]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 804s [p11_child[1601]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 804s [p11_child[1601]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 804s [p11_child[1601]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 804s [p11_child[1601]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 804s [p11_child[1601]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 804s [p11_child[1601]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 804s [p11_child[1601]] [do_card] (0x4000): Certificate verified and validated. 804s [p11_child[1601]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 804s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-E5oH29/SSSD-child-29690-auth.output 804s + echo '-----BEGIN CERTIFICATE-----' 804s + tail -n1 /tmp/sssd-softhsm2-E5oH29/SSSD-child-29690-auth.output 804s + echo '-----END CERTIFICATE-----' 804s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-E5oH29/SSSD-child-29690-auth.pem 804s Certificate: 804s Data: 804s Version: 3 (0x2) 804s Serial Number: 3 (0x3) 804s Signature Algorithm: sha256WithRSAEncryption 804s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root CA 804s Validity 804s Not Before: Nov 29 21:11:39 2024 GMT 804s Not After : Nov 29 21:11:39 2025 GMT 804s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root Trusted Certificate 0001 804s Subject Public Key Info: 804s Public Key Algorithm: rsaEncryption 804s Public-Key: (1024 bit) 804s Modulus: 804s 00:9c:b7:dc:3e:b9:41:37:13:73:28:01:af:2e:01: 804s 94:68:77:a3:47:aa:70:77:85:fc:2c:6c:37:37:91: 804s 76:2d:96:6c:26:c1:0c:ae:82:04:b8:d3:0f:94:40: 804s 84:25:dc:91:ca:53:c4:5b:42:fc:f4:1e:45:b6:94: 804s 7a:b6:cf:66:41:2f:ec:82:48:9c:5d:a4:49:b0:bf: 804s 79:1c:8b:9a:bb:14:2b:a5:2f:8b:eb:67:f0:a9:1c: 804s d7:7f:04:c7:3c:c5:7c:99:a2:a6:61:43:12:e2:f5: 804s 69:30:5f:e0:21:3e:d7:6e:92:b7:03:b6:fe:45:e3: 804s 9c:04:ec:f3:20:1e:dd:1c:8b 804s Exponent: 65537 (0x10001) 804s X509v3 extensions: 804s X509v3 Authority Key Identifier: 804s AC:6C:80:5C:9D:6C:D2:33:3A:A8:88:D8:C9:AB:2F:E0:DA:8C:E1:F2 804s X509v3 Basic Constraints: 804s CA:FALSE 804s Netscape Cert Type: 804s SSL Client, S/MIME 804s Netscape Comment: 804s Test Organization Root CA trusted Certificate 804s X509v3 Subject Key Identifier: 804s D5:B2:13:8F:08:D1:02:00:53:38:1F:75:9C:23:46:F0:1D:9E:AA:C2 804s X509v3 Key Usage: critical 804s Digital Signature, Non Repudiation, Key Encipherment 804s X509v3 Extended Key Usage: 804s TLS Web Client Authentication, E-mail Protection 804s X509v3 Subject Alternative Name: 804s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 804s Signature Algorithm: sha256WithRSAEncryption 804s Signature Value: 804s d9:ce:3d:cf:eb:f5:67:fa:bd:55:94:f0:54:0b:a1:59:f7:76: 804s 7c:31:0e:b9:28:64:54:f1:19:31:76:95:40:13:6e:9b:25:65: 804s 38:ab:ab:56:a5:3a:0b:20:83:7e:b4:d3:ef:c0:3c:0e:23:6a: 804s 51:04:f0:29:1d:a9:d6:4e:17:79:8c:8c:6b:6f:00:cc:f5:9f: 804s 8d:f9:30:00:0d:f6:c6:f8:37:fb:e0:60:b7:c5:18:32:ee:f4: 804s 34:c4:0f:ad:59:c7:b4:d3:2a:6b:20:9d:25:48:bd:e8:29:e9: 804s cb:48:3c:0c:79:65:f6:4b:c6:c7:d9:b5:78:2e:1c:20:67:1d: 804s 51:90 804s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-E5oH29/SSSD-child-29690-auth.pem 804s + found_md5=Modulus=9CB7DC3EB9413713732801AF2E01946877A347AA707785FC2C6C373791762D966C26C10CAE8204B8D30F94408425DC91CA53C45B42FCF41E45B6947AB6CF66412FEC82489C5DA449B0BF791C8B9ABB142BA52F8BEB67F0A91CD77F04C73CC57C99A2A6614312E2F569305FE0213ED76E92B703B6FE45E39C04ECF3201EDD1C8B 804s + '[' Modulus=9CB7DC3EB9413713732801AF2E01946877A347AA707785FC2C6C373791762D966C26C10CAE8204B8D30F94408425DC91CA53C45B42FCF41E45B6947AB6CF66412FEC82489C5DA449B0BF791C8B9ABB142BA52F8BEB67F0A91CD77F04C73CC57C99A2A6614312E2F569305FE0213ED76E92B703B6FE45E39C04ECF3201EDD1C8B '!=' Modulus=9CB7DC3EB9413713732801AF2E01946877A347AA707785FC2C6C373791762D966C26C10CAE8204B8D30F94408425DC91CA53C45B42FCF41E45B6947AB6CF66412FEC82489C5DA449B0BF791C8B9ABB142BA52F8BEB67F0A91CD77F04C73CC57C99A2A6614312E2F569305FE0213ED76E92B703B6FE45E39C04ECF3201EDD1C8B ']' 804s + valid_certificate /tmp/sssd-softhsm2-E5oH29/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-3473 /tmp/sssd-softhsm2-E5oH29/test-full-chain-CA.pem 804s + check_certificate /tmp/sssd-softhsm2-E5oH29/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-3473 /tmp/sssd-softhsm2-E5oH29/test-full-chain-CA.pem 804s + local certificate=/tmp/sssd-softhsm2-E5oH29/test-root-CA-trusted-certificate-0001.pem 804s + local key_pass=pass:random-root-ca-trusted-cert-0001-3473 804s + local key_ring=/tmp/sssd-softhsm2-E5oH29/test-full-chain-CA.pem 804s + local verify_option= 804s + prepare_softhsm2_card /tmp/sssd-softhsm2-E5oH29/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-3473 804s + local certificate=/tmp/sssd-softhsm2-E5oH29/test-root-CA-trusted-certificate-0001.pem 804s + local key_pass=pass:random-root-ca-trusted-cert-0001-3473 804s + local key_cn 804s + local key_name 804s + local tokens_dir 804s + local output_cert_file 804s + token_name= 804s ++ basename /tmp/sssd-softhsm2-E5oH29/test-root-CA-trusted-certificate-0001.pem .pem 804s + key_name=test-root-CA-trusted-certificate-0001 804s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-E5oH29/test-root-CA-trusted-certificate-0001.pem 804s ++ sed -n 's/ *commonName *= //p' 804s + key_cn='Test Organization Root Trusted Certificate 0001' 804s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 804s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-E5oH29/softhsm2-test-root-CA-trusted-certificate-0001.conf 804s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-E5oH29/softhsm2-test-root-CA-trusted-certificate-0001.conf 804s ++ basename /tmp/sssd-softhsm2-E5oH29/softhsm2-test-root-CA-trusted-certificate-0001.conf .conf 804s + tokens_dir=/tmp/sssd-softhsm2-E5oH29/softhsm2-test-root-CA-trusted-certificate-0001 804s + token_name='Test Organization Root Tr Token' 804s + '[' '!' -e /tmp/sssd-softhsm2-E5oH29/softhsm2-test-root-CA-trusted-certificate-0001.conf ']' 804s + '[' '!' -d /tmp/sssd-softhsm2-E5oH29/softhsm2-test-root-CA-trusted-certificate-0001 ']' 804s + echo 'Test Organization Root Tr Token' 804s + '[' -n '' ']' 804s + local output_base_name=SSSD-child-25402 804s + local output_file=/tmp/sssd-softhsm2-E5oH29/SSSD-child-25402.output 804s + output_cert_file=/tmp/sssd-softhsm2-E5oH29/SSSD-child-25402.pem 804s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so '' --ca_db=/tmp/sssd-softhsm2-E5oH29/test-full-chain-CA.pem 804s [p11_child[1611]] [main] (0x0400): p11_child started. 804s [p11_child[1611]] [main] (0x2000): Running in [pre-auth] mode. 804s [p11_child[1611]] [main] (0x2000): Running with effective IDs: [0][0]. 804s [p11_child[1611]] [main] (0x2000): Running with real IDs [0][0]. 804s Test Organization Root Tr Token 804s [p11_child[1611]] [do_card] (0x4000): Module List: 804s [p11_child[1611]] [do_card] (0x4000): common name: [softhsm2]. 804s [p11_child[1611]] [do_card] (0x4000): dll name: [/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so]. 804s [p11_child[1611]] [do_card] (0x4000): Description [SoftHSM slot ID 0x2c21035c] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 804s [p11_child[1611]] [do_card] (0x4000): Token label [Test Organization Root Tr Token]. 804s [p11_child[1611]] [do_card] (0x4000): Found [Test Organization Root Tr Token] in slot [SoftHSM slot ID 0x2c21035c][740361052] of module [0][/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so]. 804s [p11_child[1611]] [do_card] (0x4000): Login NOT required. 804s [p11_child[1611]] [read_certs] (0x4000): found cert[Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] 804s [p11_child[1611]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 804s [p11_child[1611]] [do_card] (0x4000): /usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so /usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so (null) Test Organization Root Tr Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 804s [p11_child[1611]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x2c21035c;slot-manufacturer=SoftHSM%20project;slot-id=740361052;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=d88ad9af2c21035c;token=Test%20Organization%20Root%20Tr%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Root%20Trusted%20Certificate%200001;type=cert. 804s [p11_child[1611]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 804s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-E5oH29/SSSD-child-25402.output 804s + echo '-----BEGIN CERTIFICATE-----' 804s + tail -n1 /tmp/sssd-softhsm2-E5oH29/SSSD-child-25402.output 804s + echo '-----END CERTIFICATE-----' 804s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-E5oH29/SSSD-child-25402.pem 804s Certificate: 804s Data: 804s Version: 3 (0x2) 804s Serial Number: 3 (0x3) 804s Signature Algorithm: sha256WithRSAEncryption 804s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root CA 804s Validity 804s Not Before: Nov 29 21:11:39 2024 GMT 804s Not After : Nov 29 21:11:39 2025 GMT 804s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root Trusted Certificate 0001 804s Subject Public Key Info: 804s Public Key Algorithm: rsaEncryption 804s Public-Key: (1024 bit) 804s Modulus: 804s 00:9c:b7:dc:3e:b9:41:37:13:73:28:01:af:2e:01: 804s 94:68:77:a3:47:aa:70:77:85:fc:2c:6c:37:37:91: 804s 76:2d:96:6c:26:c1:0c:ae:82:04:b8:d3:0f:94:40: 804s 84:25:dc:91:ca:53:c4:5b:42:fc:f4:1e:45:b6:94: 804s 7a:b6:cf:66:41:2f:ec:82:48:9c:5d:a4:49:b0:bf: 804s 79:1c:8b:9a:bb:14:2b:a5:2f:8b:eb:67:f0:a9:1c: 804s d7:7f:04:c7:3c:c5:7c:99:a2:a6:61:43:12:e2:f5: 804s 69:30:5f:e0:21:3e:d7:6e:92:b7:03:b6:fe:45:e3: 804s 9c:04:ec:f3:20:1e:dd:1c:8b 804s Exponent: 65537 (0x10001) 804s X509v3 extensions: 804s X509v3 Authority Key Identifier: 804s AC:6C:80:5C:9D:6C:D2:33:3A:A8:88:D8:C9:AB:2F:E0:DA:8C:E1:F2 804s X509v3 Basic Constraints: 804s CA:FALSE 804s Netscape Cert Type: 804s SSL Client, S/MIME 804s Netscape Comment: 804s Test Organization Root CA trusted Certificate 804s X509v3 Subject Key Identifier: 804s D5:B2:13:8F:08:D1:02:00:53:38:1F:75:9C:23:46:F0:1D:9E:AA:C2 804s X509v3 Key Usage: critical 804s Digital Signature, Non Repudiation, Key Encipherment 804s X509v3 Extended Key Usage: 804s TLS Web Client Authentication, E-mail Protection 804s X509v3 Subject Alternative Name: 804s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 804s Signature Algorithm: sha256WithRSAEncryption 804s Signature Value: 804s d9:ce:3d:cf:eb:f5:67:fa:bd:55:94:f0:54:0b:a1:59:f7:76: 804s 7c:31:0e:b9:28:64:54:f1:19:31:76:95:40:13:6e:9b:25:65: 804s 38:ab:ab:56:a5:3a:0b:20:83:7e:b4:d3:ef:c0:3c:0e:23:6a: 804s 51:04:f0:29:1d:a9:d6:4e:17:79:8c:8c:6b:6f:00:cc:f5:9f: 804s 8d:f9:30:00:0d:f6:c6:f8:37:fb:e0:60:b7:c5:18:32:ee:f4: 804s 34:c4:0f:ad:59:c7:b4:d3:2a:6b:20:9d:25:48:bd:e8:29:e9: 804s cb:48:3c:0c:79:65:f6:4b:c6:c7:d9:b5:78:2e:1c:20:67:1d: 804s 51:90 804s + local found_md5 expected_md5 804s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-E5oH29/test-root-CA-trusted-certificate-0001.pem 804s + expected_md5=Modulus=9CB7DC3EB9413713732801AF2E01946877A347AA707785FC2C6C373791762D966C26C10CAE8204B8D30F94408425DC91CA53C45B42FCF41E45B6947AB6CF66412FEC82489C5DA449B0BF791C8B9ABB142BA52F8BEB67F0A91CD77F04C73CC57C99A2A6614312E2F569305FE0213ED76E92B703B6FE45E39C04ECF3201EDD1C8B 804s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-E5oH29/SSSD-child-25402.pem 804s + found_md5=Modulus=9CB7DC3EB9413713732801AF2E01946877A347AA707785FC2C6C373791762D966C26C10CAE8204B8D30F94408425DC91CA53C45B42FCF41E45B6947AB6CF66412FEC82489C5DA449B0BF791C8B9ABB142BA52F8BEB67F0A91CD77F04C73CC57C99A2A6614312E2F569305FE0213ED76E92B703B6FE45E39C04ECF3201EDD1C8B 804s + '[' Modulus=9CB7DC3EB9413713732801AF2E01946877A347AA707785FC2C6C373791762D966C26C10CAE8204B8D30F94408425DC91CA53C45B42FCF41E45B6947AB6CF66412FEC82489C5DA449B0BF791C8B9ABB142BA52F8BEB67F0A91CD77F04C73CC57C99A2A6614312E2F569305FE0213ED76E92B703B6FE45E39C04ECF3201EDD1C8B '!=' Modulus=9CB7DC3EB9413713732801AF2E01946877A347AA707785FC2C6C373791762D966C26C10CAE8204B8D30F94408425DC91CA53C45B42FCF41E45B6947AB6CF66412FEC82489C5DA449B0BF791C8B9ABB142BA52F8BEB67F0A91CD77F04C73CC57C99A2A6614312E2F569305FE0213ED76E92B703B6FE45E39C04ECF3201EDD1C8B ']' 804s + output_file=/tmp/sssd-softhsm2-E5oH29/SSSD-child-25402-auth.output 804s ++ basename /tmp/sssd-softhsm2-E5oH29/SSSD-child-25402-auth.output .output 804s + output_cert_file=/tmp/sssd-softhsm2-E5oH29/SSSD-child-25402-auth.pem 804s + echo -n 053350 804s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/tmp/sssd-softhsm2-E5oH29/test-full-chain-CA.pem --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 '' --token_name 'Test Organization Root Tr Token' --module_name /usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so 804s [p11_child[1619]] [main] (0x0400): p11_child started. 804s [p11_child[1619]] [main] (0x2000): Running in [auth] mode. 804s [p11_child[1619]] [main] (0x2000): Running with effective IDs: [0][0]. 804s [p11_child[1619]] [main] (0x2000): Running with real IDs [0][0]. 804s [p11_child[1619]] [do_card] (0x4000): Module List: 804s [p11_child[1619]] [do_card] (0x4000): common name: [softhsm2]. 804s [p11_child[1619]] [do_card] (0x4000): dll name: [/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so]. 804s [p11_child[1619]] [do_card] (0x4000): Description [SoftHSM slot ID 0x2c21035c] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 804s [p11_child[1619]] [do_card] (0x4000): Token label [Test Organization Root Tr Token]. 804s [p11_child[1619]] [do_card] (0x4000): Found [Test Organization Root Tr Token] in slot [SoftHSM slot ID 0x2c21035c][740361052] of module [0][/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so]. 804s [p11_child[1619]] [do_card] (0x4000): Login required. 804s [p11_child[1619]] [read_certs] (0x4000): found cert[Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] 804s [p11_child[1619]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 804s [p11_child[1619]] [do_card] (0x4000): /usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so /usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so Test Organization Root Tr Token Test Organization Root Tr Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 804s [p11_child[1619]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x2c21035c;slot-manufacturer=SoftHSM%20project;slot-id=740361052;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=d88ad9af2c21035c;token=Test%20Organization%20Root%20Tr%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Root%20Trusted%20Certificate%200001;type=cert. 804s [p11_child[1619]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 804s [p11_child[1619]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 804s [p11_child[1619]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 804s [p11_child[1619]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 804s [p11_child[1619]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 804s [p11_child[1619]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 804s [p11_child[1619]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 804s [p11_child[1619]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 804s [p11_child[1619]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 804s [p11_child[1619]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 804s [p11_child[1619]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 804s [p11_child[1619]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 804s [p11_child[1619]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 804s [p11_child[1619]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 804s [p11_child[1619]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 804s [p11_child[1619]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 804s [p11_child[1619]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 804s [p11_child[1619]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 804s [p11_child[1619]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 804s [p11_child[1619]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 804s [p11_child[1619]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 804s [p11_child[1619]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 804s [p11_child[1619]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 804s [p11_child[1619]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 804s [p11_child[1619]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 804s [p11_child[1619]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 804s [p11_child[1619]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 804s [p11_child[1619]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 804s [p11_child[1619]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 804s [p11_child[1619]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 804s [p11_child[1619]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 804s [p11_child[1619]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 804s [p11_child[1619]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 804s [p11_child[1619]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 804s [p11_child[1619]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 804s [p11_child[1619]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 804s [p11_child[1619]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 804s [p11_child[1619]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 804s [p11_child[1619]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 804s [p11_child[1619]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 804s [p11_child[1619]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 804s [p11_child[1619]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 804s [p11_child[1619]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 804s [p11_child[1619]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 804s [p11_child[1619]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 804s [p11_child[1619]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 804s [p11_child[1619]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 804s [p11_child[1619]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 804s [p11_child[1619]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 804s [p11_child[1619]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 804s [p11_child[1619]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 804s [p11_child[1619]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 804s [p11_child[1619]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 804s [p11_child[1619]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 804s [p11_child[1619]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 804s [p11_child[1619]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 804s [p11_child[1619]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 804s [p11_child[1619]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 804s [p11_child[1619]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 804s [p11_child[1619]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 804s [p11_child[1619]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 804s [p11_child[1619]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 804s [p11_child[1619]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 804s [p11_child[1619]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 804s [p11_child[1619]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 804s [p11_child[1619]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 804s [p11_child[1619]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 804s [p11_child[1619]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 804s [p11_child[1619]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 804s [p11_child[1619]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 804s [p11_child[1619]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 804s [p11_child[1619]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 804s [p11_child[1619]] [do_card] (0x4000): Certificate verified and validated. 804s [p11_child[1619]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 804s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-E5oH29/SSSD-child-25402-auth.output 804s + echo '-----BEGIN CERTIFICATE-----' 804s + tail -n1 /tmp/sssd-softhsm2-E5oH29/SSSD-child-25402-auth.output 804s + echo '-----END CERTIFICATE-----' 804s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-E5oH29/SSSD-child-25402-auth.pem 805s Certificate: 805s Data: 805s Version: 3 (0x2) 805s Serial Number: 3 (0x3) 805s Signature Algorithm: sha256WithRSAEncryption 805s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root CA 805s Validity 805s Not Before: Nov 29 21:11:39 2024 GMT 805s Not After : Nov 29 21:11:39 2025 GMT 805s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root Trusted Certificate 0001 805s Subject Public Key Info: 805s Public Key Algorithm: rsaEncryption 805s Public-Key: (1024 bit) 805s Modulus: 805s 00:9c:b7:dc:3e:b9:41:37:13:73:28:01:af:2e:01: 805s 94:68:77:a3:47:aa:70:77:85:fc:2c:6c:37:37:91: 805s 76:2d:96:6c:26:c1:0c:ae:82:04:b8:d3:0f:94:40: 805s 84:25:dc:91:ca:53:c4:5b:42:fc:f4:1e:45:b6:94: 805s 7a:b6:cf:66:41:2f:ec:82:48:9c:5d:a4:49:b0:bf: 805s 79:1c:8b:9a:bb:14:2b:a5:2f:8b:eb:67:f0:a9:1c: 805s d7:7f:04:c7:3c:c5:7c:99:a2:a6:61:43:12:e2:f5: 805s 69:30:5f:e0:21:3e:d7:6e:92:b7:03:b6:fe:45:e3: 805s 9c:04:ec:f3:20:1e:dd:1c:8b 805s Exponent: 65537 (0x10001) 805s X509v3 extensions: 805s X509v3 Authority Key Identifier: 805s AC:6C:80:5C:9D:6C:D2:33:3A:A8:88:D8:C9:AB:2F:E0:DA:8C:E1:F2 805s X509v3 Basic Constraints: 805s CA:FALSE 805s Netscape Cert Type: 805s SSL Client, S/MIME 805s Netscape Comment: 805s Test Organization Root CA trusted Certificate 805s X509v3 Subject Key Identifier: 805s D5:B2:13:8F:08:D1:02:00:53:38:1F:75:9C:23:46:F0:1D:9E:AA:C2 805s X509v3 Key Usage: critical 805s Digital Signature, Non Repudiation, Key Encipherment 805s X509v3 Extended Key Usage: 805s TLS Web Client Authentication, E-mail Protection 805s X509v3 Subject Alternative Name: 805s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 805s Signature Algorithm: sha256WithRSAEncryption 805s Signature Value: 805s d9:ce:3d:cf:eb:f5:67:fa:bd:55:94:f0:54:0b:a1:59:f7:76: 805s 7c:31:0e:b9:28:64:54:f1:19:31:76:95:40:13:6e:9b:25:65: 805s 38:ab:ab:56:a5:3a:0b:20:83:7e:b4:d3:ef:c0:3c:0e:23:6a: 805s 51:04:f0:29:1d:a9:d6:4e:17:79:8c:8c:6b:6f:00:cc:f5:9f: 805s 8d:f9:30:00:0d:f6:c6:f8:37:fb:e0:60:b7:c5:18:32:ee:f4: 805s 34:c4:0f:ad:59:c7:b4:d3:2a:6b:20:9d:25:48:bd:e8:29:e9: 805s cb:48:3c:0c:79:65:f6:4b:c6:c7:d9:b5:78:2e:1c:20:67:1d: 805s 51:90 805s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-E5oH29/SSSD-child-25402-auth.pem 805s + found_md5=Modulus=9CB7DC3EB9413713732801AF2E01946877A347AA707785FC2C6C373791762D966C26C10CAE8204B8D30F94408425DC91CA53C45B42FCF41E45B6947AB6CF66412FEC82489C5DA449B0BF791C8B9ABB142BA52F8BEB67F0A91CD77F04C73CC57C99A2A6614312E2F569305FE0213ED76E92B703B6FE45E39C04ECF3201EDD1C8B 805s + '[' Modulus=9CB7DC3EB9413713732801AF2E01946877A347AA707785FC2C6C373791762D966C26C10CAE8204B8D30F94408425DC91CA53C45B42FCF41E45B6947AB6CF66412FEC82489C5DA449B0BF791C8B9ABB142BA52F8BEB67F0A91CD77F04C73CC57C99A2A6614312E2F569305FE0213ED76E92B703B6FE45E39C04ECF3201EDD1C8B '!=' Modulus=9CB7DC3EB9413713732801AF2E01946877A347AA707785FC2C6C373791762D966C26C10CAE8204B8D30F94408425DC91CA53C45B42FCF41E45B6947AB6CF66412FEC82489C5DA449B0BF791C8B9ABB142BA52F8BEB67F0A91CD77F04C73CC57C99A2A6614312E2F569305FE0213ED76E92B703B6FE45E39C04ECF3201EDD1C8B ']' 805s + valid_certificate /tmp/sssd-softhsm2-E5oH29/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-3473 /tmp/sssd-softhsm2-E5oH29/test-full-chain-CA.pem partial_chain 805s + check_certificate /tmp/sssd-softhsm2-E5oH29/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-3473 /tmp/sssd-softhsm2-E5oH29/test-full-chain-CA.pem partial_chain 805s + local certificate=/tmp/sssd-softhsm2-E5oH29/test-root-CA-trusted-certificate-0001.pem 805s + local key_pass=pass:random-root-ca-trusted-cert-0001-3473 805s + local key_ring=/tmp/sssd-softhsm2-E5oH29/test-full-chain-CA.pem 805s + local verify_option=partial_chain 805s + prepare_softhsm2_card /tmp/sssd-softhsm2-E5oH29/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-3473 805s + local certificate=/tmp/sssd-softhsm2-E5oH29/test-root-CA-trusted-certificate-0001.pem 805s + local key_pass=pass:random-root-ca-trusted-cert-0001-3473 805s + local key_cn 805s + local key_name 805s + local tokens_dir 805s + local output_cert_file 805s + token_name= 805s ++ basename /tmp/sssd-softhsm2-E5oH29/test-root-CA-trusted-certificate-0001.pem .pem 805s + key_name=test-root-CA-trusted-certificate-0001 805s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-E5oH29/test-root-CA-trusted-certificate-0001.pem 805s ++ sed -n 's/ *commonName *= //p' 805s + key_cn='Test Organization Root Trusted Certificate 0001' 805s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 805s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-E5oH29/softhsm2-test-root-CA-trusted-certificate-0001.conf 805s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-E5oH29/softhsm2-test-root-CA-trusted-certificate-0001.conf 805s ++ basename /tmp/sssd-softhsm2-E5oH29/softhsm2-test-root-CA-trusted-certificate-0001.conf .conf 805s + tokens_dir=/tmp/sssd-softhsm2-E5oH29/softhsm2-test-root-CA-trusted-certificate-0001 805s + token_name='Test Organization Root Tr Token' 805s + '[' '!' -e /tmp/sssd-softhsm2-E5oH29/softhsm2-test-root-CA-trusted-certificate-0001.conf ']' 805s + '[' '!' -d /tmp/sssd-softhsm2-E5oH29/softhsm2-test-root-CA-trusted-certificate-0001 ']' 805s + echo 'Test Organization Root Tr Token' 805s + '[' -n partial_chain ']' 805s + local verify_arg=--verify=partial_chain 805s + local output_base_name=SSSD-child-17890 805s + local output_file=/tmp/sssd-softhsm2-E5oH29/SSSD-child-17890.output 805s + output_cert_file=/tmp/sssd-softhsm2-E5oH29/SSSD-child-17890.pem 805s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so --verify=partial_chain --ca_db=/tmp/sssd-softhsm2-E5oH29/test-full-chain-CA.pem 805s Test Organization Root Tr Token 805s [p11_child[1629]] [main] (0x0400): p11_child started. 805s [p11_child[1629]] [main] (0x2000): Running in [pre-auth] mode. 805s [p11_child[1629]] [main] (0x2000): Running with effective IDs: [0][0]. 805s [p11_child[1629]] [main] (0x2000): Running with real IDs [0][0]. 805s [p11_child[1629]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 805s [p11_child[1629]] [do_card] (0x4000): Module List: 805s [p11_child[1629]] [do_card] (0x4000): common name: [softhsm2]. 805s [p11_child[1629]] [do_card] (0x4000): dll name: [/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so]. 805s [p11_child[1629]] [do_card] (0x4000): Description [SoftHSM slot ID 0x2c21035c] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 805s [p11_child[1629]] [do_card] (0x4000): Token label [Test Organization Root Tr Token]. 805s [p11_child[1629]] [do_card] (0x4000): Found [Test Organization Root Tr Token] in slot [SoftHSM slot ID 0x2c21035c][740361052] of module [0][/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so]. 805s [p11_child[1629]] [do_card] (0x4000): Login NOT required. 805s [p11_child[1629]] [read_certs] (0x4000): found cert[Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] 805s [p11_child[1629]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 805s [p11_child[1629]] [do_card] (0x4000): /usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so /usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so (null) Test Organization Root Tr Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 805s [p11_child[1629]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x2c21035c;slot-manufacturer=SoftHSM%20project;slot-id=740361052;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=d88ad9af2c21035c;token=Test%20Organization%20Root%20Tr%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Root%20Trusted%20Certificate%200001;type=cert. 805s [p11_child[1629]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 805s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-E5oH29/SSSD-child-17890.output 805s + echo '-----BEGIN CERTIFICATE-----' 805s + tail -n1 /tmp/sssd-softhsm2-E5oH29/SSSD-child-17890.output 805s + echo '-----END CERTIFICATE-----' 805s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-E5oH29/SSSD-child-17890.pem 805s + local found_md5 expected_md5 805s Certificate: 805s Data: 805s Version: 3 (0x2) 805s Serial Number: 3 (0x3) 805s Signature Algorithm: sha256WithRSAEncryption 805s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root CA 805s Validity 805s Not Before: Nov 29 21:11:39 2024 GMT 805s Not After : Nov 29 21:11:39 2025 GMT 805s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root Trusted Certificate 0001 805s Subject Public Key Info: 805s Public Key Algorithm: rsaEncryption 805s Public-Key: (1024 bit) 805s Modulus: 805s 00:9c:b7:dc:3e:b9:41:37:13:73:28:01:af:2e:01: 805s 94:68:77:a3:47:aa:70:77:85:fc:2c:6c:37:37:91: 805s 76:2d:96:6c:26:c1:0c:ae:82:04:b8:d3:0f:94:40: 805s 84:25:dc:91:ca:53:c4:5b:42:fc:f4:1e:45:b6:94: 805s 7a:b6:cf:66:41:2f:ec:82:48:9c:5d:a4:49:b0:bf: 805s 79:1c:8b:9a:bb:14:2b:a5:2f:8b:eb:67:f0:a9:1c: 805s d7:7f:04:c7:3c:c5:7c:99:a2:a6:61:43:12:e2:f5: 805s 69:30:5f:e0:21:3e:d7:6e:92:b7:03:b6:fe:45:e3: 805s 9c:04:ec:f3:20:1e:dd:1c:8b 805s Exponent: 65537 (0x10001) 805s X509v3 extensions: 805s X509v3 Authority Key Identifier: 805s AC:6C:80:5C:9D:6C:D2:33:3A:A8:88:D8:C9:AB:2F:E0:DA:8C:E1:F2 805s X509v3 Basic Constraints: 805s CA:FALSE 805s Netscape Cert Type: 805s SSL Client, S/MIME 805s Netscape Comment: 805s Test Organization Root CA trusted Certificate 805s X509v3 Subject Key Identifier: 805s D5:B2:13:8F:08:D1:02:00:53:38:1F:75:9C:23:46:F0:1D:9E:AA:C2 805s X509v3 Key Usage: critical 805s Digital Signature, Non Repudiation, Key Encipherment 805s X509v3 Extended Key Usage: 805s TLS Web Client Authentication, E-mail Protection 805s X509v3 Subject Alternative Name: 805s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 805s Signature Algorithm: sha256WithRSAEncryption 805s Signature Value: 805s d9:ce:3d:cf:eb:f5:67:fa:bd:55:94:f0:54:0b:a1:59:f7:76: 805s 7c:31:0e:b9:28:64:54:f1:19:31:76:95:40:13:6e:9b:25:65: 805s 38:ab:ab:56:a5:3a:0b:20:83:7e:b4:d3:ef:c0:3c:0e:23:6a: 805s 51:04:f0:29:1d:a9:d6:4e:17:79:8c:8c:6b:6f:00:cc:f5:9f: 805s 8d:f9:30:00:0d:f6:c6:f8:37:fb:e0:60:b7:c5:18:32:ee:f4: 805s 34:c4:0f:ad:59:c7:b4:d3:2a:6b:20:9d:25:48:bd:e8:29:e9: 805s cb:48:3c:0c:79:65:f6:4b:c6:c7:d9:b5:78:2e:1c:20:67:1d: 805s 51:90 805s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-E5oH29/test-root-CA-trusted-certificate-0001.pem 805s + expected_md5=Modulus=9CB7DC3EB9413713732801AF2E01946877A347AA707785FC2C6C373791762D966C26C10CAE8204B8D30F94408425DC91CA53C45B42FCF41E45B6947AB6CF66412FEC82489C5DA449B0BF791C8B9ABB142BA52F8BEB67F0A91CD77F04C73CC57C99A2A6614312E2F569305FE0213ED76E92B703B6FE45E39C04ECF3201EDD1C8B 805s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-E5oH29/SSSD-child-17890.pem 805s + found_md5=Modulus=9CB7DC3EB9413713732801AF2E01946877A347AA707785FC2C6C373791762D966C26C10CAE8204B8D30F94408425DC91CA53C45B42FCF41E45B6947AB6CF66412FEC82489C5DA449B0BF791C8B9ABB142BA52F8BEB67F0A91CD77F04C73CC57C99A2A6614312E2F569305FE0213ED76E92B703B6FE45E39C04ECF3201EDD1C8B 805s + '[' Modulus=9CB7DC3EB9413713732801AF2E01946877A347AA707785FC2C6C373791762D966C26C10CAE8204B8D30F94408425DC91CA53C45B42FCF41E45B6947AB6CF66412FEC82489C5DA449B0BF791C8B9ABB142BA52F8BEB67F0A91CD77F04C73CC57C99A2A6614312E2F569305FE0213ED76E92B703B6FE45E39C04ECF3201EDD1C8B '!=' Modulus=9CB7DC3EB9413713732801AF2E01946877A347AA707785FC2C6C373791762D966C26C10CAE8204B8D30F94408425DC91CA53C45B42FCF41E45B6947AB6CF66412FEC82489C5DA449B0BF791C8B9ABB142BA52F8BEB67F0A91CD77F04C73CC57C99A2A6614312E2F569305FE0213ED76E92B703B6FE45E39C04ECF3201EDD1C8B ']' 805s + output_file=/tmp/sssd-softhsm2-E5oH29/SSSD-child-17890-auth.output 805s ++ basename /tmp/sssd-softhsm2-E5oH29/SSSD-child-17890-auth.output .output 805s + output_cert_file=/tmp/sssd-softhsm2-E5oH29/SSSD-child-17890-auth.pem 805s + echo -n 053350 805s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/tmp/sssd-softhsm2-E5oH29/test-full-chain-CA.pem --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 --verify=partial_chain --token_name 'Test Organization Root Tr Token' --module_name /usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so 805s [p11_child[1637]] [main] (0x0400): p11_child started. 805s [p11_child[1637]] [main] (0x2000): Running in [auth] mode. 805s [p11_child[1637]] [main] (0x2000): Running with effective IDs: [0][0]. 805s [p11_child[1637]] [main] (0x2000): Running with real IDs [0][0]. 805s [p11_child[1637]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 805s [p11_child[1637]] [do_card] (0x4000): Module List: 805s [p11_child[1637]] [do_card] (0x4000): common name: [softhsm2]. 805s [p11_child[1637]] [do_card] (0x4000): dll name: [/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so]. 805s [p11_child[1637]] [do_card] (0x4000): Description [SoftHSM slot ID 0x2c21035c] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 805s [p11_child[1637]] [do_card] (0x4000): Token label [Test Organization Root Tr Token]. 805s [p11_child[1637]] [do_card] (0x4000): Found [Test Organization Root Tr Token] in slot [SoftHSM slot ID 0x2c21035c][740361052] of module [0][/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so]. 805s [p11_child[1637]] [do_card] (0x4000): Login required. 805s [p11_child[1637]] [read_certs] (0x4000): found cert[Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] 805s [p11_child[1637]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 805s [p11_child[1637]] [do_card] (0x4000): /usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so /usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so Test Organization Root Tr Token Test Organization Root Tr Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 805s [p11_child[1637]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x2c21035c;slot-manufacturer=SoftHSM%20project;slot-id=740361052;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=d88ad9af2c21035c;token=Test%20Organization%20Root%20Tr%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Root%20Trusted%20Certificate%200001;type=cert. 805s [p11_child[1637]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 805s [p11_child[1637]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 805s [p11_child[1637]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 805s [p11_child[1637]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 805s [p11_child[1637]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 805s [p11_child[1637]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 805s [p11_child[1637]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 805s [p11_child[1637]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 805s [p11_child[1637]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 805s [p11_child[1637]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 805s [p11_child[1637]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 805s [p11_child[1637]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 805s [p11_child[1637]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 805s [p11_child[1637]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 805s [p11_child[1637]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 805s [p11_child[1637]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 805s [p11_child[1637]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 805s [p11_child[1637]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 805s [p11_child[1637]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 805s [p11_child[1637]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 805s [p11_child[1637]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 805s [p11_child[1637]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 805s [p11_child[1637]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 805s [p11_child[1637]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 805s [p11_child[1637]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 805s [p11_child[1637]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 805s [p11_child[1637]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 805s [p11_child[1637]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 805s [p11_child[1637]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 805s [p11_child[1637]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 805s [p11_child[1637]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 805s [p11_child[1637]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 805s [p11_child[1637]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 805s [p11_child[1637]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 805s [p11_child[1637]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 805s [p11_child[1637]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 805s [p11_child[1637]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 805s [p11_child[1637]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 805s [p11_child[1637]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 805s [p11_child[1637]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 805s [p11_child[1637]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 805s [p11_child[1637]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 805s [p11_child[1637]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 805s [p11_child[1637]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 805s [p11_child[1637]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 805s [p11_child[1637]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 805s [p11_child[1637]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 805s [p11_child[1637]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 805s [p11_child[1637]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 805s [p11_child[1637]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 805s [p11_child[1637]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 805s [p11_child[1637]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 805s [p11_child[1637]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 805s [p11_child[1637]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 805s [p11_child[1637]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 805s [p11_child[1637]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 805s [p11_child[1637]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 805s [p11_child[1637]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 805s [p11_child[1637]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 805s [p11_child[1637]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 805s [p11_child[1637]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 805s [p11_child[1637]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 805s [p11_child[1637]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 805s [p11_child[1637]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 805s [p11_child[1637]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 805s [p11_child[1637]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 805s [p11_child[1637]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 805s [p11_child[1637]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 805s [p11_child[1637]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 805s [p11_child[1637]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 805s [p11_child[1637]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 805s [p11_child[1637]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 805s [p11_child[1637]] [do_card] (0x4000): Certificate verified and validated. 