0s autopkgtest [06:00:08]: starting date and time: 2024-03-20 06:00:08+0000 0s autopkgtest [06:00:08]: git checkout: 4a1cd702 l/adt_testbed: don't blame the testbed for unsolvable build deps 0s autopkgtest [06:00:08]: host juju-7f2275-prod-proposed-migration-environment-2; command line: /home/ubuntu/autopkgtest/runner/autopkgtest --output-dir /tmp/autopkgtest-work.v7goe982/out --timeout-copy=6000 --setup-commands /home/ubuntu/autopkgtest-cloud/worker-config-production/setup-canonical.sh --apt-pocket=proposed=src:libselinux,src:ruby-defaults --apt-upgrade sssd --timeout-short=300 --timeout-copy=20000 --timeout-build=20000 '--env=ADT_TEST_TRIGGERS=libselinux/3.5-2ubuntu1 ruby-defaults/1:3.2~ubuntu1' -- ssh -s /home/ubuntu/autopkgtest/ssh-setup/nova -- --flavor autopkgtest --security-groups autopkgtest-juju-7f2275-prod-proposed-migration-environment-2@bos02-ppc64el-1.secgroup --name adt-noble-ppc64el-sssd-20240320-060007-juju-7f2275-prod-proposed-migration-environment-2 --image adt/ubuntu-noble-ppc64el-server --keyname testbed-juju-7f2275-prod-proposed-migration-environment-2 --net-id=net_prod-proposed-migration -e TERM=linux -e ''"'"'http_proxy=http://squid.internal:3128'"'"'' -e ''"'"'https_proxy=http://squid.internal:3128'"'"'' -e ''"'"'no_proxy=127.0.0.1,127.0.1.1,login.ubuntu.com,localhost,localdomain,novalocal,internal,archive.ubuntu.com,ports.ubuntu.com,security.ubuntu.com,ddebs.ubuntu.com,changelogs.ubuntu.com,launchpadlibrarian.net,launchpadcontent.net,launchpad.net,10.24.0.0/24,keystone.ps5.canonical.com,objectstorage.prodstack5.canonical.com'"'"'' --mirror=http://ftpmaster.internal/ubuntu/ 101s autopkgtest [06:01:49]: testbed dpkg architecture: ppc64el 101s autopkgtest [06:01:49]: testbed apt version: 2.7.12 101s autopkgtest [06:01:49]: @@@@@@@@@@@@@@@@@@@@ test bed setup 102s Get:1 http://ftpmaster.internal/ubuntu noble-proposed InRelease [117 kB] 102s Get:2 http://ftpmaster.internal/ubuntu noble-proposed/universe Sources [3757 kB] 103s Get:3 http://ftpmaster.internal/ubuntu noble-proposed/multiverse Sources [52.7 kB] 103s Get:4 http://ftpmaster.internal/ubuntu noble-proposed/main Sources [497 kB] 103s Get:5 http://ftpmaster.internal/ubuntu noble-proposed/restricted Sources [6540 B] 103s Get:6 http://ftpmaster.internal/ubuntu noble-proposed/main ppc64el Packages [660 kB] 103s Get:7 http://ftpmaster.internal/ubuntu noble-proposed/main ppc64el c-n-f Metadata [3116 B] 103s Get:8 http://ftpmaster.internal/ubuntu noble-proposed/restricted ppc64el Packages [1372 B] 103s Get:9 http://ftpmaster.internal/ubuntu noble-proposed/restricted ppc64el c-n-f Metadata [116 B] 103s Get:10 http://ftpmaster.internal/ubuntu noble-proposed/universe ppc64el Packages [4177 kB] 104s Get:11 http://ftpmaster.internal/ubuntu noble-proposed/universe ppc64el c-n-f Metadata [8652 B] 104s Get:12 http://ftpmaster.internal/ubuntu noble-proposed/multiverse ppc64el Packages [47.7 kB] 104s Get:13 http://ftpmaster.internal/ubuntu noble-proposed/multiverse ppc64el c-n-f Metadata [116 B] 107s Fetched 9327 kB in 3s (3579 kB/s) 107s Reading package lists... 109s Reading package lists... 110s Building dependency tree... 110s Reading state information... 110s Calculating upgrade... 110s The following packages will be upgraded: 110s libselinux1 110s 1 upgraded, 0 newly installed, 0 to remove and 0 not upgraded. 110s Need to get 101 kB of archives. 110s After this operation, 0 B of additional disk space will be used. 110s Get:1 http://ftpmaster.internal/ubuntu noble-proposed/main ppc64el libselinux1 ppc64el 3.5-2ubuntu1 [101 kB] 111s Fetched 101 kB in 0s (295 kB/s) 111s (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 70095 files and directories currently installed.) 111s Preparing to unpack .../libselinux1_3.5-2ubuntu1_ppc64el.deb ... 111s Unpacking libselinux1:ppc64el (3.5-2ubuntu1) over (3.5-2build1) ... 111s Setting up libselinux1:ppc64el (3.5-2ubuntu1) ... 111s Processing triggers for libc-bin (2.39-0ubuntu2) ... 111s Reading package lists... 111s Building dependency tree... 111s Reading state information... 112s 0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded. 112s Hit:1 http://ftpmaster.internal/ubuntu noble-proposed InRelease 112s Hit:2 http://ftpmaster.internal/ubuntu noble InRelease 112s Hit:3 http://ftpmaster.internal/ubuntu noble-updates InRelease 112s Hit:4 http://ftpmaster.internal/ubuntu noble-security InRelease 113s Reading package lists... 113s Reading package lists... 114s Building dependency tree... 114s Reading state information... 114s Calculating upgrade... 114s 0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded. 114s Reading package lists... 114s Building dependency tree... 114s Reading state information... 114s 0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded. 117s autopkgtest [06:02:05]: testbed running kernel: Linux 6.8.0-11-generic #11-Ubuntu SMP Wed Feb 14 00:33:03 UTC 2024 117s autopkgtest [06:02:05]: @@@@@@@@@@@@@@@@@@@@ apt-source sssd 132s Get:1 http://ftpmaster.internal/ubuntu noble/main sssd 2.9.4-1ubuntu1 (dsc) [5269 B] 132s Get:2 http://ftpmaster.internal/ubuntu noble/main sssd 2.9.4-1ubuntu1 (tar) [7983 kB] 132s Get:3 http://ftpmaster.internal/ubuntu noble/main sssd 2.9.4-1ubuntu1 (asc) [833 B] 132s Get:4 http://ftpmaster.internal/ubuntu noble/main sssd 2.9.4-1ubuntu1 (diff) [48.4 kB] 132s gpgv: Signature made Mon Feb 26 21:56:54 2024 UTC 132s gpgv: using RSA key E92FD0B36B14F1F4D8E0EB2F106DA1C8C3CBBF14 132s gpgv: Can't check signature: No public key 132s dpkg-source: warning: cannot verify inline signature for ./sssd_2.9.4-1ubuntu1.dsc: no acceptable signature found 133s autopkgtest [06:02:21]: testing package sssd version 2.9.4-1ubuntu1 133s autopkgtest [06:02:21]: build not needed 232s autopkgtest [06:04:00]: test ldap-user-group-ldap-auth: preparing testbed 233s Reading package lists... 233s Building dependency tree... 233s Reading state information... 233s Starting pkgProblemResolver with broken count: 0 233s Starting 2 pkgProblemResolver with broken count: 0 233s Done 234s The following additional packages will be installed: 234s expect ldap-utils libavahi-client3 libavahi-common-data libavahi-common3 234s libbasicobjects0 libc-ares2 libcollection4 libcrack2 libdhash1 234s libevent-2.1-7 libini-config5 libipa-hbac-dev libipa-hbac0 libjose0 libkrad0 234s libldb2 libltdl7 libnfsidmap1 libnss-sss libnss-sudo libodbc2 234s libpam-pwquality libpam-sss libpath-utils1 libpwquality-common libpwquality1 234s libref-array1 libsmbclient libsss-certmap-dev libsss-certmap0 234s libsss-idmap-dev libsss-idmap0 libsss-nss-idmap-dev libsss-nss-idmap0 234s libsss-sudo libtalloc2 libtcl8.6 libtdb1 libtevent0 libverto-libevent1 234s libverto1 libwbclient0 python3-libipa-hbac python3-libsss-nss-idmap 234s python3-sss samba-libs slapd sssd sssd-ad sssd-ad-common sssd-common 234s sssd-dbus sssd-idp sssd-ipa sssd-kcm sssd-krb5 sssd-krb5-common sssd-ldap 234s sssd-passkey sssd-proxy sssd-tools tcl-expect tcl8.6 234s Suggested packages: 234s tk8.6 libsasl2-modules-gssapi-mit | libsasl2-modules-gssapi-heimdal 234s odbc-postgresql tdsodbc adcli libsasl2-modules-ldap tcl-tclreadline 234s Recommended packages: 234s cracklib-runtime libsasl2-modules-gssapi-mit 234s | libsasl2-modules-gssapi-heimdal 234s The following NEW packages will be installed: 234s autopkgtest-satdep expect ldap-utils libavahi-client3 libavahi-common-data 234s libavahi-common3 libbasicobjects0 libc-ares2 libcollection4 libcrack2 234s libdhash1 libevent-2.1-7 libini-config5 libipa-hbac-dev libipa-hbac0 234s libjose0 libkrad0 libldb2 libltdl7 libnfsidmap1 libnss-sss libnss-sudo 234s libodbc2 libpam-pwquality libpam-sss libpath-utils1 libpwquality-common 234s libpwquality1 libref-array1 libsmbclient libsss-certmap-dev libsss-certmap0 234s libsss-idmap-dev libsss-idmap0 libsss-nss-idmap-dev libsss-nss-idmap0 234s libsss-sudo libtalloc2 libtcl8.6 libtdb1 libtevent0 libverto-libevent1 234s libverto1 libwbclient0 python3-libipa-hbac python3-libsss-nss-idmap 234s python3-sss samba-libs slapd sssd sssd-ad sssd-ad-common sssd-common 234s sssd-dbus sssd-idp sssd-ipa sssd-kcm sssd-krb5 sssd-krb5-common sssd-ldap 234s sssd-passkey sssd-proxy sssd-tools tcl-expect tcl8.6 234s 0 upgraded, 65 newly installed, 0 to remove and 0 not upgraded. 234s Need to get 14.3 MB/14.3 MB of archives. 234s After this operation, 69.9 MB of additional disk space will be used. 234s Get:1 /tmp/autopkgtest.AyRU1c/1-autopkgtest-satdep.deb autopkgtest-satdep ppc64el 0 [868 B] 234s Get:2 http://ftpmaster.internal/ubuntu noble/main ppc64el libltdl7 ppc64el 2.4.7-7 [48.0 kB] 234s Get:3 http://ftpmaster.internal/ubuntu noble/main ppc64el libodbc2 ppc64el 2.3.12-1 [187 kB] 234s Get:4 http://ftpmaster.internal/ubuntu noble/main ppc64el slapd ppc64el 2.6.7+dfsg-1~exp1ubuntu1 [1768 kB] 235s Get:5 http://ftpmaster.internal/ubuntu noble/main ppc64el libtcl8.6 ppc64el 8.6.13+dfsg-2 [1179 kB] 235s Get:6 http://ftpmaster.internal/ubuntu noble/main ppc64el tcl8.6 ppc64el 8.6.13+dfsg-2 [14.8 kB] 235s Get:7 http://ftpmaster.internal/ubuntu noble/universe ppc64el tcl-expect ppc64el 5.45.4-2build1 [112 kB] 235s Get:8 http://ftpmaster.internal/ubuntu noble/universe ppc64el expect ppc64el 5.45.4-2build1 [137 kB] 235s Get:9 http://ftpmaster.internal/ubuntu noble/main ppc64el ldap-utils ppc64el 2.6.7+dfsg-1~exp1ubuntu1 [154 kB] 235s Get:10 http://ftpmaster.internal/ubuntu noble/main ppc64el libavahi-common-data ppc64el 0.8-13ubuntu2 [29.5 kB] 235s Get:11 http://ftpmaster.internal/ubuntu noble/main ppc64el libavahi-common3 ppc64el 0.8-13ubuntu2 [25.8 kB] 235s Get:12 http://ftpmaster.internal/ubuntu noble/main ppc64el libavahi-client3 ppc64el 0.8-13ubuntu2 [30.6 kB] 235s Get:13 http://ftpmaster.internal/ubuntu noble/main ppc64el libcrack2 ppc64el 2.9.6-5.1 [30.9 kB] 235s Get:14 http://ftpmaster.internal/ubuntu noble/main ppc64el libevent-2.1-7 ppc64el 2.1.12-stable-9 [169 kB] 235s Get:15 http://ftpmaster.internal/ubuntu noble/universe ppc64el libjose0 ppc64el 11-3 [50.3 kB] 235s Get:16 http://ftpmaster.internal/ubuntu noble/main ppc64el libverto-libevent1 ppc64el 0.3.1-1ubuntu5 [5960 B] 235s Get:17 http://ftpmaster.internal/ubuntu noble/main ppc64el libverto1 ppc64el 0.3.1-1ubuntu5 [11.6 kB] 235s Get:18 http://ftpmaster.internal/ubuntu noble/main ppc64el libkrad0 ppc64el 1.20.1-5build1 [24.3 kB] 235s Get:19 http://ftpmaster.internal/ubuntu noble/main ppc64el libtalloc2 ppc64el 2.4.2-1 [36.6 kB] 235s Get:20 http://ftpmaster.internal/ubuntu noble/main ppc64el libtdb1 ppc64el 1.4.10-1 [62.7 kB] 235s Get:21 http://ftpmaster.internal/ubuntu noble/main ppc64el libtevent0 ppc64el 0.16.1-1 [50.8 kB] 235s Get:22 http://ftpmaster.internal/ubuntu noble/main ppc64el libldb2 ppc64el 2:2.8.0+samba4.19.5+dfsg-1ubuntu1 [219 kB] 235s Get:23 http://ftpmaster.internal/ubuntu noble/main ppc64el libnfsidmap1 ppc64el 1:2.6.3-3ubuntu1 [53.0 kB] 235s Get:24 http://ftpmaster.internal/ubuntu noble/universe ppc64el libnss-sudo all 1.9.15p5-3ubuntu1 [14.9 kB] 235s Get:25 http://ftpmaster.internal/ubuntu noble/main ppc64el libpwquality-common all 1.4.5-3 [7658 B] 235s Get:26 http://ftpmaster.internal/ubuntu noble/main ppc64el libpwquality1 ppc64el 1.4.5-3 [16.9 kB] 235s Get:27 http://ftpmaster.internal/ubuntu noble/main ppc64el libpam-pwquality ppc64el 1.4.5-3 [12.5 kB] 235s Get:28 http://ftpmaster.internal/ubuntu noble/main ppc64el libwbclient0 ppc64el 2:4.19.5+dfsg-1ubuntu1 [76.5 kB] 235s Get:29 http://ftpmaster.internal/ubuntu noble/main ppc64el samba-libs ppc64el 2:4.19.5+dfsg-1ubuntu1 [6674 kB] 238s Get:30 http://ftpmaster.internal/ubuntu noble/main ppc64el libnss-sss ppc64el 2.9.4-1ubuntu1 [36.3 kB] 238s Get:31 http://ftpmaster.internal/ubuntu noble/main ppc64el libpam-sss ppc64el 2.9.4-1ubuntu1 [56.4 kB] 238s Get:32 http://ftpmaster.internal/ubuntu noble/main ppc64el python3-sss ppc64el 2.9.4-1ubuntu1 [48.0 kB] 238s Get:33 http://ftpmaster.internal/ubuntu noble/main ppc64el libc-ares2 ppc64el 1.27.0-1 [99.0 kB] 238s Get:34 http://ftpmaster.internal/ubuntu noble/main ppc64el libdhash1 ppc64el 0.6.2-2 [9830 B] 238s Get:35 http://ftpmaster.internal/ubuntu noble/main ppc64el libbasicobjects0 ppc64el 0.6.2-2 [5806 B] 238s Get:36 http://ftpmaster.internal/ubuntu noble/main ppc64el libcollection4 ppc64el 0.6.2-2 [35.3 kB] 238s Get:37 http://ftpmaster.internal/ubuntu noble/main ppc64el libpath-utils1 ppc64el 0.6.2-2 [10.2 kB] 238s Get:38 http://ftpmaster.internal/ubuntu noble/main ppc64el libref-array1 ppc64el 0.6.2-2 [7724 B] 238s Get:39 http://ftpmaster.internal/ubuntu noble/main ppc64el libini-config5 ppc64el 0.6.2-2 [53.9 kB] 238s Get:40 http://ftpmaster.internal/ubuntu noble/main ppc64el libsss-certmap0 ppc64el 2.9.4-1ubuntu1 [53.6 kB] 238s Get:41 http://ftpmaster.internal/ubuntu noble/main ppc64el libsss-idmap0 ppc64el 2.9.4-1ubuntu1 [24.7 kB] 238s Get:42 http://ftpmaster.internal/ubuntu noble/main ppc64el libsss-nss-idmap0 ppc64el 2.9.4-1ubuntu1 [37.4 kB] 238s Get:43 http://ftpmaster.internal/ubuntu noble/main ppc64el sssd-common ppc64el 2.9.4-1ubuntu1 [1280 kB] 239s Get:44 http://ftpmaster.internal/ubuntu noble/universe ppc64el sssd-idp ppc64el 2.9.4-1ubuntu1 [30.8 kB] 239s Get:45 http://ftpmaster.internal/ubuntu noble/universe ppc64el sssd-passkey ppc64el 2.9.4-1ubuntu1 [35.4 kB] 239s Get:46 http://ftpmaster.internal/ubuntu noble/main ppc64el sssd-ad-common ppc64el 2.9.4-1ubuntu1 [88.6 kB] 239s Get:47 http://ftpmaster.internal/ubuntu noble/main ppc64el sssd-krb5-common ppc64el 2.9.4-1ubuntu1 [103 kB] 239s Get:48 http://ftpmaster.internal/ubuntu noble/main ppc64el libsmbclient ppc64el 2:4.19.5+dfsg-1ubuntu1 [70.4 kB] 239s Get:49 http://ftpmaster.internal/ubuntu noble/main ppc64el sssd-ad ppc64el 2.9.4-1ubuntu1 [147 kB] 239s Get:50 http://ftpmaster.internal/ubuntu noble/main ppc64el libipa-hbac0 ppc64el 2.9.4-1ubuntu1 [17.4 kB] 239s Get:51 http://ftpmaster.internal/ubuntu noble/main ppc64el sssd-ipa ppc64el 2.9.4-1ubuntu1 [240 kB] 239s Get:52 http://ftpmaster.internal/ubuntu noble/main ppc64el sssd-krb5 ppc64el 2.9.4-1ubuntu1 [14.4 kB] 239s Get:53 http://ftpmaster.internal/ubuntu noble/main ppc64el sssd-ldap ppc64el 2.9.4-1ubuntu1 [31.6 kB] 239s Get:54 http://ftpmaster.internal/ubuntu noble/main ppc64el sssd-proxy ppc64el 2.9.4-1ubuntu1 [48.0 kB] 239s Get:55 http://ftpmaster.internal/ubuntu noble/main ppc64el sssd ppc64el 2.9.4-1ubuntu1 [4124 B] 239s Get:56 http://ftpmaster.internal/ubuntu noble/main ppc64el sssd-dbus ppc64el 2.9.4-1ubuntu1 [122 kB] 239s Get:57 http://ftpmaster.internal/ubuntu noble/universe ppc64el sssd-kcm ppc64el 2.9.4-1ubuntu1 [160 kB] 239s Get:58 http://ftpmaster.internal/ubuntu noble/main ppc64el sssd-tools ppc64el 2.9.4-1ubuntu1 [108 kB] 239s Get:59 http://ftpmaster.internal/ubuntu noble/main ppc64el libipa-hbac-dev ppc64el 2.9.4-1ubuntu1 [6666 B] 239s Get:60 http://ftpmaster.internal/ubuntu noble/main ppc64el libsss-certmap-dev ppc64el 2.9.4-1ubuntu1 [5734 B] 239s Get:61 http://ftpmaster.internal/ubuntu noble/main ppc64el libsss-idmap-dev ppc64el 2.9.4-1ubuntu1 [8380 B] 239s Get:62 http://ftpmaster.internal/ubuntu noble/main ppc64el libsss-nss-idmap-dev ppc64el 2.9.4-1ubuntu1 [6722 B] 239s Get:63 http://ftpmaster.internal/ubuntu noble/universe ppc64el libsss-sudo ppc64el 2.9.4-1ubuntu1 [22.4 kB] 239s Get:64 http://ftpmaster.internal/ubuntu noble/universe ppc64el python3-libipa-hbac ppc64el 2.9.4-1ubuntu1 [19.2 kB] 239s Get:65 http://ftpmaster.internal/ubuntu noble/universe ppc64el python3-libsss-nss-idmap ppc64el 2.9.4-1ubuntu1 [9542 B] 240s Preconfiguring packages ... 240s Fetched 14.3 MB in 5s (2611 kB/s) 240s Selecting previously unselected package libltdl7:ppc64el. 240s (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 70095 files and directories currently installed.) 240s Preparing to unpack .../00-libltdl7_2.4.7-7_ppc64el.deb ... 240s Unpacking libltdl7:ppc64el (2.4.7-7) ... 240s Selecting previously unselected package libodbc2:ppc64el. 240s Preparing to unpack .../01-libodbc2_2.3.12-1_ppc64el.deb ... 240s Unpacking libodbc2:ppc64el (2.3.12-1) ... 240s Selecting previously unselected package slapd. 240s Preparing to unpack .../02-slapd_2.6.7+dfsg-1~exp1ubuntu1_ppc64el.deb ... 240s Unpacking slapd (2.6.7+dfsg-1~exp1ubuntu1) ... 240s Selecting previously unselected package libtcl8.6:ppc64el. 240s Preparing to unpack .../03-libtcl8.6_8.6.13+dfsg-2_ppc64el.deb ... 240s Unpacking libtcl8.6:ppc64el (8.6.13+dfsg-2) ... 240s Selecting previously unselected package tcl8.6. 240s Preparing to unpack .../04-tcl8.6_8.6.13+dfsg-2_ppc64el.deb ... 240s Unpacking tcl8.6 (8.6.13+dfsg-2) ... 240s Selecting previously unselected package tcl-expect:ppc64el. 240s Preparing to unpack .../05-tcl-expect_5.45.4-2build1_ppc64el.deb ... 240s Unpacking tcl-expect:ppc64el (5.45.4-2build1) ... 240s Selecting previously unselected package expect. 240s Preparing to unpack .../06-expect_5.45.4-2build1_ppc64el.deb ... 240s Unpacking expect (5.45.4-2build1) ... 240s Selecting previously unselected package ldap-utils. 240s Preparing to unpack .../07-ldap-utils_2.6.7+dfsg-1~exp1ubuntu1_ppc64el.deb ... 240s Unpacking ldap-utils (2.6.7+dfsg-1~exp1ubuntu1) ... 240s Selecting previously unselected package libavahi-common-data:ppc64el. 240s Preparing to unpack .../08-libavahi-common-data_0.8-13ubuntu2_ppc64el.deb ... 240s Unpacking libavahi-common-data:ppc64el (0.8-13ubuntu2) ... 240s Selecting previously unselected package libavahi-common3:ppc64el. 240s Preparing to unpack .../09-libavahi-common3_0.8-13ubuntu2_ppc64el.deb ... 240s Unpacking libavahi-common3:ppc64el (0.8-13ubuntu2) ... 240s Selecting previously unselected package libavahi-client3:ppc64el. 240s Preparing to unpack .../10-libavahi-client3_0.8-13ubuntu2_ppc64el.deb ... 240s Unpacking libavahi-client3:ppc64el (0.8-13ubuntu2) ... 240s Selecting previously unselected package libcrack2:ppc64el. 240s Preparing to unpack .../11-libcrack2_2.9.6-5.1_ppc64el.deb ... 240s Unpacking libcrack2:ppc64el (2.9.6-5.1) ... 240s Selecting previously unselected package libevent-2.1-7:ppc64el. 240s Preparing to unpack .../12-libevent-2.1-7_2.1.12-stable-9_ppc64el.deb ... 240s Unpacking libevent-2.1-7:ppc64el (2.1.12-stable-9) ... 240s Selecting previously unselected package libjose0:ppc64el. 240s Preparing to unpack .../13-libjose0_11-3_ppc64el.deb ... 240s Unpacking libjose0:ppc64el (11-3) ... 240s Selecting previously unselected package libverto-libevent1:ppc64el. 240s Preparing to unpack .../14-libverto-libevent1_0.3.1-1ubuntu5_ppc64el.deb ... 240s Unpacking libverto-libevent1:ppc64el (0.3.1-1ubuntu5) ... 240s Selecting previously unselected package libverto1:ppc64el. 240s Preparing to unpack .../15-libverto1_0.3.1-1ubuntu5_ppc64el.deb ... 240s Unpacking libverto1:ppc64el (0.3.1-1ubuntu5) ... 240s Selecting previously unselected package libkrad0:ppc64el. 240s Preparing to unpack .../16-libkrad0_1.20.1-5build1_ppc64el.deb ... 240s Unpacking libkrad0:ppc64el (1.20.1-5build1) ... 240s Selecting previously unselected package libtalloc2:ppc64el. 240s Preparing to unpack .../17-libtalloc2_2.4.2-1_ppc64el.deb ... 240s Unpacking libtalloc2:ppc64el (2.4.2-1) ... 240s Selecting previously unselected package libtdb1:ppc64el. 240s Preparing to unpack .../18-libtdb1_1.4.10-1_ppc64el.deb ... 240s Unpacking libtdb1:ppc64el (1.4.10-1) ... 240s Selecting previously unselected package libtevent0:ppc64el. 240s Preparing to unpack .../19-libtevent0_0.16.1-1_ppc64el.deb ... 240s Unpacking libtevent0:ppc64el (0.16.1-1) ... 240s Selecting previously unselected package libldb2:ppc64el. 240s Preparing to unpack .../20-libldb2_2%3a2.8.0+samba4.19.5+dfsg-1ubuntu1_ppc64el.deb ... 240s Unpacking libldb2:ppc64el (2:2.8.0+samba4.19.5+dfsg-1ubuntu1) ... 240s Selecting previously unselected package libnfsidmap1:ppc64el. 240s Preparing to unpack .../21-libnfsidmap1_1%3a2.6.3-3ubuntu1_ppc64el.deb ... 240s Unpacking libnfsidmap1:ppc64el (1:2.6.3-3ubuntu1) ... 240s Selecting previously unselected package libnss-sudo. 240s Preparing to unpack .../22-libnss-sudo_1.9.15p5-3ubuntu1_all.deb ... 240s Unpacking libnss-sudo (1.9.15p5-3ubuntu1) ... 240s Selecting previously unselected package libpwquality-common. 240s Preparing to unpack .../23-libpwquality-common_1.4.5-3_all.deb ... 240s Unpacking libpwquality-common (1.4.5-3) ... 240s Selecting previously unselected package libpwquality1:ppc64el. 240s Preparing to unpack .../24-libpwquality1_1.4.5-3_ppc64el.deb ... 240s Unpacking libpwquality1:ppc64el (1.4.5-3) ... 240s Selecting previously unselected package libpam-pwquality:ppc64el. 240s Preparing to unpack .../25-libpam-pwquality_1.4.5-3_ppc64el.deb ... 240s Unpacking libpam-pwquality:ppc64el (1.4.5-3) ... 240s Selecting previously unselected package libwbclient0:ppc64el. 240s Preparing to unpack .../26-libwbclient0_2%3a4.19.5+dfsg-1ubuntu1_ppc64el.deb ... 240s Unpacking libwbclient0:ppc64el (2:4.19.5+dfsg-1ubuntu1) ... 240s Selecting previously unselected package samba-libs:ppc64el. 240s Preparing to unpack .../27-samba-libs_2%3a4.19.5+dfsg-1ubuntu1_ppc64el.deb ... 240s Unpacking samba-libs:ppc64el (2:4.19.5+dfsg-1ubuntu1) ... 241s Selecting previously unselected package libnss-sss:ppc64el. 241s Preparing to unpack .../28-libnss-sss_2.9.4-1ubuntu1_ppc64el.deb ... 241s Unpacking libnss-sss:ppc64el (2.9.4-1ubuntu1) ... 241s Selecting previously unselected package libpam-sss:ppc64el. 241s Preparing to unpack .../29-libpam-sss_2.9.4-1ubuntu1_ppc64el.deb ... 241s Unpacking libpam-sss:ppc64el (2.9.4-1ubuntu1) ... 241s Selecting previously unselected package python3-sss. 241s Preparing to unpack .../30-python3-sss_2.9.4-1ubuntu1_ppc64el.deb ... 241s Unpacking python3-sss (2.9.4-1ubuntu1) ... 241s Selecting previously unselected package libc-ares2:ppc64el. 241s Preparing to unpack .../31-libc-ares2_1.27.0-1_ppc64el.deb ... 241s Unpacking libc-ares2:ppc64el (1.27.0-1) ... 241s Selecting previously unselected package libdhash1:ppc64el. 241s Preparing to unpack .../32-libdhash1_0.6.2-2_ppc64el.deb ... 241s Unpacking libdhash1:ppc64el (0.6.2-2) ... 241s Selecting previously unselected package libbasicobjects0:ppc64el. 241s Preparing to unpack .../33-libbasicobjects0_0.6.2-2_ppc64el.deb ... 241s Unpacking libbasicobjects0:ppc64el (0.6.2-2) ... 241s Selecting previously unselected package libcollection4:ppc64el. 241s Preparing to unpack .../34-libcollection4_0.6.2-2_ppc64el.deb ... 241s Unpacking libcollection4:ppc64el (0.6.2-2) ... 241s Selecting previously unselected package libpath-utils1:ppc64el. 241s Preparing to unpack .../35-libpath-utils1_0.6.2-2_ppc64el.deb ... 241s Unpacking libpath-utils1:ppc64el (0.6.2-2) ... 241s Selecting previously unselected package libref-array1:ppc64el. 241s Preparing to unpack .../36-libref-array1_0.6.2-2_ppc64el.deb ... 241s Unpacking libref-array1:ppc64el (0.6.2-2) ... 241s Selecting previously unselected package libini-config5:ppc64el. 241s Preparing to unpack .../37-libini-config5_0.6.2-2_ppc64el.deb ... 241s Unpacking libini-config5:ppc64el (0.6.2-2) ... 241s Selecting previously unselected package libsss-certmap0. 241s Preparing to unpack .../38-libsss-certmap0_2.9.4-1ubuntu1_ppc64el.deb ... 241s Unpacking libsss-certmap0 (2.9.4-1ubuntu1) ... 241s Selecting previously unselected package libsss-idmap0. 241s Preparing to unpack .../39-libsss-idmap0_2.9.4-1ubuntu1_ppc64el.deb ... 241s Unpacking libsss-idmap0 (2.9.4-1ubuntu1) ... 241s Selecting previously unselected package libsss-nss-idmap0. 241s Preparing to unpack .../40-libsss-nss-idmap0_2.9.4-1ubuntu1_ppc64el.deb ... 241s Unpacking libsss-nss-idmap0 (2.9.4-1ubuntu1) ... 241s Selecting previously unselected package sssd-common. 241s Preparing to unpack .../41-sssd-common_2.9.4-1ubuntu1_ppc64el.deb ... 241s Unpacking sssd-common (2.9.4-1ubuntu1) ... 241s Selecting previously unselected package sssd-idp. 241s Preparing to unpack .../42-sssd-idp_2.9.4-1ubuntu1_ppc64el.deb ... 241s Unpacking sssd-idp (2.9.4-1ubuntu1) ... 241s Selecting previously unselected package sssd-passkey. 241s Preparing to unpack .../43-sssd-passkey_2.9.4-1ubuntu1_ppc64el.deb ... 241s Unpacking sssd-passkey (2.9.4-1ubuntu1) ... 241s Selecting previously unselected package sssd-ad-common. 241s Preparing to unpack .../44-sssd-ad-common_2.9.4-1ubuntu1_ppc64el.deb ... 241s Unpacking sssd-ad-common (2.9.4-1ubuntu1) ... 241s Selecting previously unselected package sssd-krb5-common. 241s Preparing to unpack .../45-sssd-krb5-common_2.9.4-1ubuntu1_ppc64el.deb ... 241s Unpacking sssd-krb5-common (2.9.4-1ubuntu1) ... 241s Selecting previously unselected package libsmbclient:ppc64el. 241s Preparing to unpack .../46-libsmbclient_2%3a4.19.5+dfsg-1ubuntu1_ppc64el.deb ... 241s Unpacking libsmbclient:ppc64el (2:4.19.5+dfsg-1ubuntu1) ... 241s Selecting previously unselected package sssd-ad. 241s Preparing to unpack .../47-sssd-ad_2.9.4-1ubuntu1_ppc64el.deb ... 241s Unpacking sssd-ad (2.9.4-1ubuntu1) ... 241s Selecting previously unselected package libipa-hbac0. 241s Preparing to unpack .../48-libipa-hbac0_2.9.4-1ubuntu1_ppc64el.deb ... 241s Unpacking libipa-hbac0 (2.9.4-1ubuntu1) ... 241s Selecting previously unselected package sssd-ipa. 241s Preparing to unpack .../49-sssd-ipa_2.9.4-1ubuntu1_ppc64el.deb ... 241s Unpacking sssd-ipa (2.9.4-1ubuntu1) ... 241s Selecting previously unselected package sssd-krb5. 241s Preparing to unpack .../50-sssd-krb5_2.9.4-1ubuntu1_ppc64el.deb ... 241s Unpacking sssd-krb5 (2.9.4-1ubuntu1) ... 241s Selecting previously unselected package sssd-ldap. 241s Preparing to unpack .../51-sssd-ldap_2.9.4-1ubuntu1_ppc64el.deb ... 241s Unpacking sssd-ldap (2.9.4-1ubuntu1) ... 241s Selecting previously unselected package sssd-proxy. 241s Preparing to unpack .../52-sssd-proxy_2.9.4-1ubuntu1_ppc64el.deb ... 241s Unpacking sssd-proxy (2.9.4-1ubuntu1) ... 241s Selecting previously unselected package sssd. 241s Preparing to unpack .../53-sssd_2.9.4-1ubuntu1_ppc64el.deb ... 241s Unpacking sssd (2.9.4-1ubuntu1) ... 241s Selecting previously unselected package sssd-dbus. 241s Preparing to unpack .../54-sssd-dbus_2.9.4-1ubuntu1_ppc64el.deb ... 241s Unpacking sssd-dbus (2.9.4-1ubuntu1) ... 241s Selecting previously unselected package sssd-kcm. 241s Preparing to unpack .../55-sssd-kcm_2.9.4-1ubuntu1_ppc64el.deb ... 241s Unpacking sssd-kcm (2.9.4-1ubuntu1) ... 241s Selecting previously unselected package sssd-tools. 241s Preparing to unpack .../56-sssd-tools_2.9.4-1ubuntu1_ppc64el.deb ... 241s Unpacking sssd-tools (2.9.4-1ubuntu1) ... 241s Selecting previously unselected package libipa-hbac-dev. 241s Preparing to unpack .../57-libipa-hbac-dev_2.9.4-1ubuntu1_ppc64el.deb ... 241s Unpacking libipa-hbac-dev (2.9.4-1ubuntu1) ... 241s Selecting previously unselected package libsss-certmap-dev. 241s Preparing to unpack .../58-libsss-certmap-dev_2.9.4-1ubuntu1_ppc64el.deb ... 241s Unpacking libsss-certmap-dev (2.9.4-1ubuntu1) ... 241s Selecting previously unselected package libsss-idmap-dev. 241s Preparing to unpack .../59-libsss-idmap-dev_2.9.4-1ubuntu1_ppc64el.deb ... 241s Unpacking libsss-idmap-dev (2.9.4-1ubuntu1) ... 241s Selecting previously unselected package libsss-nss-idmap-dev. 241s Preparing to unpack .../60-libsss-nss-idmap-dev_2.9.4-1ubuntu1_ppc64el.deb ... 241s Unpacking libsss-nss-idmap-dev (2.9.4-1ubuntu1) ... 241s Selecting previously unselected package libsss-sudo. 241s Preparing to unpack .../61-libsss-sudo_2.9.4-1ubuntu1_ppc64el.deb ... 241s Unpacking libsss-sudo (2.9.4-1ubuntu1) ... 241s Selecting previously unselected package python3-libipa-hbac. 241s Preparing to unpack .../62-python3-libipa-hbac_2.9.4-1ubuntu1_ppc64el.deb ... 241s Unpacking python3-libipa-hbac (2.9.4-1ubuntu1) ... 241s Selecting previously unselected package python3-libsss-nss-idmap. 241s Preparing to unpack .../63-python3-libsss-nss-idmap_2.9.4-1ubuntu1_ppc64el.deb ... 241s Unpacking python3-libsss-nss-idmap (2.9.4-1ubuntu1) ... 241s Selecting previously unselected package autopkgtest-satdep. 241s Preparing to unpack .../64-1-autopkgtest-satdep.deb ... 241s Unpacking autopkgtest-satdep (0) ... 241s Setting up libpwquality-common (1.4.5-3) ... 241s Setting up libpath-utils1:ppc64el (0.6.2-2) ... 241s Setting up libnfsidmap1:ppc64el (1:2.6.3-3ubuntu1) ... 241s Setting up libsss-idmap0 (2.9.4-1ubuntu1) ... 241s Setting up libbasicobjects0:ppc64el (0.6.2-2) ... 241s Setting up libsss-idmap-dev (2.9.4-1ubuntu1) ... 241s Setting up libtdb1:ppc64el (1.4.10-1) ... 241s Setting up libc-ares2:ppc64el (1.27.0-1) ... 241s Setting up ldap-utils (2.6.7+dfsg-1~exp1ubuntu1) ... 241s Setting up libjose0:ppc64el (11-3) ... 241s Setting up libwbclient0:ppc64el (2:4.19.5+dfsg-1ubuntu1) ... 241s Setting up libtalloc2:ppc64el (2.4.2-1) ... 241s Setting up libdhash1:ppc64el (0.6.2-2) ... 241s Setting up libtevent0:ppc64el (0.16.1-1) ... 241s Setting up libavahi-common-data:ppc64el (0.8-13ubuntu2) ... 241s Setting up libevent-2.1-7:ppc64el (2.1.12-stable-9) ... 241s Setting up libtcl8.6:ppc64el (8.6.13+dfsg-2) ... 241s Setting up libltdl7:ppc64el (2.4.7-7) ... 241s Setting up libcrack2:ppc64el (2.9.6-5.1) ... 241s Setting up libcollection4:ppc64el (0.6.2-2) ... 241s Setting up libodbc2:ppc64el (2.3.12-1) ... 241s Setting up libipa-hbac0 (2.9.4-1ubuntu1) ... 241s Setting up python3-libipa-hbac (2.9.4-1ubuntu1) ... 241s Setting up libref-array1:ppc64el (0.6.2-2) ... 241s Setting up libnss-sudo (1.9.15p5-3ubuntu1) ... 241s Setting up libldb2:ppc64el (2:2.8.0+samba4.19.5+dfsg-1ubuntu1) ... 241s Setting up libsss-nss-idmap0 (2.9.4-1ubuntu1) ... 241s Setting up libnss-sss:ppc64el (2.9.4-1ubuntu1) ... 241s Setting up slapd (2.6.7+dfsg-1~exp1ubuntu1) ... 242s Creating new user openldap... done. 242s Creating initial configuration... done. 242s Creating LDAP directory... done. 242s Setting up tcl8.6 (8.6.13+dfsg-2) ... 242s Setting up libsss-sudo (2.9.4-1ubuntu1) ... 242s Setting up libsss-nss-idmap-dev (2.9.4-1ubuntu1) ... 242s Setting up libipa-hbac-dev (2.9.4-1ubuntu1) ... 242s Setting up libini-config5:ppc64el (0.6.2-2) ... 242s Setting up libavahi-common3:ppc64el (0.8-13ubuntu2) ... 242s Setting up tcl-expect:ppc64el (5.45.4-2build1) ... 242s Setting up python3-sss (2.9.4-1ubuntu1) ... 242s Setting up libsss-certmap0 (2.9.4-1ubuntu1) ... 242s Setting up libpwquality1:ppc64el (1.4.5-3) ... 242s Setting up python3-libsss-nss-idmap (2.9.4-1ubuntu1) ... 242s Setting up libavahi-client3:ppc64el (0.8-13ubuntu2) ... 242s Setting up expect (5.45.4-2build1) ... 242s Setting up libpam-pwquality:ppc64el (1.4.5-3) ... 243s Setting up samba-libs:ppc64el (2:4.19.5+dfsg-1ubuntu1) ... 243s Setting up libsss-certmap-dev (2.9.4-1ubuntu1) ... 243s Setting up libsmbclient:ppc64el (2:4.19.5+dfsg-1ubuntu1) ... 243s Setting up libpam-sss:ppc64el (2.9.4-1ubuntu1) ... 243s Setting up sssd-common (2.9.4-1ubuntu1) ... 243s Creating SSSD system user & group... 243s warn: The home directory `/var/lib/sss' already exists. Not touching this directory. 243s warn: Warning: The home directory `/var/lib/sss' does not belong to the user you are currently creating. 243s Warning: found usr.sbin.sssd in /etc/apparmor.d/force-complain, forcing complain mode 243s Warning from /etc/apparmor.d/usr.sbin.sssd (/etc/apparmor.d/usr.sbin.sssd line 63): Caching disabled for: 'usr.sbin.sssd' due to force complain 243s Created symlink /etc/systemd/system/sssd.service.wants/sssd-autofs.socket → /usr/lib/systemd/system/sssd-autofs.socket. 244s Created symlink /etc/systemd/system/sssd.service.wants/sssd-nss.socket → /usr/lib/systemd/system/sssd-nss.socket. 244s Created symlink /etc/systemd/system/sssd.service.wants/sssd-pam-priv.socket → /usr/lib/systemd/system/sssd-pam-priv.socket. 244s Created symlink /etc/systemd/system/sssd.service.wants/sssd-pam.socket → /usr/lib/systemd/system/sssd-pam.socket. 244s Created symlink /etc/systemd/system/sssd.service.wants/sssd-ssh.socket → /usr/lib/systemd/system/sssd-ssh.socket. 244s Created symlink /etc/systemd/system/sssd.service.wants/sssd-sudo.socket → /usr/lib/systemd/system/sssd-sudo.socket. 245s Created symlink /etc/systemd/system/multi-user.target.wants/sssd.service → /usr/lib/systemd/system/sssd.service. 245s sssd-autofs.service is a disabled or a static unit, not starting it. 245s sssd-nss.service is a disabled or a static unit, not starting it. 245s sssd-pam.service is a disabled or a static unit, not starting it. 245s sssd-ssh.service is a disabled or a static unit, not starting it. 245s sssd-sudo.service is a disabled or a static unit, not starting it. 245s Could not execute systemctl: at /usr/bin/deb-systemd-invoke line 148. 245s Setting up sssd-proxy (2.9.4-1ubuntu1) ... 245s Setting up sssd-kcm (2.9.4-1ubuntu1) ... 245s Created symlink /etc/systemd/system/sockets.target.wants/sssd-kcm.socket → /usr/lib/systemd/system/sssd-kcm.socket. 246s sssd-kcm.service is a disabled or a static unit, not starting it. 246s Setting up sssd-dbus (2.9.4-1ubuntu1) ... 246s sssd-ifp.service is a disabled or a static unit, not starting it. 246s Setting up sssd-ad-common (2.9.4-1ubuntu1) ... 246s Created symlink /etc/systemd/system/sssd.service.wants/sssd-pac.socket → /usr/lib/systemd/system/sssd-pac.socket. 247s sssd-pac.service is a disabled or a static unit, not starting it. 247s Could not execute systemctl: at /usr/bin/deb-systemd-invoke line 148. 247s Setting up sssd-krb5-common (2.9.4-1ubuntu1) ... 247s Setting up sssd-krb5 (2.9.4-1ubuntu1) ... 247s Setting up sssd-ldap (2.9.4-1ubuntu1) ... 247s Setting up sssd-ad (2.9.4-1ubuntu1) ... 247s Setting up sssd-tools (2.9.4-1ubuntu1) ... 247s Setting up sssd-ipa (2.9.4-1ubuntu1) ... 247s Setting up sssd (2.9.4-1ubuntu1) ... 247s Setting up libverto-libevent1:ppc64el (0.3.1-1ubuntu5) ... 247s Setting up libverto1:ppc64el (0.3.1-1ubuntu5) ... 247s Setting up libkrad0:ppc64el (1.20.1-5build1) ... 247s Setting up sssd-passkey (2.9.4-1ubuntu1) ... 247s Setting up sssd-idp (2.9.4-1ubuntu1) ... 247s Setting up autopkgtest-satdep (0) ... 247s Processing triggers for libc-bin (2.39-0ubuntu2) ... 247s Processing triggers for ufw (0.36.2-5) ... 247s Processing triggers for man-db (2.12.0-3) ... 248s Processing triggers for dbus (1.14.10-4ubuntu1) ... 257s (Reading database ... 71380 files and directories currently installed.) 257s Removing autopkgtest-satdep (0) ... 258s autopkgtest [06:04:26]: test ldap-user-group-ldap-auth: [----------------------- 258s + . debian/tests/util 258s + . debian/tests/common-tests 258s + mydomain=example.com 258s + myhostname=ldap.example.com 258s + mysuffix=dc=example,dc=com 258s + admin_dn=cn=admin,dc=example,dc=com 258s + admin_pw=secret 258s + ldap_user=testuser1 258s + ldap_user_pw=testuser1secret 258s + ldap_group=ldapusers 258s + adjust_hostname ldap.example.com 258s + local myhostname=ldap.example.com 258s + echo ldap.example.com 258s + hostname ldap.example.com 258s + grep -qE ldap.example.com /etc/hosts 258s + echo 127.0.1.10 ldap.example.com 258s + reconfigure_slapd 258s + debconf-set-selections 258s + rm -rf /var/backups/*slapd* /var/backups/unknown*ldapdb 258s + dpkg-reconfigure -fnoninteractive -pcritical slapd 259s Backing up /etc/ldap/slapd.d in /var/backups/slapd-2.6.7+dfsg-1~exp1ubuntu1... done. 259s Moving old database directory to /var/backups: 259s - directory unknown... done. 259s Creating initial configuration... done. 259s Creating LDAP directory... done. 259s + generate_certs ldap.example.com 259s + local cn=ldap.example.com 259s + local cert=/etc/ldap/server.pem 259s + local key=/etc/ldap/server.key 259s + local cnf=/etc/ldap/openssl.cnf 259s + cat 259s + openssl req -new -x509 -nodes -out /etc/ldap/server.pem -keyout /etc/ldap/server.key -config /etc/ldap/openssl.cnf 259s ...++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 259s .........+++++++++++++++++++++++++++++++++++++++++++++modifying entry "cn=config" 259s 259s adding new entry "ou=People,dc=example,dc=com" 259s 259s adding new entry "ou=Group,dc=example,dc=com" 259s 259s adding new entry "uid=testuser1,ou=People,dc=example,dc=com" 259s 259s adding new entry "cn=testuser1,ou=Group,dc=example,dc=com" 259s 259s adding new entry "cn=ldapusers,ou=Group,dc=example,dc=com" 259s 259s +++++++++++++++++++ 259s ----- 259s + chmod 0640 /etc/ldap/server.key 259s + chgrp openldap /etc/ldap/server.key 259s + [ ! -f /etc/ldap/server.pem ] 259s + [ ! -f /etc/ldap/server.key ] 259s + enable_ldap_ssl 259s + cat 259s + cat 259s + ldapmodify -H ldapi:/// -Y EXTERNAL -Q 259s + populate_ldap_rfc2307 259s + cat 259s + ldapadd -x -D cn=admin,dc=example,dc=com -w secret 259s + configure_sssd_ldap_rfc2307 259s + cat 259s + chmod 0600 /etc/sssd/sssd.conf 259s + systemctl restart sssd 259s + enable_pam_mkhomedir 259s + grep -qE ^session.*pam_mkhomedir\.so /etc/pam.d/common-session 259s Assert local user databases do not have our LDAP test data 259s + echo session optional pam_mkhomedir.so 259s + run_common_tests 259s + echo Assert local user databases do not have our LDAP test data 259s + check_local_user testuser1 259s + local local_user=testuser1 259s + grep -q ^testuser1 /etc/passwd 259s + check_local_group testuser1 259s + local local_group=testuser1 259s + grep -q ^testuser1 /etc/group 259s + check_local_group ldapusers 259s + local local_group=ldapusers 259s + grep -q ^ldapusers /etc/group 259s The LDAP user is known to the system via getent 259s + echo The LDAP user is known to the system via getent 259s + check_getent_user testuser1 259s + local getent_user=testuser1 259s + local output 259s + getent passwd testuser1 259s The LDAP user's private group is known to the system via getent 259s + output=testuser1:*:10001:10001:testuser1:/home/testuser1:/bin/bash 259s + [ -z testuser1:*:10001:10001:testuser1:/home/testuser1:/bin/bash ] 259s + echo The LDAP user's private group is known to the system via getent 259s + check_getent_group testuser1 259s + local getent_group=testuser1 259s + local output 259s + getent group testuser1 259s The LDAP group ldapusers is known to the system via getent 259s + output=testuser1:*:10001:testuser1 259s + [ -z testuser1:*:10001:testuser1 ] 259s + echo The LDAP group ldapusers is known to the system via getent 259s + check_getent_group ldapusers 259s + local getent_group=ldapusers 259s + local output 259s + getent group ldapusers 260s The id(1) command can resolve the group membership of the LDAP user 260s + output=ldapusers:*:10100:testuser1 260s + [ -z ldapusers:*:10100:testuser1 ] 260s + echo The id(1) command can resolve the group membership of the LDAP user 260s + id -Gn testuser1 260s + output=testuser1 ldapusers 260s + [ testuser1 ldapusers != testuser1 ldapusers ] 260s The LDAP user can login on a terminal 260s spawn login 260s ldap.example.com login: testuser1 260s Password: 260s + echo The LDAP user can login on a terminal 260s + /usr/bin/expect -f debian/tests/login.exp testuser1 testuser1secret 260s Welcome to Ubuntu Noble Numbat (development branch) (GNU/Linux 6.8.0-11-generic ppc64le) 260s 260s * Documentation: https://help.ubuntu.com 260s * Management: https://landscape.canonical.com 260s * Support: https://ubuntu.com/pro 260s 260s * Strictly confined Kubernetes makes edge and IoT secure. Learn how MicroK8s 260s just raised the bar for easy, resilient and secure K8s cluster deployment. 260s 260s https://ubuntu.com/engage/secure-kubernetes-at-the-edge 260s 260s The programs included with the Ubuntu system are free software; 260s the exact distribution terms for each program are described in the 260s individual files in /usr/share/doc/*/copyright. 260s 260s Ubuntu comes with ABSOLUTELY NO WARRANTY, to the extent permitted by 260s applicable law. 260s 260s 260s The programs included with the Ubuntu system are free software; 260s the exact distribution terms for each program are described in the 260s individual files in /usr/share/doc/*/copyright. 260s 260s Ubuntu comes with ABSOLUTELY NO WARRANTY, to the extent permitted by 260s applicable law. 260s 260s Creating directory '/home/testuser1'. 260s [?2004htestuser1@ldap:~$ id -un 260s [?2004l testuser1 260s [?2004htestuser1@ldap:~$ autopkgtest [06:04:28]: test ldap-user-group-ldap-auth: -----------------------] 261s autopkgtest [06:04:29]: test ldap-user-group-ldap-auth: - - - - - - - - - - results - - - - - - - - - - 261s ldap-user-group-ldap-auth PASS 261s autopkgtest [06:04:29]: test ldap-user-group-krb5-auth: preparing testbed 263s Reading package lists... 263s Building dependency tree... 263s Reading state information... 264s Starting pkgProblemResolver with broken count: 0 264s Starting 2 pkgProblemResolver with broken count: 0 264s Done 264s The following additional packages will be installed: 264s krb5-admin-server krb5-config krb5-kdc krb5-user libgssrpc4 264s libkadm5clnt-mit12 libkadm5srv-mit12 libkdb5-10 264s Suggested packages: 264s krb5-kdc-ldap krb5-kpropd krb5-k5tls krb5-doc 264s The following NEW packages will be installed: 264s autopkgtest-satdep krb5-admin-server krb5-config krb5-kdc krb5-user 264s libgssrpc4 libkadm5clnt-mit12 libkadm5srv-mit12 libkdb5-10 264s 0 upgraded, 9 newly installed, 0 to remove and 0 not upgraded. 264s Need to get 669 kB/670 kB of archives. 264s After this operation, 3104 kB of additional disk space will be used. 264s Get:1 /tmp/autopkgtest.AyRU1c/2-autopkgtest-satdep.deb autopkgtest-satdep ppc64el 0 [884 B] 264s Get:2 http://ftpmaster.internal/ubuntu noble/main ppc64el krb5-config all 2.7 [22.0 kB] 264s Get:3 http://ftpmaster.internal/ubuntu noble/main ppc64el libgssrpc4 ppc64el 1.20.1-5build1 [64.3 kB] 265s Get:4 http://ftpmaster.internal/ubuntu noble/main ppc64el libkadm5clnt-mit12 ppc64el 1.20.1-5build1 [43.7 kB] 265s Get:5 http://ftpmaster.internal/ubuntu noble/main ppc64el libkdb5-10 ppc64el 1.20.1-5build1 [46.3 kB] 265s Get:6 http://ftpmaster.internal/ubuntu noble/main ppc64el libkadm5srv-mit12 ppc64el 1.20.1-5build1 [60.8 kB] 265s Get:7 http://ftpmaster.internal/ubuntu noble/universe ppc64el krb5-user ppc64el 1.20.1-5build1 [117 kB] 266s Get:8 http://ftpmaster.internal/ubuntu noble/universe ppc64el krb5-kdc ppc64el 1.20.1-5build1 [207 kB] 267s Get:9 http://ftpmaster.internal/ubuntu noble/universe ppc64el krb5-admin-server ppc64el 1.20.1-5build1 [108 kB] 267s Preconfiguring packages ... 268s Fetched 669 kB in 3s (225 kB/s) 268s Selecting previously unselected package krb5-config. 268s (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 71380 files and directories currently installed.) 268s Preparing to unpack .../0-krb5-config_2.7_all.deb ... 268s Unpacking krb5-config (2.7) ... 268s Selecting previously unselected package libgssrpc4:ppc64el. 268s Preparing to unpack .../1-libgssrpc4_1.20.1-5build1_ppc64el.deb ... 268s Unpacking libgssrpc4:ppc64el (1.20.1-5build1) ... 268s Selecting previously unselected package libkadm5clnt-mit12:ppc64el. 268s Preparing to unpack .../2-libkadm5clnt-mit12_1.20.1-5build1_ppc64el.deb ... 268s Unpacking libkadm5clnt-mit12:ppc64el (1.20.1-5build1) ... 268s Selecting previously unselected package libkdb5-10:ppc64el. 268s Preparing to unpack .../3-libkdb5-10_1.20.1-5build1_ppc64el.deb ... 268s Unpacking libkdb5-10:ppc64el (1.20.1-5build1) ... 268s Selecting previously unselected package libkadm5srv-mit12:ppc64el. 268s Preparing to unpack .../4-libkadm5srv-mit12_1.20.1-5build1_ppc64el.deb ... 268s Unpacking libkadm5srv-mit12:ppc64el (1.20.1-5build1) ... 268s Selecting previously unselected package krb5-user. 268s Preparing to unpack .../5-krb5-user_1.20.1-5build1_ppc64el.deb ... 268s Unpacking krb5-user (1.20.1-5build1) ... 268s Selecting previously unselected package krb5-kdc. 268s Preparing to unpack .../6-krb5-kdc_1.20.1-5build1_ppc64el.deb ... 268s Unpacking krb5-kdc (1.20.1-5build1) ... 268s Selecting previously unselected package krb5-admin-server. 268s Preparing to unpack .../7-krb5-admin-server_1.20.1-5build1_ppc64el.deb ... 268s Unpacking krb5-admin-server (1.20.1-5build1) ... 268s Selecting previously unselected package autopkgtest-satdep. 268s Preparing to unpack .../8-2-autopkgtest-satdep.deb ... 268s Unpacking autopkgtest-satdep (0) ... 268s Setting up libgssrpc4:ppc64el (1.20.1-5build1) ... 268s Setting up krb5-config (2.7) ... 269s Setting up libkadm5clnt-mit12:ppc64el (1.20.1-5build1) ... 269s Setting up libkdb5-10:ppc64el (1.20.1-5build1) ... 269s Setting up libkadm5srv-mit12:ppc64el (1.20.1-5build1) ... 269s Setting up krb5-user (1.20.1-5build1) ... 269s update-alternatives: using /usr/bin/kinit.mit to provide /usr/bin/kinit (kinit) in auto mode 269s update-alternatives: using /usr/bin/klist.mit to provide /usr/bin/klist (klist) in auto mode 269s update-alternatives: using /usr/bin/kswitch.mit to provide /usr/bin/kswitch (kswitch) in auto mode 269s update-alternatives: using /usr/bin/ksu.mit to provide /usr/bin/ksu (ksu) in auto mode 269s update-alternatives: using /usr/bin/kpasswd.mit to provide /usr/bin/kpasswd (kpasswd) in auto mode 269s update-alternatives: using /usr/bin/kdestroy.mit to provide /usr/bin/kdestroy (kdestroy) in auto mode 269s update-alternatives: using /usr/bin/kadmin.mit to provide /usr/bin/kadmin (kadmin) in auto mode 269s update-alternatives: using /usr/bin/ktutil.mit to provide /usr/bin/ktutil (ktutil) in auto mode 269s Setting up krb5-kdc (1.20.1-5build1) ... 269s Created symlink /etc/systemd/system/multi-user.target.wants/krb5-kdc.service → /usr/lib/systemd/system/krb5-kdc.service. 270s Could not execute systemctl: at /usr/bin/deb-systemd-invoke line 148. 270s Setting up krb5-admin-server (1.20.1-5build1) ... 270s Created symlink /etc/systemd/system/multi-user.target.wants/krb5-admin-server.service → /usr/lib/systemd/system/krb5-admin-server.service. 271s Setting up autopkgtest-satdep (0) ... 271s Processing triggers for man-db (2.12.0-3) ... 271s Processing triggers for libc-bin (2.39-0ubuntu2) ... 280s (Reading database ... 71473 files and directories currently installed.) 280s Removing autopkgtest-satdep (0) ... 281s autopkgtest [06:04:49]: test ldap-user-group-krb5-auth: [----------------------- 281s + . debian/tests/util 281s + . debian/tests/common-tests 281s + mydomain=example.com 281s + myhostname=ldap.example.com 281s + mysuffix=dc=example,dc=com 281s + myrealm=EXAMPLE.COM 281s + admin_dn=cn=admin,dc=example,dc=com 281s + admin_pw=secret 281s + ldap_user=testuser1 281s + ldap_user_pw=testuser1secret 281s + kerberos_principal_pw=testuser1kerberos 281s + ldap_group=ldapusers 281s + adjust_hostname ldap.example.com 281s + local myhostname=ldap.example.com 281s + echo ldap.example.com 281s + hostname ldap.example.com 281s + grep -qE ldap.example.com /etc/hosts 281s + reconfigure_slapd 281s + debconf-set-selections 281s + rm -rf /var/backups/slapd-2.6.7+dfsg-1~exp1ubuntu1 /var/backups/unknown-2.6.7+dfsg-1~exp1ubuntu1-20240320-060427.ldapdb 281s + dpkg-reconfigure -fnoninteractive -pcritical slapd 281s Backing up /etc/ldap/slapd.d in /var/backups/slapd-2.6.7+dfsg-1~exp1ubuntu1... done. 281s Moving old database directory to /var/backups: 281s - directory unknown... done. 281s Creating initial configuration... done. 282s Creating LDAP directory... done. 282s + generate_certs ldap.example.com 282s + local cn=ldap.example.com 282s + local cert=/etc/ldap/server.pem 282s + local key=/etc/ldap/server.key 282s + local cnf=/etc/ldap/openssl.cnf 282s + cat 282s modifying entry "cn=config" 282s 282s adding new entry "ou=People,dc=example,dc=com" 282s 282s adding new entry "ou=Group,dc=example,dc=com" 282s 282s adding new entry "uid=testuser1,ou=People,dc=example,dc=com" 282s 282s adding new entry "cn=testuser1,ou=Group,dc=example,dc=com" 282s 282s adding new entry "cn=ldapusers,ou=Group,dc=example,dc=com" 282s 282s Initializing database '/var/lib/krb5kdc/principal' for realm 'EXAMPLE.COM', 282s master key name 'K/M@EXAMPLE.COM' 282s + openssl req -new -x509 -nodes -out /etc/ldap/server.pem -keyout /etc/ldap/server.key -config /etc/ldap/openssl.cnf 282s .........++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 282s .............................++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 282s ----- 282s + chmod 0640 /etc/ldap/server.key 282s + chgrp openldap /etc/ldap/server.key 282s + [ ! -f /etc/ldap/server.pem ] 282s + [ ! -f /etc/ldap/server.key ] 282s + enable_ldap_ssl 282s + cat 282s + cat 282s + ldapmodify -H ldapi:/// -Y EXTERNAL -Q 282s + populate_ldap_rfc2307 282s + cat 282s + ldapadd -x -D cn=admin,dc=example,dc=com -w secret 282s + create_realm EXAMPLE.COM ldap.example.com 282s + local realm_name=EXAMPLE.COM 282s + local kerberos_server=ldap.example.com 282s + rm -rf /var/lib/krb5kdc/* 282s + rm -rf /etc/krb5kdc/kdc.conf 282s + rm -f /etc/krb5.keytab 282s + cat 282s + cat 282s + echo # */admin * 282s + kdb5_util create -s -P secretpassword 282s + systemctl restart krb5-kdc.service krb5-admin-server.service 282s + create_krb_principal testuser1 testuser1kerberos 282s + local principal=testuser1 282s + local password=testuser1kerberos 282s + kadmin.local -q addprinc -pw testuser1kerberos testuser1 282s No policy specified for testuser1@EXAMPLE.COM; defaulting to no policy 282s Authenticating as principal root/admin@EXAMPLE.COM with password. 282s Principal "testuser1@EXAMPLE.COM" created. 282s + configure_sssd_ldap_rfc2307_krb5_auth 282s + cat 282s + chmod 0600 /etc/sssd/sssd.conf 282s + systemctl restart sssd 282s + enable_pam_mkhomedir 282s + grep -qE ^session.*pam_mkhomedir\.so /etc/pam.d/common-session 282s + run_common_tests 282s + echo Assert local user databases do not have our LDAP test dataAssert local user databases do not have our LDAP test data 282s 282s + check_local_user testuser1 282s + local local_user=testuser1 282s + grep -q ^testuser1 /etc/passwd 282s + check_local_group testuser1 282s + local local_group=testuser1 282s + grep -q ^testuser1 /etc/group 282s + check_local_group ldapusers 282s + local local_group=ldapusers 282s + grep -q ^ldapusers /etc/group 282s + echoThe LDAP user is known to the system via getent 282s The LDAP user is known to the system via getent 282s + check_getent_user testuser1 282s + local getent_user=testuser1 282s + local output 282s + getent passwd testuser1 282s + output=testuser1:*:10001:10001:testuser1:/home/testuser1:/bin/bash 282s + [ -z testuser1:*:10001:10001:testuser1:/home/testuser1:/bin/bash ] 282s + echo The LDAP user's private group is known to the system via getent 282s + check_getent_group testuser1 282s + local getent_group=testuser1 282s + local output 282s The LDAP user's private group is known to the system via getent 282s + getent group testuser1 282s The LDAP group ldapusers is known to the system via getent 282s + output=testuser1:*:10001:testuser1 282s + [ -z testuser1:*:10001:testuser1 ] 282s + echo The LDAP group ldapusers is known to the system via getent 282s + check_getent_group ldapusers 282s + local getent_group=ldapusers 282s + local output 282s + getent group ldapusers 282s + output=ldapusers:*:10100:testuser1 282s + [ -zThe id(1) command can resolve the group membership of the LDAP user 282s ldapusers:*:10100:testuser1 ] 282s + echo The id(1) command can resolve the group membership of the LDAP user 282s + id -Gn testuser1 282s + output=testuser1 ldapusers 282s + [ testuser1 ldapusers != testuser1 ldapusers ] 282s + echo The Kerberos principal can login on a terminal 282s The Kerberos principal can login on a terminal 282s + kdestroy 282s + /usr/bin/expect -f debian/tests/login.exp testuser1 testuser1kerberos testuser1@EXAMPLE.COM 282s spawn login 282s ldap.example.com login: testuser1 282s Password: 283s Welcome to Ubuntu Noble Numbat (development branch) (GNU/Linux 6.8.0-11-generic ppc64le) 283s 283s * Documentation: https://help.ubuntu.com 283s * Management: https://landscape.canonical.com 283s * Support: https://ubuntu.com/pro 283s 283s * Strictly confined Kubernetes makes edge and IoT secure. Learn how MicroK8s 283s just raised the bar for easy, resilient and secure K8s cluster deployment. 283s 283s https://ubuntu.com/engage/secure-kubernetes-at-the-edge 283s 283s The programs included with the Ubuntu system are free software; 283s the exact distribution terms for each program are described in the 283s individual files in /usr/share/doc/*/copyright. 283s 283s Ubuntu comes with ABSOLUTELY NO WARRANTY, to the extent permitted by 283s applicable law. 283s 283s Last login: Wed Mar 20 06:04:28 UTC 2024 on pts/0 283s [?2004htestuser1@ldap:~$ id -un 283s [?2004l testuser1 283s [?2004htestuser1@ldap:~$ klist 283s [?2004l Ticket cache: FILE:/tmp/krb5cc_10001_GGlVTO 283s Default principal: testuser1@EXAMPLE.COMautopkgtest [06:04:51]: test ldap-user-group-krb5-auth: -----------------------] 284s autopkgtest [06:04:52]: test ldap-user-group-krb5-auth: - - - - - - - - - - results - - - - - - - - - - 284s ldap-user-group-krb5-auth PASS 284s autopkgtest [06:04:52]: test sssd-softhism2-certificates-tests.sh: preparing testbed 455s autopkgtest [06:07:43]: testbed dpkg architecture: ppc64el 455s autopkgtest [06:07:43]: testbed apt version: 2.7.12 455s autopkgtest [06:07:43]: @@@@@@@@@@@@@@@@@@@@ test bed setup 456s Get:1 http://ftpmaster.internal/ubuntu noble-proposed InRelease [117 kB] 457s Get:2 http://ftpmaster.internal/ubuntu noble-proposed/main Sources [497 kB] 457s Get:3 http://ftpmaster.internal/ubuntu noble-proposed/universe Sources [3757 kB] 458s Get:4 http://ftpmaster.internal/ubuntu noble-proposed/multiverse Sources [52.7 kB] 458s Get:5 http://ftpmaster.internal/ubuntu noble-proposed/restricted Sources [6540 B] 458s Get:6 http://ftpmaster.internal/ubuntu noble-proposed/main ppc64el Packages [660 kB] 458s Get:7 http://ftpmaster.internal/ubuntu noble-proposed/main ppc64el c-n-f Metadata [3116 B] 458s Get:8 http://ftpmaster.internal/ubuntu noble-proposed/restricted ppc64el Packages [1372 B] 458s Get:9 http://ftpmaster.internal/ubuntu noble-proposed/restricted ppc64el c-n-f Metadata [116 B] 458s Get:10 http://ftpmaster.internal/ubuntu noble-proposed/universe ppc64el Packages [4177 kB] 459s Get:11 http://ftpmaster.internal/ubuntu noble-proposed/universe ppc64el c-n-f Metadata [8652 B] 459s Get:12 http://ftpmaster.internal/ubuntu noble-proposed/multiverse ppc64el Packages [47.7 kB] 459s Get:13 http://ftpmaster.internal/ubuntu noble-proposed/multiverse ppc64el c-n-f Metadata [116 B] 462s Fetched 9327 kB in 3s (2827 kB/s) 462s Reading package lists... 465s Reading package lists... 465s Building dependency tree... 465s Reading state information... 465s Calculating upgrade... 466s The following packages will be upgraded: 466s libselinux1 466s 1 upgraded, 0 newly installed, 0 to remove and 0 not upgraded. 466s Need to get 101 kB of archives. 466s After this operation, 0 B of additional disk space will be used. 466s Get:1 http://ftpmaster.internal/ubuntu noble-proposed/main ppc64el libselinux1 ppc64el 3.5-2ubuntu1 [101 kB] 466s Fetched 101 kB in 0s (241 kB/s) 466s (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 70095 files and directories currently installed.) 466s Preparing to unpack .../libselinux1_3.5-2ubuntu1_ppc64el.deb ... 466s Unpacking libselinux1:ppc64el (3.5-2ubuntu1) over (3.5-2build1) ... 466s Setting up libselinux1:ppc64el (3.5-2ubuntu1) ... 466s Processing triggers for libc-bin (2.39-0ubuntu2) ... 467s Reading package lists... 467s Building dependency tree... 467s Reading state information... 467s 0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded. 468s Hit:1 http://ftpmaster.internal/ubuntu noble-proposed InRelease 468s Hit:2 http://ftpmaster.internal/ubuntu noble InRelease 468s Hit:3 http://ftpmaster.internal/ubuntu noble-updates InRelease 468s Hit:4 http://ftpmaster.internal/ubuntu noble-security InRelease 469s Reading package lists... 470s Reading package lists... 470s Building dependency tree... 470s Reading state information... 470s Calculating upgrade... 470s 0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded. 470s Reading package lists... 471s Building dependency tree... 471s Reading state information... 471s 0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded. 477s Reading package lists... 477s Building dependency tree... 477s Reading state information... 478s Starting pkgProblemResolver with broken count: 0 478s Starting 2 pkgProblemResolver with broken count: 0 478s Done 478s The following additional packages will be installed: 478s gnutls-bin libavahi-client3 libavahi-common-data libavahi-common3 478s libbasicobjects0 libc-ares2 libcollection4 libcrack2 libdhash1 478s libevent-2.1-7 libgnutls-dane0 libini-config5 libipa-hbac0 libldb2 478s libnfsidmap1 libnss-sss libpam-pwquality libpam-sss libpath-utils1 478s libpwquality-common libpwquality1 libref-array1 libsmbclient libsofthsm2 478s libsss-certmap0 libsss-idmap0 libsss-nss-idmap0 libtalloc2 libtdb1 478s libtevent0 libunbound8 libwbclient0 python3-sss samba-libs softhsm2 478s softhsm2-common sssd sssd-ad sssd-ad-common sssd-common sssd-ipa sssd-krb5 478s sssd-krb5-common sssd-ldap sssd-proxy 478s Suggested packages: 478s dns-root-data adcli libsss-sudo sssd-tools libsasl2-modules-ldap 478s Recommended packages: 478s cracklib-runtime libsasl2-modules-gssapi-mit 478s | libsasl2-modules-gssapi-heimdal ldap-utils 478s The following NEW packages will be installed: 478s autopkgtest-satdep gnutls-bin libavahi-client3 libavahi-common-data 478s libavahi-common3 libbasicobjects0 libc-ares2 libcollection4 libcrack2 478s libdhash1 libevent-2.1-7 libgnutls-dane0 libini-config5 libipa-hbac0 libldb2 478s libnfsidmap1 libnss-sss libpam-pwquality libpam-sss libpath-utils1 478s libpwquality-common libpwquality1 libref-array1 libsmbclient libsofthsm2 478s libsss-certmap0 libsss-idmap0 libsss-nss-idmap0 libtalloc2 libtdb1 478s libtevent0 libunbound8 libwbclient0 python3-sss samba-libs softhsm2 478s softhsm2-common sssd sssd-ad sssd-ad-common sssd-common sssd-ipa sssd-krb5 478s sssd-krb5-common sssd-ldap sssd-proxy 478s 0 upgraded, 46 newly installed, 0 to remove and 0 not upgraded. 478s Need to get 11.4 MB/11.4 MB of archives. 478s After this operation, 56.9 MB of additional disk space will be used. 478s Get:1 /tmp/autopkgtest.AyRU1c/3-autopkgtest-satdep.deb autopkgtest-satdep ppc64el 0 [752 B] 478s Get:2 http://ftpmaster.internal/ubuntu noble/main ppc64el libevent-2.1-7 ppc64el 2.1.12-stable-9 [169 kB] 479s Get:3 http://ftpmaster.internal/ubuntu noble/main ppc64el libunbound8 ppc64el 1.19.1-1ubuntu1 [537 kB] 479s Get:4 http://ftpmaster.internal/ubuntu noble/main ppc64el libgnutls-dane0 ppc64el 3.8.3-1ubuntu1 [24.5 kB] 479s Get:5 http://ftpmaster.internal/ubuntu noble/universe ppc64el gnutls-bin ppc64el 3.8.3-1ubuntu1 [290 kB] 479s Get:6 http://ftpmaster.internal/ubuntu noble/main ppc64el libavahi-common-data ppc64el 0.8-13ubuntu2 [29.5 kB] 479s Get:7 http://ftpmaster.internal/ubuntu noble/main ppc64el libavahi-common3 ppc64el 0.8-13ubuntu2 [25.8 kB] 479s Get:8 http://ftpmaster.internal/ubuntu noble/main ppc64el libavahi-client3 ppc64el 0.8-13ubuntu2 [30.6 kB] 479s Get:9 http://ftpmaster.internal/ubuntu noble/main ppc64el libcrack2 ppc64el 2.9.6-5.1 [30.9 kB] 479s Get:10 http://ftpmaster.internal/ubuntu noble/main ppc64el libtalloc2 ppc64el 2.4.2-1 [36.6 kB] 479s Get:11 http://ftpmaster.internal/ubuntu noble/main ppc64el libtdb1 ppc64el 1.4.10-1 [62.7 kB] 479s Get:12 http://ftpmaster.internal/ubuntu noble/main ppc64el libtevent0 ppc64el 0.16.1-1 [50.8 kB] 479s Get:13 http://ftpmaster.internal/ubuntu noble/main ppc64el libldb2 ppc64el 2:2.8.0+samba4.19.5+dfsg-1ubuntu1 [219 kB] 479s Get:14 http://ftpmaster.internal/ubuntu noble/main ppc64el libnfsidmap1 ppc64el 1:2.6.3-3ubuntu1 [53.0 kB] 479s Get:15 http://ftpmaster.internal/ubuntu noble/main ppc64el libpwquality-common all 1.4.5-3 [7658 B] 479s Get:16 http://ftpmaster.internal/ubuntu noble/main ppc64el libpwquality1 ppc64el 1.4.5-3 [16.9 kB] 479s Get:17 http://ftpmaster.internal/ubuntu noble/main ppc64el libpam-pwquality ppc64el 1.4.5-3 [12.5 kB] 479s Get:18 http://ftpmaster.internal/ubuntu noble/main ppc64el libwbclient0 ppc64el 2:4.19.5+dfsg-1ubuntu1 [76.5 kB] 479s Get:19 http://ftpmaster.internal/ubuntu noble/main ppc64el samba-libs ppc64el 2:4.19.5+dfsg-1ubuntu1 [6674 kB] 480s Get:20 http://ftpmaster.internal/ubuntu noble/universe ppc64el softhsm2-common ppc64el 2.6.1-2.2 [5810 B] 480s Get:21 http://ftpmaster.internal/ubuntu noble/universe ppc64el libsofthsm2 ppc64el 2.6.1-2.2 [294 kB] 480s Get:22 http://ftpmaster.internal/ubuntu noble/universe ppc64el softhsm2 ppc64el 2.6.1-2.2 [196 kB] 480s Get:23 http://ftpmaster.internal/ubuntu noble/main ppc64el python3-sss ppc64el 2.9.4-1ubuntu1 [48.0 kB] 480s Get:24 http://ftpmaster.internal/ubuntu noble/main ppc64el libsss-idmap0 ppc64el 2.9.4-1ubuntu1 [24.7 kB] 480s Get:25 http://ftpmaster.internal/ubuntu noble/main ppc64el libnss-sss ppc64el 2.9.4-1ubuntu1 [36.3 kB] 480s Get:26 http://ftpmaster.internal/ubuntu noble/main ppc64el libpam-sss ppc64el 2.9.4-1ubuntu1 [56.4 kB] 480s Get:27 http://ftpmaster.internal/ubuntu noble/main ppc64el libc-ares2 ppc64el 1.27.0-1 [99.0 kB] 480s Get:28 http://ftpmaster.internal/ubuntu noble/main ppc64el libdhash1 ppc64el 0.6.2-2 [9830 B] 480s Get:29 http://ftpmaster.internal/ubuntu noble/main ppc64el libbasicobjects0 ppc64el 0.6.2-2 [5806 B] 480s Get:30 http://ftpmaster.internal/ubuntu noble/main ppc64el libcollection4 ppc64el 0.6.2-2 [35.3 kB] 480s Get:31 http://ftpmaster.internal/ubuntu noble/main ppc64el libpath-utils1 ppc64el 0.6.2-2 [10.2 kB] 480s Get:32 http://ftpmaster.internal/ubuntu noble/main ppc64el libref-array1 ppc64el 0.6.2-2 [7724 B] 480s Get:33 http://ftpmaster.internal/ubuntu noble/main ppc64el libini-config5 ppc64el 0.6.2-2 [53.9 kB] 480s Get:34 http://ftpmaster.internal/ubuntu noble/main ppc64el libsss-certmap0 ppc64el 2.9.4-1ubuntu1 [53.6 kB] 480s Get:35 http://ftpmaster.internal/ubuntu noble/main ppc64el libsss-nss-idmap0 ppc64el 2.9.4-1ubuntu1 [37.4 kB] 480s Get:36 http://ftpmaster.internal/ubuntu noble/main ppc64el sssd-common ppc64el 2.9.4-1ubuntu1 [1280 kB] 480s Get:37 http://ftpmaster.internal/ubuntu noble/main ppc64el sssd-ad-common ppc64el 2.9.4-1ubuntu1 [88.6 kB] 480s Get:38 http://ftpmaster.internal/ubuntu noble/main ppc64el sssd-krb5-common ppc64el 2.9.4-1ubuntu1 [103 kB] 480s Get:39 http://ftpmaster.internal/ubuntu noble/main ppc64el libsmbclient ppc64el 2:4.19.5+dfsg-1ubuntu1 [70.4 kB] 480s Get:40 http://ftpmaster.internal/ubuntu noble/main ppc64el sssd-ad ppc64el 2.9.4-1ubuntu1 [147 kB] 480s Get:41 http://ftpmaster.internal/ubuntu noble/main ppc64el libipa-hbac0 ppc64el 2.9.4-1ubuntu1 [17.4 kB] 480s Get:42 http://ftpmaster.internal/ubuntu noble/main ppc64el sssd-ipa ppc64el 2.9.4-1ubuntu1 [240 kB] 480s Get:43 http://ftpmaster.internal/ubuntu noble/main ppc64el sssd-krb5 ppc64el 2.9.4-1ubuntu1 [14.4 kB] 480s Get:44 http://ftpmaster.internal/ubuntu noble/main ppc64el sssd-ldap ppc64el 2.9.4-1ubuntu1 [31.6 kB] 480s Get:45 http://ftpmaster.internal/ubuntu noble/main ppc64el sssd-proxy ppc64el 2.9.4-1ubuntu1 [48.0 kB] 480s Get:46 http://ftpmaster.internal/ubuntu noble/main ppc64el sssd ppc64el 2.9.4-1ubuntu1 [4124 B] 480s Fetched 11.4 MB in 2s (6522 kB/s) 480s Selecting previously unselected package libevent-2.1-7:ppc64el. 480s (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 70095 files and directories currently installed.) 