0s autopkgtest [03:46:59]: starting date and time: 2024-03-21 03:46:59+0000 0s autopkgtest [03:46:59]: git checkout: 4a1cd702 l/adt_testbed: don't blame the testbed for unsolvable build deps 0s autopkgtest [03:46:59]: host juju-7f2275-prod-proposed-migration-environment-2; command line: /home/ubuntu/autopkgtest/runner/autopkgtest --output-dir /tmp/autopkgtest-work.i1yb4_rt/out --timeout-copy=6000 --setup-commands /home/ubuntu/autopkgtest-cloud/worker-config-production/setup-canonical.sh --setup-commands /home/ubuntu/autopkgtest/setup-commands/setup-testbed --apt-pocket=proposed=src:e2fsprogs,src:borgbackup,src:borgbackup2,src:fuse --apt-upgrade sssd --timeout-short=300 --timeout-copy=20000 --timeout-build=20000 '--env=ADT_TEST_TRIGGERS=e2fsprogs/1.47.0-2.4~exp1ubuntu2 borgbackup/1.2.7-2build2 borgbackup2/2.0.0b8-2build1 fuse/2.9.9-8.1' -- ssh -s /home/ubuntu/autopkgtest/ssh-setup/nova -- --flavor autopkgtest --security-groups autopkgtest-juju-7f2275-prod-proposed-migration-environment-2@bos02-s390x-6.secgroup --name adt-noble-s390x-sssd-20240321-034659-juju-7f2275-prod-proposed-migration-environment-2 --image adt/ubuntu-noble-s390x-server --keyname testbed-juju-7f2275-prod-proposed-migration-environment-2 --net-id=net_prod-proposed-migration -e TERM=linux -e ''"'"'http_proxy=http://squid.internal:3128'"'"'' -e ''"'"'https_proxy=http://squid.internal:3128'"'"'' -e ''"'"'no_proxy=127.0.0.1,127.0.1.1,login.ubuntu.com,localhost,localdomain,novalocal,internal,archive.ubuntu.com,ports.ubuntu.com,security.ubuntu.com,ddebs.ubuntu.com,changelogs.ubuntu.com,launchpadlibrarian.net,launchpadcontent.net,launchpad.net,10.24.0.0/24,keystone.ps5.canonical.com,objectstorage.prodstack5.canonical.com'"'"'' --mirror=http://ftpmaster.internal/ubuntu/ 65s autopkgtest [03:48:04]: testbed dpkg architecture: s390x 65s autopkgtest [03:48:04]: testbed apt version: 2.7.12 65s autopkgtest [03:48:04]: @@@@@@@@@@@@@@@@@@@@ test bed setup 66s Get:1 http://ftpmaster.internal/ubuntu noble-proposed InRelease [117 kB] 66s Get:2 http://ftpmaster.internal/ubuntu noble-proposed/universe Sources [3809 kB] 67s Get:3 http://ftpmaster.internal/ubuntu noble-proposed/restricted Sources [6540 B] 67s Get:4 http://ftpmaster.internal/ubuntu noble-proposed/multiverse Sources [53.9 kB] 67s Get:5 http://ftpmaster.internal/ubuntu noble-proposed/main Sources [498 kB] 67s Get:6 http://ftpmaster.internal/ubuntu noble-proposed/main s390x Packages [674 kB] 67s Get:7 http://ftpmaster.internal/ubuntu noble-proposed/main s390x c-n-f Metadata [3032 B] 67s Get:8 http://ftpmaster.internal/ubuntu noble-proposed/restricted s390x Packages [1372 B] 67s Get:9 http://ftpmaster.internal/ubuntu noble-proposed/restricted s390x c-n-f Metadata [116 B] 67s Get:10 http://ftpmaster.internal/ubuntu noble-proposed/universe s390x Packages [4054 kB] 67s Get:11 http://ftpmaster.internal/ubuntu noble-proposed/universe s390x c-n-f Metadata [7292 B] 67s Get:12 http://ftpmaster.internal/ubuntu noble-proposed/multiverse s390x Packages [45.1 kB] 67s Get:13 http://ftpmaster.internal/ubuntu noble-proposed/multiverse s390x c-n-f Metadata [116 B] 69s Fetched 9269 kB in 3s (3586 kB/s) 69s Reading package lists... 72s Reading package lists... 72s Building dependency tree... 72s Reading state information... 72s Calculating upgrade... 73s The following packages will be REMOVED: 73s libext2fs2 73s The following NEW packages will be installed: 73s libext2fs2t64 73s The following packages will be upgraded: 73s e2fsprogs e2fsprogs-l10n libcom-err2 libss2 logsave 73s 5 upgraded, 1 newly installed, 1 to remove and 0 not upgraded. 73s Need to get 918 kB of archives. 73s After this operation, 52.2 kB of additional disk space will be used. 73s Get:1 http://ftpmaster.internal/ubuntu noble-proposed/main s390x e2fsprogs-l10n all 1.47.0-2.4~exp1ubuntu2 [5996 B] 73s Get:2 http://ftpmaster.internal/ubuntu noble-proposed/main s390x logsave s390x 1.47.0-2.4~exp1ubuntu2 [22.5 kB] 73s Get:3 http://ftpmaster.internal/ubuntu noble-proposed/main s390x libext2fs2t64 s390x 1.47.0-2.4~exp1ubuntu2 [235 kB] 73s Get:4 http://ftpmaster.internal/ubuntu noble-proposed/main s390x e2fsprogs s390x 1.47.0-2.4~exp1ubuntu2 [615 kB] 73s Get:5 http://ftpmaster.internal/ubuntu noble-proposed/main s390x libcom-err2 s390x 1.47.0-2.4~exp1ubuntu2 [22.9 kB] 73s Get:6 http://ftpmaster.internal/ubuntu noble-proposed/main s390x libss2 s390x 1.47.0-2.4~exp1ubuntu2 [17.2 kB] 74s Fetched 918 kB in 1s (1489 kB/s) 74s (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 52171 files and directories currently installed.) 74s Preparing to unpack .../e2fsprogs-l10n_1.47.0-2.4~exp1ubuntu2_all.deb ... 74s Unpacking e2fsprogs-l10n (1.47.0-2.4~exp1ubuntu2) over (1.47.0-2ubuntu1) ... 74s Preparing to unpack .../logsave_1.47.0-2.4~exp1ubuntu2_s390x.deb ... 74s Unpacking logsave (1.47.0-2.4~exp1ubuntu2) over (1.47.0-2ubuntu1) ... 74s dpkg: libext2fs2:s390x: dependency problems, but removing anyway as you requested: 74s libblockdev-fs3:s390x depends on libext2fs2 (>= 1.42.11). 74s e2fsprogs depends on libext2fs2 (= 1.47.0-2ubuntu1). 74s btrfs-progs depends on libext2fs2 (>= 1.42). 74s 74s (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 52171 files and directories currently installed.) 74s Removing libext2fs2:s390x (1.47.0-2ubuntu1) ... 74s Selecting previously unselected package libext2fs2t64:s390x. 74s (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 52164 files and directories currently installed.) 74s Preparing to unpack .../libext2fs2t64_1.47.0-2.4~exp1ubuntu2_s390x.deb ... 74s Adding 'diversion of /lib/s390x-linux-gnu/libe2p.so.2 to /lib/s390x-linux-gnu/libe2p.so.2.usr-is-merged by libext2fs2t64' 74s Adding 'diversion of /lib/s390x-linux-gnu/libe2p.so.2.3 to /lib/s390x-linux-gnu/libe2p.so.2.3.usr-is-merged by libext2fs2t64' 74s Adding 'diversion of /lib/s390x-linux-gnu/libext2fs.so.2 to /lib/s390x-linux-gnu/libext2fs.so.2.usr-is-merged by libext2fs2t64' 74s Adding 'diversion of /lib/s390x-linux-gnu/libext2fs.so.2.4 to /lib/s390x-linux-gnu/libext2fs.so.2.4.usr-is-merged by libext2fs2t64' 74s Unpacking libext2fs2t64:s390x (1.47.0-2.4~exp1ubuntu2) ... 74s Setting up libext2fs2t64:s390x (1.47.0-2.4~exp1ubuntu2) ... 74s (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 52180 files and directories currently installed.) 74s Preparing to unpack .../e2fsprogs_1.47.0-2.4~exp1ubuntu2_s390x.deb ... 74s Unpacking e2fsprogs (1.47.0-2.4~exp1ubuntu2) over (1.47.0-2ubuntu1) ... 74s Preparing to unpack .../libcom-err2_1.47.0-2.4~exp1ubuntu2_s390x.deb ... 74s Unpacking libcom-err2:s390x (1.47.0-2.4~exp1ubuntu2) over (1.47.0-2ubuntu1) ... 74s Preparing to unpack .../libss2_1.47.0-2.4~exp1ubuntu2_s390x.deb ... 74s Unpacking libss2:s390x (1.47.0-2.4~exp1ubuntu2) over (1.47.0-2ubuntu1) ... 74s Setting up libcom-err2:s390x (1.47.0-2.4~exp1ubuntu2) ... 74s Setting up libss2:s390x (1.47.0-2.4~exp1ubuntu2) ... 74s Setting up logsave (1.47.0-2.4~exp1ubuntu2) ... 74s Setting up e2fsprogs (1.47.0-2.4~exp1ubuntu2) ... 74s update-initramfs: deferring update (trigger activated) 75s e2scrub_all.service is a disabled or a static unit not running, not starting it. 75s Setting up e2fsprogs-l10n (1.47.0-2.4~exp1ubuntu2) ... 75s Processing triggers for man-db (2.12.0-3) ... 75s Processing triggers for libc-bin (2.39-0ubuntu2) ... 75s Processing triggers for initramfs-tools (0.142ubuntu20) ... 76s update-initramfs: Generating /boot/initrd.img-6.8.0-11-generic 76s W: No lz4 in /usr/bin:/sbin:/bin, using gzip 79s Using config file '/etc/zipl.conf' 79s Building bootmap in '/boot' 79s Adding IPL section 'ubuntu' (default) 80s Preparing boot device for LD-IPL: vda (0000). 80s Done. 80s Reading package lists... 80s Building dependency tree... 80s Reading state information... 80s 0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded. 81s Unknown architecture, assuming PC-style ttyS0 81s sh: Attempting to set up Debian/Ubuntu apt sources automatically 81s sh: Distribution appears to be Ubuntu 82s Reading package lists... 82s Building dependency tree... 82s Reading state information... 82s eatmydata is already the newest version (131-1). 82s 0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded. 82s Reading package lists... 82s Building dependency tree... 82s Reading state information... 83s dbus is already the newest version (1.14.10-4ubuntu1). 83s 0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded. 83s Reading package lists... 83s Building dependency tree... 83s Reading state information... 83s rng-tools-debian is already the newest version (2.4). 83s 0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded. 83s Reading package lists... 83s Building dependency tree... 83s Reading state information... 83s The following packages will be REMOVED: 83s cloud-init* python3-configobj* python3-debconf* 84s 0 upgraded, 0 newly installed, 3 to remove and 0 not upgraded. 84s After this operation, 3252 kB disk space will be freed. 84s (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 52180 files and directories currently installed.) 84s Removing cloud-init (24.1.1-0ubuntu1) ... 84s Removing python3-configobj (5.0.8-3) ... 84s Removing python3-debconf (1.5.86) ... 84s Processing triggers for man-db (2.12.0-3) ... 85s (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 51791 files and directories currently installed.) 85s Purging configuration files for cloud-init (24.1.1-0ubuntu1) ... 85s dpkg: warning: while removing cloud-init, directory '/etc/cloud/cloud.cfg.d' not empty so not removed 85s Processing triggers for rsyslog (8.2312.0-3ubuntu3) ... 85s invoke-rc.d: policy-rc.d denied execution of try-restart. 86s Reading package lists... 86s Building dependency tree... 86s Reading state information... 86s linux-generic is already the newest version (6.8.0-11.11+1). 86s 0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded. 87s Hit:1 http://ftpmaster.internal/ubuntu noble InRelease 87s Hit:2 http://ftpmaster.internal/ubuntu noble-updates InRelease 87s Hit:3 http://ftpmaster.internal/ubuntu noble-security InRelease 89s Reading package lists... 89s Reading package lists... 89s Building dependency tree... 89s Reading state information... 90s Calculating upgrade... 90s 0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded. 90s Reading package lists... 90s Building dependency tree... 90s Reading state information... 90s 0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded. 91s autopkgtest [03:48:30]: rebooting testbed after setup commands that affected boot 106s autopkgtest [03:48:45]: testbed running kernel: Linux 6.8.0-11-generic #11-Ubuntu SMP Tue Feb 13 23:45:46 UTC 2024 109s autopkgtest [03:48:48]: @@@@@@@@@@@@@@@@@@@@ apt-source sssd 124s Get:1 http://ftpmaster.internal/ubuntu noble/main sssd 2.9.4-1ubuntu1 (dsc) [5269 B] 124s Get:2 http://ftpmaster.internal/ubuntu noble/main sssd 2.9.4-1ubuntu1 (tar) [7983 kB] 124s Get:3 http://ftpmaster.internal/ubuntu noble/main sssd 2.9.4-1ubuntu1 (asc) [833 B] 124s Get:4 http://ftpmaster.internal/ubuntu noble/main sssd 2.9.4-1ubuntu1 (diff) [48.4 kB] 124s gpgv: Signature made Mon Feb 26 21:56:54 2024 UTC 124s gpgv: using RSA key E92FD0B36B14F1F4D8E0EB2F106DA1C8C3CBBF14 124s gpgv: Can't check signature: No public key 124s dpkg-source: warning: cannot verify inline signature for ./sssd_2.9.4-1ubuntu1.dsc: no acceptable signature found 125s autopkgtest [03:49:04]: testing package sssd version 2.9.4-1ubuntu1 125s autopkgtest [03:49:04]: build not needed 196s autopkgtest [03:50:15]: test ldap-user-group-ldap-auth: preparing testbed 200s Reading package lists... 200s Building dependency tree... 200s Reading state information... 200s Starting pkgProblemResolver with broken count: 0 200s Starting 2 pkgProblemResolver with broken count: 0 200s Done 201s The following additional packages will be installed: 201s expect ldap-utils libavahi-client3 libavahi-common-data libavahi-common3 201s libbasicobjects0 libc-ares2 libcollection4 libcrack2 libdhash1 201s libevent-2.1-7 libini-config5 libipa-hbac-dev libipa-hbac0 libjose0 libkrad0 201s libldb2 libltdl7 libnfsidmap1 libnss-sss libnss-sudo libodbc2 201s libpam-pwquality libpam-sss libpath-utils1 libpwquality-common libpwquality1 201s libref-array1 libsmbclient libsss-certmap-dev libsss-certmap0 201s libsss-idmap-dev libsss-idmap0 libsss-nss-idmap-dev libsss-nss-idmap0 201s libsss-sudo libtalloc2 libtcl8.6 libtdb1 libtevent0 libverto-libevent1 201s libverto1 libwbclient0 python3-libipa-hbac python3-libsss-nss-idmap 201s python3-sss samba-libs slapd sssd sssd-ad sssd-ad-common sssd-common 201s sssd-dbus sssd-idp sssd-ipa sssd-kcm sssd-krb5 sssd-krb5-common sssd-ldap 201s sssd-passkey sssd-proxy sssd-tools tcl-expect tcl8.6 201s Suggested packages: 201s tk8.6 libsasl2-modules-gssapi-mit | libsasl2-modules-gssapi-heimdal 201s odbc-postgresql tdsodbc adcli libsasl2-modules-ldap tcl-tclreadline 201s Recommended packages: 201s cracklib-runtime libsasl2-modules-gssapi-mit 201s | libsasl2-modules-gssapi-heimdal 201s The following NEW packages will be installed: 201s autopkgtest-satdep expect ldap-utils libavahi-client3 libavahi-common-data 201s libavahi-common3 libbasicobjects0 libc-ares2 libcollection4 libcrack2 201s libdhash1 libevent-2.1-7 libini-config5 libipa-hbac-dev libipa-hbac0 201s libjose0 libkrad0 libldb2 libltdl7 libnfsidmap1 libnss-sss libnss-sudo 201s libodbc2 libpam-pwquality libpam-sss libpath-utils1 libpwquality-common 201s libpwquality1 libref-array1 libsmbclient libsss-certmap-dev libsss-certmap0 201s libsss-idmap-dev libsss-idmap0 libsss-nss-idmap-dev libsss-nss-idmap0 201s libsss-sudo libtalloc2 libtcl8.6 libtdb1 libtevent0 libverto-libevent1 201s libverto1 libwbclient0 python3-libipa-hbac python3-libsss-nss-idmap 201s python3-sss samba-libs slapd sssd sssd-ad sssd-ad-common sssd-common 201s sssd-dbus sssd-idp sssd-ipa sssd-kcm sssd-krb5 sssd-krb5-common sssd-ldap 201s sssd-passkey sssd-proxy sssd-tools tcl-expect tcl8.6 201s 0 upgraded, 65 newly installed, 0 to remove and 0 not upgraded. 201s Need to get 12.9 MB/12.9 MB of archives. 