805s [p11_child[1637]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 805s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-E5oH29/SSSD-child-17890-auth.output 805s + echo '-----BEGIN CERTIFICATE-----' 805s + tail -n1 /tmp/sssd-softhsm2-E5oH29/SSSD-child-17890-auth.output 805s + echo '-----END CERTIFICATE-----' 805s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-E5oH29/SSSD-child-17890-auth.pem 805s Certificate: 805s Data: 805s Version: 3 (0x2) 805s Serial Number: 3 (0x3) 805s Signature Algorithm: sha256WithRSAEncryption 805s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root CA 805s Validity 805s Not Before: Nov 29 21:11:39 2024 GMT 805s Not After : Nov 29 21:11:39 2025 GMT 805s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root Trusted Certificate 0001 805s Subject Public Key Info: 805s Public Key Algorithm: rsaEncryption 805s Public-Key: (1024 bit) 805s Modulus: 805s 00:9c:b7:dc:3e:b9:41:37:13:73:28:01:af:2e:01: 805s 94:68:77:a3:47:aa:70:77:85:fc:2c:6c:37:37:91: 805s 76:2d:96:6c:26:c1:0c:ae:82:04:b8:d3:0f:94:40: 805s 84:25:dc:91:ca:53:c4:5b:42:fc:f4:1e:45:b6:94: 805s 7a:b6:cf:66:41:2f:ec:82:48:9c:5d:a4:49:b0:bf: 805s 79:1c:8b:9a:bb:14:2b:a5:2f:8b:eb:67:f0:a9:1c: 805s d7:7f:04:c7:3c:c5:7c:99:a2:a6:61:43:12:e2:f5: 805s 69:30:5f:e0:21:3e:d7:6e:92:b7:03:b6:fe:45:e3: 805s 9c:04:ec:f3:20:1e:dd:1c:8b 805s Exponent: 65537 (0x10001) 805s X509v3 extensions: 805s X509v3 Authority Key Identifier: 805s AC:6C:80:5C:9D:6C:D2:33:3A:A8:88:D8:C9:AB:2F:E0:DA:8C:E1:F2 805s X509v3 Basic Constraints: 805s CA:FALSE 805s Netscape Cert Type: 805s SSL Client, S/MIME 805s Netscape Comment: 805s Test Organization Root CA trusted Certificate 805s X509v3 Subject Key Identifier: 805s D5:B2:13:8F:08:D1:02:00:53:38:1F:75:9C:23:46:F0:1D:9E:AA:C2 805s X509v3 Key Usage: critical 805s Digital Signature, Non Repudiation, Key Encipherment 805s X509v3 Extended Key Usage: 805s TLS Web Client Authentication, E-mail Protection 805s X509v3 Subject Alternative Name: 805s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 805s Signature Algorithm: sha256WithRSAEncryption 805s Signature Value: 805s d9:ce:3d:cf:eb:f5:67:fa:bd:55:94:f0:54:0b:a1:59:f7:76: 805s 7c:31:0e:b9:28:64:54:f1:19:31:76:95:40:13:6e:9b:25:65: 805s 38:ab:ab:56:a5:3a:0b:20:83:7e:b4:d3:ef:c0:3c:0e:23:6a: 805s 51:04:f0:29:1d:a9:d6:4e:17:79:8c:8c:6b:6f:00:cc:f5:9f: 805s 8d:f9:30:00:0d:f6:c6:f8:37:fb:e0:60:b7:c5:18:32:ee:f4: 805s 34:c4:0f:ad:59:c7:b4:d3:2a:6b:20:9d:25:48:bd:e8:29:e9: 805s cb:48:3c:0c:79:65:f6:4b:c6:c7:d9:b5:78:2e:1c:20:67:1d: 805s 51:90 805s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-E5oH29/SSSD-child-17890-auth.pem 805s + found_md5=Modulus=9CB7DC3EB9413713732801AF2E01946877A347AA707785FC2C6C373791762D966C26C10CAE8204B8D30F94408425DC91CA53C45B42FCF41E45B6947AB6CF66412FEC82489C5DA449B0BF791C8B9ABB142BA52F8BEB67F0A91CD77F04C73CC57C99A2A6614312E2F569305FE0213ED76E92B703B6FE45E39C04ECF3201EDD1C8B 805s + '[' Modulus=9CB7DC3EB9413713732801AF2E01946877A347AA707785FC2C6C373791762D966C26C10CAE8204B8D30F94408425DC91CA53C45B42FCF41E45B6947AB6CF66412FEC82489C5DA449B0BF791C8B9ABB142BA52F8BEB67F0A91CD77F04C73CC57C99A2A6614312E2F569305FE0213ED76E92B703B6FE45E39C04ECF3201EDD1C8B '!=' Modulus=9CB7DC3EB9413713732801AF2E01946877A347AA707785FC2C6C373791762D966C26C10CAE8204B8D30F94408425DC91CA53C45B42FCF41E45B6947AB6CF66412FEC82489C5DA449B0BF791C8B9ABB142BA52F8BEB67F0A91CD77F04C73CC57C99A2A6614312E2F569305FE0213ED76E92B703B6FE45E39C04ECF3201EDD1C8B ']' 805s + invalid_certificate /tmp/sssd-softhsm2-E5oH29/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-3473 /tmp/sssd-softhsm2-E5oH29/test-intermediate-CA.pem 805s + check_certificate /tmp/sssd-softhsm2-E5oH29/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-3473 /tmp/sssd-softhsm2-E5oH29/test-intermediate-CA.pem 805s + local certificate=/tmp/sssd-softhsm2-E5oH29/test-root-CA-trusted-certificate-0001.pem 805s + local key_pass=pass:random-root-ca-trusted-cert-0001-3473 805s + local key_ring=/tmp/sssd-softhsm2-E5oH29/test-intermediate-CA.pem 805s + local verify_option= 805s + prepare_softhsm2_card /tmp/sssd-softhsm2-E5oH29/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-3473 805s + local certificate=/tmp/sssd-softhsm2-E5oH29/test-root-CA-trusted-certificate-0001.pem 805s + local key_pass=pass:random-root-ca-trusted-cert-0001-3473 805s + local key_cn 805s + local key_name 805s + local tokens_dir 805s + local output_cert_file 805s + token_name= 805s ++ basename /tmp/sssd-softhsm2-E5oH29/test-root-CA-trusted-certificate-0001.pem .pem 805s + key_name=test-root-CA-trusted-certificate-0001 805s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-E5oH29/test-root-CA-trusted-certificate-0001.pem 805s ++ sed -n 's/ *commonName *= //p' 805s + key_cn='Test Organization Root Trusted Certificate 0001' 805s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 805s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-E5oH29/softhsm2-test-root-CA-trusted-certificate-0001.conf 805s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-E5oH29/softhsm2-test-root-CA-trusted-certificate-0001.conf 805s ++ basename /tmp/sssd-softhsm2-E5oH29/softhsm2-test-root-CA-trusted-certificate-0001.conf .conf 805s Test Organization Root Tr Token 805s + tokens_dir=/tmp/sssd-softhsm2-E5oH29/softhsm2-test-root-CA-trusted-certificate-0001 805s + token_name='Test Organization Root Tr Token' 805s + '[' '!' -e /tmp/sssd-softhsm2-E5oH29/softhsm2-test-root-CA-trusted-certificate-0001.conf ']' 805s + '[' '!' -d /tmp/sssd-softhsm2-E5oH29/softhsm2-test-root-CA-trusted-certificate-0001 ']' 805s + echo 'Test Organization Root Tr Token' 805s + '[' -n '' ']' 805s + local output_base_name=SSSD-child-9797 805s + local output_file=/tmp/sssd-softhsm2-E5oH29/SSSD-child-9797.output 805s + output_cert_file=/tmp/sssd-softhsm2-E5oH29/SSSD-child-9797.pem 805s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so '' --ca_db=/tmp/sssd-softhsm2-E5oH29/test-intermediate-CA.pem 805s [p11_child[1647]] [main] (0x0400): p11_child started. 805s [p11_child[1647]] [main] (0x2000): Running in [pre-auth] mode. 805s [p11_child[1647]] [main] (0x2000): Running with effective IDs: [0][0]. 805s [p11_child[1647]] [main] (0x2000): Running with real IDs [0][0]. 805s [p11_child[1647]] [do_card] (0x4000): Module List: 805s [p11_child[1647]] [do_card] (0x4000): common name: [softhsm2]. 805s [p11_child[1647]] [do_card] (0x4000): dll name: [/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so]. 805s [p11_child[1647]] [do_card] (0x4000): Description [SoftHSM slot ID 0x2c21035c] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 805s [p11_child[1647]] [do_card] (0x4000): Token label [Test Organization Root Tr Token]. 805s [p11_child[1647]] [do_card] (0x4000): Found [Test Organization Root Tr Token] in slot [SoftHSM slot ID 0x2c21035c][740361052] of module [0][/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so]. 805s [p11_child[1647]] [do_card] (0x4000): Login NOT required. 805s [p11_child[1647]] [read_certs] (0x4000): found cert[Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] 805s [p11_child[1647]] [do_verification] (0x0040): X509_verify_cert failed [0]. 805s [p11_child[1647]] [do_verification] (0x0040): X509_verify_cert failed [20][unable to get local issuer certificate]. 805s [p11_child[1647]] [read_certs] (0x0040): Certificate [Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] not valid, skipping. 805s [p11_child[1647]] [do_card] (0x4000): No certificate found. 805s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-E5oH29/SSSD-child-9797.output 805s + return 2 805s + invalid_certificate /tmp/sssd-softhsm2-E5oH29/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-3473 /tmp/sssd-softhsm2-E5oH29/test-intermediate-CA.pem partial_chain 805s + check_certificate /tmp/sssd-softhsm2-E5oH29/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-3473 /tmp/sssd-softhsm2-E5oH29/test-intermediate-CA.pem partial_chain 805s + local certificate=/tmp/sssd-softhsm2-E5oH29/test-root-CA-trusted-certificate-0001.pem 805s + local key_pass=pass:random-root-ca-trusted-cert-0001-3473 805s + local key_ring=/tmp/sssd-softhsm2-E5oH29/test-intermediate-CA.pem 805s + local verify_option=partial_chain 805s + prepare_softhsm2_card /tmp/sssd-softhsm2-E5oH29/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-3473 805s + local certificate=/tmp/sssd-softhsm2-E5oH29/test-root-CA-trusted-certificate-0001.pem 805s + local key_pass=pass:random-root-ca-trusted-cert-0001-3473 805s + local key_cn 805s + local key_name 805s + local tokens_dir 805s + local output_cert_file 805s + token_name= 805s ++ basename /tmp/sssd-softhsm2-E5oH29/test-root-CA-trusted-certificate-0001.pem .pem 805s + key_name=test-root-CA-trusted-certificate-0001 805s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-E5oH29/test-root-CA-trusted-certificate-0001.pem 805s ++ sed -n 's/ *commonName *= //p' 805s + key_cn='Test Organization Root Trusted Certificate 0001' 805s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 805s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-E5oH29/softhsm2-test-root-CA-trusted-certificate-0001.conf 805s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-E5oH29/softhsm2-test-root-CA-trusted-certificate-0001.conf 805s ++ basename /tmp/sssd-softhsm2-E5oH29/softhsm2-test-root-CA-trusted-certificate-0001.conf .conf 805s Test Organization Root Tr Token 805s + tokens_dir=/tmp/sssd-softhsm2-E5oH29/softhsm2-test-root-CA-trusted-certificate-0001 805s + token_name='Test Organization Root Tr Token' 805s + '[' '!' -e /tmp/sssd-softhsm2-E5oH29/softhsm2-test-root-CA-trusted-certificate-0001.conf ']' 805s + '[' '!' -d /tmp/sssd-softhsm2-E5oH29/softhsm2-test-root-CA-trusted-certificate-0001 ']' 805s + echo 'Test Organization Root Tr Token' 805s + '[' -n partial_chain ']' 805s + local verify_arg=--verify=partial_chain 805s + local output_base_name=SSSD-child-30729 805s + local output_file=/tmp/sssd-softhsm2-E5oH29/SSSD-child-30729.output 805s + output_cert_file=/tmp/sssd-softhsm2-E5oH29/SSSD-child-30729.pem 805s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so --verify=partial_chain --ca_db=/tmp/sssd-softhsm2-E5oH29/test-intermediate-CA.pem 805s [p11_child[1654]] [main] (0x0400): p11_child started. 805s [p11_child[1654]] [main] (0x2000): Running in [pre-auth] mode. 805s [p11_child[1654]] [main] (0x2000): Running with effective IDs: [0][0]. 805s [p11_child[1654]] [main] (0x2000): Running with real IDs [0][0]. 805s [p11_child[1654]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 805s [p11_child[1654]] [do_card] (0x4000): Module List: 805s [p11_child[1654]] [do_card] (0x4000): common name: [softhsm2]. 805s [p11_child[1654]] [do_card] (0x4000): dll name: [/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so]. 805s [p11_child[1654]] [do_card] (0x4000): Description [SoftHSM slot ID 0x2c21035c] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 805s [p11_child[1654]] [do_card] (0x4000): Token label [Test Organization Root Tr Token]. 805s [p11_child[1654]] [do_card] (0x4000): Found [Test Organization Root Tr Token] in slot [SoftHSM slot ID 0x2c21035c][740361052] of module [0][/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so]. 805s [p11_child[1654]] [do_card] (0x4000): Login NOT required. 805s [p11_child[1654]] [read_certs] (0x4000): found cert[Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] 805s [p11_child[1654]] [do_verification] (0x0040): X509_verify_cert failed [0]. 805s [p11_child[1654]] [do_verification] (0x0040): X509_verify_cert failed [20][unable to get local issuer certificate]. 805s [p11_child[1654]] [read_certs] (0x0040): Certificate [Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] not valid, skipping. 805s [p11_child[1654]] [do_card] (0x4000): No certificate found. 805s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-E5oH29/SSSD-child-30729.output 805s + return 2 805s + invalid_certificate /tmp/sssd-softhsm2-E5oH29/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-5509 /dev/null 805s + check_certificate /tmp/sssd-softhsm2-E5oH29/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-5509 /dev/null 805s + local certificate=/tmp/sssd-softhsm2-E5oH29/test-intermediate-CA-trusted-certificate-0001.pem 805s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-5509 805s + local key_ring=/dev/null 805s + local verify_option= 805s + prepare_softhsm2_card /tmp/sssd-softhsm2-E5oH29/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-5509 805s + local certificate=/tmp/sssd-softhsm2-E5oH29/test-intermediate-CA-trusted-certificate-0001.pem 805s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-5509 805s + local key_cn 805s + local key_name 805s + local tokens_dir 805s + local output_cert_file 805s + token_name= 805s ++ basename /tmp/sssd-softhsm2-E5oH29/test-intermediate-CA-trusted-certificate-0001.pem .pem 805s + key_name=test-intermediate-CA-trusted-certificate-0001 805s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-E5oH29/test-intermediate-CA-trusted-certificate-0001.pem 805s ++ sed -n 's/ *commonName *= //p' 805s + key_cn='Test Organization Intermediate Trusted Certificate 0001' 805s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 805s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-E5oH29/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 805s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-E5oH29/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 805s ++ basename /tmp/sssd-softhsm2-E5oH29/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf .conf 805s + tokens_dir=/tmp/sssd-softhsm2-E5oH29/softhsm2-test-intermediate-CA-trusted-certificate-0001 805s + token_name='Test Organization Interme Token' 805s + '[' '!' -e /tmp/sssd-softhsm2-E5oH29/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf ']' 805s + local key_file 805s + local decrypted_key 805s + mkdir -p /tmp/sssd-softhsm2-E5oH29/softhsm2-test-intermediate-CA-trusted-certificate-0001 805s + key_file=/tmp/sssd-softhsm2-E5oH29/test-intermediate-CA-trusted-certificate-0001-key.pem 805s + decrypted_key=/tmp/sssd-softhsm2-E5oH29/test-intermediate-CA-trusted-certificate-0001-key-decrypted.pem 805s + cat 805s + softhsm2-util --init-token --label 'Test Organization Interme Token' --pin 053350 --so-pin 053350 --free 805s Slot 0 has a free/uninitialized token. 805s The token has been initialized and is reassigned to slot 1554087521 805s + softhsm2-util --show-slots 805s + p11tool --provider=/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so --write --no-mark-private --load-certificate=/tmp/sssd-softhsm2-E5oH29/test-intermediate-CA-trusted-certificate-0001.pem --login --set-pin=053350 --label 'Test Organization Intermediate Trusted Certificate 0001' --id 00112233445566778899FFAABBCCDDEEFF012345 805s Available slots: 805s Slot 1554087521 805s Slot info: 805s Description: SoftHSM slot ID 0x5ca17e61 805s Manufacturer ID: SoftHSM project 805s Hardware version: 2.6 805s Firmware version: 2.6 805s Token present: yes 805s Token info: 805s Manufacturer ID: SoftHSM project 805s Model: SoftHSM v2 805s Hardware version: 2.6 805s Firmware version: 2.6 805s Serial number: 8383cd73dca17e61 805s Initialized: yes 805s User PIN init.: yes 805s Label: Test Organization Interme Token 805s Slot 1 805s Slot info: 805s Description: SoftHSM slot ID 0x1 805s Manufacturer ID: SoftHSM project 805s Hardware version: 2.6 805s Firmware version: 2.6 805s Token present: yes 805s Token info: 805s Manufacturer ID: SoftHSM project 805s Model: SoftHSM v2 805s Hardware version: 2.6 805s Firmware version: 2.6 805s Serial number: 805s Initialized: no 805s User PIN init.: no 805s Label: 805s + openssl rsa -passin pass:random-intermediate-ca-trusted-cert-0001-5509 -in /tmp/sssd-softhsm2-E5oH29/test-intermediate-CA-trusted-certificate-0001-key.pem -out /tmp/sssd-softhsm2-E5oH29/test-intermediate-CA-trusted-certificate-0001-key-decrypted.pem 805s writing RSA key 805s + p11tool --provider=/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so --write --load-privkey=/tmp/sssd-softhsm2-E5oH29/test-intermediate-CA-trusted-certificate-0001-key-decrypted.pem --login --set-pin=053350 --label 'Test Organization Intermediate Trusted Certificate 0001 Key' --id 00112233445566778899FFAABBCCDDEEFF012345 805s + rm /tmp/sssd-softhsm2-E5oH29/test-intermediate-CA-trusted-certificate-0001-key-decrypted.pem 805s + p11tool --provider=/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so --list-all 805s Object 0: 805s URL: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=8383cd73dca17e61;token=Test%20Organization%20Interme%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Intermediate%20Trusted%20Certificate%200001;type=cert 805s Type: X.509 Certificate (RSA-1024) 805s Expires: Sat Nov 29 21:11:39 2025 805s Label: Test Organization Intermediate Trusted Certificate 0001 805s ID: 00:11:22:33:44:55:66:77:88:99:ff:aa:bb:cc:dd:ee:ff:01:23:45 805s 805s Test Organization Interme Token 805s + echo 'Test Organization Interme Token' 805s + '[' -n '' ']' 805s + local output_base_name=SSSD-child-5428 805s + local output_file=/tmp/sssd-softhsm2-E5oH29/SSSD-child-5428.output 805s + output_cert_file=/tmp/sssd-softhsm2-E5oH29/SSSD-child-5428.pem 805s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so '' --ca_db=/dev/null 805s [p11_child[1670]] [main] (0x0400): p11_child started. 805s [p11_child[1670]] [main] (0x2000): Running in [pre-auth] mode. 805s [p11_child[1670]] [main] (0x2000): Running with effective IDs: [0][0]. 805s [p11_child[1670]] [main] (0x2000): Running with real IDs [0][0]. 805s [p11_child[1670]] [init_verification] (0x0040): X509_LOOKUP_load_file [/dev/null] failed [92274824][error:05800088:x509 certificate routines::no certificate or crl found]. 805s [p11_child[1670]] [do_work] (0x0040): init_verification failed. 805s [p11_child[1670]] [main] (0x0020): p11_child failed (5) 805s + return 2 805s + valid_certificate /tmp/sssd-softhsm2-E5oH29/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-5509 /dev/null no_verification 805s + check_certificate /tmp/sssd-softhsm2-E5oH29/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-5509 /dev/null no_verification 805s + local certificate=/tmp/sssd-softhsm2-E5oH29/test-intermediate-CA-trusted-certificate-0001.pem 805s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-5509 805s + local key_ring=/dev/null 805s + local verify_option=no_verification 805s + prepare_softhsm2_card /tmp/sssd-softhsm2-E5oH29/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-5509 805s + local certificate=/tmp/sssd-softhsm2-E5oH29/test-intermediate-CA-trusted-certificate-0001.pem 805s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-5509 805s + local key_cn 805s + local key_name 805s + local tokens_dir 805s + local output_cert_file 805s + token_name= 805s ++ basename /tmp/sssd-softhsm2-E5oH29/test-intermediate-CA-trusted-certificate-0001.pem .pem 805s + key_name=test-intermediate-CA-trusted-certificate-0001 805s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-E5oH29/test-intermediate-CA-trusted-certificate-0001.pem 805s ++ sed -n 's/ *commonName *= //p' 805s + key_cn='Test Organization Intermediate Trusted Certificate 0001' 805s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 805s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-E5oH29/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 805s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-E5oH29/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 805s ++ basename /tmp/sssd-softhsm2-E5oH29/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf .conf 805s + tokens_dir=/tmp/sssd-softhsm2-E5oH29/softhsm2-test-intermediate-CA-trusted-certificate-0001 805s + token_name='Test Organization Interme Token' 805s + '[' '!' -e /tmp/sssd-softhsm2-E5oH29/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf ']' 805s + '[' '!' -d /tmp/sssd-softhsm2-E5oH29/softhsm2-test-intermediate-CA-trusted-certificate-0001 ']' 805s + echo 'Test Organization Interme Token' 805s + '[' -n no_verification ']' 805s + local verify_arg=--verify=no_verification 805s Test Organization Interme Token 805s + local output_base_name=SSSD-child-24484 805s + local output_file=/tmp/sssd-softhsm2-E5oH29/SSSD-child-24484.output 805s + output_cert_file=/tmp/sssd-softhsm2-E5oH29/SSSD-child-24484.pem 805s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so --verify=no_verification --ca_db=/dev/null 805s [p11_child[1676]] [main] (0x0400): p11_child started. 805s [p11_child[1676]] [main] (0x2000): Running in [pre-auth] mode. 805s [p11_child[1676]] [main] (0x2000): Running with effective IDs: [0][0]. 805s [p11_child[1676]] [main] (0x2000): Running with real IDs [0][0]. 805s [p11_child[1676]] [parse_cert_verify_opts] (0x0020): Found 'no_verification' option, disabling verification completely. This should not be used in production. 805s [p11_child[1676]] [do_card] (0x4000): Module List: 805s [p11_child[1676]] [do_card] (0x4000): common name: [softhsm2]. 805s [p11_child[1676]] [do_card] (0x4000): dll name: [/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so]. 805s [p11_child[1676]] [do_card] (0x4000): Description [SoftHSM slot ID 0x5ca17e61] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 805s [p11_child[1676]] [do_card] (0x4000): Token label [Test Organization Interme Token]. 805s [p11_child[1676]] [do_card] (0x4000): Found [Test Organization Interme Token] in slot [SoftHSM slot ID 0x5ca17e61][1554087521] of module [0][/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so]. 805s [p11_child[1676]] [do_card] (0x4000): Login NOT required. 805s [p11_child[1676]] [read_certs] (0x4000): found cert[Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] 805s [p11_child[1676]] [do_card] (0x4000): /usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so /usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so (null) Test Organization Interme Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 805s [p11_child[1676]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x5ca17e61;slot-manufacturer=SoftHSM%20project;slot-id=1554087521;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=8383cd73dca17e61;token=Test%20Organization%20Interme%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Intermediate%20Trusted%20Certificate%200001;type=cert. 805s [p11_child[1676]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 805s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-E5oH29/SSSD-child-24484.output 805s + echo '-----BEGIN CERTIFICATE-----' 805s + tail -n1 /tmp/sssd-softhsm2-E5oH29/SSSD-child-24484.output 805s + echo '-----END CERTIFICATE-----' 805s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-E5oH29/SSSD-child-24484.pem 805s Certificate: 805s Data: 805s Version: 3 (0x2) 805s Serial Number: 4 (0x4) 805s Signature Algorithm: sha256WithRSAEncryption 805s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate CA 805s Validity 805s Not Before: Nov 29 21:11:39 2024 GMT 805s Not After : Nov 29 21:11:39 2025 GMT 805s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate Trusted Certificate 0001 805s Subject Public Key Info: 805s Public Key Algorithm: rsaEncryption 805s Public-Key: (1024 bit) 805s Modulus: 805s 00:a7:49:bc:0a:c8:36:d1:d9:06:11:d9:ec:c3:1b: 805s 2e:5b:db:de:ee:3d:e1:ae:73:68:bc:30:76:0e:c7: 805s 1f:b9:89:34:d7:71:3a:98:1f:c9:6e:d2:12:82:64: 805s 93:4a:11:4d:f6:e6:5b:a3:cb:7a:1e:83:79:67:71: 805s 96:be:d8:62:16:75:ac:26:4e:4e:43:bb:dd:fb:48: 805s 85:7f:0c:96:96:13:91:fb:4f:6f:d1:77:10:0a:6e: 805s de:b8:56:93:26:7d:e9:f2:fe:98:0c:29:e8:33:f3: 805s ba:b0:9e:5d:5b:c0:c5:96:26:f8:67:a8:22:ee:b6: 805s 23:89:45:10:fd:41:05:3a:7b 805s Exponent: 65537 (0x10001) 805s X509v3 extensions: 805s X509v3 Authority Key Identifier: 805s 82:A1:64:76:5B:87:8B:6F:11:25:51:41:04:15:8F:83:46:EA:1E:A5 805s X509v3 Basic Constraints: 805s CA:FALSE 805s Netscape Cert Type: 805s SSL Client, S/MIME 805s Netscape Comment: 805s Test Organization Intermediate CA trusted Certificate 805s X509v3 Subject Key Identifier: 805s F5:B3:7E:9D:EB:BA:5D:04:CD:34:DA:B7:C8:00:71:D1:DE:DE:FE:42 805s X509v3 Key Usage: critical 805s Digital Signature, Non Repudiation, Key Encipherment 805s X509v3 Extended Key Usage: 805s TLS Web Client Authentication, E-mail Protection 805s X509v3 Subject Alternative Name: 805s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 805s Signature Algorithm: sha256WithRSAEncryption 805s Signature Value: 805s 43:ae:84:5f:3d:a5:12:39:1b:12:38:a1:c3:55:2a:d8:ef:55: 805s e3:8f:37:b7:14:bb:58:ff:a5:29:71:39:0d:7e:66:74:fa:13: 805s 2a:56:3e:d4:2e:bc:13:48:99:9a:4f:85:ad:ce:05:1b:8a:77: 805s 94:64:82:3e:03:dd:04:2a:12:b9:d1:96:7f:54:f1:5e:c6:d3: 805s 84:43:82:1c:41:2a:ef:bb:b7:28:4a:68:60:54:41:22:fd:b3: 805s eb:11:5e:f0:26:91:fd:b2:23:c4:27:5f:fb:4a:49:c9:20:b3: 805s a7:ad:3a:34:f0:bd:06:21:14:b9:8b:d6:0a:37:ac:72:60:6b: 805s 95:98 805s + local found_md5 expected_md5 805s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-E5oH29/test-intermediate-CA-trusted-certificate-0001.pem 805s + expected_md5=Modulus=A749BC0AC836D1D90611D9ECC31B2E5BDBDEEE3DE1AE7368BC30760EC71FB98934D7713A981FC96ED2128264934A114DF6E65BA3CB7A1E8379677196BED8621675AC264E4E43BBDDFB48857F0C96961391FB4F6FD177100A6EDEB85693267DE9F2FE980C29E833F3BAB09E5D5BC0C59626F867A822EEB623894510FD41053A7B 805s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-E5oH29/SSSD-child-24484.pem 805s + found_md5=Modulus=A749BC0AC836D1D90611D9ECC31B2E5BDBDEEE3DE1AE7368BC30760EC71FB98934D7713A981FC96ED2128264934A114DF6E65BA3CB7A1E8379677196BED8621675AC264E4E43BBDDFB48857F0C96961391FB4F6FD177100A6EDEB85693267DE9F2FE980C29E833F3BAB09E5D5BC0C59626F867A822EEB623894510FD41053A7B 805s + '[' Modulus=A749BC0AC836D1D90611D9ECC31B2E5BDBDEEE3DE1AE7368BC30760EC71FB98934D7713A981FC96ED2128264934A114DF6E65BA3CB7A1E8379677196BED8621675AC264E4E43BBDDFB48857F0C96961391FB4F6FD177100A6EDEB85693267DE9F2FE980C29E833F3BAB09E5D5BC0C59626F867A822EEB623894510FD41053A7B '!=' Modulus=A749BC0AC836D1D90611D9ECC31B2E5BDBDEEE3DE1AE7368BC30760EC71FB98934D7713A981FC96ED2128264934A114DF6E65BA3CB7A1E8379677196BED8621675AC264E4E43BBDDFB48857F0C96961391FB4F6FD177100A6EDEB85693267DE9F2FE980C29E833F3BAB09E5D5BC0C59626F867A822EEB623894510FD41053A7B ']' 805s + output_file=/tmp/sssd-softhsm2-E5oH29/SSSD-child-24484-auth.output 805s ++ basename /tmp/sssd-softhsm2-E5oH29/SSSD-child-24484-auth.output .output 805s + output_cert_file=/tmp/sssd-softhsm2-E5oH29/SSSD-child-24484-auth.pem 805s + echo -n 053350 805s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/dev/null --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 --verify=no_verification --token_name 'Test Organization Interme Token' --module_name /usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so 805s [p11_child[1684]] [main] (0x0400): p11_child started. 805s [p11_child[1684]] [main] (0x2000): Running in [auth] mode. 805s [p11_child[1684]] [main] (0x2000): Running with effective IDs: [0][0]. 805s [p11_child[1684]] [main] (0x2000): Running with real IDs [0][0]. 805s [p11_child[1684]] [parse_cert_verify_opts] (0x0020): Found 'no_verification' option, disabling verification completely. This should not be used in production. 805s [p11_child[1684]] [do_card] (0x4000): Module List: 805s [p11_child[1684]] [do_card] (0x4000): common name: [softhsm2]. 805s [p11_child[1684]] [do_card] (0x4000): dll name: [/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so]. 805s [p11_child[1684]] [do_card] (0x4000): Description [SoftHSM slot ID 0x5ca17e61] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 805s [p11_child[1684]] [do_card] (0x4000): Token label [Test Organization Interme Token]. 805s [p11_child[1684]] [do_card] (0x4000): Found [Test Organization Interme Token] in slot [SoftHSM slot ID 0x5ca17e61][1554087521] of module [0][/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so]. 805s [p11_child[1684]] [do_card] (0x4000): Login required. 805s [p11_child[1684]] [read_certs] (0x4000): found cert[Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] 805s [p11_child[1684]] [do_card] (0x4000): /usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so /usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so Test Organization Interme Token Test Organization Interme Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 805s [p11_child[1684]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x5ca17e61;slot-manufacturer=SoftHSM%20project;slot-id=1554087521;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=8383cd73dca17e61;token=Test%20Organization%20Interme%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Intermediate%20Trusted%20Certificate%200001;type=cert. 805s [p11_child[1684]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 805s [p11_child[1684]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 805s [p11_child[1684]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 805s [p11_child[1684]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 805s [p11_child[1684]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 805s [p11_child[1684]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 805s [p11_child[1684]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 805s [p11_child[1684]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 805s [p11_child[1684]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 805s [p11_child[1684]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 805s [p11_child[1684]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 805s [p11_child[1684]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 805s [p11_child[1684]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 805s [p11_child[1684]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 805s [p11_child[1684]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 805s [p11_child[1684]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 805s [p11_child[1684]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 805s [p11_child[1684]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 805s [p11_child[1684]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 805s [p11_child[1684]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 805s [p11_child[1684]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 805s [p11_child[1684]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 805s [p11_child[1684]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 805s [p11_child[1684]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 805s [p11_child[1684]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 805s [p11_child[1684]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 805s [p11_child[1684]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 805s [p11_child[1684]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 805s [p11_child[1684]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 805s [p11_child[1684]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 805s [p11_child[1684]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 805s [p11_child[1684]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 805s [p11_child[1684]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 805s [p11_child[1684]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 805s [p11_child[1684]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 805s [p11_child[1684]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 805s [p11_child[1684]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 805s [p11_child[1684]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 805s [p11_child[1684]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 805s [p11_child[1684]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 805s [p11_child[1684]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 805s [p11_child[1684]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 805s [p11_child[1684]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 805s [p11_child[1684]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 805s [p11_child[1684]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 805s [p11_child[1684]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 805s [p11_child[1684]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 805s [p11_child[1684]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 805s [p11_child[1684]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 805s [p11_child[1684]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 805s [p11_child[1684]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 805s [p11_child[1684]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 805s [p11_child[1684]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 805s [p11_child[1684]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 805s [p11_child[1684]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 805s [p11_child[1684]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 805s [p11_child[1684]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 805s [p11_child[1684]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 805s [p11_child[1684]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 805s [p11_child[1684]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 805s [p11_child[1684]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 805s [p11_child[1684]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 805s [p11_child[1684]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 805s [p11_child[1684]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 805s [p11_child[1684]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 805s [p11_child[1684]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 805s [p11_child[1684]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 805s [p11_child[1684]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 805s [p11_child[1684]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 805s [p11_child[1684]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 805s [p11_child[1684]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 805s [p11_child[1684]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 805s [p11_child[1684]] [do_card] (0x4000): Certificate verified and validated. 805s [p11_child[1684]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 805s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-E5oH29/SSSD-child-24484-auth.output 805s + echo '-----BEGIN CERTIFICATE-----' 805s + tail -n1 /tmp/sssd-softhsm2-E5oH29/SSSD-child-24484-auth.output 805s + echo '-----END CERTIFICATE-----' 805s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-E5oH29/SSSD-child-24484-auth.pem 805s Certificate: 805s Data: 805s Version: 3 (0x2) 805s Serial Number: 4 (0x4) 805s Signature Algorithm: sha256WithRSAEncryption 805s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate CA 805s Validity 805s Not Before: Nov 29 21:11:39 2024 GMT 805s Not After : Nov 29 21:11:39 2025 GMT 805s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate Trusted Certificate 0001 805s Subject Public Key Info: 805s Public Key Algorithm: rsaEncryption 805s Public-Key: (1024 bit) 805s Modulus: 805s 00:a7:49:bc:0a:c8:36:d1:d9:06:11:d9:ec:c3:1b: 805s 2e:5b:db:de:ee:3d:e1:ae:73:68:bc:30:76:0e:c7: 805s 1f:b9:89:34:d7:71:3a:98:1f:c9:6e:d2:12:82:64: 805s 93:4a:11:4d:f6:e6:5b:a3:cb:7a:1e:83:79:67:71: 805s 96:be:d8:62:16:75:ac:26:4e:4e:43:bb:dd:fb:48: 805s 85:7f:0c:96:96:13:91:fb:4f:6f:d1:77:10:0a:6e: 805s de:b8:56:93:26:7d:e9:f2:fe:98:0c:29:e8:33:f3: 805s ba:b0:9e:5d:5b:c0:c5:96:26:f8:67:a8:22:ee:b6: 805s 23:89:45:10:fd:41:05:3a:7b 805s Exponent: 65537 (0x10001) 805s X509v3 extensions: 805s X509v3 Authority Key Identifier: 805s 82:A1:64:76:5B:87:8B:6F:11:25:51:41:04:15:8F:83:46:EA:1E:A5 805s X509v3 Basic Constraints: 805s CA:FALSE 805s Netscape Cert Type: 805s SSL Client, S/MIME 805s Netscape Comment: 805s Test Organization Intermediate CA trusted Certificate 805s X509v3 Subject Key Identifier: 805s F5:B3:7E:9D:EB:BA:5D:04:CD:34:DA:B7:C8:00:71:D1:DE:DE:FE:42 805s X509v3 Key Usage: critical 805s Digital Signature, Non Repudiation, Key Encipherment 805s X509v3 Extended Key Usage: 805s TLS Web Client Authentication, E-mail Protection 805s X509v3 Subject Alternative Name: 805s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 805s Signature Algorithm: sha256WithRSAEncryption 805s Signature Value: 805s 43:ae:84:5f:3d:a5:12:39:1b:12:38:a1:c3:55:2a:d8:ef:55: 805s e3:8f:37:b7:14:bb:58:ff:a5:29:71:39:0d:7e:66:74:fa:13: 805s 2a:56:3e:d4:2e:bc:13:48:99:9a:4f:85:ad:ce:05:1b:8a:77: 805s 94:64:82:3e:03:dd:04:2a:12:b9:d1:96:7f:54:f1:5e:c6:d3: 805s 84:43:82:1c:41:2a:ef:bb:b7:28:4a:68:60:54:41:22:fd:b3: 805s eb:11:5e:f0:26:91:fd:b2:23:c4:27:5f:fb:4a:49:c9:20:b3: 805s a7:ad:3a:34:f0:bd:06:21:14:b9:8b:d6:0a:37:ac:72:60:6b: 805s 95:98 805s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-E5oH29/SSSD-child-24484-auth.pem 806s + found_md5=Modulus=A749BC0AC836D1D90611D9ECC31B2E5BDBDEEE3DE1AE7368BC30760EC71FB98934D7713A981FC96ED2128264934A114DF6E65BA3CB7A1E8379677196BED8621675AC264E4E43BBDDFB48857F0C96961391FB4F6FD177100A6EDEB85693267DE9F2FE980C29E833F3BAB09E5D5BC0C59626F867A822EEB623894510FD41053A7B 806s + '[' Modulus=A749BC0AC836D1D90611D9ECC31B2E5BDBDEEE3DE1AE7368BC30760EC71FB98934D7713A981FC96ED2128264934A114DF6E65BA3CB7A1E8379677196BED8621675AC264E4E43BBDDFB48857F0C96961391FB4F6FD177100A6EDEB85693267DE9F2FE980C29E833F3BAB09E5D5BC0C59626F867A822EEB623894510FD41053A7B '!=' Modulus=A749BC0AC836D1D90611D9ECC31B2E5BDBDEEE3DE1AE7368BC30760EC71FB98934D7713A981FC96ED2128264934A114DF6E65BA3CB7A1E8379677196BED8621675AC264E4E43BBDDFB48857F0C96961391FB4F6FD177100A6EDEB85693267DE9F2FE980C29E833F3BAB09E5D5BC0C59626F867A822EEB623894510FD41053A7B ']' 806s + invalid_certificate /tmp/sssd-softhsm2-E5oH29/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-5509 /tmp/sssd-softhsm2-E5oH29/test-root-CA.pem 806s + check_certificate /tmp/sssd-softhsm2-E5oH29/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-5509 /tmp/sssd-softhsm2-E5oH29/test-root-CA.pem 806s + local certificate=/tmp/sssd-softhsm2-E5oH29/test-intermediate-CA-trusted-certificate-0001.pem 806s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-5509 806s + local key_ring=/tmp/sssd-softhsm2-E5oH29/test-root-CA.pem 806s + local verify_option= 806s + prepare_softhsm2_card /tmp/sssd-softhsm2-E5oH29/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-5509 806s + local certificate=/tmp/sssd-softhsm2-E5oH29/test-intermediate-CA-trusted-certificate-0001.pem 806s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-5509 806s + local key_cn 806s + local key_name 806s + local tokens_dir 806s + local output_cert_file 806s + token_name= 806s ++ basename /tmp/sssd-softhsm2-E5oH29/test-intermediate-CA-trusted-certificate-0001.pem .pem 806s + key_name=test-intermediate-CA-trusted-certificate-0001 806s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-E5oH29/test-intermediate-CA-trusted-certificate-0001.pem 806s ++ sed -n 's/ *commonName *= //p' 806s + key_cn='Test Organization Intermediate Trusted Certificate 0001' 806s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 806s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-E5oH29/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 806s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-E5oH29/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 806s Test Organization Interme Token 806s ++ basename /tmp/sssd-softhsm2-E5oH29/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf .conf 806s + tokens_dir=/tmp/sssd-softhsm2-E5oH29/softhsm2-test-intermediate-CA-trusted-certificate-0001 806s + token_name='Test Organization Interme Token' 806s + '[' '!' -e /tmp/sssd-softhsm2-E5oH29/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf ']' 806s + '[' '!' -d /tmp/sssd-softhsm2-E5oH29/softhsm2-test-intermediate-CA-trusted-certificate-0001 ']' 806s + echo 'Test Organization Interme Token' 806s + '[' -n '' ']' 806s + local output_base_name=SSSD-child-10683 806s + local output_file=/tmp/sssd-softhsm2-E5oH29/SSSD-child-10683.output 806s + output_cert_file=/tmp/sssd-softhsm2-E5oH29/SSSD-child-10683.pem 806s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so '' --ca_db=/tmp/sssd-softhsm2-E5oH29/test-root-CA.pem 806s [p11_child[1694]] [main] (0x0400): p11_child started. 806s [p11_child[1694]] [main] (0x2000): Running in [pre-auth] mode. 806s [p11_child[1694]] [main] (0x2000): Running with effective IDs: [0][0]. 806s [p11_child[1694]] [main] (0x2000): Running with real IDs [0][0]. 806s [p11_child[1694]] [do_card] (0x4000): Module List: 806s [p11_child[1694]] [do_card] (0x4000): common name: [softhsm2]. 806s [p11_child[1694]] [do_card] (0x4000): dll name: [/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so]. 806s [p11_child[1694]] [do_card] (0x4000): Description [SoftHSM slot ID 0x5ca17e61] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 806s [p11_child[1694]] [do_card] (0x4000): Token label [Test Organization Interme Token]. 806s [p11_child[1694]] [do_card] (0x4000): Found [Test Organization Interme Token] in slot [SoftHSM slot ID 0x5ca17e61][1554087521] of module [0][/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so]. 806s [p11_child[1694]] [do_card] (0x4000): Login NOT required. 806s [p11_child[1694]] [read_certs] (0x4000): found cert[Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] 806s [p11_child[1694]] [do_verification] (0x0040): X509_verify_cert failed [0]. 806s [p11_child[1694]] [do_verification] (0x0040): X509_verify_cert failed [20][unable to get local issuer certificate]. 