480s Preparing to unpack .../00-libevent-2.1-7_2.1.12-stable-9_ppc64el.deb ... 480s Unpacking libevent-2.1-7:ppc64el (2.1.12-stable-9) ... 480s Selecting previously unselected package libunbound8:ppc64el. 480s Preparing to unpack .../01-libunbound8_1.19.1-1ubuntu1_ppc64el.deb ... 480s Unpacking libunbound8:ppc64el (1.19.1-1ubuntu1) ... 480s Selecting previously unselected package libgnutls-dane0:ppc64el. 480s Preparing to unpack .../02-libgnutls-dane0_3.8.3-1ubuntu1_ppc64el.deb ... 480s Unpacking libgnutls-dane0:ppc64el (3.8.3-1ubuntu1) ... 480s Selecting previously unselected package gnutls-bin. 480s Preparing to unpack .../03-gnutls-bin_3.8.3-1ubuntu1_ppc64el.deb ... 480s Unpacking gnutls-bin (3.8.3-1ubuntu1) ... 480s Selecting previously unselected package libavahi-common-data:ppc64el. 480s Preparing to unpack .../04-libavahi-common-data_0.8-13ubuntu2_ppc64el.deb ... 480s Unpacking libavahi-common-data:ppc64el (0.8-13ubuntu2) ... 480s Selecting previously unselected package libavahi-common3:ppc64el. 480s Preparing to unpack .../05-libavahi-common3_0.8-13ubuntu2_ppc64el.deb ... 480s Unpacking libavahi-common3:ppc64el (0.8-13ubuntu2) ... 480s Selecting previously unselected package libavahi-client3:ppc64el. 480s Preparing to unpack .../06-libavahi-client3_0.8-13ubuntu2_ppc64el.deb ... 480s Unpacking libavahi-client3:ppc64el (0.8-13ubuntu2) ... 480s Selecting previously unselected package libcrack2:ppc64el. 480s Preparing to unpack .../07-libcrack2_2.9.6-5.1_ppc64el.deb ... 480s Unpacking libcrack2:ppc64el (2.9.6-5.1) ... 480s Selecting previously unselected package libtalloc2:ppc64el. 480s Preparing to unpack .../08-libtalloc2_2.4.2-1_ppc64el.deb ... 480s Unpacking libtalloc2:ppc64el (2.4.2-1) ... 480s Selecting previously unselected package libtdb1:ppc64el. 480s Preparing to unpack .../09-libtdb1_1.4.10-1_ppc64el.deb ... 480s Unpacking libtdb1:ppc64el (1.4.10-1) ... 481s Selecting previously unselected package libtevent0:ppc64el. 481s Preparing to unpack .../10-libtevent0_0.16.1-1_ppc64el.deb ... 481s Unpacking libtevent0:ppc64el (0.16.1-1) ... 481s Selecting previously unselected package libldb2:ppc64el. 481s Preparing to unpack .../11-libldb2_2%3a2.8.0+samba4.19.5+dfsg-1ubuntu1_ppc64el.deb ... 481s Unpacking libldb2:ppc64el (2:2.8.0+samba4.19.5+dfsg-1ubuntu1) ... 481s Selecting previously unselected package libnfsidmap1:ppc64el. 481s Preparing to unpack .../12-libnfsidmap1_1%3a2.6.3-3ubuntu1_ppc64el.deb ... 481s Unpacking libnfsidmap1:ppc64el (1:2.6.3-3ubuntu1) ... 481s Selecting previously unselected package libpwquality-common. 481s Preparing to unpack .../13-libpwquality-common_1.4.5-3_all.deb ... 481s Unpacking libpwquality-common (1.4.5-3) ... 481s Selecting previously unselected package libpwquality1:ppc64el. 481s Preparing to unpack .../14-libpwquality1_1.4.5-3_ppc64el.deb ... 481s Unpacking libpwquality1:ppc64el (1.4.5-3) ... 481s Selecting previously unselected package libpam-pwquality:ppc64el. 481s Preparing to unpack .../15-libpam-pwquality_1.4.5-3_ppc64el.deb ... 481s Unpacking libpam-pwquality:ppc64el (1.4.5-3) ... 481s Selecting previously unselected package libwbclient0:ppc64el. 481s Preparing to unpack .../16-libwbclient0_2%3a4.19.5+dfsg-1ubuntu1_ppc64el.deb ... 481s Unpacking libwbclient0:ppc64el (2:4.19.5+dfsg-1ubuntu1) ... 481s Selecting previously unselected package samba-libs:ppc64el. 481s Preparing to unpack .../17-samba-libs_2%3a4.19.5+dfsg-1ubuntu1_ppc64el.deb ... 481s Unpacking samba-libs:ppc64el (2:4.19.5+dfsg-1ubuntu1) ... 481s Selecting previously unselected package softhsm2-common. 481s Preparing to unpack .../18-softhsm2-common_2.6.1-2.2_ppc64el.deb ... 481s Unpacking softhsm2-common (2.6.1-2.2) ... 481s Selecting previously unselected package libsofthsm2. 481s Preparing to unpack .../19-libsofthsm2_2.6.1-2.2_ppc64el.deb ... 481s Unpacking libsofthsm2 (2.6.1-2.2) ... 481s Selecting previously unselected package softhsm2. 481s Preparing to unpack .../20-softhsm2_2.6.1-2.2_ppc64el.deb ... 481s Unpacking softhsm2 (2.6.1-2.2) ... 481s Selecting previously unselected package python3-sss. 481s Preparing to unpack .../21-python3-sss_2.9.4-1ubuntu1_ppc64el.deb ... 481s Unpacking python3-sss (2.9.4-1ubuntu1) ... 481s Selecting previously unselected package libsss-idmap0. 481s Preparing to unpack .../22-libsss-idmap0_2.9.4-1ubuntu1_ppc64el.deb ... 481s Unpacking libsss-idmap0 (2.9.4-1ubuntu1) ... 481s Selecting previously unselected package libnss-sss:ppc64el. 481s Preparing to unpack .../23-libnss-sss_2.9.4-1ubuntu1_ppc64el.deb ... 481s Unpacking libnss-sss:ppc64el (2.9.4-1ubuntu1) ... 481s Selecting previously unselected package libpam-sss:ppc64el. 481s Preparing to unpack .../24-libpam-sss_2.9.4-1ubuntu1_ppc64el.deb ... 481s Unpacking libpam-sss:ppc64el (2.9.4-1ubuntu1) ... 481s Selecting previously unselected package libc-ares2:ppc64el. 481s Preparing to unpack .../25-libc-ares2_1.27.0-1_ppc64el.deb ... 481s Unpacking libc-ares2:ppc64el (1.27.0-1) ... 481s Selecting previously unselected package libdhash1:ppc64el. 481s Preparing to unpack .../26-libdhash1_0.6.2-2_ppc64el.deb ... 481s Unpacking libdhash1:ppc64el (0.6.2-2) ... 481s Selecting previously unselected package libbasicobjects0:ppc64el. 481s Preparing to unpack .../27-libbasicobjects0_0.6.2-2_ppc64el.deb ... 481s Unpacking libbasicobjects0:ppc64el (0.6.2-2) ... 481s Selecting previously unselected package libcollection4:ppc64el. 481s Preparing to unpack .../28-libcollection4_0.6.2-2_ppc64el.deb ... 481s Unpacking libcollection4:ppc64el (0.6.2-2) ... 481s Selecting previously unselected package libpath-utils1:ppc64el. 481s Preparing to unpack .../29-libpath-utils1_0.6.2-2_ppc64el.deb ... 481s Unpacking libpath-utils1:ppc64el (0.6.2-2) ... 481s Selecting previously unselected package libref-array1:ppc64el. 481s Preparing to unpack .../30-libref-array1_0.6.2-2_ppc64el.deb ... 481s Unpacking libref-array1:ppc64el (0.6.2-2) ... 481s Selecting previously unselected package libini-config5:ppc64el. 481s Preparing to unpack .../31-libini-config5_0.6.2-2_ppc64el.deb ... 481s Unpacking libini-config5:ppc64el (0.6.2-2) ... 481s Selecting previously unselected package libsss-certmap0. 481s Preparing to unpack .../32-libsss-certmap0_2.9.4-1ubuntu1_ppc64el.deb ... 481s Unpacking libsss-certmap0 (2.9.4-1ubuntu1) ... 481s Selecting previously unselected package libsss-nss-idmap0. 481s Preparing to unpack .../33-libsss-nss-idmap0_2.9.4-1ubuntu1_ppc64el.deb ... 481s Unpacking libsss-nss-idmap0 (2.9.4-1ubuntu1) ... 481s Selecting previously unselected package sssd-common. 481s Preparing to unpack .../34-sssd-common_2.9.4-1ubuntu1_ppc64el.deb ... 481s Unpacking sssd-common (2.9.4-1ubuntu1) ... 481s Selecting previously unselected package sssd-ad-common. 481s Preparing to unpack .../35-sssd-ad-common_2.9.4-1ubuntu1_ppc64el.deb ... 481s Unpacking sssd-ad-common (2.9.4-1ubuntu1) ... 481s Selecting previously unselected package sssd-krb5-common. 481s Preparing to unpack .../36-sssd-krb5-common_2.9.4-1ubuntu1_ppc64el.deb ... 481s Unpacking sssd-krb5-common (2.9.4-1ubuntu1) ... 481s Selecting previously unselected package libsmbclient:ppc64el. 481s Preparing to unpack .../37-libsmbclient_2%3a4.19.5+dfsg-1ubuntu1_ppc64el.deb ... 481s Unpacking libsmbclient:ppc64el (2:4.19.5+dfsg-1ubuntu1) ... 481s Selecting previously unselected package sssd-ad. 481s Preparing to unpack .../38-sssd-ad_2.9.4-1ubuntu1_ppc64el.deb ... 481s Unpacking sssd-ad (2.9.4-1ubuntu1) ... 481s Selecting previously unselected package libipa-hbac0. 481s Preparing to unpack .../39-libipa-hbac0_2.9.4-1ubuntu1_ppc64el.deb ... 481s Unpacking libipa-hbac0 (2.9.4-1ubuntu1) ... 481s Selecting previously unselected package sssd-ipa. 481s Preparing to unpack .../40-sssd-ipa_2.9.4-1ubuntu1_ppc64el.deb ... 481s Unpacking sssd-ipa (2.9.4-1ubuntu1) ... 481s Selecting previously unselected package sssd-krb5. 481s Preparing to unpack .../41-sssd-krb5_2.9.4-1ubuntu1_ppc64el.deb ... 481s Unpacking sssd-krb5 (2.9.4-1ubuntu1) ... 481s Selecting previously unselected package sssd-ldap. 481s Preparing to unpack .../42-sssd-ldap_2.9.4-1ubuntu1_ppc64el.deb ... 481s Unpacking sssd-ldap (2.9.4-1ubuntu1) ... 481s Selecting previously unselected package sssd-proxy. 482s Preparing to unpack .../43-sssd-proxy_2.9.4-1ubuntu1_ppc64el.deb ... 482s Unpacking sssd-proxy (2.9.4-1ubuntu1) ... 482s Selecting previously unselected package sssd. 482s Preparing to unpack .../44-sssd_2.9.4-1ubuntu1_ppc64el.deb ... 482s Unpacking sssd (2.9.4-1ubuntu1) ... 482s Selecting previously unselected package autopkgtest-satdep. 482s Preparing to unpack .../45-3-autopkgtest-satdep.deb ... 482s Unpacking autopkgtest-satdep (0) ... 482s Setting up libpwquality-common (1.4.5-3) ... 482s Setting up libpath-utils1:ppc64el (0.6.2-2) ... 482s Setting up softhsm2-common (2.6.1-2.2) ... 482s 482s Creating config file /etc/softhsm/softhsm2.conf with new version 482s Setting up libnfsidmap1:ppc64el (1:2.6.3-3ubuntu1) ... 482s Setting up libsss-idmap0 (2.9.4-1ubuntu1) ... 482s Setting up libbasicobjects0:ppc64el (0.6.2-2) ... 482s Setting up libtdb1:ppc64el (1.4.10-1) ... 482s Setting up libc-ares2:ppc64el (1.27.0-1) ... 482s Setting up libwbclient0:ppc64el (2:4.19.5+dfsg-1ubuntu1) ... 482s Setting up libtalloc2:ppc64el (2.4.2-1) ... 482s Setting up libdhash1:ppc64el (0.6.2-2) ... 482s Setting up libtevent0:ppc64el (0.16.1-1) ... 482s Setting up libavahi-common-data:ppc64el (0.8-13ubuntu2) ... 482s Setting up libevent-2.1-7:ppc64el (2.1.12-stable-9) ... 482s Setting up libcrack2:ppc64el (2.9.6-5.1) ... 482s Setting up libcollection4:ppc64el (0.6.2-2) ... 482s Setting up libipa-hbac0 (2.9.4-1ubuntu1) ... 482s Setting up libref-array1:ppc64el (0.6.2-2) ... 482s Setting up libldb2:ppc64el (2:2.8.0+samba4.19.5+dfsg-1ubuntu1) ... 482s Setting up libsss-nss-idmap0 (2.9.4-1ubuntu1) ... 482s Setting up libnss-sss:ppc64el (2.9.4-1ubuntu1) ... 482s Setting up libsofthsm2 (2.6.1-2.2) ... 482s Setting up softhsm2 (2.6.1-2.2) ... 482s Setting up libini-config5:ppc64el (0.6.2-2) ... 482s Setting up libavahi-common3:ppc64el (0.8-13ubuntu2) ... 482s Setting up python3-sss (2.9.4-1ubuntu1) ... 482s Setting up libsss-certmap0 (2.9.4-1ubuntu1) ... 482s Setting up libunbound8:ppc64el (1.19.1-1ubuntu1) ... 482s Setting up libpwquality1:ppc64el (1.4.5-3) ... 482s Setting up libavahi-client3:ppc64el (0.8-13ubuntu2) ... 482s Setting up libgnutls-dane0:ppc64el (3.8.3-1ubuntu1) ... 482s Setting up libpam-pwquality:ppc64el (1.4.5-3) ... 482s Setting up samba-libs:ppc64el (2:4.19.5+dfsg-1ubuntu1) ... 482s Setting up libsmbclient:ppc64el (2:4.19.5+dfsg-1ubuntu1) ... 482s Setting up libpam-sss:ppc64el (2.9.4-1ubuntu1) ... 482s Setting up gnutls-bin (3.8.3-1ubuntu1) ... 482s Setting up sssd-common (2.9.4-1ubuntu1) ... 482s Creating SSSD system user & group... 482s warn: The home directory `/var/lib/sss' already exists. Not touching this directory. 482s warn: Warning: The home directory `/var/lib/sss' does not belong to the user you are currently creating. 482s Warning: found usr.sbin.sssd in /etc/apparmor.d/force-complain, forcing complain mode 483s Warning from /etc/apparmor.d/usr.sbin.sssd (/etc/apparmor.d/usr.sbin.sssd line 63): Caching disabled for: 'usr.sbin.sssd' due to force complain 483s Created symlink /etc/systemd/system/sssd.service.wants/sssd-autofs.socket → /usr/lib/systemd/system/sssd-autofs.socket. 483s Created symlink /etc/systemd/system/sssd.service.wants/sssd-nss.socket → /usr/lib/systemd/system/sssd-nss.socket. 484s Created symlink /etc/systemd/system/sssd.service.wants/sssd-pam-priv.socket → /usr/lib/systemd/system/sssd-pam-priv.socket. 484s Created symlink /etc/systemd/system/sssd.service.wants/sssd-pam.socket → /usr/lib/systemd/system/sssd-pam.socket. 484s Created symlink /etc/systemd/system/sssd.service.wants/sssd-ssh.socket → /usr/lib/systemd/system/sssd-ssh.socket. 484s Created symlink /etc/systemd/system/sssd.service.wants/sssd-sudo.socket → /usr/lib/systemd/system/sssd-sudo.socket. 485s Created symlink /etc/systemd/system/multi-user.target.wants/sssd.service → /usr/lib/systemd/system/sssd.service. 485s sssd-autofs.service is a disabled or a static unit, not starting it. 485s sssd-nss.service is a disabled or a static unit, not starting it. 485s sssd-pam.service is a disabled or a static unit, not starting it. 485s sssd-ssh.service is a disabled or a static unit, not starting it. 485s sssd-sudo.service is a disabled or a static unit, not starting it. 485s Could not execute systemctl: at /usr/bin/deb-systemd-invoke line 148. 485s Setting up sssd-proxy (2.9.4-1ubuntu1) ... 485s Setting up sssd-ad-common (2.9.4-1ubuntu1) ... 485s Created symlink /etc/systemd/system/sssd.service.wants/sssd-pac.socket → /usr/lib/systemd/system/sssd-pac.socket. 486s sssd-pac.service is a disabled or a static unit, not starting it. 486s Could not execute systemctl: at /usr/bin/deb-systemd-invoke line 148. 486s Setting up sssd-krb5-common (2.9.4-1ubuntu1) ... 486s Setting up sssd-krb5 (2.9.4-1ubuntu1) ... 486s Setting up sssd-ldap (2.9.4-1ubuntu1) ... 486s Setting up sssd-ad (2.9.4-1ubuntu1) ... 486s Setting up sssd-ipa (2.9.4-1ubuntu1) ... 486s Setting up sssd (2.9.4-1ubuntu1) ... 486s Setting up autopkgtest-satdep (0) ... 486s Processing triggers for man-db (2.12.0-3) ... 487s Processing triggers for libc-bin (2.39-0ubuntu2) ... 491s (Reading database ... 70683 files and directories currently installed.) 491s Removing autopkgtest-satdep (0) ... 497s autopkgtest [06:08:25]: test sssd-softhism2-certificates-tests.sh: [----------------------- 497s + '[' -z ubuntu ']' 497s + required_tools=(p11tool openssl softhsm2-util) 497s + for cmd in "${required_tools[@]}" 497s + command -v p11tool 497s + for cmd in "${required_tools[@]}" 497s + command -v openssl 497s + for cmd in "${required_tools[@]}" 497s + command -v softhsm2-util 497s + PIN=053350 497s +++ find /usr/lib/softhsm/libsofthsm2.so 497s +++ head -n 1 497s ++ realpath /usr/lib/softhsm/libsofthsm2.so 497s + SOFTHSM2_MODULE=/usr/lib/powerpc64le-linux-gnu/softhsm/libsofthsm2.so 497s + SSSD_P11_CHILD=/usr/libexec/sssd/p11_child 497s + TOKEN_ID=00112233445566778899FFAABBCCDDEEFF012345 497s + '[' '!' -v NO_SSSD_TESTS ']' 497s + '[' '!' -x /usr/libexec/sssd/p11_child ']' 497s + ca_db_arg=ca_db 497s ++ /usr/libexec/sssd/p11_child --help 497s + p11_child_help='Usage: p11_child [OPTION...] 497s -d, --debug-level=INT Debug level 497s --debug-timestamps=INT Add debug timestamps 497s --debug-microseconds=INT Show timestamps with microseconds 497s --dumpable=INT Allow core dumps 497s --debug-fd=INT An open file descriptor for the debug 497s logs 497s --logger=stderr|files|journald Set logger 497s --auth Run in auth mode 497s --pre Run in pre-auth mode 497s --wait_for_card Wait until card is available 497s --verification Run in verification mode 497s --pin Expect PIN on stdin 497s --keypad Expect PIN on keypad 497s --verify=STRING Tune validation 497s --ca_db=STRING CA DB to use 497s --module_name=STRING Module name for authentication 497s --token_name=STRING Token name for authentication 497s --key_id=STRING Key ID for authentication 497s --label=STRING Label for authentication 497s --certificate=STRING certificate to verify, base64 encoded 497s --uri=STRING PKCS#11 URI to restrict selection 497s --chain-id=LONG Tevent chain ID used for logging 497s purposes 497s 497s Help options: 497s -?, --help Show this help message 497s --usage Display brief usage message' 497s + echo 'Usage: p11_child [OPTION...] 497s -d, --debug-level=INT Debug level 497s --debug-timestamps=INT Add debug timestamps 497s --debug-microseconds=INT Show timestamps with microseconds 497s --dumpable=INT Allow core dumps 497s --debug-fd=INT An open file descriptor for the debug 497s logs 497s --logger=stderr|files|journald Set logger 497s --auth Run in auth mode 497s --pre Run in pre-auth mode 497s --wait_for_card Wait until card is available 497s --verification Run in verification mode 497s --pin Expect PIN on stdin 497s --keypad Expect PIN on keypad 497s --verify=STRING Tune validation 497s --ca_db=STRING CA DB to use 497s --module_name=STRING Module name for authentication 497s --token_name=STRING Token name for authentication 497s --key_id=STRING Key ID for authentication 497s --label=STRING Label for authentication 497s --certificate=STRING certificate to verify, base64 encoded 497s --uri=STRING PKCS#11 URI to restrict selection 497s --chain-id=LONG Tevent chain ID used for logging 497s purposes 497s 497s Help options: 497s -?, --help Show this help message 497s --usage Display brief usage message' 497s + grep nssdb -qs 497s + echo 'Usage: p11_child [OPTION...] 497s -d, --debug-level=INT Debug level 497s + grep -qs -- --ca_db 497s --debug-timestamps=INT Add debug timestamps 497s --debug-microseconds=INT Show timestamps with microseconds 497s --dumpable=INT Allow core dumps 497s --debug-fd=INT An open file descriptor for the debug 497s logs 497s --logger=stderr|files|journald Set logger 497s --auth Run in auth mode 497s --pre Run in pre-auth mode 497s --wait_for_card Wait until card is available 497s --verification Run in verification mode 497s --pin Expect PIN on stdin 497s --keypad Expect PIN on keypad 497s --verify=STRING Tune validation 497s --ca_db=STRING CA DB to use 497s --module_name=STRING Module name for authentication 497s --token_name=STRING Token name for authentication 497s --key_id=STRING Key ID for authentication 497s --label=STRING Label for authentication 497s --certificate=STRING certificate to verify, base64 encoded 497s --uri=STRING PKCS#11 URI to restrict selection 497s --chain-id=LONG Tevent chain ID used for logging 497s purposes 497s 497s Help options: 497s -?, --help Show this help message 497s --usage Display brief usage message' 497s + '[' '!' -e /usr/lib/powerpc64le-linux-gnu/softhsm/libsofthsm2.so ']' 497s ++ mktemp -d -t sssd-softhsm2-XXXXXX 497s + tmpdir=/tmp/sssd-softhsm2-7F70Xv 497s + keys_size=1024 497s + [[ ! -v KEEP_TEMPORARY_FILES ]] 497s + trap 'rm -rf "$tmpdir"' EXIT 497s + trap 'set +x; echo -e "\nUnexpected failure!!!"' ERR 497s + echo -n 01 497s + touch /tmp/sssd-softhsm2-7F70Xv/index.txt 497s + mkdir -p /tmp/sssd-softhsm2-7F70Xv/new_certs 497s + cat 497s + root_ca_key_pass=pass:random-root-CA-password-25589 497s + openssl genrsa -aes256 -out /tmp/sssd-softhsm2-7F70Xv/test-root-CA-key.pem -passout pass:random-root-CA-password-25589 1024 497s + openssl req -passin pass:random-root-CA-password-25589 -batch -config /tmp/sssd-softhsm2-7F70Xv/test-root-CA.config -x509 -new -nodes -key /tmp/sssd-softhsm2-7F70Xv/test-root-CA-key.pem -sha256 -days 1024 -set_serial 0 -extensions v3_ca -out /tmp/sssd-softhsm2-7F70Xv/test-root-CA.pem 497s + openssl x509 -noout -in /tmp/sssd-softhsm2-7F70Xv/test-root-CA.pem 497s + cat 497s + intermediate_ca_key_pass=pass:random-intermediate-CA-password-17470 497s + openssl genrsa -aes256 -out /tmp/sssd-softhsm2-7F70Xv/test-intermediate-CA-key.pem -passout pass:random-intermediate-CA-password-17470 1024 497s + openssl req -batch -new -nodes -passin pass:random-intermediate-CA-password-17470 -config /tmp/sssd-softhsm2-7F70Xv/test-intermediate-CA.config -key /tmp/sssd-softhsm2-7F70Xv/test-intermediate-CA-key.pem -passout pass:random-root-CA-password-25589 -sha256 -extensions v3_ca -out /tmp/sssd-softhsm2-7F70Xv/test-intermediate-CA-certificate-request.pem 497s + openssl req -text -noout -in /tmp/sssd-softhsm2-7F70Xv/test-intermediate-CA-certificate-request.pem 497s + openssl ca -batch -notext -config /tmp/sssd-softhsm2-7F70Xv/test-root-CA.config -passin pass:random-root-CA-password-25589 -keyfile /tmp/sssd-softhsm2-7F70Xv/test-root-CA-key.pem -in /tmp/sssd-softhsm2-7F70Xv/test-intermediate-CA-certificate-request.pem -days 365 -extensions v3_intermediate_ca -out /tmp/sssd-softhsm2-7F70Xv/test-intermediate-CA.pem 497s Certificate Request: 497s Data: 497s Version: 1 (0x0) 497s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate CA 497s Subject Public Key Info: 497s Public Key Algorithm: rsaEncryption 497s Public-Key: (1024 bit) 497s Modulus: 497s 00:a9:4e:0a:6a:fc:ff:0e:66:f7:f4:11:3c:5f:7b: 497s 39:f0:f9:23:73:5d:5e:96:86:77:9a:d9:5a:3f:86: 497s ea:90:3a:97:91:2b:81:ea:e4:98:da:b6:bc:07:7f: 497s e9:9f:76:69:b3:22:4c:a9:8f:65:0b:ff:50:bc:97: 497s 7f:80:10:e2:62:ff:b3:30:b8:0e:0a:84:66:08:3a: 497s 0e:b1:cc:ea:98:69:8c:ad:c2:16:62:74:d1:5f:3b: 497s 5a:d7:97:be:d2:20:d9:27:96:be:e5:34:22:a6:52: 497s a0:75:14:af:da:41:52:dc:50:9d:5e:fb:d7:3c:06: 497s fa:db:bb:59:1c:6d:33:e2:e1 497s Exponent: 65537 (0x10001) 497s Attributes: 497s (none) 497s Requested Extensions: 497s Signature Algorithm: sha256WithRSAEncryption 497s Signature Value: 497s 2b:d3:2d:e3:5e:1a:18:3f:2b:9e:77:f3:4f:a2:21:fe:06:a6: 497s 4f:f4:91:c6:4a:c6:59:16:de:ca:b7:9f:a1:f2:b2:08:64:66: 497s f6:d0:c0:c1:17:f5:42:ee:c5:19:46:09:ad:7b:d8:95:93:ff: 497s 11:cb:aa:a9:2d:ad:ec:e2:6e:00:ee:cc:47:43:e8:bb:ae:a5: 497s 9e:9a:81:3d:25:96:e7:95:bc:be:be:65:08:ad:7e:65:f6:af: 497s 52:b5:de:fc:d2:94:fa:c2:d6:dd:2f:1b:7f:01:d7:58:3c:69: 497s 32:5a:b0:c0:85:1d:b0:91:52:9d:1d:0d:ef:1e:7f:4b:45:45: 497s 22:fa 497s Using configuration from /tmp/sssd-softhsm2-7F70Xv/test-root-CA.config 497s Check that the request matches the signature 497s Signature ok 497s Certificate Details: 497s Serial Number: 1 (0x1) 497s Validity 497s Not Before: Mar 20 06:08:25 2024 GMT 497s Not After : Mar 20 06:08:25 2025 GMT 497s Subject: 497s organizationName = Test Organization 497s organizationalUnitName = Test Organization Unit 497s commonName = Test Organization Intermediate CA 497s X509v3 extensions: 497s X509v3 Subject Key Identifier: 497s C2:91:40:55:E8:67:1C:55:53:3A:C0:1B:9A:85:CC:FE:7E:BE:4F:05 497s X509v3 Authority Key Identifier: 497s keyid:48:36:F7:C2:E2:B1:79:4C:A0:2E:BE:28:B1:54:1F:FE:1F:EA:5C:BB 497s DirName:/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root CA 497s serial:00 497s X509v3 Basic Constraints: 497s CA:TRUE 497s X509v3 Key Usage: critical 497s Digital Signature, Certificate Sign, CRL Sign 497s Certificate is to be certified until Mar 20 06:08:25 2025 GMT (365 days) 497s 497s Write out database with 1 new entries 497s Database updated 497s + openssl x509 -noout -in /tmp/sssd-softhsm2-7F70Xv/test-intermediate-CA.pem 498s /tmp/sssd-softhsm2-7F70Xv/test-intermediate-CA.pem: OK 498s + openssl verify -CAfile /tmp/sssd-softhsm2-7F70Xv/test-root-CA.pem /tmp/sssd-softhsm2-7F70Xv/test-intermediate-CA.pem 498s + cat 498s + sub_intermediate_ca_key_pass=pass:random-sub-intermediate-CA-password-15170 498s + openssl genrsa -aes256 -out /tmp/sssd-softhsm2-7F70Xv/test-sub-intermediate-CA-key.pem -passout pass:random-sub-intermediate-CA-password-15170 1024 498s + openssl req -batch -new -nodes -passin pass:random-sub-intermediate-CA-password-15170 -config /tmp/sssd-softhsm2-7F70Xv/test-sub-intermediate-CA.config -key /tmp/sssd-softhsm2-7F70Xv/test-sub-intermediate-CA-key.pem -passout pass:random-intermediate-CA-password-17470 -sha256 -extensions v3_ca -out /tmp/sssd-softhsm2-7F70Xv/test-sub-intermediate-CA-certificate-request.pem 498s + openssl req -text -noout -in /tmp/sssd-softhsm2-7F70Xv/test-sub-intermediate-CA-certificate-request.pem 498s Certificate Request: 498s Data: 498s Version: 1 (0x0) 498s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate CA 498s Subject Public Key Info: 498s Public Key Algorithm: rsaEncryption 498s Public-Key: (1024 bit) 498s Modulus: 498s 00:b9:55:60:8d:a1:0c:0e:66:c2:d4:7c:78:00:89: 498s 3a:cc:5a:58:a1:b7:8d:da:91:75:c6:c5:28:64:5e: 498s c9:a8:a3:ea:0e:5d:64:70:dd:de:b3:38:24:90:91: 498s f7:ce:63:3d:8d:21:74:0f:92:cc:da:e0:2b:bc:41: 498s 9e:a0:e8:ac:a9:f1:23:f8:e6:27:eb:85:90:35:d3: 498s 09:c5:4a:7a:1a:df:79:b8:a7:a1:79:c5:db:ff:be: 498s 3d:b2:5f:50:7c:a5:10:a3:fe:e7:ca:e6:74:ba:3f: 498s 5d:63:81:f7:00:d4:f0:92:d3:10:10:1e:b5:79:e6: 498s 91:43:3b:62:f1:89:13:a7:ef 498s Exponent: 65537 (0x10001) 498s Attributes: 498s (none) 498s Requested Extensions: 498s Signature Algorithm: sha256WithRSAEncryption 498s Signature Value: 498s 38:f3:3e:0c:dd:41:d9:10:8e:f7:67:f2:1b:6b:92:79:08:44: 498s cd:6c:93:bd:2b:e2:75:9f:73:2f:5e:8c:f5:1a:dd:67:cc:aa: 498s 0f:ff:3b:ba:5f:32:91:d7:a9:80:60:84:b1:de:75:02:ee:40: 498s 28:15:a7:c5:df:aa:27:ce:bf:a6:b8:89:c9:74:de:1d:22:21: 498s b6:09:cb:28:ef:c8:a5:56:7c:72:33:af:5a:89:fb:b7:25:45: 498s 7b:cf:74:d0:13:68:22:e9:5a:37:59:d9:db:8d:c3:17:fc:f3: 498s 99:36:db:28:ab:dd:df:c5:50:fd:1d:b4:bc:1c:94:d0:3a:7f: 498s 41:50 498s + openssl ca -batch -notext -config /tmp/sssd-softhsm2-7F70Xv/test-intermediate-CA.config -passin pass:random-intermediate-CA-password-17470 -keyfile /tmp/sssd-softhsm2-7F70Xv/test-intermediate-CA-key.pem -in /tmp/sssd-softhsm2-7F70Xv/test-sub-intermediate-CA-certificate-request.pem -days 365 -extensions v3_intermediate_ca -out /tmp/sssd-softhsm2-7F70Xv/test-sub-intermediate-CA.pem 498s Using configuration from /tmp/sssd-softhsm2-7F70Xv/test-intermediate-CA.config 498s Check that the request matches the signature 498s Signature ok 498s Certificate Details: 498s Serial Number: 2 (0x2) 498s Validity 498s Not Before: Mar 20 06:08:26 2024 GMT 498s Not After : Mar 20 06:08:26 2025 GMT 498s Subject: 498s organizationName = Test Organization 498s organizationalUnitName = Test Organization Unit 498s commonName = Test Organization Sub Intermediate CA 498s X509v3 extensions: 498s X509v3 Subject Key Identifier: 498s B3:8C:20:3E:2C:AB:6A:B6:17:72:96:C0:73:11:E3:E6:38:01:5E:E8 498s X509v3 Authority Key Identifier: 498s keyid:C2:91:40:55:E8:67:1C:55:53:3A:C0:1B:9A:85:CC:FE:7E:BE:4F:05 498s DirName:/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root CA 498s serial:01 498s X509v3 Basic Constraints: 498s CA:TRUE 498s X509v3 Key Usage: critical 498s Digital Signature, Certificate Sign, CRL Sign 498s Certificate is to be certified until Mar 20 06:08:26 2025 GMT (365 days) 498s 498s Write out database with 1 new entries 498s Database updated 498s + openssl x509 -noout -in /tmp/sssd-softhsm2-7F70Xv/test-sub-intermediate-CA.pem 498s + openssl verify -partial_chain -CAfile /tmp/sssd-softhsm2-7F70Xv/test-intermediate-CA.pem /tmp/sssd-softhsm2-7F70Xv/test-sub-intermediate-CA.pem 498s /tmp/sssd-softhsm2-7F70Xv/test-sub-intermediate-CA.pem: OK 498s + expect_fail openssl verify -CAfile /tmp/sssd-softhsm2-7F70Xv/test-root-CA.pem /tmp/sssd-softhsm2-7F70Xv/test-sub-intermediate-CA.pem 498s + local cmd=openssl 498s + shift 498s + openssl verify -CAfile /tmp/sssd-softhsm2-7F70Xv/test-root-CA.pem /tmp/sssd-softhsm2-7F70Xv/test-sub-intermediate-CA.pem 498s O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate CA 498s error 20 at 0 depth lookup: unable to get local issuer certificate 498s error /tmp/sssd-softhsm2-7F70Xv/test-sub-intermediate-CA.pem: verification failed 498s + cat 498s + root_ca_trusted_cert_0001_key_pass=pass:random-root-ca-trusted-cert-0001-19710 498s + openssl genrsa -aes256 -out /tmp/sssd-softhsm2-7F70Xv/test-root-CA-trusted-certificate-0001-key.pem -passout pass:random-root-ca-trusted-cert-0001-19710 1024 498s + openssl req -new -nodes -reqexts req_exts -passin pass:random-root-ca-trusted-cert-0001-19710 -key /tmp/sssd-softhsm2-7F70Xv/test-root-CA-trusted-certificate-0001-key.pem -config /tmp/sssd-softhsm2-7F70Xv/test-root-CA-trusted-certificate-0001.config -out /tmp/sssd-softhsm2-7F70Xv/test-root-CA-trusted-certificate-0001-request.pem 498s + openssl req -text -noout -in /tmp/sssd-softhsm2-7F70Xv/test-root-CA-trusted-certificate-0001-request.pem 498s Certificate Request: 498s Data: 498s Version: 1 (0x0) 498s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root Trusted Certificate 0001 498s Subject Public Key Info: 498s Public Key Algorithm: rsaEncryption 498s Public-Key: (1024 bit) 498s Modulus: 498s 00:bc:28:2e:74:df:38:ed:d2:c0:f4:28:85:6f:bf: 498s bf:33:3a:68:bb:4c:5e:e5:fd:a3:13:36:08:d1:c4: 498s 29:1a:75:30:2c:93:e4:ac:d8:48:eb:3a:5d:ff:1b: 498s a0:72:62:7f:f3:49:6d:c9:e5:58:ab:47:18:4c:8c: 498s 30:2a:a5:83:f4:8d:29:ae:8b:41:3b:2b:73:ab:3f: 498s 78:51:b7:02:57:49:16:df:9f:78:7c:78:b8:40:6a: 498s ae:06:ce:03:28:80:b6:7e:d7:71:86:7b:6d:57:c5: 498s e0:d2:8a:8c:fe:d5:11:c9:09:71:ff:eb:dc:1d:0d: 498s 71:e8:3c:6c:1a:10:96:2b:f9 498s Exponent: 65537 (0x10001) 498s Attributes: 498s Requested Extensions: 498s X509v3 Basic Constraints: 498s CA:FALSE 498s Netscape Cert Type: 498s SSL Client, S/MIME 498s Netscape Comment: 498s Test Organization Root CA trusted Certificate 498s X509v3 Subject Key Identifier: 498s F6:37:4F:94:11:60:E9:36:9C:64:23:D4:65:B1:84:FB:6D:2D:A9:5D 498s X509v3 Key Usage: critical 498s Digital Signature, Non Repudiation, Key Encipherment 498s X509v3 Extended Key Usage: 498s TLS Web Client Authentication, E-mail Protection 498s X509v3 Subject Alternative Name: 498s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 498s Signature Algorithm: sha256WithRSAEncryption 498s Signature Value: 498s 0a:c2:b8:4e:cc:9a:1c:37:78:31:2e:1a:b1:ea:1e:c5:b8:49: 498s 7c:bc:6a:46:ee:e1:b7:87:bd:5a:be:ba:66:7a:fb:5c:dd:03: 498s c3:db:01:f9:b7:7f:ca:59:4a:bb:e1:e1:27:1b:b4:56:13:d1: 498s e8:53:86:ad:d3:32:64:39:69:4f:de:ab:7e:ec:6d:95:1b:53: 498s 31:bc:f6:0f:ff:d0:db:21:e3:2c:3f:30:05:29:fa:f2:9c:c5: 498s 17:a3:e8:bf:a8:ad:56:53:97:8a:b3:d3:a1:41:ef:c4:34:4d: 498s d2:5b:5a:65:6f:56:40:72:c6:56:38:8a:c6:c5:1c:74:b4:c9: 498s 28:1f 498s + openssl ca -batch -notext -config /tmp/sssd-softhsm2-7F70Xv/test-root-CA.config -passin pass:random-root-CA-password-25589 -keyfile /tmp/sssd-softhsm2-7F70Xv/test-root-CA-key.pem -in /tmp/sssd-softhsm2-7F70Xv/test-root-CA-trusted-certificate-0001-request.pem -days 365 -extensions usr_cert -out /tmp/sssd-softhsm2-7F70Xv/test-root-CA-trusted-certificate-0001.pem 498s Using configuration from /tmp/sssd-softhsm2-7F70Xv/test-root-CA.config 498s Check that the request matches the signature 498s Signature ok 498s Certificate Details: 498s Serial Number: 3 (0x3) 498s Validity 498s Not Before: Mar 20 06:08:26 2024 GMT 498s Not After : Mar 20 06:08:26 2025 GMT 498s Subject: 498s organizationName = Test Organization 498s organizationalUnitName = Test Organization Unit 498s commonName = Test Organization Root Trusted Certificate 0001 498s X509v3 extensions: 498s X509v3 Authority Key Identifier: 498s 48:36:F7:C2:E2:B1:79:4C:A0:2E:BE:28:B1:54:1F:FE:1F:EA:5C:BB 498s X509v3 Basic Constraints: 498s CA:FALSE 498s Netscape Cert Type: 498s SSL Client, S/MIME 498s Netscape Comment: 498s Test Organization Root CA trusted Certificate 498s X509v3 Subject Key Identifier: 498s F6:37:4F:94:11:60:E9:36:9C:64:23:D4:65:B1:84:FB:6D:2D:A9:5D 498s X509v3 Key Usage: critical 498s Digital Signature, Non Repudiation, Key Encipherment 498s X509v3 Extended Key Usage: 498s TLS Web Client Authentication, E-mail Protection 498s X509v3 Subject Alternative Name: 498s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 498s Certificate is to be certified until Mar 20 06:08:26 2025 GMT (365 days) 498s 498s Write out database with 1 new entries 498s Database updated 498s + openssl x509 -noout -in /tmp/sssd-softhsm2-7F70Xv/test-root-CA-trusted-certificate-0001.pem 498s + openssl verify -CAfile /tmp/sssd-softhsm2-7F70Xv/test-root-CA.pem /tmp/sssd-softhsm2-7F70Xv/test-root-CA-trusted-certificate-0001.pem 498s /tmp/sssd-softhsm2-7F70Xv/test-root-CA-trusted-certificate-0001.pem: OK 498s + expect_fail openssl verify -CAfile /tmp/sssd-softhsm2-7F70Xv/test-intermediate-CA.pem /tmp/sssd-softhsm2-7F70Xv/test-root-CA-trusted-certificate-0001.pem 498s + local cmd=openssl 498s + shift 498s + openssl verify -CAfile /tmp/sssd-softhsm2-7F70Xv/test-intermediate-CA.pem /tmp/sssd-softhsm2-7F70Xv/test-root-CA-trusted-certificate-0001.pem 498s O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root Trusted Certificate 0001 498s error 20 at 0 depth lookup: unable to get local issuer certificate 498s error /tmp/sssd-softhsm2-7F70Xv/test-root-CA-trusted-certificate-0001.pem: verification failed 498s + cat 498s + intermediate_ca_trusted_cert_0001_key_pass=pass:random-intermediate-ca-trusted-cert-0001-2535 498s + openssl genrsa -aes256 -out /tmp/sssd-softhsm2-7F70Xv/test-intermediate-CA-trusted-certificate-0001-key.pem -passout pass:random-intermediate-ca-trusted-cert-0001-2535 1024 498s + openssl req -new -nodes -reqexts req_exts -passin pass:random-intermediate-ca-trusted-cert-0001-2535 -key /tmp/sssd-softhsm2-7F70Xv/test-intermediate-CA-trusted-certificate-0001-key.pem -config /tmp/sssd-softhsm2-7F70Xv/test-intermediate-CA-trusted-certificate-0001.config -out /tmp/sssd-softhsm2-7F70Xv/test-intermediate-CA-trusted-certificate-0001-request.pem 498s + openssl req -text -noout -in /tmp/sssd-softhsm2-7F70Xv/test-intermediate-CA-trusted-certificate-0001-request.pem 498s Certificate Request: 498s Data: 498s Version: 1 (0x0) 498s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate Trusted Certificate 0001 498s Subject Public Key Info: 498s Public Key Algorithm: rsaEncryption 498s Public-Key: (1024 bit) 498s Modulus: 498s 00:c9:b9:8a:ad:72:0d:5c:69:3b:26:8b:96:48:ed: 498s 95:8d:94:8f:0d:15:bc:9c:78:14:b3:df:a2:3a:75: 498s 9b:c1:79:c5:e2:2e:58:f3:ab:02:60:0b:33:68:b0: 498s 29:3a:9d:5b:c0:39:10:7f:e6:ee:42:19:12:c6:c2: 498s a7:6c:f7:96:12:1f:43:62:13:85:ca:90:6e:a2:64: 498s 94:66:9b:66:96:5b:c5:cc:64:55:c9:5f:c4:9d:ee: 498s 90:59:87:75:ca:b4:da:4c:18:79:84:af:76:dd:56: 498s 79:08:d1:a1:fd:91:6f:08:5c:e4:50:e0:11:e1:dd: 498s 5a:60:27:17:c1:cd:4e:b6:b9 498s Exponent: 65537 (0x10001) 498s Attributes: 498s Requested Extensions: 498s X509v3 Basic Constraints: 498s CA:FALSE 498s Netscape Cert Type: 498s SSL Client, S/MIME 498s Netscape Comment: 498s Test Organization Intermediate CA trusted Certificate 498s X509v3 Subject Key Identifier: 498s 17:9C:4D:44:92:58:AF:63:4B:4F:42:37:28:A9:F9:A4:56:BD:B6:D0 498s X509v3 Key Usage: critical 498s Digital Signature, Non Repudiation, Key Encipherment 498s X509v3 Extended Key Usage: 498s TLS Web Client Authentication, E-mail Protection 498s X509v3 Subject Alternative Name: 498s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 498s Signature Algorithm: sha256WithRSAEncryption 498s Signature Value: 498s b8:03:3c:e9:c1:7e:2c:05:0a:c7:61:cd:3d:c0:45:05:3c:5b: 498s e4:85:53:f2:da:d7:79:e7:c5:00:26:ca:81:36:12:9a:0e:7e: 498s 11:07:94:6e:87:dd:de:05:26:9f:c3:64:1b:38:02:33:89:32: 498s 56:68:3d:75:e0:e6:84:03:28:f7:aa:2d:d9:55:d5:f6:68:0a: 498s a4:04:f4:15:69:e1:56:e1:52:39:f5:a2:74:ad:06:6f:5d:ce: 498s d0:b5:80:96:7c:63:9e:28:9b:94:e7:c3:88:30:28:6b:3c:a4: 498s c9:13:53:a3:cb:3c:67:e7:c5:68:7c:25:37:34:00:92:ff:0a: 498s fe:6c 498s + openssl ca -passin pass:random-intermediate-CA-password-17470 -config /tmp/sssd-softhsm2-7F70Xv/test-intermediate-CA.config -batch -notext -keyfile /tmp/sssd-softhsm2-7F70Xv/test-intermediate-CA-key.pem -in /tmp/sssd-softhsm2-7F70Xv/test-intermediate-CA-trusted-certificate-0001-request.pem -days 365 -extensions usr_cert -out /tmp/sssd-softhsm2-7F70Xv/test-intermediate-CA-trusted-certificate-0001.pem 498s Using configuration from /tmp/sssd-softhsm2-7F70Xv/test-intermediate-CA.config 498s Check that the request matches the signature 498s Signature ok 498s Certificate Details: 498s Serial Number: 4 (0x4) 498s Validity 498s Not Before: Mar 20 06:08:26 2024 GMT 498s Not After : Mar 20 06:08:26 2025 GMT 498s Subject: 498s organizationName = Test Organization 498s organizationalUnitName = Test Organization Unit 498s commonName = Test Organization Intermediate Trusted Certificate 0001 498s X509v3 extensions: 498s X509v3 Authority Key Identifier: 498s C2:91:40:55:E8:67:1C:55:53:3A:C0:1B:9A:85:CC:FE:7E:BE:4F:05 498s X509v3 Basic Constraints: 498s CA:FALSE 498s Netscape Cert Type: 498s SSL Client, S/MIME 498s Netscape Comment: 498s Test Organization Intermediate CA trusted Certificate 498s X509v3 Subject Key Identifier: 498s 17:9C:4D:44:92:58:AF:63:4B:4F:42:37:28:A9:F9:A4:56:BD:B6:D0 498s X509v3 Key Usage: critical 498s Digital Signature, Non Repudiation, Key Encipherment 498s X509v3 Extended Key Usage: 498s TLS Web Client Authentication, E-mail Protection 498s X509v3 Subject Alternative Name: 498s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 498s Certificate is to be certified until Mar 20 06:08:26 2025 GMT (365 days) 498s 498s Write out database with 1 new entries 498s Database updated 498s + openssl x509 -noout -in /tmp/sssd-softhsm2-7F70Xv/test-intermediate-CA-trusted-certificate-0001.pem 498s + echo 'This certificate should not be trusted fully' 498s This certificate should not be trusted fully 498s + expect_fail openssl verify -CAfile /tmp/sssd-softhsm2-7F70Xv/test-intermediate-CA.pem /tmp/sssd-softhsm2-7F70Xv/test-intermediate-CA-trusted-certificate-0001.pem 498s + local cmd=openssl 498s + shift 498s + openssl verify -CAfile /tmp/sssd-softhsm2-7F70Xv/test-intermediate-CA.pem /tmp/sssd-softhsm2-7F70Xv/test-intermediate-CA-trusted-certificate-0001.pem 498s O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate CA 498s error 2 at 1 depth lookup: unable to get issuer certificate 498s error /tmp/sssd-softhsm2-7F70Xv/test-intermediate-CA-trusted-certificate-0001.pem: verification failed 498s + openssl verify -partial_chain -CAfile /tmp/sssd-softhsm2-7F70Xv/test-intermediate-CA.pem /tmp/sssd-softhsm2-7F70Xv/test-intermediate-CA-trusted-certificate-0001.pem 498s /tmp/sssd-softhsm2-7F70Xv/test-intermediate-CA-trusted-certificate-0001.pem: OK 498s + cat 498s + sub_intermediate_ca_trusted_cert_0001_key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-9685 498s + openssl genrsa -aes256 -out /tmp/sssd-softhsm2-7F70Xv/test-sub-intermediate-CA-trusted-certificate-0001-key.pem -passout pass:random-sub-intermediate-ca-trusted-cert-0001-9685 1024 498s + openssl req -new -nodes -reqexts req_exts -passin pass:random-sub-intermediate-ca-trusted-cert-0001-9685 -key /tmp/sssd-softhsm2-7F70Xv/test-sub-intermediate-CA-trusted-certificate-0001-key.pem -config /tmp/sssd-softhsm2-7F70Xv/test-sub-intermediate-CA-trusted-certificate-0001.config -out /tmp/sssd-softhsm2-7F70Xv/test-sub-intermediate-CA-trusted-certificate-0001-request.pem 498s + openssl req -text -noout -in /tmp/sssd-softhsm2-7F70Xv/test-sub-intermediate-CA-trusted-certificate-0001-request.pem 498s Certificate Request: 498s Data: 498s Version: 1 (0x0) 498s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate Trusted Certificate 0001 498s Subject Public Key Info: 498s Public Key Algorithm: rsaEncryption 498s Public-Key: (1024 bit) 498s Modulus: 498s 00:c6:a3:80:0c:73:e3:98:d9:0a:7f:b1:fa:af:9e: 498s 14:47:74:02:bf:62:11:17:02:66:6e:0f:d2:5b:ad: 498s 9d:8e:5d:81:e4:fa:08:c0:e5:3d:95:6f:d7:fd:c0: 498s 27:0f:85:96:5b:e0:78:80:27:65:da:4e:e4:1e:92: 498s 66:39:f3:07:89:27:46:85:75:07:74:46:a1:51:26: 498s 49:d1:0d:ee:32:34:43:4d:88:5f:50:41:3a:ee:55: 498s 2b:eb:94:35:10:ef:48:c5:24:72:9d:a3:0a:f4:15: 498s 1f:16:7b:c3:e4:92:ff:33:5b:48:75:2f:49:c6:42: 498s 87:b2:ac:25:41:48:aa:71:7b 498s Exponent: 65537 (0x10001) 498s Attributes: 498s Requested Extensions: 498s X509v3 Basic Constraints: 498s CA:FALSE 498s Netscape Cert Type: 498s SSL Client, S/MIME 498s Netscape Comment: 498s Test Organization Sub Intermediate CA trusted Certificate 498s X509v3 Subject Key Identifier: 498s A9:C8:1A:3B:A7:7B:98:4A:BB:B0:41:FA:FD:FE:B4:55:83:1D:8F:69 498s X509v3 Key Usage: critical 498s Digital Signature, Non Repudiation, Key Encipherment 498s X509v3 Extended Key Usage: 498s TLS Web Client Authentication, E-mail Protection 498s X509v3 Subject Alternative Name: 498s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 498s Signature Algorithm: sha256WithRSAEncryption 498s Signature Value: 498s 89:95:54:e4:b4:56:b2:bd:d8:4f:a1:3f:98:11:73:66:c8:ba: 498s 38:11:18:1a:90:38:a0:00:c3:58:72:43:71:a1:95:5b:f2:71: 498s e4:e1:89:10:59:61:43:ad:57:5b:35:f6:d7:fb:7a:e1:35:64: 498s 56:f6:ce:cc:e4:e4:96:b2:f6:bb:d7:36:b9:6e:46:b9:d9:31: 498s 02:bc:82:1b:10:bb:05:0d:36:4e:a4:30:8a:97:f4:86:82:f9: 498s 80:bc:d5:ed:ed:d7:21:a3:d4:f3:2b:53:0c:9e:82:9c:ab:6f: 498s c2:81:4c:9e:91:8f:8d:55:08:bd:9f:7d:c8:6c:d1:c5:ab:dd: 498s 20:6d 498s + openssl ca -passin pass:random-sub-intermediate-CA-password-15170 -config /tmp/sssd-softhsm2-7F70Xv/test-sub-intermediate-CA.config -batch -notext -keyfile /tmp/sssd-softhsm2-7F70Xv/test-sub-intermediate-CA-key.pem -in /tmp/sssd-softhsm2-7F70Xv/test-sub-intermediate-CA-trusted-certificate-0001-request.pem -days 365 -extensions usr_cert -out /tmp/sssd-softhsm2-7F70Xv/test-sub-intermediate-CA-trusted-certificate-0001.pem 498s Using configuration from /tmp/sssd-softhsm2-7F70Xv/test-sub-intermediate-CA.config 498s Check that the request matches the signature 498s Signature ok 498s Certificate Details: 498s Serial Number: 5 (0x5) 498s Validity 498s Not Before: Mar 20 06:08:26 2024 GMT 498s Not After : Mar 20 06:08:26 2025 GMT 498s Subject: 498s organizationName = Test Organization 498s organizationalUnitName = Test Organization Unit 498s commonName = Test Organization Sub Intermediate Trusted Certificate 0001 498s X509v3 extensions: 498s X509v3 Authority Key Identifier: 498s B3:8C:20:3E:2C:AB:6A:B6:17:72:96:C0:73:11:E3:E6:38:01:5E:E8 498s X509v3 Basic Constraints: 498s CA:FALSE 498s Netscape Cert Type: 498s SSL Client, S/MIME 498s Netscape Comment: 498s Test Organization Sub Intermediate CA trusted Certificate 498s X509v3 Subject Key Identifier: 498s A9:C8:1A:3B:A7:7B:98:4A:BB:B0:41:FA:FD:FE:B4:55:83:1D:8F:69 498s X509v3 Key Usage: critical 498s Digital Signature, Non Repudiation, Key Encipherment 498s X509v3 Extended Key Usage: 498s TLS Web Client Authentication, E-mail Protection 498s X509v3 Subject Alternative Name: 498s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 498s Certificate is to be certified until Mar 20 06:08:26 2025 GMT (365 days) 498s 498s Write out database with 1 new entries 498s Database updated 498s + openssl x509 -noout -in /tmp/sssd-softhsm2-7F70Xv/test-sub-intermediate-CA-trusted-certificate-0001.pem 498s This certificate should not be trusted fully 498s + echo 'This certificate should not be trusted fully' 498s + expect_fail openssl verify -CAfile /tmp/sssd-softhsm2-7F70Xv/test-sub-intermediate-CA.pem /tmp/sssd-softhsm2-7F70Xv/test-sub-intermediate-CA-trusted-certificate-0001.pem 498s + local cmd=openssl 498s + shift 498s + openssl verify -CAfile /tmp/sssd-softhsm2-7F70Xv/test-sub-intermediate-CA.pem /tmp/sssd-softhsm2-7F70Xv/test-sub-intermediate-CA-trusted-certificate-0001.pem 498s O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate CA 498s error 2 at 1 depth lookup: unable to get issuer certificate 498s error /tmp/sssd-softhsm2-7F70Xv/test-sub-intermediate-CA-trusted-certificate-0001.pem: verification failed 498s + expect_fail openssl verify -CAfile /tmp/sssd-softhsm2-7F70Xv/test-intermediate-CA.pem /tmp/sssd-softhsm2-7F70Xv/test-sub-intermediate-CA-trusted-certificate-0001.pem 498s + local cmd=openssl 498s + shift 498s + openssl verify -CAfile /tmp/sssd-softhsm2-7F70Xv/test-intermediate-CA.pem /tmp/sssd-softhsm2-7F70Xv/test-sub-intermediate-CA-trusted-certificate-0001.pem 498s O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate Trusted Certificate 0001 498s error 20 at 0 depth lookup: unable to get local issuer certificate 498s error /tmp/sssd-softhsm2-7F70Xv/test-sub-intermediate-CA-trusted-certificate-0001.pem: verification failed 498s + openssl verify -partial_chain -CAfile /tmp/sssd-softhsm2-7F70Xv/test-sub-intermediate-CA.pem /tmp/sssd-softhsm2-7F70Xv/test-sub-intermediate-CA-trusted-certificate-0001.pem 498s /tmp/sssd-softhsm2-7F70Xv/test-sub-intermediate-CA-trusted-certificate-0001.pem: OK 498s + expect_fail openssl verify -partial_chain -CAfile /tmp/sssd-softhsm2-7F70Xv/test-intermediate-CA.pem /tmp/sssd-softhsm2-7F70Xv/test-sub-intermediate-CA-trusted-certificate-0001.pem 498s + local cmd=openssl 498s + shift 498s + openssl verify -partial_chain -CAfile /tmp/sssd-softhsm2-7F70Xv/test-intermediate-CA.pem /tmp/sssd-softhsm2-7F70Xv/test-sub-intermediate-CA-trusted-certificate-0001.pem 498s O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate Trusted Certificate 0001 498s error 20 at 0 depth lookup: unable to get local issuer certificate 498s error /tmp/sssd-softhsm2-7F70Xv/test-sub-intermediate-CA-trusted-certificate-0001.pem: verification failed 498s + echo 'Building a the full-chain CA file...' 498s + cat /tmp/sssd-softhsm2-7F70Xv/test-root-CA.pem /tmp/sssd-softhsm2-7F70Xv/test-intermediate-CA.pem /tmp/sssd-softhsm2-7F70Xv/test-sub-intermediate-CA.pem 498s Building a the full-chain CA file... 498s + cat /tmp/sssd-softhsm2-7F70Xv/test-root-CA.pem /tmp/sssd-softhsm2-7F70Xv/test-intermediate-CA.pem 498s + cat /tmp/sssd-softhsm2-7F70Xv/test-intermediate-CA.pem /tmp/sssd-softhsm2-7F70Xv/test-sub-intermediate-CA.pem 498s + openssl crl2pkcs7 -nocrl -certfile /tmp/sssd-softhsm2-7F70Xv/test-full-chain-CA.pem 498s + openssl pkcs7 -print_certs -noout 498s subject=O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root CA 498s issuer=O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root CA 498s 498s subject=O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate CA 498s issuer=O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root CA 498s 498s subject=O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate CA 498s issuer=O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate CA 498s 498s + openssl verify -CAfile /tmp/sssd-softhsm2-7F70Xv/test-full-chain-CA.pem /tmp/sssd-softhsm2-7F70Xv/test-intermediate-CA.pem 498s /tmp/sssd-softhsm2-7F70Xv/test-intermediate-CA.pem: OK 498s + openssl verify -CAfile /tmp/sssd-softhsm2-7F70Xv/test-full-chain-CA.pem /tmp/sssd-softhsm2-7F70Xv/test-root-CA-trusted-certificate-0001.pem 498s /tmp/sssd-softhsm2-7F70Xv/test-root-CA-trusted-certificate-0001.pem: OK 498s + openssl verify -CAfile /tmp/sssd-softhsm2-7F70Xv/test-full-chain-CA.pem /tmp/sssd-softhsm2-7F70Xv/test-intermediate-CA-trusted-certificate-0001.pem 498s + openssl verify -CAfile /tmp/sssd-softhsm2-7F70Xv/test-full-chain-CA.pem /tmp/sssd-softhsm2-7F70Xv/test-root-intermediate-chain-CA.pem 498s /tmp/sssd-softhsm2-7F70Xv/test-intermediate-CA-trusted-certificate-0001.pem: OK 498s /tmp/sssd-softhsm2-7F70Xv/test-root-intermediate-chain-CA.pem: OK 498s + openssl verify -CAfile /tmp/sssd-softhsm2-7F70Xv/test-full-chain-CA.pem /tmp/sssd-softhsm2-7F70Xv/test-sub-intermediate-CA-trusted-certificate-0001.pem 498s /tmp/sssd-softhsm2-7F70Xv/test-sub-intermediate-CA-trusted-certificate-0001.pem: OK 498s Certificates generation completed! 498s + echo 'Certificates generation completed!' 498s + [[ -v NO_SSSD_TESTS ]] 498s + invalid_certificate /tmp/sssd-softhsm2-7F70Xv/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-19710 /dev/null 498s + check_certificate /tmp/sssd-softhsm2-7F70Xv/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-19710 /dev/null 498s + local certificate=/tmp/sssd-softhsm2-7F70Xv/test-root-CA-trusted-certificate-0001.pem 498s + local key_pass=pass:random-root-ca-trusted-cert-0001-19710 498s + local key_ring=/dev/null 498s + local verify_option= 498s + prepare_softhsm2_card /tmp/sssd-softhsm2-7F70Xv/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-19710 498s + local certificate=/tmp/sssd-softhsm2-7F70Xv/test-root-CA-trusted-certificate-0001.pem 498s + local key_pass=pass:random-root-ca-trusted-cert-0001-19710 498s + local key_cn 498s + local key_name 498s + local tokens_dir 498s + local output_cert_file 498s + token_name= 498s ++ basename /tmp/sssd-softhsm2-7F70Xv/test-root-CA-trusted-certificate-0001.pem .pem 498s + key_name=test-root-CA-trusted-certificate-0001 498s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-7F70Xv/test-root-CA-trusted-certificate-0001.pem 498s ++ sed -n 's/ *commonName *= //p' 498s + key_cn='Test Organization Root Trusted Certificate 0001' 498s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 498s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-7F70Xv/softhsm2-test-root-CA-trusted-certificate-0001.conf 498s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-7F70Xv/softhsm2-test-root-CA-trusted-certificate-0001.conf 498s ++ basename /tmp/sssd-softhsm2-7F70Xv/softhsm2-test-root-CA-trusted-certificate-0001.conf .conf 498s + tokens_dir=/tmp/sssd-softhsm2-7F70Xv/softhsm2-test-root-CA-trusted-certificate-0001 498s + token_name='Test Organization Root Tr Token' 498s + '[' '!' -e /tmp/sssd-softhsm2-7F70Xv/softhsm2-test-root-CA-trusted-certificate-0001.conf ']' 498s + local key_file 498s + local decrypted_key 498s + mkdir -p /tmp/sssd-softhsm2-7F70Xv/softhsm2-test-root-CA-trusted-certificate-0001 498s + key_file=/tmp/sssd-softhsm2-7F70Xv/test-root-CA-trusted-certificate-0001-key.pem 498s + decrypted_key=/tmp/sssd-softhsm2-7F70Xv/test-root-CA-trusted-certificate-0001-key-decrypted.pem 498s + cat 498s + softhsm2-util --init-token --label 'Test Organization Root Tr Token' --pin 053350 --so-pin 053350 --free 498s Slot 0 has a free/uninitialized token. 498s The token has been initialized and is reassigned to slot 58169325 498s + softhsm2-util --show-slots 498s Available slots: 498s Slot 58169325 498s Slot info: 498s Description: SoftHSM slot ID 0x37797ed 498s Manufacturer ID: SoftHSM project 498s Hardware version: 2.6 498s Firmware version: 2.6 498s Token present: yes 498s Token info: 498s Manufacturer ID: SoftHSM project 498s Model: SoftHSM v2 498s Hardware version: 2.6 498s Firmware version: 2.6 498s Serial number: a122df59037797ed 498s Initialized: yes 498s User PIN init.: yes 498s Label: Test Organization Root Tr Token 498s Slot 1 498s Slot info: 498s Description: SoftHSM slot ID 0x1 498s Manufacturer ID: SoftHSM project 498s Hardware version: 2.6 498s Firmware version: 2.6 498s Token present: yes 498s Token info: 498s Manufacturer ID: SoftHSM project 498s Model: SoftHSM v2 498s Hardware version: 2.6 498s Firmware version: 2.6 498s Serial number: 498s Initialized: no 498s User PIN init.: no 498s Label: 498s + p11tool --provider=/usr/lib/powerpc64le-linux-gnu/softhsm/libsofthsm2.so --write --no-mark-private --load-certificate=/tmp/sssd-softhsm2-7F70Xv/test-root-CA-trusted-certificate-0001.pem --login --set-pin=053350 --label 'Test Organization Root Trusted Certificate 0001' --id 00112233445566778899FFAABBCCDDEEFF012345 498s + openssl rsa -passin pass:random-root-ca-trusted-cert-0001-19710 -in /tmp/sssd-softhsm2-7F70Xv/test-root-CA-trusted-certificate-0001-key.pem -out /tmp/sssd-softhsm2-7F70Xv/test-root-CA-trusted-certificate-0001-key-decrypted.pem 498s writing RSA key 498s + p11tool --provider=/usr/lib/powerpc64le-linux-gnu/softhsm/libsofthsm2.so --write --load-privkey=/tmp/sssd-softhsm2-7F70Xv/test-root-CA-trusted-certificate-0001-key-decrypted.pem --login --set-pin=053350 --label 'Test Organization Root Trusted Certificate 0001 Key' --id 00112233445566778899FFAABBCCDDEEFF012345 498s + rm /tmp/sssd-softhsm2-7F70Xv/test-root-CA-trusted-certificate-0001-key-decrypted.pem 498s + p11tool --provider=/usr/lib/powerpc64le-linux-gnu/softhsm/libsofthsm2.so --list-all 498s Object 0: 498s URL: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=a122df59037797ed;token=Test%20Organization%20Root%20Tr%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Root%20Trusted%20Certificate%200001;type=cert 498s Type: X.509 Certificate (RSA-1024) 498s Expires: Thu Mar 20 06:08:26 2025 498s Label: Test Organization Root Trusted Certificate 0001 498s ID: 00:11:22:33:44:55:66:77:88:99:ff:aa:bb:cc:dd:ee:ff:01:23:45 498s 498s Test Organization Root Tr Token 498s + echo 'Test Organization Root Tr Token' 498s + '[' -n '' ']' 498s + local output_base_name=SSSD-child-24845 498s + local output_file=/tmp/sssd-softhsm2-7F70Xv/SSSD-child-24845.output 498s + output_cert_file=/tmp/sssd-softhsm2-7F70Xv/SSSD-child-24845.pem 498s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/powerpc64le-linux-gnu/softhsm/libsofthsm2.so '' --ca_db=/dev/null 498s [p11_child[3056]] [main] (0x0400): p11_child started. 498s [p11_child[3056]] [main] (0x2000): Running in [pre-auth] mode. 498s [p11_child[3056]] [main] (0x2000): Running with effective IDs: [0][0]. 498s [p11_child[3056]] [main] (0x2000): Running with real IDs [0][0]. 498s [p11_child[3056]] [init_verification] (0x0040): X509_LOOKUP_load_file [/dev/null] failed [92274824][error:05800088:x509 certificate routines::no certificate or crl found]. 498s [p11_child[3056]] [do_work] (0x0040): init_verification failed. 498s [p11_child[3056]] [main] (0x0020): p11_child failed (5) 498s + return 2 498s + valid_certificate /tmp/sssd-softhsm2-7F70Xv/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-19710 /dev/null no_verification 498s + check_certificate /tmp/sssd-softhsm2-7F70Xv/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-19710 /dev/null no_verification 498s + local certificate=/tmp/sssd-softhsm2-7F70Xv/test-root-CA-trusted-certificate-0001.pem 498s + local key_pass=pass:random-root-ca-trusted-cert-0001-19710 498s + local key_ring=/dev/null 498s + local verify_option=no_verification 498s + prepare_softhsm2_card /tmp/sssd-softhsm2-7F70Xv/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-19710 498s + local certificate=/tmp/sssd-softhsm2-7F70Xv/test-root-CA-trusted-certificate-0001.pem 498s + local key_pass=pass:random-root-ca-trusted-cert-0001-19710 498s + local key_cn 498s + local key_name 498s + local tokens_dir 498s + local output_cert_file 498s + token_name= 498s ++ basename /tmp/sssd-softhsm2-7F70Xv/test-root-CA-trusted-certificate-0001.pem .pem 498s + key_name=test-root-CA-trusted-certificate-0001 498s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-7F70Xv/test-root-CA-trusted-certificate-0001.pem 498s ++ sed -n 's/ *commonName *= //p' 498s + key_cn='Test Organization Root Trusted Certificate 0001' 498s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 498s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-7F70Xv/softhsm2-test-root-CA-trusted-certificate-0001.conf 498s Test Organization Root Tr Token 498s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-7F70Xv/softhsm2-test-root-CA-trusted-certificate-0001.conf 498s ++ basename /tmp/sssd-softhsm2-7F70Xv/softhsm2-test-root-CA-trusted-certificate-0001.conf .conf 498s + tokens_dir=/tmp/sssd-softhsm2-7F70Xv/softhsm2-test-root-CA-trusted-certificate-0001 498s + token_name='Test Organization Root Tr Token' 498s + '[' '!' -e /tmp/sssd-softhsm2-7F70Xv/softhsm2-test-root-CA-trusted-certificate-0001.conf ']' 498s + '[' '!' -d /tmp/sssd-softhsm2-7F70Xv/softhsm2-test-root-CA-trusted-certificate-0001 ']' 498s + echo 'Test Organization Root Tr Token' 498s + '[' -n no_verification ']' 498s + local verify_arg=--verify=no_verification 498s + local output_base_name=SSSD-child-20138 498s + local output_file=/tmp/sssd-softhsm2-7F70Xv/SSSD-child-20138.output 498s + output_cert_file=/tmp/sssd-softhsm2-7F70Xv/SSSD-child-20138.pem 498s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/powerpc64le-linux-gnu/softhsm/libsofthsm2.so --verify=no_verification --ca_db=/dev/null 498s [p11_child[3062]] [main] (0x0400): p11_child started. 498s [p11_child[3062]] [main] (0x2000): Running in [pre-auth] mode. 498s [p11_child[3062]] [main] (0x2000): Running with effective IDs: [0][0]. 498s [p11_child[3062]] [main] (0x2000): Running with real IDs [0][0]. 498s [p11_child[3062]] [parse_cert_verify_opts] (0x0020): Found 'no_verification' option, disabling verification completely. This should not be used in production. 498s [p11_child[3062]] [do_card] (0x4000): Module List: 498s [p11_child[3062]] [do_card] (0x4000): common name: [softhsm2]. 498s [p11_child[3062]] [do_card] (0x4000): dll name: [/usr/lib/powerpc64le-linux-gnu/softhsm/libsofthsm2.so]. 498s [p11_child[3062]] [do_card] (0x4000): Description [SoftHSM slot ID 0x37797ed] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 498s [p11_child[3062]] [do_card] (0x4000): Token label [Test Organization Root Tr Token]. 498s [p11_child[3062]] [do_card] (0x4000): Found [Test Organization Root Tr Token] in slot [SoftHSM slot ID 0x37797ed][58169325] of module [0][/usr/lib/powerpc64le-linux-gnu/softhsm/libsofthsm2.so]. 498s [p11_child[3062]] [do_card] (0x4000): Login NOT required. 498s [p11_child[3062]] [read_certs] (0x4000): found cert[Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] 498s [p11_child[3062]] [do_card] (0x4000): /usr/lib/powerpc64le-linux-gnu/softhsm/libsofthsm2.so /usr/lib/powerpc64le-linux-gnu/softhsm/libsofthsm2.so (null) Test Organization Root Tr Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 498s [p11_child[3062]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x37797ed;slot-manufacturer=SoftHSM%20project;slot-id=58169325;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=a122df59037797ed;token=Test%20Organization%20Root%20Tr%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Root%20Trusted%20Certificate%200001;type=cert. 498s [p11_child[3062]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 498s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-7F70Xv/SSSD-child-20138.output 498s + echo '-----BEGIN CERTIFICATE-----' 498s + tail -n1 /tmp/sssd-softhsm2-7F70Xv/SSSD-child-20138.output 498s + echo '-----END CERTIFICATE-----' 498s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-7F70Xv/SSSD-child-20138.pem 498s Certificate: 498s Data: 498s Version: 3 (0x2) 498s Serial Number: 3 (0x3) 498s Signature Algorithm: sha256WithRSAEncryption 498s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root CA 498s Validity 498s Not Before: Mar 20 06:08:26 2024 GMT 498s Not After : Mar 20 06:08:26 2025 GMT 498s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root Trusted Certificate 0001 498s Subject Public Key Info: 498s Public Key Algorithm: rsaEncryption 498s Public-Key: (1024 bit) 498s Modulus: 498s 00:bc:28:2e:74:df:38:ed:d2:c0:f4:28:85:6f:bf: 498s bf:33:3a:68:bb:4c:5e:e5:fd:a3:13:36:08:d1:c4: 498s 29:1a:75:30:2c:93:e4:ac:d8:48:eb:3a:5d:ff:1b: 498s a0:72:62:7f:f3:49:6d:c9:e5:58:ab:47:18:4c:8c: 498s 30:2a:a5:83:f4:8d:29:ae:8b:41:3b:2b:73:ab:3f: 498s 78:51:b7:02:57:49:16:df:9f:78:7c:78:b8:40:6a: 498s ae:06:ce:03:28:80:b6:7e:d7:71:86:7b:6d:57:c5: 498s e0:d2:8a:8c:fe:d5:11:c9:09:71:ff:eb:dc:1d:0d: 498s 71:e8:3c:6c:1a:10:96:2b:f9 498s Exponent: 65537 (0x10001) 498s X509v3 extensions: 498s X509v3 Authority Key Identifier: 498s 48:36:F7:C2:E2:B1:79:4C:A0:2E:BE:28:B1:54:1F:FE:1F:EA:5C:BB 498s X509v3 Basic Constraints: 498s CA:FALSE 498s Netscape Cert Type: 498s SSL Client, S/MIME 498s Netscape Comment: 498s Test Organization Root CA trusted Certificate 498s X509v3 Subject Key Identifier: 498s F6:37:4F:94:11:60:E9:36:9C:64:23:D4:65:B1:84:FB:6D:2D:A9:5D 498s X509v3 Key Usage: critical 498s Digital Signature, Non Repudiation, Key Encipherment 498s X509v3 Extended Key Usage: 498s TLS Web Client Authentication, E-mail Protection 498s X509v3 Subject Alternative Name: 498s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 498s Signature Algorithm: sha256WithRSAEncryption 498s Signature Value: 498s 7f:34:08:98:37:af:10:12:91:aa:b1:fb:bd:40:bc:a7:7a:2f: 498s f1:e3:fe:d7:93:a7:39:7b:48:20:41:be:6c:0c:32:0c:3c:13: 498s b1:49:d9:33:9d:67:77:24:83:bb:49:f7:ce:a6:db:d0:d2:e5: 498s fd:aa:f6:61:f3:31:93:ad:eb:a6:5d:b4:9d:b1:46:5b:fb:b5: 498s aa:58:c9:41:3f:a9:25:de:22:f8:bd:15:c6:d7:93:7c:09:a9: 498s 35:22:cd:ce:34:bc:99:a0:d0:7e:19:46:77:59:a9:4a:23:df: 498s e3:32:3c:e3:9a:d9:fc:06:97:70:b8:7f:67:fc:a2:59:ba:15: 498s 39:1a 498s + local found_md5 expected_md5 498s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-7F70Xv/test-root-CA-trusted-certificate-0001.pem 498s + expected_md5=Modulus=BC282E74DF38EDD2C0F428856FBFBF333A68BB4C5EE5FDA3133608D1C4291A75302C93E4ACD848EB3A5DFF1BA072627FF3496DC9E558AB47184C8C302AA583F48D29AE8B413B2B73AB3F7851B702574916DF9F787C78B8406AAE06CE032880B67ED771867B6D57C5E0D28A8CFED511C90971FFEBDC1D0D71E83C6C1A10962BF9 498s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-7F70Xv/SSSD-child-20138.pem 499s + found_md5=Modulus=BC282E74DF38EDD2C0F428856FBFBF333A68BB4C5EE5FDA3133608D1C4291A75302C93E4ACD848EB3A5DFF1BA072627FF3496DC9E558AB47184C8C302AA583F48D29AE8B413B2B73AB3F7851B702574916DF9F787C78B8406AAE06CE032880B67ED771867B6D57C5E0D28A8CFED511C90971FFEBDC1D0D71E83C6C1A10962BF9 499s + '[' Modulus=BC282E74DF38EDD2C0F428856FBFBF333A68BB4C5EE5FDA3133608D1C4291A75302C93E4ACD848EB3A5DFF1BA072627FF3496DC9E558AB47184C8C302AA583F48D29AE8B413B2B73AB3F7851B702574916DF9F787C78B8406AAE06CE032880B67ED771867B6D57C5E0D28A8CFED511C90971FFEBDC1D0D71E83C6C1A10962BF9 '!=' Modulus=BC282E74DF38EDD2C0F428856FBFBF333A68BB4C5EE5FDA3133608D1C4291A75302C93E4ACD848EB3A5DFF1BA072627FF3496DC9E558AB47184C8C302AA583F48D29AE8B413B2B73AB3F7851B702574916DF9F787C78B8406AAE06CE032880B67ED771867B6D57C5E0D28A8CFED511C90971FFEBDC1D0D71E83C6C1A10962BF9 ']' 499s + output_file=/tmp/sssd-softhsm2-7F70Xv/SSSD-child-20138-auth.output 499s ++ basename /tmp/sssd-softhsm2-7F70Xv/SSSD-child-20138-auth.output .output 499s + output_cert_file=/tmp/sssd-softhsm2-7F70Xv/SSSD-child-20138-auth.pem 499s + echo -n 053350 499s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/dev/null --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 --verify=no_verification --token_name 'Test Organization Root Tr Token' --module_name /usr/lib/powerpc64le-linux-gnu/softhsm/libsofthsm2.so 499s [p11_child[3070]] [main] (0x0400): p11_child started. 