201s After this operation, 50.0 MB of additional disk space will be used. 201s Get:1 /tmp/autopkgtest.4w16Y5/1-autopkgtest-satdep.deb autopkgtest-satdep s390x 0 [864 B] 201s Get:2 http://ftpmaster.internal/ubuntu noble/main s390x libltdl7 s390x 2.4.7-7 [41.6 kB] 201s Get:3 http://ftpmaster.internal/ubuntu noble/main s390x libodbc2 s390x 2.3.12-1 [164 kB] 201s Get:4 http://ftpmaster.internal/ubuntu noble/main s390x slapd s390x 2.6.7+dfsg-1~exp1ubuntu1 [1617 kB] 201s Get:5 http://ftpmaster.internal/ubuntu noble/main s390x libtcl8.6 s390x 8.6.13+dfsg-2 [948 kB] 201s Get:6 http://ftpmaster.internal/ubuntu noble/main s390x tcl8.6 s390x 8.6.13+dfsg-2 [14.7 kB] 201s Get:7 http://ftpmaster.internal/ubuntu noble/universe s390x tcl-expect s390x 5.45.4-2build1 [99.7 kB] 201s Get:8 http://ftpmaster.internal/ubuntu noble/universe s390x expect s390x 5.45.4-2build1 [137 kB] 201s Get:9 http://ftpmaster.internal/ubuntu noble/main s390x ldap-utils s390x 2.6.7+dfsg-1~exp1ubuntu1 [165 kB] 201s Get:10 http://ftpmaster.internal/ubuntu noble/main s390x libavahi-common-data s390x 0.8-13ubuntu2 [29.5 kB] 201s Get:11 http://ftpmaster.internal/ubuntu noble/main s390x libavahi-common3 s390x 0.8-13ubuntu2 [23.8 kB] 201s Get:12 http://ftpmaster.internal/ubuntu noble/main s390x libavahi-client3 s390x 0.8-13ubuntu2 [26.7 kB] 201s Get:13 http://ftpmaster.internal/ubuntu noble/main s390x libcrack2 s390x 2.9.6-5.1 [29.6 kB] 201s Get:14 http://ftpmaster.internal/ubuntu noble/main s390x libevent-2.1-7 s390x 2.1.12-stable-9 [144 kB] 202s Get:15 http://ftpmaster.internal/ubuntu noble/universe s390x libjose0 s390x 11-3 [45.2 kB] 202s Get:16 http://ftpmaster.internal/ubuntu noble/main s390x libverto-libevent1 s390x 0.3.1-1ubuntu5 [5810 B] 202s Get:17 http://ftpmaster.internal/ubuntu noble/main s390x libverto1 s390x 0.3.1-1ubuntu5 [10.6 kB] 202s Get:18 http://ftpmaster.internal/ubuntu noble/main s390x libkrad0 s390x 1.20.1-5build1 [22.0 kB] 202s Get:19 http://ftpmaster.internal/ubuntu noble/main s390x libtalloc2 s390x 2.4.2-1 [28.3 kB] 202s Get:20 http://ftpmaster.internal/ubuntu noble/main s390x libtdb1 s390x 1.4.10-1 [49.9 kB] 202s Get:21 http://ftpmaster.internal/ubuntu noble/main s390x libtevent0 s390x 0.16.1-1 [43.1 kB] 202s Get:22 http://ftpmaster.internal/ubuntu noble/main s390x libldb2 s390x 2:2.8.0+samba4.19.5+dfsg-1ubuntu1 [191 kB] 202s Get:23 http://ftpmaster.internal/ubuntu noble/main s390x libnfsidmap1 s390x 1:2.6.3-3ubuntu1 [49.0 kB] 202s Get:24 http://ftpmaster.internal/ubuntu noble/universe s390x libnss-sudo all 1.9.15p5-3ubuntu1 [14.9 kB] 202s Get:25 http://ftpmaster.internal/ubuntu noble/main s390x libpwquality-common all 1.4.5-3 [7658 B] 202s Get:26 http://ftpmaster.internal/ubuntu noble/main s390x libpwquality1 s390x 1.4.5-3 [14.7 kB] 202s Get:27 http://ftpmaster.internal/ubuntu noble/main s390x libpam-pwquality s390x 1.4.5-3 [11.6 kB] 202s Get:28 http://ftpmaster.internal/ubuntu noble/main s390x libwbclient0 s390x 2:4.19.5+dfsg-1ubuntu1 [70.3 kB] 202s Get:29 http://ftpmaster.internal/ubuntu noble/main s390x samba-libs s390x 2:4.19.5+dfsg-1ubuntu1 [6231 kB] 202s Get:30 http://ftpmaster.internal/ubuntu noble/main s390x libnss-sss s390x 2.9.4-1ubuntu1 [32.6 kB] 202s Get:31 http://ftpmaster.internal/ubuntu noble/main s390x libpam-sss s390x 2.9.4-1ubuntu1 [51.9 kB] 202s Get:32 http://ftpmaster.internal/ubuntu noble/main s390x python3-sss s390x 2.9.4-1ubuntu1 [46.6 kB] 202s Get:33 http://ftpmaster.internal/ubuntu noble/main s390x libc-ares2 s390x 1.27.0-1 [79.2 kB] 202s Get:34 http://ftpmaster.internal/ubuntu noble/main s390x libdhash1 s390x 0.6.2-2 [8648 B] 202s Get:35 http://ftpmaster.internal/ubuntu noble/main s390x libbasicobjects0 s390x 0.6.2-2 [5476 B] 202s Get:36 http://ftpmaster.internal/ubuntu noble/main s390x libcollection4 s390x 0.6.2-2 [23.2 kB] 202s Get:37 http://ftpmaster.internal/ubuntu noble/main s390x libpath-utils1 s390x 0.6.2-2 [8994 B] 202s Get:38 http://ftpmaster.internal/ubuntu noble/main s390x libref-array1 s390x 0.6.2-2 [6880 B] 202s Get:39 http://ftpmaster.internal/ubuntu noble/main s390x libini-config5 s390x 0.6.2-2 [45.3 kB] 202s Get:40 http://ftpmaster.internal/ubuntu noble/main s390x libsss-certmap0 s390x 2.9.4-1ubuntu1 [46.7 kB] 202s Get:41 http://ftpmaster.internal/ubuntu noble/main s390x libsss-idmap0 s390x 2.9.4-1ubuntu1 [22.1 kB] 202s Get:42 http://ftpmaster.internal/ubuntu noble/main s390x libsss-nss-idmap0 s390x 2.9.4-1ubuntu1 [31.4 kB] 202s Get:43 http://ftpmaster.internal/ubuntu noble/main s390x sssd-common s390x 2.9.4-1ubuntu1 [1125 kB] 202s Get:44 http://ftpmaster.internal/ubuntu noble/universe s390x sssd-idp s390x 2.9.4-1ubuntu1 [27.3 kB] 202s Get:45 http://ftpmaster.internal/ubuntu noble/universe s390x sssd-passkey s390x 2.9.4-1ubuntu1 [32.3 kB] 202s Get:46 http://ftpmaster.internal/ubuntu noble/main s390x sssd-ad-common s390x 2.9.4-1ubuntu1 [74.8 kB] 202s Get:47 http://ftpmaster.internal/ubuntu noble/main s390x sssd-krb5-common s390x 2.9.4-1ubuntu1 [90.3 kB] 202s Get:48 http://ftpmaster.internal/ubuntu noble/main s390x libsmbclient s390x 2:4.19.5+dfsg-1ubuntu1 [65.1 kB] 202s Get:49 http://ftpmaster.internal/ubuntu noble/main s390x sssd-ad s390x 2.9.4-1ubuntu1 [133 kB] 202s Get:50 http://ftpmaster.internal/ubuntu noble/main s390x libipa-hbac0 s390x 2.9.4-1ubuntu1 [16.8 kB] 202s Get:51 http://ftpmaster.internal/ubuntu noble/main s390x sssd-ipa s390x 2.9.4-1ubuntu1 [215 kB] 202s Get:52 http://ftpmaster.internal/ubuntu noble/main s390x sssd-krb5 s390x 2.9.4-1ubuntu1 [14.4 kB] 202s Get:53 http://ftpmaster.internal/ubuntu noble/main s390x sssd-ldap s390x 2.9.4-1ubuntu1 [31.0 kB] 202s Get:54 http://ftpmaster.internal/ubuntu noble/main s390x sssd-proxy s390x 2.9.4-1ubuntu1 [43.9 kB] 202s Get:55 http://ftpmaster.internal/ubuntu noble/main s390x sssd s390x 2.9.4-1ubuntu1 [4120 B] 202s Get:56 http://ftpmaster.internal/ubuntu noble/main s390x sssd-dbus s390x 2.9.4-1ubuntu1 [101 kB] 202s Get:57 http://ftpmaster.internal/ubuntu noble/universe s390x sssd-kcm s390x 2.9.4-1ubuntu1 [137 kB] 202s Get:58 http://ftpmaster.internal/ubuntu noble/main s390x sssd-tools s390x 2.9.4-1ubuntu1 [97.6 kB] 202s Get:59 http://ftpmaster.internal/ubuntu noble/main s390x libipa-hbac-dev s390x 2.9.4-1ubuntu1 [6660 B] 202s Get:60 http://ftpmaster.internal/ubuntu noble/main s390x libsss-certmap-dev s390x 2.9.4-1ubuntu1 [5734 B] 202s Get:61 http://ftpmaster.internal/ubuntu noble/main s390x libsss-idmap-dev s390x 2.9.4-1ubuntu1 [8376 B] 202s Get:62 http://ftpmaster.internal/ubuntu noble/main s390x libsss-nss-idmap-dev s390x 2.9.4-1ubuntu1 [6708 B] 202s Get:63 http://ftpmaster.internal/ubuntu noble/universe s390x libsss-sudo s390x 2.9.4-1ubuntu1 [21.3 kB] 202s Get:64 http://ftpmaster.internal/ubuntu noble/universe s390x python3-libipa-hbac s390x 2.9.4-1ubuntu1 [16.9 kB] 202s Get:65 http://ftpmaster.internal/ubuntu noble/universe s390x python3-libsss-nss-idmap s390x 2.9.4-1ubuntu1 [9140 B] 203s Preconfiguring packages ... 203s Fetched 12.9 MB in 2s (7935 kB/s) 203s Selecting previously unselected package libltdl7:s390x. 203s (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 51736 files and directories currently installed.) 203s Preparing to unpack .../00-libltdl7_2.4.7-7_s390x.deb ... 203s Unpacking libltdl7:s390x (2.4.7-7) ... 203s Selecting previously unselected package libodbc2:s390x. 203s Preparing to unpack .../01-libodbc2_2.3.12-1_s390x.deb ... 203s Unpacking libodbc2:s390x (2.3.12-1) ... 203s Selecting previously unselected package slapd. 203s Preparing to unpack .../02-slapd_2.6.7+dfsg-1~exp1ubuntu1_s390x.deb ... 203s Unpacking slapd (2.6.7+dfsg-1~exp1ubuntu1) ... 203s Selecting previously unselected package libtcl8.6:s390x. 203s Preparing to unpack .../03-libtcl8.6_8.6.13+dfsg-2_s390x.deb ... 203s Unpacking libtcl8.6:s390x (8.6.13+dfsg-2) ... 203s Selecting previously unselected package tcl8.6. 203s Preparing to unpack .../04-tcl8.6_8.6.13+dfsg-2_s390x.deb ... 203s Unpacking tcl8.6 (8.6.13+dfsg-2) ... 203s Selecting previously unselected package tcl-expect:s390x. 203s Preparing to unpack .../05-tcl-expect_5.45.4-2build1_s390x.deb ... 203s Unpacking tcl-expect:s390x (5.45.4-2build1) ... 203s Selecting previously unselected package expect. 203s Preparing to unpack .../06-expect_5.45.4-2build1_s390x.deb ... 203s Unpacking expect (5.45.4-2build1) ... 203s Selecting previously unselected package ldap-utils. 203s Preparing to unpack .../07-ldap-utils_2.6.7+dfsg-1~exp1ubuntu1_s390x.deb ... 203s Unpacking ldap-utils (2.6.7+dfsg-1~exp1ubuntu1) ... 203s Selecting previously unselected package libavahi-common-data:s390x. 203s Preparing to unpack .../08-libavahi-common-data_0.8-13ubuntu2_s390x.deb ... 203s Unpacking libavahi-common-data:s390x (0.8-13ubuntu2) ... 203s Selecting previously unselected package libavahi-common3:s390x. 203s Preparing to unpack .../09-libavahi-common3_0.8-13ubuntu2_s390x.deb ... 203s Unpacking libavahi-common3:s390x (0.8-13ubuntu2) ... 203s Selecting previously unselected package libavahi-client3:s390x. 203s Preparing to unpack .../10-libavahi-client3_0.8-13ubuntu2_s390x.deb ... 203s Unpacking libavahi-client3:s390x (0.8-13ubuntu2) ... 203s Selecting previously unselected package libcrack2:s390x. 203s Preparing to unpack .../11-libcrack2_2.9.6-5.1_s390x.deb ... 203s Unpacking libcrack2:s390x (2.9.6-5.1) ... 203s Selecting previously unselected package libevent-2.1-7:s390x. 203s Preparing to unpack .../12-libevent-2.1-7_2.1.12-stable-9_s390x.deb ... 203s Unpacking libevent-2.1-7:s390x (2.1.12-stable-9) ... 203s Selecting previously unselected package libjose0:s390x. 203s Preparing to unpack .../13-libjose0_11-3_s390x.deb ... 203s Unpacking libjose0:s390x (11-3) ... 203s Selecting previously unselected package libverto-libevent1:s390x. 203s Preparing to unpack .../14-libverto-libevent1_0.3.1-1ubuntu5_s390x.deb ... 203s Unpacking libverto-libevent1:s390x (0.3.1-1ubuntu5) ... 203s Selecting previously unselected package libverto1:s390x. 203s Preparing to unpack .../15-libverto1_0.3.1-1ubuntu5_s390x.deb ... 203s Unpacking libverto1:s390x (0.3.1-1ubuntu5) ... 204s Selecting previously unselected package libkrad0:s390x. 204s Preparing to unpack .../16-libkrad0_1.20.1-5build1_s390x.deb ... 204s Unpacking libkrad0:s390x (1.20.1-5build1) ... 204s Selecting previously unselected package libtalloc2:s390x. 204s Preparing to unpack .../17-libtalloc2_2.4.2-1_s390x.deb ... 204s Unpacking libtalloc2:s390x (2.4.2-1) ... 204s Selecting previously unselected package libtdb1:s390x. 204s Preparing to unpack .../18-libtdb1_1.4.10-1_s390x.deb ... 204s Unpacking libtdb1:s390x (1.4.10-1) ... 204s Selecting previously unselected package libtevent0:s390x. 204s Preparing to unpack .../19-libtevent0_0.16.1-1_s390x.deb ... 204s Unpacking libtevent0:s390x (0.16.1-1) ... 204s Selecting previously unselected package libldb2:s390x. 204s Preparing to unpack .../20-libldb2_2%3a2.8.0+samba4.19.5+dfsg-1ubuntu1_s390x.deb ... 204s Unpacking libldb2:s390x (2:2.8.0+samba4.19.5+dfsg-1ubuntu1) ... 204s Selecting previously unselected package libnfsidmap1:s390x. 204s Preparing to unpack .../21-libnfsidmap1_1%3a2.6.3-3ubuntu1_s390x.deb ... 204s Unpacking libnfsidmap1:s390x (1:2.6.3-3ubuntu1) ... 204s Selecting previously unselected package libnss-sudo. 204s Preparing to unpack .../22-libnss-sudo_1.9.15p5-3ubuntu1_all.deb ... 204s Unpacking libnss-sudo (1.9.15p5-3ubuntu1) ... 204s Selecting previously unselected package libpwquality-common. 204s Preparing to unpack .../23-libpwquality-common_1.4.5-3_all.deb ... 204s Unpacking libpwquality-common (1.4.5-3) ... 204s Selecting previously unselected package libpwquality1:s390x. 204s Preparing to unpack .../24-libpwquality1_1.4.5-3_s390x.deb ... 204s Unpacking libpwquality1:s390x (1.4.5-3) ... 204s Selecting previously unselected package libpam-pwquality:s390x. 204s Preparing to unpack .../25-libpam-pwquality_1.4.5-3_s390x.deb ... 204s Unpacking libpam-pwquality:s390x (1.4.5-3) ... 204s Selecting previously unselected package libwbclient0:s390x. 204s Preparing to unpack .../26-libwbclient0_2%3a4.19.5+dfsg-1ubuntu1_s390x.deb ... 204s Unpacking libwbclient0:s390x (2:4.19.5+dfsg-1ubuntu1) ... 204s Selecting previously unselected package samba-libs:s390x. 204s Preparing to unpack .../27-samba-libs_2%3a4.19.5+dfsg-1ubuntu1_s390x.deb ... 204s Unpacking samba-libs:s390x (2:4.19.5+dfsg-1ubuntu1) ... 204s Selecting previously unselected package libnss-sss:s390x. 204s Preparing to unpack .../28-libnss-sss_2.9.4-1ubuntu1_s390x.deb ... 204s Unpacking libnss-sss:s390x (2.9.4-1ubuntu1) ... 204s Selecting previously unselected package libpam-sss:s390x. 204s Preparing to unpack .../29-libpam-sss_2.9.4-1ubuntu1_s390x.deb ... 204s Unpacking libpam-sss:s390x (2.9.4-1ubuntu1) ... 204s Selecting previously unselected package python3-sss. 204s Preparing to unpack .../30-python3-sss_2.9.4-1ubuntu1_s390x.deb ... 204s Unpacking python3-sss (2.9.4-1ubuntu1) ... 204s Selecting previously unselected package libc-ares2:s390x. 204s Preparing to unpack .../31-libc-ares2_1.27.0-1_s390x.deb ... 204s Unpacking libc-ares2:s390x (1.27.0-1) ... 204s Selecting previously unselected package libdhash1:s390x. 204s Preparing to unpack .../32-libdhash1_0.6.2-2_s390x.deb ... 204s Unpacking libdhash1:s390x (0.6.2-2) ... 204s Selecting previously unselected package libbasicobjects0:s390x. 204s Preparing to unpack .../33-libbasicobjects0_0.6.2-2_s390x.deb ... 204s Unpacking libbasicobjects0:s390x (0.6.2-2) ... 204s Selecting previously unselected package libcollection4:s390x. 204s Preparing to unpack .../34-libcollection4_0.6.2-2_s390x.deb ... 204s Unpacking libcollection4:s390x (0.6.2-2) ... 204s Selecting previously unselected package libpath-utils1:s390x. 204s Preparing to unpack .../35-libpath-utils1_0.6.2-2_s390x.deb ... 204s Unpacking libpath-utils1:s390x (0.6.2-2) ... 204s Selecting previously unselected package libref-array1:s390x. 204s Preparing to unpack .../36-libref-array1_0.6.2-2_s390x.deb ... 204s Unpacking libref-array1:s390x (0.6.2-2) ... 204s Selecting previously unselected package libini-config5:s390x. 204s Preparing to unpack .../37-libini-config5_0.6.2-2_s390x.deb ... 204s Unpacking libini-config5:s390x (0.6.2-2) ... 204s Selecting previously unselected package libsss-certmap0. 204s Preparing to unpack .../38-libsss-certmap0_2.9.4-1ubuntu1_s390x.deb ... 204s Unpacking libsss-certmap0 (2.9.4-1ubuntu1) ... 204s Selecting previously unselected package libsss-idmap0. 