806s [p11_child[1694]] [read_certs] (0x0040): Certificate [Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] not valid, skipping. 806s [p11_child[1694]] [do_card] (0x4000): No certificate found. 806s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-E5oH29/SSSD-child-10683.output 806s + return 2 806s + invalid_certificate /tmp/sssd-softhsm2-E5oH29/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-5509 /tmp/sssd-softhsm2-E5oH29/test-root-CA.pem partial_chain 806s + check_certificate /tmp/sssd-softhsm2-E5oH29/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-5509 /tmp/sssd-softhsm2-E5oH29/test-root-CA.pem partial_chain 806s + local certificate=/tmp/sssd-softhsm2-E5oH29/test-intermediate-CA-trusted-certificate-0001.pem 806s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-5509 806s + local key_ring=/tmp/sssd-softhsm2-E5oH29/test-root-CA.pem 806s + local verify_option=partial_chain 806s + prepare_softhsm2_card /tmp/sssd-softhsm2-E5oH29/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-5509 806s + local certificate=/tmp/sssd-softhsm2-E5oH29/test-intermediate-CA-trusted-certificate-0001.pem 806s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-5509 806s + local key_cn 806s + local key_name 806s + local tokens_dir 806s + local output_cert_file 806s + token_name= 806s ++ basename /tmp/sssd-softhsm2-E5oH29/test-intermediate-CA-trusted-certificate-0001.pem .pem 806s + key_name=test-intermediate-CA-trusted-certificate-0001 806s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-E5oH29/test-intermediate-CA-trusted-certificate-0001.pem 806s ++ sed -n 's/ *commonName *= //p' 806s + key_cn='Test Organization Intermediate Trusted Certificate 0001' 806s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 806s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-E5oH29/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 806s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-E5oH29/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 806s ++ basename /tmp/sssd-softhsm2-E5oH29/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf .conf 806s + tokens_dir=/tmp/sssd-softhsm2-E5oH29/softhsm2-test-intermediate-CA-trusted-certificate-0001 806s + token_name='Test Organization Interme Token' 806s + '[' '!' -e /tmp/sssd-softhsm2-E5oH29/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf ']' 806s + '[' '!' -d /tmp/sssd-softhsm2-E5oH29/softhsm2-test-intermediate-CA-trusted-certificate-0001 ']' 806s + echo 'Test Organization Interme Token' 806s + '[' -n partial_chain ']' 806s + local verify_arg=--verify=partial_chain 806s + local output_base_name=SSSD-child-28783 806s + local output_file=/tmp/sssd-softhsm2-E5oH29/SSSD-child-28783.output 806s + output_cert_file=/tmp/sssd-softhsm2-E5oH29/SSSD-child-28783.pem 806s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so --verify=partial_chain --ca_db=/tmp/sssd-softhsm2-E5oH29/test-root-CA.pem 806s Test Organization Interme Token 806s [p11_child[1701]] [main] (0x0400): p11_child started. 806s [p11_child[1701]] [main] (0x2000): Running in [pre-auth] mode. 806s [p11_child[1701]] [main] (0x2000): Running with effective IDs: [0][0]. 806s [p11_child[1701]] [main] (0x2000): Running with real IDs [0][0]. 806s [p11_child[1701]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 806s [p11_child[1701]] [do_card] (0x4000): Module List: 806s [p11_child[1701]] [do_card] (0x4000): common name: [softhsm2]. 806s [p11_child[1701]] [do_card] (0x4000): dll name: [/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so]. 806s [p11_child[1701]] [do_card] (0x4000): Description [SoftHSM slot ID 0x5ca17e61] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 806s [p11_child[1701]] [do_card] (0x4000): Token label [Test Organization Interme Token]. 806s [p11_child[1701]] [do_card] (0x4000): Found [Test Organization Interme Token] in slot [SoftHSM slot ID 0x5ca17e61][1554087521] of module [0][/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so]. 806s [p11_child[1701]] [do_card] (0x4000): Login NOT required. 806s [p11_child[1701]] [read_certs] (0x4000): found cert[Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] 806s [p11_child[1701]] [do_verification] (0x0040): X509_verify_cert failed [0]. 806s [p11_child[1701]] [do_verification] (0x0040): X509_verify_cert failed [20][unable to get local issuer certificate]. 806s [p11_child[1701]] [read_certs] (0x0040): Certificate [Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] not valid, skipping. 806s [p11_child[1701]] [do_card] (0x4000): No certificate found. 806s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-E5oH29/SSSD-child-28783.output 806s + return 2 806s + valid_certificate /tmp/sssd-softhsm2-E5oH29/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-5509 /tmp/sssd-softhsm2-E5oH29/test-full-chain-CA.pem 806s + check_certificate /tmp/sssd-softhsm2-E5oH29/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-5509 /tmp/sssd-softhsm2-E5oH29/test-full-chain-CA.pem 806s + local certificate=/tmp/sssd-softhsm2-E5oH29/test-intermediate-CA-trusted-certificate-0001.pem 806s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-5509 806s + local key_ring=/tmp/sssd-softhsm2-E5oH29/test-full-chain-CA.pem 806s + local verify_option= 806s + prepare_softhsm2_card /tmp/sssd-softhsm2-E5oH29/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-5509 806s + local certificate=/tmp/sssd-softhsm2-E5oH29/test-intermediate-CA-trusted-certificate-0001.pem 806s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-5509 806s + local key_cn 806s + local key_name 806s + local tokens_dir 806s + local output_cert_file 806s + token_name= 806s ++ basename /tmp/sssd-softhsm2-E5oH29/test-intermediate-CA-trusted-certificate-0001.pem .pem 806s + key_name=test-intermediate-CA-trusted-certificate-0001 806s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-E5oH29/test-intermediate-CA-trusted-certificate-0001.pem 806s ++ sed -n 's/ *commonName *= //p' 806s + key_cn='Test Organization Intermediate Trusted Certificate 0001' 806s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 806s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-E5oH29/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 806s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-E5oH29/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 806s ++ basename /tmp/sssd-softhsm2-E5oH29/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf .conf 806s Test Organization Interme Token 806s + tokens_dir=/tmp/sssd-softhsm2-E5oH29/softhsm2-test-intermediate-CA-trusted-certificate-0001 806s + token_name='Test Organization Interme Token' 806s + '[' '!' -e /tmp/sssd-softhsm2-E5oH29/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf ']' 806s + '[' '!' -d /tmp/sssd-softhsm2-E5oH29/softhsm2-test-intermediate-CA-trusted-certificate-0001 ']' 806s + echo 'Test Organization Interme Token' 806s + '[' -n '' ']' 806s + local output_base_name=SSSD-child-15986 806s + local output_file=/tmp/sssd-softhsm2-E5oH29/SSSD-child-15986.output 806s + output_cert_file=/tmp/sssd-softhsm2-E5oH29/SSSD-child-15986.pem 806s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so '' --ca_db=/tmp/sssd-softhsm2-E5oH29/test-full-chain-CA.pem 806s [p11_child[1708]] [main] (0x0400): p11_child started. 806s [p11_child[1708]] [main] (0x2000): Running in [pre-auth] mode. 806s [p11_child[1708]] [main] (0x2000): Running with effective IDs: [0][0]. 806s [p11_child[1708]] [main] (0x2000): Running with real IDs [0][0]. 806s [p11_child[1708]] [do_card] (0x4000): Module List: 806s [p11_child[1708]] [do_card] (0x4000): common name: [softhsm2]. 806s [p11_child[1708]] [do_card] (0x4000): dll name: [/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so]. 806s [p11_child[1708]] [do_card] (0x4000): Description [SoftHSM slot ID 0x5ca17e61] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 806s [p11_child[1708]] [do_card] (0x4000): Token label [Test Organization Interme Token]. 806s [p11_child[1708]] [do_card] (0x4000): Found [Test Organization Interme Token] in slot [SoftHSM slot ID 0x5ca17e61][1554087521] of module [0][/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so]. 806s [p11_child[1708]] [do_card] (0x4000): Login NOT required. 806s [p11_child[1708]] [read_certs] (0x4000): found cert[Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] 806s [p11_child[1708]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 806s [p11_child[1708]] [do_card] (0x4000): /usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so /usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so (null) Test Organization Interme Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 806s [p11_child[1708]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x5ca17e61;slot-manufacturer=SoftHSM%20project;slot-id=1554087521;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=8383cd73dca17e61;token=Test%20Organization%20Interme%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Intermediate%20Trusted%20Certificate%200001;type=cert. 806s [p11_child[1708]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 806s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-E5oH29/SSSD-child-15986.output 806s + echo '-----BEGIN CERTIFICATE-----' 806s + tail -n1 /tmp/sssd-softhsm2-E5oH29/SSSD-child-15986.output 806s + echo '-----END CERTIFICATE-----' 806s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-E5oH29/SSSD-child-15986.pem 806s Certificate: 806s Data: 806s Version: 3 (0x2) 806s Serial Number: 4 (0x4) 806s Signature Algorithm: sha256WithRSAEncryption 806s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate CA 806s Validity 806s Not Before: Nov 29 21:11:39 2024 GMT 806s Not After : Nov 29 21:11:39 2025 GMT 806s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate Trusted Certificate 0001 806s Subject Public Key Info: 806s Public Key Algorithm: rsaEncryption 806s Public-Key: (1024 bit) 806s Modulus: 806s 00:a7:49:bc:0a:c8:36:d1:d9:06:11:d9:ec:c3:1b: 806s 2e:5b:db:de:ee:3d:e1:ae:73:68:bc:30:76:0e:c7: 806s 1f:b9:89:34:d7:71:3a:98:1f:c9:6e:d2:12:82:64: 806s 93:4a:11:4d:f6:e6:5b:a3:cb:7a:1e:83:79:67:71: 806s 96:be:d8:62:16:75:ac:26:4e:4e:43:bb:dd:fb:48: 806s 85:7f:0c:96:96:13:91:fb:4f:6f:d1:77:10:0a:6e: 806s de:b8:56:93:26:7d:e9:f2:fe:98:0c:29:e8:33:f3: 806s ba:b0:9e:5d:5b:c0:c5:96:26:f8:67:a8:22:ee:b6: 806s 23:89:45:10:fd:41:05:3a:7b 806s Exponent: 65537 (0x10001) 806s X509v3 extensions: 806s X509v3 Authority Key Identifier: 806s 82:A1:64:76:5B:87:8B:6F:11:25:51:41:04:15:8F:83:46:EA:1E:A5 806s X509v3 Basic Constraints: 806s CA:FALSE 806s Netscape Cert Type: 806s SSL Client, S/MIME 806s Netscape Comment: 806s Test Organization Intermediate CA trusted Certificate 806s X509v3 Subject Key Identifier: 806s F5:B3:7E:9D:EB:BA:5D:04:CD:34:DA:B7:C8:00:71:D1:DE:DE:FE:42 806s X509v3 Key Usage: critical 806s Digital Signature, Non Repudiation, Key Encipherment 806s X509v3 Extended Key Usage: 806s TLS Web Client Authentication, E-mail Protection 806s X509v3 Subject Alternative Name: 806s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 806s Signature Algorithm: sha256WithRSAEncryption 806s Signature Value: 806s 43:ae:84:5f:3d:a5:12:39:1b:12:38:a1:c3:55:2a:d8:ef:55: 806s e3:8f:37:b7:14:bb:58:ff:a5:29:71:39:0d:7e:66:74:fa:13: 806s 2a:56:3e:d4:2e:bc:13:48:99:9a:4f:85:ad:ce:05:1b:8a:77: 806s 94:64:82:3e:03:dd:04:2a:12:b9:d1:96:7f:54:f1:5e:c6:d3: 806s 84:43:82:1c:41:2a:ef:bb:b7:28:4a:68:60:54:41:22:fd:b3: 806s eb:11:5e:f0:26:91:fd:b2:23:c4:27:5f:fb:4a:49:c9:20:b3: 806s a7:ad:3a:34:f0:bd:06:21:14:b9:8b:d6:0a:37:ac:72:60:6b: 806s 95:98 806s + local found_md5 expected_md5 806s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-E5oH29/test-intermediate-CA-trusted-certificate-0001.pem 806s + expected_md5=Modulus=A749BC0AC836D1D90611D9ECC31B2E5BDBDEEE3DE1AE7368BC30760EC71FB98934D7713A981FC96ED2128264934A114DF6E65BA3CB7A1E8379677196BED8621675AC264E4E43BBDDFB48857F0C96961391FB4F6FD177100A6EDEB85693267DE9F2FE980C29E833F3BAB09E5D5BC0C59626F867A822EEB623894510FD41053A7B 806s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-E5oH29/SSSD-child-15986.pem 806s + found_md5=Modulus=A749BC0AC836D1D90611D9ECC31B2E5BDBDEEE3DE1AE7368BC30760EC71FB98934D7713A981FC96ED2128264934A114DF6E65BA3CB7A1E8379677196BED8621675AC264E4E43BBDDFB48857F0C96961391FB4F6FD177100A6EDEB85693267DE9F2FE980C29E833F3BAB09E5D5BC0C59626F867A822EEB623894510FD41053A7B 806s + '[' Modulus=A749BC0AC836D1D90611D9ECC31B2E5BDBDEEE3DE1AE7368BC30760EC71FB98934D7713A981FC96ED2128264934A114DF6E65BA3CB7A1E8379677196BED8621675AC264E4E43BBDDFB48857F0C96961391FB4F6FD177100A6EDEB85693267DE9F2FE980C29E833F3BAB09E5D5BC0C59626F867A822EEB623894510FD41053A7B '!=' Modulus=A749BC0AC836D1D90611D9ECC31B2E5BDBDEEE3DE1AE7368BC30760EC71FB98934D7713A981FC96ED2128264934A114DF6E65BA3CB7A1E8379677196BED8621675AC264E4E43BBDDFB48857F0C96961391FB4F6FD177100A6EDEB85693267DE9F2FE980C29E833F3BAB09E5D5BC0C59626F867A822EEB623894510FD41053A7B ']' 806s + output_file=/tmp/sssd-softhsm2-E5oH29/SSSD-child-15986-auth.output 806s ++ basename /tmp/sssd-softhsm2-E5oH29/SSSD-child-15986-auth.output .output 806s + output_cert_file=/tmp/sssd-softhsm2-E5oH29/SSSD-child-15986-auth.pem 806s + echo -n 053350 806s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/tmp/sssd-softhsm2-E5oH29/test-full-chain-CA.pem --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 '' --token_name 'Test Organization Interme Token' --module_name /usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so 806s [p11_child[1716]] [main] (0x0400): p11_child started. 806s [p11_child[1716]] [main] (0x2000): Running in [auth] mode. 806s [p11_child[1716]] [main] (0x2000): Running with effective IDs: [0][0]. 806s [p11_child[1716]] [main] (0x2000): Running with real IDs [0][0]. 806s [p11_child[1716]] [do_card] (0x4000): Module List: 806s [p11_child[1716]] [do_card] (0x4000): common name: [softhsm2]. 806s [p11_child[1716]] [do_card] (0x4000): dll name: [/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so]. 806s [p11_child[1716]] [do_card] (0x4000): Description [SoftHSM slot ID 0x5ca17e61] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 806s [p11_child[1716]] [do_card] (0x4000): Token label [Test Organization Interme Token]. 806s [p11_child[1716]] [do_card] (0x4000): Found [Test Organization Interme Token] in slot [SoftHSM slot ID 0x5ca17e61][1554087521] of module [0][/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so]. 806s [p11_child[1716]] [do_card] (0x4000): Login required. 806s [p11_child[1716]] [read_certs] (0x4000): found cert[Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] 806s [p11_child[1716]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 806s [p11_child[1716]] [do_card] (0x4000): /usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so /usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so Test Organization Interme Token Test Organization Interme Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 806s [p11_child[1716]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x5ca17e61;slot-manufacturer=SoftHSM%20project;slot-id=1554087521;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=8383cd73dca17e61;token=Test%20Organization%20Interme%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Intermediate%20Trusted%20Certificate%200001;type=cert. 806s [p11_child[1716]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 806s [p11_child[1716]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 806s [p11_child[1716]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 806s [p11_child[1716]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 806s [p11_child[1716]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 806s [p11_child[1716]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 806s [p11_child[1716]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 806s [p11_child[1716]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 806s [p11_child[1716]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 806s [p11_child[1716]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 806s [p11_child[1716]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 806s [p11_child[1716]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 806s [p11_child[1716]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 806s [p11_child[1716]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 806s [p11_child[1716]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 806s [p11_child[1716]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 806s [p11_child[1716]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 806s [p11_child[1716]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 806s [p11_child[1716]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 806s [p11_child[1716]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 806s [p11_child[1716]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 806s [p11_child[1716]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 806s [p11_child[1716]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 806s [p11_child[1716]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 806s [p11_child[1716]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 806s [p11_child[1716]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 806s [p11_child[1716]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 806s [p11_child[1716]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 806s [p11_child[1716]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 806s [p11_child[1716]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 806s [p11_child[1716]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 806s [p11_child[1716]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 806s [p11_child[1716]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 806s [p11_child[1716]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 806s [p11_child[1716]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 806s [p11_child[1716]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 806s [p11_child[1716]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 806s [p11_child[1716]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 806s [p11_child[1716]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 806s [p11_child[1716]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 806s [p11_child[1716]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 806s [p11_child[1716]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 806s [p11_child[1716]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 806s [p11_child[1716]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 806s [p11_child[1716]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 806s [p11_child[1716]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 806s [p11_child[1716]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 806s [p11_child[1716]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 806s [p11_child[1716]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 806s [p11_child[1716]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 806s [p11_child[1716]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 806s [p11_child[1716]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 806s [p11_child[1716]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 806s [p11_child[1716]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 806s [p11_child[1716]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 806s [p11_child[1716]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 806s [p11_child[1716]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 806s [p11_child[1716]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 806s [p11_child[1716]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 806s [p11_child[1716]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 806s [p11_child[1716]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 806s [p11_child[1716]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 806s [p11_child[1716]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 806s [p11_child[1716]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 806s [p11_child[1716]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 806s [p11_child[1716]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 806s [p11_child[1716]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 806s [p11_child[1716]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 806s [p11_child[1716]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 806s [p11_child[1716]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 806s [p11_child[1716]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 806s [p11_child[1716]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 806s [p11_child[1716]] [do_card] (0x4000): Certificate verified and validated. 806s [p11_child[1716]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 806s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-E5oH29/SSSD-child-15986-auth.output 806s + echo '-----BEGIN CERTIFICATE-----' 806s + tail -n1 /tmp/sssd-softhsm2-E5oH29/SSSD-child-15986-auth.output 806s + echo '-----END CERTIFICATE-----' 806s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-E5oH29/SSSD-child-15986-auth.pem 806s Certificate: 806s Data: 806s Version: 3 (0x2) 806s Serial Number: 4 (0x4) 806s Signature Algorithm: sha256WithRSAEncryption 806s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate CA 806s Validity 806s Not Before: Nov 29 21:11:39 2024 GMT 806s Not After : Nov 29 21:11:39 2025 GMT 806s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate Trusted Certificate 0001 806s Subject Public Key Info: 806s Public Key Algorithm: rsaEncryption 806s Public-Key: (1024 bit) 806s Modulus: 806s 00:a7:49:bc:0a:c8:36:d1:d9:06:11:d9:ec:c3:1b: 806s 2e:5b:db:de:ee:3d:e1:ae:73:68:bc:30:76:0e:c7: 806s 1f:b9:89:34:d7:71:3a:98:1f:c9:6e:d2:12:82:64: 806s 93:4a:11:4d:f6:e6:5b:a3:cb:7a:1e:83:79:67:71: 806s 96:be:d8:62:16:75:ac:26:4e:4e:43:bb:dd:fb:48: 806s 85:7f:0c:96:96:13:91:fb:4f:6f:d1:77:10:0a:6e: 806s de:b8:56:93:26:7d:e9:f2:fe:98:0c:29:e8:33:f3: 806s ba:b0:9e:5d:5b:c0:c5:96:26:f8:67:a8:22:ee:b6: 806s 23:89:45:10:fd:41:05:3a:7b 806s Exponent: 65537 (0x10001) 806s X509v3 extensions: 806s X509v3 Authority Key Identifier: 806s 82:A1:64:76:5B:87:8B:6F:11:25:51:41:04:15:8F:83:46:EA:1E:A5 806s X509v3 Basic Constraints: 806s CA:FALSE 806s Netscape Cert Type: 806s SSL Client, S/MIME 806s Netscape Comment: 806s Test Organization Intermediate CA trusted Certificate 806s X509v3 Subject Key Identifier: 806s F5:B3:7E:9D:EB:BA:5D:04:CD:34:DA:B7:C8:00:71:D1:DE:DE:FE:42 806s X509v3 Key Usage: critical 806s Digital Signature, Non Repudiation, Key Encipherment 806s X509v3 Extended Key Usage: 806s TLS Web Client Authentication, E-mail Protection 806s X509v3 Subject Alternative Name: 806s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 806s Signature Algorithm: sha256WithRSAEncryption 806s Signature Value: 806s 43:ae:84:5f:3d:a5:12:39:1b:12:38:a1:c3:55:2a:d8:ef:55: 806s e3:8f:37:b7:14:bb:58:ff:a5:29:71:39:0d:7e:66:74:fa:13: 806s 2a:56:3e:d4:2e:bc:13:48:99:9a:4f:85:ad:ce:05:1b:8a:77: 806s 94:64:82:3e:03:dd:04:2a:12:b9:d1:96:7f:54:f1:5e:c6:d3: 806s 84:43:82:1c:41:2a:ef:bb:b7:28:4a:68:60:54:41:22:fd:b3: 806s eb:11:5e:f0:26:91:fd:b2:23:c4:27:5f:fb:4a:49:c9:20:b3: 806s a7:ad:3a:34:f0:bd:06:21:14:b9:8b:d6:0a:37:ac:72:60:6b: 806s 95:98 806s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-E5oH29/SSSD-child-15986-auth.pem 806s + found_md5=Modulus=A749BC0AC836D1D90611D9ECC31B2E5BDBDEEE3DE1AE7368BC30760EC71FB98934D7713A981FC96ED2128264934A114DF6E65BA3CB7A1E8379677196BED8621675AC264E4E43BBDDFB48857F0C96961391FB4F6FD177100A6EDEB85693267DE9F2FE980C29E833F3BAB09E5D5BC0C59626F867A822EEB623894510FD41053A7B 806s + '[' Modulus=A749BC0AC836D1D90611D9ECC31B2E5BDBDEEE3DE1AE7368BC30760EC71FB98934D7713A981FC96ED2128264934A114DF6E65BA3CB7A1E8379677196BED8621675AC264E4E43BBDDFB48857F0C96961391FB4F6FD177100A6EDEB85693267DE9F2FE980C29E833F3BAB09E5D5BC0C59626F867A822EEB623894510FD41053A7B '!=' Modulus=A749BC0AC836D1D90611D9ECC31B2E5BDBDEEE3DE1AE7368BC30760EC71FB98934D7713A981FC96ED2128264934A114DF6E65BA3CB7A1E8379677196BED8621675AC264E4E43BBDDFB48857F0C96961391FB4F6FD177100A6EDEB85693267DE9F2FE980C29E833F3BAB09E5D5BC0C59626F867A822EEB623894510FD41053A7B ']' 806s + valid_certificate /tmp/sssd-softhsm2-E5oH29/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-5509 /tmp/sssd-softhsm2-E5oH29/test-full-chain-CA.pem partial_chain 806s + check_certificate /tmp/sssd-softhsm2-E5oH29/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-5509 /tmp/sssd-softhsm2-E5oH29/test-full-chain-CA.pem partial_chain 806s + local certificate=/tmp/sssd-softhsm2-E5oH29/test-intermediate-CA-trusted-certificate-0001.pem 806s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-5509 806s + local key_ring=/tmp/sssd-softhsm2-E5oH29/test-full-chain-CA.pem 806s + local verify_option=partial_chain 806s + prepare_softhsm2_card /tmp/sssd-softhsm2-E5oH29/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-5509 806s + local certificate=/tmp/sssd-softhsm2-E5oH29/test-intermediate-CA-trusted-certificate-0001.pem 806s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-5509 806s + local key_cn 806s + local key_name 806s + local tokens_dir 806s + local output_cert_file 806s + token_name= 806s ++ basename /tmp/sssd-softhsm2-E5oH29/test-intermediate-CA-trusted-certificate-0001.pem .pem 806s + key_name=test-intermediate-CA-trusted-certificate-0001 806s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-E5oH29/test-intermediate-CA-trusted-certificate-0001.pem 806s ++ sed -n 's/ *commonName *= //p' 806s + key_cn='Test Organization Intermediate Trusted Certificate 0001' 806s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 806s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-E5oH29/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 806s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-E5oH29/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 806s ++ basename /tmp/sssd-softhsm2-E5oH29/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf .conf 806s Test Organization Interme Token 806s + tokens_dir=/tmp/sssd-softhsm2-E5oH29/softhsm2-test-intermediate-CA-trusted-certificate-0001 806s + token_name='Test Organization Interme Token' 806s + '[' '!' -e /tmp/sssd-softhsm2-E5oH29/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf ']' 806s + '[' '!' -d /tmp/sssd-softhsm2-E5oH29/softhsm2-test-intermediate-CA-trusted-certificate-0001 ']' 806s + echo 'Test Organization Interme Token' 806s + '[' -n partial_chain ']' 806s + local verify_arg=--verify=partial_chain 806s + local output_base_name=SSSD-child-25758 806s + local output_file=/tmp/sssd-softhsm2-E5oH29/SSSD-child-25758.output 806s + output_cert_file=/tmp/sssd-softhsm2-E5oH29/SSSD-child-25758.pem 806s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so --verify=partial_chain --ca_db=/tmp/sssd-softhsm2-E5oH29/test-full-chain-CA.pem 806s [p11_child[1726]] [main] (0x0400): p11_child started. 806s [p11_child[1726]] [main] (0x2000): Running in [pre-auth] mode. 806s [p11_child[1726]] [main] (0x2000): Running with effective IDs: [0][0]. 806s [p11_child[1726]] [main] (0x2000): Running with real IDs [0][0]. 806s [p11_child[1726]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 806s [p11_child[1726]] [do_card] (0x4000): Module List: 806s [p11_child[1726]] [do_card] (0x4000): common name: [softhsm2]. 806s [p11_child[1726]] [do_card] (0x4000): dll name: [/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so]. 806s [p11_child[1726]] [do_card] (0x4000): Description [SoftHSM slot ID 0x5ca17e61] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 806s [p11_child[1726]] [do_card] (0x4000): Token label [Test Organization Interme Token]. 806s [p11_child[1726]] [do_card] (0x4000): Found [Test Organization Interme Token] in slot [SoftHSM slot ID 0x5ca17e61][1554087521] of module [0][/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so]. 806s [p11_child[1726]] [do_card] (0x4000): Login NOT required. 806s [p11_child[1726]] [read_certs] (0x4000): found cert[Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] 806s [p11_child[1726]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 806s [p11_child[1726]] [do_card] (0x4000): /usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so /usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so (null) Test Organization Interme Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 806s [p11_child[1726]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x5ca17e61;slot-manufacturer=SoftHSM%20project;slot-id=1554087521;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=8383cd73dca17e61;token=Test%20Organization%20Interme%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Intermediate%20Trusted%20Certificate%200001;type=cert. 806s [p11_child[1726]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 806s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-E5oH29/SSSD-child-25758.output 806s + echo '-----BEGIN CERTIFICATE-----' 806s + tail -n1 /tmp/sssd-softhsm2-E5oH29/SSSD-child-25758.output 806s + echo '-----END CERTIFICATE-----' 806s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-E5oH29/SSSD-child-25758.pem 806s + local found_md5 expected_md5 806s Certificate: 806s Data: 806s Version: 3 (0x2) 806s Serial Number: 4 (0x4) 806s Signature Algorithm: sha256WithRSAEncryption 806s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate CA 806s Validity 806s Not Before: Nov 29 21:11:39 2024 GMT 806s Not After : Nov 29 21:11:39 2025 GMT 806s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate Trusted Certificate 0001 806s Subject Public Key Info: 806s Public Key Algorithm: rsaEncryption 806s Public-Key: (1024 bit) 806s Modulus: 806s 00:a7:49:bc:0a:c8:36:d1:d9:06:11:d9:ec:c3:1b: 806s 2e:5b:db:de:ee:3d:e1:ae:73:68:bc:30:76:0e:c7: 806s 1f:b9:89:34:d7:71:3a:98:1f:c9:6e:d2:12:82:64: 806s 93:4a:11:4d:f6:e6:5b:a3:cb:7a:1e:83:79:67:71: 806s 96:be:d8:62:16:75:ac:26:4e:4e:43:bb:dd:fb:48: 806s 85:7f:0c:96:96:13:91:fb:4f:6f:d1:77:10:0a:6e: 806s de:b8:56:93:26:7d:e9:f2:fe:98:0c:29:e8:33:f3: 806s ba:b0:9e:5d:5b:c0:c5:96:26:f8:67:a8:22:ee:b6: 806s 23:89:45:10:fd:41:05:3a:7b 806s Exponent: 65537 (0x10001) 806s X509v3 extensions: 806s X509v3 Authority Key Identifier: 806s 82:A1:64:76:5B:87:8B:6F:11:25:51:41:04:15:8F:83:46:EA:1E:A5 806s X509v3 Basic Constraints: 806s CA:FALSE 806s Netscape Cert Type: 806s SSL Client, S/MIME 806s Netscape Comment: 806s Test Organization Intermediate CA trusted Certificate 806s X509v3 Subject Key Identifier: 806s F5:B3:7E:9D:EB:BA:5D:04:CD:34:DA:B7:C8:00:71:D1:DE:DE:FE:42 806s X509v3 Key Usage: critical 806s Digital Signature, Non Repudiation, Key Encipherment 806s X509v3 Extended Key Usage: 806s TLS Web Client Authentication, E-mail Protection 806s X509v3 Subject Alternative Name: 806s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 806s Signature Algorithm: sha256WithRSAEncryption 806s Signature Value: 806s 43:ae:84:5f:3d:a5:12:39:1b:12:38:a1:c3:55:2a:d8:ef:55: 806s e3:8f:37:b7:14:bb:58:ff:a5:29:71:39:0d:7e:66:74:fa:13: 806s 2a:56:3e:d4:2e:bc:13:48:99:9a:4f:85:ad:ce:05:1b:8a:77: 806s 94:64:82:3e:03:dd:04:2a:12:b9:d1:96:7f:54:f1:5e:c6:d3: 806s 84:43:82:1c:41:2a:ef:bb:b7:28:4a:68:60:54:41:22:fd:b3: 806s eb:11:5e:f0:26:91:fd:b2:23:c4:27:5f:fb:4a:49:c9:20:b3: 806s a7:ad:3a:34:f0:bd:06:21:14:b9:8b:d6:0a:37:ac:72:60:6b: 806s 95:98 806s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-E5oH29/test-intermediate-CA-trusted-certificate-0001.pem 806s + expected_md5=Modulus=A749BC0AC836D1D90611D9ECC31B2E5BDBDEEE3DE1AE7368BC30760EC71FB98934D7713A981FC96ED2128264934A114DF6E65BA3CB7A1E8379677196BED8621675AC264E4E43BBDDFB48857F0C96961391FB4F6FD177100A6EDEB85693267DE9F2FE980C29E833F3BAB09E5D5BC0C59626F867A822EEB623894510FD41053A7B 806s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-E5oH29/SSSD-child-25758.pem 806s + found_md5=Modulus=A749BC0AC836D1D90611D9ECC31B2E5BDBDEEE3DE1AE7368BC30760EC71FB98934D7713A981FC96ED2128264934A114DF6E65BA3CB7A1E8379677196BED8621675AC264E4E43BBDDFB48857F0C96961391FB4F6FD177100A6EDEB85693267DE9F2FE980C29E833F3BAB09E5D5BC0C59626F867A822EEB623894510FD41053A7B 806s + '[' Modulus=A749BC0AC836D1D90611D9ECC31B2E5BDBDEEE3DE1AE7368BC30760EC71FB98934D7713A981FC96ED2128264934A114DF6E65BA3CB7A1E8379677196BED8621675AC264E4E43BBDDFB48857F0C96961391FB4F6FD177100A6EDEB85693267DE9F2FE980C29E833F3BAB09E5D5BC0C59626F867A822EEB623894510FD41053A7B '!=' Modulus=A749BC0AC836D1D90611D9ECC31B2E5BDBDEEE3DE1AE7368BC30760EC71FB98934D7713A981FC96ED2128264934A114DF6E65BA3CB7A1E8379677196BED8621675AC264E4E43BBDDFB48857F0C96961391FB4F6FD177100A6EDEB85693267DE9F2FE980C29E833F3BAB09E5D5BC0C59626F867A822EEB623894510FD41053A7B ']' 806s + output_file=/tmp/sssd-softhsm2-E5oH29/SSSD-child-25758-auth.output 806s ++ basename /tmp/sssd-softhsm2-E5oH29/SSSD-child-25758-auth.output .output 806s + output_cert_file=/tmp/sssd-softhsm2-E5oH29/SSSD-child-25758-auth.pem 806s + echo -n 053350 806s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/tmp/sssd-softhsm2-E5oH29/test-full-chain-CA.pem --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 --verify=partial_chain --token_name 'Test Organization Interme Token' --module_name /usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so 806s [p11_child[1734]] [main] (0x0400): p11_child started. 806s [p11_child[1734]] [main] (0x2000): Running in [auth] mode. 806s [p11_child[1734]] [main] (0x2000): Running with effective IDs: [0][0]. 806s [p11_child[1734]] [main] (0x2000): Running with real IDs [0][0]. 806s [p11_child[1734]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 806s [p11_child[1734]] [do_card] (0x4000): Module List: 806s [p11_child[1734]] [do_card] (0x4000): common name: [softhsm2]. 806s [p11_child[1734]] [do_card] (0x4000): dll name: [/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so]. 806s [p11_child[1734]] [do_card] (0x4000): Description [SoftHSM slot ID 0x5ca17e61] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 806s [p11_child[1734]] [do_card] (0x4000): Token label [Test Organization Interme Token]. 806s [p11_child[1734]] [do_card] (0x4000): Found [Test Organization Interme Token] in slot [SoftHSM slot ID 0x5ca17e61][1554087521] of module [0][/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so]. 806s [p11_child[1734]] [do_card] (0x4000): Login required. 806s [p11_child[1734]] [read_certs] (0x4000): found cert[Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] 806s [p11_child[1734]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 806s [p11_child[1734]] [do_card] (0x4000): /usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so /usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so Test Organization Interme Token Test Organization Interme Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 806s [p11_child[1734]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x5ca17e61;slot-manufacturer=SoftHSM%20project;slot-id=1554087521;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=8383cd73dca17e61;token=Test%20Organization%20Interme%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Intermediate%20Trusted%20Certificate%200001;type=cert. 806s [p11_child[1734]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 806s [p11_child[1734]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 806s [p11_child[1734]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 806s [p11_child[1734]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 806s [p11_child[1734]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 806s [p11_child[1734]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 806s [p11_child[1734]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 806s [p11_child[1734]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 806s [p11_child[1734]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 806s [p11_child[1734]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 806s [p11_child[1734]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 806s [p11_child[1734]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 806s [p11_child[1734]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 806s [p11_child[1734]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 806s [p11_child[1734]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 806s [p11_child[1734]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 806s [p11_child[1734]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 806s [p11_child[1734]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 806s [p11_child[1734]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 806s [p11_child[1734]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 806s [p11_child[1734]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 806s [p11_child[1734]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 806s [p11_child[1734]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 806s [p11_child[1734]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 806s [p11_child[1734]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 806s [p11_child[1734]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 806s [p11_child[1734]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 806s [p11_child[1734]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 806s [p11_child[1734]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 806s [p11_child[1734]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 806s [p11_child[1734]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 806s [p11_child[1734]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 806s [p11_child[1734]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 806s [p11_child[1734]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 806s [p11_child[1734]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 806s [p11_child[1734]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 806s [p11_child[1734]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 806s [p11_child[1734]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 806s [p11_child[1734]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 806s [p11_child[1734]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 806s [p11_child[1734]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 806s [p11_child[1734]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 806s [p11_child[1734]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 806s [p11_child[1734]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 806s [p11_child[1734]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 806s [p11_child[1734]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 806s [p11_child[1734]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 806s [p11_child[1734]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 806s [p11_child[1734]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 806s [p11_child[1734]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 806s [p11_child[1734]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 806s [p11_child[1734]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 806s [p11_child[1734]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 806s [p11_child[1734]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 806s [p11_child[1734]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 806s [p11_child[1734]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 806s [p11_child[1734]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 806s [p11_child[1734]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 806s [p11_child[1734]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 806s [p11_child[1734]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 806s [p11_child[1734]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 806s [p11_child[1734]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 806s [p11_child[1734]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 806s [p11_child[1734]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 806s [p11_child[1734]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 806s [p11_child[1734]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 806s [p11_child[1734]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 806s [p11_child[1734]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 806s [p11_child[1734]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 806s [p11_child[1734]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 806s [p11_child[1734]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 806s [p11_child[1734]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 806s [p11_child[1734]] [do_card] (0x4000): Certificate verified and validated. 