499s [p11_child[3070]] [main] (0x2000): Running in [auth] mode. 499s [p11_child[3070]] [main] (0x2000): Running with effective IDs: [0][0]. 499s [p11_child[3070]] [main] (0x2000): Running with real IDs [0][0]. 499s [p11_child[3070]] [parse_cert_verify_opts] (0x0020): Found 'no_verification' option, disabling verification completely. This should not be used in production. 499s [p11_child[3070]] [do_card] (0x4000): Module List: 499s [p11_child[3070]] [do_card] (0x4000): common name: [softhsm2]. 499s [p11_child[3070]] [do_card] (0x4000): dll name: [/usr/lib/powerpc64le-linux-gnu/softhsm/libsofthsm2.so]. 499s [p11_child[3070]] [do_card] (0x4000): Description [SoftHSM slot ID 0x37797ed] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 499s [p11_child[3070]] [do_card] (0x4000): Token label [Test Organization Root Tr Token]. 499s [p11_child[3070]] [do_card] (0x4000): Found [Test Organization Root Tr Token] in slot [SoftHSM slot ID 0x37797ed][58169325] of module [0][/usr/lib/powerpc64le-linux-gnu/softhsm/libsofthsm2.so]. 499s [p11_child[3070]] [do_card] (0x4000): Login required. 499s [p11_child[3070]] [read_certs] (0x4000): found cert[Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] 499s [p11_child[3070]] [do_card] (0x4000): /usr/lib/powerpc64le-linux-gnu/softhsm/libsofthsm2.so /usr/lib/powerpc64le-linux-gnu/softhsm/libsofthsm2.so Test Organization Root Tr Token Test Organization Root Tr Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 499s [p11_child[3070]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x37797ed;slot-manufacturer=SoftHSM%20project;slot-id=58169325;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=a122df59037797ed;token=Test%20Organization%20Root%20Tr%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Root%20Trusted%20Certificate%200001;type=cert. 499s [p11_child[3070]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 499s [p11_child[3070]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 499s [p11_child[3070]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 499s [p11_child[3070]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 499s [p11_child[3070]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 499s [p11_child[3070]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 499s [p11_child[3070]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 499s [p11_child[3070]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 499s [p11_child[3070]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 499s [p11_child[3070]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 499s [p11_child[3070]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 499s [p11_child[3070]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 499s [p11_child[3070]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 499s [p11_child[3070]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 499s [p11_child[3070]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 499s [p11_child[3070]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 499s [p11_child[3070]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 499s [p11_child[3070]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 499s [p11_child[3070]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 499s [p11_child[3070]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 499s [p11_child[3070]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 499s [p11_child[3070]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 499s [p11_child[3070]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 499s [p11_child[3070]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 499s [p11_child[3070]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 499s [p11_child[3070]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 499s [p11_child[3070]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 499s [p11_child[3070]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 499s [p11_child[3070]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 499s [p11_child[3070]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 499s [p11_child[3070]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 499s [p11_child[3070]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 499s [p11_child[3070]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 499s [p11_child[3070]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 499s [p11_child[3070]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 499s [p11_child[3070]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 499s [p11_child[3070]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 499s [p11_child[3070]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 499s [p11_child[3070]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 499s [p11_child[3070]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 499s [p11_child[3070]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 499s [p11_child[3070]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 499s [p11_child[3070]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 499s [p11_child[3070]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 499s [p11_child[3070]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 499s [p11_child[3070]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 499s [p11_child[3070]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 499s [p11_child[3070]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 499s [p11_child[3070]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 499s [p11_child[3070]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 499s [p11_child[3070]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 499s [p11_child[3070]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 499s [p11_child[3070]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 499s [p11_child[3070]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 499s [p11_child[3070]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 499s [p11_child[3070]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 499s [p11_child[3070]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 499s [p11_child[3070]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 499s [p11_child[3070]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 499s [p11_child[3070]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 499s [p11_child[3070]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 499s [p11_child[3070]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 499s [p11_child[3070]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 499s [p11_child[3070]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 499s [p11_child[3070]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 499s [p11_child[3070]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 499s [p11_child[3070]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 499s [p11_child[3070]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 499s [p11_child[3070]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 499s [p11_child[3070]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 499s [p11_child[3070]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 499s [p11_child[3070]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 499s [p11_child[3070]] [do_card] (0x4000): Certificate verified and validated. 499s [p11_child[3070]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 499s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-7F70Xv/SSSD-child-20138-auth.output 499s + echo '-----BEGIN CERTIFICATE-----' 499s + tail -n1 /tmp/sssd-softhsm2-7F70Xv/SSSD-child-20138-auth.output 499s + echo '-----END CERTIFICATE-----' 499s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-7F70Xv/SSSD-child-20138-auth.pem 499s Certificate: 499s Data: 499s Version: 3 (0x2) 499s Serial Number: 3 (0x3) 499s Signature Algorithm: sha256WithRSAEncryption 499s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root CA 499s Validity 499s Not Before: Mar 20 06:08:26 2024 GMT 499s Not After : Mar 20 06:08:26 2025 GMT 499s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root Trusted Certificate 0001 499s Subject Public Key Info: 499s Public Key Algorithm: rsaEncryption 499s Public-Key: (1024 bit) 499s Modulus: 499s 00:bc:28:2e:74:df:38:ed:d2:c0:f4:28:85:6f:bf: 499s bf:33:3a:68:bb:4c:5e:e5:fd:a3:13:36:08:d1:c4: 499s 29:1a:75:30:2c:93:e4:ac:d8:48:eb:3a:5d:ff:1b: 499s a0:72:62:7f:f3:49:6d:c9:e5:58:ab:47:18:4c:8c: 499s 30:2a:a5:83:f4:8d:29:ae:8b:41:3b:2b:73:ab:3f: 499s 78:51:b7:02:57:49:16:df:9f:78:7c:78:b8:40:6a: 499s ae:06:ce:03:28:80:b6:7e:d7:71:86:7b:6d:57:c5: 499s e0:d2:8a:8c:fe:d5:11:c9:09:71:ff:eb:dc:1d:0d: 499s 71:e8:3c:6c:1a:10:96:2b:f9 499s Exponent: 65537 (0x10001) 499s X509v3 extensions: 499s X509v3 Authority Key Identifier: 499s 48:36:F7:C2:E2:B1:79:4C:A0:2E:BE:28:B1:54:1F:FE:1F:EA:5C:BB 499s X509v3 Basic Constraints: 499s CA:FALSE 499s Netscape Cert Type: 499s SSL Client, S/MIME 499s Netscape Comment: 499s Test Organization Root CA trusted Certificate 499s X509v3 Subject Key Identifier: 499s F6:37:4F:94:11:60:E9:36:9C:64:23:D4:65:B1:84:FB:6D:2D:A9:5D 499s X509v3 Key Usage: critical 499s Digital Signature, Non Repudiation, Key Encipherment 499s X509v3 Extended Key Usage: 499s TLS Web Client Authentication, E-mail Protection 499s X509v3 Subject Alternative Name: 499s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 499s Signature Algorithm: sha256WithRSAEncryption 499s Signature Value: 499s 7f:34:08:98:37:af:10:12:91:aa:b1:fb:bd:40:bc:a7:7a:2f: 499s f1:e3:fe:d7:93:a7:39:7b:48:20:41:be:6c:0c:32:0c:3c:13: 499s b1:49:d9:33:9d:67:77:24:83:bb:49:f7:ce:a6:db:d0:d2:e5: 499s fd:aa:f6:61:f3:31:93:ad:eb:a6:5d:b4:9d:b1:46:5b:fb:b5: 499s aa:58:c9:41:3f:a9:25:de:22:f8:bd:15:c6:d7:93:7c:09:a9: 499s 35:22:cd:ce:34:bc:99:a0:d0:7e:19:46:77:59:a9:4a:23:df: 499s e3:32:3c:e3:9a:d9:fc:06:97:70:b8:7f:67:fc:a2:59:ba:15: 499s 39:1a 499s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-7F70Xv/SSSD-child-20138-auth.pem 499s + found_md5=Modulus=BC282E74DF38EDD2C0F428856FBFBF333A68BB4C5EE5FDA3133608D1C4291A75302C93E4ACD848EB3A5DFF1BA072627FF3496DC9E558AB47184C8C302AA583F48D29AE8B413B2B73AB3F7851B702574916DF9F787C78B8406AAE06CE032880B67ED771867B6D57C5E0D28A8CFED511C90971FFEBDC1D0D71E83C6C1A10962BF9 499s + '[' Modulus=BC282E74DF38EDD2C0F428856FBFBF333A68BB4C5EE5FDA3133608D1C4291A75302C93E4ACD848EB3A5DFF1BA072627FF3496DC9E558AB47184C8C302AA583F48D29AE8B413B2B73AB3F7851B702574916DF9F787C78B8406AAE06CE032880B67ED771867B6D57C5E0D28A8CFED511C90971FFEBDC1D0D71E83C6C1A10962BF9 '!=' Modulus=BC282E74DF38EDD2C0F428856FBFBF333A68BB4C5EE5FDA3133608D1C4291A75302C93E4ACD848EB3A5DFF1BA072627FF3496DC9E558AB47184C8C302AA583F48D29AE8B413B2B73AB3F7851B702574916DF9F787C78B8406AAE06CE032880B67ED771867B6D57C5E0D28A8CFED511C90971FFEBDC1D0D71E83C6C1A10962BF9 ']' 499s + valid_certificate /tmp/sssd-softhsm2-7F70Xv/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-19710 /tmp/sssd-softhsm2-7F70Xv/test-root-CA.pem 499s + check_certificate /tmp/sssd-softhsm2-7F70Xv/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-19710 /tmp/sssd-softhsm2-7F70Xv/test-root-CA.pem 499s + local certificate=/tmp/sssd-softhsm2-7F70Xv/test-root-CA-trusted-certificate-0001.pem 499s + local key_pass=pass:random-root-ca-trusted-cert-0001-19710 499s + local key_ring=/tmp/sssd-softhsm2-7F70Xv/test-root-CA.pem 499s + local verify_option= 499s + prepare_softhsm2_card /tmp/sssd-softhsm2-7F70Xv/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-19710 499s + local certificate=/tmp/sssd-softhsm2-7F70Xv/test-root-CA-trusted-certificate-0001.pem 499s + local key_pass=pass:random-root-ca-trusted-cert-0001-19710 499s + local key_cn 499s + local key_name 499s + local tokens_dir 499s + local output_cert_file 499s + token_name= 499s ++ basename /tmp/sssd-softhsm2-7F70Xv/test-root-CA-trusted-certificate-0001.pem .pem 499s + key_name=test-root-CA-trusted-certificate-0001 499s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-7F70Xv/test-root-CA-trusted-certificate-0001.pem 499s ++ sed -n 's/ *commonName *= //p' 499s + key_cn='Test Organization Root Trusted Certificate 0001' 499s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 499s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-7F70Xv/softhsm2-test-root-CA-trusted-certificate-0001.conf 499s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-7F70Xv/softhsm2-test-root-CA-trusted-certificate-0001.conf 499s ++ basename /tmp/sssd-softhsm2-7F70Xv/softhsm2-test-root-CA-trusted-certificate-0001.conf .conf 499s + tokens_dir=/tmp/sssd-softhsm2-7F70Xv/softhsm2-test-root-CA-trusted-certificate-0001 499s + token_name='Test Organization Root Tr Token' 499s + '[' '!' -e /tmp/sssd-softhsm2-7F70Xv/softhsm2-test-root-CA-trusted-certificate-0001.conf ']' 499s + '[' '!' -d /tmp/sssd-softhsm2-7F70Xv/softhsm2-test-root-CA-trusted-certificate-0001 ']' 499s Test Organization Root Tr Token 499s + echo 'Test Organization Root Tr Token' 499s + '[' -n '' ']' 499s + local output_base_name=SSSD-child-13938 499s + local output_file=/tmp/sssd-softhsm2-7F70Xv/SSSD-child-13938.output 499s + output_cert_file=/tmp/sssd-softhsm2-7F70Xv/SSSD-child-13938.pem 499s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/powerpc64le-linux-gnu/softhsm/libsofthsm2.so '' --ca_db=/tmp/sssd-softhsm2-7F70Xv/test-root-CA.pem 499s [p11_child[3080]] [main] (0x0400): p11_child started. 499s [p11_child[3080]] [main] (0x2000): Running in [pre-auth] mode. 499s [p11_child[3080]] [main] (0x2000): Running with effective IDs: [0][0]. 499s [p11_child[3080]] [main] (0x2000): Running with real IDs [0][0]. 499s [p11_child[3080]] [do_card] (0x4000): Module List: 499s [p11_child[3080]] [do_card] (0x4000): common name: [softhsm2]. 499s [p11_child[3080]] [do_card] (0x4000): dll name: [/usr/lib/powerpc64le-linux-gnu/softhsm/libsofthsm2.so]. 499s [p11_child[3080]] [do_card] (0x4000): Description [SoftHSM slot ID 0x37797ed] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 499s [p11_child[3080]] [do_card] (0x4000): Token label [Test Organization Root Tr Token]. 499s [p11_child[3080]] [do_card] (0x4000): Found [Test Organization Root Tr Token] in slot [SoftHSM slot ID 0x37797ed][58169325] of module [0][/usr/lib/powerpc64le-linux-gnu/softhsm/libsofthsm2.so]. 499s [p11_child[3080]] [do_card] (0x4000): Login NOT required. 499s [p11_child[3080]] [read_certs] (0x4000): found cert[Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] 499s [p11_child[3080]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 499s [p11_child[3080]] [do_card] (0x4000): /usr/lib/powerpc64le-linux-gnu/softhsm/libsofthsm2.so /usr/lib/powerpc64le-linux-gnu/softhsm/libsofthsm2.so (null) Test Organization Root Tr Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 499s [p11_child[3080]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x37797ed;slot-manufacturer=SoftHSM%20project;slot-id=58169325;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=a122df59037797ed;token=Test%20Organization%20Root%20Tr%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Root%20Trusted%20Certificate%200001;type=cert. 499s [p11_child[3080]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 499s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-7F70Xv/SSSD-child-13938.output 499s + echo '-----BEGIN CERTIFICATE-----' 499s + tail -n1 /tmp/sssd-softhsm2-7F70Xv/SSSD-child-13938.output 499s + echo '-----END CERTIFICATE-----' 499s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-7F70Xv/SSSD-child-13938.pem 499s Certificate: 499s Data: 499s Version: 3 (0x2) 499s Serial Number: 3 (0x3) 499s Signature Algorithm: sha256WithRSAEncryption 499s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root CA 499s Validity 499s Not Before: Mar 20 06:08:26 2024 GMT 499s Not After : Mar 20 06:08:26 2025 GMT 499s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root Trusted Certificate 0001 499s Subject Public Key Info: 499s Public Key Algorithm: rsaEncryption 499s Public-Key: (1024 bit) 499s Modulus: 499s 00:bc:28:2e:74:df:38:ed:d2:c0:f4:28:85:6f:bf: 499s bf:33:3a:68:bb:4c:5e:e5:fd:a3:13:36:08:d1:c4: 499s 29:1a:75:30:2c:93:e4:ac:d8:48:eb:3a:5d:ff:1b: 499s a0:72:62:7f:f3:49:6d:c9:e5:58:ab:47:18:4c:8c: 499s 30:2a:a5:83:f4:8d:29:ae:8b:41:3b:2b:73:ab:3f: 499s 78:51:b7:02:57:49:16:df:9f:78:7c:78:b8:40:6a: 499s ae:06:ce:03:28:80:b6:7e:d7:71:86:7b:6d:57:c5: 499s e0:d2:8a:8c:fe:d5:11:c9:09:71:ff:eb:dc:1d:0d: 499s 71:e8:3c:6c:1a:10:96:2b:f9 499s Exponent: 65537 (0x10001) 499s X509v3 extensions: 499s X509v3 Authority Key Identifier: 499s 48:36:F7:C2:E2:B1:79:4C:A0:2E:BE:28:B1:54:1F:FE:1F:EA:5C:BB 499s X509v3 Basic Constraints: 499s CA:FALSE 499s Netscape Cert Type: 499s SSL Client, S/MIME 499s Netscape Comment: 499s Test Organization Root CA trusted Certificate 499s X509v3 Subject Key Identifier: 499s F6:37:4F:94:11:60:E9:36:9C:64:23:D4:65:B1:84:FB:6D:2D:A9:5D 499s X509v3 Key Usage: critical 499s Digital Signature, Non Repudiation, Key Encipherment 499s X509v3 Extended Key Usage: 499s TLS Web Client Authentication, E-mail Protection 499s X509v3 Subject Alternative Name: 499s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 499s Signature Algorithm: sha256WithRSAEncryption 499s Signature Value: 499s 7f:34:08:98:37:af:10:12:91:aa:b1:fb:bd:40:bc:a7:7a:2f: 499s f1:e3:fe:d7:93:a7:39:7b:48:20:41:be:6c:0c:32:0c:3c:13: 499s b1:49:d9:33:9d:67:77:24:83:bb:49:f7:ce:a6:db:d0:d2:e5: 499s fd:aa:f6:61:f3:31:93:ad:eb:a6:5d:b4:9d:b1:46:5b:fb:b5: 499s aa:58:c9:41:3f:a9:25:de:22:f8:bd:15:c6:d7:93:7c:09:a9: 499s 35:22:cd:ce:34:bc:99:a0:d0:7e:19:46:77:59:a9:4a:23:df: 499s e3:32:3c:e3:9a:d9:fc:06:97:70:b8:7f:67:fc:a2:59:ba:15: 499s 39:1a 499s + local found_md5 expected_md5 499s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-7F70Xv/test-root-CA-trusted-certificate-0001.pem 499s + expected_md5=Modulus=BC282E74DF38EDD2C0F428856FBFBF333A68BB4C5EE5FDA3133608D1C4291A75302C93E4ACD848EB3A5DFF1BA072627FF3496DC9E558AB47184C8C302AA583F48D29AE8B413B2B73AB3F7851B702574916DF9F787C78B8406AAE06CE032880B67ED771867B6D57C5E0D28A8CFED511C90971FFEBDC1D0D71E83C6C1A10962BF9 499s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-7F70Xv/SSSD-child-13938.pem 499s + found_md5=Modulus=BC282E74DF38EDD2C0F428856FBFBF333A68BB4C5EE5FDA3133608D1C4291A75302C93E4ACD848EB3A5DFF1BA072627FF3496DC9E558AB47184C8C302AA583F48D29AE8B413B2B73AB3F7851B702574916DF9F787C78B8406AAE06CE032880B67ED771867B6D57C5E0D28A8CFED511C90971FFEBDC1D0D71E83C6C1A10962BF9 499s + '[' Modulus=BC282E74DF38EDD2C0F428856FBFBF333A68BB4C5EE5FDA3133608D1C4291A75302C93E4ACD848EB3A5DFF1BA072627FF3496DC9E558AB47184C8C302AA583F48D29AE8B413B2B73AB3F7851B702574916DF9F787C78B8406AAE06CE032880B67ED771867B6D57C5E0D28A8CFED511C90971FFEBDC1D0D71E83C6C1A10962BF9 '!=' Modulus=BC282E74DF38EDD2C0F428856FBFBF333A68BB4C5EE5FDA3133608D1C4291A75302C93E4ACD848EB3A5DFF1BA072627FF3496DC9E558AB47184C8C302AA583F48D29AE8B413B2B73AB3F7851B702574916DF9F787C78B8406AAE06CE032880B67ED771867B6D57C5E0D28A8CFED511C90971FFEBDC1D0D71E83C6C1A10962BF9 ']' 499s + output_file=/tmp/sssd-softhsm2-7F70Xv/SSSD-child-13938-auth.output 499s ++ basename /tmp/sssd-softhsm2-7F70Xv/SSSD-child-13938-auth.output .output 499s + output_cert_file=/tmp/sssd-softhsm2-7F70Xv/SSSD-child-13938-auth.pem 499s + echo -n 053350 499s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/tmp/sssd-softhsm2-7F70Xv/test-root-CA.pem --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 '' --token_name 'Test Organization Root Tr Token' --module_name /usr/lib/powerpc64le-linux-gnu/softhsm/libsofthsm2.so 499s [p11_child[3088]] [main] (0x0400): p11_child started. 499s [p11_child[3088]] [main] (0x2000): Running in [auth] mode. 499s [p11_child[3088]] [main] (0x2000): Running with effective IDs: [0][0]. 499s [p11_child[3088]] [main] (0x2000): Running with real IDs [0][0]. 499s [p11_child[3088]] [do_card] (0x4000): Module List: 499s [p11_child[3088]] [do_card] (0x4000): common name: [softhsm2]. 499s [p11_child[3088]] [do_card] (0x4000): dll name: [/usr/lib/powerpc64le-linux-gnu/softhsm/libsofthsm2.so]. 499s [p11_child[3088]] [do_card] (0x4000): Description [SoftHSM slot ID 0x37797ed] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 499s [p11_child[3088]] [do_card] (0x4000): Token label [Test Organization Root Tr Token]. 499s [p11_child[3088]] [do_card] (0x4000): Found [Test Organization Root Tr Token] in slot [SoftHSM slot ID 0x37797ed][58169325] of module [0][/usr/lib/powerpc64le-linux-gnu/softhsm/libsofthsm2.so]. 499s [p11_child[3088]] [do_card] (0x4000): Login required. 499s [p11_child[3088]] [read_certs] (0x4000): found cert[Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] 499s [p11_child[3088]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 499s [p11_child[3088]] [do_card] (0x4000): /usr/lib/powerpc64le-linux-gnu/softhsm/libsofthsm2.so /usr/lib/powerpc64le-linux-gnu/softhsm/libsofthsm2.so Test Organization Root Tr Token Test Organization Root Tr Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 499s [p11_child[3088]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x37797ed;slot-manufacturer=SoftHSM%20project;slot-id=58169325;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=a122df59037797ed;token=Test%20Organization%20Root%20Tr%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Root%20Trusted%20Certificate%200001;type=cert. 499s [p11_child[3088]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 499s [p11_child[3088]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 499s [p11_child[3088]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 499s [p11_child[3088]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 499s [p11_child[3088]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 499s [p11_child[3088]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 499s [p11_child[3088]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 499s [p11_child[3088]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 499s [p11_child[3088]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 499s [p11_child[3088]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 499s [p11_child[3088]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 499s [p11_child[3088]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 499s [p11_child[3088]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 499s [p11_child[3088]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 499s [p11_child[3088]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 499s [p11_child[3088]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 499s [p11_child[3088]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 499s [p11_child[3088]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 499s [p11_child[3088]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 499s [p11_child[3088]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 499s [p11_child[3088]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 499s [p11_child[3088]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 499s [p11_child[3088]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 499s [p11_child[3088]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 499s [p11_child[3088]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 499s [p11_child[3088]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 499s [p11_child[3088]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 499s [p11_child[3088]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 499s [p11_child[3088]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 499s [p11_child[3088]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 499s [p11_child[3088]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 499s [p11_child[3088]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 499s [p11_child[3088]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 499s [p11_child[3088]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 499s [p11_child[3088]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 499s [p11_child[3088]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 499s [p11_child[3088]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 499s [p11_child[3088]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 499s [p11_child[3088]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 499s [p11_child[3088]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 499s [p11_child[3088]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 499s [p11_child[3088]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 499s [p11_child[3088]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 499s [p11_child[3088]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 499s [p11_child[3088]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 499s [p11_child[3088]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 499s [p11_child[3088]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 499s [p11_child[3088]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 499s [p11_child[3088]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 499s [p11_child[3088]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 499s [p11_child[3088]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 499s [p11_child[3088]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 499s [p11_child[3088]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 499s [p11_child[3088]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 499s [p11_child[3088]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 499s [p11_child[3088]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 499s [p11_child[3088]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 499s [p11_child[3088]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 499s [p11_child[3088]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 499s [p11_child[3088]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 499s [p11_child[3088]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 499s [p11_child[3088]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 499s [p11_child[3088]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 499s [p11_child[3088]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 499s [p11_child[3088]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 499s [p11_child[3088]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 499s [p11_child[3088]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 499s [p11_child[3088]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 499s [p11_child[3088]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 499s [p11_child[3088]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 499s [p11_child[3088]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 499s [p11_child[3088]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 499s [p11_child[3088]] [do_card] (0x4000): Certificate verified and validated. 499s [p11_child[3088]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 499s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-7F70Xv/SSSD-child-13938-auth.output 499s + echo '-----BEGIN CERTIFICATE-----' 499s + tail -n1 /tmp/sssd-softhsm2-7F70Xv/SSSD-child-13938-auth.output 499s + echo '-----END CERTIFICATE-----' 499s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-7F70Xv/SSSD-child-13938-auth.pem 499s Certificate: 499s Data: 499s Version: 3 (0x2) 499s Serial Number: 3 (0x3) 499s Signature Algorithm: sha256WithRSAEncryption 499s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root CA 499s Validity 499s Not Before: Mar 20 06:08:26 2024 GMT 499s Not After : Mar 20 06:08:26 2025 GMT 499s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root Trusted Certificate 0001 499s Subject Public Key Info: 499s Public Key Algorithm: rsaEncryption 499s Public-Key: (1024 bit) 499s Modulus: 499s 00:bc:28:2e:74:df:38:ed:d2:c0:f4:28:85:6f:bf: 499s bf:33:3a:68:bb:4c:5e:e5:fd:a3:13:36:08:d1:c4: 499s 29:1a:75:30:2c:93:e4:ac:d8:48:eb:3a:5d:ff:1b: 499s a0:72:62:7f:f3:49:6d:c9:e5:58:ab:47:18:4c:8c: 499s 30:2a:a5:83:f4:8d:29:ae:8b:41:3b:2b:73:ab:3f: 499s 78:51:b7:02:57:49:16:df:9f:78:7c:78:b8:40:6a: 499s ae:06:ce:03:28:80:b6:7e:d7:71:86:7b:6d:57:c5: 499s e0:d2:8a:8c:fe:d5:11:c9:09:71:ff:eb:dc:1d:0d: 499s 71:e8:3c:6c:1a:10:96:2b:f9 499s Exponent: 65537 (0x10001) 499s X509v3 extensions: 499s X509v3 Authority Key Identifier: 499s 48:36:F7:C2:E2:B1:79:4C:A0:2E:BE:28:B1:54:1F:FE:1F:EA:5C:BB 499s X509v3 Basic Constraints: 499s CA:FALSE 499s Netscape Cert Type: 499s SSL Client, S/MIME 499s Netscape Comment: 499s Test Organization Root CA trusted Certificate 499s X509v3 Subject Key Identifier: 499s F6:37:4F:94:11:60:E9:36:9C:64:23:D4:65:B1:84:FB:6D:2D:A9:5D 499s X509v3 Key Usage: critical 499s Digital Signature, Non Repudiation, Key Encipherment 499s X509v3 Extended Key Usage: 499s TLS Web Client Authentication, E-mail Protection 499s X509v3 Subject Alternative Name: 499s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 499s Signature Algorithm: sha256WithRSAEncryption 499s Signature Value: 499s 7f:34:08:98:37:af:10:12:91:aa:b1:fb:bd:40:bc:a7:7a:2f: 499s f1:e3:fe:d7:93:a7:39:7b:48:20:41:be:6c:0c:32:0c:3c:13: 499s b1:49:d9:33:9d:67:77:24:83:bb:49:f7:ce:a6:db:d0:d2:e5: 499s fd:aa:f6:61:f3:31:93:ad:eb:a6:5d:b4:9d:b1:46:5b:fb:b5: 499s aa:58:c9:41:3f:a9:25:de:22:f8:bd:15:c6:d7:93:7c:09:a9: 499s 35:22:cd:ce:34:bc:99:a0:d0:7e:19:46:77:59:a9:4a:23:df: 499s e3:32:3c:e3:9a:d9:fc:06:97:70:b8:7f:67:fc:a2:59:ba:15: 499s 39:1a 499s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-7F70Xv/SSSD-child-13938-auth.pem 499s + found_md5=Modulus=BC282E74DF38EDD2C0F428856FBFBF333A68BB4C5EE5FDA3133608D1C4291A75302C93E4ACD848EB3A5DFF1BA072627FF3496DC9E558AB47184C8C302AA583F48D29AE8B413B2B73AB3F7851B702574916DF9F787C78B8406AAE06CE032880B67ED771867B6D57C5E0D28A8CFED511C90971FFEBDC1D0D71E83C6C1A10962BF9 499s + '[' Modulus=BC282E74DF38EDD2C0F428856FBFBF333A68BB4C5EE5FDA3133608D1C4291A75302C93E4ACD848EB3A5DFF1BA072627FF3496DC9E558AB47184C8C302AA583F48D29AE8B413B2B73AB3F7851B702574916DF9F787C78B8406AAE06CE032880B67ED771867B6D57C5E0D28A8CFED511C90971FFEBDC1D0D71E83C6C1A10962BF9 '!=' Modulus=BC282E74DF38EDD2C0F428856FBFBF333A68BB4C5EE5FDA3133608D1C4291A75302C93E4ACD848EB3A5DFF1BA072627FF3496DC9E558AB47184C8C302AA583F48D29AE8B413B2B73AB3F7851B702574916DF9F787C78B8406AAE06CE032880B67ED771867B6D57C5E0D28A8CFED511C90971FFEBDC1D0D71E83C6C1A10962BF9 ']' 499s + valid_certificate /tmp/sssd-softhsm2-7F70Xv/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-19710 /tmp/sssd-softhsm2-7F70Xv/test-root-CA.pem partial_chain 499s + check_certificate /tmp/sssd-softhsm2-7F70Xv/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-19710 /tmp/sssd-softhsm2-7F70Xv/test-root-CA.pem partial_chain 499s + local certificate=/tmp/sssd-softhsm2-7F70Xv/test-root-CA-trusted-certificate-0001.pem 499s + local key_pass=pass:random-root-ca-trusted-cert-0001-19710 499s + local key_ring=/tmp/sssd-softhsm2-7F70Xv/test-root-CA.pem 499s + local verify_option=partial_chain 499s + prepare_softhsm2_card /tmp/sssd-softhsm2-7F70Xv/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-19710 499s + local certificate=/tmp/sssd-softhsm2-7F70Xv/test-root-CA-trusted-certificate-0001.pem 499s + local key_pass=pass:random-root-ca-trusted-cert-0001-19710 499s + local key_cn 499s + local key_name 499s + local tokens_dir 499s + local output_cert_file 499s + token_name= 499s ++ basename /tmp/sssd-softhsm2-7F70Xv/test-root-CA-trusted-certificate-0001.pem .pem 499s + key_name=test-root-CA-trusted-certificate-0001 499s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-7F70Xv/test-root-CA-trusted-certificate-0001.pem 499s ++ sed -n 's/ *commonName *= //p' 499s + key_cn='Test Organization Root Trusted Certificate 0001' 499s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 499s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-7F70Xv/softhsm2-test-root-CA-trusted-certificate-0001.conf 499s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-7F70Xv/softhsm2-test-root-CA-trusted-certificate-0001.conf 499s ++ basename /tmp/sssd-softhsm2-7F70Xv/softhsm2-test-root-CA-trusted-certificate-0001.conf .conf 499s + tokens_dir=/tmp/sssd-softhsm2-7F70Xv/softhsm2-test-root-CA-trusted-certificate-0001 499s + token_name='Test Organization Root Tr Token' 499s + '[' '!' -e /tmp/sssd-softhsm2-7F70Xv/softhsm2-test-root-CA-trusted-certificate-0001.conf ']' 499s + '[' '!' -d /tmp/sssd-softhsm2-7F70Xv/softhsm2-test-root-CA-trusted-certificate-0001 ']' 499s + echo 'Test Organization Root Tr Token' 499s + '[' -n partial_chain ']' 499s + local verify_arg=--verify=partial_chain 499s + local output_base_name=SSSD-child-12626 499s + local output_file=/tmp/sssd-softhsm2-7F70Xv/SSSD-child-12626.output 499s + output_cert_file=/tmp/sssd-softhsm2-7F70Xv/SSSD-child-12626.pem 499s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/powerpc64le-linux-gnu/softhsm/libsofthsm2.so --verify=partial_chain --ca_db=/tmp/sssd-softhsm2-7F70Xv/test-root-CA.pem 499s Test Organization Root Tr Token 499s [p11_child[3098]] [main] (0x0400): p11_child started. 499s [p11_child[3098]] [main] (0x2000): Running in [pre-auth] mode. 499s [p11_child[3098]] [main] (0x2000): Running with effective IDs: [0][0]. 499s [p11_child[3098]] [main] (0x2000): Running with real IDs [0][0]. 499s [p11_child[3098]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 499s [p11_child[3098]] [do_card] (0x4000): Module List: 499s [p11_child[3098]] [do_card] (0x4000): common name: [softhsm2]. 499s [p11_child[3098]] [do_card] (0x4000): dll name: [/usr/lib/powerpc64le-linux-gnu/softhsm/libsofthsm2.so]. 499s [p11_child[3098]] [do_card] (0x4000): Description [SoftHSM slot ID 0x37797ed] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 499s [p11_child[3098]] [do_card] (0x4000): Token label [Test Organization Root Tr Token]. 499s [p11_child[3098]] [do_card] (0x4000): Found [Test Organization Root Tr Token] in slot [SoftHSM slot ID 0x37797ed][58169325] of module [0][/usr/lib/powerpc64le-linux-gnu/softhsm/libsofthsm2.so]. 499s [p11_child[3098]] [do_card] (0x4000): Login NOT required. 499s [p11_child[3098]] [read_certs] (0x4000): found cert[Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] 499s [p11_child[3098]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 499s [p11_child[3098]] [do_card] (0x4000): /usr/lib/powerpc64le-linux-gnu/softhsm/libsofthsm2.so /usr/lib/powerpc64le-linux-gnu/softhsm/libsofthsm2.so (null) Test Organization Root Tr Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 499s [p11_child[3098]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x37797ed;slot-manufacturer=SoftHSM%20project;slot-id=58169325;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=a122df59037797ed;token=Test%20Organization%20Root%20Tr%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Root%20Trusted%20Certificate%200001;type=cert. 499s [p11_child[3098]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 499s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-7F70Xv/SSSD-child-12626.output 499s + echo '-----BEGIN CERTIFICATE-----' 499s + tail -n1 /tmp/sssd-softhsm2-7F70Xv/SSSD-child-12626.output 499s + echo '-----END CERTIFICATE-----' 499s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-7F70Xv/SSSD-child-12626.pem 499s Certificate: 499s Data: 499s Version: 3 (0x2) 499s Serial Number: 3 (0x3) 499s Signature Algorithm: sha256WithRSAEncryption 499s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root CA 499s Validity 499s Not Before: Mar 20 06:08:26 2024 GMT 499s Not After : Mar 20 06:08:26 2025 GMT 499s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root Trusted Certificate 0001 499s Subject Public Key Info: 499s Public Key Algorithm: rsaEncryption 499s Public-Key: (1024 bit) 499s Modulus: 499s 00:bc:28:2e:74:df:38:ed:d2:c0:f4:28:85:6f:bf: 499s bf:33:3a:68:bb:4c:5e:e5:fd:a3:13:36:08:d1:c4: 499s 29:1a:75:30:2c:93:e4:ac:d8:48:eb:3a:5d:ff:1b: 499s a0:72:62:7f:f3:49:6d:c9:e5:58:ab:47:18:4c:8c: 499s 30:2a:a5:83:f4:8d:29:ae:8b:41:3b:2b:73:ab:3f: 499s 78:51:b7:02:57:49:16:df:9f:78:7c:78:b8:40:6a: 499s ae:06:ce:03:28:80:b6:7e:d7:71:86:7b:6d:57:c5: 499s e0:d2:8a:8c:fe:d5:11:c9:09:71:ff:eb:dc:1d:0d: 499s 71:e8:3c:6c:1a:10:96:2b:f9 499s Exponent: 65537 (0x10001) 499s X509v3 extensions: 499s X509v3 Authority Key Identifier: 499s 48:36:F7:C2:E2:B1:79:4C:A0:2E:BE:28:B1:54:1F:FE:1F:EA:5C:BB 499s X509v3 Basic Constraints: 499s CA:FALSE 499s Netscape Cert Type: 499s SSL Client, S/MIME 499s Netscape Comment: 499s Test Organization Root CA trusted Certificate 499s X509v3 Subject Key Identifier: 499s F6:37:4F:94:11:60:E9:36:9C:64:23:D4:65:B1:84:FB:6D:2D:A9:5D 499s X509v3 Key Usage: critical 499s Digital Signature, Non Repudiation, Key Encipherment 499s X509v3 Extended Key Usage: 499s TLS Web Client Authentication, E-mail Protection 499s X509v3 Subject Alternative Name: 499s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 499s Signature Algorithm: sha256WithRSAEncryption 499s Signature Value: 499s 7f:34:08:98:37:af:10:12:91:aa:b1:fb:bd:40:bc:a7:7a:2f: 499s f1:e3:fe:d7:93:a7:39:7b:48:20:41:be:6c:0c:32:0c:3c:13: 499s b1:49:d9:33:9d:67:77:24:83:bb:49:f7:ce:a6:db:d0:d2:e5: 499s fd:aa:f6:61:f3:31:93:ad:eb:a6:5d:b4:9d:b1:46:5b:fb:b5: 499s aa:58:c9:41:3f:a9:25:de:22:f8:bd:15:c6:d7:93:7c:09:a9: 499s 35:22:cd:ce:34:bc:99:a0:d0:7e:19:46:77:59:a9:4a:23:df: 499s e3:32:3c:e3:9a:d9:fc:06:97:70:b8:7f:67:fc:a2:59:ba:15: 499s 39:1a 499s + local found_md5 expected_md5 499s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-7F70Xv/test-root-CA-trusted-certificate-0001.pem 499s + expected_md5=Modulus=BC282E74DF38EDD2C0F428856FBFBF333A68BB4C5EE5FDA3133608D1C4291A75302C93E4ACD848EB3A5DFF1BA072627FF3496DC9E558AB47184C8C302AA583F48D29AE8B413B2B73AB3F7851B702574916DF9F787C78B8406AAE06CE032880B67ED771867B6D57C5E0D28A8CFED511C90971FFEBDC1D0D71E83C6C1A10962BF9 499s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-7F70Xv/SSSD-child-12626.pem 499s + found_md5=Modulus=BC282E74DF38EDD2C0F428856FBFBF333A68BB4C5EE5FDA3133608D1C4291A75302C93E4ACD848EB3A5DFF1BA072627FF3496DC9E558AB47184C8C302AA583F48D29AE8B413B2B73AB3F7851B702574916DF9F787C78B8406AAE06CE032880B67ED771867B6D57C5E0D28A8CFED511C90971FFEBDC1D0D71E83C6C1A10962BF9 499s + '[' Modulus=BC282E74DF38EDD2C0F428856FBFBF333A68BB4C5EE5FDA3133608D1C4291A75302C93E4ACD848EB3A5DFF1BA072627FF3496DC9E558AB47184C8C302AA583F48D29AE8B413B2B73AB3F7851B702574916DF9F787C78B8406AAE06CE032880B67ED771867B6D57C5E0D28A8CFED511C90971FFEBDC1D0D71E83C6C1A10962BF9 '!=' Modulus=BC282E74DF38EDD2C0F428856FBFBF333A68BB4C5EE5FDA3133608D1C4291A75302C93E4ACD848EB3A5DFF1BA072627FF3496DC9E558AB47184C8C302AA583F48D29AE8B413B2B73AB3F7851B702574916DF9F787C78B8406AAE06CE032880B67ED771867B6D57C5E0D28A8CFED511C90971FFEBDC1D0D71E83C6C1A10962BF9 ']' 499s + output_file=/tmp/sssd-softhsm2-7F70Xv/SSSD-child-12626-auth.output 499s ++ basename /tmp/sssd-softhsm2-7F70Xv/SSSD-child-12626-auth.output .output 499s + output_cert_file=/tmp/sssd-softhsm2-7F70Xv/SSSD-child-12626-auth.pem 499s + echo -n 053350 499s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/tmp/sssd-softhsm2-7F70Xv/test-root-CA.pem --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 --verify=partial_chain --token_name 'Test Organization Root Tr Token' --module_name /usr/lib/powerpc64le-linux-gnu/softhsm/libsofthsm2.so 499s [p11_child[3106]] [main] (0x0400): p11_child started. 499s [p11_child[3106]] [main] (0x2000): Running in [auth] mode. 499s [p11_child[3106]] [main] (0x2000): Running with effective IDs: [0][0]. 499s [p11_child[3106]] [main] (0x2000): Running with real IDs [0][0]. 499s [p11_child[3106]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 499s [p11_child[3106]] [do_card] (0x4000): Module List: 499s [p11_child[3106]] [do_card] (0x4000): common name: [softhsm2]. 499s [p11_child[3106]] [do_card] (0x4000): dll name: [/usr/lib/powerpc64le-linux-gnu/softhsm/libsofthsm2.so]. 499s [p11_child[3106]] [do_card] (0x4000): Description [SoftHSM slot ID 0x37797ed] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 499s [p11_child[3106]] [do_card] (0x4000): Token label [Test Organization Root Tr Token]. 499s [p11_child[3106]] [do_card] (0x4000): Found [Test Organization Root Tr Token] in slot [SoftHSM slot ID 0x37797ed][58169325] of module [0][/usr/lib/powerpc64le-linux-gnu/softhsm/libsofthsm2.so]. 499s [p11_child[3106]] [do_card] (0x4000): Login required. 499s [p11_child[3106]] [read_certs] (0x4000): found cert[Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] 499s [p11_child[3106]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 499s [p11_child[3106]] [do_card] (0x4000): /usr/lib/powerpc64le-linux-gnu/softhsm/libsofthsm2.so /usr/lib/powerpc64le-linux-gnu/softhsm/libsofthsm2.so Test Organization Root Tr Token Test Organization Root Tr Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 499s [p11_child[3106]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x37797ed;slot-manufacturer=SoftHSM%20project;slot-id=58169325;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=a122df59037797ed;token=Test%20Organization%20Root%20Tr%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Root%20Trusted%20Certificate%200001;type=cert. 499s [p11_child[3106]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 499s [p11_child[3106]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 499s [p11_child[3106]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 499s [p11_child[3106]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 499s [p11_child[3106]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 499s [p11_child[3106]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 499s [p11_child[3106]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 499s [p11_child[3106]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 499s [p11_child[3106]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 499s [p11_child[3106]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 499s [p11_child[3106]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 499s [p11_child[3106]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 499s [p11_child[3106]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 499s [p11_child[3106]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 499s [p11_child[3106]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 499s [p11_child[3106]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 499s [p11_child[3106]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 499s [p11_child[3106]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 499s [p11_child[3106]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 499s [p11_child[3106]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 499s [p11_child[3106]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 499s [p11_child[3106]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 499s [p11_child[3106]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 499s [p11_child[3106]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 499s [p11_child[3106]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 499s [p11_child[3106]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 499s [p11_child[3106]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 499s [p11_child[3106]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 499s [p11_child[3106]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 499s [p11_child[3106]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 499s [p11_child[3106]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 499s [p11_child[3106]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 499s [p11_child[3106]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 499s [p11_child[3106]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 499s [p11_child[3106]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 499s [p11_child[3106]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 499s [p11_child[3106]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 499s [p11_child[3106]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 499s [p11_child[3106]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 499s [p11_child[3106]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 499s [p11_child[3106]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 499s [p11_child[3106]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 499s [p11_child[3106]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 499s [p11_child[3106]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 499s [p11_child[3106]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 499s [p11_child[3106]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 499s [p11_child[3106]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 499s [p11_child[3106]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 499s [p11_child[3106]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 499s [p11_child[3106]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 499s [p11_child[3106]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 499s [p11_child[3106]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 499s [p11_child[3106]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 499s [p11_child[3106]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 499s [p11_child[3106]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 499s [p11_child[3106]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 499s [p11_child[3106]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 499s [p11_child[3106]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 499s [p11_child[3106]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 499s [p11_child[3106]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 499s [p11_child[3106]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 499s [p11_child[3106]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 499s [p11_child[3106]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 499s [p11_child[3106]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 499s [p11_child[3106]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 499s [p11_child[3106]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 499s [p11_child[3106]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 499s [p11_child[3106]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 499s [p11_child[3106]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 499s [p11_child[3106]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 499s [p11_child[3106]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 499s [p11_child[3106]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 499s [p11_child[3106]] [do_card] (0x4000): Certificate verified and validated. 499s [p11_child[3106]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 499s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-7F70Xv/SSSD-child-12626-auth.output 499s + echo '-----BEGIN CERTIFICATE-----' 499s + tail -n1 /tmp/sssd-softhsm2-7F70Xv/SSSD-child-12626-auth.output 499s + echo '-----END CERTIFICATE-----' 499s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-7F70Xv/SSSD-child-12626-auth.pem 499s Certificate: 499s Data: 499s Version: 3 (0x2) 499s Serial Number: 3 (0x3) 499s Signature Algorithm: sha256WithRSAEncryption 499s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root CA 499s Validity 499s Not Before: Mar 20 06:08:26 2024 GMT 499s Not After : Mar 20 06:08:26 2025 GMT 499s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root Trusted Certificate 0001 499s Subject Public Key Info: 499s Public Key Algorithm: rsaEncryption 499s Public-Key: (1024 bit) 499s Modulus: 499s 00:bc:28:2e:74:df:38:ed:d2:c0:f4:28:85:6f:bf: 499s bf:33:3a:68:bb:4c:5e:e5:fd:a3:13:36:08:d1:c4: 499s 29:1a:75:30:2c:93:e4:ac:d8:48:eb:3a:5d:ff:1b: 499s a0:72:62:7f:f3:49:6d:c9:e5:58:ab:47:18:4c:8c: 499s 30:2a:a5:83:f4:8d:29:ae:8b:41:3b:2b:73:ab:3f: 499s 78:51:b7:02:57:49:16:df:9f:78:7c:78:b8:40:6a: 499s ae:06:ce:03:28:80:b6:7e:d7:71:86:7b:6d:57:c5: 499s e0:d2:8a:8c:fe:d5:11:c9:09:71:ff:eb:dc:1d:0d: 499s 71:e8:3c:6c:1a:10:96:2b:f9 499s Exponent: 65537 (0x10001) 499s X509v3 extensions: 499s X509v3 Authority Key Identifier: 499s 48:36:F7:C2:E2:B1:79:4C:A0:2E:BE:28:B1:54:1F:FE:1F:EA:5C:BB 499s X509v3 Basic Constraints: 499s CA:FALSE 499s Netscape Cert Type: 499s SSL Client, S/MIME 499s Netscape Comment: 499s Test Organization Root CA trusted Certificate 499s X509v3 Subject Key Identifier: 499s F6:37:4F:94:11:60:E9:36:9C:64:23:D4:65:B1:84:FB:6D:2D:A9:5D 499s X509v3 Key Usage: critical 499s Digital Signature, Non Repudiation, Key Encipherment 499s X509v3 Extended Key Usage: 499s TLS Web Client Authentication, E-mail Protection 499s X509v3 Subject Alternative Name: 499s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 499s Signature Algorithm: sha256WithRSAEncryption 499s Signature Value: 499s 7f:34:08:98:37:af:10:12:91:aa:b1:fb:bd:40:bc:a7:7a:2f: 499s f1:e3:fe:d7:93:a7:39:7b:48:20:41:be:6c:0c:32:0c:3c:13: 499s b1:49:d9:33:9d:67:77:24:83:bb:49:f7:ce:a6:db:d0:d2:e5: 499s fd:aa:f6:61:f3:31:93:ad:eb:a6:5d:b4:9d:b1:46:5b:fb:b5: 499s aa:58:c9:41:3f:a9:25:de:22:f8:bd:15:c6:d7:93:7c:09:a9: 499s 35:22:cd:ce:34:bc:99:a0:d0:7e:19:46:77:59:a9:4a:23:df: 499s e3:32:3c:e3:9a:d9:fc:06:97:70:b8:7f:67:fc:a2:59:ba:15: 499s 39:1a 499s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-7F70Xv/SSSD-child-12626-auth.pem 499s + found_md5=Modulus=BC282E74DF38EDD2C0F428856FBFBF333A68BB4C5EE5FDA3133608D1C4291A75302C93E4ACD848EB3A5DFF1BA072627FF3496DC9E558AB47184C8C302AA583F48D29AE8B413B2B73AB3F7851B702574916DF9F787C78B8406AAE06CE032880B67ED771867B6D57C5E0D28A8CFED511C90971FFEBDC1D0D71E83C6C1A10962BF9 499s + '[' Modulus=BC282E74DF38EDD2C0F428856FBFBF333A68BB4C5EE5FDA3133608D1C4291A75302C93E4ACD848EB3A5DFF1BA072627FF3496DC9E558AB47184C8C302AA583F48D29AE8B413B2B73AB3F7851B702574916DF9F787C78B8406AAE06CE032880B67ED771867B6D57C5E0D28A8CFED511C90971FFEBDC1D0D71E83C6C1A10962BF9 '!=' Modulus=BC282E74DF38EDD2C0F428856FBFBF333A68BB4C5EE5FDA3133608D1C4291A75302C93E4ACD848EB3A5DFF1BA072627FF3496DC9E558AB47184C8C302AA583F48D29AE8B413B2B73AB3F7851B702574916DF9F787C78B8406AAE06CE032880B67ED771867B6D57C5E0D28A8CFED511C90971FFEBDC1D0D71E83C6C1A10962BF9 ']' 499s + valid_certificate /tmp/sssd-softhsm2-7F70Xv/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-19710 /tmp/sssd-softhsm2-7F70Xv/test-full-chain-CA.pem 499s + check_certificate /tmp/sssd-softhsm2-7F70Xv/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-19710 /tmp/sssd-softhsm2-7F70Xv/test-full-chain-CA.pem 499s + local certificate=/tmp/sssd-softhsm2-7F70Xv/test-root-CA-trusted-certificate-0001.pem 499s + local key_pass=pass:random-root-ca-trusted-cert-0001-19710 499s + local key_ring=/tmp/sssd-softhsm2-7F70Xv/test-full-chain-CA.pem 499s + local verify_option= 499s + prepare_softhsm2_card /tmp/sssd-softhsm2-7F70Xv/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-19710 499s + local certificate=/tmp/sssd-softhsm2-7F70Xv/test-root-CA-trusted-certificate-0001.pem 499s + local key_pass=pass:random-root-ca-trusted-cert-0001-19710 499s + local key_cn 499s + local key_name 499s + local tokens_dir 499s + local output_cert_file 499s + token_name= 499s ++ basename /tmp/sssd-softhsm2-7F70Xv/test-root-CA-trusted-certificate-0001.pem .pem 499s + key_name=test-root-CA-trusted-certificate-0001 499s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-7F70Xv/test-root-CA-trusted-certificate-0001.pem 499s ++ sed -n 's/ *commonName *= //p' 499s + key_cn='Test Organization Root Trusted Certificate 0001' 499s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 499s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-7F70Xv/softhsm2-test-root-CA-trusted-certificate-0001.conf 499s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-7F70Xv/softhsm2-test-root-CA-trusted-certificate-0001.conf 499s ++ basename /tmp/sssd-softhsm2-7F70Xv/softhsm2-test-root-CA-trusted-certificate-0001.conf .conf 499s + tokens_dir=/tmp/sssd-softhsm2-7F70Xv/softhsm2-test-root-CA-trusted-certificate-0001 499s + token_name='Test Organization Root Tr Token' 499s + '[' '!' -e /tmp/sssd-softhsm2-7F70Xv/softhsm2-test-root-CA-trusted-certificate-0001.conf ']' 499s + '[' '!' -d /tmp/sssd-softhsm2-7F70Xv/softhsm2-test-root-CA-trusted-certificate-0001 ']' 499s Test Organization Root Tr Token 499s + echo 'Test Organization Root Tr Token' 499s + '[' -n '' ']' 499s + local output_base_name=SSSD-child-18806 499s + local output_file=/tmp/sssd-softhsm2-7F70Xv/SSSD-child-18806.output 499s + output_cert_file=/tmp/sssd-softhsm2-7F70Xv/SSSD-child-18806.pem 499s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/powerpc64le-linux-gnu/softhsm/libsofthsm2.so '' --ca_db=/tmp/sssd-softhsm2-7F70Xv/test-full-chain-CA.pem 499s [p11_child[3116]] [main] (0x0400): p11_child started. 499s [p11_child[3116]] [main] (0x2000): Running in [pre-auth] mode. 499s [p11_child[3116]] [main] (0x2000): Running with effective IDs: [0][0]. 499s [p11_child[3116]] [main] (0x2000): Running with real IDs [0][0]. 499s [p11_child[3116]] [do_card] (0x4000): Module List: 499s [p11_child[3116]] [do_card] (0x4000): common name: [softhsm2]. 499s [p11_child[3116]] [do_card] (0x4000): dll name: [/usr/lib/powerpc64le-linux-gnu/softhsm/libsofthsm2.so]. 499s [p11_child[3116]] [do_card] (0x4000): Description [SoftHSM slot ID 0x37797ed] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 499s [p11_child[3116]] [do_card] (0x4000): Token label [Test Organization Root Tr Token]. 499s [p11_child[3116]] [do_card] (0x4000): Found [Test Organization Root Tr Token] in slot [SoftHSM slot ID 0x37797ed][58169325] of module [0][/usr/lib/powerpc64le-linux-gnu/softhsm/libsofthsm2.so]. 499s [p11_child[3116]] [do_card] (0x4000): Login NOT required. 499s [p11_child[3116]] [read_certs] (0x4000): found cert[Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] 499s [p11_child[3116]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 499s [p11_child[3116]] [do_card] (0x4000): /usr/lib/powerpc64le-linux-gnu/softhsm/libsofthsm2.so /usr/lib/powerpc64le-linux-gnu/softhsm/libsofthsm2.so (null) Test Organization Root Tr Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 499s [p11_child[3116]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x37797ed;slot-manufacturer=SoftHSM%20project;slot-id=58169325;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=a122df59037797ed;token=Test%20Organization%20Root%20Tr%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Root%20Trusted%20Certificate%200001;type=cert. 499s [p11_child[3116]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 499s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-7F70Xv/SSSD-child-18806.output 499s + echo '-----BEGIN CERTIFICATE-----' 499s + tail -n1 /tmp/sssd-softhsm2-7F70Xv/SSSD-child-18806.output 499s + echo '-----END CERTIFICATE-----' 499s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-7F70Xv/SSSD-child-18806.pem 500s Certificate: 500s Data: 500s Version: 3 (0x2) 500s Serial Number: 3 (0x3) 500s Signature Algorithm: sha256WithRSAEncryption 500s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root CA 500s Validity 500s Not Before: Mar 20 06:08:26 2024 GMT 500s Not After : Mar 20 06:08:26 2025 GMT 500s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root Trusted Certificate 0001 500s Subject Public Key Info: 500s Public Key Algorithm: rsaEncryption 500s Public-Key: (1024 bit) 500s Modulus: 500s 00:bc:28:2e:74:df:38:ed:d2:c0:f4:28:85:6f:bf: 500s bf:33:3a:68:bb:4c:5e:e5:fd:a3:13:36:08:d1:c4: 500s 29:1a:75:30:2c:93:e4:ac:d8:48:eb:3a:5d:ff:1b: 500s a0:72:62:7f:f3:49:6d:c9:e5:58:ab:47:18:4c:8c: 500s 30:2a:a5:83:f4:8d:29:ae:8b:41:3b:2b:73:ab:3f: 500s 78:51:b7:02:57:49:16:df:9f:78:7c:78:b8:40:6a: 500s ae:06:ce:03:28:80:b6:7e:d7:71:86:7b:6d:57:c5: 500s e0:d2:8a:8c:fe:d5:11:c9:09:71:ff:eb:dc:1d:0d: 500s 71:e8:3c:6c:1a:10:96:2b:f9 500s Exponent: 65537 (0x10001) 500s X509v3 extensions: 500s X509v3 Authority Key Identifier: 500s 48:36:F7:C2:E2:B1:79:4C:A0:2E:BE:28:B1:54:1F:FE:1F:EA:5C:BB 500s X509v3 Basic Constraints: 500s CA:FALSE 500s Netscape Cert Type: 500s SSL Client, S/MIME 500s Netscape Comment: 500s Test Organization Root CA trusted Certificate 500s X509v3 Subject Key Identifier: 500s F6:37:4F:94:11:60:E9:36:9C:64:23:D4:65:B1:84:FB:6D:2D:A9:5D 500s X509v3 Key Usage: critical 500s Digital Signature, Non Repudiation, Key Encipherment 500s X509v3 Extended Key Usage: 500s TLS Web Client Authentication, E-mail Protection 500s X509v3 Subject Alternative Name: 500s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 500s Signature Algorithm: sha256WithRSAEncryption 500s Signature Value: 500s 7f:34:08:98:37:af:10:12:91:aa:b1:fb:bd:40:bc:a7:7a:2f: 500s f1:e3:fe:d7:93:a7:39:7b:48:20:41:be:6c:0c:32:0c:3c:13: 500s b1:49:d9:33:9d:67:77:24:83:bb:49:f7:ce:a6:db:d0:d2:e5: 500s fd:aa:f6:61:f3:31:93:ad:eb:a6:5d:b4:9d:b1:46:5b:fb:b5: 500s aa:58:c9:41:3f:a9:25:de:22:f8:bd:15:c6:d7:93:7c:09:a9: 500s 35:22:cd:ce:34:bc:99:a0:d0:7e:19:46:77:59:a9:4a:23:df: 500s e3:32:3c:e3:9a:d9:fc:06:97:70:b8:7f:67:fc:a2:59:ba:15: 500s 39:1a 500s + local found_md5 expected_md5 500s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-7F70Xv/test-root-CA-trusted-certificate-0001.pem 500s + expected_md5=Modulus=BC282E74DF38EDD2C0F428856FBFBF333A68BB4C5EE5FDA3133608D1C4291A75302C93E4ACD848EB3A5DFF1BA072627FF3496DC9E558AB47184C8C302AA583F48D29AE8B413B2B73AB3F7851B702574916DF9F787C78B8406AAE06CE032880B67ED771867B6D57C5E0D28A8CFED511C90971FFEBDC1D0D71E83C6C1A10962BF9 500s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-7F70Xv/SSSD-child-18806.pem 500s + found_md5=Modulus=BC282E74DF38EDD2C0F428856FBFBF333A68BB4C5EE5FDA3133608D1C4291A75302C93E4ACD848EB3A5DFF1BA072627FF3496DC9E558AB47184C8C302AA583F48D29AE8B413B2B73AB3F7851B702574916DF9F787C78B8406AAE06CE032880B67ED771867B6D57C5E0D28A8CFED511C90971FFEBDC1D0D71E83C6C1A10962BF9 500s + '[' Modulus=BC282E74DF38EDD2C0F428856FBFBF333A68BB4C5EE5FDA3133608D1C4291A75302C93E4ACD848EB3A5DFF1BA072627FF3496DC9E558AB47184C8C302AA583F48D29AE8B413B2B73AB3F7851B702574916DF9F787C78B8406AAE06CE032880B67ED771867B6D57C5E0D28A8CFED511C90971FFEBDC1D0D71E83C6C1A10962BF9 '!=' Modulus=BC282E74DF38EDD2C0F428856FBFBF333A68BB4C5EE5FDA3133608D1C4291A75302C93E4ACD848EB3A5DFF1BA072627FF3496DC9E558AB47184C8C302AA583F48D29AE8B413B2B73AB3F7851B702574916DF9F787C78B8406AAE06CE032880B67ED771867B6D57C5E0D28A8CFED511C90971FFEBDC1D0D71E83C6C1A10962BF9 ']' 500s + output_file=/tmp/sssd-softhsm2-7F70Xv/SSSD-child-18806-auth.output 500s ++ basename /tmp/sssd-softhsm2-7F70Xv/SSSD-child-18806-auth.output .output 500s + output_cert_file=/tmp/sssd-softhsm2-7F70Xv/SSSD-child-18806-auth.pem 500s + echo -n 053350 500s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/tmp/sssd-softhsm2-7F70Xv/test-full-chain-CA.pem --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 '' --token_name 'Test Organization Root Tr Token' --module_name /usr/lib/powerpc64le-linux-gnu/softhsm/libsofthsm2.so 500s [p11_child[3124]] [main] (0x0400): p11_child started. 500s [p11_child[3124]] [main] (0x2000): Running in [auth] mode. 500s [p11_child[3124]] [main] (0x2000): Running with effective IDs: [0][0]. 500s [p11_child[3124]] [main] (0x2000): Running with real IDs [0][0]. 500s [p11_child[3124]] [do_card] (0x4000): Module List: 500s [p11_child[3124]] [do_card] (0x4000): common name: [softhsm2]. 500s [p11_child[3124]] [do_card] (0x4000): dll name: [/usr/lib/powerpc64le-linux-gnu/softhsm/libsofthsm2.so]. 500s [p11_child[3124]] [do_card] (0x4000): Description [SoftHSM slot ID 0x37797ed] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 500s [p11_child[3124]] [do_card] (0x4000): Token label [Test Organization Root Tr Token]. 500s [p11_child[3124]] [do_card] (0x4000): Found [Test Organization Root Tr Token] in slot [SoftHSM slot ID 0x37797ed][58169325] of module [0][/usr/lib/powerpc64le-linux-gnu/softhsm/libsofthsm2.so]. 500s [p11_child[3124]] [do_card] (0x4000): Login required. 