204s Preparing to unpack .../39-libsss-idmap0_2.9.4-1ubuntu1_s390x.deb ... 204s Unpacking libsss-idmap0 (2.9.4-1ubuntu1) ... 204s Selecting previously unselected package libsss-nss-idmap0. 204s Preparing to unpack .../40-libsss-nss-idmap0_2.9.4-1ubuntu1_s390x.deb ... 204s Unpacking libsss-nss-idmap0 (2.9.4-1ubuntu1) ... 204s Selecting previously unselected package sssd-common. 204s Preparing to unpack .../41-sssd-common_2.9.4-1ubuntu1_s390x.deb ... 204s Unpacking sssd-common (2.9.4-1ubuntu1) ... 204s Selecting previously unselected package sssd-idp. 204s Preparing to unpack .../42-sssd-idp_2.9.4-1ubuntu1_s390x.deb ... 204s Unpacking sssd-idp (2.9.4-1ubuntu1) ... 204s Selecting previously unselected package sssd-passkey. 204s Preparing to unpack .../43-sssd-passkey_2.9.4-1ubuntu1_s390x.deb ... 204s Unpacking sssd-passkey (2.9.4-1ubuntu1) ... 204s Selecting previously unselected package sssd-ad-common. 204s Preparing to unpack .../44-sssd-ad-common_2.9.4-1ubuntu1_s390x.deb ... 204s Unpacking sssd-ad-common (2.9.4-1ubuntu1) ... 204s Selecting previously unselected package sssd-krb5-common. 204s Preparing to unpack .../45-sssd-krb5-common_2.9.4-1ubuntu1_s390x.deb ... 204s Unpacking sssd-krb5-common (2.9.4-1ubuntu1) ... 204s Selecting previously unselected package libsmbclient:s390x. 204s Preparing to unpack .../46-libsmbclient_2%3a4.19.5+dfsg-1ubuntu1_s390x.deb ... 204s Unpacking libsmbclient:s390x (2:4.19.5+dfsg-1ubuntu1) ... 204s Selecting previously unselected package sssd-ad. 204s Preparing to unpack .../47-sssd-ad_2.9.4-1ubuntu1_s390x.deb ... 204s Unpacking sssd-ad (2.9.4-1ubuntu1) ... 204s Selecting previously unselected package libipa-hbac0. 204s Preparing to unpack .../48-libipa-hbac0_2.9.4-1ubuntu1_s390x.deb ... 204s Unpacking libipa-hbac0 (2.9.4-1ubuntu1) ... 204s Selecting previously unselected package sssd-ipa. 204s Preparing to unpack .../49-sssd-ipa_2.9.4-1ubuntu1_s390x.deb ... 205s Unpacking sssd-ipa (2.9.4-1ubuntu1) ... 205s Selecting previously unselected package sssd-krb5. 205s Preparing to unpack .../50-sssd-krb5_2.9.4-1ubuntu1_s390x.deb ... 205s Unpacking sssd-krb5 (2.9.4-1ubuntu1) ... 205s Selecting previously unselected package sssd-ldap. 205s Preparing to unpack .../51-sssd-ldap_2.9.4-1ubuntu1_s390x.deb ... 205s Unpacking sssd-ldap (2.9.4-1ubuntu1) ... 205s Selecting previously unselected package sssd-proxy. 205s Preparing to unpack .../52-sssd-proxy_2.9.4-1ubuntu1_s390x.deb ... 205s Unpacking sssd-proxy (2.9.4-1ubuntu1) ... 205s Selecting previously unselected package sssd. 205s Preparing to unpack .../53-sssd_2.9.4-1ubuntu1_s390x.deb ... 205s Unpacking sssd (2.9.4-1ubuntu1) ... 205s Selecting previously unselected package sssd-dbus. 205s Preparing to unpack .../54-sssd-dbus_2.9.4-1ubuntu1_s390x.deb ... 205s Unpacking sssd-dbus (2.9.4-1ubuntu1) ... 205s Selecting previously unselected package sssd-kcm. 205s Preparing to unpack .../55-sssd-kcm_2.9.4-1ubuntu1_s390x.deb ... 205s Unpacking sssd-kcm (2.9.4-1ubuntu1) ... 205s Selecting previously unselected package sssd-tools. 205s Preparing to unpack .../56-sssd-tools_2.9.4-1ubuntu1_s390x.deb ... 205s Unpacking sssd-tools (2.9.4-1ubuntu1) ... 205s Selecting previously unselected package libipa-hbac-dev. 205s Preparing to unpack .../57-libipa-hbac-dev_2.9.4-1ubuntu1_s390x.deb ... 205s Unpacking libipa-hbac-dev (2.9.4-1ubuntu1) ... 205s Selecting previously unselected package libsss-certmap-dev. 205s Preparing to unpack .../58-libsss-certmap-dev_2.9.4-1ubuntu1_s390x.deb ... 205s Unpacking libsss-certmap-dev (2.9.4-1ubuntu1) ... 205s Selecting previously unselected package libsss-idmap-dev. 205s Preparing to unpack .../59-libsss-idmap-dev_2.9.4-1ubuntu1_s390x.deb ... 205s Unpacking libsss-idmap-dev (2.9.4-1ubuntu1) ... 205s Selecting previously unselected package libsss-nss-idmap-dev. 205s Preparing to unpack .../60-libsss-nss-idmap-dev_2.9.4-1ubuntu1_s390x.deb ... 205s Unpacking libsss-nss-idmap-dev (2.9.4-1ubuntu1) ... 205s Selecting previously unselected package libsss-sudo. 205s Preparing to unpack .../61-libsss-sudo_2.9.4-1ubuntu1_s390x.deb ... 205s Unpacking libsss-sudo (2.9.4-1ubuntu1) ... 205s Selecting previously unselected package python3-libipa-hbac. 205s Preparing to unpack .../62-python3-libipa-hbac_2.9.4-1ubuntu1_s390x.deb ... 205s Unpacking python3-libipa-hbac (2.9.4-1ubuntu1) ... 205s Selecting previously unselected package python3-libsss-nss-idmap. 205s Preparing to unpack .../63-python3-libsss-nss-idmap_2.9.4-1ubuntu1_s390x.deb ... 205s Unpacking python3-libsss-nss-idmap (2.9.4-1ubuntu1) ... 205s Selecting previously unselected package autopkgtest-satdep. 205s Preparing to unpack .../64-1-autopkgtest-satdep.deb ... 205s Unpacking autopkgtest-satdep (0) ... 205s Setting up libpwquality-common (1.4.5-3) ... 205s Setting up libpath-utils1:s390x (0.6.2-2) ... 205s Setting up libnfsidmap1:s390x (1:2.6.3-3ubuntu1) ... 205s Setting up libsss-idmap0 (2.9.4-1ubuntu1) ... 205s Setting up libbasicobjects0:s390x (0.6.2-2) ... 205s Setting up libsss-idmap-dev (2.9.4-1ubuntu1) ... 205s Setting up libtdb1:s390x (1.4.10-1) ... 205s Setting up libc-ares2:s390x (1.27.0-1) ... 205s Setting up ldap-utils (2.6.7+dfsg-1~exp1ubuntu1) ... 205s Setting up libjose0:s390x (11-3) ... 205s Setting up libwbclient0:s390x (2:4.19.5+dfsg-1ubuntu1) ... 205s Setting up libtalloc2:s390x (2.4.2-1) ... 205s Setting up libdhash1:s390x (0.6.2-2) ... 205s Setting up libtevent0:s390x (0.16.1-1) ... 205s Setting up libavahi-common-data:s390x (0.8-13ubuntu2) ... 205s Setting up libevent-2.1-7:s390x (2.1.12-stable-9) ... 205s Setting up libtcl8.6:s390x (8.6.13+dfsg-2) ... 205s Setting up libltdl7:s390x (2.4.7-7) ... 205s Setting up libcrack2:s390x (2.9.6-5.1) ... 205s Setting up libcollection4:s390x (0.6.2-2) ... 205s Setting up libodbc2:s390x (2.3.12-1) ... 205s Setting up libipa-hbac0 (2.9.4-1ubuntu1) ... 205s Setting up python3-libipa-hbac (2.9.4-1ubuntu1) ... 205s Setting up libref-array1:s390x (0.6.2-2) ... 205s Setting up libnss-sudo (1.9.15p5-3ubuntu1) ... 205s Setting up libldb2:s390x (2:2.8.0+samba4.19.5+dfsg-1ubuntu1) ... 205s Setting up libsss-nss-idmap0 (2.9.4-1ubuntu1) ... 205s Setting up libnss-sss:s390x (2.9.4-1ubuntu1) ... 205s Setting up slapd (2.6.7+dfsg-1~exp1ubuntu1) ... 205s Creating new user openldap... done. 205s Creating initial configuration... done. 205s Creating LDAP directory... done. 206s Setting up tcl8.6 (8.6.13+dfsg-2) ... 206s Setting up libsss-sudo (2.9.4-1ubuntu1) ... 206s Setting up libsss-nss-idmap-dev (2.9.4-1ubuntu1) ... 206s Setting up libipa-hbac-dev (2.9.4-1ubuntu1) ... 206s Setting up libini-config5:s390x (0.6.2-2) ... 206s Setting up libavahi-common3:s390x (0.8-13ubuntu2) ... 206s Setting up tcl-expect:s390x (5.45.4-2build1) ... 206s Setting up python3-sss (2.9.4-1ubuntu1) ... 206s Setting up libsss-certmap0 (2.9.4-1ubuntu1) ... 206s Setting up libpwquality1:s390x (1.4.5-3) ... 206s Setting up python3-libsss-nss-idmap (2.9.4-1ubuntu1) ... 206s Setting up libavahi-client3:s390x (0.8-13ubuntu2) ... 206s Setting up expect (5.45.4-2build1) ... 206s Setting up libpam-pwquality:s390x (1.4.5-3) ... 206s Setting up samba-libs:s390x (2:4.19.5+dfsg-1ubuntu1) ... 206s Setting up libsss-certmap-dev (2.9.4-1ubuntu1) ... 206s Setting up libsmbclient:s390x (2:4.19.5+dfsg-1ubuntu1) ... 206s Setting up libpam-sss:s390x (2.9.4-1ubuntu1) ... 206s Setting up sssd-common (2.9.4-1ubuntu1) ... 206s Creating SSSD system user & group... 206s warn: The home directory `/var/lib/sss' already exists. Not touching this directory. 206s warn: Warning: The home directory `/var/lib/sss' does not belong to the user you are currently creating. 206s Warning: found usr.sbin.sssd in /etc/apparmor.d/force-complain, forcing complain mode 206s Warning from /etc/apparmor.d/usr.sbin.sssd (/etc/apparmor.d/usr.sbin.sssd line 63): Caching disabled for: 'usr.sbin.sssd' due to force complain 207s Created symlink /etc/systemd/system/sssd.service.wants/sssd-autofs.socket → /usr/lib/systemd/system/sssd-autofs.socket. 207s Created symlink /etc/systemd/system/sssd.service.wants/sssd-nss.socket → /usr/lib/systemd/system/sssd-nss.socket. 207s Created symlink /etc/systemd/system/sssd.service.wants/sssd-pam-priv.socket → /usr/lib/systemd/system/sssd-pam-priv.socket. 207s Created symlink /etc/systemd/system/sssd.service.wants/sssd-pam.socket → /usr/lib/systemd/system/sssd-pam.socket. 208s Created symlink /etc/systemd/system/sssd.service.wants/sssd-ssh.socket → /usr/lib/systemd/system/sssd-ssh.socket. 208s Created symlink /etc/systemd/system/sssd.service.wants/sssd-sudo.socket → /usr/lib/systemd/system/sssd-sudo.socket. 209s Created symlink /etc/systemd/system/multi-user.target.wants/sssd.service → /usr/lib/systemd/system/sssd.service. 209s sssd-autofs.service is a disabled or a static unit, not starting it. 209s sssd-nss.service is a disabled or a static unit, not starting it. 209s sssd-pam.service is a disabled or a static unit, not starting it. 209s sssd-ssh.service is a disabled or a static unit, not starting it. 209s sssd-sudo.service is a disabled or a static unit, not starting it. 209s Could not execute systemctl: at /usr/bin/deb-systemd-invoke line 148. 209s Setting up sssd-proxy (2.9.4-1ubuntu1) ... 209s Setting up sssd-kcm (2.9.4-1ubuntu1) ... 209s Created symlink /etc/systemd/system/sockets.target.wants/sssd-kcm.socket → /usr/lib/systemd/system/sssd-kcm.socket. 209s sssd-kcm.service is a disabled or a static unit, not starting it. 209s Setting up sssd-dbus (2.9.4-1ubuntu1) ... 210s sssd-ifp.service is a disabled or a static unit, not starting it. 210s Setting up sssd-ad-common (2.9.4-1ubuntu1) ... 210s Created symlink /etc/systemd/system/sssd.service.wants/sssd-pac.socket → /usr/lib/systemd/system/sssd-pac.socket. 210s sssd-pac.service is a disabled or a static unit, not starting it. 210s Could not execute systemctl: at /usr/bin/deb-systemd-invoke line 148. 210s Setting up sssd-krb5-common (2.9.4-1ubuntu1) ... 210s Setting up sssd-krb5 (2.9.4-1ubuntu1) ... 210s Setting up sssd-ldap (2.9.4-1ubuntu1) ... 210s Setting up sssd-ad (2.9.4-1ubuntu1) ... 210s Setting up sssd-tools (2.9.4-1ubuntu1) ... 210s Setting up sssd-ipa (2.9.4-1ubuntu1) ... 210s Setting up sssd (2.9.4-1ubuntu1) ... 210s Setting up libverto-libevent1:s390x (0.3.1-1ubuntu5) ... 210s Setting up libverto1:s390x (0.3.1-1ubuntu5) ... 210s Setting up libkrad0:s390x (1.20.1-5build1) ... 210s Setting up sssd-passkey (2.9.4-1ubuntu1) ... 210s Setting up sssd-idp (2.9.4-1ubuntu1) ... 210s Setting up autopkgtest-satdep (0) ... 210s Processing triggers for libc-bin (2.39-0ubuntu2) ... 210s Processing triggers for ufw (0.36.2-5) ... 210s Processing triggers for man-db (2.12.0-3) ... 211s Processing triggers for dbus (1.14.10-4ubuntu1) ... 220s (Reading database ... 53021 files and directories currently installed.) 220s Removing autopkgtest-satdep (0) ... 221s autopkgtest [03:50:40]: test ldap-user-group-ldap-auth: [----------------------- 221s + . debian/tests/util 221s + . debian/tests/common-tests 221s + mydomain=example.com 221s + myhostname=ldap.example.com 221s + mysuffix=dc=example,dc=com 221s + admin_dn=cn=admin,dc=example,dc=com 221s + admin_pw=secret 221s + ldap_user=testuser1 221s + ldap_user_pw=testuser1secret 221s + ldap_group=ldapusers 221s + adjust_hostname ldap.example.com 221s + local myhostname=ldap.example.com 221s + echo ldap.example.com 221s + hostname ldap.example.com 221s + grep -qE ldap.example.com /etc/hosts 221s + echo 127.0.1.10 ldap.example.com 221s + reconfigure_slapd 221s + debconf-set-selections 221s + rm -rf /var/backups/*slapd* /var/backups/unknown*ldapdb 221s + dpkg-reconfigure -fnoninteractive -pcritical slapd 222s Backing up /etc/ldap/slapd.d in /var/backups/slapd-2.6.7+dfsg-1~exp1ubuntu1... done. 222s Moving old database directory to /var/backups: 222s - directory unknown... done. 222s Creating initial configuration... done. 222s Creating LDAP directory... done. 222s + generate_certs ldap.example.com 222s + local cn=ldap.example.com 222s + local cert=/etc/ldap/server.pem 222s + local key=/etc/ldap/server.key 222s + local cnf=/etc/ldap/openssl.cnf 222s + cat 222s + openssl req -new -x509 -nodes -out /etc/ldap/server.pem -keyout /etc/ldap/server.key -config /etc/ldap/openssl.cnf 222s ....+++++++++++++++++++++++++++++++++++++++modifying entry "cn=config" 222s 222s +++++++++++++++++++++++++ 222s ...........................++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 222s ----- 222s + chmod 0640 /etc/ldap/server.key 222s + chgrp openldap /etc/ldap/server.key 222s + [ ! -f /etc/ldap/server.pem ] 222s + [ ! -f /etc/ldap/server.key ] 222s + enable_ldap_ssl 222s + cat 222s + cat 222s + ldapmodify -H ldapi:/// -Y EXTERNAL -Q 222s + populate_ldap_rfc2307 222s + cat 222s + ldapadd -x -D cn=admin,dc=example,dc=com -w secret 222s adding new entry "ou=People,dc=example,dc=com" 222s 222s adding new entry "ou=Group,dc=example,dc=com" 222s 222s adding new entry "uid=testuser1,ou=People,dc=example,dc=com" 222s 222s adding new entry "cn=testuser1,ou=Group,dc=example,dc=com" 222s 222s adding new entry "cn=ldapusers,ou=Group,dc=example,dc=com" 222s 222s + configure_sssd_ldap_rfc2307 222s + cat 222s + chmod 0600 /etc/sssd/sssd.conf 222s + systemctl restart sssd 222s + enable_pam_mkhomedir 222s + grep -qE ^session.