806s [p11_child[1734]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 806s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-E5oH29/SSSD-child-25758-auth.output 806s + echo '-----BEGIN CERTIFICATE-----' 806s + tail -n1 /tmp/sssd-softhsm2-E5oH29/SSSD-child-25758-auth.output 806s + echo '-----END CERTIFICATE-----' 806s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-E5oH29/SSSD-child-25758-auth.pem 806s Certificate: 806s Data: 806s Version: 3 (0x2) 806s Serial Number: 4 (0x4) 806s Signature Algorithm: sha256WithRSAEncryption 806s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate CA 806s Validity 806s Not Before: Nov 29 21:11:39 2024 GMT 806s Not After : Nov 29 21:11:39 2025 GMT 806s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate Trusted Certificate 0001 806s Subject Public Key Info: 806s Public Key Algorithm: rsaEncryption 806s Public-Key: (1024 bit) 806s Modulus: 806s 00:a7:49:bc:0a:c8:36:d1:d9:06:11:d9:ec:c3:1b: 806s 2e:5b:db:de:ee:3d:e1:ae:73:68:bc:30:76:0e:c7: 806s 1f:b9:89:34:d7:71:3a:98:1f:c9:6e:d2:12:82:64: 806s 93:4a:11:4d:f6:e6:5b:a3:cb:7a:1e:83:79:67:71: 806s 96:be:d8:62:16:75:ac:26:4e:4e:43:bb:dd:fb:48: 806s 85:7f:0c:96:96:13:91:fb:4f:6f:d1:77:10:0a:6e: 806s de:b8:56:93:26:7d:e9:f2:fe:98:0c:29:e8:33:f3: 806s ba:b0:9e:5d:5b:c0:c5:96:26:f8:67:a8:22:ee:b6: 806s 23:89:45:10:fd:41:05:3a:7b 806s Exponent: 65537 (0x10001) 806s X509v3 extensions: 806s X509v3 Authority Key Identifier: 806s 82:A1:64:76:5B:87:8B:6F:11:25:51:41:04:15:8F:83:46:EA:1E:A5 806s X509v3 Basic Constraints: 806s CA:FALSE 806s Netscape Cert Type: 806s SSL Client, S/MIME 806s Netscape Comment: 806s Test Organization Intermediate CA trusted Certificate 806s X509v3 Subject Key Identifier: 806s F5:B3:7E:9D:EB:BA:5D:04:CD:34:DA:B7:C8:00:71:D1:DE:DE:FE:42 806s X509v3 Key Usage: critical 806s Digital Signature, Non Repudiation, Key Encipherment 806s X509v3 Extended Key Usage: 806s TLS Web Client Authentication, E-mail Protection 806s X509v3 Subject Alternative Name: 806s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 806s Signature Algorithm: sha256WithRSAEncryption 806s Signature Value: 806s 43:ae:84:5f:3d:a5:12:39:1b:12:38:a1:c3:55:2a:d8:ef:55: 806s e3:8f:37:b7:14:bb:58:ff:a5:29:71:39:0d:7e:66:74:fa:13: 806s 2a:56:3e:d4:2e:bc:13:48:99:9a:4f:85:ad:ce:05:1b:8a:77: 806s 94:64:82:3e:03:dd:04:2a:12:b9:d1:96:7f:54:f1:5e:c6:d3: 806s 84:43:82:1c:41:2a:ef:bb:b7:28:4a:68:60:54:41:22:fd:b3: 806s eb:11:5e:f0:26:91:fd:b2:23:c4:27:5f:fb:4a:49:c9:20:b3: 806s a7:ad:3a:34:f0:bd:06:21:14:b9:8b:d6:0a:37:ac:72:60:6b: 806s 95:98 806s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-E5oH29/SSSD-child-25758-auth.pem 806s + found_md5=Modulus=A749BC0AC836D1D90611D9ECC31B2E5BDBDEEE3DE1AE7368BC30760EC71FB98934D7713A981FC96ED2128264934A114DF6E65BA3CB7A1E8379677196BED8621675AC264E4E43BBDDFB48857F0C96961391FB4F6FD177100A6EDEB85693267DE9F2FE980C29E833F3BAB09E5D5BC0C59626F867A822EEB623894510FD41053A7B 806s + '[' Modulus=A749BC0AC836D1D90611D9ECC31B2E5BDBDEEE3DE1AE7368BC30760EC71FB98934D7713A981FC96ED2128264934A114DF6E65BA3CB7A1E8379677196BED8621675AC264E4E43BBDDFB48857F0C96961391FB4F6FD177100A6EDEB85693267DE9F2FE980C29E833F3BAB09E5D5BC0C59626F867A822EEB623894510FD41053A7B '!=' Modulus=A749BC0AC836D1D90611D9ECC31B2E5BDBDEEE3DE1AE7368BC30760EC71FB98934D7713A981FC96ED2128264934A114DF6E65BA3CB7A1E8379677196BED8621675AC264E4E43BBDDFB48857F0C96961391FB4F6FD177100A6EDEB85693267DE9F2FE980C29E833F3BAB09E5D5BC0C59626F867A822EEB623894510FD41053A7B ']' 806s + invalid_certificate /tmp/sssd-softhsm2-E5oH29/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-5509 /tmp/sssd-softhsm2-E5oH29/test-intermediate-CA.pem 806s + check_certificate /tmp/sssd-softhsm2-E5oH29/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-5509 /tmp/sssd-softhsm2-E5oH29/test-intermediate-CA.pem 806s + local certificate=/tmp/sssd-softhsm2-E5oH29/test-intermediate-CA-trusted-certificate-0001.pem 806s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-5509 806s + local key_ring=/tmp/sssd-softhsm2-E5oH29/test-intermediate-CA.pem 806s + local verify_option= 806s + prepare_softhsm2_card /tmp/sssd-softhsm2-E5oH29/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-5509 806s + local certificate=/tmp/sssd-softhsm2-E5oH29/test-intermediate-CA-trusted-certificate-0001.pem 806s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-5509 806s + local key_cn 806s + local key_name 806s + local tokens_dir 806s + local output_cert_file 806s + token_name= 806s ++ basename /tmp/sssd-softhsm2-E5oH29/test-intermediate-CA-trusted-certificate-0001.pem .pem 806s + key_name=test-intermediate-CA-trusted-certificate-0001 806s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-E5oH29/test-intermediate-CA-trusted-certificate-0001.pem 806s ++ sed -n 's/ *commonName *= //p' 806s + key_cn='Test Organization Intermediate Trusted Certificate 0001' 806s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 806s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-E5oH29/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 806s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-E5oH29/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 806s ++ basename /tmp/sssd-softhsm2-E5oH29/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf .conf 806s + tokens_dir=/tmp/sssd-softhsm2-E5oH29/softhsm2-test-intermediate-CA-trusted-certificate-0001 806s + token_name='Test Organization Interme Token' 806s + '[' '!' -e /tmp/sssd-softhsm2-E5oH29/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf ']' 806s + '[' '!' -d /tmp/sssd-softhsm2-E5oH29/softhsm2-test-intermediate-CA-trusted-certificate-0001 ']' 806s + echo 'Test Organization Interme Token' 806s + '[' -n '' ']' 806s + local output_base_name=SSSD-child-22033 806s + local output_file=/tmp/sssd-softhsm2-E5oH29/SSSD-child-22033.output 806s + output_cert_file=/tmp/sssd-softhsm2-E5oH29/SSSD-child-22033.pem 806s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so '' --ca_db=/tmp/sssd-softhsm2-E5oH29/test-intermediate-CA.pem 806s Test Organization Interme Token 806s [p11_child[1744]] [main] (0x0400): p11_child started. 806s [p11_child[1744]] [main] (0x2000): Running in [pre-auth] mode. 806s [p11_child[1744]] [main] (0x2000): Running with effective IDs: [0][0]. 806s [p11_child[1744]] [main] (0x2000): Running with real IDs [0][0]. 806s [p11_child[1744]] [do_card] (0x4000): Module List: 806s [p11_child[1744]] [do_card] (0x4000): common name: [softhsm2]. 806s [p11_child[1744]] [do_card] (0x4000): dll name: [/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so]. 806s [p11_child[1744]] [do_card] (0x4000): Description [SoftHSM slot ID 0x5ca17e61] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 806s [p11_child[1744]] [do_card] (0x4000): Token label [Test Organization Interme Token]. 806s [p11_child[1744]] [do_card] (0x4000): Found [Test Organization Interme Token] in slot [SoftHSM slot ID 0x5ca17e61][1554087521] of module [0][/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so]. 806s [p11_child[1744]] [do_card] (0x4000): Login NOT required. 806s [p11_child[1744]] [read_certs] (0x4000): found cert[Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] 806s [p11_child[1744]] [do_verification] (0x0040): X509_verify_cert failed [0]. 806s [p11_child[1744]] [do_verification] (0x0040): X509_verify_cert failed [2][unable to get issuer certificate]. 806s [p11_child[1744]] [read_certs] (0x0040): Certificate [Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] not valid, skipping. 806s [p11_child[1744]] [do_card] (0x4000): No certificate found. 806s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-E5oH29/SSSD-child-22033.output 806s + return 2 806s + valid_certificate /tmp/sssd-softhsm2-E5oH29/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-5509 /tmp/sssd-softhsm2-E5oH29/test-intermediate-CA.pem partial_chain 806s + check_certificate /tmp/sssd-softhsm2-E5oH29/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-5509 /tmp/sssd-softhsm2-E5oH29/test-intermediate-CA.pem partial_chain 806s + local certificate=/tmp/sssd-softhsm2-E5oH29/test-intermediate-CA-trusted-certificate-0001.pem 806s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-5509 806s + local key_ring=/tmp/sssd-softhsm2-E5oH29/test-intermediate-CA.pem 806s + local verify_option=partial_chain 806s + prepare_softhsm2_card /tmp/sssd-softhsm2-E5oH29/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-5509 806s + local certificate=/tmp/sssd-softhsm2-E5oH29/test-intermediate-CA-trusted-certificate-0001.pem 806s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-5509 806s + local key_cn 806s + local key_name 806s + local tokens_dir 806s + local output_cert_file 806s + token_name= 806s ++ basename /tmp/sssd-softhsm2-E5oH29/test-intermediate-CA-trusted-certificate-0001.pem .pem 806s + key_name=test-intermediate-CA-trusted-certificate-0001 806s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-E5oH29/test-intermediate-CA-trusted-certificate-0001.pem 806s ++ sed -n 's/ *commonName *= //p' 806s + key_cn='Test Organization Intermediate Trusted Certificate 0001' 806s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 806s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-E5oH29/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 806s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-E5oH29/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 806s ++ basename /tmp/sssd-softhsm2-E5oH29/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf .conf 806s + tokens_dir=/tmp/sssd-softhsm2-E5oH29/softhsm2-test-intermediate-CA-trusted-certificate-0001 806s + token_name='Test Organization Interme Token' 806s + '[' '!' -e /tmp/sssd-softhsm2-E5oH29/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf ']' 806s + '[' '!' -d /tmp/sssd-softhsm2-E5oH29/softhsm2-test-intermediate-CA-trusted-certificate-0001 ']' 806s + echo 'Test Organization Interme Token' 806s + '[' -n partial_chain ']' 806s + local verify_arg=--verify=partial_chain 806s + local output_base_name=SSSD-child-31260 806s + local output_file=/tmp/sssd-softhsm2-E5oH29/SSSD-child-31260.output 806s + output_cert_file=/tmp/sssd-softhsm2-E5oH29/SSSD-child-31260.pem 806s Test Organization Interme Token 806s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so --verify=partial_chain --ca_db=/tmp/sssd-softhsm2-E5oH29/test-intermediate-CA.pem 806s [p11_child[1751]] [main] (0x0400): p11_child started. 806s [p11_child[1751]] [main] (0x2000): Running in [pre-auth] mode. 806s [p11_child[1751]] [main] (0x2000): Running with effective IDs: [0][0]. 806s [p11_child[1751]] [main] (0x2000): Running with real IDs [0][0]. 806s [p11_child[1751]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 806s [p11_child[1751]] [do_card] (0x4000): Module List: 806s [p11_child[1751]] [do_card] (0x4000): common name: [softhsm2]. 806s [p11_child[1751]] [do_card] (0x4000): dll name: [/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so]. 806s [p11_child[1751]] [do_card] (0x4000): Description [SoftHSM slot ID 0x5ca17e61] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 806s [p11_child[1751]] [do_card] (0x4000): Token label [Test Organization Interme Token]. 806s [p11_child[1751]] [do_card] (0x4000): Found [Test Organization Interme Token] in slot [SoftHSM slot ID 0x5ca17e61][1554087521] of module [0][/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so]. 806s [p11_child[1751]] [do_card] (0x4000): Login NOT required. 806s [p11_child[1751]] [read_certs] (0x4000): found cert[Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] 806s [p11_child[1751]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 806s [p11_child[1751]] [do_card] (0x4000): /usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so /usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so (null) Test Organization Interme Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 806s [p11_child[1751]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x5ca17e61;slot-manufacturer=SoftHSM%20project;slot-id=1554087521;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=8383cd73dca17e61;token=Test%20Organization%20Interme%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Intermediate%20Trusted%20Certificate%200001;type=cert. 806s [p11_child[1751]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 806s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-E5oH29/SSSD-child-31260.output 806s + echo '-----BEGIN CERTIFICATE-----' 806s + tail -n1 /tmp/sssd-softhsm2-E5oH29/SSSD-child-31260.output 806s + echo '-----END CERTIFICATE-----' 806s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-E5oH29/SSSD-child-31260.pem 807s Certificate: 807s Data: 807s Version: 3 (0x2) 807s Serial Number: 4 (0x4) 807s Signature Algorithm: sha256WithRSAEncryption 807s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate CA 807s Validity 807s Not Before: Nov 29 21:11:39 2024 GMT 807s Not After : Nov 29 21:11:39 2025 GMT 807s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate Trusted Certificate 0001 807s Subject Public Key Info: 807s Public Key Algorithm: rsaEncryption 807s Public-Key: (1024 bit) 807s Modulus: 807s 00:a7:49:bc:0a:c8:36:d1:d9:06:11:d9:ec:c3:1b: 807s 2e:5b:db:de:ee:3d:e1:ae:73:68:bc:30:76:0e:c7: 807s 1f:b9:89:34:d7:71:3a:98:1f:c9:6e:d2:12:82:64: 807s 93:4a:11:4d:f6:e6:5b:a3:cb:7a:1e:83:79:67:71: 807s 96:be:d8:62:16:75:ac:26:4e:4e:43:bb:dd:fb:48: 807s 85:7f:0c:96:96:13:91:fb:4f:6f:d1:77:10:0a:6e: 807s de:b8:56:93:26:7d:e9:f2:fe:98:0c:29:e8:33:f3: 807s ba:b0:9e:5d:5b:c0:c5:96:26:f8:67:a8:22:ee:b6: 807s 23:89:45:10:fd:41:05:3a:7b 807s Exponent: 65537 (0x10001) 807s X509v3 extensions: 807s X509v3 Authority Key Identifier: 807s 82:A1:64:76:5B:87:8B:6F:11:25:51:41:04:15:8F:83:46:EA:1E:A5 807s X509v3 Basic Constraints: 807s CA:FALSE 807s Netscape Cert Type: 807s SSL Client, S/MIME 807s Netscape Comment: 807s Test Organization Intermediate CA trusted Certificate 807s X509v3 Subject Key Identifier: 807s F5:B3:7E:9D:EB:BA:5D:04:CD:34:DA:B7:C8:00:71:D1:DE:DE:FE:42 807s X509v3 Key Usage: critical 807s Digital Signature, Non Repudiation, Key Encipherment 807s X509v3 Extended Key Usage: 807s TLS Web Client Authentication, E-mail Protection 807s X509v3 Subject Alternative Name: 807s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 807s Signature Algorithm: sha256WithRSAEncryption 807s Signature Value: 807s 43:ae:84:5f:3d:a5:12:39:1b:12:38:a1:c3:55:2a:d8:ef:55: 807s e3:8f:37:b7:14:bb:58:ff:a5:29:71:39:0d:7e:66:74:fa:13: 807s 2a:56:3e:d4:2e:bc:13:48:99:9a:4f:85:ad:ce:05:1b:8a:77: 807s 94:64:82:3e:03:dd:04:2a:12:b9:d1:96:7f:54:f1:5e:c6:d3: 807s 84:43:82:1c:41:2a:ef:bb:b7:28:4a:68:60:54:41:22:fd:b3: 807s eb:11:5e:f0:26:91:fd:b2:23:c4:27:5f:fb:4a:49:c9:20:b3: 807s a7:ad:3a:34:f0:bd:06:21:14:b9:8b:d6:0a:37:ac:72:60:6b: 807s 95:98 807s + local found_md5 expected_md5 807s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-E5oH29/test-intermediate-CA-trusted-certificate-0001.pem 807s + expected_md5=Modulus=A749BC0AC836D1D90611D9ECC31B2E5BDBDEEE3DE1AE7368BC30760EC71FB98934D7713A981FC96ED2128264934A114DF6E65BA3CB7A1E8379677196BED8621675AC264E4E43BBDDFB48857F0C96961391FB4F6FD177100A6EDEB85693267DE9F2FE980C29E833F3BAB09E5D5BC0C59626F867A822EEB623894510FD41053A7B 807s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-E5oH29/SSSD-child-31260.pem 807s + found_md5=Modulus=A749BC0AC836D1D90611D9ECC31B2E5BDBDEEE3DE1AE7368BC30760EC71FB98934D7713A981FC96ED2128264934A114DF6E65BA3CB7A1E8379677196BED8621675AC264E4E43BBDDFB48857F0C96961391FB4F6FD177100A6EDEB85693267DE9F2FE980C29E833F3BAB09E5D5BC0C59626F867A822EEB623894510FD41053A7B 807s + '[' Modulus=A749BC0AC836D1D90611D9ECC31B2E5BDBDEEE3DE1AE7368BC30760EC71FB98934D7713A981FC96ED2128264934A114DF6E65BA3CB7A1E8379677196BED8621675AC264E4E43BBDDFB48857F0C96961391FB4F6FD177100A6EDEB85693267DE9F2FE980C29E833F3BAB09E5D5BC0C59626F867A822EEB623894510FD41053A7B '!=' Modulus=A749BC0AC836D1D90611D9ECC31B2E5BDBDEEE3DE1AE7368BC30760EC71FB98934D7713A981FC96ED2128264934A114DF6E65BA3CB7A1E8379677196BED8621675AC264E4E43BBDDFB48857F0C96961391FB4F6FD177100A6EDEB85693267DE9F2FE980C29E833F3BAB09E5D5BC0C59626F867A822EEB623894510FD41053A7B ']' 807s + output_file=/tmp/sssd-softhsm2-E5oH29/SSSD-child-31260-auth.output 807s ++ basename /tmp/sssd-softhsm2-E5oH29/SSSD-child-31260-auth.output .output 807s + output_cert_file=/tmp/sssd-softhsm2-E5oH29/SSSD-child-31260-auth.pem 807s + echo -n 053350 807s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/tmp/sssd-softhsm2-E5oH29/test-intermediate-CA.pem --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 --verify=partial_chain --token_name 'Test Organization Interme Token' --module_name /usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so 807s [p11_child[1759]] [main] (0x0400): p11_child started. 807s [p11_child[1759]] [main] (0x2000): Running in [auth] mode. 807s [p11_child[1759]] [main] (0x2000): Running with effective IDs: [0][0]. 807s [p11_child[1759]] [main] (0x2000): Running with real IDs [0][0]. 807s [p11_child[1759]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 807s [p11_child[1759]] [do_card] (0x4000): Module List: 807s [p11_child[1759]] [do_card] (0x4000): common name: [softhsm2]. 807s [p11_child[1759]] [do_card] (0x4000): dll name: [/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so]. 807s [p11_child[1759]] [do_card] (0x4000): Description [SoftHSM slot ID 0x5ca17e61] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 807s [p11_child[1759]] [do_card] (0x4000): Token label [Test Organization Interme Token]. 807s [p11_child[1759]] [do_card] (0x4000): Found [Test Organization Interme Token] in slot [SoftHSM slot ID 0x5ca17e61][1554087521] of module [0][/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so]. 807s [p11_child[1759]] [do_card] (0x4000): Login required. 807s [p11_child[1759]] [read_certs] (0x4000): found cert[Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] 807s [p11_child[1759]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 807s [p11_child[1759]] [do_card] (0x4000): /usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so /usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so Test Organization Interme Token Test Organization Interme Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 807s [p11_child[1759]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x5ca17e61;slot-manufacturer=SoftHSM%20project;slot-id=1554087521;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=8383cd73dca17e61;token=Test%20Organization%20Interme%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Intermediate%20Trusted%20Certificate%200001;type=cert. 807s [p11_child[1759]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 807s [p11_child[1759]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 807s [p11_child[1759]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 807s [p11_child[1759]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 807s [p11_child[1759]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 807s [p11_child[1759]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 807s [p11_child[1759]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 807s [p11_child[1759]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 807s [p11_child[1759]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 807s [p11_child[1759]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 807s [p11_child[1759]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 807s [p11_child[1759]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 807s [p11_child[1759]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 807s [p11_child[1759]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 807s [p11_child[1759]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 807s [p11_child[1759]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 807s [p11_child[1759]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 807s [p11_child[1759]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 807s [p11_child[1759]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 807s [p11_child[1759]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 807s [p11_child[1759]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 807s [p11_child[1759]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 807s [p11_child[1759]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 807s [p11_child[1759]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 807s [p11_child[1759]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 807s [p11_child[1759]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 807s [p11_child[1759]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 807s [p11_child[1759]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 807s [p11_child[1759]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 807s [p11_child[1759]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 807s [p11_child[1759]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 807s [p11_child[1759]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 807s [p11_child[1759]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 807s [p11_child[1759]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 807s [p11_child[1759]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 807s [p11_child[1759]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 807s [p11_child[1759]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 807s [p11_child[1759]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 807s [p11_child[1759]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 807s [p11_child[1759]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 807s [p11_child[1759]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 807s [p11_child[1759]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 807s [p11_child[1759]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 807s [p11_child[1759]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 807s [p11_child[1759]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 807s [p11_child[1759]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 807s [p11_child[1759]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 807s [p11_child[1759]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 807s [p11_child[1759]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 807s [p11_child[1759]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 807s [p11_child[1759]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 807s [p11_child[1759]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 807s [p11_child[1759]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 807s [p11_child[1759]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 807s [p11_child[1759]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 807s [p11_child[1759]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 807s [p11_child[1759]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 807s [p11_child[1759]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 807s [p11_child[1759]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 807s [p11_child[1759]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 807s [p11_child[1759]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 807s [p11_child[1759]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 807s [p11_child[1759]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 807s [p11_child[1759]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 807s [p11_child[1759]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 807s [p11_child[1759]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 807s [p11_child[1759]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 807s [p11_child[1759]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 807s [p11_child[1759]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 807s [p11_child[1759]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 807s [p11_child[1759]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 807s [p11_child[1759]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 807s [p11_child[1759]] [do_card] (0x4000): Certificate verified and validated. 807s [p11_child[1759]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 807s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-E5oH29/SSSD-child-31260-auth.output 807s + echo '-----BEGIN CERTIFICATE-----' 807s + tail -n1 /tmp/sssd-softhsm2-E5oH29/SSSD-child-31260-auth.output 807s + echo '-----END CERTIFICATE-----' 807s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-E5oH29/SSSD-child-31260-auth.pem 807s Certificate: 807s Data: 807s Version: 3 (0x2) 807s Serial Number: 4 (0x4) 807s Signature Algorithm: sha256WithRSAEncryption 807s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate CA 807s Validity 807s Not Before: Nov 29 21:11:39 2024 GMT 807s Not After : Nov 29 21:11:39 2025 GMT 807s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate Trusted Certificate 0001 807s Subject Public Key Info: 807s Public Key Algorithm: rsaEncryption 807s Public-Key: (1024 bit) 807s Modulus: 807s 00:a7:49:bc:0a:c8:36:d1:d9:06:11:d9:ec:c3:1b: 807s 2e:5b:db:de:ee:3d:e1:ae:73:68:bc:30:76:0e:c7: 807s 1f:b9:89:34:d7:71:3a:98:1f:c9:6e:d2:12:82:64: 807s 93:4a:11:4d:f6:e6:5b:a3:cb:7a:1e:83:79:67:71: 807s 96:be:d8:62:16:75:ac:26:4e:4e:43:bb:dd:fb:48: 807s 85:7f:0c:96:96:13:91:fb:4f:6f:d1:77:10:0a:6e: 807s de:b8:56:93:26:7d:e9:f2:fe:98:0c:29:e8:33:f3: 807s ba:b0:9e:5d:5b:c0:c5:96:26:f8:67:a8:22:ee:b6: 807s 23:89:45:10:fd:41:05:3a:7b 807s Exponent: 65537 (0x10001) 807s X509v3 extensions: 807s X509v3 Authority Key Identifier: 807s 82:A1:64:76:5B:87:8B:6F:11:25:51:41:04:15:8F:83:46:EA:1E:A5 807s X509v3 Basic Constraints: 807s CA:FALSE 807s Netscape Cert Type: 807s SSL Client, S/MIME 807s Netscape Comment: 807s Test Organization Intermediate CA trusted Certificate 807s X509v3 Subject Key Identifier: 807s F5:B3:7E:9D:EB:BA:5D:04:CD:34:DA:B7:C8:00:71:D1:DE:DE:FE:42 807s X509v3 Key Usage: critical 807s Digital Signature, Non Repudiation, Key Encipherment 807s X509v3 Extended Key Usage: 807s TLS Web Client Authentication, E-mail Protection 807s X509v3 Subject Alternative Name: 807s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 807s Signature Algorithm: sha256WithRSAEncryption 807s Signature Value: 807s 43:ae:84:5f:3d:a5:12:39:1b:12:38:a1:c3:55:2a:d8:ef:55: 807s e3:8f:37:b7:14:bb:58:ff:a5:29:71:39:0d:7e:66:74:fa:13: 807s 2a:56:3e:d4:2e:bc:13:48:99:9a:4f:85:ad:ce:05:1b:8a:77: 807s 94:64:82:3e:03:dd:04:2a:12:b9:d1:96:7f:54:f1:5e:c6:d3: 807s 84:43:82:1c:41:2a:ef:bb:b7:28:4a:68:60:54:41:22:fd:b3: 807s eb:11:5e:f0:26:91:fd:b2:23:c4:27:5f:fb:4a:49:c9:20:b3: 807s a7:ad:3a:34:f0:bd:06:21:14:b9:8b:d6:0a:37:ac:72:60:6b: 807s 95:98 807s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-E5oH29/SSSD-child-31260-auth.pem 807s + found_md5=Modulus=A749BC0AC836D1D90611D9ECC31B2E5BDBDEEE3DE1AE7368BC30760EC71FB98934D7713A981FC96ED2128264934A114DF6E65BA3CB7A1E8379677196BED8621675AC264E4E43BBDDFB48857F0C96961391FB4F6FD177100A6EDEB85693267DE9F2FE980C29E833F3BAB09E5D5BC0C59626F867A822EEB623894510FD41053A7B 807s + '[' Modulus=A749BC0AC836D1D90611D9ECC31B2E5BDBDEEE3DE1AE7368BC30760EC71FB98934D7713A981FC96ED2128264934A114DF6E65BA3CB7A1E8379677196BED8621675AC264E4E43BBDDFB48857F0C96961391FB4F6FD177100A6EDEB85693267DE9F2FE980C29E833F3BAB09E5D5BC0C59626F867A822EEB623894510FD41053A7B '!=' Modulus=A749BC0AC836D1D90611D9ECC31B2E5BDBDEEE3DE1AE7368BC30760EC71FB98934D7713A981FC96ED2128264934A114DF6E65BA3CB7A1E8379677196BED8621675AC264E4E43BBDDFB48857F0C96961391FB4F6FD177100A6EDEB85693267DE9F2FE980C29E833F3BAB09E5D5BC0C59626F867A822EEB623894510FD41053A7B ']' 807s + invalid_certificate /tmp/sssd-softhsm2-E5oH29/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-1093 /tmp/sssd-softhsm2-E5oH29/test-root-CA.pem 807s + check_certificate /tmp/sssd-softhsm2-E5oH29/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-1093 /tmp/sssd-softhsm2-E5oH29/test-root-CA.pem 807s + local certificate=/tmp/sssd-softhsm2-E5oH29/test-sub-intermediate-CA-trusted-certificate-0001.pem 807s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-1093 807s + local key_ring=/tmp/sssd-softhsm2-E5oH29/test-root-CA.pem 807s + local verify_option= 807s + prepare_softhsm2_card /tmp/sssd-softhsm2-E5oH29/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-1093 807s + local certificate=/tmp/sssd-softhsm2-E5oH29/test-sub-intermediate-CA-trusted-certificate-0001.pem 807s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-1093 807s + local key_cn 807s + local key_name 807s + local tokens_dir 807s + local output_cert_file 807s + token_name= 807s ++ basename /tmp/sssd-softhsm2-E5oH29/test-sub-intermediate-CA-trusted-certificate-0001.pem .pem 807s + key_name=test-sub-intermediate-CA-trusted-certificate-0001 807s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-E5oH29/test-sub-intermediate-CA-trusted-certificate-0001.pem 807s ++ sed -n 's/ *commonName *= //p' 807s + key_cn='Test Organization Sub Intermediate Trusted Certificate 0001' 807s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 807s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-E5oH29/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 807s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-E5oH29/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 807s ++ basename /tmp/sssd-softhsm2-E5oH29/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf .conf 807s + tokens_dir=/tmp/sssd-softhsm2-E5oH29/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 807s + token_name='Test Organization Sub Int Token' 807s + '[' '!' -e /tmp/sssd-softhsm2-E5oH29/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf ']' 807s + local key_file 807s + local decrypted_key 807s + mkdir -p /tmp/sssd-softhsm2-E5oH29/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 807s + key_file=/tmp/sssd-softhsm2-E5oH29/test-sub-intermediate-CA-trusted-certificate-0001-key.pem 807s + decrypted_key=/tmp/sssd-softhsm2-E5oH29/test-sub-intermediate-CA-trusted-certificate-0001-key-decrypted.pem 807s + cat 807s + softhsm2-util --init-token --label 'Test Organization Sub Int Token' --pin 053350 --so-pin 053350 --free 807s Slot 0 has a free/uninitialized token. 807s The token has been initialized and is reassigned to slot 1926214740 807s + softhsm2-util --show-slots 807s Available slots: 807s Slot 1926214740 807s Slot info: 807s Description: SoftHSM slot ID 0x72cfb454 807s Manufacturer ID: SoftHSM project 807s Hardware version: 2.6 807s Firmware version: 2.6 807s Token present: yes 807s Token info: 807s Manufacturer ID: SoftHSM project 807s Model: SoftHSM v2 807s Hardware version: 2.6 807s Firmware version: 2.6 807s Serial number: 1da4aa3372cfb454 807s Initialized: yes 807s User PIN init.: yes 807s Label: Test Organization Sub Int Token 807s Slot 1 807s Slot info: 807s Description: SoftHSM slot ID 0x1 807s Manufacturer ID: SoftHSM project 807s Hardware version: 2.6 807s Firmware version: 2.6 807s Token present: yes 807s Token info: 807s Manufacturer ID: SoftHSM project 807s Model: SoftHSM v2 807s Hardware version: 2.6 807s Firmware version: 2.6 807s Serial number: 807s Initialized: no 807s User PIN init.: no 807s Label: 807s + p11tool --provider=/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so --write --no-mark-private --load-certificate=/tmp/sssd-softhsm2-E5oH29/test-sub-intermediate-CA-trusted-certificate-0001.pem --login --set-pin=053350 --label 'Test Organization Sub Intermediate Trusted Certificate 0001' --id 00112233445566778899FFAABBCCDDEEFF012345 807s + openssl rsa -passin pass:random-sub-intermediate-ca-trusted-cert-0001-1093 -in /tmp/sssd-softhsm2-E5oH29/test-sub-intermediate-CA-trusted-certificate-0001-key.pem -out /tmp/sssd-softhsm2-E5oH29/test-sub-intermediate-CA-trusted-certificate-0001-key-decrypted.pem 807s writing RSA key 807s + p11tool --provider=/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so --write --load-privkey=/tmp/sssd-softhsm2-E5oH29/test-sub-intermediate-CA-trusted-certificate-0001-key-decrypted.pem --login --set-pin=053350 --label 'Test Organization Sub Intermediate Trusted Certificate 0001 Key' --id 00112233445566778899FFAABBCCDDEEFF012345 807s + rm /tmp/sssd-softhsm2-E5oH29/test-sub-intermediate-CA-trusted-certificate-0001-key-decrypted.pem 807s + p11tool --provider=/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so --list-all 807s Object 0: 807s URL: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=1da4aa3372cfb454;token=Test%20Organization%20Sub%20Int%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Sub%20Intermediate%20Trusted%20Certificate%200001;type=cert 807s Type: X.509 Certificate (RSA-1024) 807s Expires: Sat Nov 29 21:11:39 2025 807s Label: Test Organization Sub Intermediate Trusted Certificate 0001 807s ID: 00:11:22:33:44:55:66:77:88:99:ff:aa:bb:cc:dd:ee:ff:01:23:45 807s 807s Test Organization Sub Int Token 807s + echo 'Test Organization Sub Int Token' 807s + '[' -n '' ']' 807s + local output_base_name=SSSD-child-9811 807s + local output_file=/tmp/sssd-softhsm2-E5oH29/SSSD-child-9811.output 807s + output_cert_file=/tmp/sssd-softhsm2-E5oH29/SSSD-child-9811.pem 807s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so '' --ca_db=/tmp/sssd-softhsm2-E5oH29/test-root-CA.pem 807s [p11_child[1778]] [main] (0x0400): p11_child started. 807s [p11_child[1778]] [main] (0x2000): Running in [pre-auth] mode. 807s [p11_child[1778]] [main] (0x2000): Running with effective IDs: [0][0]. 807s [p11_child[1778]] [main] (0x2000): Running with real IDs [0][0]. 807s [p11_child[1778]] [do_card] (0x4000): Module List: 807s [p11_child[1778]] [do_card] (0x4000): common name: [softhsm2]. 807s [p11_child[1778]] [do_card] (0x4000): dll name: [/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so]. 807s [p11_child[1778]] [do_card] (0x4000): Description [SoftHSM slot ID 0x72cfb454] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 807s [p11_child[1778]] [do_card] (0x4000): Token label [Test Organization Sub Int Token]. 807s [p11_child[1778]] [do_card] (0x4000): Found [Test Organization Sub Int Token] in slot [SoftHSM slot ID 0x72cfb454][1926214740] of module [0][/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so]. 807s [p11_child[1778]] [do_card] (0x4000): Login NOT required. 807s [p11_child[1778]] [read_certs] (0x4000): found cert[Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] 807s [p11_child[1778]] [do_verification] (0x0040): X509_verify_cert failed [0]. 807s [p11_child[1778]] [do_verification] (0x0040): X509_verify_cert failed [20][unable to get local issuer certificate]. 807s [p11_child[1778]] [read_certs] (0x0040): Certificate [Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] not valid, skipping. 807s [p11_child[1778]] [do_card] (0x4000): No certificate found. 807s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-E5oH29/SSSD-child-9811.output 807s + return 2 807s + invalid_certificate /tmp/sssd-softhsm2-E5oH29/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-1093 /tmp/sssd-softhsm2-E5oH29/test-root-CA.pem partial_chain 807s + check_certificate /tmp/sssd-softhsm2-E5oH29/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-1093 /tmp/sssd-softhsm2-E5oH29/test-root-CA.pem partial_chain 807s + local certificate=/tmp/sssd-softhsm2-E5oH29/test-sub-intermediate-CA-trusted-certificate-0001.pem 807s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-1093 807s + local key_ring=/tmp/sssd-softhsm2-E5oH29/test-root-CA.pem 807s + local verify_option=partial_chain 807s + prepare_softhsm2_card /tmp/sssd-softhsm2-E5oH29/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-1093 807s + local certificate=/tmp/sssd-softhsm2-E5oH29/test-sub-intermediate-CA-trusted-certificate-0001.pem 807s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-1093 807s + local key_cn 807s + local key_name 807s + local tokens_dir 807s + local output_cert_file 807s + token_name= 807s ++ basename /tmp/sssd-softhsm2-E5oH29/test-sub-intermediate-CA-trusted-certificate-0001.pem .pem 807s + key_name=test-sub-intermediate-CA-trusted-certificate-0001 807s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-E5oH29/test-sub-intermediate-CA-trusted-certificate-0001.pem 807s ++ sed -n 's/ *commonName *= //p' 807s + key_cn='Test Organization Sub Intermediate Trusted Certificate 0001' 807s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 807s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-E5oH29/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 807s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-E5oH29/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 807s ++ basename /tmp/sssd-softhsm2-E5oH29/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf .conf 807s + tokens_dir=/tmp/sssd-softhsm2-E5oH29/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 807s + token_name='Test Organization Sub Int Token' 807s + '[' '!' -e /tmp/sssd-softhsm2-E5oH29/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf ']' 807s + '[' '!' -d /tmp/sssd-softhsm2-E5oH29/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 ']' 807s + echo 'Test Organization Sub Int Token' 807s + '[' -n partial_chain ']' 807s + local verify_arg=--verify=partial_chain 807s + local output_base_name=SSSD-child-3958 807s + local output_file=/tmp/sssd-softhsm2-E5oH29/SSSD-child-3958.output 807s + output_cert_file=/tmp/sssd-softhsm2-E5oH29/SSSD-child-3958.pem 807s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so --verify=partial_chain --ca_db=/tmp/sssd-softhsm2-E5oH29/test-root-CA.pem 807s Test Organization Sub Int Token 807s [p11_child[1785]] [main] (0x0400): p11_child started. 807s [p11_child[1785]] [main] (0x2000): Running in [pre-auth] mode. 807s [p11_child[1785]] [main] (0x2000): Running with effective IDs: [0][0]. 807s [p11_child[1785]] [main] (0x2000): Running with real IDs [0][0]. 807s [p11_child[1785]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 807s [p11_child[1785]] [do_card] (0x4000): Module List: 807s [p11_child[1785]] [do_card] (0x4000): common name: [softhsm2]. 807s [p11_child[1785]] [do_card] (0x4000): dll name: [/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so]. 807s [p11_child[1785]] [do_card] (0x4000): Description [SoftHSM slot ID 0x72cfb454] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 807s [p11_child[1785]] [do_card] (0x4000): Token label [Test Organization Sub Int Token]. 807s [p11_child[1785]] [do_card] (0x4000): Found [Test Organization Sub Int Token] in slot [SoftHSM slot ID 0x72cfb454][1926214740] of module [0][/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so]. 807s [p11_child[1785]] [do_card] (0x4000): Login NOT required. 807s [p11_child[1785]] [read_certs] (0x4000): found cert[Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] 807s [p11_child[1785]] [do_verification] (0x0040): X509_verify_cert failed [0]. 807s [p11_child[1785]] [do_verification] (0x0040): X509_verify_cert failed [20][unable to get local issuer certificate]. 807s [p11_child[1785]] [read_certs] (0x0040): Certificate [Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] not valid, skipping. 807s [p11_child[1785]] [do_card] (0x4000): No certificate found. 807s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-E5oH29/SSSD-child-3958.output 807s + return 2 807s + valid_certificate /tmp/sssd-softhsm2-E5oH29/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-1093 /tmp/sssd-softhsm2-E5oH29/test-full-chain-CA.pem 807s + check_certificate /tmp/sssd-softhsm2-E5oH29/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-1093 /tmp/sssd-softhsm2-E5oH29/test-full-chain-CA.pem 807s + local certificate=/tmp/sssd-softhsm2-E5oH29/test-sub-intermediate-CA-trusted-certificate-0001.pem 807s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-1093 807s + local key_ring=/tmp/sssd-softhsm2-E5oH29/test-full-chain-CA.pem 807s + local verify_option= 807s + prepare_softhsm2_card /tmp/sssd-softhsm2-E5oH29/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-1093 807s + local certificate=/tmp/sssd-softhsm2-E5oH29/test-sub-intermediate-CA-trusted-certificate-0001.pem 807s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-1093 807s + local key_cn 807s + local key_name 807s + local tokens_dir 807s + local output_cert_file 807s + token_name= 807s ++ basename /tmp/sssd-softhsm2-E5oH29/test-sub-intermediate-CA-trusted-certificate-0001.pem .pem 807s + key_name=test-sub-intermediate-CA-trusted-certificate-0001 807s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-E5oH29/test-sub-intermediate-CA-trusted-certificate-0001.pem 807s ++ sed -n 's/ *commonName *= //p' 807s + key_cn='Test Organization Sub Intermediate Trusted Certificate 0001' 807s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 807s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-E5oH29/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 807s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-E5oH29/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 807s ++ basename /tmp/sssd-softhsm2-E5oH29/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf .conf 807s + tokens_dir=/tmp/sssd-softhsm2-E5oH29/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 807s + token_name='Test Organization Sub Int Token' 807s + '[' '!' -e /tmp/sssd-softhsm2-E5oH29/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf ']' 807s + '[' '!' -d /tmp/sssd-softhsm2-E5oH29/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 ']' 807s + echo 'Test Organization Sub Int Token' 807s + '[' -n '' ']' 807s + local output_base_name=SSSD-child-12632 807s + local output_file=/tmp/sssd-softhsm2-E5oH29/SSSD-child-12632.output 807s + output_cert_file=/tmp/sssd-softhsm2-E5oH29/SSSD-child-12632.pem 807s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so '' --ca_db=/tmp/sssd-softhsm2-E5oH29/test-full-chain-CA.pem 807s Test Organization Sub Int Token 807s [p11_child[1792]] [main] (0x0400): p11_child started. 