500s [p11_child[3124]] [read_certs] (0x4000): found cert[Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] 500s [p11_child[3124]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 500s [p11_child[3124]] [do_card] (0x4000): /usr/lib/powerpc64le-linux-gnu/softhsm/libsofthsm2.so /usr/lib/powerpc64le-linux-gnu/softhsm/libsofthsm2.so Test Organization Root Tr Token Test Organization Root Tr Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 500s [p11_child[3124]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x37797ed;slot-manufacturer=SoftHSM%20project;slot-id=58169325;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=a122df59037797ed;token=Test%20Organization%20Root%20Tr%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Root%20Trusted%20Certificate%200001;type=cert. 500s [p11_child[3124]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 500s [p11_child[3124]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 500s [p11_child[3124]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 500s [p11_child[3124]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 500s [p11_child[3124]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 500s [p11_child[3124]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 500s [p11_child[3124]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 500s [p11_child[3124]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 500s [p11_child[3124]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 500s [p11_child[3124]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 500s [p11_child[3124]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 500s [p11_child[3124]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 500s [p11_child[3124]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 500s [p11_child[3124]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 500s [p11_child[3124]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 500s [p11_child[3124]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 500s [p11_child[3124]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 500s [p11_child[3124]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 500s [p11_child[3124]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 500s [p11_child[3124]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 500s [p11_child[3124]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 500s [p11_child[3124]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 500s [p11_child[3124]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 500s [p11_child[3124]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 500s [p11_child[3124]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 500s [p11_child[3124]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 500s [p11_child[3124]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 500s [p11_child[3124]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 500s [p11_child[3124]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 500s [p11_child[3124]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 500s [p11_child[3124]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 500s [p11_child[3124]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 500s [p11_child[3124]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 500s [p11_child[3124]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 500s [p11_child[3124]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 500s [p11_child[3124]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 500s [p11_child[3124]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 500s [p11_child[3124]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 500s [p11_child[3124]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 500s [p11_child[3124]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 500s [p11_child[3124]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 500s [p11_child[3124]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 500s [p11_child[3124]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 500s [p11_child[3124]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 500s [p11_child[3124]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 500s [p11_child[3124]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 500s [p11_child[3124]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 500s [p11_child[3124]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 500s [p11_child[3124]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 500s [p11_child[3124]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 500s [p11_child[3124]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 500s [p11_child[3124]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 500s [p11_child[3124]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 500s [p11_child[3124]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 500s [p11_child[3124]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 500s [p11_child[3124]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 500s [p11_child[3124]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 500s [p11_child[3124]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 500s [p11_child[3124]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 500s [p11_child[3124]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 500s [p11_child[3124]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 500s [p11_child[3124]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 500s [p11_child[3124]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 500s [p11_child[3124]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 500s [p11_child[3124]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 500s [p11_child[3124]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 500s [p11_child[3124]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 500s [p11_child[3124]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 500s [p11_child[3124]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 500s [p11_child[3124]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 500s [p11_child[3124]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 500s [p11_child[3124]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 500s [p11_child[3124]] [do_card] (0x4000): Certificate verified and validated. 500s [p11_child[3124]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 500s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-7F70Xv/SSSD-child-18806-auth.output 500s + echo '-----BEGIN CERTIFICATE-----' 500s + tail -n1 /tmp/sssd-softhsm2-7F70Xv/SSSD-child-18806-auth.output 500s + echo '-----END CERTIFICATE-----' 500s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-7F70Xv/SSSD-child-18806-auth.pem 500s Certificate: 500s Data: 500s Version: 3 (0x2) 500s Serial Number: 3 (0x3) 500s Signature Algorithm: sha256WithRSAEncryption 500s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root CA 500s Validity 500s Not Before: Mar 20 06:08:26 2024 GMT 500s Not After : Mar 20 06:08:26 2025 GMT 500s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root Trusted Certificate 0001 500s Subject Public Key Info: 500s Public Key Algorithm: rsaEncryption 500s Public-Key: (1024 bit) 500s Modulus: 500s 00:bc:28:2e:74:df:38:ed:d2:c0:f4:28:85:6f:bf: 500s bf:33:3a:68:bb:4c:5e:e5:fd:a3:13:36:08:d1:c4: 500s 29:1a:75:30:2c:93:e4:ac:d8:48:eb:3a:5d:ff:1b: 500s a0:72:62:7f:f3:49:6d:c9:e5:58:ab:47:18:4c:8c: 500s 30:2a:a5:83:f4:8d:29:ae:8b:41:3b:2b:73:ab:3f: 500s 78:51:b7:02:57:49:16:df:9f:78:7c:78:b8:40:6a: 500s ae:06:ce:03:28:80:b6:7e:d7:71:86:7b:6d:57:c5: 500s e0:d2:8a:8c:fe:d5:11:c9:09:71:ff:eb:dc:1d:0d: 500s 71:e8:3c:6c:1a:10:96:2b:f9 500s Exponent: 65537 (0x10001) 500s X509v3 extensions: 500s X509v3 Authority Key Identifier: 500s 48:36:F7:C2:E2:B1:79:4C:A0:2E:BE:28:B1:54:1F:FE:1F:EA:5C:BB 500s X509v3 Basic Constraints: 500s CA:FALSE 500s Netscape Cert Type: 500s SSL Client, S/MIME 500s Netscape Comment: 500s Test Organization Root CA trusted Certificate 500s X509v3 Subject Key Identifier: 500s F6:37:4F:94:11:60:E9:36:9C:64:23:D4:65:B1:84:FB:6D:2D:A9:5D 500s X509v3 Key Usage: critical 500s Digital Signature, Non Repudiation, Key Encipherment 500s X509v3 Extended Key Usage: 500s TLS Web Client Authentication, E-mail Protection 500s X509v3 Subject Alternative Name: 500s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 500s Signature Algorithm: sha256WithRSAEncryption 500s Signature Value: 500s 7f:34:08:98:37:af:10:12:91:aa:b1:fb:bd:40:bc:a7:7a:2f: 500s f1:e3:fe:d7:93:a7:39:7b:48:20:41:be:6c:0c:32:0c:3c:13: 500s b1:49:d9:33:9d:67:77:24:83:bb:49:f7:ce:a6:db:d0:d2:e5: 500s fd:aa:f6:61:f3:31:93:ad:eb:a6:5d:b4:9d:b1:46:5b:fb:b5: 500s aa:58:c9:41:3f:a9:25:de:22:f8:bd:15:c6:d7:93:7c:09:a9: 500s 35:22:cd:ce:34:bc:99:a0:d0:7e:19:46:77:59:a9:4a:23:df: 500s e3:32:3c:e3:9a:d9:fc:06:97:70:b8:7f:67:fc:a2:59:ba:15: 500s 39:1a 500s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-7F70Xv/SSSD-child-18806-auth.pem 500s + found_md5=Modulus=BC282E74DF38EDD2C0F428856FBFBF333A68BB4C5EE5FDA3133608D1C4291A75302C93E4ACD848EB3A5DFF1BA072627FF3496DC9E558AB47184C8C302AA583F48D29AE8B413B2B73AB3F7851B702574916DF9F787C78B8406AAE06CE032880B67ED771867B6D57C5E0D28A8CFED511C90971FFEBDC1D0D71E83C6C1A10962BF9 500s + '[' Modulus=BC282E74DF38EDD2C0F428856FBFBF333A68BB4C5EE5FDA3133608D1C4291A75302C93E4ACD848EB3A5DFF1BA072627FF3496DC9E558AB47184C8C302AA583F48D29AE8B413B2B73AB3F7851B702574916DF9F787C78B8406AAE06CE032880B67ED771867B6D57C5E0D28A8CFED511C90971FFEBDC1D0D71E83C6C1A10962BF9 '!=' Modulus=BC282E74DF38EDD2C0F428856FBFBF333A68BB4C5EE5FDA3133608D1C4291A75302C93E4ACD848EB3A5DFF1BA072627FF3496DC9E558AB47184C8C302AA583F48D29AE8B413B2B73AB3F7851B702574916DF9F787C78B8406AAE06CE032880B67ED771867B6D57C5E0D28A8CFED511C90971FFEBDC1D0D71E83C6C1A10962BF9 ']' 500s + valid_certificate /tmp/sssd-softhsm2-7F70Xv/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-19710 /tmp/sssd-softhsm2-7F70Xv/test-full-chain-CA.pem partial_chain 500s + check_certificate /tmp/sssd-softhsm2-7F70Xv/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-19710 /tmp/sssd-softhsm2-7F70Xv/test-full-chain-CA.pem partial_chain 500s + local certificate=/tmp/sssd-softhsm2-7F70Xv/test-root-CA-trusted-certificate-0001.pem 500s + local key_pass=pass:random-root-ca-trusted-cert-0001-19710 500s + local key_ring=/tmp/sssd-softhsm2-7F70Xv/test-full-chain-CA.pem 500s + local verify_option=partial_chain 500s + prepare_softhsm2_card /tmp/sssd-softhsm2-7F70Xv/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-19710 500s + local certificate=/tmp/sssd-softhsm2-7F70Xv/test-root-CA-trusted-certificate-0001.pem 500s + local key_pass=pass:random-root-ca-trusted-cert-0001-19710 500s + local key_cn 500s + local key_name 500s + local tokens_dir 500s + local output_cert_file 500s + token_name= 500s ++ basename /tmp/sssd-softhsm2-7F70Xv/test-root-CA-trusted-certificate-0001.pem .pem 500s + key_name=test-root-CA-trusted-certificate-0001 500s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-7F70Xv/test-root-CA-trusted-certificate-0001.pem 500s ++ sed -n 's/ *commonName *= //p' 500s + key_cn='Test Organization Root Trusted Certificate 0001' 500s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 500s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-7F70Xv/softhsm2-test-root-CA-trusted-certificate-0001.conf 500s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-7F70Xv/softhsm2-test-root-CA-trusted-certificate-0001.conf 500s ++ basename /tmp/sssd-softhsm2-7F70Xv/softhsm2-test-root-CA-trusted-certificate-0001.conf .conf 500s + tokens_dir=/tmp/sssd-softhsm2-7F70Xv/softhsm2-test-root-CA-trusted-certificate-0001 500s + token_name='Test Organization Root Tr Token' 500s Test Organization Root Tr Token 500s + '[' '!' -e /tmp/sssd-softhsm2-7F70Xv/softhsm2-test-root-CA-trusted-certificate-0001.conf ']' 500s + '[' '!' -d /tmp/sssd-softhsm2-7F70Xv/softhsm2-test-root-CA-trusted-certificate-0001 ']' 500s + echo 'Test Organization Root Tr Token' 500s + '[' -n partial_chain ']' 500s + local verify_arg=--verify=partial_chain 500s + local output_base_name=SSSD-child-19751 500s + local output_file=/tmp/sssd-softhsm2-7F70Xv/SSSD-child-19751.output 500s + output_cert_file=/tmp/sssd-softhsm2-7F70Xv/SSSD-child-19751.pem 500s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/powerpc64le-linux-gnu/softhsm/libsofthsm2.so --verify=partial_chain --ca_db=/tmp/sssd-softhsm2-7F70Xv/test-full-chain-CA.pem 500s [p11_child[3134]] [main] (0x0400): p11_child started. 500s [p11_child[3134]] [main] (0x2000): Running in [pre-auth] mode. 500s [p11_child[3134]] [main] (0x2000): Running with effective IDs: [0][0]. 500s [p11_child[3134]] [main] (0x2000): Running with real IDs [0][0]. 500s [p11_child[3134]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 500s [p11_child[3134]] [do_card] (0x4000): Module List: 500s [p11_child[3134]] [do_card] (0x4000): common name: [softhsm2]. 500s [p11_child[3134]] [do_card] (0x4000): dll name: [/usr/lib/powerpc64le-linux-gnu/softhsm/libsofthsm2.so]. 500s [p11_child[3134]] [do_card] (0x4000): Description [SoftHSM slot ID 0x37797ed] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 500s [p11_child[3134]] [do_card] (0x4000): Token label [Test Organization Root Tr Token]. 500s [p11_child[3134]] [do_card] (0x4000): Found [Test Organization Root Tr Token] in slot [SoftHSM slot ID 0x37797ed][58169325] of module [0][/usr/lib/powerpc64le-linux-gnu/softhsm/libsofthsm2.so]. 500s [p11_child[3134]] [do_card] (0x4000): Login NOT required. 500s [p11_child[3134]] [read_certs] (0x4000): found cert[Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] 500s [p11_child[3134]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 500s [p11_child[3134]] [do_card] (0x4000): /usr/lib/powerpc64le-linux-gnu/softhsm/libsofthsm2.so /usr/lib/powerpc64le-linux-gnu/softhsm/libsofthsm2.so (null) Test Organization Root Tr Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 500s [p11_child[3134]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x37797ed;slot-manufacturer=SoftHSM%20project;slot-id=58169325;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=a122df59037797ed;token=Test%20Organization%20Root%20Tr%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Root%20Trusted%20Certificate%200001;type=cert. 500s [p11_child[3134]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 500s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-7F70Xv/SSSD-child-19751.output 500s + echo '-----BEGIN CERTIFICATE-----' 500s + tail -n1 /tmp/sssd-softhsm2-7F70Xv/SSSD-child-19751.output 500s + echo '-----END CERTIFICATE-----' 500s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-7F70Xv/SSSD-child-19751.pem 500s Certificate: 500s Data: 500s Version: 3 (0x2) 500s Serial Number: 3 (0x3) 500s Signature Algorithm: sha256WithRSAEncryption 500s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root CA 500s Validity 500s Not Before: Mar 20 06:08:26 2024 GMT 500s Not After : Mar 20 06:08:26 2025 GMT 500s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root Trusted Certificate 0001 500s Subject Public Key Info: 500s Public Key Algorithm: rsaEncryption 500s Public-Key: (1024 bit) 500s Modulus: 500s 00:bc:28:2e:74:df:38:ed:d2:c0:f4:28:85:6f:bf: 500s bf:33:3a:68:bb:4c:5e:e5:fd:a3:13:36:08:d1:c4: 500s 29:1a:75:30:2c:93:e4:ac:d8:48:eb:3a:5d:ff:1b: 500s a0:72:62:7f:f3:49:6d:c9:e5:58:ab:47:18:4c:8c: 500s 30:2a:a5:83:f4:8d:29:ae:8b:41:3b:2b:73:ab:3f: 500s 78:51:b7:02:57:49:16:df:9f:78:7c:78:b8:40:6a: 500s ae:06:ce:03:28:80:b6:7e:d7:71:86:7b:6d:57:c5: 500s e0:d2:8a:8c:fe:d5:11:c9:09:71:ff:eb:dc:1d:0d: 500s 71:e8:3c:6c:1a:10:96:2b:f9 500s Exponent: 65537 (0x10001) 500s X509v3 extensions: 500s X509v3 Authority Key Identifier: 500s 48:36:F7:C2:E2:B1:79:4C:A0:2E:BE:28:B1:54:1F:FE:1F:EA:5C:BB 500s X509v3 Basic Constraints: 500s CA:FALSE 500s Netscape Cert Type: 500s SSL Client, S/MIME 500s Netscape Comment: 500s Test Organization Root CA trusted Certificate 500s X509v3 Subject Key Identifier: 500s F6:37:4F:94:11:60:E9:36:9C:64:23:D4:65:B1:84:FB:6D:2D:A9:5D 500s X509v3 Key Usage: critical 500s Digital Signature, Non Repudiation, Key Encipherment 500s X509v3 Extended Key Usage: 500s TLS Web Client Authentication, E-mail Protection 500s X509v3 Subject Alternative Name: 500s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 500s Signature Algorithm: sha256WithRSAEncryption 500s Signature Value: 500s 7f:34:08:98:37:af:10:12:91:aa:b1:fb:bd:40:bc:a7:7a:2f: 500s f1:e3:fe:d7:93:a7:39:7b:48:20:41:be:6c:0c:32:0c:3c:13: 500s b1:49:d9:33:9d:67:77:24:83:bb:49:f7:ce:a6:db:d0:d2:e5: 500s fd:aa:f6:61:f3:31:93:ad:eb:a6:5d:b4:9d:b1:46:5b:fb:b5: 500s aa:58:c9:41:3f:a9:25:de:22:f8:bd:15:c6:d7:93:7c:09:a9: 500s 35:22:cd:ce:34:bc:99:a0:d0:7e:19:46:77:59:a9:4a:23:df: 500s e3:32:3c:e3:9a:d9:fc:06:97:70:b8:7f:67:fc:a2:59:ba:15: 500s 39:1a 500s + local found_md5 expected_md5 500s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-7F70Xv/test-root-CA-trusted-certificate-0001.pem 500s + expected_md5=Modulus=BC282E74DF38EDD2C0F428856FBFBF333A68BB4C5EE5FDA3133608D1C4291A75302C93E4ACD848EB3A5DFF1BA072627FF3496DC9E558AB47184C8C302AA583F48D29AE8B413B2B73AB3F7851B702574916DF9F787C78B8406AAE06CE032880B67ED771867B6D57C5E0D28A8CFED511C90971FFEBDC1D0D71E83C6C1A10962BF9 500s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-7F70Xv/SSSD-child-19751.pem 500s + found_md5=Modulus=BC282E74DF38EDD2C0F428856FBFBF333A68BB4C5EE5FDA3133608D1C4291A75302C93E4ACD848EB3A5DFF1BA072627FF3496DC9E558AB47184C8C302AA583F48D29AE8B413B2B73AB3F7851B702574916DF9F787C78B8406AAE06CE032880B67ED771867B6D57C5E0D28A8CFED511C90971FFEBDC1D0D71E83C6C1A10962BF9 500s + '[' Modulus=BC282E74DF38EDD2C0F428856FBFBF333A68BB4C5EE5FDA3133608D1C4291A75302C93E4ACD848EB3A5DFF1BA072627FF3496DC9E558AB47184C8C302AA583F48D29AE8B413B2B73AB3F7851B702574916DF9F787C78B8406AAE06CE032880B67ED771867B6D57C5E0D28A8CFED511C90971FFEBDC1D0D71E83C6C1A10962BF9 '!=' Modulus=BC282E74DF38EDD2C0F428856FBFBF333A68BB4C5EE5FDA3133608D1C4291A75302C93E4ACD848EB3A5DFF1BA072627FF3496DC9E558AB47184C8C302AA583F48D29AE8B413B2B73AB3F7851B702574916DF9F787C78B8406AAE06CE032880B67ED771867B6D57C5E0D28A8CFED511C90971FFEBDC1D0D71E83C6C1A10962BF9 ']' 500s + output_file=/tmp/sssd-softhsm2-7F70Xv/SSSD-child-19751-auth.output 500s ++ basename /tmp/sssd-softhsm2-7F70Xv/SSSD-child-19751-auth.output .output 500s + output_cert_file=/tmp/sssd-softhsm2-7F70Xv/SSSD-child-19751-auth.pem 500s + echo -n 053350 500s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/tmp/sssd-softhsm2-7F70Xv/test-full-chain-CA.pem --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 --verify=partial_chain --token_name 'Test Organization Root Tr Token' --module_name /usr/lib/powerpc64le-linux-gnu/softhsm/libsofthsm2.so 500s [p11_child[3142]] [main] (0x0400): p11_child started. 500s [p11_child[3142]] [main] (0x2000): Running in [auth] mode. 500s [p11_child[3142]] [main] (0x2000): Running with effective IDs: [0][0]. 500s [p11_child[3142]] [main] (0x2000): Running with real IDs [0][0]. 500s [p11_child[3142]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 500s [p11_child[3142]] [do_card] (0x4000): Module List: 500s [p11_child[3142]] [do_card] (0x4000): common name: [softhsm2]. 500s [p11_child[3142]] [do_card] (0x4000): dll name: [/usr/lib/powerpc64le-linux-gnu/softhsm/libsofthsm2.so]. 500s [p11_child[3142]] [do_card] (0x4000): Description [SoftHSM slot ID 0x37797ed] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 500s [p11_child[3142]] [do_card] (0x4000): Token label [Test Organization Root Tr Token]. 500s [p11_child[3142]] [do_card] (0x4000): Found [Test Organization Root Tr Token] in slot [SoftHSM slot ID 0x37797ed][58169325] of module [0][/usr/lib/powerpc64le-linux-gnu/softhsm/libsofthsm2.so]. 500s [p11_child[3142]] [do_card] (0x4000): Login required. 500s [p11_child[3142]] [read_certs] (0x4000): found cert[Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] 500s [p11_child[3142]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 500s [p11_child[3142]] [do_card] (0x4000): /usr/lib/powerpc64le-linux-gnu/softhsm/libsofthsm2.so /usr/lib/powerpc64le-linux-gnu/softhsm/libsofthsm2.so Test Organization Root Tr Token Test Organization Root Tr Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 500s [p11_child[3142]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x37797ed;slot-manufacturer=SoftHSM%20project;slot-id=58169325;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=a122df59037797ed;token=Test%20Organization%20Root%20Tr%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Root%20Trusted%20Certificate%200001;type=cert. 500s [p11_child[3142]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 500s [p11_child[3142]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 500s [p11_child[3142]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 500s [p11_child[3142]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 500s [p11_child[3142]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 500s [p11_child[3142]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 500s [p11_child[3142]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 500s [p11_child[3142]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 500s [p11_child[3142]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 500s [p11_child[3142]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 500s [p11_child[3142]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 500s [p11_child[3142]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 500s [p11_child[3142]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 500s [p11_child[3142]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 500s [p11_child[3142]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 500s [p11_child[3142]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 500s [p11_child[3142]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 500s [p11_child[3142]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 500s [p11_child[3142]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 500s [p11_child[3142]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 500s [p11_child[3142]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 500s [p11_child[3142]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 500s [p11_child[3142]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 500s [p11_child[3142]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 500s [p11_child[3142]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 500s [p11_child[3142]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 500s [p11_child[3142]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 500s [p11_child[3142]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 500s [p11_child[3142]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 500s [p11_child[3142]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 500s [p11_child[3142]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 500s [p11_child[3142]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 500s [p11_child[3142]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 500s [p11_child[3142]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 500s [p11_child[3142]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 500s [p11_child[3142]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 500s [p11_child[3142]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 500s [p11_child[3142]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 500s [p11_child[3142]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 500s [p11_child[3142]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 500s [p11_child[3142]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 500s [p11_child[3142]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 500s [p11_child[3142]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 500s [p11_child[3142]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 500s [p11_child[3142]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 500s [p11_child[3142]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 500s [p11_child[3142]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 500s [p11_child[3142]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 500s [p11_child[3142]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 500s [p11_child[3142]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 500s [p11_child[3142]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 500s [p11_child[3142]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 500s [p11_child[3142]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 500s [p11_child[3142]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 500s [p11_child[3142]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 500s [p11_child[3142]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 500s [p11_child[3142]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 500s [p11_child[3142]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 500s [p11_child[3142]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 500s [p11_child[3142]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 500s [p11_child[3142]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 500s [p11_child[3142]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 500s [p11_child[3142]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 500s [p11_child[3142]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 500s [p11_child[3142]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 500s [p11_child[3142]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 500s [p11_child[3142]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 500s [p11_child[3142]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 500s [p11_child[3142]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 500s [p11_child[3142]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 500s [p11_child[3142]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 500s [p11_child[3142]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 500s [p11_child[3142]] [do_card] (0x4000): Certificate verified and validated. 500s [p11_child[3142]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 500s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-7F70Xv/SSSD-child-19751-auth.output 500s + echo '-----BEGIN CERTIFICATE-----' 500s + tail -n1 /tmp/sssd-softhsm2-7F70Xv/SSSD-child-19751-auth.output 500s + echo '-----END CERTIFICATE-----' 500s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-7F70Xv/SSSD-child-19751-auth.pem 500s Certificate: 500s Data: 500s Version: 3 (0x2) 500s Serial Number: 3 (0x3) 500s Signature Algorithm: sha256WithRSAEncryption 500s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root CA 500s Validity 500s Not Before: Mar 20 06:08:26 2024 GMT 500s Not After : Mar 20 06:08:26 2025 GMT 500s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root Trusted Certificate 0001 500s Subject Public Key Info: 500s Public Key Algorithm: rsaEncryption 500s Public-Key: (1024 bit) 500s Modulus: 500s 00:bc:28:2e:74:df:38:ed:d2:c0:f4:28:85:6f:bf: 500s bf:33:3a:68:bb:4c:5e:e5:fd:a3:13:36:08:d1:c4: 500s 29:1a:75:30:2c:93:e4:ac:d8:48:eb:3a:5d:ff:1b: 500s a0:72:62:7f:f3:49:6d:c9:e5:58:ab:47:18:4c:8c: 500s 30:2a:a5:83:f4:8d:29:ae:8b:41:3b:2b:73:ab:3f: 500s 78:51:b7:02:57:49:16:df:9f:78:7c:78:b8:40:6a: 500s ae:06:ce:03:28:80:b6:7e:d7:71:86:7b:6d:57:c5: 500s e0:d2:8a:8c:fe:d5:11:c9:09:71:ff:eb:dc:1d:0d: 500s 71:e8:3c:6c:1a:10:96:2b:f9 500s Exponent: 65537 (0x10001) 500s X509v3 extensions: 500s X509v3 Authority Key Identifier: 500s 48:36:F7:C2:E2:B1:79:4C:A0:2E:BE:28:B1:54:1F:FE:1F:EA:5C:BB 500s X509v3 Basic Constraints: 500s CA:FALSE 500s Netscape Cert Type: 500s SSL Client, S/MIME 500s Netscape Comment: 500s Test Organization Root CA trusted Certificate 500s X509v3 Subject Key Identifier: 500s F6:37:4F:94:11:60:E9:36:9C:64:23:D4:65:B1:84:FB:6D:2D:A9:5D 500s X509v3 Key Usage: critical 500s Digital Signature, Non Repudiation, Key Encipherment 500s X509v3 Extended Key Usage: 500s TLS Web Client Authentication, E-mail Protection 500s X509v3 Subject Alternative Name: 500s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 500s Signature Algorithm: sha256WithRSAEncryption 500s Signature Value: 500s 7f:34:08:98:37:af:10:12:91:aa:b1:fb:bd:40:bc:a7:7a:2f: 500s f1:e3:fe:d7:93:a7:39:7b:48:20:41:be:6c:0c:32:0c:3c:13: 500s b1:49:d9:33:9d:67:77:24:83:bb:49:f7:ce:a6:db:d0:d2:e5: 500s fd:aa:f6:61:f3:31:93:ad:eb:a6:5d:b4:9d:b1:46:5b:fb:b5: 500s aa:58:c9:41:3f:a9:25:de:22:f8:bd:15:c6:d7:93:7c:09:a9: 500s 35:22:cd:ce:34:bc:99:a0:d0:7e:19:46:77:59:a9:4a:23:df: 500s e3:32:3c:e3:9a:d9:fc:06:97:70:b8:7f:67:fc:a2:59:ba:15: 500s 39:1a 500s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-7F70Xv/SSSD-child-19751-auth.pem 500s + found_md5=Modulus=BC282E74DF38EDD2C0F428856FBFBF333A68BB4C5EE5FDA3133608D1C4291A75302C93E4ACD848EB3A5DFF1BA072627FF3496DC9E558AB47184C8C302AA583F48D29AE8B413B2B73AB3F7851B702574916DF9F787C78B8406AAE06CE032880B67ED771867B6D57C5E0D28A8CFED511C90971FFEBDC1D0D71E83C6C1A10962BF9 500s + '[' Modulus=BC282E74DF38EDD2C0F428856FBFBF333A68BB4C5EE5FDA3133608D1C4291A75302C93E4ACD848EB3A5DFF1BA072627FF3496DC9E558AB47184C8C302AA583F48D29AE8B413B2B73AB3F7851B702574916DF9F787C78B8406AAE06CE032880B67ED771867B6D57C5E0D28A8CFED511C90971FFEBDC1D0D71E83C6C1A10962BF9 '!=' Modulus=BC282E74DF38EDD2C0F428856FBFBF333A68BB4C5EE5FDA3133608D1C4291A75302C93E4ACD848EB3A5DFF1BA072627FF3496DC9E558AB47184C8C302AA583F48D29AE8B413B2B73AB3F7851B702574916DF9F787C78B8406AAE06CE032880B67ED771867B6D57C5E0D28A8CFED511C90971FFEBDC1D0D71E83C6C1A10962BF9 ']' 500s + invalid_certificate /tmp/sssd-softhsm2-7F70Xv/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-19710 /tmp/sssd-softhsm2-7F70Xv/test-intermediate-CA.pem 500s + check_certificate /tmp/sssd-softhsm2-7F70Xv/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-19710 /tmp/sssd-softhsm2-7F70Xv/test-intermediate-CA.pem 500s + local certificate=/tmp/sssd-softhsm2-7F70Xv/test-root-CA-trusted-certificate-0001.pem 500s + local key_pass=pass:random-root-ca-trusted-cert-0001-19710 500s + local key_ring=/tmp/sssd-softhsm2-7F70Xv/test-intermediate-CA.pem 500s + local verify_option= 500s + prepare_softhsm2_card /tmp/sssd-softhsm2-7F70Xv/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-19710 500s + local certificate=/tmp/sssd-softhsm2-7F70Xv/test-root-CA-trusted-certificate-0001.pem 500s + local key_pass=pass:random-root-ca-trusted-cert-0001-19710 500s + local key_cn 500s + local key_name 500s + local tokens_dir 500s + local output_cert_file 500s + token_name= 500s ++ basename /tmp/sssd-softhsm2-7F70Xv/test-root-CA-trusted-certificate-0001.pem .pem 500s + key_name=test-root-CA-trusted-certificate-0001 500s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-7F70Xv/test-root-CA-trusted-certificate-0001.pem 500s ++ sed -n 's/ *commonName *= //p' 500s + key_cn='Test Organization Root Trusted Certificate 0001' 500s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 500s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-7F70Xv/softhsm2-test-root-CA-trusted-certificate-0001.conf 500s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-7F70Xv/softhsm2-test-root-CA-trusted-certificate-0001.conf 500s ++ basename /tmp/sssd-softhsm2-7F70Xv/softhsm2-test-root-CA-trusted-certificate-0001.conf .conf 500s + tokens_dir=/tmp/sssd-softhsm2-7F70Xv/softhsm2-test-root-CA-trusted-certificate-0001 500s + token_name='Test Organization Root Tr Token' 500s + '[' '!' -e /tmp/sssd-softhsm2-7F70Xv/softhsm2-test-root-CA-trusted-certificate-0001.conf ']' 500s + '[' '!' -d /tmp/sssd-softhsm2-7F70Xv/softhsm2-test-root-CA-trusted-certificate-0001 ']' 500s Test Organization Root Tr Token 500s + echo 'Test Organization Root Tr Token' 500s + '[' -n '' ']' 500s + local output_base_name=SSSD-child-26325 500s + local output_file=/tmp/sssd-softhsm2-7F70Xv/SSSD-child-26325.output 500s + output_cert_file=/tmp/sssd-softhsm2-7F70Xv/SSSD-child-26325.pem 500s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/powerpc64le-linux-gnu/softhsm/libsofthsm2.so '' --ca_db=/tmp/sssd-softhsm2-7F70Xv/test-intermediate-CA.pem 500s [p11_child[3152]] [main] (0x0400): p11_child started. 500s [p11_child[3152]] [main] (0x2000): Running in [pre-auth] mode. 500s [p11_child[3152]] [main] (0x2000): Running with effective IDs: [0][0]. 500s [p11_child[3152]] [main] (0x2000): Running with real IDs [0][0]. 500s [p11_child[3152]] [do_card] (0x4000): Module List: 500s [p11_child[3152]] [do_card] (0x4000): common name: [softhsm2]. 500s [p11_child[3152]] [do_card] (0x4000): dll name: [/usr/lib/powerpc64le-linux-gnu/softhsm/libsofthsm2.so]. 500s [p11_child[3152]] [do_card] (0x4000): Description [SoftHSM slot ID 0x37797ed] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 500s [p11_child[3152]] [do_card] (0x4000): Token label [Test Organization Root Tr Token]. 500s [p11_child[3152]] [do_card] (0x4000): Found [Test Organization Root Tr Token] in slot [SoftHSM slot ID 0x37797ed][58169325] of module [0][/usr/lib/powerpc64le-linux-gnu/softhsm/libsofthsm2.so]. 500s [p11_child[3152]] [do_card] (0x4000): Login NOT required. 500s [p11_child[3152]] [read_certs] (0x4000): found cert[Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] 500s [p11_child[3152]] [do_verification] (0x0040): X509_verify_cert failed [0]. 500s [p11_child[3152]] [do_verification] (0x0040): X509_verify_cert failed [20][unable to get local issuer certificate]. 500s [p11_child[3152]] [read_certs] (0x0040): Certificate [Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] not valid, skipping. 500s [p11_child[3152]] [do_card] (0x4000): No certificate found. 500s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-7F70Xv/SSSD-child-26325.output 500s + return 2 500s + invalid_certificate /tmp/sssd-softhsm2-7F70Xv/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-19710 /tmp/sssd-softhsm2-7F70Xv/test-intermediate-CA.pem partial_chain 500s + check_certificate /tmp/sssd-softhsm2-7F70Xv/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-19710 /tmp/sssd-softhsm2-7F70Xv/test-intermediate-CA.pem partial_chain 500s + local certificate=/tmp/sssd-softhsm2-7F70Xv/test-root-CA-trusted-certificate-0001.pem 500s + local key_pass=pass:random-root-ca-trusted-cert-0001-19710 500s + local key_ring=/tmp/sssd-softhsm2-7F70Xv/test-intermediate-CA.pem 500s + local verify_option=partial_chain 500s + prepare_softhsm2_card /tmp/sssd-softhsm2-7F70Xv/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-19710 500s + local certificate=/tmp/sssd-softhsm2-7F70Xv/test-root-CA-trusted-certificate-0001.pem 500s + local key_pass=pass:random-root-ca-trusted-cert-0001-19710 500s + local key_cn 500s + local key_name 500s + local tokens_dir 500s + local output_cert_file 500s + token_name= 500s ++ basename /tmp/sssd-softhsm2-7F70Xv/test-root-CA-trusted-certificate-0001.pem .pem 500s + key_name=test-root-CA-trusted-certificate-0001 500s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-7F70Xv/test-root-CA-trusted-certificate-0001.pem 500s ++ sed -n 's/ *commonName *= //p' 500s Test Organization Root Tr Token 500s + key_cn='Test Organization Root Trusted Certificate 0001' 500s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 500s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-7F70Xv/softhsm2-test-root-CA-trusted-certificate-0001.conf 500s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-7F70Xv/softhsm2-test-root-CA-trusted-certificate-0001.conf 500s ++ basename /tmp/sssd-softhsm2-7F70Xv/softhsm2-test-root-CA-trusted-certificate-0001.conf .conf 500s + tokens_dir=/tmp/sssd-softhsm2-7F70Xv/softhsm2-test-root-CA-trusted-certificate-0001 500s + token_name='Test Organization Root Tr Token' 500s + '[' '!' -e /tmp/sssd-softhsm2-7F70Xv/softhsm2-test-root-CA-trusted-certificate-0001.conf ']' 500s + '[' '!' -d /tmp/sssd-softhsm2-7F70Xv/softhsm2-test-root-CA-trusted-certificate-0001 ']' 500s + echo 'Test Organization Root Tr Token' 500s + '[' -n partial_chain ']' 500s + local verify_arg=--verify=partial_chain 500s + local output_base_name=SSSD-child-30142 500s + local output_file=/tmp/sssd-softhsm2-7F70Xv/SSSD-child-30142.output 500s + output_cert_file=/tmp/sssd-softhsm2-7F70Xv/SSSD-child-30142.pem 500s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/powerpc64le-linux-gnu/softhsm/libsofthsm2.so --verify=partial_chain --ca_db=/tmp/sssd-softhsm2-7F70Xv/test-intermediate-CA.pem 500s [p11_child[3159]] [main] (0x0400): p11_child started. 500s [p11_child[3159]] [main] (0x2000): Running in [pre-auth] mode. 500s [p11_child[3159]] [main] (0x2000): Running with effective IDs: [0][0]. 500s [p11_child[3159]] [main] (0x2000): Running with real IDs [0][0]. 500s [p11_child[3159]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 500s [p11_child[3159]] [do_card] (0x4000): Module List: 500s [p11_child[3159]] [do_card] (0x4000): common name: [softhsm2]. 500s [p11_child[3159]] [do_card] (0x4000): dll name: [/usr/lib/powerpc64le-linux-gnu/softhsm/libsofthsm2.so]. 500s [p11_child[3159]] [do_card] (0x4000): Description [SoftHSM slot ID 0x37797ed] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 500s [p11_child[3159]] [do_card] (0x4000): Token label [Test Organization Root Tr Token]. 500s [p11_child[3159]] [do_card] (0x4000): Found [Test Organization Root Tr Token] in slot [SoftHSM slot ID 0x37797ed][58169325] of module [0][/usr/lib/powerpc64le-linux-gnu/softhsm/libsofthsm2.so]. 500s [p11_child[3159]] [do_card] (0x4000): Login NOT required. 500s [p11_child[3159]] [read_certs] (0x4000): found cert[Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] 500s [p11_child[3159]] [do_verification] (0x0040): X509_verify_cert failed [0]. 500s [p11_child[3159]] [do_verification] (0x0040): X509_verify_cert failed [20][unable to get local issuer certificate]. 500s [p11_child[3159]] [read_certs] (0x0040): Certificate [Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] not valid, skipping. 500s [p11_child[3159]] [do_card] (0x4000): No certificate found. 500s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-7F70Xv/SSSD-child-30142.output 500s + return 2 500s + invalid_certificate /tmp/sssd-softhsm2-7F70Xv/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-2535 /dev/null 500s + check_certificate /tmp/sssd-softhsm2-7F70Xv/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-2535 /dev/null 500s + local certificate=/tmp/sssd-softhsm2-7F70Xv/test-intermediate-CA-trusted-certificate-0001.pem 500s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-2535 500s + local key_ring=/dev/null 500s + local verify_option= 500s + prepare_softhsm2_card /tmp/sssd-softhsm2-7F70Xv/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-2535 500s + local certificate=/tmp/sssd-softhsm2-7F70Xv/test-intermediate-CA-trusted-certificate-0001.pem 500s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-2535 500s + local key_cn 500s + local key_name 500s + local tokens_dir 500s + local output_cert_file 500s + token_name= 500s ++ basename /tmp/sssd-softhsm2-7F70Xv/test-intermediate-CA-trusted-certificate-0001.pem .pem 500s + key_name=test-intermediate-CA-trusted-certificate-0001 500s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-7F70Xv/test-intermediate-CA-trusted-certificate-0001.pem 500s ++ sed -n 's/ *commonName *= //p' 500s + key_cn='Test Organization Intermediate Trusted Certificate 0001' 500s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 500s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-7F70Xv/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 500s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-7F70Xv/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 500s ++ basename /tmp/sssd-softhsm2-7F70Xv/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf .conf 500s + tokens_dir=/tmp/sssd-softhsm2-7F70Xv/softhsm2-test-intermediate-CA-trusted-certificate-0001 500s + token_name='Test Organization Interme Token' 500s + '[' '!' -e /tmp/sssd-softhsm2-7F70Xv/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf ']' 500s + local key_file 500s + local decrypted_key 500s + mkdir -p /tmp/sssd-softhsm2-7F70Xv/softhsm2-test-intermediate-CA-trusted-certificate-0001 500s + key_file=/tmp/sssd-softhsm2-7F70Xv/test-intermediate-CA-trusted-certificate-0001-key.pem 500s + decrypted_key=/tmp/sssd-softhsm2-7F70Xv/test-intermediate-CA-trusted-certificate-0001-key-decrypted.pem 500s + cat 500s + softhsm2-util --init-token --label 'Test Organization Interme Token' --pin 053350 --so-pin 053350 --free 500s + softhsm2-util --show-slots 500s Slot 0 has a free/uninitialized token. 500s The token has been initialized and is reassigned to slot 1443090331 500s Available slots: 500s Slot 1443090331 500s Slot info: 500s Description: SoftHSM slot ID 0x5603cf9b 500s Manufacturer ID: SoftHSM project 500s Hardware version: 2.6 500s Firmware version: 2.6 500s Token present: yes 500s Token info: 500s Manufacturer ID: SoftHSM project 500s Model: SoftHSM v2 500s Hardware version: 2.6 500s Firmware version: 2.6 500s Serial number: eb459f135603cf9b 500s Initialized: yes 500s User PIN init.: yes 500s Label: Test Organization Interme Token 500s Slot 1 500s Slot info: 500s Description: SoftHSM slot ID 0x1 500s Manufacturer ID: SoftHSM project 500s Hardware version: 2.6 500s Firmware version: 2.6 500s Token present: yes 500s Token info: 500s Manufacturer ID: SoftHSM project 500s Model: SoftHSM v2 500s Hardware version: 2.6 500s Firmware version: 2.6 500s Serial number: 500s Initialized: no 500s User PIN init.: no 500s Label: 500s + p11tool --provider=/usr/lib/powerpc64le-linux-gnu/softhsm/libsofthsm2.so --write --no-mark-private --load-certificate=/tmp/sssd-softhsm2-7F70Xv/test-intermediate-CA-trusted-certificate-0001.pem --login --set-pin=053350 --label 'Test Organization Intermediate Trusted Certificate 0001' --id 00112233445566778899FFAABBCCDDEEFF012345 500s + openssl rsa -passin pass:random-intermediate-ca-trusted-cert-0001-2535 -in /tmp/sssd-softhsm2-7F70Xv/test-intermediate-CA-trusted-certificate-0001-key.pem -out /tmp/sssd-softhsm2-7F70Xv/test-intermediate-CA-trusted-certificate-0001-key-decrypted.pem 500s writing RSA key 500s + p11tool --provider=/usr/lib/powerpc64le-linux-gnu/softhsm/libsofthsm2.so --write --load-privkey=/tmp/sssd-softhsm2-7F70Xv/test-intermediate-CA-trusted-certificate-0001-key-decrypted.pem --login --set-pin=053350 --label 'Test Organization Intermediate Trusted Certificate 0001 Key' --id 00112233445566778899FFAABBCCDDEEFF012345 500s + rm /tmp/sssd-softhsm2-7F70Xv/test-intermediate-CA-trusted-certificate-0001-key-decrypted.pem 500s + p11tool --provider=/usr/lib/powerpc64le-linux-gnu/softhsm/libsofthsm2.so --list-all 500s Object 0: 500s URL: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=eb459f135603cf9b;token=Test%20Organization%20Interme%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Intermediate%20Trusted%20Certificate%200001;type=cert 500s Type: X.509 Certificate (RSA-1024) 500s Expires: Thu Mar 20 06:08:26 2025 500s Label: Test Organization Intermediate Trusted Certificate 0001 500s ID: 00:11:22:33:44:55:66:77:88:99:ff:aa:bb:cc:dd:ee:ff:01:23:45 500s 500s + echo 'Test Organization Interme Token' 500s + '[' -n '' ']' 500s + local output_base_name=SSSD-child-26811 500s Test Organization Interme Token 500s + local output_file=/tmp/sssd-softhsm2-7F70Xv/SSSD-child-26811.output 500s + output_cert_file=/tmp/sssd-softhsm2-7F70Xv/SSSD-child-26811.pem 500s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/powerpc64le-linux-gnu/softhsm/libsofthsm2.so '' --ca_db=/dev/null 500s [p11_child[3175]] [main] (0x0400): p11_child started. 500s [p11_child[3175]] [main] (0x2000): Running in [pre-auth] mode. 500s [p11_child[3175]] [main] (0x2000): Running with effective IDs: [0][0]. 500s [p11_child[3175]] [main] (0x2000): Running with real IDs [0][0]. 500s [p11_child[3175]] [init_verification] (0x0040): X509_LOOKUP_load_file [/dev/null] failed [92274824][error:05800088:x509 certificate routines::no certificate or crl found]. 500s [p11_child[3175]] [do_work] (0x0040): init_verification failed. 500s [p11_child[3175]] [main] (0x0020): p11_child failed (5) 500s + return 2 500s + valid_certificate /tmp/sssd-softhsm2-7F70Xv/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-2535 /dev/null no_verification 500s + check_certificate /tmp/sssd-softhsm2-7F70Xv/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-2535 /dev/null no_verification 500s + local certificate=/tmp/sssd-softhsm2-7F70Xv/test-intermediate-CA-trusted-certificate-0001.pem 500s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-2535 500s + local key_ring=/dev/null 500s + local verify_option=no_verification 500s + prepare_softhsm2_card /tmp/sssd-softhsm2-7F70Xv/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-2535 500s + local certificate=/tmp/sssd-softhsm2-7F70Xv/test-intermediate-CA-trusted-certificate-0001.pem 500s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-2535 500s + local key_cn 500s + local key_name 500s + local tokens_dir 500s + local output_cert_file 500s + token_name= 500s ++ basename /tmp/sssd-softhsm2-7F70Xv/test-intermediate-CA-trusted-certificate-0001.pem .pem 500s + key_name=test-intermediate-CA-trusted-certificate-0001 501s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-7F70Xv/test-intermediate-CA-trusted-certificate-0001.pem 501s ++ sed -n 's/ *commonName *= //p' 501s + key_cn='Test Organization Intermediate Trusted Certificate 0001' 501s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 501s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-7F70Xv/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 501s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-7F70Xv/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 501s ++ basename /tmp/sssd-softhsm2-7F70Xv/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf .conf 501s + tokens_dir=/tmp/sssd-softhsm2-7F70Xv/softhsm2-test-intermediate-CA-trusted-certificate-0001 501s + token_name='Test Organization Interme Token' 501s + '[' '!' -e /tmp/sssd-softhsm2-7F70Xv/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf ']' 501s + '[' '!' -d /tmp/sssd-softhsm2-7F70Xv/softhsm2-test-intermediate-CA-trusted-certificate-0001 ']' 501s + echo 'Test Organization Interme Token' 501s Test Organization Interme Token 501s + '[' -n no_verification ']' 501s + local verify_arg=--verify=no_verification 501s + local output_base_name=SSSD-child-10228 501s + local output_file=/tmp/sssd-softhsm2-7F70Xv/SSSD-child-10228.output 501s + output_cert_file=/tmp/sssd-softhsm2-7F70Xv/SSSD-child-10228.pem 501s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/powerpc64le-linux-gnu/softhsm/libsofthsm2.so --verify=no_verification --ca_db=/dev/null 501s [p11_child[3181]] [main] (0x0400): p11_child started. 501s [p11_child[3181]] [main] (0x2000): Running in [pre-auth] mode. 501s [p11_child[3181]] [main] (0x2000): Running with effective IDs: [0][0]. 501s [p11_child[3181]] [main] (0x2000): Running with real IDs [0][0]. 501s [p11_child[3181]] [parse_cert_verify_opts] (0x0020): Found 'no_verification' option, disabling verification completely. This should not be used in production. 501s [p11_child[3181]] [do_card] (0x4000): Module List: 501s [p11_child[3181]] [do_card] (0x4000): common name: [softhsm2]. 501s [p11_child[3181]] [do_card] (0x4000): dll name: [/usr/lib/powerpc64le-linux-gnu/softhsm/libsofthsm2.so]. 501s [p11_child[3181]] [do_card] (0x4000): Description [SoftHSM slot ID 0x5603cf9b] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 501s [p11_child[3181]] [do_card] (0x4000): Token label [Test Organization Interme Token]. 501s [p11_child[3181]] [do_card] (0x4000): Found [Test Organization Interme Token] in slot [SoftHSM slot ID 0x5603cf9b][1443090331] of module [0][/usr/lib/powerpc64le-linux-gnu/softhsm/libsofthsm2.so]. 501s [p11_child[3181]] [do_card] (0x4000): Login NOT required. 501s [p11_child[3181]] [read_certs] (0x4000): found cert[Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] 501s [p11_child[3181]] [do_card] (0x4000): /usr/lib/powerpc64le-linux-gnu/softhsm/libsofthsm2.so /usr/lib/powerpc64le-linux-gnu/softhsm/libsofthsm2.so (null) Test Organization Interme Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 501s [p11_child[3181]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x5603cf9b;slot-manufacturer=SoftHSM%20project;slot-id=1443090331;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=eb459f135603cf9b;token=Test%20Organization%20Interme%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Intermediate%20Trusted%20Certificate%200001;type=cert. 501s [p11_child[3181]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 501s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-7F70Xv/SSSD-child-10228.output 501s + echo '-----BEGIN CERTIFICATE-----' 501s + tail -n1 /tmp/sssd-softhsm2-7F70Xv/SSSD-child-10228.output 501s + echo '-----END CERTIFICATE-----' 501s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-7F70Xv/SSSD-child-10228.pem 501s Certificate: 501s Data: 501s Version: 3 (0x2) 501s Serial Number: 4 (0x4) 501s Signature Algorithm: sha256WithRSAEncryption 501s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate CA 501s Validity 501s Not Before: Mar 20 06:08:26 2024 GMT 501s Not After : Mar 20 06:08:26 2025 GMT 501s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate Trusted Certificate 0001 501s Subject Public Key Info: 501s Public Key Algorithm: rsaEncryption 501s Public-Key: (1024 bit) 501s Modulus: 501s 00:c9:b9:8a:ad:72:0d:5c:69:3b:26:8b:96:48:ed: 501s 95:8d:94:8f:0d:15:bc:9c:78:14:b3:df:a2:3a:75: 501s 9b:c1:79:c5:e2:2e:58:f3:ab:02:60:0b:33:68:b0: 501s 29:3a:9d:5b:c0:39:10:7f:e6:ee:42:19:12:c6:c2: 501s a7:6c:f7:96:12:1f:43:62:13:85:ca:90:6e:a2:64: 501s 94:66:9b:66:96:5b:c5:cc:64:55:c9:5f:c4:9d:ee: 501s 90:59:87:75:ca:b4:da:4c:18:79:84:af:76:dd:56: 501s 79:08:d1:a1:fd:91:6f:08:5c:e4:50:e0:11:e1:dd: 501s 5a:60:27:17:c1:cd:4e:b6:b9 501s Exponent: 65537 (0x10001) 501s X509v3 extensions: 501s X509v3 Authority Key Identifier: 501s C2:91:40:55:E8:67:1C:55:53:3A:C0:1B:9A:85:CC:FE:7E:BE:4F:05 501s X509v3 Basic Constraints: 501s CA:FALSE 501s Netscape Cert Type: 501s SSL Client, S/MIME 501s Netscape Comment: 501s Test Organization Intermediate CA trusted Certificate 501s X509v3 Subject Key Identifier: 501s 17:9C:4D:44:92:58:AF:63:4B:4F:42:37:28:A9:F9:A4:56:BD:B6:D0 501s X509v3 Key Usage: critical 501s Digital Signature, Non Repudiation, Key Encipherment 501s X509v3 Extended Key Usage: 501s TLS Web Client Authentication, E-mail Protection 501s X509v3 Subject Alternative Name: 501s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 501s Signature Algorithm: sha256WithRSAEncryption 501s Signature Value: 501s 0f:06:a8:71:32:ac:a9:07:15:8f:08:54:83:3c:79:66:66:df: 501s 43:b2:ba:b5:fd:08:e6:04:38:e3:a4:eb:72:e8:fb:91:47:39: 501s 4c:b0:55:d7:cf:31:81:48:8c:5d:b7:cc:f6:6b:a4:12:9f:14: 501s 17:6d:6f:9b:34:6c:b6:fd:cc:ba:24:dc:e9:02:bf:9e:01:be: 501s 05:a3:83:7f:36:3b:13:4a:06:af:16:65:ee:a8:c8:6c:64:8e: 501s 87:3c:a9:65:fd:a9:f3:40:a4:2f:62:25:3a:59:5d:a0:2b:a5: 501s 09:9b:7f:bb:0e:88:51:bb:a8:9f:c8:da:36:69:50:a3:ab:64: 501s 7a:67 501s + local found_md5 expected_md5 501s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-7F70Xv/test-intermediate-CA-trusted-certificate-0001.pem 501s + expected_md5=Modulus=C9B98AAD720D5C693B268B9648ED958D948F0D15BC9C7814B3DFA23A759BC179C5E22E58F3AB02600B3368B0293A9D5BC039107FE6EE421912C6C2A76CF796121F43621385CA906EA26494669B66965BC5CC6455C95FC49DEE90598775CAB4DA4C187984AF76DD567908D1A1FD916F085CE450E011E1DD5A602717C1CD4EB6B9 501s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-7F70Xv/SSSD-child-10228.pem 501s + found_md5=Modulus=C9B98AAD720D5C693B268B9648ED958D948F0D15BC9C7814B3DFA23A759BC179C5E22E58F3AB02600B3368B0293A9D5BC039107FE6EE421912C6C2A76CF796121F43621385CA906EA26494669B66965BC5CC6455C95FC49DEE90598775CAB4DA4C187984AF76DD567908D1A1FD916F085CE450E011E1DD5A602717C1CD4EB6B9 501s + '[' Modulus=C9B98AAD720D5C693B268B9648ED958D948F0D15BC9C7814B3DFA23A759BC179C5E22E58F3AB02600B3368B0293A9D5BC039107FE6EE421912C6C2A76CF796121F43621385CA906EA26494669B66965BC5CC6455C95FC49DEE90598775CAB4DA4C187984AF76DD567908D1A1FD916F085CE450E011E1DD5A602717C1CD4EB6B9 '!=' Modulus=C9B98AAD720D5C693B268B9648ED958D948F0D15BC9C7814B3DFA23A759BC179C5E22E58F3AB02600B3368B0293A9D5BC039107FE6EE421912C6C2A76CF796121F43621385CA906EA26494669B66965BC5CC6455C95FC49DEE90598775CAB4DA4C187984AF76DD567908D1A1FD916F085CE450E011E1DD5A602717C1CD4EB6B9 ']' 501s + output_file=/tmp/sssd-softhsm2-7F70Xv/SSSD-child-10228-auth.output 501s ++ basename /tmp/sssd-softhsm2-7F70Xv/SSSD-child-10228-auth.output .output 501s + output_cert_file=/tmp/sssd-softhsm2-7F70Xv/SSSD-child-10228-auth.pem 501s + echo -n 053350 501s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/dev/null --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 --verify=no_verification --token_name 'Test Organization Interme Token' --module_name /usr/lib/powerpc64le-linux-gnu/softhsm/libsofthsm2.so 501s [p11_child[3189]] [main] (0x0400): p11_child started. 501s [p11_child[3189]] [main] (0x2000): Running in [auth] mode. 501s [p11_child[3189]] [main] (0x2000): Running with effective IDs: [0][0]. 501s [p11_child[3189]] [main] (0x2000): Running with real IDs [0][0]. 501s [p11_child[3189]] [parse_cert_verify_opts] (0x0020): Found 'no_verification' option, disabling verification completely. This should not be used in production. 501s [p11_child[3189]] [do_card] (0x4000): Module List: 501s [p11_child[3189]] [do_card] (0x4000): common name: [softhsm2]. 501s [p11_child[3189]] [do_card] (0x4000): dll name: [/usr/lib/powerpc64le-linux-gnu/softhsm/libsofthsm2.so]. 501s [p11_child[3189]] [do_card] (0x4000): Description [SoftHSM slot ID 0x5603cf9b] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 501s [p11_child[3189]] [do_card] (0x4000): Token label [Test Organization Interme Token]. 501s [p11_child[3189]] [do_card] (0x4000): Found [Test Organization Interme Token] in slot [SoftHSM slot ID 0x5603cf9b][1443090331] of module [0][/usr/lib/powerpc64le-linux-gnu/softhsm/libsofthsm2.so]. 501s [p11_child[3189]] [do_card] (0x4000): Login required. 501s [p11_child[3189]] [read_certs] (0x4000): found cert[Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] 501s [p11_child[3189]] [do_card] (0x4000): /usr/lib/powerpc64le-linux-gnu/softhsm/libsofthsm2.so /usr/lib/powerpc64le-linux-gnu/softhsm/libsofthsm2.so Test Organization Interme Token Test Organization Interme Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 501s [p11_child[3189]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x5603cf9b;slot-manufacturer=SoftHSM%20project;slot-id=1443090331;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=eb459f135603cf9b;token=Test%20Organization%20Interme%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Intermediate%20Trusted%20Certificate%200001;type=cert. 501s [p11_child[3189]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 501s [p11_child[3189]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 501s [p11_child[3189]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 501s [p11_child[3189]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 501s [p11_child[3189]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 501s [p11_child[3189]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 501s [p11_child[3189]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 501s [p11_child[3189]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 501s [p11_child[3189]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 501s [p11_child[3189]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 501s [p11_child[3189]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 501s [p11_child[3189]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 501s [p11_child[3189]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 501s [p11_child[3189]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 501s [p11_child[3189]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 501s [p11_child[3189]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 501s [p11_child[3189]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 501s [p11_child[3189]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 501s [p11_child[3189]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 501s [p11_child[3189]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 501s [p11_child[3189]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 501s [p11_child[3189]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 501s [p11_child[3189]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 501s [p11_child[3189]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 501s [p11_child[3189]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 501s [p11_child[3189]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 501s [p11_child[3189]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 501s [p11_child[3189]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 501s [p11_child[3189]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 501s [p11_child[3189]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 501s [p11_child[3189]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 501s [p11_child[3189]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 501s [p11_child[3189]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 501s [p11_child[3189]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 501s [p11_child[3189]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 501s [p11_child[3189]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 501s [p11_child[3189]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 501s [p11_child[3189]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 501s [p11_child[3189]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 501s [p11_child[3189]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 501s [p11_child[3189]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 501s [p11_child[3189]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 501s [p11_child[3189]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 501s [p11_child[3189]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 501s [p11_child[3189]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 501s [p11_child[3189]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 501s [p11_child[3189]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 501s [p11_child[3189]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 501s [p11_child[3189]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 501s [p11_child[3189]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 501s [p11_child[3189]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 501s [p11_child[3189]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 501s [p11_child[3189]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 501s [p11_child[3189]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 501s [p11_child[3189]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 501s [p11_child[3189]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 501s [p11_child[3189]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 501s [p11_child[3189]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 501s [p11_child[3189]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 501s [p11_child[3189]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 501s [p11_child[3189]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 501s [p11_child[3189]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 501s [p11_child[3189]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 501s [p11_child[3189]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 501s [p11_child[3189]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 501s [p11_child[3189]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 501s [p11_child[3189]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 501s [p11_child[3189]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 501s [p11_child[3189]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 501s [p11_child[3189]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 501s [p11_child[3189]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 501s [p11_child[3189]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 501s [p11_child[3189]] [do_card] (0x4000): Certificate verified and validated. 501s [p11_child[3189]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 501s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-7F70Xv/SSSD-child-10228-auth.output 501s + echo '-----BEGIN CERTIFICATE-----' 501s + tail -n1 /tmp/sssd-softhsm2-7F70Xv/SSSD-child-10228-auth.output 501s + echo '-----END CERTIFICATE-----' 501s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-7F70Xv/SSSD-child-10228-auth.pem 501s Certificate: 501s Data: 501s Version: 3 (0x2) 501s Serial Number: 4 (0x4) 501s Signature Algorithm: sha256WithRSAEncryption 501s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate CA 501s Validity 501s Not Before: Mar 20 06:08:26 2024 GMT 501s Not After : Mar 20 06:08:26 2025 GMT 501s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate Trusted Certificate 0001 501s Subject Public Key Info: 501s Public Key Algorithm: rsaEncryption 501s Public-Key: (1024 bit) 501s Modulus: 501s 00:c9:b9:8a:ad:72:0d:5c:69:3b:26:8b:96:48:ed: 501s 95:8d:94:8f:0d:15:bc:9c:78:14:b3:df:a2:3a:75: 501s 9b:c1:79:c5:e2:2e:58:f3:ab:02:60:0b:33:68:b0: 501s 29:3a:9d:5b:c0:39:10:7f:e6:ee:42:19:12:c6:c2: 501s a7:6c:f7:96:12:1f:43:62:13:85:ca:90:6e:a2:64: 501s 94:66:9b:66:96:5b:c5:cc:64:55:c9:5f:c4:9d:ee: 501s 90:59:87:75:ca:b4:da:4c:18:79:84:af:76:dd:56: 501s 79:08:d1:a1:fd:91:6f:08:5c:e4:50:e0:11:e1:dd: 501s 5a:60:27:17:c1:cd:4e:b6:b9 501s Exponent: 65537 (0x10001) 501s X509v3 extensions: 501s X509v3 Authority Key Identifier: 501s C2:91:40:55:E8:67:1C:55:53:3A:C0:1B:9A:85:CC:FE:7E:BE:4F:05 501s X509v3 Basic Constraints: 501s CA:FALSE 501s Netscape Cert Type: 501s SSL Client, S/MIME 501s Netscape Comment: 501s Test Organization Intermediate CA trusted Certificate 501s X509v3 Subject Key Identifier: 501s 17:9C:4D:44:92:58:AF:63:4B:4F:42:37:28:A9:F9:A4:56:BD:B6:D0 501s X509v3 Key Usage: critical 501s Digital Signature, Non Repudiation, Key Encipherment 501s X509v3 Extended Key Usage: 501s TLS Web Client Authentication, E-mail Protection 501s X509v3 Subject Alternative Name: 501s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 501s Signature Algorithm: sha256WithRSAEncryption 501s Signature Value: 501s 0f:06:a8:71:32:ac:a9:07:15:8f:08:54:83:3c:79:66:66:df: 501s 43:b2:ba:b5:fd:08:e6:04:38:e3:a4:eb:72:e8:fb:91:47:39: 501s 4c:b0:55:d7:cf:31:81:48:8c:5d:b7:cc:f6:6b:a4:12:9f:14: 501s 17:6d:6f:9b:34:6c:b6:fd:cc:ba:24:dc:e9:02:bf:9e:01:be: 501s 05:a3:83:7f:36:3b:13:4a:06:af:16:65:ee:a8:c8:6c:64:8e: 501s 87:3c:a9:65:fd:a9:f3:40:a4:2f:62:25:3a:59:5d:a0:2b:a5: 501s 09:9b:7f:bb:0e:88:51:bb:a8:9f:c8:da:36:69:50:a3:ab:64: 501s 7a:67 501s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-7F70Xv/SSSD-child-10228-auth.pem 501s + found_md5=Modulus=C9B98AAD720D5C693B268B9648ED958D948F0D15BC9C7814B3DFA23A759BC179C5E22E58F3AB02600B3368B0293A9D5BC039107FE6EE421912C6C2A76CF796121F43621385CA906EA26494669B66965BC5CC6455C95FC49DEE90598775CAB4DA4C187984AF76DD567908D1A1FD916F085CE450E011E1DD5A602717C1CD4EB6B9 501s + '[' Modulus=C9B98AAD720D5C693B268B9648ED958D948F0D15BC9C7814B3DFA23A759BC179C5E22E58F3AB02600B3368B0293A9D5BC039107FE6EE421912C6C2A76CF796121F43621385CA906EA26494669B66965BC5CC6455C95FC49DEE90598775CAB4DA4C187984AF76DD567908D1A1FD916F085CE450E011E1DD5A602717C1CD4EB6B9 '!