*pam_mkhomedir\.so /etc/pam.d/common-session 223s Assert local user databases do not have our LDAP test data 223s + echo session optional pam_mkhomedir.so 223s + run_common_tests 223s + echo Assert local user databases do not have our LDAP test data 223s + check_local_user testuser1 223s + local local_user=testuser1 223s + grep -q ^testuser1 /etc/passwd 223s + check_local_group testuser1 223s + local local_group=testuser1 223s + grep -q ^testuser1 /etc/group 223s + check_local_group ldapusers 223s + local local_group=ldapusers 223s + grep -q ^ldapusers /etc/group 223s + The LDAP user is known to the system via getent 223s echo The LDAP user is known to the system via getent 223s + check_getent_user testuser1 223s + local getent_user=testuser1 223s + local output 223s + getent passwd testuser1 223s The LDAP user's private group is known to the system via getent 223s + output=testuser1:*:10001:10001:testuser1:/home/testuser1:/bin/bash 223s + [ -z testuser1:*:10001:10001:testuser1:/home/testuser1:/bin/bash ] 223s + echo The LDAP user's private group is known to the system via getent 223s + check_getent_group testuser1 223s + local getent_group=testuser1 223s + local output 223s + getent group testuser1 223s + output=testuser1:*:10001:testuser1 223s + [ -z testuser1:*:10001:testuser1 ] 223s + echo The LDAP group ldapusers is known to the system via getent 223s + check_getent_group ldapusers 223s + local getent_group=ldapusers 223s + local output 223s The LDAP group ldapusers is known to the system via getent 223s + getent group ldapusers 223s + output=ldapusers:*:10100:testuser1 223s + [ -z ldapusers:*:10100:testuser1 ] 223s + The id(1) command can resolve the group membership of the LDAP user 223s echo The id(1) command can resolve the group membership of the LDAP user 223s + id -Gn testuser1 223s + output=testuser1 ldapusers 223s + [ testuser1 ldapusers != testuser1 ldapusers ] 223s + echo The LDAP user can login on a terminalThe LDAP user can login on a terminal 223s 223s + /usr/bin/expect -f debian/tests/login.exp testuser1 testuser1secret 223s spawn login 223s ldap.example.com login: testuser1 223s Password: 223s Welcome to Ubuntu Noble Numbat (development branch) (GNU/Linux 6.8.0-11-generic s390x) 223s 223s * Documentation: https://help.ubuntu.com 223s * Management: https://landscape.canonical.com 223s * Support: https://ubuntu.com/pro 223s 223s 223s The programs included with the Ubuntu system are free software; 223s the exact distribution terms for each program are described in the 223s individual files in /usr/share/doc/*/copyright. 223s 223s Ubuntu comes with ABSOLUTELY NO WARRANTY, to the extent permitted by 223s applicable law. 223s 223s 223s The programs included with the Ubuntu system are free software; 223s the exact distribution terms for each program are described in the 223s individual files in /usr/share/doc/*/copyright. 223s 223s Ubuntu comes with ABSOLUTELY NO WARRANTY, to the extent permitted by 223s applicable law. 223s 223s Creating directory '/home/testuser1'. 223s [?2004htestuser1@ldap:~$ id -un 223s [?2004l testuser1 223s [?2004htestuser1@ldap:~$ autopkgtest [03:50:42]: test ldap-user-group-ldap-auth: -----------------------] 224s autopkgtest [03:50:43]: test ldap-user-group-ldap-auth: - - - - - - - - - - results - - - - - - - - - - 224s ldap-user-group-ldap-auth PASS 224s autopkgtest [03:50:43]: test ldap-user-group-krb5-auth: preparing testbed 226s Reading package lists... 226s Building dependency tree... 226s Reading state information... 226s Starting pkgProblemResolver with broken count: 0 226s Starting 2 pkgProblemResolver with broken count: 0 226s Done 227s The following additional packages will be installed: 227s krb5-admin-server krb5-config krb5-kdc krb5-user libgssrpc4 227s libkadm5clnt-mit12 libkadm5srv-mit12 libkdb5-10 227s Suggested packages: 227s krb5-kdc-ldap krb5-kpropd krb5-k5tls krb5-doc 227s The following NEW packages will be installed: 227s autopkgtest-satdep krb5-admin-server krb5-config krb5-kdc krb5-user 227s libgssrpc4 libkadm5clnt-mit12 libkadm5srv-mit12 libkdb5-10 227s 0 upgraded, 9 newly installed, 0 to remove and 0 not upgraded. 227s Need to get 612 kB/613 kB of archives. 227s After this operation, 2067 kB of additional disk space will be used. 227s Get:1 /tmp/autopkgtest.4w16Y5/2-autopkgtest-satdep.deb autopkgtest-satdep s390x 0 [884 B] 227s Get:2 http://ftpmaster.internal/ubuntu noble/main s390x krb5-config all 2.7 [22.0 kB] 227s Get:3 http://ftpmaster.internal/ubuntu noble/main s390x libgssrpc4 s390x 1.20.1-5build1 [58.9 kB] 227s Get:4 http://ftpmaster.internal/ubuntu noble/main s390x libkadm5clnt-mit12 s390x 1.20.1-5build1 [40.5 kB] 227s Get:5 http://ftpmaster.internal/ubuntu noble/main s390x libkdb5-10 s390x 1.20.1-5build1 [41.4 kB] 227s Get:6 http://ftpmaster.internal/ubuntu noble/main s390x libkadm5srv-mit12 s390x 1.20.1-5build1 [55.2 kB] 227s Get:7 http://ftpmaster.internal/ubuntu noble/universe s390x krb5-user s390x 1.20.1-5build1 [110 kB] 227s Get:8 http://ftpmaster.internal/ubuntu noble/universe s390x krb5-kdc s390x 1.20.1-5build1 [188 kB] 227s Get:9 http://ftpmaster.internal/ubuntu noble/universe s390x krb5-admin-server s390x 1.20.1-5build1 [95.9 kB] 228s Preconfiguring packages ... 229s Fetched 612 kB in 1s (1111 kB/s) 229s Selecting previously unselected package krb5-config. 229s (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 53021 files and directories currently installed.) 229s Preparing to unpack .../0-krb5-config_2.7_all.deb ... 229s Unpacking krb5-config (2.7) ... 229s Selecting previously unselected package libgssrpc4:s390x. 229s Preparing to unpack .../1-libgssrpc4_1.20.1-5build1_s390x.deb ... 229s Unpacking libgssrpc4:s390x (1.20.1-5build1) ... 229s Selecting previously unselected package libkadm5clnt-mit12:s390x. 229s Preparing to unpack .../2-libkadm5clnt-mit12_1.20.1-5build1_s390x.deb ... 229s Unpacking libkadm5clnt-mit12:s390x (1.20.1-5build1) ... 229s Selecting previously unselected package libkdb5-10:s390x. 229s Preparing to unpack .../3-libkdb5-10_1.20.1-5build1_s390x.deb ... 229s Unpacking libkdb5-10:s390x (1.20.1-5build1) ... 229s Selecting previously unselected package libkadm5srv-mit12:s390x. 229s Preparing to unpack .../4-libkadm5srv-mit12_1.20.1-5build1_s390x.deb ... 229s Unpacking libkadm5srv-mit12:s390x (1.20.1-5build1) ... 229s Selecting previously unselected package krb5-user. 229s Preparing to unpack .../5-krb5-user_1.20.1-5build1_s390x.deb ... 229s Unpacking krb5-user (1.20.1-5build1) ... 229s Selecting previously unselected package krb5-kdc. 229s Preparing to unpack .../6-krb5-kdc_1.20.1-5build1_s390x.deb ... 229s Unpacking krb5-kdc (1.20.1-5build1) ... 229s Selecting previously unselected package krb5-admin-server. 229s Preparing to unpack .../7-krb5-admin-server_1.20.1-5build1_s390x.deb ... 229s Unpacking krb5-admin-server (1.20.1-5build1) ... 229s Selecting previously unselected package autopkgtest-satdep. 229s Preparing to unpack .../8-2-autopkgtest-satdep.deb ... 229s Unpacking autopkgtest-satdep (0) ... 229s Setting up libgssrpc4:s390x (1.20.1-5build1) ... 229s Setting up krb5-config (2.7) ... 229s Setting up libkadm5clnt-mit12:s390x (1.20.1-5build1) ... 229s Setting up libkdb5-10:s390x (1.20.1-5build1) ... 229s Setting up libkadm5srv-mit12:s390x (1.20.1-5build1) ... 229s Setting up krb5-user (1.20.1-5build1) ... 229s update-alternatives: using /usr/bin/kinit.mit to provide /usr/bin/kinit (kinit) in auto mode 229s update-alternatives: using /usr/bin/klist.mit to provide /usr/bin/klist (klist) in auto mode 229s update-alternatives: using /usr/bin/kswitch.mit to provide /usr/bin/kswitch (kswitch) in auto mode 229s update-alternatives: using /usr/bin/ksu.mit to provide /usr/bin/ksu (ksu) in auto mode 229s update-alternatives: using /usr/bin/kpasswd.mit to provide /usr/bin/kpasswd (kpasswd) in auto mode 229s update-alternatives: using /usr/bin/kdestroy.mit to provide /usr/bin/kdestroy (kdestroy) in auto mode 229s update-alternatives: using /usr/bin/kadmin.mit to provide /usr/bin/kadmin (kadmin) in auto mode 229s update-alternatives: using /usr/bin/ktutil.mit to provide /usr/bin/ktutil (ktutil) in auto mode 229s Setting up krb5-kdc (1.20.1-5build1) ... 230s Created symlink /etc/systemd/system/multi-user.target.wants/krb5-kdc.service → /usr/lib/systemd/system/krb5-kdc.service. 230s Could not execute systemctl: at /usr/bin/deb-systemd-invoke line 148. 230s Setting up krb5-admin-server (1.20.1-5build1) ... 231s Created symlink /etc/systemd/system/multi-user.target.wants/krb5-admin-server.service → /usr/lib/systemd/system/krb5-admin-server.service. 231s Setting up autopkgtest-satdep (0) ... 231s Processing triggers for man-db (2.12.0-3) ... 232s Processing triggers for libc-bin (2.39-0ubuntu2) ... 240s (Reading database ... 53114 files and directories currently installed.) 240s Removing autopkgtest-satdep (0) ... 240s autopkgtest [03:50:59]: test ldap-user-group-krb5-auth: [----------------------- 241s + . debian/tests/util 241s + . debian/tests/common-tests 241s + mydomain=example.com 241s + myhostname=ldap.example.com 241s + mysuffix=dc=example,dc=com 241s + myrealm=EXAMPLE.COM 241s + admin_dn=cn=admin,dc=example,dc=com 241s + admin_pw=secret 241s + ldap_user=testuser1 241s + ldap_user_pw=testuser1secret 241s + kerberos_principal_pw=testuser1kerberos 241s + ldap_group=ldapusers 241s + adjust_hostname ldap.example.com 241s + local myhostname=ldap.example.com 241s + echo ldap.example.com 241s + hostname ldap.example.com 241s + grep -qE ldap.example.com /etc/hosts 241s + reconfigure_slapd 241s + debconf-set-selections 241s + rm -rf /var/backups/slapd-2.6.7+dfsg-1~exp1ubuntu1 /var/backups/unknown-2.6.7+dfsg-1~exp1ubuntu1-20240321-035041.ldapdb 241s + dpkg-reconfigure -fnoninteractive -pcritical slapd 241s Backing up /etc/ldap/slapd.d in /var/backups/slapd-2.6.7+dfsg-1~exp1ubuntu1... done. 241s Moving old database directory to /var/backups: 241s - directory unknown... done. 241s Creating initial configuration... done. 241s Creating LDAP directory... done. 242s + generate_certs ldap.example.com 242s + local cn=ldap.example.com 242s + local cert=/etc/ldap/server.pem 242s + local key=/etc/ldap/server.key 242s + local cnf=/etc/ldap/openssl.cnf 242s + cat 242s + openssl req -new -x509 -nodes -out /etc/ldap/server.pem -keyout /etc/ldap/server.key -config /etc/ldap/openssl.cnf 242s ...........................................++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 242s .......................................................++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 242s ----- 242s + chmod 0640 /etc/ldap/server.key 242s + chgrp openldap /etc/ldap/server.key 242s + [ ! -f /etc/ldap/server.pem ] 242s + [ ! -f /etc/ldap/server.key ] 242s + enable_ldap_ssl 242s + cat 242s + cat 242s + ldapmodify -H ldapi:/// -Y EXTERNAL -Q 242s + populate_ldap_rfc2307 242s + cat 242s + ldapadd -x -D cn=admin,dc=example,dc=com -w secret 242s + create_realm EXAMPLE.COM ldap.example.com 242s + local realm_name=EXAMPLE.COM 242s + local kerberos_server=ldap.example.com 242s + rm -rf /var/lib/krb5kdc/* 242s + rm -rf /etc/krb5kdc/kdc.conf 242s + rm -f /etc/krb5.keytab 242s + cat 242s + cat 242s + echo # */admin * 242s + kdb5_util create -s -P secretpassword 242s + systemctl restart krb5-kdc.service krb5-admin-server.service 242s modifying entry "cn=config" 242s 242s adding new entry "ou=People,dc=example,dc=com" 242s 242s adding new entry "ou=Group,dc=example,dc=com" 242s 242s adding new entry "uid=testuser1,ou=People,dc=example,dc=com" 242s 242s adding new entry "cn=testuser1,ou=Group,dc=example,dc=com" 242s 242s adding new entry "cn=ldapusers,ou=Group,dc=example,dc=com" 242s 242s Initializing database '/var/lib/krb5kdc/principal' for realm 'EXAMPLE.COM', 242s master key name 'K/M@EXAMPLE.COM' 242s + create_krb_principal testuser1 testuser1kerberos 242s + local principal=testuser1 242s + local password=testuser1kerberos 242s + kadmin.local -q addprinc -pw testuser1kerberos testuser1 242s No policy specified for testuser1@EXAMPLE.COM; defaulting to no policy 242s Authenticating as principal root/admin@EXAMPLE.COM with password. 242s Principal "testuser1@EXAMPLE.COM" created. 242s + configure_sssd_ldap_rfc2307_krb5_auth 242s + cat 242s + chmod 0600 /etc/sssd/sssd.conf 242s + systemctl restart sssd 242s + enable_pam_mkhomedir 242s + grep -qE ^session.*pam_mkhomedir\.so /etc/pam.d/common-session 242s Assert local user databases do not have our LDAP test data 242s + run_common_tests 242s + echo Assert local user databases do not have our LDAP test data 242s + check_local_user testuser1 242s + local local_user=testuser1 242s + grep -q ^testuser1 /etc/passwd 242s + check_local_group testuser1 242s + local local_group=testuser1 242s + grep -q ^testuser1 /etc/group 242s + check_local_group ldapusers 242s + local local_group=ldapusers 242s + grep -q ^ldapusers /etc/group 242s The LDAP user is known to the system via getent 242s + echo The LDAP user is known to the system via getent 242s + check_getent_user testuser1 242s + local getent_user=testuser1 242s + local output 242s + getent passwd testuser1The LDAP user's private group is known to the system via getent 242s 242s + output=testuser1:*:10001:10001:testuser1:/home/testuser1:/bin/bash 242s + [ -z testuser1:*:10001:10001:testuser1:/home/testuser1:/bin/bash ] 242s + echo The LDAP user's private group is known to the system via getent 242s + check_getent_group testuser1 242s + local getent_group=testuser1 242s + local output 242s + getent group testuser1 242s + output=testuser1:*:10001:testuser1 242s + [ -z testuser1:*:10001:testuser1 ] 242s + echo The LDAP group ldapusers is known to the system via getent 242s + The LDAP group ldapusers is known to the system via getent 242s The id(1) command can resolve the group membership of the LDAP user 242s check_getent_group ldapusers 242s + local getent_group=ldapusers 242s + local output 242s + getent group ldapusers 242s + output=ldapusers:*:10100:testuser1 242s + [ -z ldapusers:*:10100:testuser1 ] 242s + echo The id(1) command can resolve the group membership of the LDAP user 242s + The Kerberos principal can login on a terminal 242s spawn login 242s ldap.example.com login: testuser1 242s Password: 242s id -Gn testuser1 242s + output=testuser1 ldapusers 242s + [ testuser1 ldapusers != testuser1 ldapusers ] 242s + echo The Kerberos principal can login on a terminal 242s + kdestroy 242s + /usr/bin/expect -f debian/tests/login.exp testuser1 testuser1kerberos testuser1@EXAMPLE.COM 242s Welcome to Ubuntu Noble Numbat (development branch) (GNU/Linux 6.8.0-11-generic s390x) 242s 242s * Documentation: https://help.ubuntu.com 242s * Management: https://landscape.canonical.com 242s * Support: https://ubuntu.com/pro 242s 242s 242s The programs included with the Ubuntu system are free software; 242s the exact distribution terms for each program are described in the 242s individual files in /usr/share/doc/*/copyright. 