807s [p11_child[1792]] [main] (0x2000): Running in [pre-auth] mode. 807s [p11_child[1792]] [main] (0x2000): Running with effective IDs: [0][0]. 807s [p11_child[1792]] [main] (0x2000): Running with real IDs [0][0]. 807s [p11_child[1792]] [do_card] (0x4000): Module List: 807s [p11_child[1792]] [do_card] (0x4000): common name: [softhsm2]. 807s [p11_child[1792]] [do_card] (0x4000): dll name: [/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so]. 807s [p11_child[1792]] [do_card] (0x4000): Description [SoftHSM slot ID 0x72cfb454] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 807s [p11_child[1792]] [do_card] (0x4000): Token label [Test Organization Sub Int Token]. 807s [p11_child[1792]] [do_card] (0x4000): Found [Test Organization Sub Int Token] in slot [SoftHSM slot ID 0x72cfb454][1926214740] of module [0][/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so]. 807s [p11_child[1792]] [do_card] (0x4000): Login NOT required. 807s [p11_child[1792]] [read_certs] (0x4000): found cert[Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] 807s [p11_child[1792]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 807s [p11_child[1792]] [do_card] (0x4000): /usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so /usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so (null) Test Organization Sub Int Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 807s [p11_child[1792]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x72cfb454;slot-manufacturer=SoftHSM%20project;slot-id=1926214740;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=1da4aa3372cfb454;token=Test%20Organization%20Sub%20Int%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Sub%20Intermediate%20Trusted%20Certificate%200001;type=cert. 807s [p11_child[1792]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 807s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-E5oH29/SSSD-child-12632.output 807s + echo '-----BEGIN CERTIFICATE-----' 807s + tail -n1 /tmp/sssd-softhsm2-E5oH29/SSSD-child-12632.output 807s + echo '-----END CERTIFICATE-----' 807s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-E5oH29/SSSD-child-12632.pem 807s Certificate: 807s Data: 807s Version: 3 (0x2) 807s Serial Number: 5 (0x5) 807s Signature Algorithm: sha256WithRSAEncryption 807s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate CA 807s Validity 807s Not Before: Nov 29 21:11:39 2024 GMT 807s Not After : Nov 29 21:11:39 2025 GMT 807s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate Trusted Certificate 0001 807s Subject Public Key Info: 807s Public Key Algorithm: rsaEncryption 807s Public-Key: (1024 bit) 807s Modulus: 807s 00:c4:1f:84:cc:68:4f:99:5f:4d:e6:08:35:e2:35: 807s 98:00:7d:17:77:6b:96:5c:3c:30:e3:18:a6:48:cf: 807s b5:09:de:ed:c4:6b:a2:3a:58:9d:79:ee:4a:82:a2: 807s 6b:ed:a1:78:86:51:b4:7a:46:7d:d7:73:e2:fc:8d: 807s 76:d6:ef:be:85:ae:a5:b3:97:7c:f7:4d:a6:e0:7c: 807s e1:8d:22:7d:60:cb:6e:e7:47:7c:c7:ce:97:e3:9a: 807s fd:f7:ac:1a:b8:6d:8d:f3:27:23:45:e4:1f:4e:aa: 807s a2:22:6a:97:dd:da:83:9d:52:25:bf:79:c8:9f:89: 807s d1:88:a6:de:82:8d:b9:d1:5d 807s Exponent: 65537 (0x10001) 807s X509v3 extensions: 807s X509v3 Authority Key Identifier: 807s F3:9A:A4:97:CC:41:9D:FF:8F:D4:6A:64:0F:30:AF:D8:B4:84:92:90 807s X509v3 Basic Constraints: 807s CA:FALSE 807s Netscape Cert Type: 807s SSL Client, S/MIME 807s Netscape Comment: 807s Test Organization Sub Intermediate CA trusted Certificate 807s X509v3 Subject Key Identifier: 807s 7E:CF:6C:A9:A2:D0:08:FB:4E:30:A4:52:93:DD:CA:C0:BA:3D:81:A1 807s X509v3 Key Usage: critical 807s Digital Signature, Non Repudiation, Key Encipherment 807s X509v3 Extended Key Usage: 807s TLS Web Client Authentication, E-mail Protection 807s X509v3 Subject Alternative Name: 807s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 807s Signature Algorithm: sha256WithRSAEncryption 807s Signature Value: 807s 63:d3:7f:66:5d:0a:47:78:c0:25:6a:51:4f:5d:68:fa:47:74: 807s 39:16:e2:d5:d8:3a:41:4c:d9:81:3d:ff:f4:12:e2:b4:79:c9: 807s ed:f0:ea:d9:e3:2a:ab:c9:2a:30:a9:76:07:1e:92:1d:b1:f6: 807s 95:65:99:53:82:0f:c2:ab:75:5d:66:29:df:f7:bf:39:e2:02: 807s fd:4f:7f:37:c2:a3:f1:0a:8d:4a:2a:36:46:27:66:f9:b0:6b: 807s de:fd:91:e3:bd:ae:0b:fc:cf:2d:ce:42:db:3c:8a:24:61:4b: 807s f4:f6:c5:4d:d6:e0:af:42:34:a3:95:49:95:1b:5d:46:a5:60: 807s c5:54 807s + local found_md5 expected_md5 807s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-E5oH29/test-sub-intermediate-CA-trusted-certificate-0001.pem 807s + expected_md5=Modulus=C41F84CC684F995F4DE60835E23598007D17776B965C3C30E318A648CFB509DEEDC46BA23A589D79EE4A82A26BEDA1788651B47A467DD773E2FC8D76D6EFBE85AEA5B3977CF74DA6E07CE18D227D60CB6EE7477CC7CE97E39AFDF7AC1AB86D8DF3272345E41F4EAAA2226A97DDDA839D5225BF79C89F89D188A6DE828DB9D15D 807s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-E5oH29/SSSD-child-12632.pem 807s + found_md5=Modulus=C41F84CC684F995F4DE60835E23598007D17776B965C3C30E318A648CFB509DEEDC46BA23A589D79EE4A82A26BEDA1788651B47A467DD773E2FC8D76D6EFBE85AEA5B3977CF74DA6E07CE18D227D60CB6EE7477CC7CE97E39AFDF7AC1AB86D8DF3272345E41F4EAAA2226A97DDDA839D5225BF79C89F89D188A6DE828DB9D15D 807s + '[' Modulus=C41F84CC684F995F4DE60835E23598007D17776B965C3C30E318A648CFB509DEEDC46BA23A589D79EE4A82A26BEDA1788651B47A467DD773E2FC8D76D6EFBE85AEA5B3977CF74DA6E07CE18D227D60CB6EE7477CC7CE97E39AFDF7AC1AB86D8DF3272345E41F4EAAA2226A97DDDA839D5225BF79C89F89D188A6DE828DB9D15D '!=' Modulus=C41F84CC684F995F4DE60835E23598007D17776B965C3C30E318A648CFB509DEEDC46BA23A589D79EE4A82A26BEDA1788651B47A467DD773E2FC8D76D6EFBE85AEA5B3977CF74DA6E07CE18D227D60CB6EE7477CC7CE97E39AFDF7AC1AB86D8DF3272345E41F4EAAA2226A97DDDA839D5225BF79C89F89D188A6DE828DB9D15D ']' 807s + output_file=/tmp/sssd-softhsm2-E5oH29/SSSD-child-12632-auth.output 807s ++ basename /tmp/sssd-softhsm2-E5oH29/SSSD-child-12632-auth.output .output 807s + output_cert_file=/tmp/sssd-softhsm2-E5oH29/SSSD-child-12632-auth.pem 807s + echo -n 053350 807s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/tmp/sssd-softhsm2-E5oH29/test-full-chain-CA.pem --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 '' --token_name 'Test Organization Sub Int Token' --module_name /usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so 807s [p11_child[1800]] [main] (0x0400): p11_child started. 807s [p11_child[1800]] [main] (0x2000): Running in [auth] mode. 807s [p11_child[1800]] [main] (0x2000): Running with effective IDs: [0][0]. 807s [p11_child[1800]] [main] (0x2000): Running with real IDs [0][0]. 807s [p11_child[1800]] [do_card] (0x4000): Module List: 807s [p11_child[1800]] [do_card] (0x4000): common name: [softhsm2]. 807s [p11_child[1800]] [do_card] (0x4000): dll name: [/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so]. 807s [p11_child[1800]] [do_card] (0x4000): Description [SoftHSM slot ID 0x72cfb454] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 807s [p11_child[1800]] [do_card] (0x4000): Token label [Test Organization Sub Int Token]. 807s [p11_child[1800]] [do_card] (0x4000): Found [Test Organization Sub Int Token] in slot [SoftHSM slot ID 0x72cfb454][1926214740] of module [0][/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so]. 807s [p11_child[1800]] [do_card] (0x4000): Login required. 807s [p11_child[1800]] [read_certs] (0x4000): found cert[Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] 807s [p11_child[1800]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 807s [p11_child[1800]] [do_card] (0x4000): /usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so /usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so Test Organization Sub Int Token Test Organization Sub Int Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 807s [p11_child[1800]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x72cfb454;slot-manufacturer=SoftHSM%20project;slot-id=1926214740;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=1da4aa3372cfb454;token=Test%20Organization%20Sub%20Int%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Sub%20Intermediate%20Trusted%20Certificate%200001;type=cert. 807s [p11_child[1800]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 807s [p11_child[1800]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 807s [p11_child[1800]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 807s [p11_child[1800]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 807s [p11_child[1800]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 807s [p11_child[1800]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 807s [p11_child[1800]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 807s [p11_child[1800]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 807s [p11_child[1800]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 807s [p11_child[1800]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 807s [p11_child[1800]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 807s [p11_child[1800]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 807s [p11_child[1800]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 807s [p11_child[1800]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 807s [p11_child[1800]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 807s [p11_child[1800]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 807s [p11_child[1800]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 807s [p11_child[1800]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 807s [p11_child[1800]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 807s [p11_child[1800]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 807s [p11_child[1800]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 807s [p11_child[1800]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 807s [p11_child[1800]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 807s [p11_child[1800]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 807s [p11_child[1800]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 807s [p11_child[1800]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 807s [p11_child[1800]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 807s [p11_child[1800]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 807s [p11_child[1800]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 807s [p11_child[1800]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 807s [p11_child[1800]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 807s [p11_child[1800]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 807s [p11_child[1800]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 807s [p11_child[1800]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 807s [p11_child[1800]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 807s [p11_child[1800]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 807s [p11_child[1800]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 807s [p11_child[1800]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 807s [p11_child[1800]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 807s [p11_child[1800]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 807s [p11_child[1800]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 807s [p11_child[1800]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 807s [p11_child[1800]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 807s [p11_child[1800]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 807s [p11_child[1800]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 807s [p11_child[1800]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 807s [p11_child[1800]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 807s [p11_child[1800]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 807s [p11_child[1800]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 807s [p11_child[1800]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 807s [p11_child[1800]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 807s [p11_child[1800]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 807s [p11_child[1800]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 807s [p11_child[1800]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 807s [p11_child[1800]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 807s [p11_child[1800]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 807s [p11_child[1800]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 807s [p11_child[1800]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 807s [p11_child[1800]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 807s [p11_child[1800]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 807s [p11_child[1800]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 807s [p11_child[1800]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 807s [p11_child[1800]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 807s [p11_child[1800]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 807s [p11_child[1800]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 807s [p11_child[1800]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 807s [p11_child[1800]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 807s [p11_child[1800]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 807s [p11_child[1800]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 807s [p11_child[1800]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 807s [p11_child[1800]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 807s [p11_child[1800]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 807s [p11_child[1800]] [do_card] (0x4000): Certificate verified and validated. 807s [p11_child[1800]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 807s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-E5oH29/SSSD-child-12632-auth.output 807s + echo '-----BEGIN CERTIFICATE-----' 807s + tail -n1 /tmp/sssd-softhsm2-E5oH29/SSSD-child-12632-auth.output 807s + echo '-----END CERTIFICATE-----' 807s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-E5oH29/SSSD-child-12632-auth.pem 807s Certificate: 807s Data: 807s Version: 3 (0x2) 807s Serial Number: 5 (0x5) 807s Signature Algorithm: sha256WithRSAEncryption 807s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate CA 807s Validity 807s Not Before: Nov 29 21:11:39 2024 GMT 807s Not After : Nov 29 21:11:39 2025 GMT 807s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate Trusted Certificate 0001 807s Subject Public Key Info: 807s Public Key Algorithm: rsaEncryption 807s Public-Key: (1024 bit) 807s Modulus: 807s 00:c4:1f:84:cc:68:4f:99:5f:4d:e6:08:35:e2:35: 807s 98:00:7d:17:77:6b:96:5c:3c:30:e3:18:a6:48:cf: 807s b5:09:de:ed:c4:6b:a2:3a:58:9d:79:ee:4a:82:a2: 807s 6b:ed:a1:78:86:51:b4:7a:46:7d:d7:73:e2:fc:8d: 807s 76:d6:ef:be:85:ae:a5:b3:97:7c:f7:4d:a6:e0:7c: 807s e1:8d:22:7d:60:cb:6e:e7:47:7c:c7:ce:97:e3:9a: 807s fd:f7:ac:1a:b8:6d:8d:f3:27:23:45:e4:1f:4e:aa: 807s a2:22:6a:97:dd:da:83:9d:52:25:bf:79:c8:9f:89: 807s d1:88:a6:de:82:8d:b9:d1:5d 807s Exponent: 65537 (0x10001) 807s X509v3 extensions: 807s X509v3 Authority Key Identifier: 807s F3:9A:A4:97:CC:41:9D:FF:8F:D4:6A:64:0F:30:AF:D8:B4:84:92:90 807s X509v3 Basic Constraints: 807s CA:FALSE 807s Netscape Cert Type: 807s SSL Client, S/MIME 807s Netscape Comment: 807s Test Organization Sub Intermediate CA trusted Certificate 807s X509v3 Subject Key Identifier: 807s 7E:CF:6C:A9:A2:D0:08:FB:4E:30:A4:52:93:DD:CA:C0:BA:3D:81:A1 807s X509v3 Key Usage: critical 807s Digital Signature, Non Repudiation, Key Encipherment 807s X509v3 Extended Key Usage: 807s TLS Web Client Authentication, E-mail Protection 807s X509v3 Subject Alternative Name: 807s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 807s Signature Algorithm: sha256WithRSAEncryption 807s Signature Value: 807s 63:d3:7f:66:5d:0a:47:78:c0:25:6a:51:4f:5d:68:fa:47:74: 807s 39:16:e2:d5:d8:3a:41:4c:d9:81:3d:ff:f4:12:e2:b4:79:c9: 807s ed:f0:ea:d9:e3:2a:ab:c9:2a:30:a9:76:07:1e:92:1d:b1:f6: 807s 95:65:99:53:82:0f:c2:ab:75:5d:66:29:df:f7:bf:39:e2:02: 807s fd:4f:7f:37:c2:a3:f1:0a:8d:4a:2a:36:46:27:66:f9:b0:6b: 807s de:fd:91:e3:bd:ae:0b:fc:cf:2d:ce:42:db:3c:8a:24:61:4b: 807s f4:f6:c5:4d:d6:e0:af:42:34:a3:95:49:95:1b:5d:46:a5:60: 807s c5:54 807s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-E5oH29/SSSD-child-12632-auth.pem 807s + found_md5=Modulus=C41F84CC684F995F4DE60835E23598007D17776B965C3C30E318A648CFB509DEEDC46BA23A589D79EE4A82A26BEDA1788651B47A467DD773E2FC8D76D6EFBE85AEA5B3977CF74DA6E07CE18D227D60CB6EE7477CC7CE97E39AFDF7AC1AB86D8DF3272345E41F4EAAA2226A97DDDA839D5225BF79C89F89D188A6DE828DB9D15D 807s + '[' Modulus=C41F84CC684F995F4DE60835E23598007D17776B965C3C30E318A648CFB509DEEDC46BA23A589D79EE4A82A26BEDA1788651B47A467DD773E2FC8D76D6EFBE85AEA5B3977CF74DA6E07CE18D227D60CB6EE7477CC7CE97E39AFDF7AC1AB86D8DF3272345E41F4EAAA2226A97DDDA839D5225BF79C89F89D188A6DE828DB9D15D '!=' Modulus=C41F84CC684F995F4DE60835E23598007D17776B965C3C30E318A648CFB509DEEDC46BA23A589D79EE4A82A26BEDA1788651B47A467DD773E2FC8D76D6EFBE85AEA5B3977CF74DA6E07CE18D227D60CB6EE7477CC7CE97E39AFDF7AC1AB86D8DF3272345E41F4EAAA2226A97DDDA839D5225BF79C89F89D188A6DE828DB9D15D ']' 807s + valid_certificate /tmp/sssd-softhsm2-E5oH29/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-1093 /tmp/sssd-softhsm2-E5oH29/test-full-chain-CA.pem partial_chain 807s + check_certificate /tmp/sssd-softhsm2-E5oH29/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-1093 /tmp/sssd-softhsm2-E5oH29/test-full-chain-CA.pem partial_chain 807s + local certificate=/tmp/sssd-softhsm2-E5oH29/test-sub-intermediate-CA-trusted-certificate-0001.pem 807s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-1093 807s + local key_ring=/tmp/sssd-softhsm2-E5oH29/test-full-chain-CA.pem 807s + local verify_option=partial_chain 807s + prepare_softhsm2_card /tmp/sssd-softhsm2-E5oH29/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-1093 807s + local certificate=/tmp/sssd-softhsm2-E5oH29/test-sub-intermediate-CA-trusted-certificate-0001.pem 807s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-1093 807s + local key_cn 807s + local key_name 807s + local tokens_dir 807s + local output_cert_file 807s + token_name= 807s ++ basename /tmp/sssd-softhsm2-E5oH29/test-sub-intermediate-CA-trusted-certificate-0001.pem .pem 807s + key_name=test-sub-intermediate-CA-trusted-certificate-0001 807s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-E5oH29/test-sub-intermediate-CA-trusted-certificate-0001.pem 807s ++ sed -n 's/ *commonName *= //p' 807s + key_cn='Test Organization Sub Intermediate Trusted Certificate 0001' 807s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 807s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-E5oH29/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 807s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-E5oH29/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 807s ++ basename /tmp/sssd-softhsm2-E5oH29/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf .conf 807s + tokens_dir=/tmp/sssd-softhsm2-E5oH29/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 807s + token_name='Test Organization Sub Int Token' 807s + '[' '!' -e /tmp/sssd-softhsm2-E5oH29/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf ']' 807s + '[' '!' -d /tmp/sssd-softhsm2-E5oH29/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 ']' 807s + echo 'Test Organization Sub Int Token' 807s + '[' -n partial_chain ']' 807s + local verify_arg=--verify=partial_chain 807s + local output_base_name=SSSD-child-7689 807s + local output_file=/tmp/sssd-softhsm2-E5oH29/SSSD-child-7689.output 807s + output_cert_file=/tmp/sssd-softhsm2-E5oH29/SSSD-child-7689.pem 807s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so --verify=partial_chain --ca_db=/tmp/sssd-softhsm2-E5oH29/test-full-chain-CA.pem 807s Test Organization Sub Int Token 807s [p11_child[1810]] [main] (0x0400): p11_child started. 807s [p11_child[1810]] [main] (0x2000): Running in [pre-auth] mode. 807s [p11_child[1810]] [main] (0x2000): Running with effective IDs: [0][0]. 807s [p11_child[1810]] [main] (0x2000): Running with real IDs [0][0]. 807s [p11_child[1810]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 807s [p11_child[1810]] [do_card] (0x4000): Module List: 807s [p11_child[1810]] [do_card] (0x4000): common name: [softhsm2]. 807s [p11_child[1810]] [do_card] (0x4000): dll name: [/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so]. 807s [p11_child[1810]] [do_card] (0x4000): Description [SoftHSM slot ID 0x72cfb454] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 807s [p11_child[1810]] [do_card] (0x4000): Token label [Test Organization Sub Int Token]. 807s [p11_child[1810]] [do_card] (0x4000): Found [Test Organization Sub Int Token] in slot [SoftHSM slot ID 0x72cfb454][1926214740] of module [0][/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so]. 807s [p11_child[1810]] [do_card] (0x4000): Login NOT required. 807s [p11_child[1810]] [read_certs] (0x4000): found cert[Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] 807s [p11_child[1810]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 807s [p11_child[1810]] [do_card] (0x4000): /usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so /usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so (null) Test Organization Sub Int Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 807s [p11_child[1810]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x72cfb454;slot-manufacturer=SoftHSM%20project;slot-id=1926214740;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=1da4aa3372cfb454;token=Test%20Organization%20Sub%20Int%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Sub%20Intermediate%20Trusted%20Certificate%200001;type=cert. 807s [p11_child[1810]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 807s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-E5oH29/SSSD-child-7689.output 807s + echo '-----BEGIN CERTIFICATE-----' 807s + tail -n1 /tmp/sssd-softhsm2-E5oH29/SSSD-child-7689.output 807s + echo '-----END CERTIFICATE-----' 807s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-E5oH29/SSSD-child-7689.pem 807s + local found_md5 expected_md5 807s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-E5oH29/test-sub-intermediate-CA-trusted-certificate-0001.pem 807s Certificate: 807s Data: 807s Version: 3 (0x2) 807s Serial Number: 5 (0x5) 807s Signature Algorithm: sha256WithRSAEncryption 807s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate CA 807s Validity 807s Not Before: Nov 29 21:11:39 2024 GMT 807s Not After : Nov 29 21:11:39 2025 GMT 807s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate Trusted Certificate 0001 807s Subject Public Key Info: 807s Public Key Algorithm: rsaEncryption 807s Public-Key: (1024 bit) 807s Modulus: 807s 00:c4:1f:84:cc:68:4f:99:5f:4d:e6:08:35:e2:35: 807s 98:00:7d:17:77:6b:96:5c:3c:30:e3:18:a6:48:cf: 807s b5:09:de:ed:c4:6b:a2:3a:58:9d:79:ee:4a:82:a2: 807s 6b:ed:a1:78:86:51:b4:7a:46:7d:d7:73:e2:fc:8d: 807s 76:d6:ef:be:85:ae:a5:b3:97:7c:f7:4d:a6:e0:7c: 807s e1:8d:22:7d:60:cb:6e:e7:47:7c:c7:ce:97:e3:9a: 807s fd:f7:ac:1a:b8:6d:8d:f3:27:23:45:e4:1f:4e:aa: 807s a2:22:6a:97:dd:da:83:9d:52:25:bf:79:c8:9f:89: 807s d1:88:a6:de:82:8d:b9:d1:5d 807s Exponent: 65537 (0x10001) 807s X509v3 extensions: 807s X509v3 Authority Key Identifier: 807s F3:9A:A4:97:CC:41:9D:FF:8F:D4:6A:64:0F:30:AF:D8:B4:84:92:90 807s X509v3 Basic Constraints: 807s CA:FALSE 807s Netscape Cert Type: 807s SSL Client, S/MIME 807s Netscape Comment: 807s Test Organization Sub Intermediate CA trusted Certificate 807s X509v3 Subject Key Identifier: 807s 7E:CF:6C:A9:A2:D0:08:FB:4E:30:A4:52:93:DD:CA:C0:BA:3D:81:A1 807s X509v3 Key Usage: critical 807s Digital Signature, Non Repudiation, Key Encipherment 807s X509v3 Extended Key Usage: 807s TLS Web Client Authentication, E-mail Protection 807s X509v3 Subject Alternative Name: 807s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 807s Signature Algorithm: sha256WithRSAEncryption 807s Signature Value: 807s 63:d3:7f:66:5d:0a:47:78:c0:25:6a:51:4f:5d:68:fa:47:74: 807s 39:16:e2:d5:d8:3a:41:4c:d9:81:3d:ff:f4:12:e2:b4:79:c9: 807s ed:f0:ea:d9:e3:2a:ab:c9:2a:30:a9:76:07:1e:92:1d:b1:f6: 807s 95:65:99:53:82:0f:c2:ab:75:5d:66:29:df:f7:bf:39:e2:02: 807s fd:4f:7f:37:c2:a3:f1:0a:8d:4a:2a:36:46:27:66:f9:b0:6b: 807s de:fd:91:e3:bd:ae:0b:fc:cf:2d:ce:42:db:3c:8a:24:61:4b: 807s f4:f6:c5:4d:d6:e0:af:42:34:a3:95:49:95:1b:5d:46:a5:60: 807s c5:54 808s + expected_md5=Modulus=C41F84CC684F995F4DE60835E23598007D17776B965C3C30E318A648CFB509DEEDC46BA23A589D79EE4A82A26BEDA1788651B47A467DD773E2FC8D76D6EFBE85AEA5B3977CF74DA6E07CE18D227D60CB6EE7477CC7CE97E39AFDF7AC1AB86D8DF3272345E41F4EAAA2226A97DDDA839D5225BF79C89F89D188A6DE828DB9D15D 808s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-E5oH29/SSSD-child-7689.pem 808s + found_md5=Modulus=C41F84CC684F995F4DE60835E23598007D17776B965C3C30E318A648CFB509DEEDC46BA23A589D79EE4A82A26BEDA1788651B47A467DD773E2FC8D76D6EFBE85AEA5B3977CF74DA6E07CE18D227D60CB6EE7477CC7CE97E39AFDF7AC1AB86D8DF3272345E41F4EAAA2226A97DDDA839D5225BF79C89F89D188A6DE828DB9D15D 808s + '[' Modulus=C41F84CC684F995F4DE60835E23598007D17776B965C3C30E318A648CFB509DEEDC46BA23A589D79EE4A82A26BEDA1788651B47A467DD773E2FC8D76D6EFBE85AEA5B3977CF74DA6E07CE18D227D60CB6EE7477CC7CE97E39AFDF7AC1AB86D8DF3272345E41F4EAAA2226A97DDDA839D5225BF79C89F89D188A6DE828DB9D15D '!=' Modulus=C41F84CC684F995F4DE60835E23598007D17776B965C3C30E318A648CFB509DEEDC46BA23A589D79EE4A82A26BEDA1788651B47A467DD773E2FC8D76D6EFBE85AEA5B3977CF74DA6E07CE18D227D60CB6EE7477CC7CE97E39AFDF7AC1AB86D8DF3272345E41F4EAAA2226A97DDDA839D5225BF79C89F89D188A6DE828DB9D15D ']' 808s + output_file=/tmp/sssd-softhsm2-E5oH29/SSSD-child-7689-auth.output 808s ++ basename /tmp/sssd-softhsm2-E5oH29/SSSD-child-7689-auth.output .output 808s + output_cert_file=/tmp/sssd-softhsm2-E5oH29/SSSD-child-7689-auth.pem 808s + echo -n 053350 808s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/tmp/sssd-softhsm2-E5oH29/test-full-chain-CA.pem --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 --verify=partial_chain --token_name 'Test Organization Sub Int Token' --module_name /usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so 808s [p11_child[1818]] [main] (0x0400): p11_child started. 808s [p11_child[1818]] [main] (0x2000): Running in [auth] mode. 808s [p11_child[1818]] [main] (0x2000): Running with effective IDs: [0][0]. 808s [p11_child[1818]] [main] (0x2000): Running with real IDs [0][0]. 808s [p11_child[1818]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 808s [p11_child[1818]] [do_card] (0x4000): Module List: 808s [p11_child[1818]] [do_card] (0x4000): common name: [softhsm2]. 808s [p11_child[1818]] [do_card] (0x4000): dll name: [/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so]. 808s [p11_child[1818]] [do_card] (0x4000): Description [SoftHSM slot ID 0x72cfb454] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 808s [p11_child[1818]] [do_card] (0x4000): Token label [Test Organization Sub Int Token]. 808s [p11_child[1818]] [do_card] (0x4000): Found [Test Organization Sub Int Token] in slot [SoftHSM slot ID 0x72cfb454][1926214740] of module [0][/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so]. 808s [p11_child[1818]] [do_card] (0x4000): Login required. 808s [p11_child[1818]] [read_certs] (0x4000): found cert[Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] 808s [p11_child[1818]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 808s [p11_child[1818]] [do_card] (0x4000): /usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so /usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so Test Organization Sub Int Token Test Organization Sub Int Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 808s [p11_child[1818]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x72cfb454;slot-manufacturer=SoftHSM%20project;slot-id=1926214740;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=1da4aa3372cfb454;token=Test%20Organization%20Sub%20Int%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Sub%20Intermediate%20Trusted%20Certificate%200001;type=cert. 808s [p11_child[1818]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 808s [p11_child[1818]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 808s [p11_child[1818]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 808s [p11_child[1818]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 808s [p11_child[1818]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 808s [p11_child[1818]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 808s [p11_child[1818]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 808s [p11_child[1818]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 808s [p11_child[1818]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 808s [p11_child[1818]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 808s [p11_child[1818]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 808s [p11_child[1818]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 808s [p11_child[1818]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 808s [p11_child[1818]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 808s [p11_child[1818]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 808s [p11_child[1818]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 808s [p11_child[1818]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 808s [p11_child[1818]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 808s [p11_child[1818]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 808s [p11_child[1818]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 808s [p11_child[1818]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 808s [p11_child[1818]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 808s [p11_child[1818]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 808s [p11_child[1818]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 808s [p11_child[1818]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 808s [p11_child[1818]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 808s [p11_child[1818]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 808s [p11_child[1818]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 808s [p11_child[1818]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 808s [p11_child[1818]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 808s [p11_child[1818]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 808s [p11_child[1818]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 808s [p11_child[1818]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 808s [p11_child[1818]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 808s [p11_child[1818]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 808s [p11_child[1818]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 808s [p11_child[1818]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 808s [p11_child[1818]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 808s [p11_child[1818]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 808s [p11_child[1818]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 808s [p11_child[1818]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 808s [p11_child[1818]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 808s [p11_child[1818]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 808s [p11_child[1818]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 808s [p11_child[1818]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 808s [p11_child[1818]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 808s [p11_child[1818]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 808s [p11_child[1818]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 808s [p11_child[1818]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 808s [p11_child[1818]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 808s [p11_child[1818]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 808s [p11_child[1818]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 808s [p11_child[1818]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 808s [p11_child[1818]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 808s [p11_child[1818]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 808s [p11_child[1818]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 808s [p11_child[1818]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 808s [p11_child[1818]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 808s [p11_child[1818]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 808s [p11_child[1818]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 808s [p11_child[1818]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 808s [p11_child[1818]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 808s [p11_child[1818]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 808s [p11_child[1818]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 808s [p11_child[1818]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 808s [p11_child[1818]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 808s [p11_child[1818]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 808s [p11_child[1818]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 808s [p11_child[1818]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 808s [p11_child[1818]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 808s [p11_child[1818]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 808s [p11_child[1818]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 808s [p11_child[1818]] [do_card] (0x4000): Certificate verified and validated. 808s [p11_child[1818]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 808s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-E5oH29/SSSD-child-7689-auth.output 808s + echo '-----BEGIN CERTIFICATE-----' 808s + tail -n1 /tmp/sssd-softhsm2-E5oH29/SSSD-child-7689-auth.output 808s + echo '-----END CERTIFICATE-----' 808s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-E5oH29/SSSD-child-7689-auth.pem 808s Certificate: 808s Data: 808s Version: 3 (0x2) 808s Serial Number: 5 (0x5) 808s Signature Algorithm: sha256WithRSAEncryption 808s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate CA 808s Validity 808s Not Before: Nov 29 21:11:39 2024 GMT 808s Not After : Nov 29 21:11:39 2025 GMT 808s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate Trusted Certificate 0001 808s Subject Public Key Info: 808s Public Key Algorithm: rsaEncryption 808s Public-Key: (1024 bit) 808s Modulus: 808s 00:c4:1f:84:cc:68:4f:99:5f:4d:e6:08:35:e2:35: 808s 98:00:7d:17:77:6b:96:5c:3c:30:e3:18:a6:48:cf: 808s b5:09:de:ed:c4:6b:a2:3a:58:9d:79:ee:4a:82:a2: 808s 6b:ed:a1:78:86:51:b4:7a:46:7d:d7:73:e2:fc:8d: 808s 76:d6:ef:be:85:ae:a5:b3:97:7c:f7:4d:a6:e0:7c: 808s e1:8d:22:7d:60:cb:6e:e7:47:7c:c7:ce:97:e3:9a: 808s fd:f7:ac:1a:b8:6d:8d:f3:27:23:45:e4:1f:4e:aa: 808s a2:22:6a:97:dd:da:83:9d:52:25:bf:79:c8:9f:89: 808s d1:88:a6:de:82:8d:b9:d1:5d 808s Exponent: 65537 (0x10001) 808s X509v3 extensions: 808s X509v3 Authority Key Identifier: 808s F3:9A:A4:97:CC:41:9D:FF:8F:D4:6A:64:0F:30:AF:D8:B4:84:92:90 808s X509v3 Basic Constraints: 808s CA:FALSE 808s Netscape Cert Type: 808s SSL Client, S/MIME 808s Netscape Comment: 808s Test Organization Sub Intermediate CA trusted Certificate 808s X509v3 Subject Key Identifier: 808s 7E:CF:6C:A9:A2:D0:08:FB:4E:30:A4:52:93:DD:CA:C0:BA:3D:81:A1 808s X509v3 Key Usage: critical 808s Digital Signature, Non Repudiation, Key Encipherment 808s X509v3 Extended Key Usage: 808s TLS Web Client Authentication, E-mail Protection 808s X509v3 Subject Alternative Name: 808s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 808s Signature Algorithm: sha256WithRSAEncryption 808s Signature Value: 808s 63:d3:7f:66:5d:0a:47:78:c0:25:6a:51:4f:5d:68:fa:47:74: 808s 39:16:e2:d5:d8:3a:41:4c:d9:81:3d:ff:f4:12:e2:b4:79:c9: 808s ed:f0:ea:d9:e3:2a:ab:c9:2a:30:a9:76:07:1e:92:1d:b1:f6: 808s 95:65:99:53:82:0f:c2:ab:75:5d:66:29:df:f7:bf:39:e2:02: 808s fd:4f:7f:37:c2:a3:f1:0a:8d:4a:2a:36:46:27:66:f9:b0:6b: 808s de:fd:91:e3:bd:ae:0b:fc:cf:2d:ce:42:db:3c:8a:24:61:4b: 808s f4:f6:c5:4d:d6:e0:af:42:34:a3:95:49:95:1b:5d:46:a5:60: 808s c5:54 808s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-E5oH29/SSSD-child-7689-auth.pem 808s + found_md5=Modulus=C41F84CC684F995F4DE60835E23598007D17776B965C3C30E318A648CFB509DEEDC46BA23A589D79EE4A82A26BEDA1788651B47A467DD773E2FC8D76D6EFBE85AEA5B3977CF74DA6E07CE18D227D60CB6EE7477CC7CE97E39AFDF7AC1AB86D8DF3272345E41F4EAAA2226A97DDDA839D5225BF79C89F89D188A6DE828DB9D15D 808s + '[' Modulus=C41F84CC684F995F4DE60835E23598007D17776B965C3C30E318A648CFB509DEEDC46BA23A589D79EE4A82A26BEDA1788651B47A467DD773E2FC8D76D6EFBE85AEA5B3977CF74DA6E07CE18D227D60CB6EE7477CC7CE97E39AFDF7AC1AB86D8DF3272345E41F4EAAA2226A97DDDA839D5225BF79C89F89D188A6DE828DB9D15D '!=' Modulus=C41F84CC684F995F4DE60835E23598007D17776B965C3C30E318A648CFB509DEEDC46BA23A589D79EE4A82A26BEDA1788651B47A467DD773E2FC8D76D6EFBE85AEA5B3977CF74DA6E07CE18D227D60CB6EE7477CC7CE97E39AFDF7AC1AB86D8DF3272345E41F4EAAA2226A97DDDA839D5225BF79C89F89D188A6DE828DB9D15D ']' 808s + invalid_certificate /tmp/sssd-softhsm2-E5oH29/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-1093 /tmp/sssd-softhsm2-E5oH29/test-sub-intermediate-CA.pem 808s + check_certificate /tmp/sssd-softhsm2-E5oH29/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-1093 /tmp/sssd-softhsm2-E5oH29/test-sub-intermediate-CA.pem 808s + local certificate=/tmp/sssd-softhsm2-E5oH29/test-sub-intermediate-CA-trusted-certificate-0001.pem 808s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-1093 808s + local key_ring=/tmp/sssd-softhsm2-E5oH29/test-sub-intermediate-CA.pem 808s + local verify_option= 808s + prepare_softhsm2_card /tmp/sssd-softhsm2-E5oH29/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-1093 808s + local certificate=/tmp/sssd-softhsm2-E5oH29/test-sub-intermediate-CA-trusted-certificate-0001.pem 808s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-1093 808s + local key_cn 808s + local key_name 808s + local tokens_dir 808s + local output_cert_file 808s + token_name= 808s ++ basename /tmp/sssd-softhsm2-E5oH29/test-sub-intermediate-CA-trusted-certificate-0001.pem .pem 808s + key_name=test-sub-intermediate-CA-trusted-certificate-0001 808s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-E5oH29/test-sub-intermediate-CA-trusted-certificate-0001.pem 808s ++ sed -n 's/ *commonName *= //p' 808s + key_cn='Test Organization Sub Intermediate Trusted Certificate 0001' 808s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 808s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-E5oH29/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 808s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-E5oH29/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 808s ++ basename /tmp/sssd-softhsm2-E5oH29/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf .conf 808s Test Organization Sub Int Token 808s + tokens_dir=/tmp/sssd-softhsm2-E5oH29/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 808s + token_name='Test Organization Sub Int Token' 808s + '[' '!' -e /tmp/sssd-softhsm2-E5oH29/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf ']' 808s + '[' '!' -d /tmp/sssd-softhsm2-E5oH29/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 ']' 808s + echo 'Test Organization Sub Int Token' 808s + '[' -n '' ']' 808s + local output_base_name=SSSD-child-24845 808s + local output_file=/tmp/sssd-softhsm2-E5oH29/SSSD-child-24845.output 808s + output_cert_file=/tmp/sssd-softhsm2-E5oH29/SSSD-child-24845.pem 808s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so '' --ca_db=/tmp/sssd-softhsm2-E5oH29/test-sub-intermediate-CA.pem 808s [p11_child[1828]] [main] (0x0400): p11_child started. 