=' Modulus=C9B98AAD720D5C693B268B9648ED958D948F0D15BC9C7814B3DFA23A759BC179C5E22E58F3AB02600B3368B0293A9D5BC039107FE6EE421912C6C2A76CF796121F43621385CA906EA26494669B66965BC5CC6455C95FC49DEE90598775CAB4DA4C187984AF76DD567908D1A1FD916F085CE450E011E1DD5A602717C1CD4EB6B9 ']' 501s + invalid_certificate /tmp/sssd-softhsm2-7F70Xv/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-2535 /tmp/sssd-softhsm2-7F70Xv/test-root-CA.pem 501s + check_certificate /tmp/sssd-softhsm2-7F70Xv/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-2535 /tmp/sssd-softhsm2-7F70Xv/test-root-CA.pem 501s + local certificate=/tmp/sssd-softhsm2-7F70Xv/test-intermediate-CA-trusted-certificate-0001.pem 501s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-2535 501s + local key_ring=/tmp/sssd-softhsm2-7F70Xv/test-root-CA.pem 501s + local verify_option= 501s + prepare_softhsm2_card /tmp/sssd-softhsm2-7F70Xv/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-2535 501s + local certificate=/tmp/sssd-softhsm2-7F70Xv/test-intermediate-CA-trusted-certificate-0001.pem 501s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-2535 501s + local key_cn 501s + local key_name 501s + local tokens_dir 501s + local output_cert_file 501s + token_name= 501s ++ basename /tmp/sssd-softhsm2-7F70Xv/test-intermediate-CA-trusted-certificate-0001.pem .pem 501s + key_name=test-intermediate-CA-trusted-certificate-0001 501s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-7F70Xv/test-intermediate-CA-trusted-certificate-0001.pem 501s ++ sed -n 's/ *commonName *= //p' 501s + key_cn='Test Organization Intermediate Trusted Certificate 0001' 501s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 501s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-7F70Xv/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 501s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-7F70Xv/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 501s ++ basename /tmp/sssd-softhsm2-7F70Xv/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf .conf 501s + tokens_dir=/tmp/sssd-softhsm2-7F70Xv/softhsm2-test-intermediate-CA-trusted-certificate-0001 501s + token_name='Test Organization Interme Token' 501s + '[' '!' -e /tmp/sssd-softhsm2-7F70Xv/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf ']' 501s + '[' '!' -d /tmp/sssd-softhsm2-7F70Xv/softhsm2-test-intermediate-CA-trusted-certificate-0001 ']' 501s + echo 'Test Organization Interme Token' 501s + '[' -n '' ']' 501s + local output_base_name=SSSD-child-12015 501s + local output_file=/tmp/sssd-softhsm2-7F70Xv/SSSD-child-12015.output 501s + output_cert_file=/tmp/sssd-softhsm2-7F70Xv/SSSD-child-12015.pem 501s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/powerpc64le-linux-gnu/softhsm/libsofthsm2.so '' --ca_db=/tmp/sssd-softhsm2-7F70Xv/test-root-CA.pem 501s Test Organization Interme Token 501s [p11_child[3199]] [main] (0x0400): p11_child started. 501s [p11_child[3199]] [main] (0x2000): Running in [pre-auth] mode. 501s [p11_child[3199]] [main] (0x2000): Running with effective IDs: [0][0]. 501s [p11_child[3199]] [main] (0x2000): Running with real IDs [0][0]. 501s [p11_child[3199]] [do_card] (0x4000): Module List: 501s [p11_child[3199]] [do_card] (0x4000): common name: [softhsm2]. 501s [p11_child[3199]] [do_card] (0x4000): dll name: [/usr/lib/powerpc64le-linux-gnu/softhsm/libsofthsm2.so]. 501s [p11_child[3199]] [do_card] (0x4000): Description [SoftHSM slot ID 0x5603cf9b] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 501s [p11_child[3199]] [do_card] (0x4000): Token label [Test Organization Interme Token]. 501s [p11_child[3199]] [do_card] (0x4000): Found [Test Organization Interme Token] in slot [SoftHSM slot ID 0x5603cf9b][1443090331] of module [0][/usr/lib/powerpc64le-linux-gnu/softhsm/libsofthsm2.so]. 501s [p11_child[3199]] [do_card] (0x4000): Login NOT required. 501s [p11_child[3199]] [read_certs] (0x4000): found cert[Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] 501s [p11_child[3199]] [do_verification] (0x0040): X509_verify_cert failed [0]. 501s [p11_child[3199]] [do_verification] (0x0040): X509_verify_cert failed [20][unable to get local issuer certificate]. 501s [p11_child[3199]] [read_certs] (0x0040): Certificate [Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] not valid, skipping. 501s [p11_child[3199]] [do_card] (0x4000): No certificate found. 501s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-7F70Xv/SSSD-child-12015.output 501s + return 2 501s + invalid_certificate /tmp/sssd-softhsm2-7F70Xv/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-2535 /tmp/sssd-softhsm2-7F70Xv/test-root-CA.pem partial_chain 501s + check_certificate /tmp/sssd-softhsm2-7F70Xv/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-2535 /tmp/sssd-softhsm2-7F70Xv/test-root-CA.pem partial_chain 501s + local certificate=/tmp/sssd-softhsm2-7F70Xv/test-intermediate-CA-trusted-certificate-0001.pem 501s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-2535 501s + local key_ring=/tmp/sssd-softhsm2-7F70Xv/test-root-CA.pem 501s + local verify_option=partial_chain 501s + prepare_softhsm2_card /tmp/sssd-softhsm2-7F70Xv/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-2535 501s + local certificate=/tmp/sssd-softhsm2-7F70Xv/test-intermediate-CA-trusted-certificate-0001.pem 501s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-2535 501s + local key_cn 501s + local key_name 501s + local tokens_dir 501s + local output_cert_file 501s + token_name= 501s ++ basename /tmp/sssd-softhsm2-7F70Xv/test-intermediate-CA-trusted-certificate-0001.pem .pem 501s + key_name=test-intermediate-CA-trusted-certificate-0001 501s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-7F70Xv/test-intermediate-CA-trusted-certificate-0001.pem 501s ++ sed -n 's/ *commonName *= //p' 501s + key_cn='Test Organization Intermediate Trusted Certificate 0001' 501s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 501s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-7F70Xv/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 501s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-7F70Xv/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 501s ++ basename /tmp/sssd-softhsm2-7F70Xv/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf .conf 501s + tokens_dir=/tmp/sssd-softhsm2-7F70Xv/softhsm2-test-intermediate-CA-trusted-certificate-0001 501s + token_name='Test Organization Interme Token' 501s + '[' '!' -e /tmp/sssd-softhsm2-7F70Xv/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf ']' 501s + '[' '!' -d /tmp/sssd-softhsm2-7F70Xv/softhsm2-test-intermediate-CA-trusted-certificate-0001 ']' 501s + echo 'Test Organization Interme Token' 501s + '[' -n partial_chain ']' 501s + local verify_arg=--verify=partial_chain 501s + local output_base_name=SSSD-child-31013 501s + local output_file=/tmp/sssd-softhsm2-7F70Xv/SSSD-child-31013.output 501s + output_cert_file=/tmp/sssd-softhsm2-7F70Xv/SSSD-child-31013.pem 501s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/powerpc64le-linux-gnu/softhsm/libsofthsm2.so --verify=partial_chain --ca_db=/tmp/sssd-softhsm2-7F70Xv/test-root-CA.pem 501s Test Organization Interme Token 501s [p11_child[3206]] [main] (0x0400): p11_child started. 501s [p11_child[3206]] [main] (0x2000): Running in [pre-auth] mode. 501s [p11_child[3206]] [main] (0x2000): Running with effective IDs: [0][0]. 501s [p11_child[3206]] [main] (0x2000): Running with real IDs [0][0]. 501s [p11_child[3206]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 501s [p11_child[3206]] [do_card] (0x4000): Module List: 501s [p11_child[3206]] [do_card] (0x4000): common name: [softhsm2]. 501s [p11_child[3206]] [do_card] (0x4000): dll name: [/usr/lib/powerpc64le-linux-gnu/softhsm/libsofthsm2.so]. 501s [p11_child[3206]] [do_card] (0x4000): Description [SoftHSM slot ID 0x5603cf9b] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 501s [p11_child[3206]] [do_card] (0x4000): Token label [Test Organization Interme Token]. 501s [p11_child[3206]] [do_card] (0x4000): Found [Test Organization Interme Token] in slot [SoftHSM slot ID 0x5603cf9b][1443090331] of module [0][/usr/lib/powerpc64le-linux-gnu/softhsm/libsofthsm2.so]. 501s [p11_child[3206]] [do_card] (0x4000): Login NOT required. 501s [p11_child[3206]] [read_certs] (0x4000): found cert[Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] 501s [p11_child[3206]] [do_verification] (0x0040): X509_verify_cert failed [0]. 501s [p11_child[3206]] [do_verification] (0x0040): X509_verify_cert failed [20][unable to get local issuer certificate]. 501s [p11_child[3206]] [read_certs] (0x0040): Certificate [Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] not valid, skipping. 501s [p11_child[3206]] [do_card] (0x4000): No certificate found. 501s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-7F70Xv/SSSD-child-31013.output 501s + return 2 501s + valid_certificate /tmp/sssd-softhsm2-7F70Xv/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-2535 /tmp/sssd-softhsm2-7F70Xv/test-full-chain-CA.pem 501s + check_certificate /tmp/sssd-softhsm2-7F70Xv/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-2535 /tmp/sssd-softhsm2-7F70Xv/test-full-chain-CA.pem 501s + local certificate=/tmp/sssd-softhsm2-7F70Xv/test-intermediate-CA-trusted-certificate-0001.pem 501s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-2535 501s + local key_ring=/tmp/sssd-softhsm2-7F70Xv/test-full-chain-CA.pem 501s + local verify_option= 501s + prepare_softhsm2_card /tmp/sssd-softhsm2-7F70Xv/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-2535 501s + local certificate=/tmp/sssd-softhsm2-7F70Xv/test-intermediate-CA-trusted-certificate-0001.pem 501s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-2535 501s + local key_cn 501s + local key_name 501s + local tokens_dir 501s + local output_cert_file 501s + token_name= 501s ++ basename /tmp/sssd-softhsm2-7F70Xv/test-intermediate-CA-trusted-certificate-0001.pem .pem 501s + key_name=test-intermediate-CA-trusted-certificate-0001 501s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-7F70Xv/test-intermediate-CA-trusted-certificate-0001.pem 501s ++ sed -n 's/ *commonName *= //p' 501s + key_cn='Test Organization Intermediate Trusted Certificate 0001' 501s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 501s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-7F70Xv/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 501s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-7F70Xv/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 501s ++ basename /tmp/sssd-softhsm2-7F70Xv/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf .conf 501s + tokens_dir=/tmp/sssd-softhsm2-7F70Xv/softhsm2-test-intermediate-CA-trusted-certificate-0001 501s Test Organization Interme Token 501s + token_name='Test Organization Interme Token' 501s + '[' '!' -e /tmp/sssd-softhsm2-7F70Xv/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf ']' 501s + '[' '!' -d /tmp/sssd-softhsm2-7F70Xv/softhsm2-test-intermediate-CA-trusted-certificate-0001 ']' 501s + echo 'Test Organization Interme Token' 501s + '[' -n '' ']' 501s + local output_base_name=SSSD-child-30153 501s + local output_file=/tmp/sssd-softhsm2-7F70Xv/SSSD-child-30153.output 501s + output_cert_file=/tmp/sssd-softhsm2-7F70Xv/SSSD-child-30153.pem 501s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/powerpc64le-linux-gnu/softhsm/libsofthsm2.so '' --ca_db=/tmp/sssd-softhsm2-7F70Xv/test-full-chain-CA.pem 501s [p11_child[3213]] [main] (0x0400): p11_child started. 501s [p11_child[3213]] [main] (0x2000): Running in [pre-auth] mode. 501s [p11_child[3213]] [main] (0x2000): Running with effective IDs: [0][0]. 501s [p11_child[3213]] [main] (0x2000): Running with real IDs [0][0]. 501s [p11_child[3213]] [do_card] (0x4000): Module List: 501s [p11_child[3213]] [do_card] (0x4000): common name: [softhsm2]. 501s [p11_child[3213]] [do_card] (0x4000): dll name: [/usr/lib/powerpc64le-linux-gnu/softhsm/libsofthsm2.so]. 501s [p11_child[3213]] [do_card] (0x4000): Description [SoftHSM slot ID 0x5603cf9b] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 501s [p11_child[3213]] [do_card] (0x4000): Token label [Test Organization Interme Token]. 501s [p11_child[3213]] [do_card] (0x4000): Found [Test Organization Interme Token] in slot [SoftHSM slot ID 0x5603cf9b][1443090331] of module [0][/usr/lib/powerpc64le-linux-gnu/softhsm/libsofthsm2.so]. 501s [p11_child[3213]] [do_card] (0x4000): Login NOT required. 501s [p11_child[3213]] [read_certs] (0x4000): found cert[Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] 501s [p11_child[3213]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 501s [p11_child[3213]] [do_card] (0x4000): /usr/lib/powerpc64le-linux-gnu/softhsm/libsofthsm2.so /usr/lib/powerpc64le-linux-gnu/softhsm/libsofthsm2.so (null) Test Organization Interme Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 501s [p11_child[3213]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x5603cf9b;slot-manufacturer=SoftHSM%20project;slot-id=1443090331;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=eb459f135603cf9b;token=Test%20Organization%20Interme%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Intermediate%20Trusted%20Certificate%200001;type=cert. 501s [p11_child[3213]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 501s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-7F70Xv/SSSD-child-30153.output 501s + echo '-----BEGIN CERTIFICATE-----' 501s + tail -n1 /tmp/sssd-softhsm2-7F70Xv/SSSD-child-30153.output 501s + echo '-----END CERTIFICATE-----' 501s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-7F70Xv/SSSD-child-30153.pem 501s + local found_md5 expected_md5 501s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-7F70Xv/test-intermediate-CA-trusted-certificate-0001.pem 501s Certificate: 501s Data: 501s Version: 3 (0x2) 501s Serial Number: 4 (0x4) 501s Signature Algorithm: sha256WithRSAEncryption 501s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate CA 501s Validity 501s Not Before: Mar 20 06:08:26 2024 GMT 501s Not After : Mar 20 06:08:26 2025 GMT 501s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate Trusted Certificate 0001 501s Subject Public Key Info: 501s Public Key Algorithm: rsaEncryption 501s Public-Key: (1024 bit) 501s Modulus: 501s 00:c9:b9:8a:ad:72:0d:5c:69:3b:26:8b:96:48:ed: 501s 95:8d:94:8f:0d:15:bc:9c:78:14:b3:df:a2:3a:75: 501s 9b:c1:79:c5:e2:2e:58:f3:ab:02:60:0b:33:68:b0: 501s 29:3a:9d:5b:c0:39:10:7f:e6:ee:42:19:12:c6:c2: 501s a7:6c:f7:96:12:1f:43:62:13:85:ca:90:6e:a2:64: 501s 94:66:9b:66:96:5b:c5:cc:64:55:c9:5f:c4:9d:ee: 501s 90:59:87:75:ca:b4:da:4c:18:79:84:af:76:dd:56: 501s 79:08:d1:a1:fd:91:6f:08:5c:e4:50:e0:11:e1:dd: 501s 5a:60:27:17:c1:cd:4e:b6:b9 501s Exponent: 65537 (0x10001) 501s X509v3 extensions: 501s X509v3 Authority Key Identifier: 501s C2:91:40:55:E8:67:1C:55:53:3A:C0:1B:9A:85:CC:FE:7E:BE:4F:05 501s X509v3 Basic Constraints: 501s CA:FALSE 501s Netscape Cert Type: 501s SSL Client, S/MIME 501s Netscape Comment: 501s Test Organization Intermediate CA trusted Certificate 501s X509v3 Subject Key Identifier: 501s 17:9C:4D:44:92:58:AF:63:4B:4F:42:37:28:A9:F9:A4:56:BD:B6:D0 501s X509v3 Key Usage: critical 501s Digital Signature, Non Repudiation, Key Encipherment 501s X509v3 Extended Key Usage: 501s TLS Web Client Authentication, E-mail Protection 501s X509v3 Subject Alternative Name: 501s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 501s Signature Algorithm: sha256WithRSAEncryption 501s Signature Value: 501s 0f:06:a8:71:32:ac:a9:07:15:8f:08:54:83:3c:79:66:66:df: 501s 43:b2:ba:b5:fd:08:e6:04:38:e3:a4:eb:72:e8:fb:91:47:39: 501s 4c:b0:55:d7:cf:31:81:48:8c:5d:b7:cc:f6:6b:a4:12:9f:14: 501s 17:6d:6f:9b:34:6c:b6:fd:cc:ba:24:dc:e9:02:bf:9e:01:be: 501s 05:a3:83:7f:36:3b:13:4a:06:af:16:65:ee:a8:c8:6c:64:8e: 501s 87:3c:a9:65:fd:a9:f3:40:a4:2f:62:25:3a:59:5d:a0:2b:a5: 501s 09:9b:7f:bb:0e:88:51:bb:a8:9f:c8:da:36:69:50:a3:ab:64: 501s 7a:67 501s + expected_md5=Modulus=C9B98AAD720D5C693B268B9648ED958D948F0D15BC9C7814B3DFA23A759BC179C5E22E58F3AB02600B3368B0293A9D5BC039107FE6EE421912C6C2A76CF796121F43621385CA906EA26494669B66965BC5CC6455C95FC49DEE90598775CAB4DA4C187984AF76DD567908D1A1FD916F085CE450E011E1DD5A602717C1CD4EB6B9 501s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-7F70Xv/SSSD-child-30153.pem 501s + found_md5=Modulus=C9B98AAD720D5C693B268B9648ED958D948F0D15BC9C7814B3DFA23A759BC179C5E22E58F3AB02600B3368B0293A9D5BC039107FE6EE421912C6C2A76CF796121F43621385CA906EA26494669B66965BC5CC6455C95FC49DEE90598775CAB4DA4C187984AF76DD567908D1A1FD916F085CE450E011E1DD5A602717C1CD4EB6B9 501s + '[' Modulus=C9B98AAD720D5C693B268B9648ED958D948F0D15BC9C7814B3DFA23A759BC179C5E22E58F3AB02600B3368B0293A9D5BC039107FE6EE421912C6C2A76CF796121F43621385CA906EA26494669B66965BC5CC6455C95FC49DEE90598775CAB4DA4C187984AF76DD567908D1A1FD916F085CE450E011E1DD5A602717C1CD4EB6B9 '!=' Modulus=C9B98AAD720D5C693B268B9648ED958D948F0D15BC9C7814B3DFA23A759BC179C5E22E58F3AB02600B3368B0293A9D5BC039107FE6EE421912C6C2A76CF796121F43621385CA906EA26494669B66965BC5CC6455C95FC49DEE90598775CAB4DA4C187984AF76DD567908D1A1FD916F085CE450E011E1DD5A602717C1CD4EB6B9 ']' 501s + output_file=/tmp/sssd-softhsm2-7F70Xv/SSSD-child-30153-auth.output 501s ++ basename /tmp/sssd-softhsm2-7F70Xv/SSSD-child-30153-auth.output .output 501s + output_cert_file=/tmp/sssd-softhsm2-7F70Xv/SSSD-child-30153-auth.pem 501s + echo -n 053350 501s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/tmp/sssd-softhsm2-7F70Xv/test-full-chain-CA.pem --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 '' --token_name 'Test Organization Interme Token' --module_name /usr/lib/powerpc64le-linux-gnu/softhsm/libsofthsm2.so 501s [p11_child[3221]] [main] (0x0400): p11_child started. 501s [p11_child[3221]] [main] (0x2000): Running in [auth] mode. 501s [p11_child[3221]] [main] (0x2000): Running with effective IDs: [0][0]. 501s [p11_child[3221]] [main] (0x2000): Running with real IDs [0][0]. 501s [p11_child[3221]] [do_card] (0x4000): Module List: 501s [p11_child[3221]] [do_card] (0x4000): common name: [softhsm2]. 501s [p11_child[3221]] [do_card] (0x4000): dll name: [/usr/lib/powerpc64le-linux-gnu/softhsm/libsofthsm2.so]. 501s [p11_child[3221]] [do_card] (0x4000): Description [SoftHSM slot ID 0x5603cf9b] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 501s [p11_child[3221]] [do_card] (0x4000): Token label [Test Organization Interme Token]. 501s [p11_child[3221]] [do_card] (0x4000): Found [Test Organization Interme Token] in slot [SoftHSM slot ID 0x5603cf9b][1443090331] of module [0][/usr/lib/powerpc64le-linux-gnu/softhsm/libsofthsm2.so]. 501s [p11_child[3221]] [do_card] (0x4000): Login required. 501s [p11_child[3221]] [read_certs] (0x4000): found cert[Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] 501s [p11_child[3221]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 501s [p11_child[3221]] [do_card] (0x4000): /usr/lib/powerpc64le-linux-gnu/softhsm/libsofthsm2.so /usr/lib/powerpc64le-linux-gnu/softhsm/libsofthsm2.so Test Organization Interme Token Test Organization Interme Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 501s [p11_child[3221]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x5603cf9b;slot-manufacturer=SoftHSM%20project;slot-id=1443090331;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=eb459f135603cf9b;token=Test%20Organization%20Interme%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Intermediate%20Trusted%20Certificate%200001;type=cert. 501s [p11_child[3221]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 501s [p11_child[3221]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 501s [p11_child[3221]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 501s [p11_child[3221]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 501s [p11_child[3221]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 501s [p11_child[3221]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 501s [p11_child[3221]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 501s [p11_child[3221]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 501s [p11_child[3221]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 501s [p11_child[3221]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 501s [p11_child[3221]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 501s [p11_child[3221]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 501s [p11_child[3221]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 501s [p11_child[3221]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 501s [p11_child[3221]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 501s [p11_child[3221]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 501s [p11_child[3221]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 501s [p11_child[3221]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 501s [p11_child[3221]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 501s [p11_child[3221]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 501s [p11_child[3221]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 501s [p11_child[3221]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 501s [p11_child[3221]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 501s [p11_child[3221]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 501s [p11_child[3221]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 501s [p11_child[3221]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 501s [p11_child[3221]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 501s [p11_child[3221]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 501s [p11_child[3221]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 501s [p11_child[3221]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 501s [p11_child[3221]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 501s [p11_child[3221]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 501s [p11_child[3221]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 501s [p11_child[3221]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 501s [p11_child[3221]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 501s [p11_child[3221]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 501s [p11_child[3221]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 501s [p11_child[3221]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 501s [p11_child[3221]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 501s [p11_child[3221]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 501s [p11_child[3221]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 501s [p11_child[3221]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 501s [p11_child[3221]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 501s [p11_child[3221]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 501s [p11_child[3221]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 501s [p11_child[3221]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 501s [p11_child[3221]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 501s [p11_child[3221]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 501s [p11_child[3221]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 501s [p11_child[3221]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 501s [p11_child[3221]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 501s [p11_child[3221]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 501s [p11_child[3221]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 501s [p11_child[3221]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 501s [p11_child[3221]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 501s [p11_child[3221]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 501s [p11_child[3221]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 501s [p11_child[3221]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 501s [p11_child[3221]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 501s [p11_child[3221]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 501s [p11_child[3221]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 501s [p11_child[3221]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 501s [p11_child[3221]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 501s [p11_child[3221]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 501s [p11_child[3221]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 501s [p11_child[3221]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 501s [p11_child[3221]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 501s [p11_child[3221]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 501s [p11_child[3221]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 501s [p11_child[3221]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 501s [p11_child[3221]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 501s [p11_child[3221]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 501s [p11_child[3221]] [do_card] (0x4000): Certificate verified and validated. 501s [p11_child[3221]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 501s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-7F70Xv/SSSD-child-30153-auth.output 501s + echo '-----BEGIN CERTIFICATE-----' 501s + tail -n1 /tmp/sssd-softhsm2-7F70Xv/SSSD-child-30153-auth.output 501s + echo '-----END CERTIFICATE-----' 501s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-7F70Xv/SSSD-child-30153-auth.pem 501s Certificate: 501s Data: 501s Version: 3 (0x2) 501s Serial Number: 4 (0x4) 501s Signature Algorithm: sha256WithRSAEncryption 501s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate CA 501s Validity 501s Not Before: Mar 20 06:08:26 2024 GMT 501s Not After : Mar 20 06:08:26 2025 GMT 501s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate Trusted Certificate 0001 501s Subject Public Key Info: 501s Public Key Algorithm: rsaEncryption 501s Public-Key: (1024 bit) 501s Modulus: 501s 00:c9:b9:8a:ad:72:0d:5c:69:3b:26:8b:96:48:ed: 501s 95:8d:94:8f:0d:15:bc:9c:78:14:b3:df:a2:3a:75: 501s 9b:c1:79:c5:e2:2e:58:f3:ab:02:60:0b:33:68:b0: 501s 29:3a:9d:5b:c0:39:10:7f:e6:ee:42:19:12:c6:c2: 501s a7:6c:f7:96:12:1f:43:62:13:85:ca:90:6e:a2:64: 501s 94:66:9b:66:96:5b:c5:cc:64:55:c9:5f:c4:9d:ee: 501s 90:59:87:75:ca:b4:da:4c:18:79:84:af:76:dd:56: 501s 79:08:d1:a1:fd:91:6f:08:5c:e4:50:e0:11:e1:dd: 501s 5a:60:27:17:c1:cd:4e:b6:b9 501s Exponent: 65537 (0x10001) 501s X509v3 extensions: 501s X509v3 Authority Key Identifier: 501s C2:91:40:55:E8:67:1C:55:53:3A:C0:1B:9A:85:CC:FE:7E:BE:4F:05 501s X509v3 Basic Constraints: 501s CA:FALSE 501s Netscape Cert Type: 501s SSL Client, S/MIME 501s Netscape Comment: 501s Test Organization Intermediate CA trusted Certificate 501s X509v3 Subject Key Identifier: 501s 17:9C:4D:44:92:58:AF:63:4B:4F:42:37:28:A9:F9:A4:56:BD:B6:D0 501s X509v3 Key Usage: critical 501s Digital Signature, Non Repudiation, Key Encipherment 501s X509v3 Extended Key Usage: 501s TLS Web Client Authentication, E-mail Protection 501s X509v3 Subject Alternative Name: 501s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 501s Signature Algorithm: sha256WithRSAEncryption 501s Signature Value: 501s 0f:06:a8:71:32:ac:a9:07:15:8f:08:54:83:3c:79:66:66:df: 501s 43:b2:ba:b5:fd:08:e6:04:38:e3:a4:eb:72:e8:fb:91:47:39: 501s 4c:b0:55:d7:cf:31:81:48:8c:5d:b7:cc:f6:6b:a4:12:9f:14: 501s 17:6d:6f:9b:34:6c:b6:fd:cc:ba:24:dc:e9:02:bf:9e:01:be: 501s 05:a3:83:7f:36:3b:13:4a:06:af:16:65:ee:a8:c8:6c:64:8e: 501s 87:3c:a9:65:fd:a9:f3:40:a4:2f:62:25:3a:59:5d:a0:2b:a5: 501s 09:9b:7f:bb:0e:88:51:bb:a8:9f:c8:da:36:69:50:a3:ab:64: 501s 7a:67 501s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-7F70Xv/SSSD-child-30153-auth.pem 501s + found_md5=Modulus=C9B98AAD720D5C693B268B9648ED958D948F0D15BC9C7814B3DFA23A759BC179C5E22E58F3AB02600B3368B0293A9D5BC039107FE6EE421912C6C2A76CF796121F43621385CA906EA26494669B66965BC5CC6455C95FC49DEE90598775CAB4DA4C187984AF76DD567908D1A1FD916F085CE450E011E1DD5A602717C1CD4EB6B9 501s + '[' Modulus=C9B98AAD720D5C693B268B9648ED958D948F0D15BC9C7814B3DFA23A759BC179C5E22E58F3AB02600B3368B0293A9D5BC039107FE6EE421912C6C2A76CF796121F43621385CA906EA26494669B66965BC5CC6455C95FC49DEE90598775CAB4DA4C187984AF76DD567908D1A1FD916F085CE450E011E1DD5A602717C1CD4EB6B9 '!=' Modulus=C9B98AAD720D5C693B268B9648ED958D948F0D15BC9C7814B3DFA23A759BC179C5E22E58F3AB02600B3368B0293A9D5BC039107FE6EE421912C6C2A76CF796121F43621385CA906EA26494669B66965BC5CC6455C95FC49DEE90598775CAB4DA4C187984AF76DD567908D1A1FD916F085CE450E011E1DD5A602717C1CD4EB6B9 ']' 501s + valid_certificate /tmp/sssd-softhsm2-7F70Xv/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-2535 /tmp/sssd-softhsm2-7F70Xv/test-full-chain-CA.pem partial_chain 501s + check_certificate /tmp/sssd-softhsm2-7F70Xv/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-2535 /tmp/sssd-softhsm2-7F70Xv/test-full-chain-CA.pem partial_chain 501s + local certificate=/tmp/sssd-softhsm2-7F70Xv/test-intermediate-CA-trusted-certificate-0001.pem 501s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-2535 501s + local key_ring=/tmp/sssd-softhsm2-7F70Xv/test-full-chain-CA.pem 501s + local verify_option=partial_chain 501s + prepare_softhsm2_card /tmp/sssd-softhsm2-7F70Xv/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-2535 501s + local certificate=/tmp/sssd-softhsm2-7F70Xv/test-intermediate-CA-trusted-certificate-0001.pem 501s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-2535 501s + local key_cn 501s + local key_name 501s + local tokens_dir 501s + local output_cert_file 501s + token_name= 501s ++ basename /tmp/sssd-softhsm2-7F70Xv/test-intermediate-CA-trusted-certificate-0001.pem .pem 501s + key_name=test-intermediate-CA-trusted-certificate-0001 501s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-7F70Xv/test-intermediate-CA-trusted-certificate-0001.pem 501s ++ sed -n 's/ *commonName *= //p' 501s + key_cn='Test Organization Intermediate Trusted Certificate 0001' 501s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 501s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-7F70Xv/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 501s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-7F70Xv/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 501s ++ basename /tmp/sssd-softhsm2-7F70Xv/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf .conf 501s + tokens_dir=/tmp/sssd-softhsm2-7F70Xv/softhsm2-test-intermediate-CA-trusted-certificate-0001 501s + token_name='Test Organization Interme Token' 501s + '[' '!' -e /tmp/sssd-softhsm2-7F70Xv/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf ']' 501s + '[' '!' -d /tmp/sssd-softhsm2-7F70Xv/softhsm2-test-intermediate-CA-trusted-certificate-0001 ']' 501s + echo 'Test Organization Interme Token' 501s + '[' -n partial_chain ']' 501s + local verify_arg=--verify=partial_chain 501s + local output_base_name=SSSD-child-19326 501s + local output_file=/tmp/sssd-softhsm2-7F70Xv/SSSD-child-19326.output 501s + output_cert_file=/tmp/sssd-softhsm2-7F70Xv/SSSD-child-19326.pem 501s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/powerpc64le-linux-gnu/softhsm/libsofthsm2.so --verify=partial_chain --ca_db=/tmp/sssd-softhsm2-7F70Xv/test-full-chain-CA.pem 501s Test Organization Interme Token 501s [p11_child[3231]] [main] (0x0400): p11_child started. 501s [p11_child[3231]] [main] (0x2000): Running in [pre-auth] mode. 501s [p11_child[3231]] [main] (0x2000): Running with effective IDs: [0][0]. 501s [p11_child[3231]] [main] (0x2000): Running with real IDs [0][0]. 501s [p11_child[3231]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 501s [p11_child[3231]] [do_card] (0x4000): Module List: 501s [p11_child[3231]] [do_card] (0x4000): common name: [softhsm2]. 501s [p11_child[3231]] [do_card] (0x4000): dll name: [/usr/lib/powerpc64le-linux-gnu/softhsm/libsofthsm2.so]. 501s [p11_child[3231]] [do_card] (0x4000): Description [SoftHSM slot ID 0x5603cf9b] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 501s [p11_child[3231]] [do_card] (0x4000): Token label [Test Organization Interme Token]. 501s [p11_child[3231]] [do_card] (0x4000): Found [Test Organization Interme Token] in slot [SoftHSM slot ID 0x5603cf9b][1443090331] of module [0][/usr/lib/powerpc64le-linux-gnu/softhsm/libsofthsm2.so]. 501s [p11_child[3231]] [do_card] (0x4000): Login NOT required. 501s [p11_child[3231]] [read_certs] (0x4000): found cert[Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] 501s [p11_child[3231]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 501s [p11_child[3231]] [do_card] (0x4000): /usr/lib/powerpc64le-linux-gnu/softhsm/libsofthsm2.so /usr/lib/powerpc64le-linux-gnu/softhsm/libsofthsm2.so (null) Test Organization Interme Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 501s [p11_child[3231]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x5603cf9b;slot-manufacturer=SoftHSM%20project;slot-id=1443090331;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=eb459f135603cf9b;token=Test%20Organization%20Interme%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Intermediate%20Trusted%20Certificate%200001;type=cert. 501s [p11_child[3231]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 501s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-7F70Xv/SSSD-child-19326.output 501s + echo '-----BEGIN CERTIFICATE-----' 501s + tail -n1 /tmp/sssd-softhsm2-7F70Xv/SSSD-child-19326.output 501s + echo '-----END CERTIFICATE-----' 501s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-7F70Xv/SSSD-child-19326.pem 502s Certificate: 502s Data: 502s Version: 3 (0x2) 502s Serial Number: 4 (0x4) 502s Signature Algorithm: sha256WithRSAEncryption 502s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate CA 502s Validity 502s Not Before: Mar 20 06:08:26 2024 GMT 502s Not After : Mar 20 06:08:26 2025 GMT 502s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate Trusted Certificate 0001 502s Subject Public Key Info: 502s Public Key Algorithm: rsaEncryption 502s Public-Key: (1024 bit) 502s Modulus: 502s 00:c9:b9:8a:ad:72:0d:5c:69:3b:26:8b:96:48:ed: 502s 95:8d:94:8f:0d:15:bc:9c:78:14:b3:df:a2:3a:75: 502s 9b:c1:79:c5:e2:2e:58:f3:ab:02:60:0b:33:68:b0: 502s 29:3a:9d:5b:c0:39:10:7f:e6:ee:42:19:12:c6:c2: 502s a7:6c:f7:96:12:1f:43:62:13:85:ca:90:6e:a2:64: 502s 94:66:9b:66:96:5b:c5:cc:64:55:c9:5f:c4:9d:ee: 502s 90:59:87:75:ca:b4:da:4c:18:79:84:af:76:dd:56: 502s 79:08:d1:a1:fd:91:6f:08:5c:e4:50:e0:11:e1:dd: 502s 5a:60:27:17:c1:cd:4e:b6:b9 502s Exponent: 65537 (0x10001) 502s X509v3 extensions: 502s X509v3 Authority Key Identifier: 502s C2:91:40:55:E8:67:1C:55:53:3A:C0:1B:9A:85:CC:FE:7E:BE:4F:05 502s X509v3 Basic Constraints: 502s CA:FALSE 502s Netscape Cert Type: 502s SSL Client, S/MIME 502s Netscape Comment: 502s Test Organization Intermediate CA trusted Certificate 502s X509v3 Subject Key Identifier: 502s 17:9C:4D:44:92:58:AF:63:4B:4F:42:37:28:A9:F9:A4:56:BD:B6:D0 502s X509v3 Key Usage: critical 502s Digital Signature, Non Repudiation, Key Encipherment 502s X509v3 Extended Key Usage: 502s TLS Web Client Authentication, E-mail Protection 502s X509v3 Subject Alternative Name: 502s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 502s Signature Algorithm: sha256WithRSAEncryption 502s Signature Value: 502s 0f:06:a8:71:32:ac:a9:07:15:8f:08:54:83:3c:79:66:66:df: 502s 43:b2:ba:b5:fd:08:e6:04:38:e3:a4:eb:72:e8:fb:91:47:39: 502s 4c:b0:55:d7:cf:31:81:48:8c:5d:b7:cc:f6:6b:a4:12:9f:14: 502s 17:6d:6f:9b:34:6c:b6:fd:cc:ba:24:dc:e9:02:bf:9e:01:be: 502s 05:a3:83:7f:36:3b:13:4a:06:af:16:65:ee:a8:c8:6c:64:8e: 502s 87:3c:a9:65:fd:a9:f3:40:a4:2f:62:25:3a:59:5d:a0:2b:a5: 502s 09:9b:7f:bb:0e:88:51:bb:a8:9f:c8:da:36:69:50:a3:ab:64: 502s 7a:67 502s + local found_md5 expected_md5 502s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-7F70Xv/test-intermediate-CA-trusted-certificate-0001.pem 502s + expected_md5=Modulus=C9B98AAD720D5C693B268B9648ED958D948F0D15BC9C7814B3DFA23A759BC179C5E22E58F3AB02600B3368B0293A9D5BC039107FE6EE421912C6C2A76CF796121F43621385CA906EA26494669B66965BC5CC6455C95FC49DEE90598775CAB4DA4C187984AF76DD567908D1A1FD916F085CE450E011E1DD5A602717C1CD4EB6B9 502s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-7F70Xv/SSSD-child-19326.pem 502s + found_md5=Modulus=C9B98AAD720D5C693B268B9648ED958D948F0D15BC9C7814B3DFA23A759BC179C5E22E58F3AB02600B3368B0293A9D5BC039107FE6EE421912C6C2A76CF796121F43621385CA906EA26494669B66965BC5CC6455C95FC49DEE90598775CAB4DA4C187984AF76DD567908D1A1FD916F085CE450E011E1DD5A602717C1CD4EB6B9 502s + '[' Modulus=C9B98AAD720D5C693B268B9648ED958D948F0D15BC9C7814B3DFA23A759BC179C5E22E58F3AB02600B3368B0293A9D5BC039107FE6EE421912C6C2A76CF796121F43621385CA906EA26494669B66965BC5CC6455C95FC49DEE90598775CAB4DA4C187984AF76DD567908D1A1FD916F085CE450E011E1DD5A602717C1CD4EB6B9 '!=' Modulus=C9B98AAD720D5C693B268B9648ED958D948F0D15BC9C7814B3DFA23A759BC179C5E22E58F3AB02600B3368B0293A9D5BC039107FE6EE421912C6C2A76CF796121F43621385CA906EA26494669B66965BC5CC6455C95FC49DEE90598775CAB4DA4C187984AF76DD567908D1A1FD916F085CE450E011E1DD5A602717C1CD4EB6B9 ']' 502s + output_file=/tmp/sssd-softhsm2-7F70Xv/SSSD-child-19326-auth.output 502s ++ basename /tmp/sssd-softhsm2-7F70Xv/SSSD-child-19326-auth.output .output 502s + output_cert_file=/tmp/sssd-softhsm2-7F70Xv/SSSD-child-19326-auth.pem 502s + echo -n 053350 502s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/tmp/sssd-softhsm2-7F70Xv/test-full-chain-CA.pem --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 --verify=partial_chain --token_name 'Test Organization Interme Token' --module_name /usr/lib/powerpc64le-linux-gnu/softhsm/libsofthsm2.so 502s [p11_child[3239]] [main] (0x0400): p11_child started. 502s [p11_child[3239]] [main] (0x2000): Running in [auth] mode. 502s [p11_child[3239]] [main] (0x2000): Running with effective IDs: [0][0]. 502s [p11_child[3239]] [main] (0x2000): Running with real IDs [0][0]. 502s [p11_child[3239]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 502s [p11_child[3239]] [do_card] (0x4000): Module List: 502s [p11_child[3239]] [do_card] (0x4000): common name: [softhsm2]. 502s [p11_child[3239]] [do_card] (0x4000): dll name: [/usr/lib/powerpc64le-linux-gnu/softhsm/libsofthsm2.so]. 502s [p11_child[3239]] [do_card] (0x4000): Description [SoftHSM slot ID 0x5603cf9b] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 502s [p11_child[3239]] [do_card] (0x4000): Token label [Test Organization Interme Token]. 502s [p11_child[3239]] [do_card] (0x4000): Found [Test Organization Interme Token] in slot [SoftHSM slot ID 0x5603cf9b][1443090331] of module [0][/usr/lib/powerpc64le-linux-gnu/softhsm/libsofthsm2.so]. 502s [p11_child[3239]] [do_card] (0x4000): Login required. 502s [p11_child[3239]] [read_certs] (0x4000): found cert[Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] 502s [p11_child[3239]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 502s [p11_child[3239]] [do_card] (0x4000): /usr/lib/powerpc64le-linux-gnu/softhsm/libsofthsm2.so /usr/lib/powerpc64le-linux-gnu/softhsm/libsofthsm2.so Test Organization Interme Token Test Organization Interme Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 502s [p11_child[3239]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x5603cf9b;slot-manufacturer=SoftHSM%20project;slot-id=1443090331;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=eb459f135603cf9b;token=Test%20Organization%20Interme%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Intermediate%20Trusted%20Certificate%200001;type=cert. 502s [p11_child[3239]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 502s [p11_child[3239]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 502s [p11_child[3239]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 502s [p11_child[3239]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 502s [p11_child[3239]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 502s [p11_child[3239]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 502s [p11_child[3239]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 502s [p11_child[3239]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 502s [p11_child[3239]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 502s [p11_child[3239]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 502s [p11_child[3239]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 502s [p11_child[3239]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 502s [p11_child[3239]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 502s [p11_child[3239]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 502s [p11_child[3239]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 502s [p11_child[3239]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 502s [p11_child[3239]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 502s [p11_child[3239]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 502s [p11_child[3239]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 502s [p11_child[3239]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 502s [p11_child[3239]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 502s [p11_child[3239]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 502s [p11_child[3239]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 502s [p11_child[3239]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 502s [p11_child[3239]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 502s [p11_child[3239]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 502s [p11_child[3239]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 502s [p11_child[3239]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 502s [p11_child[3239]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 502s [p11_child[3239]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 502s [p11_child[3239]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 502s [p11_child[3239]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 502s [p11_child[3239]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 502s [p11_child[3239]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 502s [p11_child[3239]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 502s [p11_child[3239]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 502s [p11_child[3239]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 502s [p11_child[3239]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 502s [p11_child[3239]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 502s [p11_child[3239]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 502s [p11_child[3239]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 502s [p11_child[3239]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 502s [p11_child[3239]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 502s [p11_child[3239]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 502s [p11_child[3239]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 502s [p11_child[3239]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 502s [p11_child[3239]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 502s [p11_child[3239]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 502s [p11_child[3239]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 502s [p11_child[3239]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 502s [p11_child[3239]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 502s [p11_child[3239]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 502s [p11_child[3239]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 502s [p11_child[3239]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 502s [p11_child[3239]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 502s [p11_child[3239]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 502s [p11_child[3239]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 502s [p11_child[3239]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 502s [p11_child[3239]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 502s [p11_child[3239]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 502s [p11_child[3239]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 502s [p11_child[3239]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 502s [p11_child[3239]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 502s [p11_child[3239]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 502s [p11_child[3239]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 502s [p11_child[3239]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 502s [p11_child[3239]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 502s [p11_child[3239]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 502s [p11_child[3239]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 502s [p11_child[3239]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 502s [p11_child[3239]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 502s [p11_child[3239]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 502s [p11_child[3239]] [do_card] (0x4000): Certificate verified and validated. 502s [p11_child[3239]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 502s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-7F70Xv/SSSD-child-19326-auth.output 502s + echo '-----BEGIN CERTIFICATE-----' 502s + tail -n1 /tmp/sssd-softhsm2-7F70Xv/SSSD-child-19326-auth.output 502s + echo '-----END CERTIFICATE-----' 502s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-7F70Xv/SSSD-child-19326-auth.pem 502s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-7F70Xv/SSSD-child-19326-auth.pem 502s Certificate: 502s Data: 502s Version: 3 (0x2) 502s Serial Number: 4 (0x4) 502s Signature Algorithm: sha256WithRSAEncryption 502s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate CA 502s Validity 502s Not Before: Mar 20 06:08:26 2024 GMT 502s Not After : Mar 20 06:08:26 2025 GMT 502s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate Trusted Certificate 0001 502s Subject Public Key Info: 502s Public Key Algorithm: rsaEncryption 502s Public-Key: (1024 bit) 502s Modulus: 502s 00:c9:b9:8a:ad:72:0d:5c:69:3b:26:8b:96:48:ed: 502s 95:8d:94:8f:0d:15:bc:9c:78:14:b3:df:a2:3a:75: 502s 9b:c1:79:c5:e2:2e:58:f3:ab:02:60:0b:33:68:b0: 502s 29:3a:9d:5b:c0:39:10:7f:e6:ee:42:19:12:c6:c2: 502s a7:6c:f7:96:12:1f:43:62:13:85:ca:90:6e:a2:64: 502s 94:66:9b:66:96:5b:c5:cc:64:55:c9:5f:c4:9d:ee: 502s 90:59:87:75:ca:b4:da:4c:18:79:84:af:76:dd:56: 502s 79:08:d1:a1:fd:91:6f:08:5c:e4:50:e0:11:e1:dd: 502s 5a:60:27:17:c1:cd:4e:b6:b9 502s Exponent: 65537 (0x10001) 502s X509v3 extensions: 502s X509v3 Authority Key Identifier: 502s C2:91:40:55:E8:67:1C:55:53:3A:C0:1B:9A:85:CC:FE:7E:BE:4F:05 502s X509v3 Basic Constraints: 502s CA:FALSE 502s Netscape Cert Type: 502s SSL Client, S/MIME 502s Netscape Comment: 502s Test Organization Intermediate CA trusted Certificate 502s X509v3 Subject Key Identifier: 502s 17:9C:4D:44:92:58:AF:63:4B:4F:42:37:28:A9:F9:A4:56:BD:B6:D0 502s X509v3 Key Usage: critical 502s Digital Signature, Non Repudiation, Key Encipherment 502s X509v3 Extended Key Usage: 502s TLS Web Client Authentication, E-mail Protection 502s X509v3 Subject Alternative Name: 502s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 502s Signature Algorithm: sha256WithRSAEncryption 502s Signature Value: 502s 0f:06:a8:71:32:ac:a9:07:15:8f:08:54:83:3c:79:66:66:df: 502s 43:b2:ba:b5:fd:08:e6:04:38:e3:a4:eb:72:e8:fb:91:47:39: 502s 4c:b0:55:d7:cf:31:81:48:8c:5d:b7:cc:f6:6b:a4:12:9f:14: 502s 17:6d:6f:9b:34:6c:b6:fd:cc:ba:24:dc:e9:02:bf:9e:01:be: 502s 05:a3:83:7f:36:3b:13:4a:06:af:16:65:ee:a8:c8:6c:64:8e: 502s 87:3c:a9:65:fd:a9:f3:40:a4:2f:62:25:3a:59:5d:a0:2b:a5: 502s 09:9b:7f:bb:0e:88:51:bb:a8:9f:c8:da:36:69:50:a3:ab:64: 502s 7a:67 502s + found_md5=Modulus=C9B98AAD720D5C693B268B9648ED958D948F0D15BC9C7814B3DFA23A759BC179C5E22E58F3AB02600B3368B0293A9D5BC039107FE6EE421912C6C2A76CF796121F43621385CA906EA26494669B66965BC5CC6455C95FC49DEE90598775CAB4DA4C187984AF76DD567908D1A1FD916F085CE450E011E1DD5A602717C1CD4EB6B9 502s + '[' Modulus=C9B98AAD720D5C693B268B9648ED958D948F0D15BC9C7814B3DFA23A759BC179C5E22E58F3AB02600B3368B0293A9D5BC039107FE6EE421912C6C2A76CF796121F43621385CA906EA26494669B66965BC5CC6455C95FC49DEE90598775CAB4DA4C187984AF76DD567908D1A1FD916F085CE450E011E1DD5A602717C1CD4EB6B9 '!=' Modulus=C9B98AAD720D5C693B268B9648ED958D948F0D15BC9C7814B3DFA23A759BC179C5E22E58F3AB02600B3368B0293A9D5BC039107FE6EE421912C6C2A76CF796121F43621385CA906EA26494669B66965BC5CC6455C95FC49DEE90598775CAB4DA4C187984AF76DD567908D1A1FD916F085CE450E011E1DD5A602717C1CD4EB6B9 ']' 502s + invalid_certificate /tmp/sssd-softhsm2-7F70Xv/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-2535 /tmp/sssd-softhsm2-7F70Xv/test-intermediate-CA.pem 502s + check_certificate /tmp/sssd-softhsm2-7F70Xv/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-2535 /tmp/sssd-softhsm2-7F70Xv/test-intermediate-CA.pem 502s + local certificate=/tmp/sssd-softhsm2-7F70Xv/test-intermediate-CA-trusted-certificate-0001.pem 502s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-2535 502s + local key_ring=/tmp/sssd-softhsm2-7F70Xv/test-intermediate-CA.pem 502s + local verify_option= 502s + prepare_softhsm2_card /tmp/sssd-softhsm2-7F70Xv/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-2535 502s + local certificate=/tmp/sssd-softhsm2-7F70Xv/test-intermediate-CA-trusted-certificate-0001.pem 502s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-2535 502s + local key_cn 502s + local key_name 502s + local tokens_dir 502s + local output_cert_file 502s + token_name= 502s ++ basename /tmp/sssd-softhsm2-7F70Xv/test-intermediate-CA-trusted-certificate-0001.pem .pem 502s + key_name=test-intermediate-CA-trusted-certificate-0001 502s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-7F70Xv/test-intermediate-CA-trusted-certificate-0001.pem 502s ++ sed -n 's/ *commonName *= //p' 502s + key_cn='Test Organization Intermediate Trusted Certificate 0001' 502s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 502s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-7F70Xv/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 502s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-7F70Xv/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 502s ++ basename /tmp/sssd-softhsm2-7F70Xv/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf .conf 502s + tokens_dir=/tmp/sssd-softhsm2-7F70Xv/softhsm2-test-intermediate-CA-trusted-certificate-0001 502s + token_name='Test Organization Interme Token' 502s + '[' '!' -e /tmp/sssd-softhsm2-7F70Xv/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf ']' 502s + '[' '!' -d /tmp/sssd-softhsm2-7F70Xv/softhsm2-test-intermediate-CA-trusted-certificate-0001 ']' 502s + echo 'Test Organization Interme Token' 502s + '[' -n '' ']' 502s + local output_base_name=SSSD-child-16567 502s + local output_file=/tmp/sssd-softhsm2-7F70Xv/SSSD-child-16567.output 502s + output_cert_file=/tmp/sssd-softhsm2-7F70Xv/SSSD-child-16567.pem 502s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/powerpc64le-linux-gnu/softhsm/libsofthsm2.so '' --ca_db=/tmp/sssd-softhsm2-7F70Xv/test-intermediate-CA.pem 502s [p11_child[3249]] [main] (0x0400): p11_child started. 502s [p11_child[3249]] [main] (0x2000): Running in [pre-auth] mode. 502s [p11_child[3249]] [main] (0x2000): Running with effective IDs: [0][0]. 502s [p11_child[3249]] [main] (0x2000): Running with real IDs [0][0]. 502s Test Organization Interme Token 502s [p11_child[3249]] [do_card] (0x4000): Module List: 502s [p11_child[3249]] [do_card] (0x4000): common name: [softhsm2]. 502s [p11_child[3249]] [do_card] (0x4000): dll name: [/usr/lib/powerpc64le-linux-gnu/softhsm/libsofthsm2.so]. 502s [p11_child[3249]] [do_card] (0x4000): Description [SoftHSM slot ID 0x5603cf9b] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 502s [p11_child[3249]] [do_card] (0x4000): Token label [Test Organization Interme Token]. 502s [p11_child[3249]] [do_card] (0x4000): Found [Test Organization Interme Token] in slot [SoftHSM slot ID 0x5603cf9b][1443090331] of module [0][/usr/lib/powerpc64le-linux-gnu/softhsm/libsofthsm2.so]. 502s [p11_child[3249]] [do_card] (0x4000): Login NOT required. 502s [p11_child[3249]] [read_certs] (0x4000): found cert[Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] 502s [p11_child[3249]] [do_verification] (0x0040): X509_verify_cert failed [0]. 502s [p11_child[3249]] [do_verification] (0x0040): X509_verify_cert failed [2][unable to get issuer certificate]. 502s [p11_child[3249]] [read_certs] (0x0040): Certificate [Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] not valid, skipping. 502s [p11_child[3249]] [do_card] (0x4000): No certificate found. 502s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-7F70Xv/SSSD-child-16567.output 502s + return 2 502s + valid_certificate /tmp/sssd-softhsm2-7F70Xv/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-2535 /tmp/sssd-softhsm2-7F70Xv/test-intermediate-CA.pem partial_chain 502s + check_certificate /tmp/sssd-softhsm2-7F70Xv/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-2535 /tmp/sssd-softhsm2-7F70Xv/test-intermediate-CA.pem partial_chain 502s + local certificate=/tmp/sssd-softhsm2-7F70Xv/test-intermediate-CA-trusted-certificate-0001.pem 502s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-2535 502s + local key_ring=/tmp/sssd-softhsm2-7F70Xv/test-intermediate-CA.pem 502s + local verify_option=partial_chain 502s + prepare_softhsm2_card /tmp/sssd-softhsm2-7F70Xv/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-2535 502s + local certificate=/tmp/sssd-softhsm2-7F70Xv/test-intermediate-CA-trusted-certificate-0001.pem 502s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-2535 502s + local key_cn 502s + local key_name 502s + local tokens_dir 502s + local output_cert_file 502s + token_name= 502s ++ basename /tmp/sssd-softhsm2-7F70Xv/test-intermediate-CA-trusted-certificate-0001.pem .pem 502s + key_name=test-intermediate-CA-trusted-certificate-0001 502s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-7F70Xv/test-intermediate-CA-trusted-certificate-0001.pem 502s ++ sed -n 's/ *commonName *= //p' 502s Test Organization Interme Token 502s + key_cn='Test Organization Intermediate Trusted Certificate 0001' 502s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 502s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-7F70Xv/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 502s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-7F70Xv/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 502s ++ basename /tmp/sssd-softhsm2-7F70Xv/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf .conf 502s + tokens_dir=/tmp/sssd-softhsm2-7F70Xv/softhsm2-test-intermediate-CA-trusted-certificate-0001 502s + token_name='Test Organization Interme Token' 502s + '[' '!' -e /tmp/sssd-softhsm2-7F70Xv/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf ']' 502s + '[' '!' -d /tmp/sssd-softhsm2-7F70Xv/softhsm2-test-intermediate-CA-trusted-certificate-0001 ']' 502s + echo 'Test Organization Interme Token' 502s + '[' -n partial_chain ']' 502s + local verify_arg=--verify=partial_chain 502s + local output_base_name=SSSD-child-20701 502s + local output_file=/tmp/sssd-softhsm2-7F70Xv/SSSD-child-20701.output 502s + output_cert_file=/tmp/sssd-softhsm2-7F70Xv/SSSD-child-20701.pem 502s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/powerpc64le-linux-gnu/softhsm/libsofthsm2.so --verify=partial_chain --ca_db=/tmp/sssd-softhsm2-7F70Xv/test-intermediate-CA.pem 502s [p11_child[3256]] [main] (0x0400): p11_child started. 502s [p11_child[3256]] [main] (0x2000): Running in [pre-auth] mode. 502s [p11_child[3256]] [main] (0x2000): Running with effective IDs: [0][0]. 502s [p11_child[3256]] [main] (0x2000): Running with real IDs [0][0]. 502s [p11_child[3256]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 502s [p11_child[3256]] [do_card] (0x4000): Module List: 502s [p11_child[3256]] [do_card] (0x4000): common name: [softhsm2]. 502s [p11_child[3256]] [do_card] (0x4000): dll name: [/usr/lib/powerpc64le-linux-gnu/softhsm/libsofthsm2.so]. 502s [p11_child[3256]] [do_card] (0x4000): Description [SoftHSM slot ID 0x5603cf9b] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 502s [p11_child[3256]] [do_card] (0x4000): Token label [Test Organization Interme Token]. 502s [p11_child[3256]] [do_card] (0x4000): Found [Test Organization Interme Token] in slot [SoftHSM slot ID 0x5603cf9b][1443090331] of module [0][/usr/lib/powerpc64le-linux-gnu/softhsm/libsofthsm2.so]. 502s [p11_child[3256]] [do_card] (0x4000): Login NOT required. 502s [p11_child[3256]] [read_certs] (0x4000): found cert[Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] 502s [p11_child[3256]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 502s [p11_child[3256]] [do_card] (0x4000): /usr/lib/powerpc64le-linux-gnu/softhsm/libsofthsm2.so /usr/lib/powerpc64le-linux-gnu/softhsm/libsofthsm2.so (null) Test Organization Interme Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 502s [p11_child[3256]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x5603cf9b;slot-manufacturer=SoftHSM%20project;slot-id=1443090331;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=eb459f135603cf9b;token=Test%20Organization%20Interme%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Intermediate%20Trusted%20Certificate%200001;type=cert. 502s [p11_child[3256]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 502s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-7F70Xv/SSSD-child-20701.output 502s + echo '-----BEGIN CERTIFICATE-----' 502s + tail -n1 /tmp/sssd-softhsm2-7F70Xv/SSSD-child-20701.output 502s + echo '-----END CERTIFICATE-----' 502s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-7F70Xv/SSSD-child-20701.pem 502s Certificate: 502s Data: 502s Version: 3 (0x2) 502s Serial Number: 4 (0x4) 502s Signature Algorithm: sha256WithRSAEncryption 502s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate CA 502s Validity 502s Not Before: Mar 20 06:08:26 2024 GMT 502s Not After : Mar 20 06:08:26 2025 GMT 502s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate Trusted Certificate 0001 502s Subject Public Key Info: 502s Public Key Algorithm: rsaEncryption 502s Public-Key: (1024 bit) 502s Modulus: 502s 00:c9:b9:8a:ad:72:0d:5c:69:3b:26:8b:96:48:ed: 502s 95:8d:94:8f:0d:15:bc:9c:78:14:b3:df:a2:3a:75: 502s 9b:c1:79:c5:e2:2e:58:f3:ab:02:60:0b:33:68:b0: 502s 29:3a:9d:5b:c0:39:10:7f:e6:ee:42:19:12:c6:c2: 502s a7:6c:f7:96:12:1f:43:62:13:85:ca:90:6e:a2:64: 502s 94:66:9b:66:96:5b:c5:cc:64:55:c9:5f:c4:9d:ee: 502s 90:59:87:75:ca:b4:da:4c:18:79:84:af:76:dd:56: 502s 79:08:d1:a1:fd:91:6f:08:5c:e4:50:e0:11:e1:dd: 502s 5a:60:27:17:c1:cd:4e:b6:b9 502s Exponent: 65537 (0x10001) 502s X509v3 extensions: 502s X509v3 Authority Key Identifier: 502s C2:91:40:55:E8:67:1C:55:53:3A:C0:1B:9A:85:CC:FE:7E:BE:4F:05 502s X509v3 Basic Constraints: 502s CA:FALSE 502s Netscape Cert Type: 502s SSL Client, S/MIME 502s Netscape Comment: 502s Test Organization Intermediate CA trusted Certificate 502s X509v3 Subject Key Identifier: 502s 17:9C:4D:44:92:58:AF:63:4B:4F:42:37:28:A9:F9:A4:56:BD:B6:D0 502s X509v3 Key Usage: critical 502s Digital Signature, Non Repudiation, Key Encipherment 502s X509v3 Extended Key Usage: 502s TLS Web Client Authentication, E-mail Protection 502s X509v3 Subject Alternative Name: 502s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 502s Signature Algorithm: sha256WithRSAEncryption 502s Signature Value: 502s 0f:06:a8:71:32:ac:a9:07:15:8f:08:54:83:3c:79:66:66:df: 502s 43:b2:ba:b5:fd:08:e6:04:38:e3:a4:eb:72:e8:fb:91:47:39: 502s 4c:b0:55:d7:cf:31:81:48:8c:5d:b7:cc:f6:6b:a4:12:9f:14: 502s 17:6d:6f:9b:34:6c:b6:fd:cc:ba:24:dc:e9:02:bf:9e:01:be: 502s 05:a3:83:7f:36:3b:13:4a:06:af:16:65:ee:a8:c8:6c:64:8e: 502s 87:3c:a9:65:fd:a9:f3:40:a4:2f:62:25:3a:59:5d:a0:2b:a5: 502s 09:9b:7f:bb:0e:88:51:bb:a8:9f:c8:da:36:69:50:a3:ab:64: 502s 7a:67 502s + local found_md5 expected_md5 502s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-7F70Xv/test-intermediate-CA-trusted-certificate-0001.pem 502s + expected_md5=Modulus=C9B98AAD720D5C693B268B9648ED958D948F0D15BC9C7814B3DFA23A759BC179C5E22E58F3AB02600B3368B0293A9D5BC039107FE6EE421912C6C2A76CF796121F43621385CA906EA26494669B66965BC5CC6455C95FC49DEE90598775CAB4DA4C187984AF76DD567908D1A1FD916F085CE450E011E1DD5A602717C1CD4EB6B9 502s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-7F70Xv/SSSD-child-20701.pem 502s + found_md5=Modulus=C9B98AAD720D5C693B268B9648ED958D948F0D15BC9C7814B3DFA23A759BC179C5E22E58F3AB02600B3368B0293A9D5BC039107FE6EE421912C6C2A76CF796121F43621385CA906EA26494669B66965BC5CC6455C95FC49DEE90598775CAB4DA4C187984AF76DD567908D1A1FD916F085CE450E011E1DD5A602717C1CD4EB6B9 502s + '[' Modulus=C9B98AAD720D5C693B268B9648ED958D948F0D15BC9C7814B3DFA23A759BC179C5E22E58F3AB02600B3368B0293A9D5BC039107FE6EE421912C6C2A76CF796121F43621385CA906EA26494669B66965BC5CC6455C95FC49DEE90598775CAB4DA4C187984AF76DD567908D1A1FD916F085CE450E011E1DD5A602717C1CD4EB6B9 '!=' Modulus=C9B98AAD720D5C693B268B9648ED958D948F0D15BC9C7814B3DFA23A759BC179C5E22E58F3AB02600B3368B0293A9D5BC039107FE6EE421912C6C2A76CF796121F43621385CA906EA26494669B66965BC5CC6455C95FC49DEE90598775CAB4DA4C187984AF76DD567908D1A1FD916F085CE450E011E1DD5A602717C1CD4EB6B9 ']' 502s + output_file=/tmp/sssd-softhsm2-7F70Xv/SSSD-child-20701-auth.output 502s ++ basename /tmp/sssd-softhsm2-7F70Xv/SSSD-child-20701-auth.output .output 502s + output_cert_file=/tmp/sssd-softhsm2-7F70Xv/SSSD-child-20701-auth.pem 502s + echo -n 053350 502s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/tmp/sssd-softhsm2-7F70Xv/test-intermediate-CA.pem --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 --verify=partial_chain --token_name 'Test Organization Interme Token' --module_name /usr/lib/powerpc64le-linux-gnu/softhsm/libsofthsm2.so 502s [p11_child[3264]] [main] (0x0400): p11_child started. 502s [p11_child[3264]] [main] (0x2000): Running in [auth] mode. 502s [p11_child[3264]] [main] (0x2000): Running with effective IDs: [0][0]. 502s [p11_child[3264]] [main] (0x2000): Running with real IDs [0][0]. 502s [p11_child[3264]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 502s [p11_child[3264]] [do_card] (0x4000): Module List: 502s [p11_child[3264]] [do_card] (0x4000): common name: [softhsm2]. 502s [p11_child[3264]] [do_card] (0x4000): dll name: [/usr/lib/powerpc64le-linux-gnu/softhsm/libsofthsm2.so]. 502s [p11_child[3264]] [do_card] (0x4000): Description [SoftHSM slot ID 0x5603cf9b] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 502s [p11_child[3264]] [do_card] (0x4000): Token label [Test Organization Interme Token]. 502s [p11_child[3264]] [do_card] (0x4000): Found [Test Organization Interme Token] in slot [SoftHSM slot ID 0x5603cf9b][1443090331] of module [0][/usr/lib/powerpc64le-linux-gnu/softhsm/libsofthsm2.so]. 502s [p11_child[3264]] [do_card] (0x4000): Login required. 