242s 242s Ubuntu comes with ABSOLUTELY NO WARRANTY, to the extent permitted by 242s applicable law. 242s 242s Last login: Thu Mar 21 03:50:42 UTC 2024 on pts/0 242s [?2004htestuser1@ldap:~$ id -un 242s [?2004l testuser1 242s [?2004htestuser1@ldap:~$ klist 242s [?2004l Ticket cache: FILE:/tmp/krb5cc_10001_ZA5KwC 242s Default principal: testuser1@EXAMPLE.COM 242s /tmp/autopkgtest.4w16Y5/wrapper.sh: Killing leaked background processes: 4673 4686 242s PID TTY STAT TIME COMMAND 242s 4673 ? R 0:00 [bash] 242s /tmp/autopkgtest.4w16Y5/wrapper.sh: 235: kill: No such process 242s 242s /tmp/autopkgtest.4w16Y5/wrapper.sh: 235: kill: No such process 242s 242s /tmp/autopkgtest.4w16Y5/wrapper.sh: 237: kill: No such process 242s 242s /tmp/autopkgtest.4w16Y5/wrapper.sh: 237: kill: No such process 242s 243s autopkgtest [03:51:02]: test ldap-user-group-krb5-auth: -----------------------] 243s ldap-user-group-krb5-auth PASS 243s autopkgtest [03:51:02]: test ldap-user-group-krb5-auth: - - - - - - - - - - results - - - - - - - - - - 243s autopkgtest [03:51:02]: test sssd-softhism2-certificates-tests.sh: preparing testbed 313s autopkgtest [03:52:12]: testbed dpkg architecture: s390x 313s autopkgtest [03:52:12]: testbed apt version: 2.7.12 313s autopkgtest [03:52:12]: @@@@@@@@@@@@@@@@@@@@ test bed setup 314s Get:1 http://ftpmaster.internal/ubuntu noble-proposed InRelease [117 kB] 315s Get:2 http://ftpmaster.internal/ubuntu noble-proposed/universe Sources [3809 kB] 315s Get:3 http://ftpmaster.internal/ubuntu noble-proposed/restricted Sources [6540 B] 315s Get:4 http://ftpmaster.internal/ubuntu noble-proposed/multiverse Sources [53.9 kB] 315s Get:5 http://ftpmaster.internal/ubuntu noble-proposed/main Sources [498 kB] 315s Get:6 http://ftpmaster.internal/ubuntu noble-proposed/main s390x Packages [674 kB] 315s Get:7 http://ftpmaster.internal/ubuntu noble-proposed/main s390x c-n-f Metadata [3032 B] 315s Get:8 http://ftpmaster.internal/ubuntu noble-proposed/restricted s390x Packages [1372 B] 315s Get:9 http://ftpmaster.internal/ubuntu noble-proposed/restricted s390x c-n-f Metadata [116 B] 315s Get:10 http://ftpmaster.internal/ubuntu noble-proposed/universe s390x Packages [4054 kB] 315s Get:11 http://ftpmaster.internal/ubuntu noble-proposed/universe s390x c-n-f Metadata [7292 B] 315s Get:12 http://ftpmaster.internal/ubuntu noble-proposed/multiverse s390x Packages [45.1 kB] 315s Get:13 http://ftpmaster.internal/ubuntu noble-proposed/multiverse s390x c-n-f Metadata [116 B] 317s Fetched 9269 kB in 2s (4047 kB/s) 318s Reading package lists... 320s Reading package lists... 320s Building dependency tree... 320s Reading state information... 320s Calculating upgrade... 320s The following packages will be REMOVED: 320s libext2fs2 320s The following NEW packages will be installed: 320s libext2fs2t64 320s The following packages will be upgraded: 320s e2fsprogs e2fsprogs-l10n libcom-err2 libss2 logsave 320s 5 upgraded, 1 newly installed, 1 to remove and 0 not upgraded. 320s Need to get 918 kB of archives. 320s After this operation, 52.2 kB of additional disk space will be used. 320s Get:1 http://ftpmaster.internal/ubuntu noble-proposed/main s390x e2fsprogs-l10n all 1.47.0-2.4~exp1ubuntu2 [5996 B] 320s Get:2 http://ftpmaster.internal/ubuntu noble-proposed/main s390x logsave s390x 1.47.0-2.4~exp1ubuntu2 [22.5 kB] 321s Get:3 http://ftpmaster.internal/ubuntu noble-proposed/main s390x libext2fs2t64 s390x 1.47.0-2.4~exp1ubuntu2 [235 kB] 321s Get:4 http://ftpmaster.internal/ubuntu noble-proposed/main s390x e2fsprogs s390x 1.47.0-2.4~exp1ubuntu2 [615 kB] 321s Get:5 http://ftpmaster.internal/ubuntu noble-proposed/main s390x libcom-err2 s390x 1.47.0-2.4~exp1ubuntu2 [22.9 kB] 321s Get:6 http://ftpmaster.internal/ubuntu noble-proposed/main s390x libss2 s390x 1.47.0-2.4~exp1ubuntu2 [17.2 kB] 321s Fetched 918 kB in 1s (1378 kB/s) 321s (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 52171 files and directories currently installed.) 321s Preparing to unpack .../e2fsprogs-l10n_1.47.0-2.4~exp1ubuntu2_all.deb ... 321s Unpacking e2fsprogs-l10n (1.47.0-2.4~exp1ubuntu2) over (1.47.0-2ubuntu1) ... 321s Preparing to unpack .../logsave_1.47.0-2.4~exp1ubuntu2_s390x.deb ... 321s Unpacking logsave (1.47.0-2.4~exp1ubuntu2) over (1.47.0-2ubuntu1) ... 321s dpkg: libext2fs2:s390x: dependency problems, but removing anyway as you requested: 321s libblockdev-fs3:s390x depends on libext2fs2 (>= 1.42.11). 321s e2fsprogs depends on libext2fs2 (= 1.47.0-2ubuntu1). 321s btrfs-progs depends on libext2fs2 (>= 1.42). 321s 321s (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 52171 files and directories currently installed.) 321s Removing libext2fs2:s390x (1.47.0-2ubuntu1) ... 321s Selecting previously unselected package libext2fs2t64:s390x. 321s (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 52164 files and directories currently installed.) 321s Preparing to unpack .../libext2fs2t64_1.47.0-2.4~exp1ubuntu2_s390x.deb ... 321s Adding 'diversion of /lib/s390x-linux-gnu/libe2p.so.2 to /lib/s390x-linux-gnu/libe2p.so.2.usr-is-merged by libext2fs2t64' 321s Adding 'diversion of /lib/s390x-linux-gnu/libe2p.so.2.3 to /lib/s390x-linux-gnu/libe2p.so.2.3.usr-is-merged by libext2fs2t64' 321s Adding 'diversion of /lib/s390x-linux-gnu/libext2fs.so.2 to /lib/s390x-linux-gnu/libext2fs.so.2.usr-is-merged by libext2fs2t64' 321s Adding 'diversion of /lib/s390x-linux-gnu/libext2fs.so.2.4 to /lib/s390x-linux-gnu/libext2fs.so.2.4.usr-is-merged by libext2fs2t64' 321s Unpacking libext2fs2t64:s390x (1.47.0-2.4~exp1ubuntu2) ... 321s Setting up libext2fs2t64:s390x (1.47.0-2.4~exp1ubuntu2) ... 321s (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 52180 files and directories currently installed.) 321s Preparing to unpack .../e2fsprogs_1.47.0-2.4~exp1ubuntu2_s390x.deb ... 321s Unpacking e2fsprogs (1.47.0-2.4~exp1ubuntu2) over (1.47.0-2ubuntu1) ... 321s Preparing to unpack .../libcom-err2_1.47.0-2.4~exp1ubuntu2_s390x.deb ... 321s Unpacking libcom-err2:s390x (1.47.0-2.4~exp1ubuntu2) over (1.47.0-2ubuntu1) ... 322s Preparing to unpack .../libss2_1.47.0-2.4~exp1ubuntu2_s390x.deb ... 322s Unpacking libss2:s390x (1.47.0-2.4~exp1ubuntu2) over (1.47.0-2ubuntu1) ... 322s Setting up libcom-err2:s390x (1.47.0-2.4~exp1ubuntu2) ... 322s Setting up libss2:s390x (1.47.0-2.4~exp1ubuntu2) ... 322s Setting up logsave (1.47.0-2.4~exp1ubuntu2) ... 322s Setting up e2fsprogs (1.47.0-2.4~exp1ubuntu2) ... 322s update-initramfs: deferring update (trigger activated) 322s e2scrub_all.service is a disabled or a static unit not running, not starting it. 322s Setting up e2fsprogs-l10n (1.47.0-2.4~exp1ubuntu2) ... 322s Processing triggers for man-db (2.12.0-3) ... 323s Processing triggers for libc-bin (2.39-0ubuntu2) ... 323s Processing triggers for initramfs-tools (0.142ubuntu20) ... 323s update-initramfs: Generating /boot/initrd.img-6.8.0-11-generic 323s W: No lz4 in /usr/bin:/sbin:/bin, using gzip 326s Using config file '/etc/zipl.conf' 326s Building bootmap in '/boot' 326s Adding IPL section 'ubuntu' (default) 326s Preparing boot device for LD-IPL: vda (0000). 326s Done. 326s Reading package lists... 326s Building dependency tree... 326s Reading state information... 327s 0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded. 327s Unknown architecture, assuming PC-style ttyS0 327s sh: Attempting to set up Debian/Ubuntu apt sources automatically 327s sh: Distribution appears to be Ubuntu 328s Reading package lists... 328s Building dependency tree... 328s Reading state information... 328s eatmydata is already the newest version (131-1). 328s 0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded. 328s Reading package lists... 328s Building dependency tree... 328s Reading state information... 328s dbus is already the newest version (1.14.10-4ubuntu1). 328s 0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded. 328s Reading package lists... 328s Building dependency tree... 328s Reading state information... 329s rng-tools-debian is already the newest version (2.4). 329s 0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded. 329s Reading package lists... 329s Building dependency tree... 329s Reading state information... 329s The following packages will be REMOVED: 329s cloud-init* python3-configobj* python3-debconf* 329s 0 upgraded, 0 newly installed, 3 to remove and 0 not upgraded. 329s After this operation, 3252 kB disk space will be freed. 329s (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 52180 files and directories currently installed.) 329s Removing cloud-init (24.1.1-0ubuntu1) ... 330s Removing python3-configobj (5.0.8-3) ... 330s Removing python3-debconf (1.5.86) ... 330s Processing triggers for man-db (2.12.0-3) ... 330s (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 51791 files and directories currently installed.) 330s Purging configuration files for cloud-init (24.1.1-0ubuntu1) ... 330s dpkg: warning: while removing cloud-init, directory '/etc/cloud/cloud.cfg.d' not empty so not removed 330s Processing triggers for rsyslog (8.2312.0-3ubuntu3) ... 330s invoke-rc.d: policy-rc.d denied execution of try-restart. 331s Reading package lists... 331s Building dependency tree... 331s Reading state information... 331s linux-generic is already the newest version (6.8.0-11.11+1). 331s 0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded. 331s Hit:1 http://ftpmaster.internal/ubuntu noble InRelease 331s Hit:2 http://ftpmaster.internal/ubuntu noble-updates InRelease 331s Hit:3 http://ftpmaster.internal/ubuntu noble-security InRelease 333s Reading package lists... 333s Reading package lists... 333s Building dependency tree... 333s Reading state information... 333s Calculating upgrade... 333s 0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded. 333s Reading package lists... 334s Building dependency tree... 334s Reading state information... 334s 0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded. 334s autopkgtest [03:52:33]: rebooting testbed after setup commands that affected boot 358s Reading package lists... 358s Building dependency tree... 358s Reading state information... 358s Starting pkgProblemResolver with broken count: 0 358s Starting 2 pkgProblemResolver with broken count: 0 358s Done 358s The following additional packages will be installed: 358s gnutls-bin libavahi-client3 libavahi-common-data libavahi-common3 358s libbasicobjects0 libc-ares2 libcollection4 libcrack2 libdhash1 358s libevent-2.1-7 libgnutls-dane0 libini-config5 libipa-hbac0 libldb2 358s libnfsidmap1 libnss-sss libpam-pwquality libpam-sss libpath-utils1 358s libpwquality-common libpwquality1 libref-array1 libsmbclient libsofthsm2 358s libsss-certmap0 libsss-idmap0 libsss-nss-idmap0 libtalloc2 libtdb1 358s libtevent0 libunbound8 libwbclient0 python3-sss samba-libs softhsm2 358s softhsm2-common sssd sssd-ad sssd-ad-common sssd-common sssd-ipa sssd-krb5 358s sssd-krb5-common sssd-ldap sssd-proxy 358s Suggested packages: 358s dns-root-data adcli libsss-sudo sssd-tools libsasl2-modules-ldap 358s Recommended packages: 358s cracklib-runtime libsasl2-modules-gssapi-mit 358s | libsasl2-modules-gssapi-heimdal ldap-utils 358s The following NEW packages will be installed: 358s autopkgtest-satdep gnutls-bin libavahi-client3 libavahi-common-data 358s libavahi-common3 libbasicobjects0 libc-ares2 libcollection4 libcrack2 358s libdhash1 libevent-2.1-7 libgnutls-dane0 libini-config5 libipa-hbac0 libldb2 358s libnfsidmap1 libnss-sss libpam-pwquality libpam-sss libpath-utils1 358s libpwquality-common libpwquality1 libref-array1 libsmbclient libsofthsm2 358s libsss-certmap0 libsss-idmap0 libsss-nss-idmap0 libtalloc2 libtdb1 358s libtevent0 libunbound8 libwbclient0 python3-sss samba-libs softhsm2 358s softhsm2-common sssd sssd-ad sssd-ad-common sssd-common sssd-ipa sssd-krb5 358s sssd-krb5-common sssd-ldap sssd-proxy 358s 0 upgraded, 46 newly installed, 0 to remove and 0 not upgraded. 358s Need to get 10.4 MB/10.4 MB of archives. 358s After this operation, 40.5 MB of additional disk space will be used. 358s Get:1 /tmp/autopkgtest.4w16Y5/3-autopkgtest-satdep.deb autopkgtest-satdep s390x 0 [748 B] 358s Get:2 http://ftpmaster.internal/ubuntu noble/main s390x libevent-2.1-7 s390x 2.1.12-stable-9 [144 kB] 359s Get:3 http://ftpmaster.internal/ubuntu noble/main s390x libunbound8 s390x 1.19.1-1ubuntu1 [453 kB] 359s Get:4 http://ftpmaster.internal/ubuntu noble/main s390x libgnutls-dane0 s390x 3.8.3-1ubuntu1 [23.6 kB] 359s Get:5 http://ftpmaster.internal/ubuntu noble/universe s390x gnutls-bin s390x 3.8.3-1ubuntu1 [284 kB] 359s Get:6 http://ftpmaster.internal/ubuntu noble/main s390x libavahi-common-data s390x 0.8-13ubuntu2 [29.5 kB] 359s Get:7 http://ftpmaster.internal/ubuntu noble/main s390x libavahi-common3 s390x 0.8-13ubuntu2 [23.8 kB] 359s Get:8 http://ftpmaster.internal/ubuntu noble/main s390x libavahi-client3 s390x 0.8-13ubuntu2 [26.7 kB] 359s Get:9 http://ftpmaster.internal/ubuntu noble/main s390x libcrack2 s390x 2.9.6-5.1 [29.6 kB] 359s Get:10 http://ftpmaster.internal/ubuntu noble/main s390x libtalloc2 s390x 2.4.2-1 [28.3 kB] 359s Get:11 http://ftpmaster.internal/ubuntu noble/main s390x libtdb1 s390x 1.4.10-1 [49.9 kB] 359s Get:12 http://ftpmaster.internal/ubuntu noble/main s390x libtevent0 s390x 0.16.1-1 [43.1 kB] 359s Get:13 http://ftpmaster.internal/ubuntu noble/main s390x libldb2 s390x 2:2.8.0+samba4.19.5+dfsg-1ubuntu1 [191 kB] 359s Get:14 http://ftpmaster.internal/ubuntu noble/main s390x libnfsidmap1 s390x 1:2.6.3-3ubuntu1 [49.0 kB] 359s Get:15 http://ftpmaster.internal/ubuntu noble/main s390x libpwquality-common all 1.4.5-3 [7658 B] 359s Get:16 http://ftpmaster.internal/ubuntu noble/main s390x libpwquality1 s390x 1.4.5-3 [14.7 kB] 359s Get:17 http://ftpmaster.internal/ubuntu noble/main s390x libpam-pwquality s390x 1.4.5-3 [11.6 kB] 359s Get:18 http://ftpmaster.internal/ubuntu noble/main s390x libwbclient0 s390x 2:4.19.5+dfsg-1ubuntu1 [70.3 kB] 360s Get:19 http://ftpmaster.internal/ubuntu noble/main s390x samba-libs s390x 2:4.19.5+dfsg-1ubuntu1 [6231 kB] 361s Get:20 http://ftpmaster.internal/ubuntu noble/universe s390x softhsm2-common s390x 2.6.1-2.2 [5808 B] 361s Get:21 http://ftpmaster.internal/ubuntu noble/universe s390x libsofthsm2 s390x 2.6.1-2.2 [265 kB] 361s Get:22 http://ftpmaster.internal/ubuntu noble/universe s390x softhsm2 s390x 2.6.1-2.2 [174 kB] 361s Get:23 http://ftpmaster.internal/ubuntu noble/main s390x python3-sss s390x 2.9.4-1ubuntu1 [46.6 kB] 361s Get:24 http://ftpmaster.internal/ubuntu noble/main s390x libsss-idmap0 s390x 2.9.4-1ubuntu1 [22.1 kB] 361s Get:25 http://ftpmaster.internal/ubuntu noble/main s390x libnss-sss s390x 2.9.4-1ubuntu1 [32.6 kB] 361s Get:26 http://ftpmaster.internal/ubuntu noble/main s390x libpam-sss s390x 2.9.4-1ubuntu1 [51.9 kB] 361s Get:27 http://ftpmaster.internal/ubuntu noble/main s390x libc-ares2 s390x 1.27.0-1 [79.2 kB] 361s Get:28 http://ftpmaster.internal/ubuntu noble/main s390x libdhash1 s390x 0.6.2-2 [8648 B] 361s Get:29 http://ftpmaster.internal/ubuntu noble/main s390x libbasicobjects0 s390x 0.6.2-2 [5476 B] 361s Get:30 http://ftpmaster.internal/ubuntu noble/main s390x libcollection4 s390x 0.6.2-2 [23.2 kB] 361s Get:31 http://ftpmaster.internal/ubuntu noble/main s390x libpath-utils1 s390x 0.6.2-2 [8994 B] 361s Get:32 http://ftpmaster.internal/ubuntu noble/main s390x libref-array1 s390x 0.6.2-2 [6880 B] 361s Get:33 http://ftpmaster.internal/ubuntu noble/main s390x libini-config5 s390x 0.6.2-2 [45.3 kB] 361s Get:34 http://ftpmaster.internal/ubuntu noble/main s390x libsss-certmap0 s390x 2.9.4-1ubuntu1 [46.7 kB] 361s Get:35 http://ftpmaster.internal/ubuntu noble/main s390x libsss-nss-idmap0 s390x 2.9.4-1ubuntu1 [31.4 kB] 361s Get:36 http://ftpmaster.internal/ubuntu noble/main s390x sssd-common s390x 2.9.4-1ubuntu1 [1125 kB] 362s Get:37 http://ftpmaster.internal/ubuntu noble/main s390x sssd-ad-common s390x 2.9.4-1ubuntu1 [74.8 kB] 362s Get:38 http://ftpmaster.internal/ubuntu noble/main s390x sssd-krb5-common s390x 2.9.4-1ubuntu1 [90.3 kB] 362s Get:39 http://ftpmaster.internal/ubuntu noble/main s390x libsmbclient s390x 2:4.19.5+dfsg-1ubuntu1 [65.1 kB] 362s Get:40 http://ftpmaster.internal/ubuntu noble/main s390x sssd-ad s390x 2.9.4-1ubuntu1 [133 kB] 362s Get:41 http://ftpmaster.internal/ubuntu noble/main s390x libipa-hbac0 s390x 2.9.4-1ubuntu1 [16.8 kB] 362s Get:42 http://ftpmaster.internal/ubuntu noble/main s390x sssd-ipa s390x 2.9.4-1ubuntu1 [215 kB] 362s Get:43 http://ftpmaster.internal/ubuntu noble/main s390x sssd-krb5 s390x 2.9.4-1ubuntu1 [14.4 kB] 362s Get:44 http://ftpmaster.internal/ubuntu noble/main s390x sssd-ldap s390x 2.9.4-1ubuntu1 [31.0 kB] 362s Get:45 http://ftpmaster.internal/ubuntu noble/main s390x sssd-proxy s390x 2.9.4-1ubuntu1 [43.9 kB] 362s Get:46 http://ftpmaster.internal/ubuntu noble/main s390x sssd s390x 2.9.4-1ubuntu1 [4120 B] 362s Fetched 10.4 MB in 3s (3068 kB/s) 362s Selecting previously unselected package libevent-2.1-7:s390x. 362s (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 51736 files and directories currently installed.) 362s Preparing to unpack .../00-libevent-2.1-7_2.1.12-stable-9_s390x.deb ... 362s Unpacking libevent-2.1-7:s390x (2.1.12-stable-9) ... 362s Selecting previously unselected package libunbound8:s390x. 362s Preparing to unpack .../01-libunbound8_1.19.1-1ubuntu1_s390x.deb ... 362s Unpacking libunbound8:s390x (1.19.1-1ubuntu1) ... 362s Selecting previously unselected package libgnutls-dane0:s390x. 362s Preparing to unpack .../02-libgnutls-dane0_3.8.3-1ubuntu1_s390x.deb ... 362s Unpacking libgnutls-dane0:s390x (3.8.3-1ubuntu1) ... 362s Selecting previously unselected package gnutls-bin. 362s Preparing to unpack .../03-gnutls-bin_3.8.3-1ubuntu1_s390x.deb ... 362s Unpacking gnutls-bin (3.8.3-1ubuntu1) ... 362s Selecting previously unselected package libavahi-common-data:s390x. 362s Preparing to unpack .../04-libavahi-common-data_0.8-13ubuntu2_s390x.deb ... 362s Unpacking libavahi-common-data:s390x (0.8-13ubuntu2) ... 362s Selecting previously unselected package libavahi-common3:s390x. 362s Preparing to unpack .../05-libavahi-common3_0.8-13ubuntu2_s390x.deb ... 362s Unpacking libavahi-common3:s390x (0.8-13ubuntu2) ... 362s Selecting previously unselected package libavahi-client3:s390x. 362s Preparing to unpack .../06-libavahi-client3_0.8-13ubuntu2_s390x.deb ... 362s Unpacking libavahi-client3:s390x (0.8-13ubuntu2) ... 362s Selecting previously unselected package libcrack2:s390x. 362s Preparing to unpack .../07-libcrack2_2.9.6-5.1_s390x.deb ... 362s Unpacking libcrack2:s390x (2.9.6-5.1) ... 362s Selecting previously unselected package libtalloc2:s390x. 362s Preparing to unpack .../08-libtalloc2_2.4.2-1_s390x.deb ... 362s Unpacking libtalloc2:s390x (2.4.2-1) ... 362s Selecting previously unselected package libtdb1:s390x. 362s Preparing to unpack .../09-libtdb1_1.4.10-1_s390x.deb ... 362s Unpacking libtdb1:s390x (1.4.10-1) ... 362s Selecting previously unselected package libtevent0:s390x. 362s Preparing to unpack .../10-libtevent0_0.16.1-1_s390x.deb ... 362s Unpacking libtevent0:s390x (0.16.1-1) ... 362s Selecting previously unselected package libldb2:s390x. 362s Preparing to unpack .../11-libldb2_2%3a2.8.0+samba4.19.5+dfsg-1ubuntu1_s390x.deb ... 362s Unpacking libldb2:s390x (2:2.8.0+samba4.19.5+dfsg-1ubuntu1) ... 362s Selecting previously unselected package libnfsidmap1:s390x. 362s Preparing to unpack .../12-libnfsidmap1_1%3a2.6.3-3ubuntu1_s390x.deb ... 362s Unpacking libnfsidmap1:s390x (1:2.6.3-3ubuntu1) ... 362s Selecting previously unselected package libpwquality-common. 362s Preparing to unpack .../13-libpwquality-common_1.4.5-3_all.deb ... 362s Unpacking libpwquality-common (1.4.5-3) ... 362s Selecting previously unselected package libpwquality1:s390x. 362s Preparing to unpack .../14-libpwquality1_1.4.5-3_s390x.deb ... 362s Unpacking libpwquality1:s390x (1.4.5-3) ... 362s Selecting previously unselected package libpam-pwquality:s390x. 362s Preparing to unpack .../15-libpam-pwquality_1.4.5-3_s390x.deb ... 362s Unpacking libpam-pwquality:s390x (1.4.5-3) ... 362s Selecting previously unselected package libwbclient0:s390x. 362s Preparing to unpack .../16-libwbclient0_2%3a4.19.5+dfsg-1ubuntu1_s390x.deb ... 362s Unpacking libwbclient0:s390x (2:4.19.5+dfsg-1ubuntu1) ... 362s Selecting previously unselected package samba-libs:s390x. 362s Preparing to unpack .../17-samba-libs_2%3a4.19.5+dfsg-1ubuntu1_s390x.deb ... 362s Unpacking samba-libs:s390x (2:4.19.5+dfsg-1ubuntu1) ... 362s Selecting previously unselected package softhsm2-common. 362s Preparing to unpack .../18-softhsm2-common_2.6.1-2.2_s390x.deb ... 362s Unpacking softhsm2-common (2.6.1-2.2) ... 362s Selecting previously unselected package libsofthsm2. 363s Preparing to unpack .../19-libsofthsm2_2.6.1-2.2_s390x.deb ... 363s Unpacking libsofthsm2 (2.6.1-2.2) ... 363s Selecting previously unselected package softhsm2. 363s Preparing to unpack .../20-softhsm2_2.6.1-2.2_s390x.deb ... 363s Unpacking softhsm2 (2.6.1-2.2) ... 363s Selecting previously unselected package python3-sss. 363s Preparing to unpack .../21-python3-sss_2.9.4-1ubuntu1_s390x.deb ... 363s Unpacking python3-sss (2.9.4-1ubuntu1) ... 363s Selecting previously unselected package libsss-idmap0. 363s Preparing to unpack .../22-libsss-idmap0_2.9.4-1ubuntu1_s390x.deb ... 363s Unpacking libsss-idmap0 (2.9.4-1ubuntu1) ... 363s Selecting previously unselected package libnss-sss:s390x. 363s Preparing to unpack .../23-libnss-sss_2.9.4-1ubuntu1_s390x.deb ... 363s Unpacking libnss-sss:s390x (2.9.4-1ubuntu1) ... 363s Selecting previously unselected package libpam-sss:s390x. 363s Preparing to unpack .../24-libpam-sss_2.9.4-1ubuntu1_s390x.deb ... 363s Unpacking libpam-sss:s390x (2.9.4-1ubuntu1) ... 363s Selecting previously unselected package libc-ares2:s390x. 363s Preparing to unpack .../25-libc-ares2_1.27.0-1_s390x.deb ... 363s Unpacking libc-ares2:s390x (1.27.0-1) ... 363s Selecting previously unselected package libdhash1:s390x. 363s Preparing to unpack .../26-libdhash1_0.6.2-2_s390x.deb ... 363s Unpacking libdhash1:s390x (0.6.2-2) ... 363s Selecting previously unselected package libbasicobjects0:s390x. 363s Preparing to unpack .../27-libbasicobjects0_0.6.2-2_s390x.deb ... 363s Unpacking libbasicobjects0:s390x (0.6.2-2) ... 363s Selecting previously unselected package libcollection4:s390x. 363s Preparing to unpack .../28-libcollection4_0.6.2-2_s390x.deb ... 363s Unpacking libcollection4:s390x (0.6.2-2) ... 363s Selecting previously unselected package libpath-utils1:s390x. 363s Preparing to unpack .../29-libpath-utils1_0.6.2-2_s390x.deb ... 363s Unpacking libpath-utils1:s390x (0.6.2-2) ... 363s Selecting previously unselected package libref-array1:s390x. 363s Preparing to unpack .../30-libref-array1_0.6.2-2_s390x.deb ... 363s Unpacking libref-array1:s390x (0.6.2-2) ... 363s Selecting previously unselected package libini-config5:s390x. 363s Preparing to unpack .../31-libini-config5_0.6.2-2_s390x.deb ... 363s Unpacking libini-config5:s390x (0.6.2-2) ... 363s Selecting previously unselected package libsss-certmap0. 363s Preparing to unpack .../32-libsss-certmap0_2.9.4-1ubuntu1_s390x.deb ... 363s Unpacking libsss-certmap0 (2.9.4-1ubuntu1) ... 363s Selecting previously unselected package libsss-nss-idmap0. 363s Preparing to unpack .../33-libsss-nss-idmap0_2.9.4-1ubuntu1_s390x.deb ... 363s Unpacking libsss-nss-idmap0 (2.9.4-1ubuntu1) ... 363s Selecting previously unselected package sssd-common. 363s Preparing to unpack .../34-sssd-common_2.9.4-1ubuntu1_s390x.deb ... 363s Unpacking sssd-common (2.9.4-1ubuntu1) ... 363s Selecting previously unselected package sssd-ad-common. 363s Preparing to unpack .../35-sssd-ad-common_2.9.4-1ubuntu1_s390x.deb ... 363s Unpacking sssd-ad-common (2.9.4-1ubuntu1) ... 363s Selecting previously unselected package sssd-krb5-common. 363s Preparing to unpack .../36-sssd-krb5-common_2.9.4-1ubuntu1_s390x.deb ... 363s Unpacking sssd-krb5-common (2.9.4-1ubuntu1) ... 363s Selecting previously unselected package libsmbclient:s390x. 363s Preparing to unpack .../37-libsmbclient_2%3a4.19.5+dfsg-1ubuntu1_s390x.deb ... 363s Unpacking libsmbclient:s390x (2:4.19.5+dfsg-1ubuntu1) ... 363s Selecting previously unselected package sssd-ad. 363s Preparing to unpack .../38-sssd-ad_2.9.4-1ubuntu1_s390x.deb ... 363s Unpacking sssd-ad (2.9.4-1ubuntu1) ... 363s Selecting previously unselected package libipa-hbac0. 363s Preparing to unpack .../39-libipa-hbac0_2.9.4-1ubuntu1_s390x.deb ... 363s Unpacking libipa-hbac0 (2.9.4-1ubuntu1) ... 363s Selecting previously unselected package sssd-ipa. 363s Preparing to unpack .../40-sssd-ipa_2.9.4-1ubuntu1_s390x.deb ... 363s Unpacking sssd-ipa (2.9.4-1ubuntu1) ... 363s Selecting previously unselected package sssd-krb5. 363s Preparing to unpack .../41-sssd-krb5_2.9.4-1ubuntu1_s390x.deb ... 363s Unpacking sssd-krb5 (2.9.4-1ubuntu1) ... 363s Selecting previously unselected package sssd-ldap. 363s Preparing to unpack .../42-sssd-ldap_2.9.4-1ubuntu1_s390x.deb ... 363s Unpacking sssd-ldap (2.9.4-1ubuntu1) ... 363s Selecting previously unselected package sssd-proxy. 363s Preparing to unpack .../43-sssd-proxy_2.9.4-1ubuntu1_s390x.deb ... 363s Unpacking sssd-proxy (2.9.4-1ubuntu1) ... 363s Selecting previously unselected package sssd. 363s Preparing to unpack .../44-sssd_2.9.4-1ubuntu1_s390x.deb ... 363s Unpacking sssd (2.9.4-1ubuntu1) ... 363s Selecting previously unselected package autopkgtest-satdep. 363s Preparing to unpack .../45-3-autopkgtest-satdep.deb ... 363s Unpacking autopkgtest-satdep (0) ... 363s Setting up libpwquality-common (1.4.5-3) ... 363s Setting up libpath-utils1:s390x (0.6.2-2) ... 363s Setting up softhsm2-common (2.6.1-2.2) ... 363s 363s Creating config file /etc/softhsm/softhsm2.conf with new version 363s Setting up libnfsidmap1:s390x (1:2.6.3-3ubuntu1) ... 363s Setting up libsss-idmap0 (2.9.4-1ubuntu1) ... 363s Setting up libbasicobjects0:s390x (0.6.2-2) ... 363s Setting up libtdb1:s390x (1.4.10-1) ... 363s Setting up libc-ares2:s390x (1.27.0-1) ... 363s Setting up libwbclient0:s390x (2:4.19.5+dfsg-1ubuntu1) ... 363s Setting up libtalloc2:s390x (2.4.2-1) ... 363s Setting up libdhash1:s390x (0.6.2-2) ... 363s Setting up libtevent0:s390x (0.16.1-1) ... 363s Setting up libavahi-common-data:s390x (0.8-13ubuntu2) ... 363s Setting up libevent-2.1-7:s390x (2.1.12-stable-9) ... 363s Setting up libcrack2:s390x (2.9.6-5.1) ... 363s Setting up libcollection4:s390x (0.6.2-2) ... 363s Setting up libipa-hbac0 (2.9.4-1ubuntu1) ... 363s Setting up libref-array1:s390x (0.6.2-2) ... 363s Setting up libldb2:s390x (2:2.8.0+samba4.19.5+dfsg-1ubuntu1) ... 363s Setting up libsss-nss-idmap0 (2.9.4-1ubuntu1) ... 363s Setting up libnss-sss:s390x (2.9.4-1ubuntu1) ... 363s Setting up libsofthsm2 (2.6.1-2.2) ... 363s Setting up softhsm2 (2.6.1-2.2) ... 363s Setting up libini-config5:s390x (0.6.2-2) ... 363s Setting up libavahi-common3:s390x (0.8-13ubuntu2) ... 363s Setting up python3-sss (2.9.4-1ubuntu1) ... 363s Setting up libsss-certmap0 (2.9.4-1ubuntu1) ... 363s Setting up libunbound8:s390x (1.19.1-1ubuntu1) ... 363s Setting up libpwquality1:s390x (1.4.5-3) ... 363s Setting up libavahi-client3:s390x (0.8-13ubuntu2) ... 363s Setting up libgnutls-dane0:s390x (3.8.3-1ubuntu1) ... 363s Setting up libpam-pwquality:s390x (1.4.5-3) ... 363s Setting up samba-libs:s390x (2:4.19.5+dfsg-1ubuntu1) ... 363s Setting up libsmbclient:s390x (2:4.19.5+dfsg-1ubuntu1) ... 363s Setting up libpam-sss:s390x (2.9.4-1ubuntu1) ... 363s Setting up gnutls-bin (3.8.3-1ubuntu1) ... 363s Setting up sssd-common (2.9.4-1ubuntu1) ... 364s Creating SSSD system user & group... 364s warn: The home directory `/var/lib/sss' already exists. Not touching this directory. 364s warn: Warning: The home directory `/var/lib/sss' does not belong to the user you are currently creating. 364s Warning: found usr.sbin.sssd in /etc/apparmor.d/force-complain, forcing complain mode 364s Warning from /etc/apparmor.d/usr.sbin.sssd (/etc/apparmor.d/usr.sbin.sssd line 63): Caching disabled for: 'usr.sbin.sssd' due to force complain 364s Created symlink /etc/systemd/system/sssd.service.wants/sssd-autofs.socket → /usr/lib/systemd/system/sssd-autofs.socket. 364s Created symlink /etc/systemd/system/sssd.service.wants/sssd-nss.socket → /usr/lib/systemd/system/sssd-nss.socket. 364s Created symlink /etc/systemd/system/sssd.service.wants/sssd-pam-priv.socket → /usr/lib/systemd/system/sssd-pam-priv.socket. 365s Created symlink /etc/systemd/system/sssd.service.wants/sssd-pam.socket → /usr/lib/systemd/system/sssd-pam.socket. 365s Created symlink /etc/systemd/system/sssd.service.wants/sssd-ssh.socket → /usr/lib/systemd/system/sssd-ssh.socket. 365s Created symlink /etc/systemd/system/sssd.service.wants/sssd-sudo.socket → /usr/lib/systemd/system/sssd-sudo.socket. 