808s [p11_child[1828]] [main] (0x2000): Running in [pre-auth] mode. 808s [p11_child[1828]] [main] (0x2000): Running with effective IDs: [0][0]. 808s [p11_child[1828]] [main] (0x2000): Running with real IDs [0][0]. 808s [p11_child[1828]] [do_card] (0x4000): Module List: 808s [p11_child[1828]] [do_card] (0x4000): common name: [softhsm2]. 808s [p11_child[1828]] [do_card] (0x4000): dll name: [/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so]. 808s [p11_child[1828]] [do_card] (0x4000): Description [SoftHSM slot ID 0x72cfb454] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 808s [p11_child[1828]] [do_card] (0x4000): Token label [Test Organization Sub Int Token]. 808s [p11_child[1828]] [do_card] (0x4000): Found [Test Organization Sub Int Token] in slot [SoftHSM slot ID 0x72cfb454][1926214740] of module [0][/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so]. 808s [p11_child[1828]] [do_card] (0x4000): Login NOT required. 808s [p11_child[1828]] [read_certs] (0x4000): found cert[Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] 808s [p11_child[1828]] [do_verification] (0x0040): X509_verify_cert failed [0]. 808s [p11_child[1828]] [do_verification] (0x0040): X509_verify_cert failed [2][unable to get issuer certificate]. 808s [p11_child[1828]] [read_certs] (0x0040): Certificate [Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] not valid, skipping. 808s [p11_child[1828]] [do_card] (0x4000): No certificate found. 808s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-E5oH29/SSSD-child-24845.output 808s + return 2 808s + invalid_certificate /tmp/sssd-softhsm2-E5oH29/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-1093 /tmp/sssd-softhsm2-E5oH29/test-root-intermediate-chain-CA.pem partial_chain 808s + check_certificate /tmp/sssd-softhsm2-E5oH29/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-1093 /tmp/sssd-softhsm2-E5oH29/test-root-intermediate-chain-CA.pem partial_chain 808s + local certificate=/tmp/sssd-softhsm2-E5oH29/test-sub-intermediate-CA-trusted-certificate-0001.pem 808s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-1093 808s + local key_ring=/tmp/sssd-softhsm2-E5oH29/test-root-intermediate-chain-CA.pem 808s + local verify_option=partial_chain 808s + prepare_softhsm2_card /tmp/sssd-softhsm2-E5oH29/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-1093 808s + local certificate=/tmp/sssd-softhsm2-E5oH29/test-sub-intermediate-CA-trusted-certificate-0001.pem 808s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-1093 808s + local key_cn 808s + local key_name 808s + local tokens_dir 808s + local output_cert_file 808s + token_name= 808s ++ basename /tmp/sssd-softhsm2-E5oH29/test-sub-intermediate-CA-trusted-certificate-0001.pem .pem 808s + key_name=test-sub-intermediate-CA-trusted-certificate-0001 808s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-E5oH29/test-sub-intermediate-CA-trusted-certificate-0001.pem 808s ++ sed -n 's/ *commonName *= //p' 808s + key_cn='Test Organization Sub Intermediate Trusted Certificate 0001' 808s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 808s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-E5oH29/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 808s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-E5oH29/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 808s ++ basename /tmp/sssd-softhsm2-E5oH29/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf .conf 808s + tokens_dir=/tmp/sssd-softhsm2-E5oH29/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 808s + token_name='Test Organization Sub Int Token' 808s + '[' '!' -e /tmp/sssd-softhsm2-E5oH29/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf ']' 808s + '[' '!' -d /tmp/sssd-softhsm2-E5oH29/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 ']' 808s + echo 'Test Organization Sub Int Token' 808s + '[' -n partial_chain ']' 808s + local verify_arg=--verify=partial_chain 808s + local output_base_name=SSSD-child-21581 808s + local output_file=/tmp/sssd-softhsm2-E5oH29/SSSD-child-21581.output 808s + output_cert_file=/tmp/sssd-softhsm2-E5oH29/SSSD-child-21581.pem 808s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so --verify=partial_chain --ca_db=/tmp/sssd-softhsm2-E5oH29/test-root-intermediate-chain-CA.pem 808s [p11_child[1835]] [main] (0x0400): p11_child started. 808s [p11_child[1835]] [main] (0x2000): Running in [pre-auth] mode. 808s [p11_child[1835]] [main] (0x2000): Running with effective IDs: [0][0]. 808s [p11_child[1835]] [main] (0x2000): Running with real IDs [0][0]. 808s [p11_child[1835]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 808s Test Organization Sub Int Token 808s [p11_child[1835]] [do_card] (0x4000): Module List: 808s [p11_child[1835]] [do_card] (0x4000): common name: [softhsm2]. 808s [p11_child[1835]] [do_card] (0x4000): dll name: [/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so]. 808s [p11_child[1835]] [do_card] (0x4000): Description [SoftHSM slot ID 0x72cfb454] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 808s [p11_child[1835]] [do_card] (0x4000): Token label [Test Organization Sub Int Token]. 808s [p11_child[1835]] [do_card] (0x4000): Found [Test Organization Sub Int Token] in slot [SoftHSM slot ID 0x72cfb454][1926214740] of module [0][/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so]. 808s [p11_child[1835]] [do_card] (0x4000): Login NOT required. 808s [p11_child[1835]] [read_certs] (0x4000): found cert[Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] 808s [p11_child[1835]] [do_verification] (0x0040): X509_verify_cert failed [0]. 808s [p11_child[1835]] [do_verification] (0x0040): X509_verify_cert failed [20][unable to get local issuer certificate]. 808s [p11_child[1835]] [read_certs] (0x0040): Certificate [Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] not valid, skipping. 808s [p11_child[1835]] [do_card] (0x4000): No certificate found. 808s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-E5oH29/SSSD-child-21581.output 808s + return 2 808s + valid_certificate /tmp/sssd-softhsm2-E5oH29/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-1093 /tmp/sssd-softhsm2-E5oH29/test-sub-intermediate-CA.pem partial_chain 808s + check_certificate /tmp/sssd-softhsm2-E5oH29/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-1093 /tmp/sssd-softhsm2-E5oH29/test-sub-intermediate-CA.pem partial_chain 808s + local certificate=/tmp/sssd-softhsm2-E5oH29/test-sub-intermediate-CA-trusted-certificate-0001.pem 808s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-1093 808s + local key_ring=/tmp/sssd-softhsm2-E5oH29/test-sub-intermediate-CA.pem 808s + local verify_option=partial_chain 808s + prepare_softhsm2_card /tmp/sssd-softhsm2-E5oH29/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-1093 808s + local certificate=/tmp/sssd-softhsm2-E5oH29/test-sub-intermediate-CA-trusted-certificate-0001.pem 808s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-1093 808s + local key_cn 808s + local key_name 808s + local tokens_dir 808s + local output_cert_file 808s + token_name= 808s ++ basename /tmp/sssd-softhsm2-E5oH29/test-sub-intermediate-CA-trusted-certificate-0001.pem .pem 808s + key_name=test-sub-intermediate-CA-trusted-certificate-0001 808s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-E5oH29/test-sub-intermediate-CA-trusted-certificate-0001.pem 808s ++ sed -n 's/ *commonName *= //p' 808s + key_cn='Test Organization Sub Intermediate Trusted Certificate 0001' 808s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 808s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-E5oH29/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 808s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-E5oH29/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 808s ++ basename /tmp/sssd-softhsm2-E5oH29/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf .conf 808s + tokens_dir=/tmp/sssd-softhsm2-E5oH29/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 808s + token_name='Test Organization Sub Int Token' 808s + '[' '!' -e /tmp/sssd-softhsm2-E5oH29/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf ']' 808s + '[' '!' -d /tmp/sssd-softhsm2-E5oH29/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 ']' 808s + echo 'Test Organization Sub Int Token' 808s + '[' -n partial_chain ']' 808s + local verify_arg=--verify=partial_chain 808s + local output_base_name=SSSD-child-32385 808s + local output_file=/tmp/sssd-softhsm2-E5oH29/SSSD-child-32385.output 808s + output_cert_file=/tmp/sssd-softhsm2-E5oH29/SSSD-child-32385.pem 808s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so --verify=partial_chain --ca_db=/tmp/sssd-softhsm2-E5oH29/test-sub-intermediate-CA.pem 808s Test Organization Sub Int Token 808s [p11_child[1842]] [main] (0x0400): p11_child started. 808s [p11_child[1842]] [main] (0x2000): Running in [pre-auth] mode. 808s [p11_child[1842]] [main] (0x2000): Running with effective IDs: [0][0]. 808s [p11_child[1842]] [main] (0x2000): Running with real IDs [0][0]. 808s [p11_child[1842]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 808s [p11_child[1842]] [do_card] (0x4000): Module List: 808s [p11_child[1842]] [do_card] (0x4000): common name: [softhsm2]. 808s [p11_child[1842]] [do_card] (0x4000): dll name: [/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so]. 808s [p11_child[1842]] [do_card] (0x4000): Description [SoftHSM slot ID 0x72cfb454] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 808s [p11_child[1842]] [do_card] (0x4000): Token label [Test Organization Sub Int Token]. 808s [p11_child[1842]] [do_card] (0x4000): Found [Test Organization Sub Int Token] in slot [SoftHSM slot ID 0x72cfb454][1926214740] of module [0][/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so]. 808s [p11_child[1842]] [do_card] (0x4000): Login NOT required. 808s [p11_child[1842]] [read_certs] (0x4000): found cert[Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] 808s [p11_child[1842]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 808s [p11_child[1842]] [do_card] (0x4000): /usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so /usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so (null) Test Organization Sub Int Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 808s [p11_child[1842]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x72cfb454;slot-manufacturer=SoftHSM%20project;slot-id=1926214740;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=1da4aa3372cfb454;token=Test%20Organization%20Sub%20Int%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Sub%20Intermediate%20Trusted%20Certificate%200001;type=cert. 808s [p11_child[1842]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 808s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-E5oH29/SSSD-child-32385.output 808s + echo '-----BEGIN CERTIFICATE-----' 808s + tail -n1 /tmp/sssd-softhsm2-E5oH29/SSSD-child-32385.output 808s + echo '-----END CERTIFICATE-----' 808s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-E5oH29/SSSD-child-32385.pem 808s Certificate: 808s Data: 808s Version: 3 (0x2) 808s Serial Number: 5 (0x5) 808s Signature Algorithm: sha256WithRSAEncryption 808s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate CA 808s Validity 808s Not Before: Nov 29 21:11:39 2024 GMT 808s Not After : Nov 29 21:11:39 2025 GMT 808s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate Trusted Certificate 0001 808s Subject Public Key Info: 808s Public Key Algorithm: rsaEncryption 808s Public-Key: (1024 bit) 808s Modulus: 808s 00:c4:1f:84:cc:68:4f:99:5f:4d:e6:08:35:e2:35: 808s 98:00:7d:17:77:6b:96:5c:3c:30:e3:18:a6:48:cf: 808s b5:09:de:ed:c4:6b:a2:3a:58:9d:79:ee:4a:82:a2: 808s 6b:ed:a1:78:86:51:b4:7a:46:7d:d7:73:e2:fc:8d: 808s 76:d6:ef:be:85:ae:a5:b3:97:7c:f7:4d:a6:e0:7c: 808s e1:8d:22:7d:60:cb:6e:e7:47:7c:c7:ce:97:e3:9a: 808s fd:f7:ac:1a:b8:6d:8d:f3:27:23:45:e4:1f:4e:aa: 808s a2:22:6a:97:dd:da:83:9d:52:25:bf:79:c8:9f:89: 808s d1:88:a6:de:82:8d:b9:d1:5d 808s Exponent: 65537 (0x10001) 808s X509v3 extensions: 808s X509v3 Authority Key Identifier: 808s F3:9A:A4:97:CC:41:9D:FF:8F:D4:6A:64:0F:30:AF:D8:B4:84:92:90 808s X509v3 Basic Constraints: 808s CA:FALSE 808s Netscape Cert Type: 808s SSL Client, S/MIME 808s Netscape Comment: 808s Test Organization Sub Intermediate CA trusted Certificate 808s X509v3 Subject Key Identifier: 808s 7E:CF:6C:A9:A2:D0:08:FB:4E:30:A4:52:93:DD:CA:C0:BA:3D:81:A1 808s X509v3 Key Usage: critical 808s Digital Signature, Non Repudiation, Key Encipherment 808s X509v3 Extended Key Usage: 808s TLS Web Client Authentication, E-mail Protection 808s X509v3 Subject Alternative Name: 808s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 808s Signature Algorithm: sha256WithRSAEncryption 808s Signature Value: 808s 63:d3:7f:66:5d:0a:47:78:c0:25:6a:51:4f:5d:68:fa:47:74: 808s 39:16:e2:d5:d8:3a:41:4c:d9:81:3d:ff:f4:12:e2:b4:79:c9: 808s ed:f0:ea:d9:e3:2a:ab:c9:2a:30:a9:76:07:1e:92:1d:b1:f6: 808s 95:65:99:53:82:0f:c2:ab:75:5d:66:29:df:f7:bf:39:e2:02: 808s fd:4f:7f:37:c2:a3:f1:0a:8d:4a:2a:36:46:27:66:f9:b0:6b: 808s de:fd:91:e3:bd:ae:0b:fc:cf:2d:ce:42:db:3c:8a:24:61:4b: 808s f4:f6:c5:4d:d6:e0:af:42:34:a3:95:49:95:1b:5d:46:a5:60: 808s c5:54 808s + local found_md5 expected_md5 808s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-E5oH29/test-sub-intermediate-CA-trusted-certificate-0001.pem 808s + expected_md5=Modulus=C41F84CC684F995F4DE60835E23598007D17776B965C3C30E318A648CFB509DEEDC46BA23A589D79EE4A82A26BEDA1788651B47A467DD773E2FC8D76D6EFBE85AEA5B3977CF74DA6E07CE18D227D60CB6EE7477CC7CE97E39AFDF7AC1AB86D8DF3272345E41F4EAAA2226A97DDDA839D5225BF79C89F89D188A6DE828DB9D15D 808s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-E5oH29/SSSD-child-32385.pem 808s + found_md5=Modulus=C41F84CC684F995F4DE60835E23598007D17776B965C3C30E318A648CFB509DEEDC46BA23A589D79EE4A82A26BEDA1788651B47A467DD773E2FC8D76D6EFBE85AEA5B3977CF74DA6E07CE18D227D60CB6EE7477CC7CE97E39AFDF7AC1AB86D8DF3272345E41F4EAAA2226A97DDDA839D5225BF79C89F89D188A6DE828DB9D15D 808s + '[' Modulus=C41F84CC684F995F4DE60835E23598007D17776B965C3C30E318A648CFB509DEEDC46BA23A589D79EE4A82A26BEDA1788651B47A467DD773E2FC8D76D6EFBE85AEA5B3977CF74DA6E07CE18D227D60CB6EE7477CC7CE97E39AFDF7AC1AB86D8DF3272345E41F4EAAA2226A97DDDA839D5225BF79C89F89D188A6DE828DB9D15D '!=' Modulus=C41F84CC684F995F4DE60835E23598007D17776B965C3C30E318A648CFB509DEEDC46BA23A589D79EE4A82A26BEDA1788651B47A467DD773E2FC8D76D6EFBE85AEA5B3977CF74DA6E07CE18D227D60CB6EE7477CC7CE97E39AFDF7AC1AB86D8DF3272345E41F4EAAA2226A97DDDA839D5225BF79C89F89D188A6DE828DB9D15D ']' 808s + output_file=/tmp/sssd-softhsm2-E5oH29/SSSD-child-32385-auth.output 808s ++ basename /tmp/sssd-softhsm2-E5oH29/SSSD-child-32385-auth.output .output 808s + output_cert_file=/tmp/sssd-softhsm2-E5oH29/SSSD-child-32385-auth.pem 808s + echo -n 053350 808s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/tmp/sssd-softhsm2-E5oH29/test-sub-intermediate-CA.pem --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 --verify=partial_chain --token_name 'Test Organization Sub Int Token' --module_name /usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so 808s [p11_child[1850]] [main] (0x0400): p11_child started. 808s [p11_child[1850]] [main] (0x2000): Running in [auth] mode. 808s [p11_child[1850]] [main] (0x2000): Running with effective IDs: [0][0]. 808s [p11_child[1850]] [main] (0x2000): Running with real IDs [0][0]. 808s [p11_child[1850]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 808s [p11_child[1850]] [do_card] (0x4000): Module List: 808s [p11_child[1850]] [do_card] (0x4000): common name: [softhsm2]. 808s [p11_child[1850]] [do_card] (0x4000): dll name: [/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so]. 808s [p11_child[1850]] [do_card] (0x4000): Description [SoftHSM slot ID 0x72cfb454] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 808s [p11_child[1850]] [do_card] (0x4000): Token label [Test Organization Sub Int Token]. 808s [p11_child[1850]] [do_card] (0x4000): Found [Test Organization Sub Int Token] in slot [SoftHSM slot ID 0x72cfb454][1926214740] of module [0][/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so]. 808s [p11_child[1850]] [do_card] (0x4000): Login required. 808s [p11_child[1850]] [read_certs] (0x4000): found cert[Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] 808s [p11_child[1850]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 808s [p11_child[1850]] [do_card] (0x4000): /usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so /usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so Test Organization Sub Int Token Test Organization Sub Int Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 808s [p11_child[1850]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x72cfb454;slot-manufacturer=SoftHSM%20project;slot-id=1926214740;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=1da4aa3372cfb454;token=Test%20Organization%20Sub%20Int%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Sub%20Intermediate%20Trusted%20Certificate%200001;type=cert. 808s [p11_child[1850]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 808s [p11_child[1850]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 808s [p11_child[1850]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 808s [p11_child[1850]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 808s [p11_child[1850]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 808s [p11_child[1850]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 808s [p11_child[1850]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 808s [p11_child[1850]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 808s [p11_child[1850]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 808s [p11_child[1850]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 808s [p11_child[1850]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 808s [p11_child[1850]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 808s [p11_child[1850]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 808s [p11_child[1850]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 808s [p11_child[1850]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 808s [p11_child[1850]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 808s [p11_child[1850]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 808s [p11_child[1850]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 808s [p11_child[1850]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 808s [p11_child[1850]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 808s [p11_child[1850]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 808s [p11_child[1850]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 808s [p11_child[1850]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 808s [p11_child[1850]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 808s [p11_child[1850]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 808s [p11_child[1850]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 808s [p11_child[1850]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 808s [p11_child[1850]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 808s [p11_child[1850]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 808s [p11_child[1850]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 808s [p11_child[1850]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 808s [p11_child[1850]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 808s [p11_child[1850]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 808s [p11_child[1850]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 808s [p11_child[1850]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 808s [p11_child[1850]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 808s [p11_child[1850]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 808s [p11_child[1850]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 808s [p11_child[1850]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 808s [p11_child[1850]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 808s [p11_child[1850]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 808s [p11_child[1850]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 808s [p11_child[1850]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 808s [p11_child[1850]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 808s [p11_child[1850]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 808s [p11_child[1850]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 808s [p11_child[1850]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 808s [p11_child[1850]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 808s [p11_child[1850]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 808s [p11_child[1850]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 808s [p11_child[1850]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 808s [p11_child[1850]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 808s [p11_child[1850]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 808s [p11_child[1850]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 808s [p11_child[1850]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 808s [p11_child[1850]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 808s [p11_child[1850]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 808s [p11_child[1850]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 808s [p11_child[1850]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 808s [p11_child[1850]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 808s [p11_child[1850]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 808s [p11_child[1850]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 808s [p11_child[1850]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 808s [p11_child[1850]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 808s [p11_child[1850]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 808s [p11_child[1850]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 808s [p11_child[1850]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 808s [p11_child[1850]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 808s [p11_child[1850]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 808s [p11_child[1850]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 808s [p11_child[1850]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 808s [p11_child[1850]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 808s [p11_child[1850]] [do_card] (0x4000): Certificate verified and validated. 808s [p11_child[1850]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 808s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-E5oH29/SSSD-child-32385-auth.output 808s + echo '-----BEGIN CERTIFICATE-----' 808s + tail -n1 /tmp/sssd-softhsm2-E5oH29/SSSD-child-32385-auth.output 808s + echo '-----END CERTIFICATE-----' 808s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-E5oH29/SSSD-child-32385-auth.pem 808s Certificate: 808s Data: 808s Version: 3 (0x2) 808s Serial Number: 5 (0x5) 808s Signature Algorithm: sha256WithRSAEncryption 808s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate CA 808s Validity 808s Not Before: Nov 29 21:11:39 2024 GMT 808s Not After : Nov 29 21:11:39 2025 GMT 808s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate Trusted Certificate 0001 808s Subject Public Key Info: 808s Public Key Algorithm: rsaEncryption 808s Public-Key: (1024 bit) 808s Modulus: 808s 00:c4:1f:84:cc:68:4f:99:5f:4d:e6:08:35:e2:35: 808s 98:00:7d:17:77:6b:96:5c:3c:30:e3:18:a6:48:cf: 808s b5:09:de:ed:c4:6b:a2:3a:58:9d:79:ee:4a:82:a2: 808s 6b:ed:a1:78:86:51:b4:7a:46:7d:d7:73:e2:fc:8d: 808s 76:d6:ef:be:85:ae:a5:b3:97:7c:f7:4d:a6:e0:7c: 808s e1:8d:22:7d:60:cb:6e:e7:47:7c:c7:ce:97:e3:9a: 808s fd:f7:ac:1a:b8:6d:8d:f3:27:23:45:e4:1f:4e:aa: 808s a2:22:6a:97:dd:da:83:9d:52:25:bf:79:c8:9f:89: 808s d1:88:a6:de:82:8d:b9:d1:5d 808s Exponent: 65537 (0x10001) 808s X509v3 extensions: 808s X509v3 Authority Key Identifier: 808s F3:9A:A4:97:CC:41:9D:FF:8F:D4:6A:64:0F:30:AF:D8:B4:84:92:90 808s X509v3 Basic Constraints: 808s CA:FALSE 808s Netscape Cert Type: 808s SSL Client, S/MIME 808s Netscape Comment: 808s Test Organization Sub Intermediate CA trusted Certificate 808s X509v3 Subject Key Identifier: 808s 7E:CF:6C:A9:A2:D0:08:FB:4E:30:A4:52:93:DD:CA:C0:BA:3D:81:A1 808s X509v3 Key Usage: critical 808s Digital Signature, Non Repudiation, Key Encipherment 808s X509v3 Extended Key Usage: 808s TLS Web Client Authentication, E-mail Protection 808s X509v3 Subject Alternative Name: 808s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 808s Signature Algorithm: sha256WithRSAEncryption 808s Signature Value: 808s 63:d3:7f:66:5d:0a:47:78:c0:25:6a:51:4f:5d:68:fa:47:74: 808s 39:16:e2:d5:d8:3a:41:4c:d9:81:3d:ff:f4:12:e2:b4:79:c9: 808s ed:f0:ea:d9:e3:2a:ab:c9:2a:30:a9:76:07:1e:92:1d:b1:f6: 808s 95:65:99:53:82:0f:c2:ab:75:5d:66:29:df:f7:bf:39:e2:02: 808s fd:4f:7f:37:c2:a3:f1:0a:8d:4a:2a:36:46:27:66:f9:b0:6b: 808s de:fd:91:e3:bd:ae:0b:fc:cf:2d:ce:42:db:3c:8a:24:61:4b: 808s f4:f6:c5:4d:d6:e0:af:42:34:a3:95:49:95:1b:5d:46:a5:60: 808s c5:54 808s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-E5oH29/SSSD-child-32385-auth.pem 808s + found_md5=Modulus=C41F84CC684F995F4DE60835E23598007D17776B965C3C30E318A648CFB509DEEDC46BA23A589D79EE4A82A26BEDA1788651B47A467DD773E2FC8D76D6EFBE85AEA5B3977CF74DA6E07CE18D227D60CB6EE7477CC7CE97E39AFDF7AC1AB86D8DF3272345E41F4EAAA2226A97DDDA839D5225BF79C89F89D188A6DE828DB9D15D 808s + '[' Modulus=C41F84CC684F995F4DE60835E23598007D17776B965C3C30E318A648CFB509DEEDC46BA23A589D79EE4A82A26BEDA1788651B47A467DD773E2FC8D76D6EFBE85AEA5B3977CF74DA6E07CE18D227D60CB6EE7477CC7CE97E39AFDF7AC1AB86D8DF3272345E41F4EAAA2226A97DDDA839D5225BF79C89F89D188A6DE828DB9D15D '!=' Modulus=C41F84CC684F995F4DE60835E23598007D17776B965C3C30E318A648CFB509DEEDC46BA23A589D79EE4A82A26BEDA1788651B47A467DD773E2FC8D76D6EFBE85AEA5B3977CF74DA6E07CE18D227D60CB6EE7477CC7CE97E39AFDF7AC1AB86D8DF3272345E41F4EAAA2226A97DDDA839D5225BF79C89F89D188A6DE828DB9D15D ']' 808s + valid_certificate /tmp/sssd-softhsm2-E5oH29/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-1093 /tmp/sssd-softhsm2-E5oH29/test-intermediate-sub-chain-CA.pem partial_chain 808s + check_certificate /tmp/sssd-softhsm2-E5oH29/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-1093 /tmp/sssd-softhsm2-E5oH29/test-intermediate-sub-chain-CA.pem partial_chain 808s + local certificate=/tmp/sssd-softhsm2-E5oH29/test-sub-intermediate-CA-trusted-certificate-0001.pem 808s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-1093 808s + local key_ring=/tmp/sssd-softhsm2-E5oH29/test-intermediate-sub-chain-CA.pem 808s + local verify_option=partial_chain 808s + prepare_softhsm2_card /tmp/sssd-softhsm2-E5oH29/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-1093 808s + local certificate=/tmp/sssd-softhsm2-E5oH29/test-sub-intermediate-CA-trusted-certificate-0001.pem 808s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-1093 808s + local key_cn 808s + local key_name 808s + local tokens_dir 808s + local output_cert_file 808s + token_name= 808s ++ basename /tmp/sssd-softhsm2-E5oH29/test-sub-intermediate-CA-trusted-certificate-0001.pem .pem 808s + key_name=test-sub-intermediate-CA-trusted-certificate-0001 808s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-E5oH29/test-sub-intermediate-CA-trusted-certificate-0001.pem 808s ++ sed -n 's/ *commonName *= //p' 808s + key_cn='Test Organization Sub Intermediate Trusted Certificate 0001' 808s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 808s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-E5oH29/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 808s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-E5oH29/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 808s ++ basename /tmp/sssd-softhsm2-E5oH29/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf .conf 808s + tokens_dir=/tmp/sssd-softhsm2-E5oH29/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 808s + token_name='Test Organization Sub Int Token' 808s + '[' '!' -e /tmp/sssd-softhsm2-E5oH29/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf ']' 808s + '[' '!' -d /tmp/sssd-softhsm2-E5oH29/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 ']' 808s + echo 'Test Organization Sub Int Token' 808s + '[' -n partial_chain ']' 808s + local verify_arg=--verify=partial_chain 808s + local output_base_name=SSSD-child-22754 808s + local output_file=/tmp/sssd-softhsm2-E5oH29/SSSD-child-22754.output 808s + output_cert_file=/tmp/sssd-softhsm2-E5oH29/SSSD-child-22754.pem 808s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so --verify=partial_chain --ca_db=/tmp/sssd-softhsm2-E5oH29/test-intermediate-sub-chain-CA.pem 808s Test Organization Sub Int Token 808s [p11_child[1860]] [main] (0x0400): p11_child started. 808s [p11_child[1860]] [main] (0x2000): Running in [pre-auth] mode. 808s [p11_child[1860]] [main] (0x2000): Running with effective IDs: [0][0]. 808s [p11_child[1860]] [main] (0x2000): Running with real IDs [0][0]. 808s [p11_child[1860]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 808s [p11_child[1860]] [do_card] (0x4000): Module List: 808s [p11_child[1860]] [do_card] (0x4000): common name: [softhsm2]. 808s [p11_child[1860]] [do_card] (0x4000): dll name: [/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so]. 808s [p11_child[1860]] [do_card] (0x4000): Description [SoftHSM slot ID 0x72cfb454] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 808s [p11_child[1860]] [do_card] (0x4000): Token label [Test Organization Sub Int Token]. 808s [p11_child[1860]] [do_card] (0x4000): Found [Test Organization Sub Int Token] in slot [SoftHSM slot ID 0x72cfb454][1926214740] of module [0][/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so]. 808s [p11_child[1860]] [do_card] (0x4000): Login NOT required. 808s [p11_child[1860]] [read_certs] (0x4000): found cert[Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] 808s [p11_child[1860]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 808s [p11_child[1860]] [do_card] (0x4000): /usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so /usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so (null) Test Organization Sub Int Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 808s [p11_child[1860]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x72cfb454;slot-manufacturer=SoftHSM%20project;slot-id=1926214740;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=1da4aa3372cfb454;token=Test%20Organization%20Sub%20Int%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Sub%20Intermediate%20Trusted%20Certificate%200001;type=cert. 808s [p11_child[1860]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 808s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-E5oH29/SSSD-child-22754.output 808s + echo '-----BEGIN CERTIFICATE-----' 808s + tail -n1 /tmp/sssd-softhsm2-E5oH29/SSSD-child-22754.output 808s + echo '-----END CERTIFICATE-----' 808s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-E5oH29/SSSD-child-22754.pem 808s + local found_md5 expected_md5 808s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-E5oH29/test-sub-intermediate-CA-trusted-certificate-0001.pem 808s Certificate: 808s Data: 808s Version: 3 (0x2) 808s Serial Number: 5 (0x5) 808s Signature Algorithm: sha256WithRSAEncryption 808s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate CA 808s Validity 808s Not Before: Nov 29 21:11:39 2024 GMT 808s Not After : Nov 29 21:11:39 2025 GMT 808s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate Trusted Certificate 0001 808s Subject Public Key Info: 808s Public Key Algorithm: rsaEncryption 808s Public-Key: (1024 bit) 808s Modulus: 808s 00:c4:1f:84:cc:68:4f:99:5f:4d:e6:08:35:e2:35: 808s 98:00:7d:17:77:6b:96:5c:3c:30:e3:18:a6:48:cf: 808s b5:09:de:ed:c4:6b:a2:3a:58:9d:79:ee:4a:82:a2: 808s 6b:ed:a1:78:86:51:b4:7a:46:7d:d7:73:e2:fc:8d: 808s 76:d6:ef:be:85:ae:a5:b3:97:7c:f7:4d:a6:e0:7c: 808s e1:8d:22:7d:60:cb:6e:e7:47:7c:c7:ce:97:e3:9a: 808s fd:f7:ac:1a:b8:6d:8d:f3:27:23:45:e4:1f:4e:aa: 808s a2:22:6a:97:dd:da:83:9d:52:25:bf:79:c8:9f:89: 808s d1:88:a6:de:82:8d:b9:d1:5d 808s Exponent: 65537 (0x10001) 808s X509v3 extensions: 808s X509v3 Authority Key Identifier: 808s F3:9A:A4:97:CC:41:9D:FF:8F:D4:6A:64:0F:30:AF:D8:B4:84:92:90 808s X509v3 Basic Constraints: 808s CA:FALSE 808s Netscape Cert Type: 808s SSL Client, S/MIME 808s Netscape Comment: 808s Test Organization Sub Intermediate CA trusted Certificate 808s X509v3 Subject Key Identifier: 808s 7E:CF:6C:A9:A2:D0:08:FB:4E:30:A4:52:93:DD:CA:C0:BA:3D:81:A1 808s X509v3 Key Usage: critical 808s Digital Signature, Non Repudiation, Key Encipherment 808s X509v3 Extended Key Usage: 808s TLS Web Client Authentication, E-mail Protection 808s X509v3 Subject Alternative Name: 808s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 808s Signature Algorithm: sha256WithRSAEncryption 808s Signature Value: 808s 63:d3:7f:66:5d:0a:47:78:c0:25:6a:51:4f:5d:68:fa:47:74: 808s 39:16:e2:d5:d8:3a:41:4c:d9:81:3d:ff:f4:12:e2:b4:79:c9: 808s ed:f0:ea:d9:e3:2a:ab:c9:2a:30:a9:76:07:1e:92:1d:b1:f6: 808s 95:65:99:53:82:0f:c2:ab:75:5d:66:29:df:f7:bf:39:e2:02: 808s fd:4f:7f:37:c2:a3:f1:0a:8d:4a:2a:36:46:27:66:f9:b0:6b: 808s de:fd:91:e3:bd:ae:0b:fc:cf:2d:ce:42:db:3c:8a:24:61:4b: 808s f4:f6:c5:4d:d6:e0:af:42:34:a3:95:49:95:1b:5d:46:a5:60: 808s c5:54 808s + expected_md5=Modulus=C41F84CC684F995F4DE60835E23598007D17776B965C3C30E318A648CFB509DEEDC46BA23A589D79EE4A82A26BEDA1788651B47A467DD773E2FC8D76D6EFBE85AEA5B3977CF74DA6E07CE18D227D60CB6EE7477CC7CE97E39AFDF7AC1AB86D8DF3272345E41F4EAAA2226A97DDDA839D5225BF79C89F89D188A6DE828DB9D15D 808s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-E5oH29/SSSD-child-22754.pem 808s + found_md5=Modulus=C41F84CC684F995F4DE60835E23598007D17776B965C3C30E318A648CFB509DEEDC46BA23A589D79EE4A82A26BEDA1788651B47A467DD773E2FC8D76D6EFBE85AEA5B3977CF74DA6E07CE18D227D60CB6EE7477CC7CE97E39AFDF7AC1AB86D8DF3272345E41F4EAAA2226A97DDDA839D5225BF79C89F89D188A6DE828DB9D15D 808s + '[' Modulus=C41F84CC684F995F4DE60835E23598007D17776B965C3C30E318A648CFB509DEEDC46BA23A589D79EE4A82A26BEDA1788651B47A467DD773E2FC8D76D6EFBE85AEA5B3977CF74DA6E07CE18D227D60CB6EE7477CC7CE97E39AFDF7AC1AB86D8DF3272345E41F4EAAA2226A97DDDA839D5225BF79C89F89D188A6DE828DB9D15D '!=' Modulus=C41F84CC684F995F4DE60835E23598007D17776B965C3C30E318A648CFB509DEEDC46BA23A589D79EE4A82A26BEDA1788651B47A467DD773E2FC8D76D6EFBE85AEA5B3977CF74DA6E07CE18D227D60CB6EE7477CC7CE97E39AFDF7AC1AB86D8DF3272345E41F4EAAA2226A97DDDA839D5225BF79C89F89D188A6DE828DB9D15D ']' 808s + output_file=/tmp/sssd-softhsm2-E5oH29/SSSD-child-22754-auth.output 808s ++ basename /tmp/sssd-softhsm2-E5oH29/SSSD-child-22754-auth.output .output 808s + output_cert_file=/tmp/sssd-softhsm2-E5oH29/SSSD-child-22754-auth.pem 808s + echo -n 053350 808s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/tmp/sssd-softhsm2-E5oH29/test-intermediate-sub-chain-CA.pem --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 --verify=partial_chain --token_name 'Test Organization Sub Int Token' --module_name /usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so 808s [p11_child[1868]] [main] (0x0400): p11_child started. 808s [p11_child[1868]] [main] (0x2000): Running in [auth] mode. 808s [p11_child[1868]] [main] (0x2000): Running with effective IDs: [0][0]. 808s [p11_child[1868]] [main] (0x2000): Running with real IDs [0][0]. 808s [p11_child[1868]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 808s [p11_child[1868]] [do_card] (0x4000): Module List: 808s [p11_child[1868]] [do_card] (0x4000): common name: [softhsm2]. 808s [p11_child[1868]] [do_card] (0x4000): dll name: [/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so]. 808s [p11_child[1868]] [do_card] (0x4000): Description [SoftHSM slot ID 0x72cfb454] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 808s [p11_child[1868]] [do_card] (0x4000): Token label [Test Organization Sub Int Token]. 808s [p11_child[1868]] [do_card] (0x4000): Found [Test Organization Sub Int Token] in slot [SoftHSM slot ID 0x72cfb454][1926214740] of module [0][/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so]. 808s [p11_child[1868]] [do_card] (0x4000): Login required. 808s [p11_child[1868]] [read_certs] (0x4000): found cert[Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] 808s [p11_child[1868]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 808s [p11_child[1868]] [do_card] (0x4000): /usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so /usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so Test Organization Sub Int Token Test Organization Sub Int Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 808s [p11_child[1868]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x72cfb454;slot-manufacturer=SoftHSM%20project;slot-id=1926214740;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=1da4aa3372cfb454;token=Test%20Organization%20Sub%20Int%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Sub%20Intermediate%20Trusted%20Certificate%200001;type=cert. 808s [p11_child[1868]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 808s [p11_child[1868]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 808s [p11_child[1868]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 808s [p11_child[1868]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 808s [p11_child[1868]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 808s [p11_child[1868]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 808s [p11_child[1868]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 808s [p11_child[1868]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 808s [p11_child[1868]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 808s [p11_child[1868]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 808s [p11_child[1868]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 808s [p11_child[1868]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 808s [p11_child[1868]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 808s [p11_child[1868]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 808s [p11_child[1868]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 808s [p11_child[1868]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 808s [p11_child[1868]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 808s [p11_child[1868]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 808s [p11_child[1868]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 808s [p11_child[1868]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 808s [p11_child[1868]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 808s [p11_child[1868]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 808s [p11_child[1868]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 808s [p11_child[1868]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 808s [p11_child[1868]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 808s [p11_child[1868]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 808s [p11_child[1868]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 808s [p11_child[1868]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 808s [p11_child[1868]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 808s [p11_child[1868]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 808s [p11_child[1868]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 808s [p11_child[1868]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 808s [p11_child[1868]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 808s [p11_child[1868]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 808s [p11_child[1868]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 808s [p11_child[1868]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 808s [p11_child[1868]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 808s [p11_child[1868]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 808s [p11_child[1868]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 808s [p11_child[1868]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 808s [p11_child[1868]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 808s [p11_child[1868]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 808s [p11_child[1868]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 808s [p11_child[1868]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 808s [p11_child[1868]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 808s [p11_child[1868]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 808s [p11_child[1868]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 808s [p11_child[1868]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 808s [p11_child[1868]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 808s [p11_child[1868]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 808s [p11_child[1868]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 808s [p11_child[1868]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 808s [p11_child[1868]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 808s [p11_child[1868]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 808s [p11_child[1868]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 808s [p11_child[1868]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 808s [p11_child[1868]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 808s [p11_child[1868]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 808s [p11_child[1868]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 808s [p11_child[1868]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 808s [p11_child[1868]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 808s [p11_child[1868]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 808s [p11_child[1868]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 808s [p11_child[1868]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 808s [p11_child[1868]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 808s [p11_child[1868]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 808s [p11_child[1868]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 808s [p11_child[1868]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 808s [p11_child[1868]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 808s [p11_child[1868]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 808s [p11_child[1868]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 808s [p11_child[1868]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 808s [p11_child[1868]] [do_card] (0x4000): Certificate verified and validated. 