502s [p11_child[3264]] [read_certs] (0x4000): found cert[Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] 502s [p11_child[3264]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 502s [p11_child[3264]] [do_card] (0x4000): /usr/lib/powerpc64le-linux-gnu/softhsm/libsofthsm2.so /usr/lib/powerpc64le-linux-gnu/softhsm/libsofthsm2.so Test Organization Interme Token Test Organization Interme Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 502s [p11_child[3264]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x5603cf9b;slot-manufacturer=SoftHSM%20project;slot-id=1443090331;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=eb459f135603cf9b;token=Test%20Organization%20Interme%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Intermediate%20Trusted%20Certificate%200001;type=cert. 502s [p11_child[3264]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 502s [p11_child[3264]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 502s [p11_child[3264]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 502s [p11_child[3264]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 502s [p11_child[3264]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 502s [p11_child[3264]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 502s [p11_child[3264]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 502s [p11_child[3264]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 502s [p11_child[3264]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 502s [p11_child[3264]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 502s [p11_child[3264]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 502s [p11_child[3264]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 502s [p11_child[3264]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 502s [p11_child[3264]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 502s [p11_child[3264]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 502s [p11_child[3264]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 502s [p11_child[3264]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 502s [p11_child[3264]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 502s [p11_child[3264]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 502s [p11_child[3264]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 502s [p11_child[3264]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 502s [p11_child[3264]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 502s [p11_child[3264]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 502s [p11_child[3264]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 502s [p11_child[3264]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 502s [p11_child[3264]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 502s [p11_child[3264]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 502s [p11_child[3264]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 502s [p11_child[3264]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 502s [p11_child[3264]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 502s [p11_child[3264]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 502s [p11_child[3264]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 502s [p11_child[3264]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 502s [p11_child[3264]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 502s [p11_child[3264]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 502s [p11_child[3264]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 502s [p11_child[3264]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 502s [p11_child[3264]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 502s [p11_child[3264]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 502s [p11_child[3264]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 502s [p11_child[3264]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 502s [p11_child[3264]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 502s [p11_child[3264]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 502s [p11_child[3264]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 502s [p11_child[3264]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 502s [p11_child[3264]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 502s [p11_child[3264]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 502s [p11_child[3264]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 502s [p11_child[3264]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 502s [p11_child[3264]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 502s [p11_child[3264]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 502s [p11_child[3264]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 502s [p11_child[3264]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 502s [p11_child[3264]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 502s [p11_child[3264]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 502s [p11_child[3264]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 502s [p11_child[3264]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 502s [p11_child[3264]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 502s [p11_child[3264]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 502s [p11_child[3264]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 502s [p11_child[3264]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 502s [p11_child[3264]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 502s [p11_child[3264]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 502s [p11_child[3264]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 502s [p11_child[3264]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 502s [p11_child[3264]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 502s [p11_child[3264]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 502s [p11_child[3264]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 502s [p11_child[3264]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 502s [p11_child[3264]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 502s [p11_child[3264]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 502s [p11_child[3264]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 502s [p11_child[3264]] [do_card] (0x4000): Certificate verified and validated. 502s [p11_child[3264]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 502s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-7F70Xv/SSSD-child-20701-auth.output 502s + echo '-----BEGIN CERTIFICATE-----' 502s + tail -n1 /tmp/sssd-softhsm2-7F70Xv/SSSD-child-20701-auth.output 502s + echo '-----END CERTIFICATE-----' 502s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-7F70Xv/SSSD-child-20701-auth.pem 502s Certificate: 502s Data: 502s Version: 3 (0x2) 502s Serial Number: 4 (0x4) 502s Signature Algorithm: sha256WithRSAEncryption 502s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate CA 502s Validity 502s Not Before: Mar 20 06:08:26 2024 GMT 502s Not After : Mar 20 06:08:26 2025 GMT 502s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate Trusted Certificate 0001 502s Subject Public Key Info: 502s Public Key Algorithm: rsaEncryption 502s Public-Key: (1024 bit) 502s Modulus: 502s 00:c9:b9:8a:ad:72:0d:5c:69:3b:26:8b:96:48:ed: 502s 95:8d:94:8f:0d:15:bc:9c:78:14:b3:df:a2:3a:75: 502s 9b:c1:79:c5:e2:2e:58:f3:ab:02:60:0b:33:68:b0: 502s 29:3a:9d:5b:c0:39:10:7f:e6:ee:42:19:12:c6:c2: 502s a7:6c:f7:96:12:1f:43:62:13:85:ca:90:6e:a2:64: 502s 94:66:9b:66:96:5b:c5:cc:64:55:c9:5f:c4:9d:ee: 502s 90:59:87:75:ca:b4:da:4c:18:79:84:af:76:dd:56: 502s 79:08:d1:a1:fd:91:6f:08:5c:e4:50:e0:11:e1:dd: 502s 5a:60:27:17:c1:cd:4e:b6:b9 502s Exponent: 65537 (0x10001) 502s X509v3 extensions: 502s X509v3 Authority Key Identifier: 502s C2:91:40:55:E8:67:1C:55:53:3A:C0:1B:9A:85:CC:FE:7E:BE:4F:05 502s X509v3 Basic Constraints: 502s CA:FALSE 502s Netscape Cert Type: 502s SSL Client, S/MIME 502s Netscape Comment: 502s Test Organization Intermediate CA trusted Certificate 502s X509v3 Subject Key Identifier: 502s 17:9C:4D:44:92:58:AF:63:4B:4F:42:37:28:A9:F9:A4:56:BD:B6:D0 502s X509v3 Key Usage: critical 502s Digital Signature, Non Repudiation, Key Encipherment 502s X509v3 Extended Key Usage: 502s TLS Web Client Authentication, E-mail Protection 502s X509v3 Subject Alternative Name: 502s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 502s Signature Algorithm: sha256WithRSAEncryption 502s Signature Value: 502s 0f:06:a8:71:32:ac:a9:07:15:8f:08:54:83:3c:79:66:66:df: 502s 43:b2:ba:b5:fd:08:e6:04:38:e3:a4:eb:72:e8:fb:91:47:39: 502s 4c:b0:55:d7:cf:31:81:48:8c:5d:b7:cc:f6:6b:a4:12:9f:14: 502s 17:6d:6f:9b:34:6c:b6:fd:cc:ba:24:dc:e9:02:bf:9e:01:be: 502s 05:a3:83:7f:36:3b:13:4a:06:af:16:65:ee:a8:c8:6c:64:8e: 502s 87:3c:a9:65:fd:a9:f3:40:a4:2f:62:25:3a:59:5d:a0:2b:a5: 502s 09:9b:7f:bb:0e:88:51:bb:a8:9f:c8:da:36:69:50:a3:ab:64: 502s 7a:67 502s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-7F70Xv/SSSD-child-20701-auth.pem 502s + found_md5=Modulus=C9B98AAD720D5C693B268B9648ED958D948F0D15BC9C7814B3DFA23A759BC179C5E22E58F3AB02600B3368B0293A9D5BC039107FE6EE421912C6C2A76CF796121F43621385CA906EA26494669B66965BC5CC6455C95FC49DEE90598775CAB4DA4C187984AF76DD567908D1A1FD916F085CE450E011E1DD5A602717C1CD4EB6B9 502s + '[' Modulus=C9B98AAD720D5C693B268B9648ED958D948F0D15BC9C7814B3DFA23A759BC179C5E22E58F3AB02600B3368B0293A9D5BC039107FE6EE421912C6C2A76CF796121F43621385CA906EA26494669B66965BC5CC6455C95FC49DEE90598775CAB4DA4C187984AF76DD567908D1A1FD916F085CE450E011E1DD5A602717C1CD4EB6B9 '!=' Modulus=C9B98AAD720D5C693B268B9648ED958D948F0D15BC9C7814B3DFA23A759BC179C5E22E58F3AB02600B3368B0293A9D5BC039107FE6EE421912C6C2A76CF796121F43621385CA906EA26494669B66965BC5CC6455C95FC49DEE90598775CAB4DA4C187984AF76DD567908D1A1FD916F085CE450E011E1DD5A602717C1CD4EB6B9 ']' 502s + invalid_certificate /tmp/sssd-softhsm2-7F70Xv/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-9685 /tmp/sssd-softhsm2-7F70Xv/test-root-CA.pem 502s + check_certificate /tmp/sssd-softhsm2-7F70Xv/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-9685 /tmp/sssd-softhsm2-7F70Xv/test-root-CA.pem 502s + local certificate=/tmp/sssd-softhsm2-7F70Xv/test-sub-intermediate-CA-trusted-certificate-0001.pem 502s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-9685 502s + local key_ring=/tmp/sssd-softhsm2-7F70Xv/test-root-CA.pem 502s + local verify_option= 502s + prepare_softhsm2_card /tmp/sssd-softhsm2-7F70Xv/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-9685 502s + local certificate=/tmp/sssd-softhsm2-7F70Xv/test-sub-intermediate-CA-trusted-certificate-0001.pem 502s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-9685 502s + local key_cn 502s + local key_name 502s + local tokens_dir 502s + local output_cert_file 502s + token_name= 502s ++ basename /tmp/sssd-softhsm2-7F70Xv/test-sub-intermediate-CA-trusted-certificate-0001.pem .pem 502s + key_name=test-sub-intermediate-CA-trusted-certificate-0001 502s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-7F70Xv/test-sub-intermediate-CA-trusted-certificate-0001.pem 502s ++ sed -n 's/ *commonName *= //p' 502s + key_cn='Test Organization Sub Intermediate Trusted Certificate 0001' 502s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 502s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-7F70Xv/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 502s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-7F70Xv/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 502s ++ basename /tmp/sssd-softhsm2-7F70Xv/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf .conf 502s + tokens_dir=/tmp/sssd-softhsm2-7F70Xv/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 502s + token_name='Test Organization Sub Int Token' 502s + '[' '!' -e /tmp/sssd-softhsm2-7F70Xv/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf ']' 502s + local key_file 502s + local decrypted_key 502s + mkdir -p /tmp/sssd-softhsm2-7F70Xv/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 502s + key_file=/tmp/sssd-softhsm2-7F70Xv/test-sub-intermediate-CA-trusted-certificate-0001-key.pem 502s + decrypted_key=/tmp/sssd-softhsm2-7F70Xv/test-sub-intermediate-CA-trusted-certificate-0001-key-decrypted.pem 502s + cat 502s + softhsm2-util --init-token --label 'Test Organization Sub Int Token' --pin 053350 --so-pin 053350 --free 502s Slot 0 has a free/uninitialized token. 502s The token has been initialized and is reassigned to slot 1700720463 502s + softhsm2-util --show-slots 502s Available slots: 502s Slot 1700720463 502s Slot info: 502s Description: SoftHSM slot ID 0x655eef4f 502s Manufacturer ID: SoftHSM project 502s Hardware version: 2.6 502s Firmware version: 2.6 502s Token present: yes 502s Token info: 502s Manufacturer ID: SoftHSM project 502s Model: SoftHSM v2 502s Hardware version: 2.6 502s Firmware version: 2.6 502s Serial number: beec8884655eef4f 502s Initialized: yes 502s User PIN init.: yes 502s Label: Test Organization Sub Int Token 502s Slot 1 502s Slot info: 502s Description: SoftHSM slot ID 0x1 502s Manufacturer ID: SoftHSM project 502s Hardware version: 2.6 502s Firmware version: 2.6 502s Token present: yes 502s Token info: 502s Manufacturer ID: SoftHSM project 502s Model: SoftHSM v2 502s Hardware version: 2.6 502s Firmware version: 2.6 502s Serial number: 502s Initialized: no 502s User PIN init.: no 502s Label: 502s + p11tool --provider=/usr/lib/powerpc64le-linux-gnu/softhsm/libsofthsm2.so --write --no-mark-private --load-certificate=/tmp/sssd-softhsm2-7F70Xv/test-sub-intermediate-CA-trusted-certificate-0001.pem --login --set-pin=053350 --label 'Test Organization Sub Intermediate Trusted Certificate 0001' --id 00112233445566778899FFAABBCCDDEEFF012345 502s + openssl rsa -passin pass:random-sub-intermediate-ca-trusted-cert-0001-9685 -in /tmp/sssd-softhsm2-7F70Xv/test-sub-intermediate-CA-trusted-certificate-0001-key.pem -out /tmp/sssd-softhsm2-7F70Xv/test-sub-intermediate-CA-trusted-certificate-0001-key-decrypted.pem 502s writing RSA key 502s + p11tool --provider=/usr/lib/powerpc64le-linux-gnu/softhsm/libsofthsm2.so --write --load-privkey=/tmp/sssd-softhsm2-7F70Xv/test-sub-intermediate-CA-trusted-certificate-0001-key-decrypted.pem --login --set-pin=053350 --label 'Test Organization Sub Intermediate Trusted Certificate 0001 Key' --id 00112233445566778899FFAABBCCDDEEFF012345 502s + rm /tmp/sssd-softhsm2-7F70Xv/test-sub-intermediate-CA-trusted-certificate-0001-key-decrypted.pem 502s + p11tool --provider=/usr/lib/powerpc64le-linux-gnu/softhsm/libsofthsm2.so --list-all 502s Object 0: 502s URL: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=beec8884655eef4f;token=Test%20Organization%20Sub%20Int%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Sub%20Intermediate%20Trusted%20Certificate%200001;type=cert 502s Type: X.509 Certificate (RSA-1024) 502s Expires: Thu Mar 20 06:08:26 2025 502s Label: Test Organization Sub Intermediate Trusted Certificate 0001 502s ID: 00:11:22:33:44:55:66:77:88:99:ff:aa:bb:cc:dd:ee:ff:01:23:45 502s 502s + echo 'Test Organization Sub Int Token' 502s Test Organization Sub Int Token 502s + '[' -n '' ']' 502s + local output_base_name=SSSD-child-17719 502s + local output_file=/tmp/sssd-softhsm2-7F70Xv/SSSD-child-17719.output 502s + output_cert_file=/tmp/sssd-softhsm2-7F70Xv/SSSD-child-17719.pem 502s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/powerpc64le-linux-gnu/softhsm/libsofthsm2.so '' --ca_db=/tmp/sssd-softhsm2-7F70Xv/test-root-CA.pem 502s [p11_child[3283]] [main] (0x0400): p11_child started. 502s [p11_child[3283]] [main] (0x2000): Running in [pre-auth] mode. 502s [p11_child[3283]] [main] (0x2000): Running with effective IDs: [0][0]. 502s [p11_child[3283]] [main] (0x2000): Running with real IDs [0][0]. 502s [p11_child[3283]] [do_card] (0x4000): Module List: 502s [p11_child[3283]] [do_card] (0x4000): common name: [softhsm2]. 502s [p11_child[3283]] [do_card] (0x4000): dll name: [/usr/lib/powerpc64le-linux-gnu/softhsm/libsofthsm2.so]. 502s [p11_child[3283]] [do_card] (0x4000): Description [SoftHSM slot ID 0x655eef4f] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 502s [p11_child[3283]] [do_card] (0x4000): Token label [Test Organization Sub Int Token]. 502s [p11_child[3283]] [do_card] (0x4000): Found [Test Organization Sub Int Token] in slot [SoftHSM slot ID 0x655eef4f][1700720463] of module [0][/usr/lib/powerpc64le-linux-gnu/softhsm/libsofthsm2.so]. 502s [p11_child[3283]] [do_card] (0x4000): Login NOT required. 502s [p11_child[3283]] [read_certs] (0x4000): found cert[Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] 502s [p11_child[3283]] [do_verification] (0x0040): X509_verify_cert failed [0]. 502s [p11_child[3283]] [do_verification] (0x0040): X509_verify_cert failed [20][unable to get local issuer certificate]. 502s [p11_child[3283]] [read_certs] (0x0040): Certificate [Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] not valid, skipping. 502s [p11_child[3283]] [do_card] (0x4000): No certificate found. 502s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-7F70Xv/SSSD-child-17719.output 502s + return 2 502s + invalid_certificate /tmp/sssd-softhsm2-7F70Xv/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-9685 /tmp/sssd-softhsm2-7F70Xv/test-root-CA.pem partial_chain 502s + check_certificate /tmp/sssd-softhsm2-7F70Xv/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-9685 /tmp/sssd-softhsm2-7F70Xv/test-root-CA.pem partial_chain 502s + local certificate=/tmp/sssd-softhsm2-7F70Xv/test-sub-intermediate-CA-trusted-certificate-0001.pem 502s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-9685 502s + local key_ring=/tmp/sssd-softhsm2-7F70Xv/test-root-CA.pem 502s + local verify_option=partial_chain 502s + prepare_softhsm2_card /tmp/sssd-softhsm2-7F70Xv/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-9685 502s + local certificate=/tmp/sssd-softhsm2-7F70Xv/test-sub-intermediate-CA-trusted-certificate-0001.pem 502s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-9685 502s + local key_cn 502s + local key_name 502s + local tokens_dir 502s + local output_cert_file 502s + token_name= 502s ++ basename /tmp/sssd-softhsm2-7F70Xv/test-sub-intermediate-CA-trusted-certificate-0001.pem .pem 502s + key_name=test-sub-intermediate-CA-trusted-certificate-0001 502s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-7F70Xv/test-sub-intermediate-CA-trusted-certificate-0001.pem 502s ++ sed -n 's/ *commonName *= //p' 503s + key_cn='Test Organization Sub Intermediate Trusted Certificate 0001' 503s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 503s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-7F70Xv/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 503s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-7F70Xv/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 503s ++ basename /tmp/sssd-softhsm2-7F70Xv/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf .conf 503s Test Organization Sub Int Token 503s + tokens_dir=/tmp/sssd-softhsm2-7F70Xv/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 503s + token_name='Test Organization Sub Int Token' 503s + '[' '!' -e /tmp/sssd-softhsm2-7F70Xv/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf ']' 503s + '[' '!' -d /tmp/sssd-softhsm2-7F70Xv/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 ']' 503s + echo 'Test Organization Sub Int Token' 503s + '[' -n partial_chain ']' 503s + local verify_arg=--verify=partial_chain 503s + local output_base_name=SSSD-child-29065 503s + local output_file=/tmp/sssd-softhsm2-7F70Xv/SSSD-child-29065.output 503s + output_cert_file=/tmp/sssd-softhsm2-7F70Xv/SSSD-child-29065.pem 503s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/powerpc64le-linux-gnu/softhsm/libsofthsm2.so --verify=partial_chain --ca_db=/tmp/sssd-softhsm2-7F70Xv/test-root-CA.pem 503s [p11_child[3290]] [main] (0x0400): p11_child started. 503s [p11_child[3290]] [main] (0x2000): Running in [pre-auth] mode. 503s [p11_child[3290]] [main] (0x2000): Running with effective IDs: [0][0]. 503s [p11_child[3290]] [main] (0x2000): Running with real IDs [0][0]. 503s [p11_child[3290]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 503s [p11_child[3290]] [do_card] (0x4000): Module List: 503s [p11_child[3290]] [do_card] (0x4000): common name: [softhsm2]. 503s [p11_child[3290]] [do_card] (0x4000): dll name: [/usr/lib/powerpc64le-linux-gnu/softhsm/libsofthsm2.so]. 503s [p11_child[3290]] [do_card] (0x4000): Description [SoftHSM slot ID 0x655eef4f] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 503s [p11_child[3290]] [do_card] (0x4000): Token label [Test Organization Sub Int Token]. 503s [p11_child[3290]] [do_card] (0x4000): Found [Test Organization Sub Int Token] in slot [SoftHSM slot ID 0x655eef4f][1700720463] of module [0][/usr/lib/powerpc64le-linux-gnu/softhsm/libsofthsm2.so]. 503s [p11_child[3290]] [do_card] (0x4000): Login NOT required. 503s [p11_child[3290]] [read_certs] (0x4000): found cert[Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] 503s [p11_child[3290]] [do_verification] (0x0040): X509_verify_cert failed [0]. 503s [p11_child[3290]] [do_verification] (0x0040): X509_verify_cert failed [20][unable to get local issuer certificate]. 503s [p11_child[3290]] [read_certs] (0x0040): Certificate [Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] not valid, skipping. 503s [p11_child[3290]] [do_card] (0x4000): No certificate found. 503s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-7F70Xv/SSSD-child-29065.output 503s + return 2 503s + valid_certificate /tmp/sssd-softhsm2-7F70Xv/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-9685 /tmp/sssd-softhsm2-7F70Xv/test-full-chain-CA.pem 503s + check_certificate /tmp/sssd-softhsm2-7F70Xv/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-9685 /tmp/sssd-softhsm2-7F70Xv/test-full-chain-CA.pem 503s + local certificate=/tmp/sssd-softhsm2-7F70Xv/test-sub-intermediate-CA-trusted-certificate-0001.pem 503s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-9685 503s + local key_ring=/tmp/sssd-softhsm2-7F70Xv/test-full-chain-CA.pem 503s + local verify_option= 503s + prepare_softhsm2_card /tmp/sssd-softhsm2-7F70Xv/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-9685 503s + local certificate=/tmp/sssd-softhsm2-7F70Xv/test-sub-intermediate-CA-trusted-certificate-0001.pem 503s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-9685 503s + local key_cn 503s + local key_name 503s + local tokens_dir 503s + local output_cert_file 503s + token_name= 503s ++ basename /tmp/sssd-softhsm2-7F70Xv/test-sub-intermediate-CA-trusted-certificate-0001.pem .pem 503s + key_name=test-sub-intermediate-CA-trusted-certificate-0001 503s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-7F70Xv/test-sub-intermediate-CA-trusted-certificate-0001.pem 503s ++ sed -n 's/ *commonName *= //p' 503s Test Organization Sub Int Token 503s + key_cn='Test Organization Sub Intermediate Trusted Certificate 0001' 503s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 503s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-7F70Xv/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 503s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-7F70Xv/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 503s ++ basename /tmp/sssd-softhsm2-7F70Xv/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf .conf 503s + tokens_dir=/tmp/sssd-softhsm2-7F70Xv/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 503s + token_name='Test Organization Sub Int Token' 503s + '[' '!' -e /tmp/sssd-softhsm2-7F70Xv/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf ']' 503s + '[' '!' -d /tmp/sssd-softhsm2-7F70Xv/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 ']' 503s + echo 'Test Organization Sub Int Token' 503s + '[' -n '' ']' 503s + local output_base_name=SSSD-child-10971 503s + local output_file=/tmp/sssd-softhsm2-7F70Xv/SSSD-child-10971.output 503s + output_cert_file=/tmp/sssd-softhsm2-7F70Xv/SSSD-child-10971.pem 503s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/powerpc64le-linux-gnu/softhsm/libsofthsm2.so '' --ca_db=/tmp/sssd-softhsm2-7F70Xv/test-full-chain-CA.pem 503s [p11_child[3297]] [main] (0x0400): p11_child started. 503s [p11_child[3297]] [main] (0x2000): Running in [pre-auth] mode. 503s [p11_child[3297]] [main] (0x2000): Running with effective IDs: [0][0]. 503s [p11_child[3297]] [main] (0x2000): Running with real IDs [0][0]. 503s [p11_child[3297]] [do_card] (0x4000): Module List: 503s [p11_child[3297]] [do_card] (0x4000): common name: [softhsm2]. 503s [p11_child[3297]] [do_card] (0x4000): dll name: [/usr/lib/powerpc64le-linux-gnu/softhsm/libsofthsm2.so]. 503s [p11_child[3297]] [do_card] (0x4000): Description [SoftHSM slot ID 0x655eef4f] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 503s [p11_child[3297]] [do_card] (0x4000): Token label [Test Organization Sub Int Token]. 503s [p11_child[3297]] [do_card] (0x4000): Found [Test Organization Sub Int Token] in slot [SoftHSM slot ID 0x655eef4f][1700720463] of module [0][/usr/lib/powerpc64le-linux-gnu/softhsm/libsofthsm2.so]. 503s [p11_child[3297]] [do_card] (0x4000): Login NOT required. 503s [p11_child[3297]] [read_certs] (0x4000): found cert[Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] 503s [p11_child[3297]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 503s [p11_child[3297]] [do_card] (0x4000): /usr/lib/powerpc64le-linux-gnu/softhsm/libsofthsm2.so /usr/lib/powerpc64le-linux-gnu/softhsm/libsofthsm2.so (null) Test Organization Sub Int Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 503s [p11_child[3297]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x655eef4f;slot-manufacturer=SoftHSM%20project;slot-id=1700720463;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=beec8884655eef4f;token=Test%20Organization%20Sub%20Int%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Sub%20Intermediate%20Trusted%20Certificate%200001;type=cert. 503s [p11_child[3297]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 503s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-7F70Xv/SSSD-child-10971.output 503s + echo '-----BEGIN CERTIFICATE-----' 503s + tail -n1 /tmp/sssd-softhsm2-7F70Xv/SSSD-child-10971.output 503s + echo '-----END CERTIFICATE-----' 503s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-7F70Xv/SSSD-child-10971.pem 503s Certificate: 503s Data: 503s Version: 3 (0x2) 503s Serial Number: 5 (0x5) 503s Signature Algorithm: sha256WithRSAEncryption 503s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate CA 503s Validity 503s Not Before: Mar 20 06:08:26 2024 GMT 503s Not After : Mar 20 06:08:26 2025 GMT 503s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate Trusted Certificate 0001 503s Subject Public Key Info: 503s Public Key Algorithm: rsaEncryption 503s Public-Key: (1024 bit) 503s Modulus: 503s 00:c6:a3:80:0c:73:e3:98:d9:0a:7f:b1:fa:af:9e: 503s 14:47:74:02:bf:62:11:17:02:66:6e:0f:d2:5b:ad: 503s 9d:8e:5d:81:e4:fa:08:c0:e5:3d:95:6f:d7:fd:c0: 503s 27:0f:85:96:5b:e0:78:80:27:65:da:4e:e4:1e:92: 503s 66:39:f3:07:89:27:46:85:75:07:74:46:a1:51:26: 503s 49:d1:0d:ee:32:34:43:4d:88:5f:50:41:3a:ee:55: 503s 2b:eb:94:35:10:ef:48:c5:24:72:9d:a3:0a:f4:15: 503s 1f:16:7b:c3:e4:92:ff:33:5b:48:75:2f:49:c6:42: 503s 87:b2:ac:25:41:48:aa:71:7b 503s Exponent: 65537 (0x10001) 503s X509v3 extensions: 503s X509v3 Authority Key Identifier: 503s B3:8C:20:3E:2C:AB:6A:B6:17:72:96:C0:73:11:E3:E6:38:01:5E:E8 503s X509v3 Basic Constraints: 503s CA:FALSE 503s Netscape Cert Type: 503s SSL Client, S/MIME 503s Netscape Comment: 503s Test Organization Sub Intermediate CA trusted Certificate 503s X509v3 Subject Key Identifier: 503s A9:C8:1A:3B:A7:7B:98:4A:BB:B0:41:FA:FD:FE:B4:55:83:1D:8F:69 503s X509v3 Key Usage: critical 503s Digital Signature, Non Repudiation, Key Encipherment 503s X509v3 Extended Key Usage: 503s TLS Web Client Authentication, E-mail Protection 503s X509v3 Subject Alternative Name: 503s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 503s Signature Algorithm: sha256WithRSAEncryption 503s Signature Value: 503s 68:22:1b:24:62:12:a3:ca:32:87:fc:35:8f:37:9b:2a:24:54: 503s 1d:63:12:1e:52:b5:eb:72:e5:bc:01:0a:c1:ee:c3:b1:b2:96: 503s 4b:d5:e7:ad:f5:40:33:07:bd:93:31:f0:7b:02:48:d5:28:0c: 503s 04:9e:ad:1c:84:88:fd:21:8d:13:3c:50:3f:1c:36:ea:0c:47: 503s e3:84:33:ac:fd:ff:bf:72:1d:85:34:7d:68:7c:dd:7d:23:26: 503s 4f:90:26:44:e4:2a:20:ca:3e:ad:81:c0:47:39:7b:22:e2:bd: 503s 4d:ad:da:0e:6a:38:27:3d:72:3d:83:1e:c0:c6:3e:7e:ca:42: 503s 43:21 503s + local found_md5 expected_md5 503s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-7F70Xv/test-sub-intermediate-CA-trusted-certificate-0001.pem 503s + expected_md5=Modulus=C6A3800C73E398D90A7FB1FAAF9E14477402BF62111702666E0FD25BAD9D8E5D81E4FA08C0E53D956FD7FDC0270F85965BE078802765DA4EE41E926639F3078927468575077446A1512649D10DEE3234434D885F50413AEE552BEB943510EF48C524729DA30AF4151F167BC3E492FF335B48752F49C64287B2AC254148AA717B 503s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-7F70Xv/SSSD-child-10971.pem 503s + found_md5=Modulus=C6A3800C73E398D90A7FB1FAAF9E14477402BF62111702666E0FD25BAD9D8E5D81E4FA08C0E53D956FD7FDC0270F85965BE078802765DA4EE41E926639F3078927468575077446A1512649D10DEE3234434D885F50413AEE552BEB943510EF48C524729DA30AF4151F167BC3E492FF335B48752F49C64287B2AC254148AA717B 503s + '[' Modulus=C6A3800C73E398D90A7FB1FAAF9E14477402BF62111702666E0FD25BAD9D8E5D81E4FA08C0E53D956FD7FDC0270F85965BE078802765DA4EE41E926639F3078927468575077446A1512649D10DEE3234434D885F50413AEE552BEB943510EF48C524729DA30AF4151F167BC3E492FF335B48752F49C64287B2AC254148AA717B '!=' Modulus=C6A3800C73E398D90A7FB1FAAF9E14477402BF62111702666E0FD25BAD9D8E5D81E4FA08C0E53D956FD7FDC0270F85965BE078802765DA4EE41E926639F3078927468575077446A1512649D10DEE3234434D885F50413AEE552BEB943510EF48C524729DA30AF4151F167BC3E492FF335B48752F49C64287B2AC254148AA717B ']' 503s + output_file=/tmp/sssd-softhsm2-7F70Xv/SSSD-child-10971-auth.output 503s ++ basename /tmp/sssd-softhsm2-7F70Xv/SSSD-child-10971-auth.output .output 503s + output_cert_file=/tmp/sssd-softhsm2-7F70Xv/SSSD-child-10971-auth.pem 503s + echo -n 053350 503s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/tmp/sssd-softhsm2-7F70Xv/test-full-chain-CA.pem --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 '' --token_name 'Test Organization Sub Int Token' --module_name /usr/lib/powerpc64le-linux-gnu/softhsm/libsofthsm2.so 503s [p11_child[3305]] [main] (0x0400): p11_child started. 503s [p11_child[3305]] [main] (0x2000): Running in [auth] mode. 503s [p11_child[3305]] [main] (0x2000): Running with effective IDs: [0][0]. 503s [p11_child[3305]] [main] (0x2000): Running with real IDs [0][0]. 503s [p11_child[3305]] [do_card] (0x4000): Module List: 503s [p11_child[3305]] [do_card] (0x4000): common name: [softhsm2]. 503s [p11_child[3305]] [do_card] (0x4000): dll name: [/usr/lib/powerpc64le-linux-gnu/softhsm/libsofthsm2.so]. 503s [p11_child[3305]] [do_card] (0x4000): Description [SoftHSM slot ID 0x655eef4f] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 503s [p11_child[3305]] [do_card] (0x4000): Token label [Test Organization Sub Int Token]. 503s [p11_child[3305]] [do_card] (0x4000): Found [Test Organization Sub Int Token] in slot [SoftHSM slot ID 0x655eef4f][1700720463] of module [0][/usr/lib/powerpc64le-linux-gnu/softhsm/libsofthsm2.so]. 503s [p11_child[3305]] [do_card] (0x4000): Login required. 503s [p11_child[3305]] [read_certs] (0x4000): found cert[Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] 503s [p11_child[3305]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 503s [p11_child[3305]] [do_card] (0x4000): /usr/lib/powerpc64le-linux-gnu/softhsm/libsofthsm2.so /usr/lib/powerpc64le-linux-gnu/softhsm/libsofthsm2.so Test Organization Sub Int Token Test Organization Sub Int Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 503s [p11_child[3305]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x655eef4f;slot-manufacturer=SoftHSM%20project;slot-id=1700720463;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=beec8884655eef4f;token=Test%20Organization%20Sub%20Int%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Sub%20Intermediate%20Trusted%20Certificate%200001;type=cert. 503s [p11_child[3305]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 503s [p11_child[3305]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 503s [p11_child[3305]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 503s [p11_child[3305]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 503s [p11_child[3305]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 503s [p11_child[3305]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 503s [p11_child[3305]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 503s [p11_child[3305]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 503s [p11_child[3305]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 503s [p11_child[3305]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 503s [p11_child[3305]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 503s [p11_child[3305]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 503s [p11_child[3305]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 503s [p11_child[3305]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 503s [p11_child[3305]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 503s [p11_child[3305]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 503s [p11_child[3305]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 503s [p11_child[3305]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 503s [p11_child[3305]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 503s [p11_child[3305]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 503s [p11_child[3305]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 503s [p11_child[3305]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 503s [p11_child[3305]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 503s [p11_child[3305]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 503s [p11_child[3305]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 503s [p11_child[3305]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 503s [p11_child[3305]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 503s [p11_child[3305]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 503s [p11_child[3305]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 503s [p11_child[3305]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 503s [p11_child[3305]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 503s [p11_child[3305]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 503s [p11_child[3305]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 503s [p11_child[3305]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 503s [p11_child[3305]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 503s [p11_child[3305]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 503s [p11_child[3305]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 503s [p11_child[3305]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 503s [p11_child[3305]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 503s [p11_child[3305]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 503s [p11_child[3305]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 503s [p11_child[3305]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 503s [p11_child[3305]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 503s [p11_child[3305]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 503s [p11_child[3305]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 503s [p11_child[3305]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 503s [p11_child[3305]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 503s [p11_child[3305]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 503s [p11_child[3305]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 503s [p11_child[3305]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 503s [p11_child[3305]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 503s [p11_child[3305]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 503s [p11_child[3305]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 503s [p11_child[3305]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 503s [p11_child[3305]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 503s [p11_child[3305]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 503s [p11_child[3305]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 503s [p11_child[3305]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 503s [p11_child[3305]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 503s [p11_child[3305]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 503s [p11_child[3305]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 503s [p11_child[3305]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 503s [p11_child[3305]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 503s [p11_child[3305]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 503s [p11_child[3305]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 503s [p11_child[3305]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 503s [p11_child[3305]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 503s [p11_child[3305]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 503s [p11_child[3305]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 503s [p11_child[3305]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 503s [p11_child[3305]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 503s [p11_child[3305]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 503s [p11_child[3305]] [do_card] (0x4000): Certificate verified and validated. 503s [p11_child[3305]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 503s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-7F70Xv/SSSD-child-10971-auth.output 503s + echo '-----BEGIN CERTIFICATE-----' 503s + tail -n1 /tmp/sssd-softhsm2-7F70Xv/SSSD-child-10971-auth.output 503s + echo '-----END CERTIFICATE-----' 503s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-7F70Xv/SSSD-child-10971-auth.pem 503s Certificate: 503s Data: 503s Version: 3 (0x2) 503s Serial Number: 5 (0x5) 503s Signature Algorithm: sha256WithRSAEncryption 503s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate CA 503s Validity 503s Not Before: Mar 20 06:08:26 2024 GMT 503s Not After : Mar 20 06:08:26 2025 GMT 503s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate Trusted Certificate 0001 503s Subject Public Key Info: 503s Public Key Algorithm: rsaEncryption 503s Public-Key: (1024 bit) 503s Modulus: 503s 00:c6:a3:80:0c:73:e3:98:d9:0a:7f:b1:fa:af:9e: 503s 14:47:74:02:bf:62:11:17:02:66:6e:0f:d2:5b:ad: 503s 9d:8e:5d:81:e4:fa:08:c0:e5:3d:95:6f:d7:fd:c0: 503s 27:0f:85:96:5b:e0:78:80:27:65:da:4e:e4:1e:92: 503s 66:39:f3:07:89:27:46:85:75:07:74:46:a1:51:26: 503s 49:d1:0d:ee:32:34:43:4d:88:5f:50:41:3a:ee:55: 503s 2b:eb:94:35:10:ef:48:c5:24:72:9d:a3:0a:f4:15: 503s 1f:16:7b:c3:e4:92:ff:33:5b:48:75:2f:49:c6:42: 503s 87:b2:ac:25:41:48:aa:71:7b 503s Exponent: 65537 (0x10001) 503s X509v3 extensions: 503s X509v3 Authority Key Identifier: 503s B3:8C:20:3E:2C:AB:6A:B6:17:72:96:C0:73:11:E3:E6:38:01:5E:E8 503s X509v3 Basic Constraints: 503s CA:FALSE 503s Netscape Cert Type: 503s SSL Client, S/MIME 503s Netscape Comment: 503s Test Organization Sub Intermediate CA trusted Certificate 503s X509v3 Subject Key Identifier: 503s A9:C8:1A:3B:A7:7B:98:4A:BB:B0:41:FA:FD:FE:B4:55:83:1D:8F:69 503s X509v3 Key Usage: critical 503s Digital Signature, Non Repudiation, Key Encipherment 503s X509v3 Extended Key Usage: 503s TLS Web Client Authentication, E-mail Protection 503s X509v3 Subject Alternative Name: 503s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 503s Signature Algorithm: sha256WithRSAEncryption 503s Signature Value: 503s 68:22:1b:24:62:12:a3:ca:32:87:fc:35:8f:37:9b:2a:24:54: 503s 1d:63:12:1e:52:b5:eb:72:e5:bc:01:0a:c1:ee:c3:b1:b2:96: 503s 4b:d5:e7:ad:f5:40:33:07:bd:93:31:f0:7b:02:48:d5:28:0c: 503s 04:9e:ad:1c:84:88:fd:21:8d:13:3c:50:3f:1c:36:ea:0c:47: 503s e3:84:33:ac:fd:ff:bf:72:1d:85:34:7d:68:7c:dd:7d:23:26: 503s 4f:90:26:44:e4:2a:20:ca:3e:ad:81:c0:47:39:7b:22:e2:bd: 503s 4d:ad:da:0e:6a:38:27:3d:72:3d:83:1e:c0:c6:3e:7e:ca:42: 503s 43:21 503s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-7F70Xv/SSSD-child-10971-auth.pem 503s + found_md5=Modulus=C6A3800C73E398D90A7FB1FAAF9E14477402BF62111702666E0FD25BAD9D8E5D81E4FA08C0E53D956FD7FDC0270F85965BE078802765DA4EE41E926639F3078927468575077446A1512649D10DEE3234434D885F50413AEE552BEB943510EF48C524729DA30AF4151F167BC3E492FF335B48752F49C64287B2AC254148AA717B 503s + '[' Modulus=C6A3800C73E398D90A7FB1FAAF9E14477402BF62111702666E0FD25BAD9D8E5D81E4FA08C0E53D956FD7FDC0270F85965BE078802765DA4EE41E926639F3078927468575077446A1512649D10DEE3234434D885F50413AEE552BEB943510EF48C524729DA30AF4151F167BC3E492FF335B48752F49C64287B2AC254148AA717B '!=' Modulus=C6A3800C73E398D90A7FB1FAAF9E14477402BF62111702666E0FD25BAD9D8E5D81E4FA08C0E53D956FD7FDC0270F85965BE078802765DA4EE41E926639F3078927468575077446A1512649D10DEE3234434D885F50413AEE552BEB943510EF48C524729DA30AF4151F167BC3E492FF335B48752F49C64287B2AC254148AA717B ']' 503s + valid_certificate /tmp/sssd-softhsm2-7F70Xv/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-9685 /tmp/sssd-softhsm2-7F70Xv/test-full-chain-CA.pem partial_chain 503s + check_certificate /tmp/sssd-softhsm2-7F70Xv/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-9685 /tmp/sssd-softhsm2-7F70Xv/test-full-chain-CA.pem partial_chain 503s + local certificate=/tmp/sssd-softhsm2-7F70Xv/test-sub-intermediate-CA-trusted-certificate-0001.pem 503s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-9685 503s + local key_ring=/tmp/sssd-softhsm2-7F70Xv/test-full-chain-CA.pem 503s + local verify_option=partial_chain 503s + prepare_softhsm2_card /tmp/sssd-softhsm2-7F70Xv/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-9685 503s + local certificate=/tmp/sssd-softhsm2-7F70Xv/test-sub-intermediate-CA-trusted-certificate-0001.pem 503s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-9685 503s + local key_cn 503s + local key_name 503s + local tokens_dir 503s + local output_cert_file 503s + token_name= 503s ++ basename /tmp/sssd-softhsm2-7F70Xv/test-sub-intermediate-CA-trusted-certificate-0001.pem .pem 503s + key_name=test-sub-intermediate-CA-trusted-certificate-0001 503s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-7F70Xv/test-sub-intermediate-CA-trusted-certificate-0001.pem 503s ++ sed -n 's/ *commonName *= //p' 503s + key_cn='Test Organization Sub Intermediate Trusted Certificate 0001' 503s Test Organization Sub Int Token 503s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 503s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-7F70Xv/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 503s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-7F70Xv/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 503s ++ basename /tmp/sssd-softhsm2-7F70Xv/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf .conf 503s + tokens_dir=/tmp/sssd-softhsm2-7F70Xv/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 503s + token_name='Test Organization Sub Int Token' 503s + '[' '!' -e /tmp/sssd-softhsm2-7F70Xv/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf ']' 503s + '[' '!' -d /tmp/sssd-softhsm2-7F70Xv/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 ']' 503s + echo 'Test Organization Sub Int Token' 503s + '[' -n partial_chain ']' 503s + local verify_arg=--verify=partial_chain 503s + local output_base_name=SSSD-child-2149 503s + local output_file=/tmp/sssd-softhsm2-7F70Xv/SSSD-child-2149.output 503s + output_cert_file=/tmp/sssd-softhsm2-7F70Xv/SSSD-child-2149.pem 503s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/powerpc64le-linux-gnu/softhsm/libsofthsm2.so --verify=partial_chain --ca_db=/tmp/sssd-softhsm2-7F70Xv/test-full-chain-CA.pem 503s [p11_child[3315]] [main] (0x0400): p11_child started. 503s [p11_child[3315]] [main] (0x2000): Running in [pre-auth] mode. 503s [p11_child[3315]] [main] (0x2000): Running with effective IDs: [0][0]. 503s [p11_child[3315]] [main] (0x2000): Running with real IDs [0][0]. 503s [p11_child[3315]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 503s [p11_child[3315]] [do_card] (0x4000): Module List: 503s [p11_child[3315]] [do_card] (0x4000): common name: [softhsm2]. 503s [p11_child[3315]] [do_card] (0x4000): dll name: [/usr/lib/powerpc64le-linux-gnu/softhsm/libsofthsm2.so]. 503s [p11_child[3315]] [do_card] (0x4000): Description [SoftHSM slot ID 0x655eef4f] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 503s [p11_child[3315]] [do_card] (0x4000): Token label [Test Organization Sub Int Token]. 503s [p11_child[3315]] [do_card] (0x4000): Found [Test Organization Sub Int Token] in slot [SoftHSM slot ID 0x655eef4f][1700720463] of module [0][/usr/lib/powerpc64le-linux-gnu/softhsm/libsofthsm2.so]. 503s [p11_child[3315]] [do_card] (0x4000): Login NOT required. 503s [p11_child[3315]] [read_certs] (0x4000): found cert[Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] 503s [p11_child[3315]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 503s [p11_child[3315]] [do_card] (0x4000): /usr/lib/powerpc64le-linux-gnu/softhsm/libsofthsm2.so /usr/lib/powerpc64le-linux-gnu/softhsm/libsofthsm2.so (null) Test Organization Sub Int Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 503s [p11_child[3315]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x655eef4f;slot-manufacturer=SoftHSM%20project;slot-id=1700720463;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=beec8884655eef4f;token=Test%20Organization%20Sub%20Int%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Sub%20Intermediate%20Trusted%20Certificate%200001;type=cert. 503s [p11_child[3315]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 503s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-7F70Xv/SSSD-child-2149.output 503s + echo '-----BEGIN CERTIFICATE-----' 503s + tail -n1 /tmp/sssd-softhsm2-7F70Xv/SSSD-child-2149.output 503s + echo '-----END CERTIFICATE-----' 503s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-7F70Xv/SSSD-child-2149.pem 503s Certificate: 503s Data: 503s Version: 3 (0x2) 503s Serial Number: 5 (0x5) 503s Signature Algorithm: sha256WithRSAEncryption 503s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate CA 503s Validity 503s Not Before: Mar 20 06:08:26 2024 GMT 503s Not After : Mar 20 06:08:26 2025 GMT 503s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate Trusted Certificate 0001 503s Subject Public Key Info: 503s Public Key Algorithm: rsaEncryption 503s Public-Key: (1024 bit) 503s Modulus: 503s 00:c6:a3:80:0c:73:e3:98:d9:0a:7f:b1:fa:af:9e: 503s 14:47:74:02:bf:62:11:17:02:66:6e:0f:d2:5b:ad: 503s 9d:8e:5d:81:e4:fa:08:c0:e5:3d:95:6f:d7:fd:c0: 503s 27:0f:85:96:5b:e0:78:80:27:65:da:4e:e4:1e:92: 503s 66:39:f3:07:89:27:46:85:75:07:74:46:a1:51:26: 503s 49:d1:0d:ee:32:34:43:4d:88:5f:50:41:3a:ee:55: 503s 2b:eb:94:35:10:ef:48:c5:24:72:9d:a3:0a:f4:15: 503s 1f:16:7b:c3:e4:92:ff:33:5b:48:75:2f:49:c6:42: 503s 87:b2:ac:25:41:48:aa:71:7b 503s Exponent: 65537 (0x10001) 503s X509v3 extensions: 503s X509v3 Authority Key Identifier: 503s B3:8C:20:3E:2C:AB:6A:B6:17:72:96:C0:73:11:E3:E6:38:01:5E:E8 503s X509v3 Basic Constraints: 503s CA:FALSE 503s Netscape Cert Type: 503s SSL Client, S/MIME 503s Netscape Comment: 503s Test Organization Sub Intermediate CA trusted Certificate 503s X509v3 Subject Key Identifier: 503s A9:C8:1A:3B:A7:7B:98:4A:BB:B0:41:FA:FD:FE:B4:55:83:1D:8F:69 503s X509v3 Key Usage: critical 503s Digital Signature, Non Repudiation, Key Encipherment 503s X509v3 Extended Key Usage: 503s TLS Web Client Authentication, E-mail Protection 503s X509v3 Subject Alternative Name: 503s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 503s Signature Algorithm: sha256WithRSAEncryption 503s Signature Value: 503s 68:22:1b:24:62:12:a3:ca:32:87:fc:35:8f:37:9b:2a:24:54: 503s 1d:63:12:1e:52:b5:eb:72:e5:bc:01:0a:c1:ee:c3:b1:b2:96: 503s 4b:d5:e7:ad:f5:40:33:07:bd:93:31:f0:7b:02:48:d5:28:0c: 503s 04:9e:ad:1c:84:88:fd:21:8d:13:3c:50:3f:1c:36:ea:0c:47: 503s e3:84:33:ac:fd:ff:bf:72:1d:85:34:7d:68:7c:dd:7d:23:26: 503s 4f:90:26:44:e4:2a:20:ca:3e:ad:81:c0:47:39:7b:22:e2:bd: 503s 4d:ad:da:0e:6a:38:27:3d:72:3d:83:1e:c0:c6:3e:7e:ca:42: 503s 43:21 503s + local found_md5 expected_md5 503s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-7F70Xv/test-sub-intermediate-CA-trusted-certificate-0001.pem 503s + expected_md5=Modulus=C6A3800C73E398D90A7FB1FAAF9E14477402BF62111702666E0FD25BAD9D8E5D81E4FA08C0E53D956FD7FDC0270F85965BE078802765DA4EE41E926639F3078927468575077446A1512649D10DEE3234434D885F50413AEE552BEB943510EF48C524729DA30AF4151F167BC3E492FF335B48752F49C64287B2AC254148AA717B 503s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-7F70Xv/SSSD-child-2149.pem 503s + found_md5=Modulus=C6A3800C73E398D90A7FB1FAAF9E14477402BF62111702666E0FD25BAD9D8E5D81E4FA08C0E53D956FD7FDC0270F85965BE078802765DA4EE41E926639F3078927468575077446A1512649D10DEE3234434D885F50413AEE552BEB943510EF48C524729DA30AF4151F167BC3E492FF335B48752F49C64287B2AC254148AA717B 503s + '[' Modulus=C6A3800C73E398D90A7FB1FAAF9E14477402BF62111702666E0FD25BAD9D8E5D81E4FA08C0E53D956FD7FDC0270F85965BE078802765DA4EE41E926639F3078927468575077446A1512649D10DEE3234434D885F50413AEE552BEB943510EF48C524729DA30AF4151F167BC3E492FF335B48752F49C64287B2AC254148AA717B '!=' Modulus=C6A3800C73E398D90A7FB1FAAF9E14477402BF62111702666E0FD25BAD9D8E5D81E4FA08C0E53D956FD7FDC0270F85965BE078802765DA4EE41E926639F3078927468575077446A1512649D10DEE3234434D885F50413AEE552BEB943510EF48C524729DA30AF4151F167BC3E492FF335B48752F49C64287B2AC254148AA717B ']' 503s + output_file=/tmp/sssd-softhsm2-7F70Xv/SSSD-child-2149-auth.output 503s ++ basename /tmp/sssd-softhsm2-7F70Xv/SSSD-child-2149-auth.output .output 503s + output_cert_file=/tmp/sssd-softhsm2-7F70Xv/SSSD-child-2149-auth.pem 503s + echo -n 053350 503s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/tmp/sssd-softhsm2-7F70Xv/test-full-chain-CA.pem --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 --verify=partial_chain --token_name 'Test Organization Sub Int Token' --module_name /usr/lib/powerpc64le-linux-gnu/softhsm/libsofthsm2.so 503s [p11_child[3323]] [main] (0x0400): p11_child started. 503s [p11_child[3323]] [main] (0x2000): Running in [auth] mode. 503s [p11_child[3323]] [main] (0x2000): Running with effective IDs: [0][0]. 503s [p11_child[3323]] [main] (0x2000): Running with real IDs [0][0]. 503s [p11_child[3323]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 503s [p11_child[3323]] [do_card] (0x4000): Module List: 503s [p11_child[3323]] [do_card] (0x4000): common name: [softhsm2]. 503s [p11_child[3323]] [do_card] (0x4000): dll name: [/usr/lib/powerpc64le-linux-gnu/softhsm/libsofthsm2.so]. 503s [p11_child[3323]] [do_card] (0x4000): Description [SoftHSM slot ID 0x655eef4f] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 503s [p11_child[3323]] [do_card] (0x4000): Token label [Test Organization Sub Int Token]. 503s [p11_child[3323]] [do_card] (0x4000): Found [Test Organization Sub Int Token] in slot [SoftHSM slot ID 0x655eef4f][1700720463] of module [0][/usr/lib/powerpc64le-linux-gnu/softhsm/libsofthsm2.so]. 503s [p11_child[3323]] [do_card] (0x4000): Login required. 503s [p11_child[3323]] [read_certs] (0x4000): found cert[Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] 503s [p11_child[3323]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 503s [p11_child[3323]] [do_card] (0x4000): /usr/lib/powerpc64le-linux-gnu/softhsm/libsofthsm2.so /usr/lib/powerpc64le-linux-gnu/softhsm/libsofthsm2.so Test Organization Sub Int Token Test Organization Sub Int Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 503s [p11_child[3323]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x655eef4f;slot-manufacturer=SoftHSM%20project;slot-id=1700720463;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=beec8884655eef4f;token=Test%20Organization%20Sub%20Int%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Sub%20Intermediate%20Trusted%20Certificate%200001;type=cert. 503s [p11_child[3323]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 503s [p11_child[3323]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 503s [p11_child[3323]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 503s [p11_child[3323]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 503s [p11_child[3323]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 503s [p11_child[3323]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 503s [p11_child[3323]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 503s [p11_child[3323]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 503s [p11_child[3323]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 503s [p11_child[3323]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 503s [p11_child[3323]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 503s [p11_child[3323]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 503s [p11_child[3323]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 503s [p11_child[3323]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 503s [p11_child[3323]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 503s [p11_child[3323]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 503s [p11_child[3323]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 503s [p11_child[3323]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 503s [p11_child[3323]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 503s [p11_child[3323]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 503s [p11_child[3323]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 503s [p11_child[3323]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 503s [p11_child[3323]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 503s [p11_child[3323]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 503s [p11_child[3323]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 503s [p11_child[3323]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 503s [p11_child[3323]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 503s [p11_child[3323]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 503s [p11_child[3323]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 503s [p11_child[3323]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 503s [p11_child[3323]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 503s [p11_child[3323]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 503s [p11_child[3323]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 503s [p11_child[3323]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 503s [p11_child[3323]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 503s [p11_child[3323]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 503s [p11_child[3323]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 503s [p11_child[3323]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 503s [p11_child[3323]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 503s [p11_child[3323]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 503s [p11_child[3323]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 503s [p11_child[3323]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 503s [p11_child[3323]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 503s [p11_child[3323]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 503s [p11_child[3323]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 503s [p11_child[3323]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 503s [p11_child[3323]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 503s [p11_child[3323]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 503s [p11_child[3323]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 503s [p11_child[3323]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 503s [p11_child[3323]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 503s [p11_child[3323]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 503s [p11_child[3323]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 503s [p11_child[3323]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 503s [p11_child[3323]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 503s [p11_child[3323]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 503s [p11_child[3323]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 503s [p11_child[3323]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 503s [p11_child[3323]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 503s [p11_child[3323]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 503s [p11_child[3323]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 503s [p11_child[3323]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 503s [p11_child[3323]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 503s [p11_child[3323]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 503s [p11_child[3323]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 503s [p11_child[3323]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 503s [p11_child[3323]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 503s [p11_child[3323]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 503s [p11_child[3323]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 503s [p11_child[3323]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 503s [p11_child[3323]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 503s [p11_child[3323]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 503s [p11_child[3323]] [do_card] (0x4000): Certificate verified and validated. 503s [p11_child[3323]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 503s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-7F70Xv/SSSD-child-2149-auth.output 503s + echo '-----BEGIN CERTIFICATE-----' 503s + tail -n1 /tmp/sssd-softhsm2-7F70Xv/SSSD-child-2149-auth.output 503s + echo '-----END CERTIFICATE-----' 503s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-7F70Xv/SSSD-child-2149-auth.pem 503s Certificate: 503s Data: 503s Version: 3 (0x2) 503s Serial Number: 5 (0x5) 503s Signature Algorithm: sha256WithRSAEncryption 503s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate CA 503s Validity 503s Not Before: Mar 20 06:08:26 2024 GMT 503s Not After : Mar 20 06:08:26 2025 GMT 503s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate Trusted Certificate 0001 503s Subject Public Key Info: 503s Public Key Algorithm: rsaEncryption 503s Public-Key: (1024 bit) 503s Modulus: 503s 00:c6:a3:80:0c:73:e3:98:d9:0a:7f:b1:fa:af:9e: 503s 14:47:74:02:bf:62:11:17:02:66:6e:0f:d2:5b:ad: 503s 9d:8e:5d:81:e4:fa:08:c0:e5:3d:95:6f:d7:fd:c0: 503s 27:0f:85:96:5b:e0:78:80:27:65:da:4e:e4:1e:92: 503s 66:39:f3:07:89:27:46:85:75:07:74:46:a1:51:26: 503s 49:d1:0d:ee:32:34:43:4d:88:5f:50:41:3a:ee:55: 503s 2b:eb:94:35:10:ef:48:c5:24:72:9d:a3:0a:f4:15: 503s 1f:16:7b:c3:e4:92:ff:33:5b:48:75:2f:49:c6:42: 503s 87:b2:ac:25:41:48:aa:71:7b 503s Exponent: 65537 (0x10001) 503s X509v3 extensions: 503s X509v3 Authority Key Identifier: 503s B3:8C:20:3E:2C:AB:6A:B6:17:72:96:C0:73:11:E3:E6:38:01:5E:E8 503s X509v3 Basic Constraints: 503s CA:FALSE 503s Netscape Cert Type: 503s SSL Client, S/MIME 503s Netscape Comment: 503s Test Organization Sub Intermediate CA trusted Certificate 503s X509v3 Subject Key Identifier: 503s A9:C8:1A:3B:A7:7B:98:4A:BB:B0:41:FA:FD:FE:B4:55:83:1D:8F:69 503s X509v3 Key Usage: critical 503s Digital Signature, Non Repudiation, Key Encipherment 503s X509v3 Extended Key Usage: 503s TLS Web Client Authentication, E-mail Protection 503s X509v3 Subject Alternative Name: 503s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 503s Signature Algorithm: sha256WithRSAEncryption 503s Signature Value: 503s 68:22:1b:24:62:12:a3:ca:32:87:fc:35:8f:37:9b:2a:24:54: 503s 1d:63:12:1e:52:b5:eb:72:e5:bc:01:0a:c1:ee:c3:b1:b2:96: 503s 4b:d5:e7:ad:f5:40:33:07:bd:93:31:f0:7b:02:48:d5:28:0c: 503s 04:9e:ad:1c:84:88:fd:21:8d:13:3c:50:3f:1c:36:ea:0c:47: 503s e3:84:33:ac:fd:ff:bf:72:1d:85:34:7d:68:7c:dd:7d:23:26: 503s 4f:90:26:44:e4:2a:20:ca:3e:ad:81:c0:47:39:7b:22:e2:bd: 503s 4d:ad:da:0e:6a:38:27:3d:72:3d:83:1e:c0:c6:3e:7e:ca:42: 503s 43:21 503s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-7F70Xv/SSSD-child-2149-auth.pem 503s + found_md5=Modulus=C6A3800C73E398D90A7FB1FAAF9E14477402BF62111702666E0FD25BAD9D8E5D81E4FA08C0E53D956FD7FDC0270F85965BE078802765DA4EE41E926639F3078927468575077446A1512649D10DEE3234434D885F50413AEE552BEB943510EF48C524729DA30AF4151F167BC3E492FF335B48752F49C64287B2AC254148AA717B 503s + '[' Modulus=C6A3800C73E398D90A7FB1FAAF9E14477402BF62111702666E0FD25BAD9D8E5D81E4FA08C0E53D956FD7FDC0270F85965BE078802765DA4EE41E926639F3078927468575077446A1512649D10DEE3234434D885F50413AEE552BEB943510EF48C524729DA30AF4151F167BC3E492FF335B48752F49C64287B2AC254148AA717B '!=' Modulus=C6A3800C73E398D90A7FB1FAAF9E14477402BF62111702666E0FD25BAD9D8E5D81E4FA08C0E53D956FD7FDC0270F85965BE078802765DA4EE41E926639F3078927468575077446A1512649D10DEE3234434D885F50413AEE552BEB943510EF48C524729DA30AF4151F167BC3E492FF335B48752F49C64287B2AC254148AA717B ']' 503s + invalid_certificate /tmp/sssd-softhsm2-7F70Xv/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-9685 /tmp/sssd-softhsm2-7F70Xv/test-sub-intermediate-CA.pem 503s + check_certificate /tmp/sssd-softhsm2-7F70Xv/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-9685 /tmp/sssd-softhsm2-7F70Xv/test-sub-intermediate-CA.pem 503s + local certificate=/tmp/sssd-softhsm2-7F70Xv/test-sub-intermediate-CA-trusted-certificate-0001.pem 503s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-9685 503s + local key_ring=/tmp/sssd-softhsm2-7F70Xv/test-sub-intermediate-CA.pem 503s + local verify_option= 503s + prepare_softhsm2_card /tmp/sssd-softhsm2-7F70Xv/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-9685 503s + local certificate=/tmp/sssd-softhsm2-7F70Xv/test-sub-intermediate-CA-trusted-certificate-0001.pem 503s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-9685 503s + local key_cn 503s + local key_name 503s + local tokens_dir 503s + local output_cert_file 503s + token_name= 503s ++ basename /tmp/sssd-softhsm2-7F70Xv/test-sub-intermediate-CA-trusted-certificate-0001.pem .pem 503s + key_name=test-sub-intermediate-CA-trusted-certificate-0001 503s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-7F70Xv/test-sub-intermediate-CA-trusted-certificate-0001.pem 503s ++ sed -n 's/ *commonName *= //p' 503s + key_cn='Test Organization Sub Intermediate Trusted Certificate 0001' 503s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 503s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-7F70Xv/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 503s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-7F70Xv/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 503s ++ basename /tmp/sssd-softhsm2-7F70Xv/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf .conf 503s + tokens_dir=/tmp/sssd-softhsm2-7F70Xv/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 503s + token_name='Test Organization Sub Int Token' 503s + '[' '!' -e /tmp/sssd-softhsm2-7F70Xv/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf ']' 503s + '[' '!' -d /tmp/sssd-softhsm2-7F70Xv/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 ']' 503s + echo 'Test Organization Sub Int Token' 503s + '[' -n '' ']' 503s + local output_base_name=SSSD-child-28136 503s + local output_file=/tmp/sssd-softhsm2-7F70Xv/SSSD-child-28136.output 503s + output_cert_file=/tmp/sssd-softhsm2-7F70Xv/SSSD-child-28136.pem 503s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/powerpc64le-linux-gnu/softhsm/libsofthsm2.so '' --ca_db=/tmp/sssd-softhsm2-7F70Xv/test-sub-intermediate-CA.pem 503s Test Organization Sub Int Token 503s [p11_child[3333]] [main] (0x0400): p11_child started. 503s [p11_child[3333]] [main] (0x2000): Running in [pre-auth] mode. 503s [p11_child[3333]] [main] (0x2000): Running with effective IDs: [0][0]. 503s [p11_child[3333]] [main] (0x2000): Running with real IDs [0][0]. 503s [p11_child[3333]] [do_card] (0x4000): Module List: 503s [p11_child[3333]] [do_card] (0x4000): common name: [softhsm2]. 503s [p11_child[3333]] [do_card] (0x4000): dll name: [/usr/lib/powerpc64le-linux-gnu/softhsm/libsofthsm2.so]. 503s [p11_child[3333]] [do_card] (0x4000): Description [SoftHSM slot ID 0x655eef4f] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 503s [p11_child[3333]] [do_card] (0x4000): Token label [Test Organization Sub Int Token]. 503s [p11_child[3333]] [do_card] (0x4000): Found [Test Organization Sub Int Token] in slot [SoftHSM slot ID 0x655eef4f][1700720463] of module [0][/usr/lib/powerpc64le-linux-gnu/softhsm/libsofthsm2.so]. 503s [p11_child[3333]] [do_card] (0x4000): Login NOT required. 503s [p11_child[3333]] [read_certs] (0x4000): found cert[Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] 503s [p11_child[3333]] [do_verification] (0x0040): X509_verify_cert failed [0]. 503s [p11_child[3333]] [do_verification] (0x0040): X509_verify_cert failed [2][unable to get issuer certificate]. 503s [p11_child[3333]] [read_certs] (0x0040): Certificate [Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] not valid, skipping. 503s [p11_child[3333]] [do_card] (0x4000): No certificate found. 503s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-7F70Xv/SSSD-child-28136.output 503s + return 2 503s + invalid_certificate /tmp/sssd-softhsm2-7F70Xv/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-9685 /tmp/sssd-softhsm2-7F70Xv/test-root-intermediate-chain-CA.pem partial_chain 503s + check_certificate /tmp/sssd-softhsm2-7F70Xv/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-9685 /tmp/sssd-softhsm2-7F70Xv/test-root-intermediate-chain-CA.pem partial_chain 503s + local certificate=/tmp/sssd-softhsm2-7F70Xv/test-sub-intermediate-CA-trusted-certificate-0001.pem 503s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-9685 503s + local key_ring=/tmp/sssd-softhsm2-7F70Xv/test-root-intermediate-chain-CA.pem 503s + local verify_option=partial_chain 503s + prepare_softhsm2_card /tmp/sssd-softhsm2-7F70Xv/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-9685 503s + local certificate=/tmp/sssd-softhsm2-7F70Xv/test-sub-intermediate-CA-trusted-certificate-0001.pem 503s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-9685 503s + local key_cn 503s + local key_name 503s + local tokens_dir 503s + local output_cert_file 503s + token_name= 503s ++ basename /tmp/sssd-softhsm2-7F70Xv/test-sub-intermediate-CA-trusted-certificate-0001.pem .pem 503s + key_name=test-sub-intermediate-CA-trusted-certificate-0001 503s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-7F70Xv/test-sub-intermediate-CA-trusted-certificate-0001.pem 503s ++ sed -n 's/ *commonName *= //p' 503s + key_cn='Test Organization Sub Intermediate Trusted Certificate 0001' 503s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 503s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-7F70Xv/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 503s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-7F70Xv/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 503s ++ basename /tmp/sssd-softhsm2-7F70Xv/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf .conf 503s Test Organization Sub Int Token 503s + tokens_dir=/tmp/sssd-softhsm2-7F70Xv/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 503s + token_name='Test Organization Sub Int Token' 503s + '[' '!' -e /tmp/sssd-softhsm2-7F70Xv/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf ']' 503s + '[' '!' -d /tmp/sssd-softhsm2-7F70Xv/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 ']' 503s + echo 'Test Organization Sub Int Token' 503s + '[' -n partial_chain ']' 503s + local verify_arg=--verify=partial_chain 503s + local output_base_name=SSSD-child-25063 503s + local output_file=/tmp/sssd-softhsm2-7F70Xv/SSSD-child-25063.output 503s + output_cert_file=/tmp/sssd-softhsm2-7F70Xv/SSSD-child-25063.pem 503s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/powerpc64le-linux-gnu/softhsm/libsofthsm2.so --verify=partial_chain --ca_db=/tmp/sssd-softhsm2-7F70Xv/test-root-intermediate-chain-CA.pem 503s [p11_child[3340]] [main] (0x0400): p11_child started. 503s [p11_child[3340]] [main] (0x2000): Running in [pre-auth] mode. 503s [p11_child[3340]] [main] (0x2000): Running with effective IDs: [0][0]. 503s [p11_child[3340]] [main] (0x2000): Running with real IDs [0][0]. 503s [p11_child[3340]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 503s [p11_child[3340]] [do_card] (0x4000): Module List: 503s [p11_child[3340]] [do_card] (0x4000): common name: [softhsm2]. 503s [p11_child[3340]] [do_card] (0x4000): dll name: [/usr/lib/powerpc64le-linux-gnu/softhsm/libsofthsm2.so]. 503s [p11_child[3340]] [do_card] (0x4000): Description [SoftHSM slot ID 0x655eef4f] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 503s [p11_child[3340]] [do_card] (0x4000): Token label [Test Organization Sub Int Token]. 503s [p11_child[3340]] [do_card] (0x4000): Found [Test Organization Sub Int Token] in slot [SoftHSM slot ID 0x655eef4f][1700720463] of module [0][/usr/lib/powerpc64le-linux-gnu/softhsm/libsofthsm2.so]. 503s [p11_child[3340]] [do_card] (0x4000): Login NOT required. 503s [p11_child[3340]] [read_certs] (0x4000): found cert[Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] 503s [p11_child[3340]] [do_verification] (0x0040): X509_verify_cert failed [0]. 503s [p11_child[3340]] [do_verification] (0x0040): X509_verify_cert failed [20][unable to get local issuer certificate]. 503s [p11_child[3340]] [read_certs] (0x0040): Certificate [Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] not valid, skipping. 503s [p11_child[3340]] [do_card] (0x4000): No certificate found. 503s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-7F70Xv/SSSD-child-25063.output 503s + return 2 503s + valid_certificate /tmp/sssd-softhsm2-7F70Xv/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-9685 /tmp/sssd-softhsm2-7F70Xv/test-sub-intermediate-CA.pem partial_chain 503s + check_certificate /tmp/sssd-softhsm2-7F70Xv/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-9685 /tmp/sssd-softhsm2-7F70Xv/test-sub-intermediate-CA.pem partial_chain 503s + local certificate=/tmp/sssd-softhsm2-7F70Xv/test-sub-intermediate-CA-trusted-certificate-0001.pem 503s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-9685 503s + local key_ring=/tmp/sssd-softhsm2-7F70Xv/test-sub-intermediate-CA.pem 503s + local verify_option=partial_chain 503s + prepare_softhsm2_card /tmp/sssd-softhsm2-7F70Xv/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-9685 503s + local certificate=/tmp/sssd-softhsm2-7F70Xv/test-sub-intermediate-CA-trusted-certificate-0001.pem 503s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-9685 503s + local key_cn 503s + local key_name 503s + local tokens_dir 503s + local output_cert_file 503s + token_name= 503s ++ basename /tmp/sssd-softhsm2-7F70Xv/test-sub-intermediate-CA-trusted-certificate-0001.pem .pem 503s + key_name=test-sub-intermediate-CA-trusted-certificate-0001 503s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-7F70Xv/test-sub-intermediate-CA-trusted-certificate-0001.pem 503s ++ sed -n 's/ *commonName *= //p' 504s + key_cn='Test Organization Sub Intermediate Trusted Certificate 0001' 504s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 504s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-7F70Xv/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 504s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-7F70Xv/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 504s ++ basename /tmp/sssd-softhsm2-7F70Xv/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf .conf 504s Test Organization Sub Int Token 504s + tokens_dir=/tmp/sssd-softhsm2-7F70Xv/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 504s + token_name='Test Organization Sub Int Token' 504s + '[' '!' -e /tmp/sssd-softhsm2-7F70Xv/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf ']' 504s + '[' '!' -d /tmp/sssd-softhsm2-7F70Xv/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 ']' 504s + echo 'Test Organization Sub Int Token' 504s + '[' -n partial_chain ']' 504s + local verify_arg=--verify=partial_chain 504s + local output_base_name=SSSD-child-24672 504s + local output_file=/tmp/sssd-softhsm2-7F70Xv/SSSD-child-24672.output 504s + output_cert_file=/tmp/sssd-softhsm2-7F70Xv/SSSD-child-24672.pem 504s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/powerpc64le-linux-gnu/softhsm/libsofthsm2.so --verify=partial_chain --ca_db=/tmp/sssd-softhsm2-7F70Xv/test-sub-intermediate-CA.pem 504s [p11_child[3347]] [main] (0x0400): p11_child started. 504s [p11_child[3347]] [main] (0x2000): Running in [pre-auth] mode. 504s [p11_child[3347]] [main] (0x2000): Running with effective IDs: [0][0]. 504s [p11_child[3347]] [main] (0x2000): Running with real IDs [0][0]. 504s [p11_child[3347]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 504s [p11_child[3347]] [do_card] (0x4000): Module List: 504s [p11_child[3347]] [do_card] (0x4000): common name: [softhsm2]. 504s [p11_child[3347]] [do_card] (0x4000): dll name: [/usr/lib/powerpc64le-linux-gnu/softhsm/libsofthsm2.so]. 504s [p11_child[3347]] [do_card] (0x4000): Description [SoftHSM slot ID 0x655eef4f] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 504s [p11_child[3347]] [do_card] (0x4000): Token label [Test Organization Sub Int Token]. 504s [p11_child[3347]] [do_card] (0x4000): Found [Test Organization Sub Int Token] in slot [SoftHSM slot ID 0x655eef4f][1700720463] of module [0][/usr/lib/powerpc64le-linux-gnu/softhsm/libsofthsm2.so]. 504s [p11_child[3347]] [do_card] (0x4000): Login NOT required. 504s [p11_child[3347]] [read_certs] (0x4000): found cert[Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] 504s [p11_child[3347]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 504s [p11_child[3347]] [do_card] (0x4000): /usr/lib/powerpc64le-linux-gnu/softhsm/libsofthsm2.so /usr/lib/powerpc64le-linux-gnu/softhsm/libsofthsm2.so (null) Test Organization Sub Int Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 504s [p11_child[3347]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x655eef4f;slot-manufacturer=SoftHSM%20project;slot-id=1700720463;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=beec8884655eef4f;token=Test%20Organization%20Sub%20Int%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Sub%20Intermediate%20Trusted%20Certificate%200001;type=cert. 504s [p11_child[3347]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 504s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-7F70Xv/SSSD-child-24672.output 504s + echo '-----BEGIN CERTIFICATE-----' 504s + tail -n1 /tmp/sssd-softhsm2-7F70Xv/SSSD-child-24672.output 504s + echo '-----END CERTIFICATE-----' 504s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-7F70Xv/SSSD-child-24672.pem 504s Certificate: 504s Data: 504s Version: 3 (0x2) 504s Serial Number: 5 (0x5) 504s Signature Algorithm: sha256WithRSAEncryption 504s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate CA 504s Validity 504s Not Before: Mar 20 06:08:26 2024 GMT 504s Not After : Mar 20 06:08:26 2025 GMT 504s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate Trusted Certificate 0001 504s Subject Public Key Info: 504s Public Key Algorithm: rsaEncryption 504s Public-Key: (1024 bit) 504s Modulus: 504s 00:c6:a3:80:0c:73:e3:98:d9:0a:7f:b1:fa:af:9e: 504s 14:47:74:02:bf:62:11:17:02:66:6e:0f:d2:5b:ad: 504s 9d:8e:5d:81:e4:fa:08:c0:e5:3d:95:6f:d7:fd:c0: 504s 27:0f:85:96:5b:e0:78:80:27:65:da:4e:e4:1e:92: 504s 66:39:f3:07:89:27:46:85:75:07:74:46:a1:51:26: 504s 49:d1:0d:ee:32:34:43:4d:88:5f:50:41:3a:ee:55: 504s 2b:eb:94:35:10:ef:48:c5:24:72:9d:a3:0a:f4:15: 504s 1f:16:7b:c3:e4:92:ff:33:5b:48:75:2f:49:c6:42: 504s 87:b2:ac:25:41:48:aa:71:7b 504s Exponent: 65537 (0x10001) 504s X509v3 extensions: 504s X509v3 Authority Key Identifier: 504s B3:8C:20:3E:2C:AB:6A:B6:17:72:96:C0:73:11:E3:E6:38:01:5E:E8 504s X509v3 Basic Constraints: 504s CA:FALSE 504s Netscape Cert Type: 504s SSL Client, S/MIME 504s Netscape Comment: 504s Test Organization Sub Intermediate CA trusted Certificate 504s X509v3 Subject Key Identifier: 504s A9:C8:1A:3B:A7:7B:98:4A:BB:B0:41:FA:FD:FE:B4:55:83:1D:8F:69 504s X509v3 Key Usage: critical 504s Digital Signature, Non Repudiation, Key Encipherment 504s X509v3 Extended Key Usage: 504s TLS Web Client Authentication, E-mail Protection 504s X509v3 Subject Alternative Name: 504s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 504s Signature Algorithm: sha256WithRSAEncryption 504s Signature Value: 504s 68:22:1b:24:62:12:a3:ca:32:87:fc:35:8f:37:9b:2a:24:54: 504s 1d:63:12:1e:52:b5:eb:72:e5:bc:01:0a:c1:ee:c3:b1:b2:96: 504s 4b:d5:e7:ad:f5:40:33:07:bd:93:31:f0:7b:02:48:d5:28:0c: 504s 04:9e:ad:1c:84:88:fd:21:8d:13:3c:50:3f:1c:36:ea:0c:47: 504s e3:84:33:ac:fd:ff:bf:72:1d:85:34:7d:68:7c:dd:7d:23:26: 504s 4f:90:26:44:e4:2a:20:ca:3e:ad:81:c0:47:39:7b:22:e2:bd: 504s 4d:ad:da:0e:6a:38:27:3d:72:3d:83:1e:c0:c6:3e:7e:ca:42: 504s 43:21 504s + local found_md5 expected_md5 504s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-7F70Xv/test-sub-intermediate-CA-trusted-certificate-0001.pem 504s + expected_md5=Modulus=C6A3800C73E398D90A7FB1FAAF9E14477402BF62111702666E0FD25BAD9D8E5D81E4FA08C0E53D956FD7FDC0270F85965BE078802765DA4EE41E926639F3078927468575077446A1512649D10DEE3234434D885F50413AEE552BEB943510EF48C524729DA30AF4151F167BC3E492FF335B48752F49C64287B2AC254148AA717B 504s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-7F70Xv/SSSD-child-24672.pem 504s + found_md5=Modulus=C6A3800C73E398D90A7FB1FAAF9E14477402BF62111702666E0FD25BAD9D8E5D81E4FA08C0E53D956FD7FDC0270F85965BE078802765DA4EE41E926639F3078927468575077446A1512649D10DEE3234434D885F50413AEE552BEB943510EF48C524729DA30AF4151F167BC3E492FF335B48752F49C64287B2AC254148AA717B 504s + '[' Modulus=C6A3800C73E398D90A7FB1FAAF9E14477402BF62111702666E0FD25BAD9D8E5D81E4FA08C0E53D956FD7FDC0270F85965BE078802765DA4EE41E926639F3078927468575077446A1512649D10DEE3234434D885F50413AEE552BEB943510EF48C524729DA30AF4151F167BC3E492FF335B48752F49C64287B2AC254148AA717B '!=' Modulus=C6A3800C73E398D90A7FB1FAAF9E14477402BF62111702666E0FD25BAD9D8E5D81E4FA08C0E53D956FD7FDC0270F85965BE078802765DA4EE41E926639F3078927468575077446A1512649D10DEE3234434D885F50413AEE552BEB943510EF48C524729DA30AF4151F167BC3E492FF335B48752F49C64287B2AC254148AA717B ']' 504s + output_file=/tmp/sssd-softhsm2-7F70Xv/SSSD-child-24672-auth.output 504s ++ basename /tmp/sssd-softhsm2-7F70Xv/SSSD-child-24672-auth.output .output 504s + output_cert_file=/tmp/sssd-softhsm2-7F70Xv/SSSD-child-24672-auth.pem 504s + echo -n 053350 504s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/tmp/sssd-softhsm2-7F70Xv/test-sub-intermediate-CA.pem --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 --verify=partial_chain --token_name 'Test Organization Sub Int Token' --module_name /usr/lib/powerpc64le-linux-gnu/softhsm/libsofthsm2.so 504s [p11_child[3355]] [main] (0x0400): p11_child started. 504s [p11_child[3355]] [main] (0x2000): Running in [auth] mode. 504s [p11_child[3355]] [main] (0x2000): Running with effective IDs: [0][0]. 504s [p11_child[3355]] [main] (0x2000): Running with real IDs [0][0]. 504s [p11_child[3355]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 504s [p11_child[3355]] [do_card] (0x4000): Module List: 504s [p11_child[3355]] [do_card] (0x4000): common name: [softhsm2]. 504s [p11_child[3355]] [do_card] (0x4000): dll name: [/usr/lib/powerpc64le-linux-gnu/softhsm/libsofthsm2.so]. 504s [p11_child[3355]] [do_card] (0x4000): Description [SoftHSM slot ID 0x655eef4f] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 504s [p11_child[3355]] [do_card] (0x4000): Token label [Test Organization Sub Int Token]. 504s [p11_child[3355]] [do_card] (0x4000): Found [Test Organization Sub Int Token] in slot [SoftHSM slot ID 0x655eef4f][1700720463] of module [0][/usr/lib/powerpc64le-linux-gnu/softhsm/libsofthsm2.so]. 504s [p11_child[3355]] [do_card] (0x4000): Login required. 504s [p11_child[3355]] [read_certs] (0x4000): found cert[Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] 504s [p11_child[3355]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 504s [p11_child[3355]] [do_card] (0x4000): /usr/lib/powerpc64le-linux-gnu/softhsm/libsofthsm2.so /usr/lib/powerpc64le-linux-gnu/softhsm/libsofthsm2.so Test Organization Sub Int Token Test Organization Sub Int Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 504s [p11_child[3355]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x655eef4f;slot-manufacturer=SoftHSM%20project;slot-id=1700720463;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=beec8884655eef4f;token=Test%20Organization%20Sub%20Int%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Sub%20Intermediate%20Trusted%20Certificate%200001;type=cert. 504s [p11_child[3355]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 504s [p11_child[3355]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 504s [p11_child[3355]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 504s [p11_child[3355]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 504s [p11_child[3355]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 504s [p11_child[3355]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 504s [p11_child[3355]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 504s [p11_child[3355]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 504s [p11_child[3355]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 504s [p11_child[3355]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 504s [p11_child[3355]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 504s [p11_child[3355]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 504s [p11_child[3355]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 504s [p11_child[3355]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 504s [p11_child[3355]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 504s [p11_child[3355]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 504s [p11_child[3355]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 504s [p11_child[3355]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 504s [p11_child[3355]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 504s [p11_child[3355]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 504s [p11_child[3355]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 504s [p11_child[3355]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 504s [p11_child[3355]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 504s [p11_child[3355]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 504s [p11_child[3355]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 504s [p11_child[3355]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 504s [p11_child[3355]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 504s [p11_child[3355]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 504s [p11_child[3355]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 504s [p11_child[3355]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 504s [p11_child[3355]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 504s [p11_child[3355]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 504s [p11_child[3355]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 504s [p11_child[3355]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 504s [p11_child[3355]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 504s [p11_child[3355]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 504s [p11_child[3355]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 504s [p11_child[3355]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 504s [p11_child[3355]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 504s [p11_child[3355]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 504s [p11_child[3355]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 504s [p11_child[3355]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 504s [p11_child[3355]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 504s [p11_child[3355]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 504s [p11_child[3355]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 504s [p11_child[3355]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 504s [p11_child[3355]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 504s [p11_child[3355]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 504s [p11_child[3355]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 504s [p11_child[3355]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 504s [p11_child[3355]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 504s [p11_child[3355]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 504s [p11_child[3355]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 504s [p11_child[3355]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 504s [p11_child[3355]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 504s [p11_child[3355]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 504s [p11_child[3355]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 504s [p11_child[3355]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 504s [p11_child[3355]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 504s [p11_child[3355]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 504s [p11_child[3355]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 504s [p11_child[3355]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 504s [p11_child[3355]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 504s [p11_child[3355]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 504s [p11_child[3355]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 504s [p11_child[3355]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 504s [p11_child[3355]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 504s [p11_child[3355]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 504s [p11_child[3355]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 504s [p11_child[3355]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 504s [p11_child[3355]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 504s [p11_child[3355]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 504s [p11_child[3355]] [do_card] (0x4000): Certificate verified and validated. 504s [p11_child[3355]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 504s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-7F70Xv/SSSD-child-24672-auth.output 504s + echo '-----BEGIN CERTIFICATE-----' 504s + tail -n1 /tmp/sssd-softhsm2-7F70Xv/SSSD-child-24672-auth.output 504s + echo '-----END CERTIFICATE-----' 504s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-7F70Xv/SSSD-child-24672-auth.pem 504s Certificate: 504s Data: 504s Version: 3 (0x2) 504s Serial Number: 5 (0x5) 504s Signature Algorithm: sha256WithRSAEncryption 504s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate CA 504s Validity 504s Not Before: Mar 20 06:08:26 2024 GMT 504s Not After : Mar 20 06:08:26 2025 GMT 504s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate Trusted Certificate 0001 504s Subject Public Key Info: 504s Public Key Algorithm: rsaEncryption 504s Public-Key: (1024 bit) 504s Modulus: 504s 00:c6:a3:80:0c:73:e3:98:d9:0a:7f:b1:fa:af:9e: 504s 14:47:74:02:bf:62:11:17:02:66:6e:0f:d2:5b:ad: 504s 9d:8e:5d:81:e4:fa:08:c0:e5:3d:95:6f:d7:fd:c0: 504s 27:0f:85:96:5b:e0:78:80:27:65:da:4e:e4:1e:92: 504s 66:39:f3:07:89:27:46:85:75:07:74:46:a1:51:26: 504s 49:d1:0d:ee:32:34:43:4d:88:5f:50:41:3a:ee:55: 504s 2b:eb:94:35:10:ef:48:c5:24:72:9d:a3:0a:f4:15: 504s 1f:16:7b:c3:e4:92:ff:33:5b:48:75:2f:49:c6:42: 504s 87:b2:ac:25:41:48:aa:71:7b 504s Exponent: 65537 (0x10001) 504s X509v3 extensions: 504s X509v3 Authority Key Identifier: 504s B3:8C:20:3E:2C:AB:6A:B6:17:72:96:C0:73:11:E3:E6:38:01:5E:E8 504s X509v3 Basic Constraints: 504s CA:FALSE 504s Netscape Cert Type: 504s SSL Client, S/MIME 504s Netscape Comment: 504s Test Organization Sub Intermediate CA trusted Certificate 504s X509v3 Subject Key Identifier: 504s A9:C8:1A:3B:A7:7B:98:4A:BB:B0:41:FA:FD:FE:B4:55:83:1D:8F:69 504s X509v3 Key Usage: critical 504s Digital Signature, Non Repudiation, Key Encipherment 504s X509v3 Extended Key Usage: 504s TLS Web Client Authentication, E-mail Protection 504s X509v3 Subject Alternative Name: 504s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 504s Signature Algorithm: sha256WithRSAEncryption 504s Signature Value: 504s 68:22:1b:24:62:12:a3:ca:32:87:fc:35:8f:37:9b:2a:24:54: 504s 1d:63:12:1e:52:b5:eb:72:e5:bc:01:0a:c1:ee:c3:b1:b2:96: 504s 4b:d5:e7:ad:f5:40:33:07:bd:93:31:f0:7b:02:48:d5:28:0c: 504s 04:9e:ad:1c:84:88:fd:21:8d:13:3c:50:3f:1c:36:ea:0c:47: 504s e3:84:33:ac:fd:ff:bf:72:1d:85:34:7d:68:7c:dd:7d:23:26: 504s 4f:90:26:44:e4:2a:20:ca:3e:ad:81:c0:47:39:7b:22:e2:bd: 504s 4d:ad:da:0e:6a:38:27:3d:72:3d:83:1e:c0:c6:3e:7e:ca:42: 504s 43:21 504s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-7F70Xv/SSSD-child-24672-auth.pem 504s + found_md5=Modulus=C6A3800C73E398D90A7FB1FAAF9E14477402BF62111702666E0FD25BAD9D8E5D81E4FA08C0E53D956FD7FDC0270F85965BE078802765DA4EE41E926639F3078927468575077446A1512649D10DEE3234434D885F50413AEE552BEB943510EF48C524729DA30AF4151F167BC3E492FF335B48752F49C64287B2AC254148AA717B 504s + '[' Modulus=C6A3800C73E398D90A7FB1FAAF9E14477402BF62111702666E0FD25BAD9D8E5D81E4FA08C0E53D956FD7FDC0270F85965BE078802765DA4EE41E926639F3078927468575077446A1512649D10DEE3234434D885F50413AEE552BEB943510EF48C524729DA30AF4151F167BC3E492FF335B48752F49C64287B2AC254148AA717B '!=' Modulus=C6A3800C73E398D90A7FB1FAAF9E14477402BF62111702666E0FD25BAD9D8E5D81E4FA08C0E53D956FD7FDC0270F85965BE078802765DA4EE41E926639F3078927468575077446A1512649D10DEE3234434D885F50413AEE552BEB943510EF48C524729DA30AF4151F167BC3E492FF335B48752F49C64287B2AC254148AA717B ']' 504s + valid_certificate /tmp/sssd-softhsm2-7F70Xv/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-9685 /tmp/sssd-softhsm2-7F70Xv/test-intermediate-sub-chain-CA.pem partial_chain 504s + check_certificate /tmp/sssd-softhsm2-7F70Xv/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-9685 /tmp/sssd-softhsm2-7F70Xv/test-intermediate-sub-chain-CA.pem partial_chain 504s + local certificate=/tmp/sssd-softhsm2-7F70Xv/test-sub-intermediate-CA-trusted-certificate-0001.pem 504s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-9685 504s + local key_ring=/tmp/sssd-softhsm2-7F70Xv/test-intermediate-sub-chain-CA.pem 504s + local verify_option=partial_chain 504s + prepare_softhsm2_card /tmp/sssd-softhsm2-7F70Xv/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-9685 504s + local certificate=/tmp/sssd-softhsm2-7F70Xv/test-sub-intermediate-CA-trusted-certificate-0001.pem 504s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-9685 504s + local key_cn 504s + local key_name 504s + local tokens_dir 504s + local output_cert_file 504s + token_name= 504s ++ basename /tmp/sssd-softhsm2-7F70Xv/test-sub-intermediate-CA-trusted-certificate-0001.pem .pem 504s + key_name=test-sub-intermediate-CA-trusted-certificate-0001 504s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-7F70Xv/test-sub-intermediate-CA-trusted-certificate-0001.pem 504s ++ sed -n 's/ *commonName *= //p' 504s + key_cn='Test Organization Sub Intermediate Trusted Certificate 0001' 504s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 504s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-7F70Xv/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 504s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-7F70Xv/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 504s ++ basename /tmp/sssd-softhsm2-7F70Xv/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf .conf 504s Test Organization Sub Int Token 504s + tokens_dir=/tmp/sssd-softhsm2-7F70Xv/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 504s + token_name='Test Organization Sub Int Token' 504s + '[' '!' -e /tmp/sssd-softhsm2-7F70Xv/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf ']' 504s + '[' '!' -d /tmp/sssd-softhsm2-7F70Xv/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 ']' 504s + echo 'Test Organization Sub Int Token' 504s + '[' -n partial_chain ']' 504s + local verify_arg=--verify=partial_chain 504s + local output_base_name=SSSD-child-24505 504s + local output_file=/tmp/sssd-softhsm2-7F70Xv/SSSD-child-24505.output 504s + output_cert_file=/tmp/sssd-softhsm2-7F70Xv/SSSD-child-24505.pem 504s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/powerpc64le-linux-gnu/softhsm/libsofthsm2.so --verify=partial_chain --ca_db=/tmp/sssd-softhsm2-7F70Xv/test-intermediate-sub-chain-CA.pem 504s [p11_child[3365]] [main] (0x0400): p11_child started. 504s [p11_child[3365]] [main] (0x2000): Running in [pre-auth] mode. 504s [p11_child[3365]] [main] (0x2000): Running with effective IDs: [0][0]. 504s [p11_child[3365]] [main] (0x2000): Running with real IDs [0][0]. 504s [p11_child[3365]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 504s [p11_child[3365]] [do_card] (0x4000): Module List: 504s [p11_child[3365]] [do_card] (0x4000): common name: [softhsm2]. 504s [p11_child[3365]] [do_card] (0x4000): dll name: [/usr/lib/powerpc64le-linux-gnu/softhsm/libsofthsm2.so]. 504s [p11_child[3365]] [do_card] (0x4000): Description [SoftHSM slot ID 0x655eef4f] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 504s [p11_child[3365]] [do_card] (0x4000): Token label [Test Organization Sub Int Token]. 504s [p11_child[3365]] [do_card] (0x4000): Found [Test Organization Sub Int Token] in slot [SoftHSM slot ID 0x655eef4f][1700720463] of module [0][/usr/lib/powerpc64le-linux-gnu/softhsm/libsofthsm2.so]. 504s [p11_child[3365]] [do_card] (0x4000): Login NOT required. 504s [p11_child[3365]] [read_certs] (0x4000): found cert[Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] 504s [p11_child[3365]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 504s [p11_child[3365]] [do_card] (0x4000): /usr/lib/powerpc64le-linux-gnu/softhsm/libsofthsm2.so /usr/lib/powerpc64le-linux-gnu/softhsm/libsofthsm2.so (null) Test Organization Sub Int Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 504s [p11_child[3365]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x655eef4f;slot-manufacturer=SoftHSM%20project;slot-id=1700720463;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=beec8884655eef4f;token=Test%20Organization%20Sub%20Int%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Sub%20Intermediate%20Trusted%20Certificate%200001;type=cert. 504s [p11_child[3365]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 504s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-7F70Xv/SSSD-child-24505.output 504s + echo '-----BEGIN CERTIFICATE-----' 504s + tail -n1 /tmp/sssd-softhsm2-7F70Xv/SSSD-child-24505.output 504s + echo '-----END CERTIFICATE-----' 504s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-7F70Xv/SSSD-child-24505.pem 504s + local found_md5 expected_md5 504s Certificate: 504s Data: 504s Version: 3 (0x2) 504s Serial Number: 5 (0x5) 504s Signature Algorithm: sha256WithRSAEncryption 504s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate CA 504s Validity 504s Not Before: Mar 20 06:08:26 2024 GMT 504s Not After : Mar 20 06:08:26 2025 GMT 504s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate Trusted Certificate 0001 504s Subject Public Key Info: 504s Public Key Algorithm: rsaEncryption 504s Public-Key: (1024 bit) 504s Modulus: 504s 00:c6:a3:80:0c:73:e3:98:d9:0a:7f:b1:fa:af:9e: 504s 14:47:74:02:bf:62:11:17:02:66:6e:0f:d2:5b:ad: 504s 9d:8e:5d:81:e4:fa:08:c0:e5:3d:95:6f:d7:fd:c0: 504s 27:0f:85:96:5b:e0:78:80:27:65:da:4e:e4:1e:92: 504s 66:39:f3:07:89:27:46:85:75:07:74:46:a1:51:26: 504s 49:d1:0d:ee:32:34:43:4d:88:5f:50:41:3a:ee:55: 504s 2b:eb:94:35:10:ef:48:c5:24:72:9d:a3:0a:f4:15: 504s 1f:16:7b:c3:e4:92:ff:33:5b:48:75:2f:49:c6:42: 504s 87:b2:ac:25:41:48:aa:71:7b 504s Exponent: 65537 (0x10001) 504s X509v3 extensions: 504s X509v3 Authority Key Identifier: 504s B3:8C:20:3E:2C:AB:6A:B6:17:72:96:C0:73:11:E3:E6:38:01:5E:E8 504s X509v3 Basic Constraints: 504s CA:FALSE 504s Netscape Cert Type: 504s SSL Client, S/MIME 504s Netscape Comment: 504s Test Organization Sub Intermediate CA trusted Certificate 504s X509v3 Subject Key Identifier: 504s A9:C8:1A:3B:A7:7B:98:4A:BB:B0:41:FA:FD:FE:B4:55:83:1D:8F:69 504s X509v3 Key Usage: critical 504s Digital Signature, Non Repudiation, Key Encipherment 504s X509v3 Extended Key Usage: 504s TLS Web Client Authentication, E-mail Protection 504s X509v3 Subject Alternative Name: 504s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 504s Signature Algorithm: sha256WithRSAEncryption 504s Signature Value: 504s 68:22:1b:24:62:12:a3:ca:32:87:fc:35:8f:37:9b:2a:24:54: 504s 1d:63:12:1e:52:b5:eb:72:e5:bc:01:0a:c1:ee:c3:b1:b2:96: 504s 4b:d5:e7:ad:f5:40:33:07:bd:93:31:f0:7b:02:48:d5:28:0c: 504s 04:9e:ad:1c:84:88:fd:21:8d:13:3c:50:3f:1c:36:ea:0c:47: 504s e3:84:33:ac:fd:ff:bf:72:1d:85:34:7d:68:7c:dd:7d:23:26: 504s 4f:90:26:44:e4:2a:20:ca:3e:ad:81:c0:47:39:7b:22:e2:bd: 504s 4d:ad:da:0e:6a:38:27:3d:72:3d:83:1e:c0:c6:3e:7e:ca:42: 504s 43:21 504s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-7F70Xv/test-sub-intermediate-CA-trusted-certificate-0001.pem 504s + expected_md5=Modulus=C6A3800C73E398D90A7FB1FAAF9E14477402BF62111702666E0FD25BAD9D8E5D81E4FA08C0E53D956FD7FDC0270F85965BE078802765DA4EE41E926639F3078927468575077446A1512649D10DEE3234434D885F50413AEE552BEB943510EF48C524729DA30AF4151F167BC3E492FF335B48752F49C64287B2AC254148AA717B 504s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-7F70Xv/SSSD-child-24505.pem 504s + found_md5=Modulus=C6A3800C73E398D90A7FB1FAAF9E14477402BF62111702666E0FD25BAD9D8E5D81E4FA08C0E53D956FD7FDC0270F85965BE078802765DA4EE41E926639F3078927468575077446A1512649D10DEE3234434D885F50413AEE552BEB943510EF48C524729DA30AF4151F167BC3E492FF335B48752F49C64287B2AC254148AA717B 504s + '[' Modulus=C6A3800C73E398D90A7FB1FAAF9E14477402BF62111702666E0FD25BAD9D8E5D81E4FA08C0E53D956FD7FDC0270F85965BE078802765DA4EE41E926639F3078927468575077446A1512649D10DEE3234434D885F50413AEE552BEB943510EF48C524729DA30AF4151F167BC3E492FF335B48752F49C64287B2AC254148AA717B '!=' Modulus=C6A3800C73E398D90A7FB1FAAF9E14477402BF62111702666E0FD25BAD9D8E5D81E4FA08C0E53D956FD7FDC0270F85965BE078802765DA4EE41E926639F3078927468575077446A1512649D10DEE3234434D885F50413AEE552BEB943510EF48C524729DA30AF4151F167BC3E492FF335B48752F49C64287B2AC254148AA717B ']' 504s + output_file=/tmp/sssd-softhsm2-7F70Xv/SSSD-child-24505-auth.output 504s ++ basename /tmp/sssd-softhsm2-7F70Xv/SSSD-child-24505-auth.output .output 504s + output_cert_file=/tmp/sssd-softhsm2-7F70Xv/SSSD-child-24505-auth.pem 504s + echo -n 053350 504s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/tmp/sssd-softhsm2-7F70Xv/test-intermediate-sub-chain-CA.pem --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 --verify=partial_chain --token_name 'Test Organization Sub Int Token' --module_name /usr/lib/powerpc64le-linux-gnu/softhsm/libsofthsm2.so 504s [p11_child[3373]] [main] (0x0400): p11_child started. 504s [p11_child[3373]] [main] (0x2000): Running in [auth] mode. 504s [p11_child[3373]] [main] (0x2000): Running with effective IDs: [0][0]. 504s [p11_child[3373]] [main] (0x2000): Running with real IDs [0][0]. 504s [p11_child[3373]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 504s [p11_child[3373]] [do_card] (0x4000): Module List: 504s [p11_child[3373]] [do_card] (0x4000): common name: [softhsm2]. 504s [p11_child[3373]] [do_card] (0x4000): dll name: [/usr/lib/powerpc64le-linux-gnu/softhsm/libsofthsm2.so]. 504s [p11_child[3373]] [do_card] (0x4000): Description [SoftHSM slot ID 0x655eef4f] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 504s [p11_child[3373]] [do_card] (0x4000): Token label [Test Organization Sub Int Token]. 504s [p11_child[3373]] [do_card] (0x4000): Found [Test Organization Sub Int Token] in slot [SoftHSM slot ID 0x655eef4f][1700720463] of module [0][/usr/lib/powerpc64le-linux-gnu/softhsm/libsofthsm2.so]. 504s [p11_child[3373]] [do_card] (0x4000): Login required. 504s [p11_child[3373]] [read_certs] (0x4000): found cert[Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] 504s [p11_child[3373]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 504s [p11_child[3373]] [do_card] (0x4000): /usr/lib/powerpc64le-linux-gnu/softhsm/libsofthsm2.so /usr/lib/powerpc64le-linux-gnu/softhsm/libsofthsm2.so Test Organization Sub Int Token Test Organization Sub Int Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 504s [p11_child[3373]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x655eef4f;slot-manufacturer=SoftHSM%20project;slot-id=1700720463;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=beec8884655eef4f;token=Test%20Organization%20Sub%20Int%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Sub%20Intermediate%20Trusted%20Certificate%200001;type=cert. 504s [p11_child[3373]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 504s [p11_child[3373]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 504s [p11_child[3373]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 504s [p11_child[3373]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 504s [p11_child[3373]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 504s [p11_child[3373]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 504s [p11_child[3373]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 504s [p11_child[3373]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 504s [p11_child[3373]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 504s [p11_child[3373]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 504s [p11_child[3373]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 504s [p11_child[3373]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 504s [p11_child[3373]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 504s [p11_child[3373]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 504s [p11_child[3373]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 504s [p11_child[3373]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 504s [p11_child[3373]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 504s [p11_child[3373]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 504s [p11_child[3373]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 504s [p11_child[3373]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 504s [p11_child[3373]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 504s [p11_child[3373]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 504s [p11_child[3373]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 504s [p11_child[3373]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 504s [p11_child[3373]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 504s [p11_child[3373]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 504s [p11_child[3373]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 504s [p11_child[3373]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 504s [p11_child[3373]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 504s [p11_child[3373]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 504s [p11_child[3373]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 504s [p11_child[3373]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 504s [p11_child[3373]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 504s [p11_child[3373]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 504s [p11_child[3373]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 504s [p11_child[3373]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 504s [p11_child[3373]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 504s [p11_child[3373]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 504s [p11_child[3373]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 504s [p11_child[3373]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 504s [p11_child[3373]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 504s [p11_child[3373]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 504s [p11_child[3373]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 504s [p11_child[3373]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 504s [p11_child[3373]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 504s [p11_child[3373]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 504s [p11_child[3373]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 504s [p11_child[3373]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 504s [p11_child[3373]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 504s [p11_child[3373]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 504s [p11_child[3373]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 504s [p11_child[3373]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 504s [p11_child[3373]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 504s [p11_child[3373]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 504s [p11_child[3373]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 504s [p11_child[3373]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 504s [p11_child[3373]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 504s [p11_child[3373]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 504s [p11_child[3373]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 504s [p11_child[3373]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 504s [p11_child[3373]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 504s [p11_child[3373]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 504s [p11_child[3373]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 504s [p11_child[3373]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 504s [p11_child[3373]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 504s [p11_child[3373]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 504s [p11_child[3373]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 504s [p11_child[3373]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 504s [p11_child[3373]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 504s [p11_child[3373]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 504s [p11_child[3373]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 504s [p11_child[3373]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 504s [p11_child[3373]] [do_card] (0x4000): Certificate verified and validated. 504s [p11_child[3373]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 504s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-7F70Xv/SSSD-child-24505-auth.output 504s + echo '-----BEGIN CERTIFICATE-----' 504s + tail -n1 /tmp/sssd-softhsm2-7F70Xv/SSSD-child-24505-auth.output 504s + echo '-----END CERTIFICATE-----' 504s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-7F70Xv/SSSD-child-24505-auth.pem 504s Certificate: 504s Data: 504s Version: 3 (0x2) 504s Serial Number: 5 (0x5) 504s Signature Algorithm: sha256WithRSAEncryption 504s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate CA 504s Validity 504s Not Before: Mar 20 06:08:26 2024 GMT 504s Not After : Mar 20 06:08:26 2025 GMT 504s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate Trusted Certificate 0001 504s Subject Public Key Info: 504s Public Key Algorithm: rsaEncryption 504s Public-Key: (1024 bit) 504s Modulus: 504s 00:c6:a3:80:0c:73:e3:98:d9:0a:7f:b1:fa:af:9e: 504s 14:47:74:02:bf:62:11:17:02:66:6e:0f:d2:5b:ad: 504s 9d:8e:5d:81:e4:fa:08:c0:e5:3d:95:6f:d7:fd:c0: 504s 27:0f:85:96:5b:e0:78:80:27:65:da:4e:e4:1e:92: 504s 66:39:f3:07:89:27:46:85:75:07:74:46:a1:51:26: 504s 49:d1:0d:ee:32:34:43:4d:88:5f:50:41:3a:ee:55: 504s 2b:eb:94:35:10:ef:48:c5:24:72:9d:a3:0a:f4:15: 504s 1f:16:7b:c3:e4:92:ff:33:5b:48:75:2f:49:c6:42: 504s 87:b2:ac:25:41:48:aa:71:7b 504s Exponent: 65537 (0x10001) 504s X509v3 extensions: 504s X509v3 Authority Key Identifier: 504s B3:8C:20:3E:2C:AB:6A:B6:17:72:96:C0:73:11:E3:E6:38:01:5E:E8 504s X509v3 Basic Constraints: 504s CA:FALSE 504s Netscape Cert Type: 504s SSL Client, S/MIME 504s Netscape Comment: 504s Test Organization Sub Intermediate CA trusted Certificate 504s X509v3 Subject Key Identifier: 504s A9:C8:1A:3B:A7:7B:98:4A:BB:B0:41:FA:FD:FE:B4:55:83:1D:8F:69 504s X509v3 Key Usage: critical 504s Digital Signature, Non Repudiation, Key Encipherment 504s X509v3 Extended Key Usage: 504s TLS Web Client Authentication, E-mail Protection 504s X509v3 Subject Alternative Name: 504s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 504s Signature Algorithm: sha256WithRSAEncryption 504s Signature Value: 504s 68:22:1b:24:62:12:a3:ca:32:87:fc:35:8f:37:9b:2a:24:54: 504s 1d:63:12:1e:52:b5:eb:72:e5:bc:01:0a:c1:ee:c3:b1:b2:96: 504s 4b:d5:e7:ad:f5:40:33:07:bd:93:31:f0:7b:02:48:d5:28:0c: 504s 04:9e:ad:1c:84:88:fd:21:8d:13:3c:50:3f:1c:36:ea:0c:47: 504s e3:84:33:ac:fd:ff:bf:72:1d:85:34:7d:68:7c:dd:7d:23:26: 504s 4f:90:26:44:e4:2a:20:ca:3e:ad:81:c0:47:39:7b:22:e2:bd: 504s 4d:ad:da:0e:6a:38:27:3d:72:3d:83:1e:c0:c6:3e:7e:ca:42: 504s 43:21 504s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-7F70Xv/SSSD-child-24505-auth.pem 504s 504s Test completed, Root CA and intermediate issued certificates verified! 504s + found_md5=Modulus=C6A3800C73E398D90A7FB1FAAF9E14477402BF62111702666E0FD25BAD9D8E5D81E4FA08C0E53D956FD7FDC0270F85965BE078802765DA4EE41E926639F3078927468575077446A1512649D10DEE3234434D885F50413AEE552BEB943510EF48C524729DA30AF4151F167BC3E492FF335B48752F49C64287B2AC254148AA717B 504s + '[' Modulus=C6A3800C73E398D90A7FB1FAAF9E14477402BF62111702666E0FD25BAD9D8E5D81E4FA08C0E53D956FD7FDC0270F85965BE078802765DA4EE41E926639F3078927468575077446A1512649D10DEE3234434D885F50413AEE552BEB943510EF48C524729DA30AF4151F167BC3E492FF335B48752F49C64287B2AC254148AA717B '!=' Modulus=C6A3800C73E398D90A7FB1FAAF9E14477402BF62111702666E0FD25BAD9D8E5D81E4FA08C0E53D956FD7FDC0270F85965BE078802765DA4EE41E926639F3078927468575077446A1512649D10DEE3234434D885F50413AEE552BEB943510EF48C524729DA30AF4151F167BC3E492FF335B48752F49C64287B2AC254148AA717B ']' 504s + set +x 505s autopkgtest [06:08:33]: test sssd-softhism2-certificates-tests.sh: -----------------------] 505s autopkgtest [06:08:33]: test sssd-softhism2-certificates-tests.sh: - - - - - - - - - - results - - - - - - - - - - 505s sssd-softhism2-certificates-tests.sh PASS 506s autopkgtest [06:08:34]: test sssd-smart-card-pam-auth-configs: preparing testbed 508s Reading package lists... 508s Building dependency tree... 508s Reading state information... 509s Starting pkgProblemResolver with broken count: 0 509s Starting 2 pkgProblemResolver with broken count: 0 509s Done 509s The following additional packages will be installed: 509s pamtester 509s The following NEW packages will be installed: 509s autopkgtest-satdep pamtester 509s 0 upgraded, 2 newly installed, 0 to remove and 0 not upgraded. 509s Need to get 14.6 kB/15.4 kB of archives. 509s After this operation, 86.0 kB of additional disk space will be used. 509s Get:1 /tmp/autopkgtest.AyRU1c/4-autopkgtest-satdep.deb autopkgtest-satdep ppc64el 0 [764 B] 509s Get:2 http://ftpmaster.internal/ubuntu noble/universe ppc64el pamtester ppc64el 0.1.2-4 [14.6 kB] 510s Fetched 14.6 kB in 0s (67.6 kB/s) 510s Selecting previously unselected package pamtester. 510s (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 70684 files and directories currently installed.) 510s Preparing to unpack .../pamtester_0.1.2-4_ppc64el.deb ... 510s Unpacking pamtester (0.1.2-4) ... 510s Selecting previously unselected package autopkgtest-satdep. 510s Preparing to unpack .../4-autopkgtest-satdep.deb ... 510s Unpacking autopkgtest-satdep (0) ... 510s Setting up pamtester (0.1.2-4) ... 510s Setting up autopkgtest-satdep (0) ... 510s Processing triggers for man-db (2.12.0-3) ... 513s (Reading database ... 70690 files and directories currently installed.) 513s Removing autopkgtest-satdep (0) ... 514s autopkgtest [06:08:42]: test sssd-smart-card-pam-auth-configs: env OFFLINE_MODE=1 bash debian/tests/sssd-smart-card-pam-auth-configs-tester.sh 514s autopkgtest [06:08:42]: test sssd-smart-card-pam-auth-configs: [----------------------- 514s + '[' -z ubuntu ']' 514s + export DEBIAN_FRONTEND=noninteractive 514s + DEBIAN_FRONTEND=noninteractive 514s + required_tools=(pamtester softhsm2-util sssd) 514s + [[ ! -v OFFLINE_MODE ]] 514s + for cmd in "${required_tools[@]}" 514s + command -v pamtester 514s + for cmd in "${required_tools[@]}" 514s + command -v softhsm2-util 514s + for cmd in "${required_tools[@]}" 514s + command -v sssd 514s + PIN=123456 514s ++ mktemp -d -t sssd-softhsm2-certs-XXXXXX 514s + tmpdir=/tmp/sssd-softhsm2-certs-C1qBym 514s + backupsdir= 514s + alternative_pam_configs=(sss-smart-card-optional sss-smart-card-required) 514s + declare -a restore_paths 514s + declare -a delete_paths 514s + trap handle_exit EXIT 514s ++ dirname debian/tests/sssd-smart-card-pam-auth-configs-tester.sh 514s + tester=debian/tests/sssd-softhism2-certificates-tests.sh 514s + '[' '!' -e debian/tests/sssd-softhism2-certificates-tests.sh ']' 514s + '[' '!' -e debian/tests/sssd-softhism2-certificates-tests.sh ']' 514s + export PIN TEST_TMPDIR=/tmp/sssd-softhsm2-certs-C1qBym GENERATE_SMART_CARDS=1 KEEP_TEMPORARY_FILES=1 NO_SSSD_TESTS=1 514s + TEST_TMPDIR=/tmp/sssd-softhsm2-certs-C1qBym 514s + GENERATE_SMART_CARDS=1 514s + KEEP_TEMPORARY_FILES=1 514s + NO_SSSD_TESTS=1 514s + bash debian/tests/sssd-softhism2-certificates-tests.sh 514s + '[' -z ubuntu ']' 514s + required_tools=(p11tool openssl softhsm2-util) 514s + for cmd in "${required_tools[@]}" 514s + command -v p11tool 514s + for cmd in "${required_tools[@]}" 514s + command -v openssl 514s + for cmd in "${required_tools[@]}" 514s + command -v softhsm2-util 514s + PIN=123456 514s +++ find /usr/lib/softhsm/libsofthsm2.so 514s +++ head -n 1 514s ++ realpath /usr/lib/softhsm/libsofthsm2.so 514s + SOFTHSM2_MODULE=/usr/lib/powerpc64le-linux-gnu/softhsm/libsofthsm2.so 514s + SSSD_P11_CHILD=/usr/libexec/sssd/p11_child 514s + TOKEN_ID=00112233445566778899FFAABBCCDDEEFF012345 514s + '[' '!' -v NO_SSSD_TESTS ']' 514s + '[' '!' -e /usr/lib/powerpc64le-linux-gnu/softhsm/libsofthsm2.so ']' 514s + tmpdir=/tmp/sssd-softhsm2-certs-C1qBym 514s + keys_size=1024 514s + [[ ! -v KEEP_TEMPORARY_FILES ]] 514s + trap 'set +x; echo -e "\nUnexpected failure!!!"' ERR 514s + echo -n 01 514s + touch /tmp/sssd-softhsm2-certs-C1qBym/index.txt 514s + mkdir -p /tmp/sssd-softhsm2-certs-C1qBym/new_certs 514s + cat 514s + root_ca_key_pass=pass:random-root-CA-password-25036 514s + openssl genrsa -aes256 -out /tmp/sssd-softhsm2-certs-C1qBym/test-root-CA-key.pem -passout pass:random-root-CA-password-25036 1024 514s + openssl req -passin pass:random-root-CA-password-25036 -batch -config /tmp/sssd-softhsm2-certs-C1qBym/test-root-CA.config -x509 -new -nodes -key /tmp/sssd-softhsm2-certs-C1qBym/test-root-CA-key.pem -sha256 -days 1024 -set_serial 0 -extensions v3_ca -out /tmp/sssd-softhsm2-certs-C1qBym/test-root-CA.pem 514s + openssl x509 -noout -in /tmp/sssd-softhsm2-certs-C1qBym/test-root-CA.pem 514s + cat 514s + intermediate_ca_key_pass=pass:random-intermediate-CA-password-6610 514s + openssl genrsa -aes256 -out /tmp/sssd-softhsm2-certs-C1qBym/test-intermediate-CA-key.pem -passout pass:random-intermediate-CA-password-6610 1024 514s + openssl req -batch -new -nodes -passin pass:random-intermediate-CA-password-6610 -config /tmp/sssd-softhsm2-certs-C1qBym/test-intermediate-CA.config -key /tmp/sssd-softhsm2-certs-C1qBym/test-intermediate-CA-key.pem -passout pass:random-root-CA-password-25036 -sha256 -extensions v3_ca -out /tmp/sssd-softhsm2-certs-C1qBym/test-intermediate-CA-certificate-request.pem 514s + openssl req -text -noout -in /tmp/sssd-softhsm2-certs-C1qBym/test-intermediate-CA-certificate-request.pem 514s Certificate Request: 514s Data: 514s Version: 1 (0x0) 514s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate CA 514s Subject Public Key Info: 514s Public Key Algorithm: rsaEncryption 514s Public-Key: (1024 bit) 514s Modulus: 514s 00:ce:36:a7:b3:0f:01:b3:98:13:e8:5d:d5:c3:2b: 514s 19:b8:a8:54:ed:ae:1e:e9:29:03:65:8a:6a:20:2d: 514s e8:06:62:e2:93:71:01:80:f2:da:34:b3:c3:a7:38: 514s db:28:9b:cd:9a:31:37:28:bd:36:9f:69:7d:04:b0: 514s 67:09:49:65:b6:51:5c:eb:f1:78:8b:4f:7b:31:ef: 514s 2f:d0:18:58:73:1c:69:f8:e8:a3:55:06:b3:13:2a: 514s af:bd:87:35:0c:77:1f:e1:ed:8e:80:5d:0b:67:8b: 514s 07:f3:27:b9:9a:3a:ec:20:8e:10:c8:1c:6a:2a:2f: 514s 49:55:b1:67:e6:ff:79:12:1f 514s Exponent: 65537 (0x10001) 514s Attributes: 514s (none) 514s Requested Extensions: 514s Signature Algorithm: sha256WithRSAEncryption 514s Signature Value: 514s 3e:8c:f9:87:2e:4e:83:8f:f1:e2:d4:97:3d:db:6e:79:45:42: 514s 73:d3:b9:65:de:21:80:da:3f:50:62:e6:27:00:8e:3c:73:fe: 514s 92:28:57:86:6b:7f:79:20:75:42:a0:f1:6a:cd:0b:a1:21:b9: 514s e6:59:f5:fb:23:b3:28:16:a8:39:7f:0c:ae:f4:58:f3:20:a8: 514s fa:f6:24:c3:29:ee:dd:a7:dd:93:60:c2:90:2c:e8:e7:2e:67: 514s 78:a2:d9:bf:a5:4b:0d:34:8f:01:73:14:2c:75:9d:4c:f8:d9: 514s 56:ea:12:12:48:0c:4a:d1:b1:fa:21:e2:ef:72:6c:4b:3c:a8: 514s f2:28 514s + openssl ca -batch -notext -config /tmp/sssd-softhsm2-certs-C1qBym/test-root-CA.config -passin pass:random-root-CA-password-25036 -keyfile /tmp/sssd-softhsm2-certs-C1qBym/test-root-CA-key.pem -in /tmp/sssd-softhsm2-certs-C1qBym/test-intermediate-CA-certificate-request.pem -days 365 -extensions v3_intermediate_ca -out /tmp/sssd-softhsm2-certs-C1qBym/test-intermediate-CA.pem 514s Using configuration from /tmp/sssd-softhsm2-certs-C1qBym/test-root-CA.config 514s Check that the request matches the signature 514s Signature ok 514s Certificate Details: 514s Serial Number: 1 (0x1) 514s Validity 514s Not Before: Mar 20 06:08:42 2024 GMT 514s Not After : Mar 20 06:08:42 2025 GMT 514s Subject: 515s organizationName = Test Organization 515s organizationalUnitName = Test Organization Unit 515s commonName = Test Organization Intermediate CA 515s X509v3 extensions: 515s X509v3 Subject Key Identifier: 515s CF:4D:4D:53:DB:6F:2E:83:EF:D3:47:E9:C8:1C:74:8E:14:27:08:D9 515s X509v3 Authority Key Identifier: 515s keyid:E9:6F:43:FF:AB:7A:B5:1C:AA:01:3D:F9:CA:1E:CC:36:F4:42:F0:42 515s DirName:/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root CA 515s serial:00 515s X509v3 Basic Constraints: 515s CA:TRUE 515s X509v3 Key Usage: critical 515s Digital Signature, Certificate Sign, CRL Sign 515s Certificate is to be certified until Mar 20 06:08:42 2025 GMT (365 days) 515s 515s Write out database with 1 new entries 515s Database updated 515s + openssl x509 -noout -in /tmp/sssd-softhsm2-certs-C1qBym/test-intermediate-CA.pem 515s + openssl verify -CAfile /tmp/sssd-softhsm2-certs-C1qBym/test-root-CA.pem /tmp/sssd-softhsm2-certs-C1qBym/test-intermediate-CA.pem 515s /tmp/sssd-softhsm2-certs-C1qBym/test-intermediate-CA.pem: OK 515s + cat 515s + sub_intermediate_ca_key_pass=pass:random-sub-intermediate-CA-password-6707 515s + openssl genrsa -aes256 -out /tmp/sssd-softhsm2-certs-C1qBym/test-sub-intermediate-CA-key.pem -passout pass:random-sub-intermediate-CA-password-6707 1024 515s + openssl req -batch -new -nodes -passin pass:random-sub-intermediate-CA-password-6707 -config /tmp/sssd-softhsm2-certs-C1qBym/test-sub-intermediate-CA.config -key /tmp/sssd-softhsm2-certs-C1qBym/test-sub-intermediate-CA-key.pem -passout pass:random-intermediate-CA-password-6610 -sha256 -extensions v3_ca -out /tmp/sssd-softhsm2-certs-C1qBym/test-sub-intermediate-CA-certificate-request.pem 515s + openssl req -text -noout -in /tmp/sssd-softhsm2-certs-C1qBym/test-sub-intermediate-CA-certificate-request.pem 515s Certificate Request: 515s Data: 515s Version: 1 (0x0) 515s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate CA 515s Subject Public Key Info: 515s Public Key Algorithm: rsaEncryption 515s Public-Key: (1024 bit) 515s Modulus: 515s 00:e1:b1:fb:6b:de:b8:6b:eb:f8:eb:89:71:71:80: 515s 47:41:e0:11:dc:5d:78:af:3f:c4:ec:f2:ba:e2:72: 515s 20:55:30:69:39:2c:00:e9:0c:58:88:f2:eb:d5:60: 515s 0a:05:36:8f:0c:7e:b7:35:31:5f:5b:31:0f:fe:29: 515s 01:4d:0f:c6:ee:8f:23:7c:38:bb:82:bd:a4:7e:18: 515s dd:ef:c1:05:98:7e:8d:c3:92:6d:24:20:16:3b:d2: 515s a4:6f:82:0e:b3:8f:76:37:23:66:71:4e:be:0a:70: 515s 03:6f:c1:66:17:3b:c1:d0:cc:41:6c:55:08:2f:ba: 515s 93:b6:c2:4a:6d:65:f0:39:1b 515s Exponent: 65537 (0x10001) 515s Attributes: 515s (none) 515s Requested Extensions: 515s Signature Algorithm: sha256WithRSAEncryption 515s Signature Value: 515s ae:5f:f3:b6:55:32:99:37:3f:c1:ab:3f:33:30:70:65:b5:1d: 515s fd:ad:3a:cd:ae:55:9b:29:1a:bb:30:04:b9:75:43:31:9b:22: 515s 72:df:68:11:e1:0b:bb:ee:e4:77:fc:b3:2e:44:ba:d7:9c:e5: 515s c6:7e:68:1d:db:e4:cb:88:47:e4:c8:10:3b:f1:6f:85:0d:32: 515s 62:17:27:c1:cf:38:19:ac:5c:8a:0f:25:fa:b4:e8:e8:dd:3d: 515s f2:b4:23:84:de:ad:42:3d:7f:60:e2:88:d1:1f:93:a8:49:e9: 515s 4d:8f:33:00:c1:52:e7:db:8f:f9:f3:19:79:c4:76:a9:7c:a0: 515s 11:8c 515s + openssl ca -batch -notext -config /tmp/sssd-softhsm2-certs-C1qBym/test-intermediate-CA.config -passin pass:random-intermediate-CA-password-6610 -keyfile /tmp/sssd-softhsm2-certs-C1qBym/test-intermediate-CA-key.pem -in /tmp/sssd-softhsm2-certs-C1qBym/test-sub-intermediate-CA-certificate-request.pem -days 365 -extensions v3_intermediate_ca -out /tmp/sssd-softhsm2-certs-C1qBym/test-sub-intermediate-CA.pem 515s Using configuration from /tmp/sssd-softhsm2-certs-C1qBym/test-intermediate-CA.config 515s Check that the request matches the signature 515s Signature ok 515s Certificate Details: 515s Serial Number: 2 (0x2) 515s Validity 515s Not Before: Mar 20 06:08:43 2024 GMT 515s Not After : Mar 20 06:08:43 2025 GMT 515s Subject: 515s organizationName = Test Organization 515s organizationalUnitName = Test Organization Unit 515s commonName = Test Organization Sub Intermediate CA 515s X509v3 extensions: 515s X509v3 Subject Key Identifier: 515s 23:10:D8:15:B5:34:F8:B2:C7:F6:A8:A9:10:F4:72:8C:31:BB:64:69 515s X509v3 Authority Key Identifier: 515s keyid:CF:4D:4D:53:DB:6F:2E:83:EF:D3:47:E9:C8:1C:74:8E:14:27:08:D9 515s DirName:/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root CA 515s serial:01 515s X509v3 Basic Constraints: 515s CA:TRUE 515s X509v3 Key Usage: critical 515s Digital Signature, Certificate Sign, CRL Sign 515s Certificate is to be certified until Mar 20 06:08:43 2025 GMT (365 days) 515s 515s Write out database with 1 new entries 515s Database updated 515s + openssl x509 -noout -in /tmp/sssd-softhsm2-certs-C1qBym/test-sub-intermediate-CA.pem 515s + openssl verify -partial_chain -CAfile /tmp/sssd-softhsm2-certs-C1qBym/test-intermediate-CA.pem /tmp/sssd-softhsm2-certs-C1qBym/test-sub-intermediate-CA.pem 515s + expect_fail openssl verify -CAfile /tmp/sssd-softhsm2-certs-C1qBym/test-root-CA.pem /tmp/sssd-softhsm2-certs-C1qBym/test-sub-intermediate-CA.pem 515s + local cmd=openssl 515s + shift 515s + openssl verify -CAfile /tmp/sssd-softhsm2-certs-C1qBym/test-root-CA.pem /tmp/sssd-softhsm2-certs-C1qBym/test-sub-intermediate-CA.pem 515s /tmp/sssd-softhsm2-certs-C1qBym/test-sub-intermediate-CA.pem: OK 515s O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate CA 515s error 20 at 0 depth lookup: unable to get local issuer certificate 515s error /tmp/sssd-softhsm2-certs-C1qBym/test-sub-intermediate-CA.pem: verification failed 515s + cat 515s + root_ca_trusted_cert_0001_key_pass=pass:random-root-ca-trusted-cert-0001-3031 515s + openssl genrsa -aes256 -out /tmp/sssd-softhsm2-certs-C1qBym/test-root-CA-trusted-certificate-0001-key.pem -passout pass:random-root-ca-trusted-cert-0001-3031 1024 515s + openssl req -new -nodes -reqexts req_exts -passin pass:random-root-ca-trusted-cert-0001-3031 -key /tmp/sssd-softhsm2-certs-C1qBym/test-root-CA-trusted-certificate-0001-key.pem -config /tmp/sssd-softhsm2-certs-C1qBym/test-root-CA-trusted-certificate-0001.config -out /tmp/sssd-softhsm2-certs-C1qBym/test-root-CA-trusted-certificate-0001-request.pem 515s + openssl req -text -noout -in /tmp/sssd-softhsm2-certs-C1qBym/test-root-CA-trusted-certificate-0001-request.pem 515s Certificate Request: 515s Data: 515s Version: 1 (0x0) 515s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root Trusted Certificate 0001 515s Subject Public Key Info: 515s Public Key Algorithm: rsaEncryption 515s Public-Key: (1024 bit) 515s Modulus: 515s 00:b1:29:db:fe:40:27:fa:79:a8:74:04:fe:52:4b: 515s ac:70:87:9d:52:d5:a2:60:03:93:e9:b5:c2:a6:d5: 515s ac:64:81:07:c2:bd:36:d3:d3:09:5a:70:eb:c5:2a: 515s 8d:96:50:1a:f6:34:43:fb:ec:00:5b:17:80:d7:46: 515s 52:fe:c2:68:5c:dd:6e:39:f1:2c:36:9c:f6:f5:4c: 515s bc:21:51:1e:be:37:88:33:62:36:24:92:e8:ba:a2: 515s c3:74:d9:f4:dc:52:38:97:f9:0c:ab:24:82:81:aa: 515s d0:d5:e8:8a:2b:3b:24:c5:df:51:49:ca:62:20:c2: 515s bd:6e:36:d7:89:c5:23:f8:6d 515s Exponent: 65537 (0x10001) 515s Attributes: 515s Requested Extensions: 