808s [p11_child[1868]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 808s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-E5oH29/SSSD-child-22754-auth.output 808s + echo '-----BEGIN CERTIFICATE-----' 808s + tail -n1 /tmp/sssd-softhsm2-E5oH29/SSSD-child-22754-auth.output 808s + echo '-----END CERTIFICATE-----' 808s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-E5oH29/SSSD-child-22754-auth.pem 808s Certificate: 808s Data: 808s Version: 3 (0x2) 808s Serial Number: 5 (0x5) 808s Signature Algorithm: sha256WithRSAEncryption 808s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate CA 808s Validity 808s Not Before: Nov 29 21:11:39 2024 GMT 808s Not After : Nov 29 21:11:39 2025 GMT 808s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate Trusted Certificate 0001 808s Subject Public Key Info: 808s Public Key Algorithm: rsaEncryption 808s Public-Key: (1024 bit) 808s Modulus: 808s 00:c4:1f:84:cc:68:4f:99:5f:4d:e6:08:35:e2:35: 808s 98:00:7d:17:77:6b:96:5c:3c:30:e3:18:a6:48:cf: 808s b5:09:de:ed:c4:6b:a2:3a:58:9d:79:ee:4a:82:a2: 808s 6b:ed:a1:78:86:51:b4:7a:46:7d:d7:73:e2:fc:8d: 808s 76:d6:ef:be:85:ae:a5:b3:97:7c:f7:4d:a6:e0:7c: 808s e1:8d:22:7d:60:cb:6e:e7:47:7c:c7:ce:97:e3:9a: 808s fd:f7:ac:1a:b8:6d:8d:f3:27:23:45:e4:1f:4e:aa: 808s a2:22:6a:97:dd:da:83:9d:52:25:bf:79:c8:9f:89: 808s d1:88:a6:de:82:8d:b9:d1:5d 808s Exponent: 65537 (0x10001) 808s X509v3 extensions: 808s X509v3 Authority Key Identifier: 808s F3:9A:A4:97:CC:41:9D:FF:8F:D4:6A:64:0F:30:AF:D8:B4:84:92:90 808s X509v3 Basic Constraints: 808s CA:FALSE 808s Netscape Cert Type: 808s SSL Client, S/MIME 808s Netscape Comment: 808s Test Organization Sub Intermediate CA trusted Certificate 808s X509v3 Subject Key Identifier: 808s 7E:CF:6C:A9:A2:D0:08:FB:4E:30:A4:52:93:DD:CA:C0:BA:3D:81:A1 808s X509v3 Key Usage: critical 808s Digital Signature, Non Repudiation, Key Encipherment 808s X509v3 Extended Key Usage: 808s TLS Web Client Authentication, E-mail Protection 808s X509v3 Subject Alternative Name: 808s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 808s Signature Algorithm: sha256WithRSAEncryption 808s Signature Value: 808s 63:d3:7f:66:5d:0a:47:78:c0:25:6a:51:4f:5d:68:fa:47:74: 808s 39:16:e2:d5:d8:3a:41:4c:d9:81:3d:ff:f4:12:e2:b4:79:c9: 808s ed:f0:ea:d9:e3:2a:ab:c9:2a:30:a9:76:07:1e:92:1d:b1:f6: 808s 95:65:99:53:82:0f:c2:ab:75:5d:66:29:df:f7:bf:39:e2:02: 808s fd:4f:7f:37:c2:a3:f1:0a:8d:4a:2a:36:46:27:66:f9:b0:6b: 808s de:fd:91:e3:bd:ae:0b:fc:cf:2d:ce:42:db:3c:8a:24:61:4b: 808s f4:f6:c5:4d:d6:e0:af:42:34:a3:95:49:95:1b:5d:46:a5:60: 808s c5:54 808s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-E5oH29/SSSD-child-22754-auth.pem 809s + found_md5=Modulus=C41F84CC684F995F4DE60835E23598007D17776B965C3C30E318A648CFB509DEEDC46BA23A589D79EE4A82A26BEDA1788651B47A467DD773E2FC8D76D6EFBE85AEA5B3977CF74DA6E07CE18D227D60CB6EE7477CC7CE97E39AFDF7AC1AB86D8DF3272345E41F4EAAA2226A97DDDA839D5225BF79C89F89D188A6DE828DB9D15D 809s + '[' Modulus=C41F84CC684F995F4DE60835E23598007D17776B965C3C30E318A648CFB509DEEDC46BA23A589D79EE4A82A26BEDA1788651B47A467DD773E2FC8D76D6EFBE85AEA5B3977CF74DA6E07CE18D227D60CB6EE7477CC7CE97E39AFDF7AC1AB86D8DF3272345E41F4EAAA2226A97DDDA839D5225BF79C89F89D188A6DE828DB9D15D '!=' Modulus=C41F84CC684F995F4DE60835E23598007D17776B965C3C30E318A648CFB509DEEDC46BA23A589D79EE4A82A26BEDA1788651B47A467DD773E2FC8D76D6EFBE85AEA5B3977CF74DA6E07CE18D227D60CB6EE7477CC7CE97E39AFDF7AC1AB86D8DF3272345E41F4EAAA2226A97DDDA839D5225BF79C89F89D188A6DE828DB9D15D ']' 809s + set +x 809s 809s Test completed, Root CA and intermediate issued certificates verified! 809s autopkgtest [21:11:45]: test sssd-softhism2-certificates-tests.sh: -----------------------] 813s autopkgtest [21:11:49]: test sssd-softhism2-certificates-tests.sh: - - - - - - - - - - results - - - - - - - - - - 813s sssd-softhism2-certificates-tests.sh PASS 817s autopkgtest [21:11:53]: test sssd-smart-card-pam-auth-configs: preparing testbed 819s Reading package lists... 820s Building dependency tree... 820s Reading state information... 820s Starting pkgProblemResolver with broken count: 0 821s Starting 2 pkgProblemResolver with broken count: 0 821s Done 822s The following NEW packages will be installed: 822s pamtester 823s 0 upgraded, 1 newly installed, 0 to remove and 0 not upgraded. 823s Need to get 11.4 kB of archives. 823s After this operation, 31.7 kB of additional disk space will be used. 823s Get:1 http://ftpmaster.internal/ubuntu noble/universe armhf pamtester armhf 0.1.2-4 [11.4 kB] 823s Fetched 11.4 kB in 0s (62.3 kB/s) 823s Selecting previously unselected package pamtester. 823s (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 58580 files and directories currently installed.) 823s Preparing to unpack .../pamtester_0.1.2-4_armhf.deb ... 823s Unpacking pamtester (0.1.2-4) ... 823s Setting up pamtester (0.1.2-4) ... 823s Processing triggers for man-db (2.12.0-4build2) ... 834s autopkgtest [21:12:10]: test sssd-smart-card-pam-auth-configs: env OFFLINE_MODE=1 bash debian/tests/sssd-smart-card-pam-auth-configs-tester.sh 834s autopkgtest [21:12:10]: test sssd-smart-card-pam-auth-configs: [----------------------- 836s + '[' -z ubuntu ']' 836s + export DEBIAN_FRONTEND=noninteractive 836s + DEBIAN_FRONTEND=noninteractive 836s + required_tools=(pamtester softhsm2-util sssd) 836s + [[ ! -v OFFLINE_MODE ]] 836s + for cmd in "${required_tools[@]}" 836s + command -v pamtester 836s + for cmd in "${required_tools[@]}" 836s + command -v softhsm2-util 836s + for cmd in "${required_tools[@]}" 836s + command -v sssd 836s + PIN=123456 836s ++ mktemp -d -t sssd-softhsm2-certs-XXXXXX 836s + tmpdir=/tmp/sssd-softhsm2-certs-okejWD 836s + backupsdir= 836s + alternative_pam_configs=(sss-smart-card-optional sss-smart-card-required) 836s + declare -a restore_paths 836s + declare -a delete_paths 836s + trap handle_exit EXIT 836s ++ dirname debian/tests/sssd-smart-card-pam-auth-configs-tester.sh 836s + tester=debian/tests/sssd-softhism2-certificates-tests.sh 836s + '[' '!' -e debian/tests/sssd-softhism2-certificates-tests.sh ']' 836s + '[' '!' -e debian/tests/sssd-softhism2-certificates-tests.sh ']' 836s + export PIN TEST_TMPDIR=/tmp/sssd-softhsm2-certs-okejWD GENERATE_SMART_CARDS=1 KEEP_TEMPORARY_FILES=1 NO_SSSD_TESTS=1 836s + TEST_TMPDIR=/tmp/sssd-softhsm2-certs-okejWD 836s + GENERATE_SMART_CARDS=1 836s + KEEP_TEMPORARY_FILES=1 836s + NO_SSSD_TESTS=1 836s + bash debian/tests/sssd-softhism2-certificates-tests.sh 836s + '[' -z ubuntu ']' 836s + required_tools=(p11tool openssl softhsm2-util) 836s + for cmd in "${required_tools[@]}" 836s + command -v p11tool 836s + for cmd in "${required_tools[@]}" 836s + command -v openssl 836s + for cmd in "${required_tools[@]}" 836s + command -v softhsm2-util 836s + PIN=123456 836s +++ find /usr/lib/softhsm/libsofthsm2.so 836s +++ head -n 1 836s ++ realpath /usr/lib/softhsm/libsofthsm2.so 836s + SOFTHSM2_MODULE=/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so 836s + SSSD_P11_CHILD=/usr/libexec/sssd/p11_child 836s + TOKEN_ID=00112233445566778899FFAABBCCDDEEFF012345 836s + '[' '!' -v NO_SSSD_TESTS ']' 836s + '[' '!' -e /usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so ']' 836s + tmpdir=/tmp/sssd-softhsm2-certs-okejWD 836s + keys_size=1024 836s + [[ ! -v KEEP_TEMPORARY_FILES ]] 836s + trap 'set +x; echo -e "\nUnexpected failure!!!"' ERR 836s + echo -n 01 836s + touch /tmp/sssd-softhsm2-certs-okejWD/index.txt 836s + mkdir -p /tmp/sssd-softhsm2-certs-okejWD/new_certs 836s + cat 836s + root_ca_key_pass=pass:random-root-CA-password-3208 836s + openssl genrsa -aes256 -out /tmp/sssd-softhsm2-certs-okejWD/test-root-CA-key.pem -passout pass:random-root-CA-password-3208 1024 836s + openssl req -passin pass:random-root-CA-password-3208 -batch -config /tmp/sssd-softhsm2-certs-okejWD/test-root-CA.config -x509 -new -nodes -key /tmp/sssd-softhsm2-certs-okejWD/test-root-CA-key.pem -sha256 -days 1024 -set_serial 0 -extensions v3_ca -out /tmp/sssd-softhsm2-certs-okejWD/test-root-CA.pem 836s + openssl x509 -noout -in /tmp/sssd-softhsm2-certs-okejWD/test-root-CA.pem 836s + cat 836s + intermediate_ca_key_pass=pass:random-intermediate-CA-password-10527 836s + openssl genrsa -aes256 -out /tmp/sssd-softhsm2-certs-okejWD/test-intermediate-CA-key.pem -passout pass:random-intermediate-CA-password-10527 1024 836s + openssl req -batch -new -nodes -passin pass:random-intermediate-CA-password-10527 -config /tmp/sssd-softhsm2-certs-okejWD/test-intermediate-CA.config -key /tmp/sssd-softhsm2-certs-okejWD/test-intermediate-CA-key.pem -passout pass:random-root-CA-password-3208 -sha256 -extensions v3_ca -out /tmp/sssd-softhsm2-certs-okejWD/test-intermediate-CA-certificate-request.pem 837s + openssl req -text -noout -in /tmp/sssd-softhsm2-certs-okejWD/test-intermediate-CA-certificate-request.pem 837s Certificate Request: 837s Data: 837s Version: 1 (0x0) 837s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate CA 837s Subject Public Key Info: 837s Public Key Algorithm: rsaEncryption 837s Public-Key: (1024 bit) 837s Modulus: 837s 00:b5:30:31:a9:71:76:b4:a1:37:69:25:8d:b5:55: 837s 70:6d:96:c8:fa:67:ba:75:b7:11:b8:a8:cd:09:0a: 837s 07:36:a7:c5:13:39:48:02:48:5e:b4:00:84:67:2c: 837s 4c:ac:e7:cc:fb:89:c0:f7:c3:d2:11:8f:a2:a3:25: 837s d8:3d:60:28:b7:5b:af:c7:a1:87:c6:55:19:05:33: 837s 48:d1:8b:76:59:34:4e:c1:d9:11:d6:ce:0c:4c:d9: 837s 0e:c5:6e:22:8d:ba:3b:b4:f6:46:63:ae:ed:67:68: 837s 86:88:fa:f9:ca:a4:50:12:c9:06:67:c8:0b:44:e7: 837s 16:a8:69:fe:08:50:dc:bc:9d 837s Exponent: 65537 (0x10001) 837s Attributes: 837s (none) 837s Requested Extensions: 837s Signature Algorithm: sha256WithRSAEncryption 837s Signature Value: 837s a8:d2:89:8d:ed:fd:8c:46:21:53:29:73:f7:59:c2:fc:cd:28: 837s 51:2e:68:ff:ed:eb:59:ca:f3:13:32:bf:4c:4a:98:f6:06:0c: 837s 68:ab:3e:a6:e9:2a:55:71:8b:d7:1e:87:42:85:61:61:b1:14: 837s d7:d2:f5:7b:b4:44:d9:7e:76:43:4e:04:09:58:8b:45:5c:01: 837s ad:6e:45:96:76:21:3b:1c:89:b3:1f:95:1f:36:ab:c8:f7:b6: 837s c7:b3:44:2f:6f:91:ae:5d:a0:e1:8d:a2:a4:76:b2:40:a5:f3: 837s fc:0d:cd:0b:d5:6b:96:03:16:70:65:cf:35:64:2e:71:78:b0: 837s d5:a4 837s + openssl ca -batch -notext -config /tmp/sssd-softhsm2-certs-okejWD/test-root-CA.config -passin pass:random-root-CA-password-3208 -keyfile /tmp/sssd-softhsm2-certs-okejWD/test-root-CA-key.pem -in /tmp/sssd-softhsm2-certs-okejWD/test-intermediate-CA-certificate-request.pem -days 365 -extensions v3_intermediate_ca -out /tmp/sssd-softhsm2-certs-okejWD/test-intermediate-CA.pem 837s Using configuration from /tmp/sssd-softhsm2-certs-okejWD/test-root-CA.config 837s Check that the request matches the signature 837s Signature ok 837s Certificate Details: 837s Serial Number: 1 (0x1) 837s Validity 837s Not Before: Nov 29 21:12:13 2024 GMT 837s Not After : Nov 29 21:12:13 2025 GMT 837s Subject: 837s organizationName = Test Organization 837s organizationalUnitName = Test Organization Unit 837s commonName = Test Organization Intermediate CA 837s X509v3 extensions: 837s X509v3 Subject Key Identifier: 837s B2:41:3C:5C:A3:02:86:C0:4C:A2:5C:23:BA:C6:BB:6D:1B:69:07:00 837s X509v3 Authority Key Identifier: 837s keyid:A0:E5:00:14:56:AB:C9:D3:43:AB:1F:1C:D8:E9:85:CC:4A:AA:12:AB 837s DirName:/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root CA 837s serial:00 837s X509v3 Basic Constraints: 837s CA:TRUE 837s X509v3 Key Usage: critical 837s Digital Signature, Certificate Sign, CRL Sign 837s Certificate is to be certified until Nov 29 21:12:13 2025 GMT (365 days) 837s 837s Write out database with 1 new entries 837s Database updated 837s + openssl x509 -noout -in /tmp/sssd-softhsm2-certs-okejWD/test-intermediate-CA.pem 837s + openssl verify -CAfile /tmp/sssd-softhsm2-certs-okejWD/test-root-CA.pem /tmp/sssd-softhsm2-certs-okejWD/test-intermediate-CA.pem 837s /tmp/sssd-softhsm2-certs-okejWD/test-intermediate-CA.pem: OK 837s + cat 837s + sub_intermediate_ca_key_pass=pass:random-sub-intermediate-CA-password-11973 837s + openssl genrsa -aes256 -out /tmp/sssd-softhsm2-certs-okejWD/test-sub-intermediate-CA-key.pem -passout pass:random-sub-intermediate-CA-password-11973 1024 837s + openssl req -batch -new -nodes -passin pass:random-sub-intermediate-CA-password-11973 -config /tmp/sssd-softhsm2-certs-okejWD/test-sub-intermediate-CA.config -key /tmp/sssd-softhsm2-certs-okejWD/test-sub-intermediate-CA-key.pem -passout pass:random-intermediate-CA-password-10527 -sha256 -extensions v3_ca -out /tmp/sssd-softhsm2-certs-okejWD/test-sub-intermediate-CA-certificate-request.pem 837s + openssl req -text -noout -in /tmp/sssd-softhsm2-certs-okejWD/test-sub-intermediate-CA-certificate-request.pem 837s Certificate Request: 837s Data: 837s Version: 1 (0x0) 837s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate CA 837s Subject Public Key Info: 837s Public Key Algorithm: rsaEncryption 837s Public-Key: (1024 bit) 837s Modulus: 837s 00:a7:d8:50:5e:9b:dc:5a:dc:07:89:98:3b:28:0d: 837s 21:bd:2f:87:23:6f:1a:4e:35:f7:2d:47:92:13:aa: 837s 0c:4f:d2:3b:a5:69:95:17:5a:d0:79:05:28:33:98: 837s 59:3a:81:cd:6d:a1:09:b5:d1:ba:4c:d4:6b:03:ce: 837s e5:a1:b2:b4:f3:69:b6:fb:6b:8f:57:3d:24:69:e2: 837s e0:e3:80:49:3d:6c:d6:6b:f8:53:bf:c7:03:0e:69: 837s 99:ef:eb:11:50:7d:4e:1f:ad:28:28:71:6e:e6:76: 837s ea:60:56:60:b4:11:9f:36:a2:b4:10:a8:df:63:11: 837s 65:25:c0:0f:23:2e:ec:7a:f7 837s Exponent: 65537 (0x10001) 837s Attributes: 837s (none) 837s Requested Extensions: 837s Signature Algorithm: sha256WithRSAEncryption 837s Signature Value: 837s 22:5f:4c:74:1d:67:3a:10:a0:d8:74:d6:30:92:25:ce:90:21: 837s 39:a7:34:34:4c:90:36:c6:58:af:f0:68:7d:83:96:8f:73:e6: 837s 95:29:51:50:a5:c9:a8:f4:98:47:67:54:80:86:29:ea:00:3c: 837s 87:22:76:b6:a2:d2:5a:a5:e7:7a:23:76:eb:f8:48:8d:42:05: 837s f9:8b:97:9b:6c:1a:30:4a:76:4d:6b:22:47:66:37:a4:d2:9f: 837s fa:70:75:fc:2a:10:f2:9f:51:fc:27:9b:d2:8b:87:de:fe:bc: 837s be:0b:28:3e:a7:46:4c:2b:cd:1e:8a:79:87:05:9f:55:1e:68: 837s 43:8a 837s + openssl ca -batch -notext -config /tmp/sssd-softhsm2-certs-okejWD/test-intermediate-CA.config -passin pass:random-intermediate-CA-password-10527 -keyfile /tmp/sssd-softhsm2-certs-okejWD/test-intermediate-CA-key.pem -in /tmp/sssd-softhsm2-certs-okejWD/test-sub-intermediate-CA-certificate-request.pem -days 365 -extensions v3_intermediate_ca -out /tmp/sssd-softhsm2-certs-okejWD/test-sub-intermediate-CA.pem 837s Using configuration from /tmp/sssd-softhsm2-certs-okejWD/test-intermediate-CA.config 837s Check that the request matches the signature 837s Signature ok 837s Certificate Details: 837s Serial Number: 2 (0x2) 837s Validity 837s Not Before: Nov 29 21:12:13 2024 GMT 837s Not After : Nov 29 21:12:13 2025 GMT 837s Subject: 837s organizationName = Test Organization 837s organizationalUnitName = Test Organization Unit 837s commonName = Test Organization Sub Intermediate CA 837s X509v3 extensions: 837s X509v3 Subject Key Identifier: 837s 5D:63:11:C4:42:C3:61:F3:EB:0E:8C:B6:24:D0:38:E2:B9:A4:1F:98 837s X509v3 Authority Key Identifier: 837s keyid:B2:41:3C:5C:A3:02:86:C0:4C:A2:5C:23:BA:C6:BB:6D:1B:69:07:00 837s DirName:/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root CA 837s serial:01 837s X509v3 Basic Constraints: 837s CA:TRUE 837s X509v3 Key Usage: critical 837s Digital Signature, Certificate Sign, CRL Sign 837s Certificate is to be certified until Nov 29 21:12:13 2025 GMT (365 days) 837s 837s Write out database with 1 new entries 837s Database updated 837s + openssl x509 -noout -in /tmp/sssd-softhsm2-certs-okejWD/test-sub-intermediate-CA.pem 837s + openssl verify -partial_chain -CAfile /tmp/sssd-softhsm2-certs-okejWD/test-intermediate-CA.pem /tmp/sssd-softhsm2-certs-okejWD/test-sub-intermediate-CA.pem 837s /tmp/sssd-softhsm2-certs-okejWD/test-sub-intermediate-CA.pem: OK 837s + expect_fail openssl verify -CAfile /tmp/sssd-softhsm2-certs-okejWD/test-root-CA.pem /tmp/sssd-softhsm2-certs-okejWD/test-sub-intermediate-CA.pem 837s + local cmd=openssl 837s + shift 837s + openssl verify -CAfile /tmp/sssd-softhsm2-certs-okejWD/test-root-CA.pem /tmp/sssd-softhsm2-certs-okejWD/test-sub-intermediate-CA.pem 837s O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate CA 837s error 20 at 0 depth lookup: unable to get local issuer certificate 837s error /tmp/sssd-softhsm2-certs-okejWD/test-sub-intermediate-CA.pem: verification failed 837s + cat 837s + root_ca_trusted_cert_0001_key_pass=pass:random-root-ca-trusted-cert-0001-6031 837s + openssl genrsa -aes256 -out /tmp/sssd-softhsm2-certs-okejWD/test-root-CA-trusted-certificate-0001-key.pem -passout pass:random-root-ca-trusted-cert-0001-6031 1024 837s + openssl req -new -nodes -reqexts req_exts -passin pass:random-root-ca-trusted-cert-0001-6031 -key /tmp/sssd-softhsm2-certs-okejWD/test-root-CA-trusted-certificate-0001-key.pem -config /tmp/sssd-softhsm2-certs-okejWD/test-root-CA-trusted-certificate-0001.config -out /tmp/sssd-softhsm2-certs-okejWD/test-root-CA-trusted-certificate-0001-request.pem 837s + openssl req -text -noout -in /tmp/sssd-softhsm2-certs-okejWD/test-root-CA-trusted-certificate-0001-request.pem 837s + openssl ca -batch -notext -config /tmp/sssd-softhsm2-certs-okejWD/test-root-CA.config -passin pass:random-root-CA-password-3208 -keyfile /tmp/sssd-softhsm2-certs-okejWD/test-root-CA-key.pem -in /tmp/sssd-softhsm2-certs-okejWD/test-root-CA-trusted-certificate-0001-request.pem -days 365 -extensions usr_cert -out /tmp/sssd-softhsm2-certs-okejWD/test-root-CA-trusted-certificate-0001.pem 837s Certificate Request: 837s Data: 837s Version: 1 (0x0) 837s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root Trusted Certificate 0001 837s Subject Public Key Info: 837s Public Key Algorithm: rsaEncryption 837s Public-Key: (1024 bit) 837s Modulus: 837s 00:ad:79:aa:29:c0:19:34:d6:07:03:65:bd:ab:35: 837s b0:94:4a:dd:4c:d6:2c:df:ea:24:61:f8:ab:6b:19: 837s 8c:1b:c6:2a:78:91:05:99:ff:f6:bf:32:99:b0:61: 837s 0f:07:72:ac:4c:fa:55:4c:f0:16:39:39:20:5d:14: 837s 0d:82:71:d6:82:8a:8c:3a:9e:bf:7b:5f:8c:91:7a: 837s 89:8f:c9:be:88:ae:8a:3c:32:c1:71:a8:84:0c:8c: 837s db:f9:9a:ef:ce:18:9e:5b:7b:c6:c6:4c:59:0b:92: 837s 24:88:c5:b2:6e:97:00:79:c4:2c:84:9c:13:81:8e: 837s 3c:a5:c5:39:11:b8:46:b2:e7 837s Exponent: 65537 (0x10001) 837s Attributes: 837s Requested Extensions: 837s X509v3 Basic Constraints: 837s CA:FALSE 837s Netscape Cert Type: 837s SSL Client, S/MIME 837s Netscape Comment: 837s Test Organization Root CA trusted Certificate 837s X509v3 Subject Key Identifier: 837s 0A:F6:A2:00:44:73:3C:D3:BE:38:AA:B0:77:6E:96:F7:91:70:A0:BF 837s X509v3 Key Usage: critical 837s Digital Signature, Non Repudiation, Key Encipherment 837s X509v3 Extended Key Usage: 837s TLS Web Client Authentication, E-mail Protection 837s X509v3 Subject Alternative Name: 837s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 837s Signature Algorithm: sha256WithRSAEncryption 837s Signature Value: 837s 9a:55:dc:02:70:fe:8b:b0:a7:f8:9d:d9:42:3d:60:3d:d7:38: 837s a1:36:48:71:cc:41:cd:87:51:2c:7d:36:ff:91:19:02:4d:2b: 837s 9d:5a:af:b9:6a:94:ee:c6:b0:05:6e:3e:96:03:8c:95:7e:40: 837s ff:a5:56:c4:0b:f8:fa:a4:19:12:2f:a5:21:e9:09:f6:a2:08: 837s f0:df:ee:3d:9a:21:d5:9d:a7:a3:5f:44:ac:2f:dc:9d:24:96: 837s b3:1c:d1:3b:87:e3:31:c7:86:7b:33:72:39:1b:be:4d:36:ec: 837s c4:bc:2b:c2:05:19:e9:cc:8b:43:2d:f8:da:f0:cf:ac:db:11: 837s 17:12 837s Using configuration from /tmp/sssd-softhsm2-certs-okejWD/test-root-CA.config 837s Check that the request matches the signature 837s Signature ok 837s Certificate Details: 837s Serial Number: 3 (0x3) 837s Validity 837s Not Before: Nov 29 21:12:13 2024 GMT 837s Not After : Nov 29 21:12:13 2025 GMT 837s Subject: 837s organizationName = Test Organization 837s organizationalUnitName = Test Organization Unit 837s commonName = Test Organization Root Trusted Certificate 0001 837s X509v3 extensions: 837s X509v3 Authority Key Identifier: 837s A0:E5:00:14:56:AB:C9:D3:43:AB:1F:1C:D8:E9:85:CC:4A:AA:12:AB 837s X509v3 Basic Constraints: 837s CA:FALSE 837s Netscape Cert Type: 837s SSL Client, S/MIME 837s Netscape Comment: 837s Test Organization Root CA trusted Certificate 837s X509v3 Subject Key Identifier: 837s 0A:F6:A2:00:44:73:3C:D3:BE:38:AA:B0:77:6E:96:F7:91:70:A0:BF 837s X509v3 Key Usage: critical 837s Digital Signature, Non Repudiation, Key Encipherment 837s X509v3 Extended Key Usage: 837s TLS Web Client Authentication, E-mail Protection 837s X509v3 Subject Alternative Name: 837s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 837s Certificate is to be certified until Nov 29 21:12:13 2025 GMT (365 days) 837s 837s Write out database with 1 new entries 837s Database updated 837s + openssl x509 -noout -in /tmp/sssd-softhsm2-certs-okejWD/test-root-CA-trusted-certificate-0001.pem 837s + openssl verify -CAfile /tmp/sssd-softhsm2-certs-okejWD/test-root-CA.pem /tmp/sssd-softhsm2-certs-okejWD/test-root-CA-trusted-certificate-0001.pem 837s /tmp/sssd-softhsm2-certs-okejWD/test-root-CA-trusted-certificate-0001.pem: OK 837s + expect_fail openssl verify -CAfile /tmp/sssd-softhsm2-certs-okejWD/test-intermediate-CA.pem /tmp/sssd-softhsm2-certs-okejWD/test-root-CA-trusted-certificate-0001.pem 837s + local cmd=openssl 837s + shift 837s + openssl verify -CAfile /tmp/sssd-softhsm2-certs-okejWD/test-intermediate-CA.pem /tmp/sssd-softhsm2-certs-okejWD/test-root-CA-trusted-certificate-0001.pem 837s O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root Trusted Certificate 0001 837s error 20 at 0 depth lookup: unable to get local issuer certificate 837s error /tmp/sssd-softhsm2-certs-okejWD/test-root-CA-trusted-certificate-0001.pem: verification failed 837s + cat 837s + intermediate_ca_trusted_cert_0001_key_pass=pass:random-intermediate-ca-trusted-cert-0001-32746 837s + openssl genrsa -aes256 -out /tmp/sssd-softhsm2-certs-okejWD/test-intermediate-CA-trusted-certificate-0001-key.pem -passout pass:random-intermediate-ca-trusted-cert-0001-32746 1024 837s + openssl req -new -nodes -reqexts req_exts -passin pass:random-intermediate-ca-trusted-cert-0001-32746 -key /tmp/sssd-softhsm2-certs-okejWD/test-intermediate-CA-trusted-certificate-0001-key.pem -config /tmp/sssd-softhsm2-certs-okejWD/test-intermediate-CA-trusted-certificate-0001.config -out /tmp/sssd-softhsm2-certs-okejWD/test-intermediate-CA-trusted-certificate-0001-request.pem 837s + openssl req -text -noout -in /tmp/sssd-softhsm2-certs-okejWD/test-intermediate-CA-trusted-certificate-0001-request.pem 837s + openssl ca -passin pass:random-intermediate-CA-password-10527 -config /tmp/sssd-softhsm2-certs-okejWD/test-intermediate-CA.config -batch -notext -keyfile /tmp/sssd-softhsm2-certs-okejWD/test-intermediate-CA-key.pem -in /tmp/sssd-softhsm2-certs-okejWD/test-intermediate-CA-trusted-certificate-0001-request.pem -days 365 -extensions usr_cert -out /tmp/sssd-softhsm2-certs-okejWD/test-intermediate-CA-trusted-certificate-0001.pem 837s Certificate Request: 837s Data: 837s Version: 1 (0x0) 837s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate Trusted Certificate 0001 837s Subject Public Key Info: 837s Public Key Algorithm: rsaEncryption 837s Public-Key: (1024 bit) 837s Modulus: 837s 00:cb:e1:5a:31:eb:c7:66:89:aa:92:7e:72:73:36: 837s b0:2d:87:c6:7d:02:e5:3e:7d:8b:ce:34:25:c2:ec: 837s 96:c3:d1:12:c5:f7:29:15:72:1d:1c:0e:ab:65:4e: 837s 84:4a:f6:6d:e4:02:34:45:16:ef:cd:b9:8a:d7:de: 837s 9b:76:d7:97:f0:b9:53:ad:b9:be:d6:02:e4:7c:93: 837s af:9d:a5:20:27:8d:26:82:4e:30:f3:ca:6d:19:35: 837s bf:3e:47:a2:e6:a3:c7:f1:5c:7a:e1:fb:24:f7:e8: 837s 69:c1:4c:ab:9e:ee:9e:a3:0e:39:00:2c:7e:ce:f8: 837s d4:f1:02:a9:28:3b:cc:ab:bf 837s Exponent: 65537 (0x10001) 837s Attributes: 837s Requested Extensions: 837s X509v3 Basic Constraints: 837s CA:FALSE 837s Netscape Cert Type: 837s SSL Client, S/MIME 837s Netscape Comment: 837s Test Organization Intermediate CA trusted Certificate 837s X509v3 Subject Key Identifier: 837s D1:77:97:E7:94:F7:83:5A:69:37:0C:D5:F5:09:E3:3E:30:E6:2F:94 837s X509v3 Key Usage: critical 837s Digital Signature, Non Repudiation, Key Encipherment 837s X509v3 Extended Key Usage: 837s TLS Web Client Authentication, E-mail Protection 837s X509v3 Subject Alternative Name: 837s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 837s Signature Algorithm: sha256WithRSAEncryption 837s Signature Value: 837s 36:3e:25:4e:5f:81:62:17:bd:75:f1:03:3a:ee:06:d3:a4:fa: 837s 84:2e:48:2e:ac:68:73:59:45:03:72:b8:e6:a1:4a:8d:b4:fb: 837s ca:d2:8c:44:b1:cc:79:fd:34:c9:93:d2:b5:f5:bc:7a:e8:55: 837s ed:ab:63:e6:3f:70:82:ff:8b:12:7c:19:5e:b6:ca:a6:1a:2b: 837s 21:46:ad:c5:01:84:11:0f:3d:fd:36:7c:43:f2:1d:58:3c:dc: 837s 53:bd:dc:2c:81:2b:0c:c4:ed:75:38:31:d8:2a:2f:d1:40:1a: 837s 11:dd:5e:92:6e:87:e9:9f:d4:04:29:67:18:28:c3:c5:26:ed: 837s 2c:2b 837s Using configuration from /tmp/sssd-softhsm2-certs-okejWD/test-intermediate-CA.config 837s Check that the request matches the signature 837s Signature ok 837s Certificate Details: 837s Serial Number: 4 (0x4) 837s Validity 837s Not Before: Nov 29 21:12:13 2024 GMT 837s Not After : Nov 29 21:12:13 2025 GMT 837s Subject: 837s organizationName = Test Organization 837s organizationalUnitName = Test Organization Unit 837s commonName = Test Organization Intermediate Trusted Certificate 0001 837s X509v3 extensions: 837s X509v3 Authority Key Identifier: 837s B2:41:3C:5C:A3:02:86:C0:4C:A2:5C:23:BA:C6:BB:6D:1B:69:07:00 837s X509v3 Basic Constraints: 837s CA:FALSE 837s Netscape Cert Type: 837s SSL Client, S/MIME 837s Netscape Comment: 837s Test Organization Intermediate CA trusted Certificate 837s X509v3 Subject Key Identifier: 837s D1:77:97:E7:94:F7:83:5A:69:37:0C:D5:F5:09:E3:3E:30:E6:2F:94 837s X509v3 Key Usage: critical 837s Digital Signature, Non Repudiation, Key Encipherment 837s X509v3 Extended Key Usage: 837s TLS Web Client Authentication, E-mail Protection 837s X509v3 Subject Alternative Name: 837s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 837s Certificate is to be certified until Nov 29 21:12:13 2025 GMT (365 days) 837s 837s Write out database with 1 new entries 837s Database updated 837s + openssl x509 -noout -in /tmp/sssd-softhsm2-certs-okejWD/test-intermediate-CA-trusted-certificate-0001.pem 837s + echo 'This certificate should not be trusted fully' 837s + expect_fail openssl verify -CAfile /tmp/sssd-softhsm2-certs-okejWD/test-intermediate-CA.pem /tmp/sssd-softhsm2-certs-okejWD/test-intermediate-CA-trusted-certificate-0001.pem 837s This certificate should not be trusted fully 837s + local cmd=openssl 837s + shift 837s + openssl verify -CAfile /tmp/sssd-softhsm2-certs-okejWD/test-intermediate-CA.pem /tmp/sssd-softhsm2-certs-okejWD/test-intermediate-CA-trusted-certificate-0001.pem 837s O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate CA 837s error 2 at 1 depth lookup: unable to get issuer certificate 837s error /tmp/sssd-softhsm2-certs-okejWD/test-intermediate-CA-trusted-certificate-0001.pem: verification failed 837s + openssl verify -partial_chain -CAfile /tmp/sssd-softhsm2-certs-okejWD/test-intermediate-CA.pem /tmp/sssd-softhsm2-certs-okejWD/test-intermediate-CA-trusted-certificate-0001.pem 837s /tmp/sssd-softhsm2-certs-okejWD/test-intermediate-CA-trusted-certificate-0001.pem: OK 837s + cat 837s + sub_intermediate_ca_trusted_cert_0001_key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-13791 837s + openssl genrsa -aes256 -out /tmp/sssd-softhsm2-certs-okejWD/test-sub-intermediate-CA-trusted-certificate-0001-key.pem -passout pass:random-sub-intermediate-ca-trusted-cert-0001-13791 1024 837s + openssl req -new -nodes -reqexts req_exts -passin pass:random-sub-intermediate-ca-trusted-cert-0001-13791 -key /tmp/sssd-softhsm2-certs-okejWD/test-sub-intermediate-CA-trusted-certificate-0001-key.pem -config /tmp/sssd-softhsm2-certs-okejWD/test-sub-intermediate-CA-trusted-certificate-0001.config -out /tmp/sssd-softhsm2-certs-okejWD/test-sub-intermediate-CA-trusted-certificate-0001-request.pem 837s + openssl req -text -noout -in /tmp/sssd-softhsm2-certs-okejWD/test-sub-intermediate-CA-trusted-certificate-0001-request.pem 837s Certificate Request: 837s Data: 837s Version: 1 (0x0) 837s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate Trusted Certificate 0001 837s Subject Public Key Info: 837s Public Key Algorithm: rsaEncryption 837s Public-Key: (1024 bit) 837s Modulus: 837s 00:e5:a1:58:56:b7:56:8a:37:16:11:a8:49:2e:fc: 837s 15:9d:86:f8:02:78:6e:59:22:7c:e9:1b:1a:78:eb: 837s 91:d2:8b:36:39:7f:d0:bf:72:94:37:6d:c5:3b:8f: 837s 3c:e7:5d:df:4e:d6:45:3f:e8:43:b0:1d:54:c8:de: 837s 80:cd:14:01:01:bc:78:52:84:0a:12:ee:98:15:89: 837s f5:27:c4:56:8b:1b:d7:5e:48:bd:15:c9:6a:82:d6: 837s b7:57:8a:e0:12:d8:df:4c:a6:82:b1:f2:9b:af:a6: 837s 57:4a:74:df:9a:10:a1:1c:f6:ee:91:ba:cd:03:3f: 837s 38:7d:fe:8d:41:fe:fb:de:dd 837s Exponent: 65537 (0x10001) 837s Attributes: 837s Requested Extensions: 837s X509v3 Basic Constraints: 837s CA:FALSE 837s Netscape Cert Type: 837s SSL Client, S/MIME 837s Netscape Comment: 837s Test Organization Sub Intermediate CA trusted Certificate 837s X509v3 Subject Key Identifier: 837s 59:41:E4:75:59:63:DB:A8:82:0A:34:B6:D8:F9:0E:F8:F4:6E:37:B4 837s X509v3 Key Usage: critical 837s Digital Signature, Non Repudiation, Key Encipherment 837s X509v3 Extended Key Usage: 837s TLS Web Client Authentication, E-mail Protection 837s X509v3 Subject Alternative Name: 837s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 837s Signature Algorithm: sha256WithRSAEncryption 837s Signature Value: 837s ae:1b:a3:aa:7e:9e:e0:3b:ee:02:08:df:b4:7b:08:44:6b:3a: 837s 1f:b5:4d:6f:41:a8:b6:bc:7b:c2:24:f7:d8:3f:39:6d:e8:5f: 837s 09:7b:ea:fb:84:4e:62:82:28:32:16:94:f4:1b:7f:b9:80:60: 837s a4:7a:d2:b3:e3:6f:0a:5b:a0:df:c9:41:83:01:de:ff:e2:44: 837s 6c:3a:0b:4f:12:8c:1b:40:4e:fa:12:df:ae:f1:32:33:a6:48: 837s de:a6:01:da:64:40:e0:01:20:24:3f:bd:c8:52:d4:c4:33:78: 837s f7:98:19:d7:92:ba:0a:19:a6:2d:32:ee:32:58:fa:50:c9:68: 837s d5:d8 837s + openssl ca -passin pass:random-sub-intermediate-CA-password-11973 -config /tmp/sssd-softhsm2-certs-okejWD/test-sub-intermediate-CA.config -batch -notext -keyfile /tmp/sssd-softhsm2-certs-okejWD/test-sub-intermediate-CA-key.pem -in /tmp/sssd-softhsm2-certs-okejWD/test-sub-intermediate-CA-trusted-certificate-0001-request.pem -days 365 -extensions usr_cert -out /tmp/sssd-softhsm2-certs-okejWD/test-sub-intermediate-CA-trusted-certificate-0001.pem 837s Using configuration from /tmp/sssd-softhsm2-certs-okejWD/test-sub-intermediate-CA.config 837s Check that the request matches the signature 837s Signature ok 837s Certificate Details: 837s Serial Number: 5 (0x5) 837s Validity 837s Not Before: Nov 29 21:12:13 2024 GMT 837s Not After : Nov 29 21:12:13 2025 GMT 837s Subject: 837s organizationName = Test Organization 837s organizationalUnitName = Test Organization Unit 837s commonName = Test Organization Sub Intermediate Trusted Certificate 0001 837s X509v3 extensions: 837s X509v3 Authority Key Identifier: 837s 5D:63:11:C4:42:C3:61:F3:EB:0E:8C:B6:24:D0:38:E2:B9:A4:1F:98 837s X509v3 Basic Constraints: 837s CA:FALSE 837s Netscape Cert Type: 837s SSL Client, S/MIME 837s Netscape Comment: 837s Test Organization Sub Intermediate CA trusted Certificate 837s X509v3 Subject Key Identifier: 837s 59:41:E4:75:59:63:DB:A8:82:0A:34:B6:D8:F9:0E:F8:F4:6E:37:B4 837s X509v3 Key Usage: critical 837s Digital Signature, Non Repudiation, Key Encipherment 837s X509v3 Extended Key Usage: 837s TLS Web Client Authentication, E-mail Protection 837s X509v3 Subject Alternative Name: 837s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 837s Certificate is to be certified until Nov 29 21:12:13 2025 GMT (365 days) 837s 837s Write out database with 1 new entries 837s Database updated 837s + openssl x509 -noout -in /tmp/sssd-softhsm2-certs-okejWD/test-sub-intermediate-CA-trusted-certificate-0001.pem 837s This certificate should not be trusted fully 837s + echo 'This certificate should not be trusted fully' 837s + expect_fail openssl verify -CAfile /tmp/sssd-softhsm2-certs-okejWD/test-sub-intermediate-CA.pem /tmp/sssd-softhsm2-certs-okejWD/test-sub-intermediate-CA-trusted-certificate-0001.pem 837s + local cmd=openssl 837s + shift 837s + openssl verify -CAfile /tmp/sssd-softhsm2-certs-okejWD/test-sub-intermediate-CA.pem /tmp/sssd-softhsm2-certs-okejWD/test-sub-intermediate-CA-trusted-certificate-0001.pem 837s O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate CA 837s error 2 at 1 depth lookup: unable to get issuer certificate 837s error /tmp/sssd-softhsm2-certs-okejWD/test-sub-intermediate-CA-trusted-certificate-0001.pem: verification failed 837s + expect_fail openssl verify -CAfile /tmp/sssd-softhsm2-certs-okejWD/test-intermediate-CA.pem /tmp/sssd-softhsm2-certs-okejWD/test-sub-intermediate-CA-trusted-certificate-0001.pem 837s + local cmd=openssl 837s + shift 837s + openssl verify -CAfile /tmp/sssd-softhsm2-certs-okejWD/test-intermediate-CA.pem /tmp/sssd-softhsm2-certs-okejWD/test-sub-intermediate-CA-trusted-certificate-0001.pem 837s O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate Trusted Certificate 0001 837s error 20 at 0 depth lookup: unable to get local issuer certificate 837s error /tmp/sssd-softhsm2-certs-okejWD/test-sub-intermediate-CA-trusted-certificate-0001.pem: verification failed 837s + openssl verify -partial_chain -CAfile /tmp/sssd-softhsm2-certs-okejWD/test-sub-intermediate-CA.pem /tmp/sssd-softhsm2-certs-okejWD/test-sub-intermediate-CA-trusted-certificate-0001.pem 837s /tmp/sssd-softhsm2-certs-okejWD/test-sub-intermediate-CA-trusted-certificate-0001.pem: OK 837s + expect_fail openssl verify -partial_chain -CAfile /tmp/sssd-softhsm2-certs-okejWD/test-intermediate-CA.pem /tmp/sssd-softhsm2-certs-okejWD/test-sub-intermediate-CA-trusted-certificate-0001.pem 837s + local cmd=openssl 837s + shift 837s + openssl verify -partial_chain -CAfile /tmp/sssd-softhsm2-certs-okejWD/test-intermediate-CA.pem /tmp/sssd-softhsm2-certs-okejWD/test-sub-intermediate-CA-trusted-certificate-0001.pem 837s Building a the full-chain CA file... 837s O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate Trusted Certificate 0001 837s error 20 at 0 depth lookup: unable to get local issuer certificate 837s error /tmp/sssd-softhsm2-certs-okejWD/test-sub-intermediate-CA-trusted-certificate-0001.pem: verification failed 837s + echo 'Building a the full-chain CA file...' 837s + cat /tmp/sssd-softhsm2-certs-okejWD/test-root-CA.pem /tmp/sssd-softhsm2-certs-okejWD/test-intermediate-CA.pem /tmp/sssd-softhsm2-certs-okejWD/test-sub-intermediate-CA.pem 837s + cat /tmp/sssd-softhsm2-certs-okejWD/test-root-CA.pem /tmp/sssd-softhsm2-certs-okejWD/test-intermediate-CA.pem 837s + cat /tmp/sssd-softhsm2-certs-okejWD/test-intermediate-CA.pem /tmp/sssd-softhsm2-certs-okejWD/test-sub-intermediate-CA.pem 837s + openssl crl2pkcs7 -nocrl -certfile /tmp/sssd-softhsm2-certs-okejWD/test-full-chain-CA.pem 837s + openssl pkcs7 -print_certs -noout 837s subject=O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root CA 837s issuer=O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root CA 837s 837s subject=O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate CA 837s issuer=O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root CA 837s 837s subject=O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate CA 837s issuer=O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate CA 837s 837s + openssl verify -CAfile /tmp/sssd-softhsm2-certs-okejWD/test-full-chain-CA.pem /tmp/sssd-softhsm2-certs-okejWD/test-intermediate-CA.pem 837s /tmp/sssd-softhsm2-certs-okejWD/test-intermediate-CA.pem: OK 837s + openssl verify -CAfile /tmp/sssd-softhsm2-certs-okejWD/test-full-chain-CA.pem /tmp/sssd-softhsm2-certs-okejWD/test-root-CA-trusted-certificate-0001.pem 837s /tmp/sssd-softhsm2-certs-okejWD/test-root-CA-trusted-certificate-0001.pem: OK 837s + openssl verify -CAfile /tmp/sssd-softhsm2-certs-okejWD/test-full-chain-CA.pem /tmp/sssd-softhsm2-certs-okejWD/test-intermediate-CA-trusted-certificate-0001.pem 837s /tmp/sssd-softhsm2-certs-okejWD/test-intermediate-CA-trusted-certificate-0001.pem: OK 837s + openssl verify -CAfile /tmp/sssd-softhsm2-certs-okejWD/test-full-chain-CA.pem /tmp/sssd-softhsm2-certs-okejWD/test-root-intermediate-chain-CA.pem 837s /tmp/sssd-softhsm2-certs-okejWD/test-root-intermediate-chain-CA.pem: OK 837s + openssl verify -CAfile /tmp/sssd-softhsm2-certs-okejWD/test-full-chain-CA.pem /tmp/sssd-softhsm2-certs-okejWD/test-sub-intermediate-CA-trusted-certificate-0001.pem 837s /tmp/sssd-softhsm2-certs-okejWD/test-sub-intermediate-CA-trusted-certificate-0001.pem: OK 837s Certificates generation completed! 837s + echo 'Certificates generation completed!' 837s + [[ -v NO_SSSD_TESTS ]] 837s + [[ -v GENERATE_SMART_CARDS ]] 837s + prepare_softhsm2_card /tmp/sssd-softhsm2-certs-okejWD/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-6031 837s + local certificate=/tmp/sssd-softhsm2-certs-okejWD/test-root-CA-trusted-certificate-0001.pem 837s + local key_pass=pass:random-root-ca-trusted-cert-0001-6031 837s + local key_cn 837s + local key_name 837s + local tokens_dir 837s + local output_cert_file 837s + token_name= 837s ++ basename /tmp/sssd-softhsm2-certs-okejWD/test-root-CA-trusted-certificate-0001.pem .pem 837s + key_name=test-root-CA-trusted-certificate-0001 837s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-certs-okejWD/test-root-CA-trusted-certificate-0001.pem 837s ++ sed -n 's/ *commonName *= //p' 837s + key_cn='Test Organization Root Trusted Certificate 0001' 837s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 837s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-certs-okejWD/softhsm2-test-root-CA-trusted-certificate-0001.conf 837s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-certs-okejWD/softhsm2-test-root-CA-trusted-certificate-0001.conf 837s ++ basename /tmp/sssd-softhsm2-certs-okejWD/softhsm2-test-root-CA-trusted-certificate-0001.conf .conf 837s + tokens_dir=/tmp/sssd-softhsm2-certs-okejWD/softhsm2-test-root-CA-trusted-certificate-0001 837s + token_name='Test Organization Root Tr Token' 837s + '[' '!' -e /tmp/sssd-softhsm2-certs-okejWD/softhsm2-test-root-CA-trusted-certificate-0001.conf ']' 837s + local key_file 837s + local decrypted_key 837s + mkdir -p /tmp/sssd-softhsm2-certs-okejWD/softhsm2-test-root-CA-trusted-certificate-0001 837s + key_file=/tmp/sssd-softhsm2-certs-okejWD/test-root-CA-trusted-certificate-0001-key.pem 837s + decrypted_key=/tmp/sssd-softhsm2-certs-okejWD/test-root-CA-trusted-certificate-0001-key-decrypted.pem 837s + cat 837s + softhsm2-util --init-token --label 'Test Organization Root Tr Token' --pin 123456 --so-pin 123456 --free 837s Slot 0 has a free/uninitialized token. 837s The token has been initialized and is reassigned to slot 168216839 837s + softhsm2-util --show-slots 837s Available slots: 837s Slot 168216839 837s Slot info: 837s Description: SoftHSM slot ID 0xa06c907 837s Manufacturer ID: SoftHSM project 837s Hardware version: 2.6 837s Firmware version: 2.6 837s Token present: yes 837s Token info: 837s Manufacturer ID: SoftHSM project 837s Model: SoftHSM v2 837s Hardware version: 2.6 837s Firmware version: 2.6 837s Serial number: ca98ccdb8a06c907 837s Initialized: yes 837s User PIN init.: yes 837s Label: Test Organization Root Tr Token 837s Slot 1 837s Slot info: 837s Description: SoftHSM slot ID 0x1 837s Manufacturer ID: SoftHSM project 837s Hardware version: 2.6 837s Firmware version: 2.6 837s Token present: yes 837s Token info: 837s Manufacturer ID: SoftHSM project 837s Model: SoftHSM v2 837s Hardware version: 2.6 837s Firmware version: 2.6 837s Serial number: 837s Initialized: no 837s User PIN init.: no 837s Label: 838s + p11tool --provider=/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so --write --no-mark-private --load-certificate=/tmp/sssd-softhsm2-certs-okejWD/test-root-CA-trusted-certificate-0001.pem --login --set-pin=123456 --label 'Test Organization Root Trusted Certificate 0001' --id 00112233445566778899FFAABBCCDDEEFF012345 838s + openssl rsa -passin pass:random-root-ca-trusted-cert-0001-6031 -in /tmp/sssd-softhsm2-certs-okejWD/test-root-CA-trusted-certificate-0001-key.pem -out /tmp/sssd-softhsm2-certs-okejWD/test-root-CA-trusted-certificate-0001-key-decrypted.pem 838s writing RSA key 838s + p11tool --provider=/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so --write --load-privkey=/tmp/sssd-softhsm2-certs-okejWD/test-root-CA-trusted-certificate-0001-key-decrypted.pem --login --set-pin=123456 --label 'Test Organization Root Trusted Certificate 0001 Key' --id 00112233445566778899FFAABBCCDDEEFF012345 838s + rm /tmp/sssd-softhsm2-certs-okejWD/test-root-CA-trusted-certificate-0001-key-decrypted.pem 838s + p11tool --provider=/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so --list-all 838s Object 0: 838s URL: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=ca98ccdb8a06c907;token=Test%20Organization%20Root%20Tr%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Root%20Trusted%20Certificate%200001;type=cert 838s Type: X.509 Certificate (RSA-1024) 838s Expires: Sat Nov 29 21:12:13 2025 838s Label: Test Organization Root Trusted Certificate 0001 838s ID: 00:11:22:33:44:55:66:77:88:99:ff:aa:bb:cc:dd:ee:ff:01:23:45 838s 838s Test Organization Root Tr Token 838s + echo 'Test Organization Root Tr Token' 838s + prepare_softhsm2_card /tmp/sssd-softhsm2-certs-okejWD/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-32746 838s + local certificate=/tmp/sssd-softhsm2-certs-okejWD/test-intermediate-CA-trusted-certificate-0001.pem 838s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-32746 838s + local key_cn 838s + local key_name 838s + local tokens_dir 838s + local output_cert_file 838s + token_name= 838s ++ basename /tmp/sssd-softhsm2-certs-okejWD/test-intermediate-CA-trusted-certificate-0001.pem .pem 838s + key_name=test-intermediate-CA-trusted-certificate-0001 838s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-certs-okejWD/test-intermediate-CA-trusted-certificate-0001.pem 838s ++ sed -n 's/ *commonName *= //p' 838s + key_cn='Test Organization Intermediate Trusted Certificate 0001' 838s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 838s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-certs-okejWD/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 838s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-certs-okejWD/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 838s ++ basename /tmp/sssd-softhsm2-certs-okejWD/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf .conf 838s + tokens_dir=/tmp/sssd-softhsm2-certs-okejWD/softhsm2-test-intermediate-CA-trusted-certificate-0001 838s + token_name='Test Organization Interme Token' 838s + '[' '!' -e /tmp/sssd-softhsm2-certs-okejWD/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf ']' 838s + local key_file 838s + local decrypted_key 838s + mkdir -p /tmp/sssd-softhsm2-certs-okejWD/softhsm2-test-intermediate-CA-trusted-certificate-0001 838s + key_file=/tmp/sssd-softhsm2-certs-okejWD/test-intermediate-CA-trusted-certificate-0001-key.pem 838s + decrypted_key=/tmp/sssd-softhsm2-certs-okejWD/test-intermediate-CA-trusted-certificate-0001-key-decrypted.pem 838s + cat 838s + softhsm2-util --init-token --label 'Test Organization Interme Token' --pin 123456 --so-pin 123456 --free 838s Slot 0 has a free/uninitialized token. 838s The token has been initialized and is reassigned to slot 1197397130 838s + softhsm2-util --show-slots 838s Available slots: 838s Slot 1197397130 838s Slot info: 838s Description: SoftHSM slot ID 0x475ed48a 838s Manufacturer ID: SoftHSM project 838s Hardware version: 2.6 838s Firmware version: 2.6 838s Token present: yes 838s Token info: 838s Manufacturer ID: SoftHSM project 838s Model: SoftHSM v2 838s Hardware version: 2.6 838s Firmware version: 2.6 838s Serial number: 5d8a66e0c75ed48a 838s Initialized: yes 838s User PIN init.: yes 838s Label: Test Organization Interme Token 838s Slot 1 838s Slot info: 838s Description: SoftHSM slot ID 0x1 838s Manufacturer ID: SoftHSM project 838s Hardware version: 2.6 838s Firmware version: 2.6 838s Token present: yes 838s Token info: 838s Manufacturer ID: SoftHSM project 838s Model: SoftHSM v2 838s Hardware version: 2.6 838s Firmware version: 2.6 838s Serial number: 838s Initialized: no 838s User PIN init.: no 838s Label: 838s + p11tool --provider=/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so --write --no-mark-private --load-certificate=/tmp/sssd-softhsm2-certs-okejWD/test-intermediate-CA-trusted-certificate-0001.pem --login --set-pin=123456 --label 'Test Organization Intermediate Trusted Certificate 0001' --id 00112233445566778899FFAABBCCDDEEFF012345 838s + openssl rsa -passin pass:random-intermediate-ca-trusted-cert-0001-32746 -in /tmp/sssd-softhsm2-certs-okejWD/test-intermediate-CA-trusted-certificate-0001-key.pem -out /tmp/sssd-softhsm2-certs-okejWD/test-intermediate-CA-trusted-certificate-0001-key-decrypted.pem 838s writing RSA key 838s + p11tool --provider=/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so --write --load-privkey=/tmp/sssd-softhsm2-certs-okejWD/test-intermediate-CA-trusted-certificate-0001-key-decrypted.pem --login --set-pin=123456 --label 'Test Organization Intermediate Trusted Certificate 0001 Key' --id 00112233445566778899FFAABBCCDDEEFF012345 838s + rm /tmp/sssd-softhsm2-certs-okejWD/test-intermediate-CA-trusted-certificate-0001-key-decrypted.pem 838s + p11tool --provider=/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so --list-all 838s Object 0: 838s URL: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=5d8a66e0c75ed48a;token=Test%20Organization%20Interme%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Intermediate%20Trusted%20Certificate%200001;type=cert 838s Type: X.509 Certificate (RSA-1024) 838s Expires: Sat Nov 29 21:12:13 2025 838s Label: Test Organization Intermediate Trusted Certificate 0001 838s ID: 00:11:22:33:44:55:66:77:88:99:ff:aa:bb:cc:dd:ee:ff:01:23:45 838s 838s Test Organization Interme Token 838s + echo 'Test Organization Interme Token' 838s + prepare_softhsm2_card /tmp/sssd-softhsm2-certs-okejWD/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-13791 838s + local certificate=/tmp/sssd-softhsm2-certs-okejWD/test-sub-intermediate-CA-trusted-certificate-0001.pem 838s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-13791 838s + local key_cn 838s + local key_name 838s + local tokens_dir 838s + local output_cert_file 838s + token_name= 838s ++ basename /tmp/sssd-softhsm2-certs-okejWD/test-sub-intermediate-CA-trusted-certificate-0001.pem .pem 838s + key_name=test-sub-intermediate-CA-trusted-certificate-0001 838s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-certs-okejWD/test-sub-intermediate-CA-trusted-certificate-0001.pem 838s ++ sed -n 's/ *commonName *= //p' 838s + key_cn='Test Organization Sub Intermediate Trusted Certificate 0001' 838s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 838s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-certs-okejWD/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 838s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-certs-okejWD/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 838s ++ basename /tmp/sssd-softhsm2-certs-okejWD/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf .conf 838s + tokens_dir=/tmp/sssd-softhsm2-certs-okejWD/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 838s + token_name='Test Organization Sub Int Token' 838s + '[' '!' -e /tmp/sssd-softhsm2-certs-okejWD/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf ']' 838s + local key_file 838s + local decrypted_key 838s + mkdir -p /tmp/sssd-softhsm2-certs-okejWD/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 838s + key_file=/tmp/sssd-softhsm2-certs-okejWD/test-sub-intermediate-CA-trusted-certificate-0001-key.pem 838s + decrypted_key=/tmp/sssd-softhsm2-certs-okejWD/test-sub-intermediate-CA-trusted-certificate-0001-key-decrypted.pem 838s + cat 838s + softhsm2-util --init-token --label 'Test Organization Sub Int Token' --pin 123456 --so-pin 123456 --free 838s Slot 0 has a free/uninitialized token. 838s The token has been initialized and is reassigned to slot 756544412 838s + softhsm2-util --show-slots 838s + p11tool --provider=/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so --write --no-mark-private --load-certificate=/tmp/sssd-softhsm2-certs-okejWD/test-sub-intermediate-CA-trusted-certificate-0001.pem --login --set-pin=123456 --label 'Test Organization Sub Intermediate Trusted Certificate 0001' --id 00112233445566778899FFAABBCCDDEEFF012345 838s Available slots: 838s Slot 756544412 838s Slot info: 838s Description: SoftHSM slot ID 0x2d17f39c 838s Manufacturer ID: SoftHSM project 838s Hardware version: 2.6 838s Firmware version: 2.6 838s Token present: yes 838s Token info: 838s Manufacturer ID: SoftHSM project 838s Model: SoftHSM v2 838s Hardware version: 2.6 838s Firmware version: 2.6 838s Serial number: 34451d072d17f39c 838s Initialized: yes 838s User PIN init.: yes 838s Label: Test Organization Sub Int Token 838s Slot 1 838s Slot info: 838s Description: SoftHSM slot ID 0x1 838s Manufacturer ID: SoftHSM project 838s Hardware version: 2.6 838s Firmware version: 2.6 838s Token present: yes 838s Token info: 838s Manufacturer ID: SoftHSM project 838s Model: SoftHSM v2 838s Hardware version: 2.6 838s Firmware version: 2.6 838s Serial number: 838s Initialized: no 838s User PIN init.: no 838s Label: 838s + openssl rsa -passin pass:random-sub-intermediate-ca-trusted-cert-0001-13791 -in /tmp/sssd-softhsm2-certs-okejWD/test-sub-intermediate-CA-trusted-certificate-0001-key.pem -out /tmp/sssd-softhsm2-certs-okejWD/test-sub-intermediate-CA-trusted-certificate-0001-key-decrypted.pem 838s writing RSA key 838s + p11tool --provider=/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so --write --load-privkey=/tmp/sssd-softhsm2-certs-okejWD/test-sub-intermediate-CA-trusted-certificate-0001-key-decrypted.pem --login --set-pin=123456 --label 'Test Organization Sub Intermediate Trusted Certificate 0001 Key' --id 00112233445566778899FFAABBCCDDEEFF012345 838s + rm /tmp/sssd-softhsm2-certs-okejWD/test-sub-intermediate-CA-trusted-certificate-0001-key-decrypted.pem 838s + p11tool --provider=/usr/lib/arm-linux-gnueabihf/softhsm/libsofthsm2.so --list-all 838s Object 0: 838s URL: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=34451d072d17f39c;token=Test%20Organization%20Sub%20Int%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Sub%20Intermediate%20Trusted%20Certificate%200001;type=cert 838s Type: X.509 Certificate (RSA-1024) 838s Expires: Sat Nov 29 21:12:13 2025 838s Label: Test Organization Sub Intermediate Trusted Certificate 0001 838s ID: 00:11:22:33:44:55:66:77:88:99:ff:aa:bb:cc:dd:ee:ff:01:23:45 838s 838s Test Organization Sub Int Token 838s Certificates generation completed! 838s + echo 'Test Organization Sub Int Token' 838s + echo 'Certificates generation completed!' 838s + exit 0 838s + find /tmp/sssd-softhsm2-certs-okejWD -type d -exec chmod 777 '{}' ';' 838s + find /tmp/sssd-softhsm2-certs-okejWD -type f -exec chmod 666 '{}' ';' 838s + backup_file /etc/sssd/sssd.conf 838s + '[' -z '' ']' 838s ++ mktemp -d -t sssd-softhsm2-backups-XXXXXX 838s + backupsdir=/tmp/sssd-softhsm2-backups-Y0QOjK 838s + '[' -e /etc/sssd/sssd.conf ']' 838s + delete_paths+=("$1") 838s + rm -f /etc/sssd/sssd.conf 838s ++ runuser -u ubuntu -- sh -c 'echo ~' 838s + user_home=/home/ubuntu 838s + mkdir -p /home/ubuntu 838s + chown ubuntu:ubuntu /home/ubuntu 838s ++ runuser -u ubuntu -- sh -c 'echo ${XDG_CONFIG_HOME:-~/.config}' 838s + user_config=/home/ubuntu/.config 838s + system_config=/etc 838s + softhsm2_conf_paths=("${AUTOPKGTEST_NORMAL_USER}:$user_config/softhsm2/softhsm2.conf" "root:$system_config/softhsm/softhsm2.conf") 838s + for path_pair in "${softhsm2_conf_paths[@]}" 838s + IFS=: 838s + read -r -a path 838s + path=/home/ubuntu/.config/softhsm2/softhsm2.conf 838s + backup_file /home/ubuntu/.config/softhsm2/softhsm2.conf 838s + '[' -z /tmp/sssd-softhsm2-backups-Y0QOjK ']' 838s + '[' -e /home/ubuntu/.config/softhsm2/softhsm2.conf ']' 838s + delete_paths+=("$1") 838s + rm -f /home/ubuntu/.config/softhsm2/softhsm2.conf 838s + for path_pair in "${softhsm2_conf_paths[@]}" 838s + IFS=: 838s + read -r -a path 838s + path=/etc/softhsm/softhsm2.conf 838s + backup_file /etc/softhsm/softhsm2.conf 838s + '[' -z /tmp/sssd-softhsm2-backups-Y0QOjK ']' 838s + '[' -e /etc/softhsm/softhsm2.conf ']' 838s ++ dirname /etc/softhsm/softhsm2.conf 838s + local back_dir=/tmp/sssd-softhsm2-backups-Y0QOjK//etc/softhsm 838s ++ basename /etc/softhsm/softhsm2.conf 838s + local back_path=/tmp/sssd-softhsm2-backups-Y0QOjK//etc/softhsm/softhsm2.conf 838s + '[' '!' -e /tmp/sssd-softhsm2-backups-Y0QOjK//etc/softhsm/softhsm2.conf ']' 838s + mkdir -p /tmp/sssd-softhsm2-backups-Y0QOjK//etc/softhsm 838s + cp -a /etc/softhsm/softhsm2.conf /tmp/sssd-softhsm2-backups-Y0QOjK//etc/softhsm/softhsm2.conf 838s + restore_paths+=("$back_path") 838s + rm -f /etc/softhsm/softhsm2.conf 838s + test_authentication login /tmp/sssd-softhsm2-certs-okejWD/softhsm2-test-root-CA-trusted-certificate-0001.conf /tmp/sssd-softhsm2-certs-okejWD/test-full-chain-CA.pem 838s + pam_service=login 838s + certificate_config=/tmp/sssd-softhsm2-certs-okejWD/softhsm2-test-root-CA-trusted-certificate-0001.conf 838s + ca_db=/tmp/sssd-softhsm2-certs-okejWD/test-full-chain-CA.pem 838s + verification_options= 838s + mkdir -p -m 700 /etc/sssd 838s Using CA DB '/tmp/sssd-softhsm2-certs-okejWD/test-full-chain-CA.pem' with verification options: '' 838s + echo 'Using CA DB '\''/tmp/sssd-softhsm2-certs-okejWD/test-full-chain-CA.pem'\'' with verification options: '\'''\''' 838s + cat 838s + chmod 600 /etc/sssd/sssd.conf 838s + for path_pair in "${softhsm2_conf_paths[@]}" 838s + IFS=: 838s + read -r -a path 838s + user=ubuntu 838s + path=/home/ubuntu/.config/softhsm2/softhsm2.conf 838s ++ dirname /home/ubuntu/.config/softhsm2/softhsm2.conf 838s + runuser -u ubuntu -- mkdir -p /home/ubuntu/.config/softhsm2 838s + runuser -u ubuntu -- ln -sf /tmp/sssd-softhsm2-certs-okejWD/softhsm2-test-root-CA-trusted-certificate-0001.conf /home/ubuntu/.config/softhsm2/softhsm2.conf 838s + runuser -u ubuntu -- softhsm2-util --show-slots 838s + grep 'Test Organization' 838s Label: Test Organization Root Tr Token 838s + for path_pair in "${softhsm2_conf_paths[@]}" 838s + IFS=: 838s + read -r -a path 838s + user=root 838s + path=/etc/softhsm/softhsm2.conf 838s ++ dirname /etc/softhsm/softhsm2.conf 838s + runuser -u root -- mkdir -p /etc/softhsm 838s + runuser -u root -- ln -sf /tmp/sssd-softhsm2-certs-okejWD/softhsm2-test-root-CA-trusted-certificate-0001.conf /etc/softhsm/softhsm2.conf 838s + runuser -u root -- softhsm2-util --show-slots 838s + grep 'Test Organization' 838s Label: Test Organization Root Tr Token 838s + systemctl restart sssd 839s + pam-auth-update --disable sss-smart-card-optional sss-smart-card-required 839s + for alternative in "${alternative_pam_configs[@]}" 839s + pam-auth-update --enable sss-smart-card-optional 840s + cat /etc/pam.d/common-auth 840s # 840s # /etc/pam.d/common-auth - authentication settings common to all services 840s # 840s # This file is included from other service-specific PAM config files, 840s # and should contain a list of the authentication modules that define 840s # the central authentication scheme for use on the system 840s # (e.g., /etc/shadow, LDAP, Kerberos, etc.). The default is to use the 840s # traditional Unix authentication mechanisms. 840s # 840s # As of pam 1.0.1-6, this file is managed by pam-auth-update by default. 840s # To take advantage of this, it is recommended that you configure any 840s # local modules either before or after the default block, and use 840s # pam-auth-update to manage selection of other modules. See 840s # pam-auth-update(8) for details. 840s 840s # here are the per-package modules (the "Primary" block) 840s auth [success=3 default=ignore] pam_sss.so allow_missing_name try_cert_auth 840s auth [success=2 default=ignore] pam_unix.so nullok try_first_pass 840s auth [success=1 default=ignore] pam_sss.so use_first_pass 840s # here's the fallback if no module succeeds 840s auth requisite pam_deny.so 840s # prime the stack with a positive return value if there isn't one already; 840s # this avoids us returning an error just because nothing sets a success code 840s # since the modules above will each just jump around 840s auth required pam_permit.so 840s # and here are more per-package modules (the "Additional" block) 840s auth optional pam_cap.so 840s # end of pam-auth-update config 840s + echo -n -e 123456 840s + runuser -u ubuntu -- pamtester -v login ubuntu authenticate 840s pamtester: invoking pam_start(login, ubuntu, ...) 840s pamtester: performing operation - authenticate 840s PIN for Test Organization Root Tr Token: pamtester: successfully authenticated 840s + echo -n -e 123456 840s + runuser -u ubuntu -- pamtester -v login '' authenticate 840s pamtester: invoking pam_start(login, , ...) 840s pamtester: performing operation - authenticate 840s PIN for Test Organization Root Tr Token: pamtester: successfully authenticated 840s + echo -n -e wrong123456 840s + runuser -u ubuntu -- pamtester -v login ubuntu authenticate 840s pamtester: invoking pam_start(login, ubuntu, ...) 840s pamtester: performing operation - authenticate 842s PIN for Test Organization Root Tr Token: Password: pamtester: Authentication failure 842s + echo -n -e wrong123456 842s + runuser -u ubuntu -- pamtester -v login '' authenticate 842s pamtester: invoking pam_start(login, , ...) 842s pamtester: performing operation - authenticate 845s PIN for Test Organization Root Tr Token: Password: pamtester: Authentication failure 845s + echo -n -e 123456 845s + pamtester -v login root authenticate 845s pamtester: invoking pam_start(login, root, ...) 845s pamtester: performing operation - authenticate 849s Password: pamtester: Authentication failure 849s + for alternative in "${alternative_pam_configs[@]}" 849s + pam-auth-update --enable sss-smart-card-required 849s PAM configuration 849s ----------------- 849s 849s Incompatible PAM profiles selected. 849s 849s The following PAM profiles cannot be used together: 849s 849s SSS required smart card authentication, SSS optional smart card 849s authentication 849s 849s Please select a different set of modules to enable. 849s 849s + cat /etc/pam.d/common-auth 849s # 849s # /etc/pam.d/common-auth - authentication settings common to all services 849s # 849s # This file is included from other service-specific PAM config files, 849s # and should contain a list of the authentication modules that define 849s # the central authentication scheme for use on the system 849s # (e.g., /etc/shadow, LDAP, Kerberos, etc.). The default is to use the 849s # traditional Unix authentication mechanisms. 849s # 849s # As of pam 1.0.1-6, this file is managed by pam-auth-update by default. 849s # To take advantage of this, it is recommended that you configure any 849s # local modules either before or after the default block, and use 849s # pam-auth-update to manage selection of other modules. See 849s # pam-auth-update(8) for details. 849s 849s # here are the per-package modules (the "Primary" block) 849s auth [success=3 ignore=ignore default=die] pam_sss.so allow_missing_name require_cert_auth 849s auth [success=2 default=ignore] pam_unix.so nullok try_first_pass 849s auth [success=1 default=ignore] pam_sss.so use_first_pass 849s # here's the fallback if no module succeeds 849s auth requisite pam_deny.so 849s # prime the stack with a positive return value if there isn't one already; 849s # this avoids us returning an error just because nothing sets a success code 849s # since the modules above will each just jump around 849s auth required pam_permit.so 849s # and here are more per-package modules (the "Additional" block) 849s auth optional pam_cap.so 849s # end of pam-auth-update config 849s + echo -n -e 123456 849s + runuser -u ubuntu -- pamtester -v login ubuntu authenticate 849s pamtester: invoking pam_start(login, ubuntu, ...) 849s pamtester: performing operation - authenticate 849s PIN for Test Organization Root Tr Token: pamtester: successfully authenticated 849s + echo -n -e 123456 849s + runuser -u ubuntu -- pamtester -v login '' authenticate 849s pamtester: invoking pam_start(login, , ...) 849s pamtester: performing operation - authenticate 849s PIN for Test Organization Root Tr Token: pamtester: successfully authenticated 849s + echo -n -e wrong123456 849s + runuser -u ubuntu -- pamtester -v login ubuntu authenticate 849s pamtester: invoking pam_start(login, ubuntu, ...) 849s pamtester: performing operation - authenticate 852s PIN for Test Organization Root Tr Token: pamtester: Authentication failure 852s + echo -n -e wrong123456 852s + runuser -u ubuntu -- pamtester -v login '' authenticate 852s pamtester: invoking pam_start(login, , ...) 852s pamtester: performing operation - authenticate 855s PIN for Test Organization Root Tr Token: pamtester: Authentication failure 855s + echo -n -e 123456 855s + pamtester -v login root authenticate 855s pamtester: invoking pam_start(login, root, ...) 855s pamtester: performing operation - authenticate 858s pamtester: Authentication service cannot retrieve authentication info 858s + test_authentication login /tmp/sssd-softhsm2-certs-okejWD/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf /tmp/sssd-softhsm2-certs-okejWD/test-full-chain-CA.pem 858s + pam_service=login 858s + certificate_config=/tmp/sssd-softhsm2-certs-okejWD/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 858s + ca_db=/tmp/sssd-softhsm2-certs-okejWD/test-full-chain-CA.pem 858s + verification_options= 858s + mkdir -p -m 700 /etc/sssd 858s Using CA DB '/tmp/sssd-softhsm2-certs-okejWD/test-full-chain-CA.pem' with verification options: '' 858s + echo 'Using CA DB '\''/tmp/sssd-softhsm2-certs-okejWD/test-full-chain-CA.pem'\'' with verification options: '\'''\''' 858s + cat 858s + chmod 600 /etc/sssd/sssd.conf 858s + for path_pair in "${softhsm2_conf_paths[@]}" 858s + IFS=: 858s + read -r -a path 858s + user=ubuntu 858s + path=/home/ubuntu/.config/softhsm2/softhsm2.conf 858s ++ dirname /home/ubuntu/.config/softhsm2/softhsm2.conf 858s + runuser -u ubuntu -- mkdir -p /home/ubuntu/.config/softhsm2 858s + runuser -u ubuntu -- ln -sf /tmp/sssd-softhsm2-certs-okejWD/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf /home/ubuntu/.config/softhsm2/softhsm2.conf 858s + runuser -u ubuntu -- softhsm2-util --show-slots 858s + grep 'Test Organization' 858s + for path_pair in "${softhsm2_conf_paths[@]}" 858s + IFS=: 858s + read -r -a path 858s + user=root 858s + path=/etc/softhsm/softhsm2.conf 858s Label: Test Organization Sub Int Token 858s ++ dirname /etc/softhsm/softhsm2.conf 858s + runuser -u root -- mkdir -p /etc/softhsm 858s + runuser -u root -- ln -sf /tmp/sssd-softhsm2-certs-okejWD/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf /etc/softhsm/softhsm2.conf 858s + runuser -u root -- softhsm2-util --show-slots 858s + grep 'Test Organization' 858s Label: Test Organization Sub Int Token 858s + systemctl restart sssd 858s + pam-auth-update --disable sss-smart-card-optional sss-smart-card-required 858s + for alternative in "${alternative_pam_configs[@]}" 858s + pam-auth-update --enable sss-smart-card-optional 859s + cat /etc/pam.d/common-auth 859s # 859s # /etc/pam.d/common-auth - authentication settings common to all services 859s # 859s # This file is included from other service-specific PAM config files, 859s # and should contain a list of the authentication modules that define 859s # the central authentication scheme for use on the system 859s # (e.g., /etc/shadow, LDAP, Kerberos, etc.). The default is to use the 859s # traditional Unix authentication mechanisms. 859s # 859s # As of pam 1.0.1-6, this file is managed by pam-auth-update by default. 859s # To take advantage of this, it is recommended that you configure any 859s # local modules either before or after the default block, and use 859s # pam-auth-update to manage selection of other modules. See 859s # pam-auth-update(8) for details. 859s 859s # here are the per-package modules (the "Primary" block) 859s auth [success=3 default=ignore] pam_sss.so allow_missing_name try_cert_auth 859s auth [success=2 default=ignore] pam_unix.so nullok try_first_pass 859s auth [success=1 default=ignore] pam_sss.so use_first_pass 859s # here's the fallback if no module succeeds 859s auth requisite pam_deny.so 859s # prime the stack with a positive return value if there isn't one already; 859s # this avoids us returning an error just because nothing sets a success code 859s # since the modules above will each just jump around 859s auth required pam_permit.so 859s # and here are more per-package modules (the "Additional" block) 859s auth optional pam_cap.so 859s # end of pam-auth-update config 859s + echo -n -e 123456 859s + runuser -u ubuntu -- pamtester -v login ubuntu authenticate 859s pamtester: invoking pam_start(login, ubuntu, ...) 859s pamtester: performing operation - authenticate 859s PIN for Test Organization Sub Int Token: pamtester: successfully authenticated 859s + echo -n -e 123456 859s + runuser -u ubuntu -- pamtester -v login '' authenticate 859s pamtester: invoking pam_start(login, , ...) 859s pamtester: performing operation - authenticate 859s PIN for Test Organization Sub Int Token: pamtester: successfully authenticated 859s + echo -n -e wrong123456 859s + runuser -u ubuntu -- pamtester -v login ubuntu authenticate 859s pamtester: invoking pam_start(login, ubuntu, ...) 859s pamtester: performing operation - authenticate 862s PIN for Test Organization Sub Int Token: Password: pamtester: Authentication failure 862s + echo -n -e wrong123456 862s + runuser -u ubuntu -- pamtester -v login '' authenticate 862s pamtester: invoking pam_start(login, , ...) 862s pamtester: performing operation - authenticate 864s PIN for Test Organization Sub Int Token: Password: pamtester: Authentication failure 864s + echo -n -e 123456 864s + pamtester -v login root authenticate 864s pamtester: invoking pam_start(login, root, ...) 864s pamtester: performing operation - authenticate 867s Password: pamtester: Authentication failure 867s + for alternative in "${alternative_pam_configs[@]}" 867s + pam-auth-update --enable sss-smart-card-required 868s PAM configuration 868s ----------------- 868s 868s Incompatible PAM profiles selected. 868s 868s The following PAM profiles cannot be used together: 868s 868s SSS required smart card authentication, SSS optional smart card 868s authentication 868s 868s Please select a different set of modules to enable. 868s 868s + cat /etc/pam.d/common-auth 868s # 868s # /etc/pam.d/common-auth - authentication settings common to all services 868s # 868s # This file is included from other service-specific PAM config files, 868s # and should contain a list of the authentication modules that define 868s # the central authentication scheme for use on the system 868s # (e.g., /etc/shadow, LDAP, Kerberos, etc.). The default is to use the 868s # traditional Unix authentication mechanisms. 868s # 868s # As of pam 1.0.1-6, this file is managed by pam-auth-update by default. 868s # To take advantage of this, it is recommended that you configure any 868s # local modules either before or after the default block, and use 868s # pam-auth-update to manage selection of other modules. See 868s # pam-auth-update(8) for details. 868s 868s # here are the per-package modules (the "Primary" block) 868s auth [success=3 ignore=ignore default=die] pam_sss.so allow_missing_name require_cert_auth 868s auth [success=2 default=ignore] pam_unix.so nullok try_first_pass 868s auth [success=1 default=ignore] pam_sss.so use_first_pass 868s # here's the fallback if no module succeeds 868s auth requisite pam_deny.so 868s # prime the stack with a positive return value if there isn't one already; 868s # this avoids us returning an error just because nothing sets a success code 868s # since the modules above will each just jump around 868s auth required pam_permit.so 868s # and here are more per-package modules (the "Additional" block) 868s auth optional pam_cap.so 868s # end of pam-auth-update config 868s + echo -n -e 123456 868s + runuser -u ubuntu -- pamtester -v login ubuntu authenticate 868s pamtester: invoking pam_start(login, ubuntu, ...) 868s pamtester: performing operation - authenticate 868s PIN for Test Organization Sub Int Token: pamtester: successfully authenticated 868s + echo -n -e 123456 868s + runuser -u ubuntu -- pamtester -v login '' authenticate 868s pamtester: invoking pam_start(login, , ...) 868s pamtester: performing operation - authenticate 868s PIN for Test Organization Sub Int Token: pamtester: successfully authenticated 868s + echo -n -e wrong123456 868s + runuser -u ubuntu -- pamtester -v login ubuntu authenticate 868s pamtester: invoking pam_start(login, ubuntu, ...) 868s pamtester: performing operation - authenticate 870s PIN for Test Organization Sub Int Token: pamtester: Authentication failure 870s + echo -n -e wrong123456 870s + runuser -u ubuntu -- pamtester -v login '' authenticate 870s pamtester: invoking pam_start(login, , ...) 870s pamtester: performing operation - authenticate 873s PIN for Test Organization Sub Int Token: pamtester: Authentication failure 873s + echo -n -e 123456 873s + pamtester -v login root authenticate 873s pamtester: invoking pam_start(login, root, ...) 873s pamtester: performing operation - authenticate 876s pamtester: Authentication service cannot retrieve authentication info 876s + test_authentication login /tmp/sssd-softhsm2-certs-okejWD/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf /tmp/sssd-softhsm2-certs-okejWD/test-sub-intermediate-CA.pem partial_chain 876s + pam_service=login 876s + certificate_config=/tmp/sssd-softhsm2-certs-okejWD/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 876s + ca_db=/tmp/sssd-softhsm2-certs-okejWD/test-sub-intermediate-CA.pem 876s + verification_options=partial_chain 876s + mkdir -p -m 700 /etc/sssd 876s + echo 'Using CA DB '\''/tmp/sssd-softhsm2-certs-okejWD/test-sub-intermediate-CA.pem'\'' with verification options: '\''partial_chain'\''' 876s + cat 876s Using CA DB '/tmp/sssd-softhsm2-certs-okejWD/test-sub-intermediate-CA.pem' with verification options: 'partial_chain' 876s + chmod 600 /etc/sssd/sssd.conf 876s + for path_pair in "${softhsm2_conf_paths[@]}" 876s + IFS=: 876s + read -r -a path 876s + user=ubuntu 876s + path=/home/ubuntu/.config/softhsm2/softhsm2.conf 876s ++ dirname /home/ubuntu/.config/softhsm2/softhsm2.conf 876s + runuser -u ubuntu -- mkdir -p /home/ubuntu/.config/softhsm2 876s + runuser -u ubuntu -- ln -sf /tmp/sssd-softhsm2-certs-okejWD/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf /home/ubuntu/.config/softhsm2/softhsm2.conf 876s Label: Test Organization Sub Int Token 876s + runuser -u ubuntu -- softhsm2-util --show-slots 876s + grep 'Test Organization' 876s + for path_pair in "${softhsm2_conf_paths[@]}" 876s + IFS=: 876s + read -r -a path 876s + user=root 876s + path=/etc/softhsm/softhsm2.conf 876s ++ dirname /etc/softhsm/softhsm2.conf 876s + runuser -u root -- mkdir -p /etc/softhsm 876s + runuser -u root -- ln -sf /tmp/sssd-softhsm2-certs-okejWD/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf /etc/softhsm/softhsm2.conf 876s + runuser -u root -- softhsm2-util --show-slots 876s + grep 'Test Organization' 876s Label: Test Organization Sub Int Token 876s + systemctl restart sssd 876s + pam-auth-update --disable sss-smart-card-optional sss-smart-card-required 877s + for alternative in "${alternative_pam_configs[@]}" 877s + pam-auth-update --enable sss-smart-card-optional 877s + cat /etc/pam.d/common-auth 877s # 877s # /etc/pam.d/common-auth - authentication settings common to all services 877s # 877s # This file is included from other service-specific PAM config files, 877s # and should contain a list of the authentication modules that define 877s # the central authentication scheme for use on the system 877s # (e.g., /etc/shadow, LDAP, Kerberos, etc.). The default is to use the 877s # traditional Unix authentication mechanisms. 877s # 877s # As of pam 1.0.1-6, this file is managed by pam-auth-update by default. 877s # To take advantage of this, it is recommended that you configure any 877s # local modules either before or after the default block, and use 877s # pam-auth-update to manage selection of other modules. See 877s # pam-auth-update(8) for details. 877s 877s # here are the per-package modules (the "Primary" block) 877s auth [success=3 default=ignore] pam_sss.so allow_missing_name try_cert_auth 877s auth [success=2 default=ignore] pam_unix.so nullok try_first_pass 877s auth [success=1 default=ignore] pam_sss.so use_first_pass 877s # here's the fallback if no module succeeds 877s auth requisite pam_deny.so 877s # prime the stack with a positive return value if there isn't one already; 877s # this avoids us returning an error just because nothing sets a success code 877s # since the modules above will each just jump around 877s auth required pam_permit.so 877s # and here are more per-package modules (the "Additional" block) 877s auth optional pam_cap.so 877s # end of pam-auth-update config 877s + echo -n -e 123456 877s + runuser -u ubuntu -- pamtester -v login ubuntu authenticate 877s pamtester: invoking pam_start(login, ubuntu, ...) 877s pamtester: performing operation - authenticate 877s PIN for Test Organization Sub Int Token: pamtester: successfully authenticated 877s + echo -n -e 123456 877s + runuser -u ubuntu -- pamtester -v login '' authenticate 877s pamtester: invoking pam_start(login, , ...) 877s pamtester: performing operation - authenticate 877s PIN for Test Organization Sub Int Token: pamtester: successfully authenticated 877s + echo -n -e wrong123456 877s + runuser -u ubuntu -- pamtester -v login ubuntu authenticate 877s pamtester: invoking pam_start(login, ubuntu, ...) 877s pamtester: performing operation - authenticate 880s PIN for Test Organization Sub Int Token: Password: pamtester: Authentication failure 880s + echo -n -e wrong123456 880s + runuser -u ubuntu -- pamtester -v login '' authenticate 880s pamtester: invoking pam_start(login, , ...) 880s pamtester: performing operation - authenticate 882s PIN for Test Organization Sub Int Token: Password: pamtester: Authentication failure 882s + echo -n -e 123456 882s + pamtester -v login root authenticate 882s pamtester: invoking pam_start(login, root, ...) 882s pamtester: performing operation - authenticate 885s Password: pamtester: Authentication failure 885s + for alternative in "${alternative_pam_configs[@]}" 885s + pam-auth-update --enable sss-smart-card-required 885s PAM configuration 885s ----------------- 885s 885s Incompatible PAM profiles selected. 885s 885s The following PAM profiles cannot be used together: 885s 885s SSS required smart card authentication, SSS optional smart card 885s authentication 885s 885s Please select a different set of modules to enable. 885s 885s + cat /etc/pam.d/common-auth 885s # 885s # /etc/pam.d/common-auth - authentication settings common to all services 885s # 885s # This file is included from other service-specific PAM config files, 885s # and should contain a list of the authentication modules that define 885s # the central authentication scheme for use on the system 885s # (e.g., /etc/shadow, LDAP, Kerberos, etc.). The default is to use the 885s # traditional Unix authentication mechanisms. 885s # 885s # As of pam 1.0.1-6, this file is managed by pam-auth-update by default. 885s # To take advantage of this, it is recommended that you configure any 885s # local modules either before or after the default block, and use 885s # pam-auth-update to manage selection of other modules. See 885s # pam-auth-update(8) for details. 885s 885s # here are the per-package modules (the "Primary" block) 885s auth [success=3 ignore=ignore default=die] pam_sss.so allow_missing_name require_cert_auth 885s auth [success=2 default=ignore] pam_unix.so nullok try_first_pass 885s auth [success=1 default=ignore] pam_sss.so use_first_pass 885s # here's the fallback if no module succeeds 885s auth requisite pam_deny.so 885s # prime the stack with a positive return value if there isn't one already; 885s # this avoids us returning an error just because nothing sets a success code 885s # since the modules above will each just jump around 885s auth required pam_permit.so 885s # and here are more per-package modules (the "Additional" block) 885s auth optional pam_cap.so 885s # end of pam-auth-update config 885s + echo -n -e 123456 885s + runuser -u ubuntu -- pamtester -v login ubuntu authenticate 885s pamtester: invoking pam_start(login, ubuntu, ...) 885s pamtester: performing operation - authenticate 885s PIN for Test Organization Sub Int Token: pamtester: successfully authenticated 885s + echo -n -e 123456 885s + runuser -u ubuntu -- pamtester -v login '' authenticate 885s pamtester: invoking pam_start(login, , ...) 885s pamtester: performing operation - authenticate 885s PIN for Test Organization Sub Int Token: pamtester: successfully authenticated 885s + echo -n -e wrong123456 885s + runuser -u ubuntu -- pamtester -v login ubuntu authenticate 885s pamtester: invoking pam_start(login, ubuntu, ...) 885s pamtester: performing operation - authenticate 889s PIN for Test Organization Sub Int Token: pamtester: Authentication failure 889s + echo -n -e wrong123456 889s + runuser -u ubuntu -- pamtester -v login '' authenticate 889s pamtester: invoking pam_start(login, , ...) 889s pamtester: performing operation - authenticate 891s PIN for Test Organization Sub Int Token: pamtester: Authentication failure 891s + echo -n -e 123456 891s + pamtester -v login root authenticate 891s pamtester: invoking pam_start(login, root, ...) 891s pamtester: performing operation - authenticate 894s pamtester: Authentication service cannot retrieve authentication info 894s + handle_exit 894s + exit_code=0 894s + restore_changes 894s + for path in "${restore_paths[@]}" 894s + local original_path 894s ++ realpath --strip --relative-base=/tmp/sssd-softhsm2-backups-Y0QOjK /tmp/sssd-softhsm2-backups-Y0QOjK//etc/softhsm/softhsm2.conf 894s + original_path=/etc/softhsm/softhsm2.conf 894s + rm /etc/softhsm/softhsm2.conf 894s + mv /tmp/sssd-softhsm2-backups-Y0QOjK//etc/softhsm/softhsm2.conf /etc/softhsm/softhsm2.conf 894s + for path in "${delete_paths[@]}" 894s + rm -f /etc/sssd/sssd.conf 894s + for path in "${delete_paths[@]}" 894s + rm -f /home/ubuntu/.config/softhsm2/softhsm2.conf 894s + pam-auth-update --disable sss-smart-card-optional sss-smart-card-required 895s + '[' -e /etc/sssd/sssd.conf ']' 895s + systemctl stop sssd 895s + '[' -e /etc/softhsm/softhsm2.conf ']' 895s + chmod 600 /etc/softhsm/softhsm2.conf 895s + rm -rf /tmp/sssd-softhsm2-certs-okejWD 895s + '[' 0 = 0 ']' 895s + rm -rf /tmp/sssd-softhsm2-backups-Y0QOjK 895s + set +x 895s Script completed successfully! 895s autopkgtest [21:13:11]: test sssd-smart-card-pam-auth-configs: -----------------------] 899s autopkgtest [21:13:15]: test sssd-smart-card-pam-auth-configs: - - - - - - - - - - results - - - - - - - - - - 899s sssd-smart-card-pam-auth-configs PASS 903s autopkgtest [21:13:19]: @@@@@@@@@@@@@@@@@@@@ summary 903s ldap-user-group-ldap-auth PASS 903s ldap-user-group-krb5-auth PASS 903s sssd-softhism2-certificates-tests.sh PASS 903s sssd-smart-card-pam-auth-configs PASS