515s X509v3 Basic Constraints: 515s CA:FALSE 515s Netscape Cert Type: 515s SSL Client, S/MIME 515s Netscape Comment: 515s Test Organization Root CA trusted Certificate 515s X509v3 Subject Key Identifier: 515s 4E:48:6E:70:01:ED:56:21:C6:E2:D1:B5:A0:35:1A:76:51:32:62:B1 515s X509v3 Key Usage: critical 515s Digital Signature, Non Repudiation, Key Encipherment 515s X509v3 Extended Key Usage: 515s TLS Web Client Authentication, E-mail Protection 515s X509v3 Subject Alternative Name: 515s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 515s Signature Algorithm: sha256WithRSAEncryption 515s Signature Value: 515s 0f:2a:b5:7d:5c:f2:17:be:b6:bb:62:f3:b6:23:b8:f9:ed:89: 515s 75:e4:3d:9b:d3:e5:98:ac:18:fd:27:9f:68:e6:0c:fb:f8:50: 515s a3:ec:f5:8a:81:63:fe:a6:45:60:27:48:d0:ac:86:65:2d:9c: 515s f5:5f:10:7a:1f:ac:df:50:0d:eb:eb:98:83:b3:20:e3:d6:65: 515s 8b:00:19:20:e5:05:28:59:18:6e:79:c4:db:1f:1b:68:30:5b: 515s b9:df:aa:a3:8a:99:6d:6f:a2:6a:82:a8:c9:82:95:ba:e8:82: 515s 8e:71:41:3f:21:3c:50:ad:2e:28:1b:a4:9d:e1:4b:7e:0c:00: 515s d0:0d 515s + openssl ca -batch -notext -config /tmp/sssd-softhsm2-certs-C1qBym/test-root-CA.config -passin pass:random-root-CA-password-25036 -keyfile /tmp/sssd-softhsm2-certs-C1qBym/test-root-CA-key.pem -in /tmp/sssd-softhsm2-certs-C1qBym/test-root-CA-trusted-certificate-0001-request.pem -days 365 -extensions usr_cert -out /tmp/sssd-softhsm2-certs-C1qBym/test-root-CA-trusted-certificate-0001.pem 515s Using configuration from /tmp/sssd-softhsm2-certs-C1qBym/test-root-CA.config 515s Check that the request matches the signature 515s Signature ok 515s Certificate Details: 515s Serial Number: 3 (0x3) 515s Validity 515s Not Before: Mar 20 06:08:43 2024 GMT 515s Not After : Mar 20 06:08:43 2025 GMT 515s Subject: 515s organizationName = Test Organization 515s organizationalUnitName = Test Organization Unit 515s commonName = Test Organization Root Trusted Certificate 0001 515s X509v3 extensions: 515s X509v3 Authority Key Identifier: 515s E9:6F:43:FF:AB:7A:B5:1C:AA:01:3D:F9:CA:1E:CC:36:F4:42:F0:42 515s X509v3 Basic Constraints: 515s CA:FALSE 515s Netscape Cert Type: 515s SSL Client, S/MIME 515s Netscape Comment: 515s Test Organization Root CA trusted Certificate 515s X509v3 Subject Key Identifier: 515s 4E:48:6E:70:01:ED:56:21:C6:E2:D1:B5:A0:35:1A:76:51:32:62:B1 515s X509v3 Key Usage: critical 515s Digital Signature, Non Repudiation, Key Encipherment 515s X509v3 Extended Key Usage: 515s TLS Web Client Authentication, E-mail Protection 515s X509v3 Subject Alternative Name: 515s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 515s Certificate is to be certified until Mar 20 06:08:43 2025 GMT (365 days) 515s 515s Write out database with 1 new entries 515s Database updated 515s + openssl x509 -noout -in /tmp/sssd-softhsm2-certs-C1qBym/test-root-CA-trusted-certificate-0001.pem 515s + openssl verify -CAfile /tmp/sssd-softhsm2-certs-C1qBym/test-root-CA.pem /tmp/sssd-softhsm2-certs-C1qBym/test-root-CA-trusted-certificate-0001.pem 515s /tmp/sssd-softhsm2-certs-C1qBym/test-root-CA-trusted-certificate-0001.pem: OK 515s + expect_fail openssl verify -CAfile /tmp/sssd-softhsm2-certs-C1qBym/test-intermediate-CA.pem /tmp/sssd-softhsm2-certs-C1qBym/test-root-CA-trusted-certificate-0001.pem 515s + local cmd=openssl 515s + shift 515s + openssl verify -CAfile /tmp/sssd-softhsm2-certs-C1qBym/test-intermediate-CA.pem /tmp/sssd-softhsm2-certs-C1qBym/test-root-CA-trusted-certificate-0001.pem 515s O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root Trusted Certificate 0001 515s error 20 at 0 depth lookup: unable to get local issuer certificate 515s error /tmp/sssd-softhsm2-certs-C1qBym/test-root-CA-trusted-certificate-0001.pem: verification failed 515s + cat 515s + intermediate_ca_trusted_cert_0001_key_pass=pass:random-intermediate-ca-trusted-cert-0001-21813 515s + openssl genrsa -aes256 -out /tmp/sssd-softhsm2-certs-C1qBym/test-intermediate-CA-trusted-certificate-0001-key.pem -passout pass:random-intermediate-ca-trusted-cert-0001-21813 1024 515s + openssl req -new -nodes -reqexts req_exts -passin pass:random-intermediate-ca-trusted-cert-0001-21813 -key /tmp/sssd-softhsm2-certs-C1qBym/test-intermediate-CA-trusted-certificate-0001-key.pem -config /tmp/sssd-softhsm2-certs-C1qBym/test-intermediate-CA-trusted-certificate-0001.config -out /tmp/sssd-softhsm2-certs-C1qBym/test-intermediate-CA-trusted-certificate-0001-request.pem 515s + openssl req -text -noout -in /tmp/sssd-softhsm2-certs-C1qBym/test-intermediate-CA-trusted-certificate-0001-request.pem 515s Certificate Request: 515s Data: 515s Version: 1 (0x0) 515s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate Trusted Certificate 0001 515s Subject Public Key Info: 515s Public Key Algorithm: rsaEncryption 515s Public-Key: (1024 bit) 515s Modulus: 515s 00:bb:d6:38:cb:01:30:04:26:d0:01:4b:69:9b:2c: 515s 6b:20:03:43:71:72:f3:c5:89:0e:0c:35:7a:75:0c: 515s b6:c2:f6:c5:ce:fc:23:96:22:fd:a9:09:50:dc:ee: 515s 34:eb:7c:ce:31:9d:08:28:cd:5b:be:2b:3b:e2:9e: 515s 8a:89:8a:ac:03:93:df:34:1a:a9:5d:b4:40:3b:07: 515s 10:4f:e7:e7:df:bd:01:15:e1:b5:3a:b1:5d:06:69: 515s fb:29:2b:06:a1:c5:8e:b6:c6:e2:97:0f:aa:57:0f: 515s 96:09:e1:df:ff:4b:27:85:4e:ff:ff:c5:75:1a:92: 515s 72:38:55:9e:37:b4:44:1d:d9 515s Exponent: 65537 (0x10001) 515s Attributes: 515s Requested Extensions: 515s X509v3 Basic Constraints: 515s CA:FALSE 515s Netscape Cert Type: 515s SSL Client, S/MIME 515s Netscape Comment: 515s Test Organization Intermediate CA trusted Certificate 515s X509v3 Subject Key Identifier: 515s 72:40:46:79:DF:51:E7:D8:B2:9C:0B:6F:0B:0F:16:6C:16:95:14:78 515s X509v3 Key Usage: critical 515s Digital Signature, Non Repudiation, Key Encipherment 515s X509v3 Extended Key Usage: 515s TLS Web Client Authentication, E-mail Protection 515s X509v3 Subject Alternative Name: 515s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 515s Signature Algorithm: sha256WithRSAEncryption 515s Signature Value: 515s 87:01:bb:3a:dd:17:b9:8c:f4:97:46:08:71:f2:39:c4:72:9d: 515s fd:df:12:b8:db:1c:f2:c9:dc:61:5a:d5:66:59:8b:4a:d4:77: 515s f4:25:7b:5f:af:9c:20:18:9d:a7:f3:02:32:a5:7f:36:14:ff: 515s 8d:e8:1d:49:78:c2:31:b3:b5:56:e0:e0:da:90:31:65:21:53: 515s 7f:a2:b8:32:03:96:2f:f8:dd:e4:c9:57:1a:ef:a6:cc:46:3c: 515s 44:b2:ce:c1:09:c8:17:af:9f:4a:1c:5b:87:86:cd:a0:ff:6a: 515s 7d:ce:32:75:4c:6d:92:76:56:7f:c1:0e:94:2f:c4:46:79:db: 515s 17:52 515s + openssl ca -passin pass:random-intermediate-CA-password-6610 -config /tmp/sssd-softhsm2-certs-C1qBym/test-intermediate-CA.config -batch -notext -keyfile /tmp/sssd-softhsm2-certs-C1qBym/test-intermediate-CA-key.pem -in /tmp/sssd-softhsm2-certs-C1qBym/test-intermediate-CA-trusted-certificate-0001-request.pem -days 365 -extensions usr_cert -out /tmp/sssd-softhsm2-certs-C1qBym/test-intermediate-CA-trusted-certificate-0001.pem 515s Using configuration from /tmp/sssd-softhsm2-certs-C1qBym/test-intermediate-CA.config 515s Check that the request matches the signature 515s Signature ok 515s Certificate Details: 515s Serial Number: 4 (0x4) 515s Validity 515s Not Before: Mar 20 06:08:43 2024 GMT 515s Not After : Mar 20 06:08:43 2025 GMT 515s Subject: 515s organizationName = Test Organization 515s organizationalUnitName = Test Organization Unit 515s commonName = Test Organization Intermediate Trusted Certificate 0001 515s X509v3 extensions: 515s X509v3 Authority Key Identifier: 515s CF:4D:4D:53:DB:6F:2E:83:EF:D3:47:E9:C8:1C:74:8E:14:27:08:D9 515s X509v3 Basic Constraints: 515s CA:FALSE 515s Netscape Cert Type: 515s SSL Client, S/MIME 515s Netscape Comment: 515s Test Organization Intermediate CA trusted Certificate 515s X509v3 Subject Key Identifier: 515s 72:40:46:79:DF:51:E7:D8:B2:9C:0B:6F:0B:0F:16:6C:16:95:14:78 515s X509v3 Key Usage: critical 515s Digital Signature, Non Repudiation, Key Encipherment 515s X509v3 Extended Key Usage: 515s TLS Web Client Authentication, E-mail Protection 515s X509v3 Subject Alternative Name: 515s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 515s Certificate is to be certified until Mar 20 06:08:43 2025 GMT (365 days) 515s 515s Write out database with 1 new entries 515s Database updated 515s + openssl x509 -noout -in /tmp/sssd-softhsm2-certs-C1qBym/test-intermediate-CA-trusted-certificate-0001.pem 515s This certificate should not be trusted fully 515s + echo 'This certificate should not be trusted fully' 515s + expect_fail openssl verify -CAfile /tmp/sssd-softhsm2-certs-C1qBym/test-intermediate-CA.pem /tmp/sssd-softhsm2-certs-C1qBym/test-intermediate-CA-trusted-certificate-0001.pem 515s + local cmd=openssl 515s + shift 515s + openssl verify -CAfile /tmp/sssd-softhsm2-certs-C1qBym/test-intermediate-CA.pem /tmp/sssd-softhsm2-certs-C1qBym/test-intermediate-CA-trusted-certificate-0001.pem 515s O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate CA 515s error 2 at 1 depth lookup: unable to get issuer certificate 515s error /tmp/sssd-softhsm2-certs-C1qBym/test-intermediate-CA-trusted-certificate-0001.pem: verification failed 515s + openssl verify -partial_chain -CAfile /tmp/sssd-softhsm2-certs-C1qBym/test-intermediate-CA.pem /tmp/sssd-softhsm2-certs-C1qBym/test-intermediate-CA-trusted-certificate-0001.pem 515s /tmp/sssd-softhsm2-certs-C1qBym/test-intermediate-CA-trusted-certificate-0001.pem: OK 515s + cat 515s + sub_intermediate_ca_trusted_cert_0001_key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-16101 515s + openssl genrsa -aes256 -out /tmp/sssd-softhsm2-certs-C1qBym/test-sub-intermediate-CA-trusted-certificate-0001-key.pem -passout pass:random-sub-intermediate-ca-trusted-cert-0001-16101 1024 515s + openssl req -new -nodes -reqexts req_exts -passin pass:random-sub-intermediate-ca-trusted-cert-0001-16101 -key /tmp/sssd-softhsm2-certs-C1qBym/test-sub-intermediate-CA-trusted-certificate-0001-key.pem -config /tmp/sssd-softhsm2-certs-C1qBym/test-sub-intermediate-CA-trusted-certificate-0001.config -out /tmp/sssd-softhsm2-certs-C1qBym/test-sub-intermediate-CA-trusted-certificate-0001-request.pem 515s + openssl req -text -noout -in /tmp/sssd-softhsm2-certs-C1qBym/test-sub-intermediate-CA-trusted-certificate-0001-request.pem 515s Certificate Request: 515s Data: 515s Version: 1 (0x0) 515s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate Trusted Certificate 0001 515s Subject Public Key Info: 515s Public Key Algorithm: rsaEncryption 515s Public-Key: (1024 bit) 515s Modulus: 515s 00:b9:61:fc:b3:c2:7d:fc:25:a9:f2:c7:9a:8a:3f: 515s a7:3f:6f:15:13:da:07:0a:86:53:0f:96:06:72:5b: 515s a5:37:6c:47:4d:a1:f2:37:19:97:b5:bd:3a:99:68: 515s eb:b9:ad:b2:e1:dc:95:5b:9c:0d:24:4a:19:15:af: 515s aa:ee:ae:3a:87:8a:06:bf:b0:5a:25:f2:cb:58:84: 515s c7:fd:8f:95:ed:ae:03:86:87:6d:0c:72:d9:62:a4: 515s fc:6f:22:ea:8e:26:57:f7:b3:32:e9:7d:aa:0d:31: 515s 70:c9:c8:2a:05:30:ee:aa:18:d7:c6:76:58:b6:09: 515s 89:5d:7f:73:1d:55:97:89:3f 515s Exponent: 65537 (0x10001) 515s Attributes: 515s Requested Extensions: 515s X509v3 Basic Constraints: 515s CA:FALSE 515s Netscape Cert Type: 515s SSL Client, S/MIME 515s Netscape Comment: 515s Test Organization Sub Intermediate CA trusted Certificate 515s X509v3 Subject Key Identifier: 515s 26:FD:9F:14:DB:70:47:FC:D4:62:2E:58:10:5E:F6:16:05:AA:25:D2 515s X509v3 Key Usage: critical 515s Digital Signature, Non Repudiation, Key Encipherment 515s X509v3 Extended Key Usage: 515s TLS Web Client Authentication, E-mail Protection 515s X509v3 Subject Alternative Name: 515s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 515s Signature Algorithm: sha256WithRSAEncryption 515s Signature Value: 515s 62:58:23:21:33:98:f8:be:43:3b:12:56:29:a4:f2:16:a0:b6: 515s 0c:75:a4:0d:ad:e3:9d:1b:2a:fb:82:54:e9:30:f1:9c:ad:cd: 515s 8e:21:40:c5:36:c3:81:c3:6e:32:57:57:ba:bd:41:24:0c:3c: 515s de:0d:f4:27:b6:42:75:2a:33:97:8d:57:e7:0a:bc:14:e5:5a: 515s 20:a3:22:3c:b8:a9:19:a9:83:2b:d2:1d:0d:98:e6:8e:6c:80: 515s f6:7d:c0:e4:68:d0:4c:54:dd:fc:88:5b:f5:2d:77:34:f5:c6: 515s 33:56:ba:ea:0f:ae:1f:bc:6e:52:78:e2:d1:95:88:2e:ad:7a: 515s e5:76 515s + openssl ca -passin pass:random-sub-intermediate-CA-password-6707 -config /tmp/sssd-softhsm2-certs-C1qBym/test-sub-intermediate-CA.config -batch -notext -keyfile /tmp/sssd-softhsm2-certs-C1qBym/test-sub-intermediate-CA-key.pem -in /tmp/sssd-softhsm2-certs-C1qBym/test-sub-intermediate-CA-trusted-certificate-0001-request.pem -days 365 -extensions usr_cert -out /tmp/sssd-softhsm2-certs-C1qBym/test-sub-intermediate-CA-trusted-certificate-0001.pem 515s Using configuration from /tmp/sssd-softhsm2-certs-C1qBym/test-sub-intermediate-CA.config 515s Check that the request matches the signature 515s Signature ok 515s Certificate Details: 515s Serial Number: 5 (0x5) 515s Validity 515s Not Before: Mar 20 06:08:43 2024 GMT 515s Not After : Mar 20 06:08:43 2025 GMT 515s Subject: 515s organizationName = Test Organization 515s organizationalUnitName = Test Organization Unit 515s commonName = Test Organization Sub Intermediate Trusted Certificate 0001 515s X509v3 extensions: 515s X509v3 Authority Key Identifier: 515s 23:10:D8:15:B5:34:F8:B2:C7:F6:A8:A9:10:F4:72:8C:31:BB:64:69 515s X509v3 Basic Constraints: 515s CA:FALSE 515s Netscape Cert Type: 515s SSL Client, S/MIME 515s Netscape Comment: 515s Test Organization Sub Intermediate CA trusted Certificate 515s X509v3 Subject Key Identifier: 515s 26:FD:9F:14:DB:70:47:FC:D4:62:2E:58:10:5E:F6:16:05:AA:25:D2 515s X509v3 Key Usage: critical 515s Digital Signature, Non Repudiation, Key Encipherment 515s X509v3 Extended Key Usage: 515s TLS Web Client Authentication, E-mail Protection 515s X509v3 Subject Alternative Name: 515s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 515s Certificate is to be certified until Mar 20 06:08:43 2025 GMT (365 days) 515s 515s Write out database with 1 new entries 515s Database updated 515s + openssl x509 -noout -in /tmp/sssd-softhsm2-certs-C1qBym/test-sub-intermediate-CA-trusted-certificate-0001.pem 515s This certificate should not be trusted fully 515s + echo 'This certificate should not be trusted fully' 515s + expect_fail openssl verify -CAfile /tmp/sssd-softhsm2-certs-C1qBym/test-sub-intermediate-CA.pem /tmp/sssd-softhsm2-certs-C1qBym/test-sub-intermediate-CA-trusted-certificate-0001.pem 515s + local cmd=openssl 515s + shift 515s + openssl verify -CAfile /tmp/sssd-softhsm2-certs-C1qBym/test-sub-intermediate-CA.pem /tmp/sssd-softhsm2-certs-C1qBym/test-sub-intermediate-CA-trusted-certificate-0001.pem 515s O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate CA 515s error 2 at 1 depth lookup: unable to get issuer certificate 515s error /tmp/sssd-softhsm2-certs-C1qBym/test-sub-intermediate-CA-trusted-certificate-0001.pem: verification failed 515s + expect_fail openssl verify -CAfile /tmp/sssd-softhsm2-certs-C1qBym/test-intermediate-CA.pem /tmp/sssd-softhsm2-certs-C1qBym/test-sub-intermediate-CA-trusted-certificate-0001.pem 515s + local cmd=openssl 515s + shift 515s + openssl verify -CAfile /tmp/sssd-softhsm2-certs-C1qBym/test-intermediate-CA.pem /tmp/sssd-softhsm2-certs-C1qBym/test-sub-intermediate-CA-trusted-certificate-0001.pem 515s O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate Trusted Certificate 0001 515s error 20 at 0 depth lookup: unable to get local issuer certificate 515s error /tmp/sssd-softhsm2-certs-C1qBym/test-sub-intermediate-CA-trusted-certificate-0001.pem: verification failed 515s + openssl verify -partial_chain -CAfile /tmp/sssd-softhsm2-certs-C1qBym/test-sub-intermediate-CA.pem /tmp/sssd-softhsm2-certs-C1qBym/test-sub-intermediate-CA-trusted-certificate-0001.pem 515s /tmp/sssd-softhsm2-certs-C1qBym/test-sub-intermediate-CA-trusted-certificate-0001.pem: OK 515s + expect_fail openssl verify -partial_chain -CAfile /tmp/sssd-softhsm2-certs-C1qBym/test-intermediate-CA.pem /tmp/sssd-softhsm2-certs-C1qBym/test-sub-intermediate-CA-trusted-certificate-0001.pem 515s + local cmd=openssl 515s + shift 515s + openssl verify -partial_chain -CAfile /tmp/sssd-softhsm2-certs-C1qBym/test-intermediate-CA.pem /tmp/sssd-softhsm2-certs-C1qBym/test-sub-intermediate-CA-trusted-certificate-0001.pem 515s Building a the full-chain CA file... 515s O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate Trusted Certificate 0001 515s error 20 at 0 depth lookup: unable to get local issuer certificate 515s error /tmp/sssd-softhsm2-certs-C1qBym/test-sub-intermediate-CA-trusted-certificate-0001.pem: verification failed 515s + echo 'Building a the full-chain CA file...' 515s + cat /tmp/sssd-softhsm2-certs-C1qBym/test-root-CA.pem /tmp/sssd-softhsm2-certs-C1qBym/test-intermediate-CA.pem /tmp/sssd-softhsm2-certs-C1qBym/test-sub-intermediate-CA.pem 515s + cat /tmp/sssd-softhsm2-certs-C1qBym/test-root-CA.pem /tmp/sssd-softhsm2-certs-C1qBym/test-intermediate-CA.pem 515s + cat /tmp/sssd-softhsm2-certs-C1qBym/test-intermediate-CA.pem /tmp/sssd-softhsm2-certs-C1qBym/test-sub-intermediate-CA.pem 515s + openssl crl2pkcs7 -nocrl -certfile /tmp/sssd-softhsm2-certs-C1qBym/test-full-chain-CA.pem 515s + openssl pkcs7 -print_certs -noout 515s subject=O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root CA 515s issuer=O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root CA 515s 515s subject=O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate CA 515s issuer=O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root CA 515s 515s subject=O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate CA 515s issuer=O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate CA 515s 515s + openssl verify -CAfile /tmp/sssd-softhsm2-certs-C1qBym/test-full-chain-CA.pem /tmp/sssd-softhsm2-certs-C1qBym/test-intermediate-CA.pem 515s + openssl verify -CAfile /tmp/sssd-softhsm2-certs-C1qBym/test-full-chain-CA.pem /tmp/sssd-softhsm2-certs-C1qBym/test-root-CA-trusted-certificate-0001.pem 515s /tmp/sssd-softhsm2-certs-C1qBym/test-intermediate-CA.pem: OK 515s /tmp/sssd-softhsm2-certs-C1qBym/test-root-CA-trusted-certificate-0001.pem: OK 515s + openssl verify -CAfile /tmp/sssd-softhsm2-certs-C1qBym/test-full-chain-CA.pem /tmp/sssd-softhsm2-certs-C1qBym/test-intermediate-CA-trusted-certificate-0001.pem 515s /tmp/sssd-softhsm2-certs-C1qBym/test-intermediate-CA-trusted-certificate-0001.pem: OK 515s + openssl verify -CAfile /tmp/sssd-softhsm2-certs-C1qBym/test-full-chain-CA.pem /tmp/sssd-softhsm2-certs-C1qBym/test-root-intermediate-chain-CA.pem 515s + openssl verify -CAfile /tmp/sssd-softhsm2-certs-C1qBym/test-full-chain-CA.pem /tmp/sssd-softhsm2-certs-C1qBym/test-sub-intermediate-CA-trusted-certificate-0001.pem 515s /tmp/sssd-softhsm2-certs-C1qBym/test-root-intermediate-chain-CA.pem: OK 515s + echo 'Certificates generation completed!' 515s + [[ -v NO_SSSD_TESTS ]] 515s + [[ -v GENERATE_SMART_CARDS ]] 515s + prepare_softhsm2_card /tmp/sssd-softhsm2-certs-C1qBym/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-3031 515s + local certificate=/tmp/sssd-softhsm2-certs-C1qBym/test-root-CA-trusted-certificate-0001.pem 515s + local key_pass=pass:random-root-ca-trusted-cert-0001-3031 515s + local key_cn 515s + local key_name 515s + local tokens_dir 515s + local output_cert_file 515s + token_name= 515s ++ basename /tmp/sssd-softhsm2-certs-C1qBym/test-root-CA-trusted-certificate-0001.pem .pem 515s + key_name=test-root-CA-trusted-certificate-0001 515s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-certs-C1qBym/test-root-CA-trusted-certificate-0001.pem 515s /tmp/sssd-softhsm2-certs-C1qBym/test-sub-intermediate-CA-trusted-certificate-0001.pem: OK 515s Certificates generation completed! 515s ++ sed -n 's/ *commonName *= //p' 515s + key_cn='Test Organization Root Trusted Certificate 0001' 515s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 515s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-certs-C1qBym/softhsm2-test-root-CA-trusted-certificate-0001.conf 515s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-certs-C1qBym/softhsm2-test-root-CA-trusted-certificate-0001.conf 515s ++ basename /tmp/sssd-softhsm2-certs-C1qBym/softhsm2-test-root-CA-trusted-certificate-0001.conf .conf 515s + tokens_dir=/tmp/sssd-softhsm2-certs-C1qBym/softhsm2-test-root-CA-trusted-certificate-0001 515s + token_name='Test Organization Root Tr Token' 515s + '[' '!' -e /tmp/sssd-softhsm2-certs-C1qBym/softhsm2-test-root-CA-trusted-certificate-0001.conf ']' 515s + local key_file 515s + local decrypted_key 515s + mkdir -p /tmp/sssd-softhsm2-certs-C1qBym/softhsm2-test-root-CA-trusted-certificate-0001 515s + key_file=/tmp/sssd-softhsm2-certs-C1qBym/test-root-CA-trusted-certificate-0001-key.pem 515s + decrypted_key=/tmp/sssd-softhsm2-certs-C1qBym/test-root-CA-trusted-certificate-0001-key-decrypted.pem 515s + cat 515s + softhsm2-util --init-token --label 'Test Organization Root Tr Token' --pin 123456 --so-pin 123456 --free 515s Slot 0 has a free/uninitialized token. 515s The token has been initialized and is reassigned to slot 282479178 515s + softhsm2-util --show-slots 515s Available slots: 515s Slot 282479178 515s Slot info: 515s Description: SoftHSM slot ID 0x10d64a4a 515s Manufacturer ID: SoftHSM project 515s Hardware version: 2.6 515s Firmware version: 2.6 515s Token present: yes 515s Token info: 515s Manufacturer ID: SoftHSM project 515s Model: SoftHSM v2 515s Hardware version: 2.6 515s Firmware version: 2.6 515s Serial number: 3ac5f2b310d64a4a 515s Initialized: yes 515s User PIN init.: yes 515s Label: Test Organization Root Tr Token 515s Slot 1 515s Slot info: 515s Description: SoftHSM slot ID 0x1 515s Manufacturer ID: SoftHSM project 515s Hardware version: 2.6 515s Firmware version: 2.6 515s Token present: yes 515s Token info: 515s Manufacturer ID: SoftHSM project 515s Model: SoftHSM v2 515s Hardware version: 2.6 515s Firmware version: 2.6 515s Serial number: 515s Initialized: no 515s User PIN init.: no 515s Label: 515s + p11tool --provider=/usr/lib/powerpc64le-linux-gnu/softhsm/libsofthsm2.so --write --no-mark-private --load-certificate=/tmp/sssd-softhsm2-certs-C1qBym/test-root-CA-trusted-certificate-0001.pem --login --set-pin=123456 --label 'Test Organization Root Trusted Certificate 0001' --id 00112233445566778899FFAABBCCDDEEFF012345 515s Object 0: 515s URL: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=3ac5f2b310d64a4a;token=Test%20Organization%20Root%20Tr%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Root%20Trusted%20Certificate%200001;type=cert 515s Type: X.509 Certificate (RSA-1024) 515s Expires: Thu Mar 20 06:08:43 2025 515s Label: Test Organization Root Trusted Certificate 0001 515s ID: 00:11:22:33:44:55:66:77:88:99:ff:aa:bb:cc:dd:ee:ff:01:23:45 515s 515s Test Organization Root Tr Token 515s + openssl rsa -passin pass:random-root-ca-trusted-cert-0001-3031 -in /tmp/sssd-softhsm2-certs-C1qBym/test-root-CA-trusted-certificate-0001-key.pem -out /tmp/sssd-softhsm2-certs-C1qBym/test-root-CA-trusted-certificate-0001-key-decrypted.pem 515s writing RSA key 515s + p11tool --provider=/usr/lib/powerpc64le-linux-gnu/softhsm/libsofthsm2.so --write --load-privkey=/tmp/sssd-softhsm2-certs-C1qBym/test-root-CA-trusted-certificate-0001-key-decrypted.pem --login --set-pin=123456 --label 'Test Organization Root Trusted Certificate 0001 Key' --id 00112233445566778899FFAABBCCDDEEFF012345 515s + rm /tmp/sssd-softhsm2-certs-C1qBym/test-root-CA-trusted-certificate-0001-key-decrypted.pem 515s + p11tool --provider=/usr/lib/powerpc64le-linux-gnu/softhsm/libsofthsm2.so --list-all 515s + echo 'Test Organization Root Tr Token' 515s + prepare_softhsm2_card /tmp/sssd-softhsm2-certs-C1qBym/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-21813 515s + local certificate=/tmp/sssd-softhsm2-certs-C1qBym/test-intermediate-CA-trusted-certificate-0001.pem 515s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-21813 515s + local key_cn 515s + local key_name 515s + local tokens_dir 515s + local output_cert_file 515s + token_name= 515s ++ basename /tmp/sssd-softhsm2-certs-C1qBym/test-intermediate-CA-trusted-certificate-0001.pem .pem 515s + key_name=test-intermediate-CA-trusted-certificate-0001 515s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-certs-C1qBym/test-intermediate-CA-trusted-certificate-0001.pem 515s ++ sed -n 's/ *commonName *= //p' 515s + key_cn='Test Organization Intermediate Trusted Certificate 0001' 515s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 515s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-certs-C1qBym/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 515s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-certs-C1qBym/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 515s ++ basename /tmp/sssd-softhsm2-certs-C1qBym/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf .conf 515s + tokens_dir=/tmp/sssd-softhsm2-certs-C1qBym/softhsm2-test-intermediate-CA-trusted-certificate-0001 515s + token_name='Test Organization Interme Token' 515s + '[' '!' -e /tmp/sssd-softhsm2-certs-C1qBym/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf ']' 515s + local key_file 515s + local decrypted_key 515s + mkdir -p /tmp/sssd-softhsm2-certs-C1qBym/softhsm2-test-intermediate-CA-trusted-certificate-0001 515s + key_file=/tmp/sssd-softhsm2-certs-C1qBym/test-intermediate-CA-trusted-certificate-0001-key.pem 515s + decrypted_key=/tmp/sssd-softhsm2-certs-C1qBym/test-intermediate-CA-trusted-certificate-0001-key-decrypted.pem 515s + cat 515s + softhsm2-util --init-token --label 'Test Organization Interme Token' --pin 123456 --so-pin 123456 --free 515s Slot 0 has a free/uninitialized token. 515s The token has been initialized and is reassigned to slot 2033542639 515s Available slots: 515s Slot 2033542639 515s Slot info: 515s Description: SoftHSM slot ID 0x793565ef 515s Manufacturer ID: SoftHSM project 515s Hardware version: 2.6 515s Firmware version: 2.6 515s Token present: yes 515s Token info: 515s Manufacturer ID: SoftHSM project 515s Model: SoftHSM v2 515s Hardware version: 2.6 515s Firmware version: 2.6 515s Serial number: 1b546b2cf93565ef 515s Initialized: yes 515s User PIN init.: yes 515s Label: Test Organization Interme Token 515s Slot 1 515s Slot info: 515s Description: SoftHSM slot ID 0x1 515s Manufacturer ID: SoftHSM project 515s Hardware version: 2.6 515s Firmware version: 2.6 515s Token present: yes 515s Token info: 515s Manufacturer ID: SoftHSM project 515s Model: SoftHSM v2 515s Hardware version: 2.6 515s Firmware version: 2.6 515s Serial number: 515s Initialized: no 515s User PIN init.: no 515s Label: 515s + softhsm2-util --show-slots 515s + p11tool --provider=/usr/lib/powerpc64le-linux-gnu/softhsm/libsofthsm2.so --write --no-mark-private --load-certificate=/tmp/sssd-softhsm2-certs-C1qBym/test-intermediate-CA-trusted-certificate-0001.pem --login --set-pin=123456 --label 'Test Organization Intermediate Trusted Certificate 0001' --id 00112233445566778899FFAABBCCDDEEFF012345 515s + openssl rsa -passin pass:random-intermediate-ca-trusted-cert-0001-21813 -in /tmp/sssd-softhsm2-certs-C1qBym/test-intermediate-CA-trusted-certificate-0001-key.pem -out /tmp/sssd-softhsm2-certs-C1qBym/test-intermediate-CA-trusted-certificate-0001-key-decrypted.pem 515s writing RSA key 515s + p11tool --provider=/usr/lib/powerpc64le-linux-gnu/softhsm/libsofthsm2.so --write --load-privkey=/tmp/sssd-softhsm2-certs-C1qBym/test-intermediate-CA-trusted-certificate-0001-key-decrypted.pem --login --set-pin=123456 --label 'Test Organization Intermediate Trusted Certificate 0001 Key' --id 00112233445566778899FFAABBCCDDEEFF012345 515s + rm /tmp/sssd-softhsm2-certs-C1qBym/test-intermediate-CA-trusted-certificate-0001-key-decrypted.pem 515s + p11tool --provider=/usr/lib/powerpc64le-linux-gnu/softhsm/libsofthsm2.so --list-all 515s Object 0: 515s URL: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=1b546b2cf93565ef;token=Test%20Organization%20Interme%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Intermediate%20Trusted%20Certificate%200001;type=cert 515s Type: X.509 Certificate (RSA-1024) 515s Expires: Thu Mar 20 06:08:43 2025 515s Label: Test Organization Intermediate Trusted Certificate 0001 515s ID: 00:11:22:33:44:55:66:77:88:99:ff:aa:bb:cc:dd:ee:ff:01:23:45 515s 515s Test Organization Interme Token 515s + echo 'Test Organization Interme Token' 515s + prepare_softhsm2_card /tmp/sssd-softhsm2-certs-C1qBym/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-16101 515s + local certificate=/tmp/sssd-softhsm2-certs-C1qBym/test-sub-intermediate-CA-trusted-certificate-0001.pem 515s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-16101 515s + local key_cn 515s + local key_name 515s + local tokens_dir 515s + local output_cert_file 515s + token_name= 515s ++ basename /tmp/sssd-softhsm2-certs-C1qBym/test-sub-intermediate-CA-trusted-certificate-0001.pem .pem 515s + key_name=test-sub-intermediate-CA-trusted-certificate-0001 515s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-certs-C1qBym/test-sub-intermediate-CA-trusted-certificate-0001.pem 515s ++ sed -n 's/ *commonName *= //p' 515s + key_cn='Test Organization Sub Intermediate Trusted Certificate 0001' 515s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 515s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-certs-C1qBym/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 515s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-certs-C1qBym/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 515s ++ basename /tmp/sssd-softhsm2-certs-C1qBym/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf .conf 515s + tokens_dir=/tmp/sssd-softhsm2-certs-C1qBym/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 515s + token_name='Test Organization Sub Int Token' 515s + '[' '!' -e /tmp/sssd-softhsm2-certs-C1qBym/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf ']' 515s + local key_file 515s + local decrypted_key 515s + mkdir -p /tmp/sssd-softhsm2-certs-C1qBym/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 515s + key_file=/tmp/sssd-softhsm2-certs-C1qBym/test-sub-intermediate-CA-trusted-certificate-0001-key.pem 515s + decrypted_key=/tmp/sssd-softhsm2-certs-C1qBym/test-sub-intermediate-CA-trusted-certificate-0001-key-decrypted.pem 515s + cat 515s + softhsm2-util --init-token --label 'Test Organization Sub Int Token' --pin 123456 --so-pin 123456 --free 515s Slot 0 has a free/uninitialized token. 515s The token has been initialized and is reassigned to slot 1398976366 515s + softhsm2-util --show-slots 515s Available slots: 515s Slot 1398976366 515s Slot info: 515s Description: SoftHSM slot ID 0x5362af6e 515s Manufacturer ID: SoftHSM project 515s Hardware version: 2.6 515s Firmware version: 2.6 515s Token present: yes 515s Token info: 515s Manufacturer ID: SoftHSM project 515s Model: SoftHSM v2 515s Hardware version: 2.6 515s Firmware version: 2.6 515s Serial number: d3626948d362af6e 515s Initialized: yes 515s User PIN init.: yes 515s Label: Test Organization Sub Int Token 515s Slot 1 515s Slot info: 515s Description: SoftHSM slot ID 0x1 515s Manufacturer ID: SoftHSM project 515s Hardware version: 2.6 515s Firmware version: 2.6 515s Token present: yes 515s Token info: 515s Manufacturer ID: SoftHSM project 515s Model: SoftHSM v2 515s Hardware version: 2.6 515s Firmware version: 2.6 515s Serial number: 515s Initialized: no 515s User PIN init.: no 515s Label: 515s + p11tool --provider=/usr/lib/powerpc64le-linux-gnu/softhsm/libsofthsm2.so --write --no-mark-private --load-certificate=/tmp/sssd-softhsm2-certs-C1qBym/test-sub-intermediate-CA-trusted-certificate-0001.pem --login --set-pin=123456 --label 'Test Organization Sub Intermediate Trusted Certificate 0001' --id 00112233445566778899FFAABBCCDDEEFF012345 515s + openssl rsa -passin pass:random-sub-intermediate-ca-trusted-cert-0001-16101 -in /tmp/sssd-softhsm2-certs-C1qBym/test-sub-intermediate-CA-trusted-certificate-0001-key.pem -out /tmp/sssd-softhsm2-certs-C1qBym/test-sub-intermediate-CA-trusted-certificate-0001-key-decrypted.pem 515s writing RSA key 515s + p11tool --provider=/usr/lib/powerpc64le-linux-gnu/softhsm/libsofthsm2.so --write --load-privkey=/tmp/sssd-softhsm2-certs-C1qBym/test-sub-intermediate-CA-trusted-certificate-0001-key-decrypted.pem --login --set-pin=123456 --label 'Test Organization Sub Intermediate Trusted Certificate 0001 Key' --id 00112233445566778899FFAABBCCDDEEFF012345 516s + rm /tmp/sssd-softhsm2-certs-C1qBym/test-sub-intermediate-CA-trusted-certificate-0001-key-decrypted.pem 516s + p11tool --provider=/usr/lib/powerpc64le-linux-gnu/softhsm/libsofthsm2.so --list-all 516s Object 0: 516s URL: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=d3626948d362af6e;token=Test%20Organization%20Sub%20Int%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Sub%20Intermediate%20Trusted%20Certificate%200001;type=cert 516s Type: X.509 Certificate (RSA-1024) 516s Expires: Thu Mar 20 06:08:43 2025 516s Label: Test Organization Sub Intermediate Trusted Certificate 0001 516s ID: 00:11:22:33:44:55:66:77:88:99:ff:aa:bb:cc:dd:ee:ff:01:23:45 516s 516s Test Organization Sub Int Token 516s Certificates generation completed! 516s + echo 'Test Organization Sub Int Token' 516s + echo 'Certificates generation completed!' 516s + exit 0 516s + find /tmp/sssd-softhsm2-certs-C1qBym -type d -exec chmod 777 '{}' ';' 516s + find /tmp/sssd-softhsm2-certs-C1qBym -type f -exec chmod 666 '{}' ';' 516s + backup_file /etc/sssd/sssd.conf 516s + '[' -z '' ']' 516s ++ mktemp -d -t sssd-softhsm2-backups-XXXXXX 516s + backupsdir=/tmp/sssd-softhsm2-backups-IA5c6V 516s + '[' -e /etc/sssd/sssd.conf ']' 516s + delete_paths+=("$1") 516s + rm -f /etc/sssd/sssd.conf 516s ++ runuser -u ubuntu -- sh -c 'echo ~' 516s + user_home=/home/ubuntu 516s + mkdir -p /home/ubuntu 516s + chown ubuntu:ubuntu /home/ubuntu 516s ++ runuser -u ubuntu -- sh -c 'echo ${XDG_CONFIG_HOME:-~/.config}' 516s + user_config=/home/ubuntu/.config 516s + system_config=/etc 516s + softhsm2_conf_paths=("${AUTOPKGTEST_NORMAL_USER}:$user_config/softhsm2/softhsm2.conf" "root:$system_config/softhsm/softhsm2.conf") 516s + for path_pair in "${softhsm2_conf_paths[@]}" 516s + IFS=: 516s + read -r -a path 516s + path=/home/ubuntu/.config/softhsm2/softhsm2.conf 516s + backup_file /home/ubuntu/.config/softhsm2/softhsm2.conf 516s + '[' -z /tmp/sssd-softhsm2-backups-IA5c6V ']' 516s + '[' -e /home/ubuntu/.config/softhsm2/softhsm2.conf ']' 516s + delete_paths+=("$1") 516s + rm -f /home/ubuntu/.config/softhsm2/softhsm2.conf 516s + for path_pair in "${softhsm2_conf_paths[@]}" 516s + IFS=: 516s + read -r -a path 516s + path=/etc/softhsm/softhsm2.conf 516s + backup_file /etc/softhsm/softhsm2.conf 516s + '[' -z /tmp/sssd-softhsm2-backups-IA5c6V ']' 516s + '[' -e /etc/softhsm/softhsm2.conf ']' 516s ++ dirname /etc/softhsm/softhsm2.conf 516s + local back_dir=/tmp/sssd-softhsm2-backups-IA5c6V//etc/softhsm 516s ++ basename /etc/softhsm/softhsm2.conf 516s + local back_path=/tmp/sssd-softhsm2-backups-IA5c6V//etc/softhsm/softhsm2.conf 516s + '[' '!' -e /tmp/sssd-softhsm2-backups-IA5c6V//etc/softhsm/softhsm2.conf ']' 516s + mkdir -p /tmp/sssd-softhsm2-backups-IA5c6V//etc/softhsm 516s + cp -a /etc/softhsm/softhsm2.conf /tmp/sssd-softhsm2-backups-IA5c6V//etc/softhsm/softhsm2.conf 516s + restore_paths+=("$back_path") 516s + rm -f /etc/softhsm/softhsm2.conf 516s + test_authentication login /tmp/sssd-softhsm2-certs-C1qBym/softhsm2-test-root-CA-trusted-certificate-0001.conf /tmp/sssd-softhsm2-certs-C1qBym/test-full-chain-CA.pem 516s + pam_service=login 516s + certificate_config=/tmp/sssd-softhsm2-certs-C1qBym/softhsm2-test-root-CA-trusted-certificate-0001.conf 516s + ca_db=/tmp/sssd-softhsm2-certs-C1qBym/test-full-chain-CA.pem 516s + verification_options= 516s + mkdir -p -m 700 /etc/sssd 516s Using CA DB '/tmp/sssd-softhsm2-certs-C1qBym/test-full-chain-CA.pem' with verification options: '' 516s + echo 'Using CA DB '\''/tmp/sssd-softhsm2-certs-C1qBym/test-full-chain-CA.pem'\'' with verification options: '\'''\''' 516s + cat 516s + chmod 600 /etc/sssd/sssd.conf 516s + for path_pair in "${softhsm2_conf_paths[@]}" 516s + IFS=: 516s + read -r -a path 516s + user=ubuntu 516s + path=/home/ubuntu/.config/softhsm2/softhsm2.conf 516s ++ dirname /home/ubuntu/.config/softhsm2/softhsm2.conf 516s + runuser -u ubuntu -- mkdir -p /home/ubuntu/.config/softhsm2 516s + runuser -u ubuntu -- ln -sf /tmp/sssd-softhsm2-certs-C1qBym/softhsm2-test-root-CA-trusted-certificate-0001.conf /home/ubuntu/.config/softhsm2/softhsm2.conf 516s + runuser -u ubuntu -- softhsm2-util --show-slots 516s + grep 'Test Organization' 516s Label: Test Organization Root Tr Token 516s + for path_pair in "${softhsm2_conf_paths[@]}" 516s + IFS=: 516s + read -r -a path 516s + user=root 516s + path=/etc/softhsm/softhsm2.conf 516s ++ dirname /etc/softhsm/softhsm2.conf 516s + runuser -u root -- mkdir -p /etc/softhsm 516s + runuser -u root -- ln -sf /tmp/sssd-softhsm2-certs-C1qBym/softhsm2-test-root-CA-trusted-certificate-0001.conf /etc/softhsm/softhsm2.conf 516s + runuser -u root -- softhsm2-util --show-slots 516s + grep 'Test Organization' 516s Label: Test Organization Root Tr Token 516s + systemctl restart sssd 516s + pam-auth-update --disable sss-smart-card-optional sss-smart-card-required 516s + for alternative in "${alternative_pam_configs[@]}" 516s + pam-auth-update --enable sss-smart-card-optional 516s + cat /etc/pam.d/common-auth 516s # 516s # /etc/pam.d/common-auth - authentication settings common to all services 516s # 516s # This file is included from other service-specific PAM config files, 516s # and should contain a list of the authentication modules that define 516s # the central authentication scheme for use on the system 516s # (e.g., /etc/shadow, LDAP, Kerberos, etc.). The default is to use the 516s # traditional Unix authentication mechanisms. 516s # 516s # As of pam 1.0.1-6, this file is managed by pam-auth-update by default. 516s # To take advantage of this, it is recommended that you configure any 516s # local modules either before or after the default block, and use 516s # pam-auth-update to manage selection of other modules. See 516s # pam-auth-update(8) for details. 516s 516s # here are the per-package modules (the "Primary" block) 516s auth [success=3 default=ignore] pam_sss.so allow_missing_name try_cert_auth 516s auth [success=2 default=ignore] pam_unix.so nullok try_first_pass 516s auth [success=1 default=ignore] pam_sss.so use_first_pass 516s # here's the fallback if no module succeeds 516s auth requisite pam_deny.so 516s # prime the stack with a positive return value if there isn't one already; 516s # this avoids us returning an error just because nothing sets a success code 516s # since the modules above will each just jump around 516s auth required pam_permit.so 516s # and here are more per-package modules (the "Additional" block) 516s auth optional pam_cap.so 516s # end of pam-auth-update config 516s + echo -n -e 123456 516s + runuser -u ubuntu -- pamtester -v login ubuntu authenticate 516s pamtester: invoking pam_start(login, ubuntu, ...) 516s pamtester: performing operation - authenticate 516s PIN for Test Organization Root Tr Token: pamtester: successfully authenticated 516s + echo -n -e 123456 516s + runuser -u ubuntu -- pamtester -v login '' authenticate 516s pamtester: invoking pam_start(login, , ...) 516s pamtester: performing operation - authenticate 516s PIN for Test Organization Root Tr Token: pamtester: successfully authenticated 516s + echo -n -e wrong123456 516s + runuser -u ubuntu -- pamtester -v login ubuntu authenticate 516s pamtester: invoking pam_start(login, ubuntu, ...) 516s pamtester: performing operation - authenticate 519s PIN for Test Organization Root Tr Token: Password: pamtester: Authentication failure 519s + echo -n -e wrong123456 519s + runuser -u ubuntu -- pamtester -v login '' authenticate 519s pamtester: invoking pam_start(login, , ...) 519s pamtester: performing operation - authenticate 522s PIN for Test Organization Root Tr Token: Password: pamtester: Authentication failure 522s + echo -n -e 123456 522s + pamtester -v login root authenticate 522s pamtester: invoking pam_start(login, root, ...) 522s pamtester: performing operation - authenticate 525s Password: pamtester: Authentication failure 525s + for alternative in "${alternative_pam_configs[@]}" 525s + pam-auth-update --enable sss-smart-card-required 525s PAM configuration 525s ----------------- 525s 525s Incompatible PAM profiles selected. 525s 525s The following PAM profiles cannot be used together: 525s 525s SSS required smart card authentication, SSS optional smart card 525s authentication 525s 525s Please select a different set of modules to enable. 525s 525s + cat /etc/pam.d/common-auth 525s # 525s # /etc/pam.d/common-auth - authentication settings common to all services 525s # 525s # This file is included from other service-specific PAM config files, 525s # and should contain a list of the authentication modules that define 525s # the central authentication scheme for use on the system 525s # (e.g., /etc/shadow, LDAP, Kerberos, etc.). The default is to use the 525s # traditional Unix authentication mechanisms. 525s # 525s # As of pam 1.0.1-6, this file is managed by pam-auth-update by default. 525s # To take advantage of this, it is recommended that you configure any 525s # local modules either before or after the default block, and use 525s # pam-auth-update to manage selection of other modules. See 525s # pam-auth-update(8) for details. 525s 525s # here are the per-package modules (the "Primary" block) 525s auth [success=3 ignore=ignore default=die] pam_sss.so allow_missing_name require_cert_auth 525s auth [success=2 default=ignore] pam_unix.so nullok try_first_pass 525s auth [success=1 default=ignore] pam_sss.so use_first_pass 525s # here's the fallback if no module succeeds 525s auth requisite pam_deny.so 525s # prime the stack with a positive return value if there isn't one already; 525s # this avoids us returning an error just because nothing sets a success code 525s # since the modules above will each just jump around 525s auth required pam_permit.so 525s # and here are more per-package modules (the "Additional" block) 525s auth optional pam_cap.so 525s # end of pam-auth-update config 525s + echo -n -e 123456 525s + runuser -u ubuntu -- pamtester -v login ubuntu authenticate 525s pamtester: invoking pam_start(login, ubuntu, ...) 525s pamtester: performing operation - authenticate 525s PIN for Test Organization Root Tr Token: pamtester: successfully authenticated 525s + echo -n -e 123456 525s + runuser -u ubuntu -- pamtester -v login '' authenticate 525s pamtester: invoking pam_start(login, , ...) 525s pamtester: performing operation - authenticate 525s PIN for Test Organization Root Tr Token: pamtester: successfully authenticated 525s + echo -n -e wrong123456 525s + runuser -u ubuntu -- pamtester -v login ubuntu authenticate 525s pamtester: invoking pam_start(login, ubuntu, ...) 525s pamtester: performing operation - authenticate 528s PIN for Test Organization Root Tr Token: pamtester: Authentication failure 528s + echo -n -e wrong123456 528s + runuser -u ubuntu -- pamtester -v login '' authenticate 528s pamtester: invoking pam_start(login, , ...) 528s pamtester: performing operation - authenticate 530s PIN for Test Organization Root Tr Token: pamtester: Authentication failure 530s + echo -n -e 123456 530s + pamtester -v login root authenticate 530s pamtester: invoking pam_start(login, root, ...) 530s pamtester: performing operation - authenticate 533s pamtester: Authentication service cannot retrieve authentication info 533s Using CA DB '/tmp/sssd-softhsm2-certs-C1qBym/test-full-chain-CA.pem' with verification options: '' 533s + test_authentication login /tmp/sssd-softhsm2-certs-C1qBym/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf /tmp/sssd-softhsm2-certs-C1qBym/test-full-chain-CA.pem 533s + pam_service=login 533s + certificate_config=/tmp/sssd-softhsm2-certs-C1qBym/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 533s + ca_db=/tmp/sssd-softhsm2-certs-C1qBym/test-full-chain-CA.pem 533s + verification_options= 533s + mkdir -p -m 700 /etc/sssd 533s + echo 'Using CA DB '\''/tmp/sssd-softhsm2-certs-C1qBym/test-full-chain-CA.pem'\'' with verification options: '\'''\''' 533s + cat 533s + chmod 600 /etc/sssd/sssd.conf 533s + for path_pair in "${softhsm2_conf_paths[@]}" 533s + IFS=: 533s + read -r -a path 533s + user=ubuntu 533s + path=/home/ubuntu/.config/softhsm2/softhsm2.conf 533s ++ dirname /home/ubuntu/.config/softhsm2/softhsm2.conf 533s + runuser -u ubuntu -- mkdir -p /home/ubuntu/.config/softhsm2 533s + runuser -u ubuntu -- ln -sf /tmp/sssd-softhsm2-certs-C1qBym/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf /home/ubuntu/.config/softhsm2/softhsm2.conf 533s + runuser -u ubuntu -- softhsm2-util --show-slots 533s + grep 'Test Organization' 533s + for path_pair in "${softhsm2_conf_paths[@]}" 533s + IFS=: 533s + read -r -a path 533s + user=root 533s + path=/etc/softhsm/softhsm2.conf 533s ++ dirname /etc/softhsm/softhsm2.conf 533s + runuser -u root -- mkdir -p /etc/softhsm 533s + runuser -u root -- ln -sf /tmp/sssd-softhsm2-certs-C1qBym/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf /etc/softhsm/softhsm2.conf 533s + runuser -u root -- softhsm2-util --show-slots 533s + grep 'Test Organization' 533s + systemctl restart sssd 533s + pam-auth-update --disable sss-smart-card-optional sss-smart-card-required 533s Label: Test Organization Sub Int Token 533s Label: Test Organization Sub Int Token 533s + for alternative in "${alternative_pam_configs[@]}" 533s + pam-auth-update --enable sss-smart-card-optional 533s + cat /etc/pam.d/common-auth 533s # 533s # /etc/pam.d/common-auth - authentication settings common to all services 533s # 533s # This file is included from other service-specific PAM config files, 533s # and should contain a list of the authentication modules that define 533s # the central authentication scheme for use on the system 533s # (e.g., /etc/shadow, LDAP, Kerberos, etc.). The default is to use the 533s # traditional Unix authentication mechanisms. 533s # 533s # As of pam 1.0.1-6, this file is managed by pam-auth-update by default. 533s # To take advantage of this, it is recommended that you configure any 533s # local modules either before or after the default block, and use 533s # pam-auth-update to manage selection of other modules. See 533s # pam-auth-update(8) for details. 533s 533s # here are the per-package modules (the "Primary" block) 533s auth [success=3 default=ignore] pam_sss.so allow_missing_name try_cert_auth 533s auth [success=2 default=ignore] pam_unix.so nullok try_first_pass 533s auth [success=1 default=ignore] pam_sss.so use_first_pass 533s # here's the fallback if no module succeeds 533s auth requisite pam_deny.so 533s # prime the stack with a positive return value if there isn't one already; 533s # this avoids us returning an error just because nothing sets a success code 533s # since the modules above will each just jump around 533s auth required pam_permit.so 533s # and here are more per-package modules (the "Additional" block) 533s auth optional pam_cap.so 533s # end of pam-auth-update config 533s + echo -n -e 123456 533s + runuser -u ubuntu -- pamtester -v login ubuntu authenticate 533s pamtester: invoking pam_start(login, ubuntu, ...) 533s pamtester: performing operation - authenticate 534s PIN for Test Organization Sub Int Token: pamtester: successfully authenticated 534s + echo -n -e 123456 534s + runuser -u ubuntu -- pamtester -v login '' authenticate 534s pamtester: invoking pam_start(login, , ...) 534s pamtester: performing operation - authenticate 534s PIN for Test Organization Sub Int Token: pamtester: successfully authenticated 534s + echo -n -e wrong123456 534s + runuser -u ubuntu -- pamtester -v login ubuntu authenticate 534s pamtester: invoking pam_start(login, ubuntu, ...) 534s pamtester: performing operation - authenticate 537s PIN for Test Organization Sub Int Token: Password: pamtester: Authentication failure 537s + echo -n -e wrong123456 537s + runuser -u ubuntu -- pamtester -v login '' authenticate 537s pamtester: invoking pam_start(login, , ...) 537s pamtester: performing operation - authenticate 540s PIN for Test Organization Sub Int Token: Password: pamtester: Authentication failure 540s + echo -n -e 123456 540s + pamtester -v login root authenticate 540s pamtester: invoking pam_start(login, root, ...) 540s pamtester: performing operation - authenticate 542s Password: pamtester: Authentication failure 542s + for alternative in "${alternative_pam_configs[@]}" 542s + pam-auth-update --enable sss-smart-card-required 542s PAM configuration 542s ----------------- 542s 542s Incompatible PAM profiles selected. 542s 542s The following PAM profiles cannot be used together: 542s 542s SSS required smart card authentication, SSS optional smart card 542s authentication 542s 542s Please select a different set of modules to enable. 542s 542s # 542s # /etc/pam.d/common-auth - authentication settings common to all services 542s # 542s # This file is included from other service-specific PAM config files, 542s # and should contain a list of the authentication modules that define 542s # the central authentication scheme for use on the system 542s # (e.g., /etc/shadow, LDAP, Kerberos, etc.). The default is to use the 542s # traditional Unix authentication mechanisms. 542s # 542s # As of pam 1.0.1-6, this file is managed by pam-auth-update by default. 542s # To take advantage of this, it is recommended that you configure any 542s # local modules either before or after the default block, and use 542s # pam-auth-update to manage selection of other modules. See 542s # pam-auth-update(8) for details. 542s 542s # here are the per-package modules (the "Primary" block) 542s auth [success=3 ignore=ignore default=die] pam_sss.so allow_missing_name require_cert_auth 542s auth [success=2 default=ignore] pam_unix.so nullok try_first_pass 542s auth [success=1 default=ignore] pam_sss.so use_first_pass 542s # here's the fallback if no module succeeds 542s auth requisite pam_deny.so 542s # prime the stack with a positive return value if there isn't one already; 542s # this avoids us returning an error just because nothing sets a success code 542s # since the modules above will each just jump around 542s auth required pam_permit.so 542s # and here are more per-package modules (the "Additional" block) 542s auth optional pam_cap.so 542s # end of pam-auth-update config 542s + cat /etc/pam.d/common-auth 542s + echo -n -e 123456 542s + runuser -u ubuntu -- pamtester -v login ubuntu authenticate 542s pamtester: invoking pam_start(login, ubuntu, ...) 542s pamtester: performing operation - authenticate 542s PIN for Test Organization Sub Int Token: pamtester: successfully authenticated 542s + echo -n -e 123456 542s + runuser -u ubuntu -- pamtester -v login '' authenticate 542s pamtester: invoking pam_start(login, , ...) 542s pamtester: performing operation - authenticate 542s PIN for Test Organization Sub Int Token: pamtester: successfully authenticated 542s + echo -n -e wrong123456 542s + runuser -u ubuntu -- pamtester -v login ubuntu authenticate 542s pamtester: invoking pam_start(login, ubuntu, ...) 542s pamtester: performing operation - authenticate 545s PIN for Test Organization Sub Int Token: pamtester: Authentication failure 545s + echo -n -e wrong123456 545s + runuser -u ubuntu -- pamtester -v login '' authenticate 545s pamtester: invoking pam_start(login, , ...) 545s pamtester: performing operation - authenticate 548s PIN for Test Organization Sub Int Token: pamtester: Authentication failure 548s + echo -n -e 123456 548s + pamtester -v login root authenticate 548s pamtester: invoking pam_start(login, root, ...) 548s pamtester: performing operation - authenticate 550s pamtester: Authentication service cannot retrieve authentication info 550s + test_authentication login /tmp/sssd-softhsm2-certs-C1qBym/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf /tmp/sssd-softhsm2-certs-C1qBym/test-sub-intermediate-CA.pem partial_chain 550s + pam_service=login 550s + certificate_config=/tmp/sssd-softhsm2-certs-C1qBym/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 550s + ca_db=/tmp/sssd-softhsm2-certs-C1qBym/test-sub-intermediate-CA.pem 550s + verification_options=partial_chain 550s + mkdir -p -m 700 /etc/sssd 550s + echo 'Using CA DB '\''/tmp/sssd-softhsm2-certs-C1qBym/test-sub-intermediate-CA.pem'\'' with verification options: '\''partial_chain'\''' 550s Using CA DB '/tmp/sssd-softhsm2-certs-C1qBym/test-sub-intermediate-CA.pem' with verification options: 'partial_chain' 550s + cat 550s + chmod 600 /etc/sssd/sssd.conf 550s Label: Test Organization Sub Int Token 550s Label: Test Organization Sub Int Token 550s + for path_pair in "${softhsm2_conf_paths[@]}" 550s + IFS=: 550s + read -r -a path 550s + user=ubuntu 550s + path=/home/ubuntu/.config/softhsm2/softhsm2.conf 550s ++ dirname /home/ubuntu/.config/softhsm2/softhsm2.conf 550s + runuser -u ubuntu -- mkdir -p /home/ubuntu/.config/softhsm2 550s + runuser -u ubuntu -- ln -sf /tmp/sssd-softhsm2-certs-C1qBym/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf /home/ubuntu/.config/softhsm2/softhsm2.conf 550s + runuser -u ubuntu -- softhsm2-util --show-slots 550s + grep 'Test Organization' 550s + for path_pair in "${softhsm2_conf_paths[@]}" 550s + IFS=: 550s + read -r -a path 550s + user=root 550s + path=/etc/softhsm/softhsm2.conf 550s ++ dirname /etc/softhsm/softhsm2.conf 550s + runuser -u root -- mkdir -p /etc/softhsm 550s + runuser -u root -- ln -sf /tmp/sssd-softhsm2-certs-C1qBym/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf /etc/softhsm/softhsm2.conf 550s + runuser -u root -- softhsm2-util --show-slots 550s + grep 'Test Organization' 550s + systemctl restart sssd 550s + pam-auth-update --disable sss-smart-card-optional sss-smart-card-required 551s + for alternative in "${alternative_pam_configs[@]}" 551s + pam-auth-update --enable sss-smart-card-optional 551s + cat /etc/pam.d/common-auth 551s # 551s # /etc/pam.d/common-auth - authentication settings common to all services 551s # 551s # This file is included from other service-specific PAM config files, 551s # and should contain a list of the authentication modules that define 551s # the central authentication scheme for use on the system 551s # (e.g., /etc/shadow, LDAP, Kerberos, etc.). The default is to use the 551s # traditional Unix authentication mechanisms. 551s # 551s # As of pam 1.0.1-6, this file is managed by pam-auth-update by default. 551s # To take advantage of this, it is recommended that you configure any 551s # local modules either before or after the default block, and use 551s # pam-auth-update to manage selection of other modules. See 551s # pam-auth-update(8) for details. 551s 551s # here are the per-package modules (the "Primary" block) 551s auth [success=3 default=ignore] pam_sss.so allow_missing_name try_cert_auth 551s auth [success=2 default=ignore] pam_unix.so nullok try_first_pass 551s auth [success=1 default=ignore] pam_sss.so use_first_pass 551s # here's the fallback if no module succeeds 551s auth requisite pam_deny.so 551s # prime the stack with a positive return value if there isn't one already; 551s # this avoids us returning an error just because nothing sets a success code 551s # since the modules above will each just jump around 551s auth required pam_permit.so 551s # and here are more per-package modules (the "Additional" block) 551s auth optional pam_cap.so 551s # end of pam-auth-update config 551s + echo -n -e 123456 551s + runuser -u ubuntu -- pamtester -v login ubuntu authenticate 551s pamtester: invoking pam_start(login, ubuntu, ...) 551s pamtester: performing operation - authenticate 551s PIN for Test Organization Sub Int Token: pamtester: successfully authenticated 551s + echo -n -e 123456 551s + runuser -u ubuntu -- pamtester -v login '' authenticate 551s pamtester: invoking pam_start(login, , ...) 551s pamtester: performing operation - authenticate 551s PIN for Test Organization Sub Int Token: pamtester: successfully authenticated 551s + echo -n -e wrong123456 551s + runuser -u ubuntu -- pamtester -v login ubuntu authenticate 551s pamtester: invoking pam_start(login, ubuntu, ...) 551s pamtester: performing operation - authenticate 554s PIN for Test Organization Sub Int Token: Password: pamtester: Authentication failure 554s + echo -n -e wrong123456 554s + runuser -u ubuntu -- pamtester -v login '' authenticate 554s pamtester: invoking pam_start(login, , ...) 554s pamtester: performing operation - authenticate 557s PIN for Test Organization Sub Int Token: Password: pamtester: Authentication failure 557s + echo -n -e 123456 557s + pamtester -v login root authenticate 557s pamtester: invoking pam_start(login, root, ...) 557s pamtester: performing operation - authenticate 560s Password: pamtester: Authentication failure 560s + for alternative in "${alternative_pam_configs[@]}" 560s + pam-auth-update --enable sss-smart-card-required 560s PAM configuration 560s ----------------- 560s 560s Incompatible PAM profiles selected. 560s 560s The following PAM profiles cannot be used together: 560s 560s SSS required smart card authentication, SSS optional smart card 560s authentication 560s 560s Please select a different set of modules to enable. 560s 560s + cat /etc/pam.d/common-auth 560s # 560s # /etc/pam.d/common-auth - authentication settings common to all services 560s # 560s # This file is included from other service-specific PAM config files, 560s # and should contain a list of the authentication modules that define 560s # the central authentication scheme for use on the system 560s # (e.g., /etc/shadow, LDAP, Kerberos, etc.). The default is to use the 560s # traditional Unix authentication mechanisms. 560s # 560s # As of pam 1.0.1-6, this file is managed by pam-auth-update by default. 560s # To take advantage of this, it is recommended that you configure any 560s # local modules either before or after the default block, and use 560s # pam-auth-update to manage selection of other modules. See 560s # pam-auth-update(8) for details. 560s 560s # here are the per-package modules (the "Primary" block) 560s auth [success=3 ignore=ignore default=die] pam_sss.so allow_missing_name require_cert_auth 560s auth [success=2 default=ignore] pam_unix.so nullok try_first_pass 560s auth [success=1 default=ignore] pam_sss.so use_first_pass 560s # here's the fallback if no module succeeds 560s auth requisite pam_deny.so 560s # prime the stack with a positive return value if there isn't one already; 560s # this avoids us returning an error just because nothing sets a success code 560s # since the modules above will each just jump around 560s auth required pam_permit.so 560s # and here are more per-package modules (the "Additional" block) 560s auth optional pam_cap.so 560s # end of pam-auth-update config 560s + echo -n -e 123456 560s + runuser -u ubuntu -- pamtester -v login ubuntu authenticate 560s pamtester: invoking pam_start(login, ubuntu, ...) 560s pamtester: performing operation - authenticate 560s PIN for Test Organization Sub Int Token: pamtester: successfully authenticated 560s + echo -n -e 123456 560s + runuser -u ubuntu -- pamtester -v login '' authenticate 560s pamtester: invoking pam_start(login, , ...) 560s pamtester: performing operation - authenticate 560s PIN for Test Organization Sub Int Token: pamtester: successfully authenticated 560s + echo -n -e wrong123456 560s + runuser -u ubuntu -- pamtester -v login ubuntu authenticate 560s pamtester: invoking pam_start(login, ubuntu, ...) 560s pamtester: performing operation - authenticate 563s PIN for Test Organization Sub Int Token: pamtester: Authentication failure 563s + echo -n -e wrong123456 563s + runuser -u ubuntu -- pamtester -v login '' authenticate 563s pamtester: invoking pam_start(login, , ...) 563s pamtester: performing operation - authenticate 565s PIN for Test Organization Sub Int Token: pamtester: Authentication failure 565s + echo -n -e 123456 565s + pamtester -v login root authenticate 565s pamtester: invoking pam_start(login, root, ...) 565s pamtester: performing operation - authenticate 568s pamtester: Authentication service cannot retrieve authentication info 568s + handle_exit 568s + exit_code=0 568s + restore_changes 568s + for path in "${restore_paths[@]}" 568s + local original_path 569s ++ realpath --strip --relative-base=/tmp/sssd-softhsm2-backups-IA5c6V /tmp/sssd-softhsm2-backups-IA5c6V//etc/softhsm/softhsm2.conf 569s + original_path=/etc/softhsm/softhsm2.conf 569s + rm /etc/softhsm/softhsm2.conf 569s + mv /tmp/sssd-softhsm2-backups-IA5c6V//etc/softhsm/softhsm2.conf /etc/softhsm/softhsm2.conf 569s + for path in "${delete_paths[@]}" 569s + rm -f /etc/sssd/sssd.conf 569s + for path in "${delete_paths[@]}" 569s + rm -f /home/ubuntu/.config/softhsm2/softhsm2.conf 569s + pam-auth-update --disable sss-smart-card-optional sss-smart-card-required 569s + '[' -e /etc/sssd/sssd.conf ']' 569s + systemctl stop sssd 569s + '[' -e /etc/softhsm/softhsm2.conf ']' 569s + chmod 600 /etc/softhsm/softhsm2.conf 569s + rm -rf /tmp/sssd-softhsm2-certs-C1qBym 569s + '[' 0 = 0 ']' 569s + rm -rf /tmp/sssd-softhsm2-backups-IA5c6V 569s + set +x 569s Script completed successfully! 569s autopkgtest [06:09:37]: test sssd-smart-card-pam-auth-configs: -----------------------] 570s sssd-smart-card-pam-auth-configs PASS 570s autopkgtest [06:09:38]: test sssd-smart-card-pam-auth-configs: - - - - - - - - - - results - - - - - - - - - - 570s autopkgtest [06:09:38]: @@@@@@@@@@@@@@@@@@@@ summary 570s ldap-user-group-ldap-auth PASS 570s ldap-user-group-krb5-auth PASS 570s sssd-softhism2-certificates-tests.sh PASS 570s sssd-smart-card-pam-auth-configs PASS 616s Creating nova instance adt-noble-ppc64el-sssd-20240320-060007-juju-7f2275-prod-proposed-migration-environment-2 from image adt/ubuntu-noble-ppc64el-server-20240320.img (UUID 1c7ceb83-4842-4144-a3c9-88510cdc9534)... 616s Creating nova instance adt-noble-ppc64el-sssd-20240320-060007-juju-7f2275-prod-proposed-migration-environment-2 from image adt/ubuntu-noble-ppc64el-server-20240320.img (UUID 1c7ceb83-4842-4144-a3c9-88510cdc9534)...