365s Created symlink /etc/systemd/system/multi-user.target.wants/sssd.service → /usr/lib/systemd/system/sssd.service. 365s sssd-autofs.service is a disabled or a static unit, not starting it. 365s sssd-nss.service is a disabled or a static unit, not starting it. 366s sssd-pam.service is a disabled or a static unit, not starting it. 366s sssd-ssh.service is a disabled or a static unit, not starting it. 366s sssd-sudo.service is a disabled or a static unit, not starting it. 366s Could not execute systemctl: at /usr/bin/deb-systemd-invoke line 148. 366s Setting up sssd-proxy (2.9.4-1ubuntu1) ... 366s Setting up sssd-ad-common (2.9.4-1ubuntu1) ... 366s Created symlink /etc/systemd/system/sssd.service.wants/sssd-pac.socket → /usr/lib/systemd/system/sssd-pac.socket. 366s sssd-pac.service is a disabled or a static unit, not starting it. 366s Could not execute systemctl: at /usr/bin/deb-systemd-invoke line 148. 366s Setting up sssd-krb5-common (2.9.4-1ubuntu1) ... 366s Setting up sssd-krb5 (2.9.4-1ubuntu1) ... 366s Setting up sssd-ldap (2.9.4-1ubuntu1) ... 366s Setting up sssd-ad (2.9.4-1ubuntu1) ... 366s Setting up sssd-ipa (2.9.4-1ubuntu1) ... 366s Setting up sssd (2.9.4-1ubuntu1) ... 366s Setting up autopkgtest-satdep (0) ... 366s Processing triggers for man-db (2.12.0-3) ... 367s Processing triggers for libc-bin (2.39-0ubuntu2) ... 369s (Reading database ... 52324 files and directories currently installed.) 369s Removing autopkgtest-satdep (0) ... 377s autopkgtest [03:53:16]: test sssd-softhism2-certificates-tests.sh: [----------------------- 378s + '[' -z ubuntu ']' 378s Certificate Request: 378s Data: 378s Version: 1 (0x0) 378s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate CA 378s Subject Public Key Info: 378s Public Key Algorithm: rsaEncryption 378s Public-Key: (1024 bit) 378s Modulus: 378s 00:a5:86:5c:78:3d:29:64:d0:83:cd:f9:8d:ab:d0: 378s 80:cf:63:ca:17:d7:58:72:1e:33:ed:9a:b6:db:fc: 378s fa:ca:20:89:63:b3:1a:99:ab:23:59:74:cd:44:7c: 378s cd:1a:d8:6b:8b:f2:e5:17:e0:20:f3:df:89:7b:d8: 378s 2c:1b:20:b6:e0:0d:ed:98:4f:fa:29:72:01:a7:7e: 378s ca:37:57:a7:5b:61:11:14:b9:d9:c3:c0:18:4a:f7: 378s a2:26:e2:23:de:c1:28:64:ef:ce:70:b5:33:a0:7d: 378s c7:7b:a0:8d:eb:44:19:58:63:44:cd:d8:54:a5:c1: 378s cc:31:13:db:ad:4d:c1:15:e9 378s Exponent: 65537 (0x10001) 378s Attributes: 378s (none) 378s Requested Extensions: 378s Signature Algorithm: sha256WithRSAEncryption 378s Signature Value: 378s 5a:e4:06:e7:8f:00:c6:27:2a:1b:ff:8c:1a:6e:f4:5e:52:f0: 378s b7:6a:df:7a:a2:71:3f:6d:d5:cc:4f:34:18:7f:bf:bc:4b:e2: 378s 25:29:b0:c7:55:75:17:f8:98:99:88:3c:86:52:ac:dc:58:bd: 378s 43:a3:19:56:51:97:3a:d1:75:46:6e:50:15:4d:15:33:b4:64: 378s a4:53:27:23:9b:2c:f7:f6:98:1a:71:33:67:bf:48:e6:8f:3b: 378s 68:5f:93:48:c6:ed:c5:93:06:fd:3f:d6:e5:c4:ab:13:53:34: 378s 0a:e4:cb:10:8e:63:18:2a:d6:db:a6:57:1f:24:8b:32:2a:1b: 378s db:7c 378s /tmp/sssd-softhsm2-F2KOnK/test-intermediate-CA.pem: OK 378s Certificate Request: 378s Data: 378s Version: 1 (0x0) 378s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate CA 378s Subject Public Key Info: 378s Public Key Algorithm: rsaEncryption 378s Public-Key: (1024 bit) 378s Modulus: 378s 00:d8:33:81:5b:c2:ad:ca:9e:ab:54:da:71:dd:e1: 378s 94:73:00:24:db:67:f5:0a:85:a3:b0:c8:ce:af:1d: 378s d9:b4:ef:f6:e2:97:71:92:d8:d7:f8:9e:47:e1:04: 378s 99:01:94:1b:fa:7c:df:2d:fd:a3:70:38:e5:d9:fc: 378s ec:64:7c:e8:cd:4c:81:15:dc:19:9f:58:bd:90:20: 378s cd:aa:eb:41:ae:29:be:e0:8b:c5:3b:08:80:06:ce: 378s d9:ec:54:85:93:54:ab:e4:6b:9b:8b:0b:52:9f:97: 378s 54:50:23:ed:50:bc:71:ee:47:f8:d8:fa:fb:47:8e: 378s 2a:41:db:3b:0b:b1:49:a2:b1 378s Exponent: 65537 (0x10001) 378s Attributes: 378s (none) 378s Requested Extensions: 378s Signature Algorithm: sha256WithRSAEncryption 378s Signature Value: 378s 28:39:3d:bb:8e:a3:38:bb:a9:4c:89:da:1f:8c:f0:68:ab:ed: 378s 07:fa:da:24:0b:1d:53:c4:04:f7:4c:fa:f9:90:d2:d5:6f:3b: 378s 0a:3d:f8:a7:5a:52:fa:ad:0f:1d:dd:90:20:30:c0:06:5c:40: 378s 78:f4:d1:d6:1c:f5:b0:56:17:ac:52:d5:82:74:df:7b:52:c4: 378s 5e:30:1a:ed:a2:15:a4:8b:d6:96:b3:92:ef:c6:98:38:96:5e: 378s 23:a9:55:3f:74:6c:98:34:50:a0:64:09:9f:fc:12:68:ed:75: 378s 8e:18:2c:1e:9f:33:03:9a:c0:79:10:c8:ff:24:cd:9b:d0:ed: 378s 90:d3 378s + required_tools=(p11tool openssl softhsm2-util) 378s + for cmd in "${required_tools[@]}" 378s + command -v p11tool 378s + for cmd in "${required_tools[@]}" 378s + command -v openssl 378s + for cmd in "${required_tools[@]}" 378s + command -v softhsm2-util 378s + PIN=053350 378s +++ find /usr/lib/softhsm/libsofthsm2.so 378s +++ head -n 1 378s ++ realpath /usr/lib/softhsm/libsofthsm2.so 378s + SOFTHSM2_MODULE=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so 378s + SSSD_P11_CHILD=/usr/libexec/sssd/p11_child 378s + TOKEN_ID=00112233445566778899FFAABBCCDDEEFF012345 378s + '[' '!' -v NO_SSSD_TESTS ']' 378s + '[' '!' -x /usr/libexec/sssd/p11_child ']' 378s + ca_db_arg=ca_db 378s ++ /usr/libexec/sssd/p11_child --help 378s + p11_child_help='Usage: p11_child [OPTION...] 378s -d, --debug-level=INT Debug level 378s --debug-timestamps=INT Add debug timestamps 378s --debug-microseconds=INT Show timestamps with microseconds 378s --dumpable=INT Allow core dumps 378s --debug-fd=INT An open file descriptor for the debug 378s logs 378s --logger=stderr|files|journald Set logger 378s --auth Run in auth mode 378s --pre Run in pre-auth mode 378s --wait_for_card Wait until card is available 378s --verification Run in verification mode 378s --pin Expect PIN on stdin 378s --keypad Expect PIN on keypad 378s --verify=STRING Tune validation 378s --ca_db=STRING CA DB to use 378s --module_name=STRING Module name for authentication 378s --token_name=STRING Token name for authentication 378s --key_id=STRING Key ID for authentication 378s --label=STRING Label for authentication 378s --certificate=STRING certificate to verify, base64 encoded 378s --uri=STRING PKCS#11 URI to restrict selection 378s --chain-id=LONG Tevent chain ID used for logging 378s purposes 378s 378s Help options: 378s -?, --help Show this help message 378s --usage Display brief usage message' 378s + echo 'Usage: p11_child [OPTION...] 378s -d, --debug-level=INT Debug level 378s --debug-timestamps=INT Add debug timestamps 378s --debug-microseconds=INT Show timestamps with microseconds 378s --dumpable=INT Allow core dumps 378s --debug-fd=INT An open file descriptor for the debug 378s logs 378s --logger=stderr|files|journald Set logger 378s --auth Run in auth mode 378s --pre Run in pre-auth mode 378s --wait_for_card Wait until card is available 378s --verification Run in verification mode 378s --pin Expect PIN on stdin 378s --keypad Expect PIN on keypad 378s --verify=STRING Tune validation 378s --ca_db=STRING CA DB to use 378s --module_name=STRING Module name for authentication 378s --token_name=STRING Token name for authentication 378s --key_id=STRING Key ID for authentication 378s --label=STRING Label for authentication 378s --certificate=STRING certificate to verify, base64 encoded 378s --uri=STRING PKCS#11 URI to restrict selection 378s --chain-id=LONG Tevent chain ID used for logging 378s purposes 378s 378s Help options: 378s -?, --help Show this help message 378s --usage Display brief usage message' 378s + grep nssdb -qs 378s + echo 'Usage: p11_child [OPTION...] 378s -d, --debug-level=INT Debug level 378s + grep -qs -- --ca_db 378s --debug-timestamps=INT Add debug timestamps 378s --debug-microseconds=INT Show timestamps with microseconds 378s --dumpable=INT Allow core dumps 378s --debug-fd=INT An open file descriptor for the debug 378s logs 378s --logger=stderr|files|journald Set logger 378s --auth Run in auth mode 378s --pre Run in pre-auth mode 378s --wait_for_card Wait until card is available 378s --verification Run in verification mode 378s --pin Expect PIN on stdin 378s --keypad Expect PIN on keypad 378s --verify=STRING Tune validation 378s --ca_db=STRING CA DB to use 378s --module_name=STRING Module name for authentication 378s --token_name=STRING Token name for authentication 378s --key_id=STRING Key ID for authentication 378s --label=STRING Label for authentication 378s --certificate=STRING certificate to verify, base64 encoded 378s --uri=STRING PKCS#11 URI to restrict selection 378s --chain-id=LONG Tevent chain ID used for logging 378s purposes 378s 378s Help options: 378s -?, --help Show this help message 378s --usage Display brief usage message' 378s + '[' '!' -e /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so ']' 378s ++ mktemp -d -t sssd-softhsm2-XXXXXX 378s + tmpdir=/tmp/sssd-softhsm2-F2KOnK 378s + keys_size=1024 378s + [[ ! -v KEEP_TEMPORARY_FILES ]] 378s + trap 'rm -rf "$tmpdir"' EXIT 378s + trap 'set +x; echo -e "\nUnexpected failure!!!"' ERR 378s + echo -n 01 378s + touch /tmp/sssd-softhsm2-F2KOnK/index.txt 378s + mkdir -p /tmp/sssd-softhsm2-F2KOnK/new_certs 378s + cat 378s + root_ca_key_pass=pass:random-root-CA-password-15706 378s + openssl genrsa -aes256 -out /tmp/sssd-softhsm2-F2KOnK/test-root-CA-key.pem -passout pass:random-root-CA-password-15706 1024 378s + openssl req -passin pass:random-root-CA-password-15706 -batch -config /tmp/sssd-softhsm2-F2KOnK/test-root-CA.config -x509 -new -nodes -key /tmp/sssd-softhsm2-F2KOnK/test-root-CA-key.pem -sha256 -days 1024 -set_serial 0 -extensions v3_ca -out /tmp/sssd-softhsm2-F2KOnK/test-root-CA.pem 378s + openssl x509 -noout -in /tmp/sssd-softhsm2-F2KOnK/test-root-CA.pem 378s + cat 378s + intermediate_ca_key_pass=pass:random-intermediate-CA-password-10740 378s + openssl genrsa -aes256 -out /tmp/sssd-softhsm2-F2KOnK/test-intermediate-CA-key.pem -passout pass:random-intermediate-CA-password-10740 1024 378s + openssl req -batch -new -nodes -passin pass:random-intermediate-CA-password-10740 -config /tmp/sssd-softhsm2-F2KOnK/test-intermediate-CA.config -key /tmp/sssd-softhsm2-F2KOnK/test-intermediate-CA-key.pem -passout pass:random-root-CA-password-15706 -sha256 -extensions v3_ca -out /tmp/sssd-softhsm2-F2KOnK/test-intermediate-CA-certificate-request.pem 378s + openssl req -text -noout -in /tmp/sssd-softhsm2-F2KOnK/test-intermediate-CA-certificate-request.pem 378s + openssl ca -batch -notext -config /tmp/sssd-softhsm2-F2KOnK/test-root-CA.config -passin pass:random-root-CA-password-15706 -keyfile /tmp/sssd-softhsm2-F2KOnK/test-root-CA-key.pem -in /tmp/sssd-softhsm2-F2KOnK/test-intermediate-CA-certificate-request.pem -days 365 -extensions v3_intermediate_ca -out /tmp/sssd-softhsm2-F2KOnK/test-intermediate-CA.pem 378s Using configuration from /tmp/sssd-softhsm2-F2KOnK/test-root-CA.config 378s Check that the request matches the signature 378s Signature ok 378s Certificate Details: 378s Serial Number: 1 (0x1) 378s Validity 378s Not Before: Mar 21 03:53:17 2024 GMT 378s Not After : Mar 21 03:53:17 2025 GMT 378s Subject: 378s organizationName = Test Organization 378s organizationalUnitName = Test Organization Unit 378s commonName = Test Organization Intermediate CA 378s X509v3 extensions: 378s X509v3 Subject Key Identifier: 378s 48:8E:0E:87:44:83:DE:4A:49:48:82:98:08:92:EF:0B:A5:4C:2F:F2 378s X509v3 Authority Key Identifier: 378s keyid:93:87:C4:7E:36:2A:10:7A:E9:9B:C1:A3:18:0A:B0:B4:96:79:9F:C7 378s DirName:/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root CA 378s serial:00 378s X509v3 Basic Constraints: 378s CA:TRUE 378s X509v3 Key Usage: critical 378s Digital Signature, Certificate Sign, CRL Sign 378s Certificate is to be certified until Mar 21 03:53:17 2025 GMT (365 days) 378s 378s Write out database with 1 new entries 378s Database updated 378s + openssl x509 -noout -in /tmp/sssd-softhsm2-F2KOnK/test-intermediate-CA.pem 378s + openssl verify -CAfile /tmp/sssd-softhsm2-F2KOnK/test-root-CA.pem /tmp/sssd-softhsm2-F2KOnK/test-intermediate-CA.pem 378s + cat 378s + sub_intermediate_ca_key_pass=pass:random-sub-intermediate-CA-password-21763 378s + openssl genrsa -aes256 -out /tmp/sssd-softhsm2-F2KOnK/test-sub-intermediate-CA-key.pem -passout pass:random-sub-intermediate-CA-password-21763 1024 378s + openssl req -batch -new -nodes -passin pass:random-sub-intermediate-CA-password-21763 -config /tmp/sssd-softhsm2-F2KOnK/test-sub-intermediate-CA.config -key /tmp/sssd-softhsm2-F2KOnK/test-sub-intermediate-CA-key.pem -passout pass:random-intermediate-CA-password-10740 -sha256 -extensions v3_ca -out /tmp/sssd-softhsm2-F2KOnK/test-sub-intermediate-CA-certificate-request.pem 378s + openssl req -text -noout -in /tmp/sssd-softhsm2-F2KOnK/test-sub-intermediate-CA-certificate-request.pem 378s + openssl ca -batch -notext -config /tmp/sssd-softhsm2-F2KOnK/test-intermediate-CA.config -passin pass:random-intermediate-CA-password-10740 -keyfile /tmp/sssd-softhsm2-F2KOnK/test-intermediate-CA-key.pem -in /tmp/sssd-softhsm2-F2KOnK/test-sub-intermediate-CA-certificate-request.pem -days 365 -extensions v3_intermediate_ca -out /tmp/sssd-softhsm2-F2KOnK/test-sub-intermediate-CA.pem 378s Using configuration from /tmp/sssd-softhsm2-F2KOnK/test-intermediate-CA.config 378s Check that the request matches the signature 378s Signature ok 378s Certificate Details: 378s Serial Number: 2 (0x2) 378s Validity 378s Not Before: Mar 21 03:53:17 2024 GMT 378s Not After : Mar 21 03:53:17 2025 GMT 378s Subject: 378s organizationName = Test Organization 378s organizationalUnitName = Test Organization Unit 378s commonName = Test Organization Sub Intermediate CA 378s X509v3 extensions: 378s X509v3 Subject Key Identifier: 378s 4B:0B:B2:10:B8:D4:0F:4D:3C:47:00:3C:7F:66:8F:DF:C4:42:3F:FA 378s X509v3 Authority Key Identifier: 378s keyid:48:8E:0E:87:44:83:DE:4A:49:48:82:98:08:92:EF:0B:A5:4C:2F:F2 378s DirName:/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root CA 378s serial:01 378s X509v3 Basic Constraints: 378s CA:TRUE 378s X509v3 Key Usage: critical 378s Digital Signature, Certificate Sign, CRL Sign 378s Certificate is to be certified until Mar 21 03:53:17 2025 GMT (365 days) 378s 378s Write out database with 1 new entries 378s Database updated 378s + openssl x509 -noout -in /tmp/sssd-softhsm2-F2KOnK/test-sub-intermediate-CA.pem 378s + openssl verify -partial_chain -CAfile /tmp/sssd-softhsm2-F2KOnK/test-intermediate-CA.pem /tmp/sssd-softhsm2-F2KOnK/test-sub-intermediate-CA.pem 378s /tmp/sssd-softhsm2-F2KOnK/test-sub-intermediate-CA.pem: OK 378s + expect_fail openssl verify -CAfile /tmp/sssd-softhsm2-F2KOnK/test-root-CA.pem /tmp/sssd-softhsm2-F2KOnK/test-sub-intermediate-CA.pem 378s + local cmd=openssl 378s + shift 378s + openssl verify -CAfile /tmp/sssd-softhsm2-F2KOnK/test-root-CA.pem /tmp/sssd-softhsm2-F2KOnK/test-sub-intermediate-CA.pem 378s O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate CA 378s error 20 at 0 depth lookup: unable to get local issuer certificate 378s error /tmp/sssd-softhsm2-F2KOnK/test-sub-intermediate-CA.pem: verification failed 378s + cat 378s + root_ca_trusted_cert_0001_key_pass=pass:random-root-ca-trusted-cert-0001-23072 378s + openssl genrsa -aes256 -out /tmp/sssd-softhsm2-F2KOnK/test-root-CA-trusted-certificate-0001-key.pem -passout pass:random-root-ca-trusted-cert-0001-23072 1024 378s + openssl req -new -nodes -reqexts req_exts -passin pass:random-root-ca-trusted-cert-0001-23072 -key /tmp/sssd-softhsm2-F2KOnK/test-root-CA-trusted-certificate-0001-key.pem -config /tmp/sssd-softhsm2-F2KOnK/test-root-CA-trusted-certificate-0001.config -out /tmp/sssd-softhsm2-F2KOnK/test-root-CA-trusted-certificate-0001-request.pem 378s + openssl req -text -noout -in /tmp/sssd-softhsm2-F2KOnK/test-root-CA-trusted-certificate-0001-request.pem 378s Certificate Request: 378s Data: 378s Version: 1 (0x0) 378s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root Trusted Certificate 0001 378s Subject Public Key Info: 378s Public Key Algorithm: rsaEncryption 378s Public-Key: (1024 bit) 378s Modulus: 378s 00:c3:7f:b9:bc:aa:ad:e1:be:ec:3a:a0:83:6c:66: 378s ec:7c:aa:f0:14:61:3b:44:5a:35:fb:1b:6b:f4:d8: 378s 1d:ce:e7:12:16:86:5e:86:21:e0:fd:64:4f:33:d2: 378s 13:11:e5:ff:b7:1e:14:a8:98:9f:3a:fb:a2:f0:42: 378s 37:ec:b7:b0:b1:36:0f:65:54:bb:49:bd:47:2d:0e: 378s d3:37:04:05:3b:d7:f2:f0:f5:17:1b:f6:f2:56:c6: 378s 0a:db:7d:9d:dc:9d:b1:60:65:74:ce:29:34:df:6c: 378s 47:97:5e:07:f7:ce:d1:a5:5c:a6:18:f8:5b:8c:ad: 378s 43:6e:b3:5e:01:14:be:c2:c7 378s Exponent: 65537 (0x10001) 378s Attributes: 378s Requested Extensions: 378s X509v3 Basic Constraints: 378s CA:FALSE 378s Netscape Cert Type: 378s SSL Client, S/MIME 378s Netscape Comment: 378s Test Organization Root CA trusted Certificate 378s X509v3 Subject Key Identifier: 378s FB:1D:A5:DD:4F:E0:B5:0A:3F:66:C4:1A:60:E4:97:AB:CC:70:6B:4A 378s X509v3 Key Usage: critical 378s Digital Signature, Non Repudiation, Key Encipherment 378s X509v3 Extended Key Usage: 378s TLS Web Client Authentication, E-mail Protection 378s X509v3 Subject Alternative Name: 378s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 378s Signature Algorithm: sha256WithRSAEncryption 378s Signature Value: 378s b2:75:1e:75:45:b1:29:b0:97:87:24:2b:c8:73:33:0e:9e:39: 378s ac:db:68:e9:0c:e1:39:ac:8f:92:c5:b4:94:97:b7:53:c7:14: 378s ba:33:e0:6b:7f:23:ea:b4:a4:1b:ed:ae:98:46:7e:ff:08:52: 378s 54:7e:4a:f6:12:ec:6b:2b:c8:cc:54:4c:af:a6:25:05:5f:f2: 378s 0d:0b:41:ea:22:7b:a6:fb:20:41:d4:b5:4b:13:7b:66:2f:0b: 378s 7d:80:fb:e0:60:c5:f3:ed:db:ec:90:5a:43:8d:9f:99:5e:64: 378s c9:36:76:9c:02:64:4d:05:38:c8:e1:f2:85:66:79:f5:5d:67: 378s 1c:66 378s + openssl ca -batch -notext -config /tmp/sssd-softhsm2-F2KOnK/test-root-CA.config -passin pass:random-root-CA-password-15706 -keyfile /tmp/sssd-softhsm2-F2KOnK/test-root-CA-key.pem -in /tmp/sssd-softhsm2-F2KOnK/test-root-CA-trusted-certificate-0001-request.pem -days 365 -extensions usr_cert -out /tmp/sssd-softhsm2-F2KOnK/test-root-CA-trusted-certificate-0001.pem 378s Using configuration from /tmp/sssd-softhsm2-F2KOnK/test-root-CA.config 378s Check that the request matches the signature 378s Signature ok 378s Certificate Details: 378s Serial Number: 3 (0x3) 378s Validity 378s Not Before: Mar 21 03:53:17 2024 GMT 378s Not After : Mar 21 03:53:17 2025 GMT 378s Subject: 378s organizationName = Test Organization 378s organizationalUnitName = Test Organization Unit 378s /tmp/sssd-softhsm2-F2KOnK/test-root-CA-trusted-certificate-0001.pem: OK 378s commonName = Test Organization Root Trusted Certificate 0001 378s X509v3 extensions: 378s X509v3 Authority Key Identifier: 378s 93:87:C4:7E:36:2A:10:7A:E9:9B:C1:A3:18:0A:B0:B4:96:79:9F:C7 378s X509v3 Basic Constraints: 378s CA:FALSE 378s Netscape Cert Type: 378s SSL Client, S/MIME 378s Netscape Comment: 378s Test Organization Root CA trusted Certificate 378s X509v3 Subject Key Identifier: 378s FB:1D:A5:DD:4F:E0:B5:0A:3F:66:C4:1A:60:E4:97:AB:CC:70:6B:4A 378s X509v3 Key Usage: critical 378s Digital Signature, Non Repudiation, Key Encipherment 378s X509v3 Extended Key Usage: 378s TLS Web Client Authentication, E-mail Protection 378s X509v3 Subject Alternative Name: 378s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 378s Certificate is to be certified until Mar 21 03:53:17 2025 GMT (365 days) 378s 378s Write out database with 1 new entries 378s Database updated 378s + openssl x509 -noout -in /tmp/sssd-softhsm2-F2KOnK/test-root-CA-trusted-certificate-0001.pem 378s + openssl verify -CAfile /tmp/sssd-softhsm2-F2KOnK/test-root-CA.pem /tmp/sssd-softhsm2-F2KOnK/test-root-CA-trusted-certificate-0001.pem 378s + expect_fail openssl verify -CAfile /tmp/sssd-softhsm2-F2KOnK/test-intermediate-CA.pem /tmp/sssd-softhsm2-F2KOnK/test-root-CA-trusted-certificate-0001.pem 378s + local cmd=openssl 378s + shift 378s + openssl verify -CAfile /tmp/sssd-softhsm2-F2KOnK/test-intermediate-CA.pem /tmp/sssd-softhsm2-F2KOnK/test-root-CA-trusted-certificate-0001.pem 378s O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root Trusted Certificate 0001 378s error 20 at 0 depth lookup: unable to get local issuer certificate 378s error /tmp/sssd-softhsm2-F2KOnK/test-root-CA-trusted-certificate-0001.pem: verification failed 378s + cat 378s + intermediate_ca_trusted_cert_0001_key_pass=pass:random-intermediate-ca-trusted-cert-0001-6530 378s + openssl genrsa -aes256 -out /tmp/sssd-softhsm2-F2KOnK/test-intermediate-CA-trusted-certificate-0001-key.pem -passout pass:random-intermediate-ca-trusted-cert-0001-6530 1024 378s + openssl req -new -nodes -reqexts req_exts -passin pass:random-intermediate-ca-trusted-cert-0001-6530 -key /tmp/sssd-softhsm2-F2KOnK/test-intermediate-CA-trusted-certificate-0001-key.pem -config /tmp/sssd-softhsm2-F2KOnK/test-intermediate-CA-trusted-certificate-0001.config -out /tmp/sssd-softhsm2-F2KOnK/test-intermediate-CA-trusted-certificate-0001-request.pem 378s + openssl req -text -noout -in /tmp/sssd-softhsm2-F2KOnK/test-intermediate-CA-trusted-certificate-0001-request.pem 378s Certificate Request: 378s Data: 378s Version: 1 (0x0) 378s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate Trusted Certificate 0001 378s Subject Public Key Info: 378s Public Key Algorithm: rsaEncryption 378s Public-Key: (1024 bit) 378s Modulus: 378s 00:d7:1f:86:c8:34:2a:46:48:a1:20:58:5a:45:33: 378s dc:6c:d0:11:2a:00:36:88:d3:0d:76:e2:2c:cf:3d: 378s fd:f8:43:57:99:bb:d1:20:5d:87:dc:4c:27:53:06: 378s 6d:11:e3:47:35:80:15:e3:b0:ff:cd:6a:9b:2a:94: 378s 81:6d:2d:fa:aa:10:41:0b:0c:e2:06:0e:75:ed:32: 378s f3:e2:26:ab:f1:ea:a3:16:52:28:d4:6d:3c:3c:12: 378s e2:8e:98:e3:d7:73:b4:52:b7:80:03:ba:f6:f4:3f: 378s 0f:22:39:5b:d1:f6:57:d3:25:46:4c:58:ec:fc:34: 378s a9:d4:31:25:62:5b:d6:59:fb 378s Exponent: 65537 (0x10001) 378s Attributes: 378s Requested Extensions: 378s X509v3 Basic Constraints: 378s CA:FALSE 378s Netscape Cert Type: 378s SSL Client, S/MIME 378s Netscape Comment: 378s Test Organization Intermediate CA trusted Certificate 378s X509v3 Subject Key Identifier: 378s 11:1B:CF:EB:B5:FD:AD:C1:B2:A6:90:23:93:4C:E5:CB:8C:28:3C:C8 378s X509v3 Key Usage: critical 378s Digital Signature, Non Repudiation, Key Encipherment 378s X509v3 Extended Key Usage: 378s TLS Web Client Authentication, E-mail Protection 378s X509v3 Subject Alternative Name: 378s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 378s Signature Algorithm: sha256WithRSAEncryption 378s Signature Value: 378s 5c:25:67:17:f4:e2:aa:81:6d:28:af:1d:86:33:23:3e:1e:33: 378s e8:27:87:40:aa:e1:d3:b5:cf:33:14:ff:36:4a:26:d0:64:c7: 378s 67:20:14:c9:07:81:ba:37:8c:9d:70:71:fb:13:8b:0f:38:40: 378s cb:6e:e1:a6:59:68:8b:86:9e:ce:13:07:7e:b1:f8:cb:43:7b: 378s 9b:7a:82:e4:d8:d1:d3:f1:ab:4c:e7:52:3c:43:46:5f:0f:c7: 378s d0:2d:ec:90:1f:99:4d:1b:cd:2b:99:98:d6:aa:67:2b:d8:23: 378s 72:e9:c1:9d:70:0d:77:79:c3:54:53:54:a0:5a:e1:cd:14:74: 378s 99:df 378s + openssl ca -passin pass:random-intermediate-CA-password-10740 -config /tmp/sssd-softhsm2-F2KOnK/test-intermediate-CA.config -batch -notext -keyfile /tmp/sssd-softhsm2-F2KOnK/test-intermediate-CA-key.pem -in /tmp/sssd-softhsm2-F2KOnK/test-intermediate-CA-trusted-certificate-0001-request.pem -days 365 -extensions usr_cert -out /tmp/sssd-softhsm2-F2KOnK/test-intermediate-CA-trusted-certificate-0001.pem 378s Using configuration from /tmp/sssd-softhsm2-F2KOnK/test-intermediate-CA.config 378s Check that the request matches the signature 378s Signature ok 378s Certificate Details: 378s Serial Number: 4 (0x4) 378s Validity 378s Not Before: Mar 21 03:53:17 2024 GMT 378s Not After : Mar 21 03:53:17 2025 GMT 378s Subject: 378s organizationName = Test Organization 378s organizationalUnitName = Test Organization Unit 378s commonName = Test Organization Intermediate Trusted Certificate 0001 378s X509v3 extensions: 378s X509v3 Authority Key Identifier: 378s 48:8E:0E:87:44:83:DE:4A:49:48:82:98:08:92:EF:0B:A5:4C:2F:F2 378s X509v3 Basic Constraints: 378s CA:FALSE 378s Netscape Cert Type: 378s SSL Client, S/MIME 378s Netscape Comment: 378s Test Organization Intermediate CA trusted Certificate 378s X509v3 Subject Key Identifier: 378s 11:1B:CF:EB:B5:FD:AD:C1:B2:A6:90:23:93:4C:E5:CB:8C:28:3C:C8 378s X509v3 Key Usage: critical 378s Digital Signature, Non Repudiation, Key Encipherment 378s X509v3 Extended Key Usage: 378s TLS Web Client Authentication, E-mail Protection 378s X509v3 Subject Alternative Name: 378s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 378s Certificate is to be certified until Mar 21 03:53:17 2025 GMT (365 days) 378s 378s Write out database with 1 new entries 378s Database updated 378s + openssl x509 -noout -in /tmp/sssd-softhsm2-F2KOnK/test-intermediate-CA-trusted-certificate-0001.pem 378s + echo 'This certificate should not be trusted fully' 378s This certificate should not be trusted fully 378s + expect_fail openssl verify -CAfile /tmp/sssd-softhsm2-F2KOnK/test-intermediate-CA.pem /tmp/sssd-softhsm2-F2KOnK/test-intermediate-CA-trusted-certificate-0001.pem 378s + local cmd=openssl 378s + shift 378s + openssl verify -CAfile /tmp/sssd-softhsm2-F2KOnK/test-intermediate-CA.pem /tmp/sssd-softhsm2-F2KOnK/test-intermediate-CA-trusted-certificate-0001.pem 378s O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate CA 378s error 2 at 1 depth lookup: unable to get issuer certificate 378s error /tmp/sssd-softhsm2-F2KOnK/test-intermediate-CA-trusted-certificate-0001.pem: verification failed 378s + openssl verify -partial_chain -CAfile /tmp/sssd-softhsm2-F2KOnK/test-intermediate-CA.pem /tmp/sssd-softhsm2-F2KOnK/test-intermediate-CA-trusted-certificate-0001.pem 378s /tmp/sssd-softhsm2-F2KOnK/test-intermediate-CA-trusted-certificate-0001.pem: OK 378s + cat 378s + sub_intermediate_ca_trusted_cert_0001_key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-24303 378s + openssl genrsa -aes256 -out /tmp/sssd-softhsm2-F2KOnK/test-sub-intermediate-CA-trusted-certificate-0001-key.pem -passout pass:random-sub-intermediate-ca-trusted-cert-0001-24303 1024 378s + openssl req -new -nodes -reqexts req_exts -passin pass:random-sub-intermediate-ca-trusted-cert-0001-24303 -key /tmp/sssd-softhsm2-F2KOnK/test-sub-intermediate-CA-trusted-certificate-0001-key.pem -config /tmp/sssd-softhsm2-F2KOnK/test-sub-intermediate-CA-trusted-certificate-0001.config -out /tmp/sssd-softhsm2-F2KOnK/test-sub-intermediate-CA-trusted-certificate-0001-request.pem 378s + openssl req -text -noout -in /tmp/sssd-softhsm2-F2KOnK/test-sub-intermediate-CA-trusted-certificate-0001-request.pem 378s Certificate Request: 378s Data: 378s Version: 1 (0x0) 378s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate Trusted Certificate 0001 378s Subject Public Key Info: 378s Public Key Algorithm: rsaEncryption 378s Public-Key: (1024 bit) 378s Modulus: 378s 00:de:3d:d0:b8:f7:ef:28:0d:18:41:cd:9e:03:87: 378s e0:76:ed:48:91:ac:99:f8:1d:43:98:e0:c3:2f:d5: 378s d2:a7:f0:86:55:a0:64:37:43:3c:70:e1:35:4d:85: 378s 9d:87:6b:da:81:da:fb:54:41:c8:bb:53:51:28:d3: 378s 00:91:f6:81:6e:26:13:c2:a9:41:96:23:f9:39:90: 378s 36:9f:37:69:0c:cf:d4:24:52:04:be:93:94:19:22: 378s f8:c4:dd:64:b0:af:b9:74:3b:8d:18:74:9d:c7:fb: 378s 53:c5:8d:1b:b8:79:90:06:f6:c5:2c:19:7e:9c:1f: 378s 56:cc:64:a2:a5:70:d5:4b:b5 378s Exponent: 65537 (0x10001) 378s Attributes: 378s Requested Extensions: 378s X509v3 Basic Constraints: 378s CA:FALSE 378s Netscape Cert Type: 378s SSL Client, S/MIME 378s Netscape Comment: 378s Test Organization Sub Intermediate CA trusted Certificate 378s X509v3 Subject Key Identifier: 378s 31:B6:6F:93:11:13:8F:85:38:EB:0D:84:76:41:44:F6:11:8F:8E:FC 378s X509v3 Key Usage: critical 378s Digital Signature, Non Repudiation, Key Encipherment 378s X509v3 Extended Key Usage: 378s TLS Web Client Authentication, E-mail Protection 378s X509v3 Subject Alternative Name: 378s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 378s Signature Algorithm: sha256WithRSAEncryption 378s Signature Value: 378s 44:88:e2:8f:05:31:06:10:71:c3:51:c0:21:ea:af:19:d0:74: 378s 14:ba:af:d6:fa:0d:76:90:37:07:06:cc:2b:18:63:91:f6:4a: 378s 7f:19:e3:2e:8d:ee:60:84:3d:85:80:d5:4c:56:b7:ef:ff:59: 378s 58:29:80:bc:6b:bf:5c:73:6d:04:08:2b:e8:75:0e:5d:75:6a: 378s 99:41:36:05:0a:b3:77:fd:c7:ab:d1:90:4a:b9:53:6f:93:cf: 378s 39:64:db:f2:7d:50:b2:af:09:6a:ce:ff:17:83:8b:6b:7c:c1: 378s f6:0b:5e:f3:98:70:57:9d:64:fc:00:2f:96:dd:48:7e:52:00: 378s b0:2b 378s + openssl ca -passin pass:random-sub-intermediate-CA-password-21763 -config /tmp/sssd-softhsm2-F2KOnK/test-sub-intermediate-CA.config -batch -notext -keyfile /tmp/sssd-softhsm2-F2KOnK/test-sub-intermediate-CA-key.pem -in /tmp/sssd-softhsm2-F2KOnK/test-sub-intermediate-CA-trusted-certificate-0001-request.pem -days 365 -extensions usr_cert -out /tmp/sssd-softhsm2-F2KOnK/test-sub-intermediate-CA-trusted-certificate-0001.pem 378s Using configuration from /tmp/sssd-softhsm2-F2KOnK/test-sub-intermediate-CA.config 378s Check that the request matches the signature 378s Signature ok 378s Certificate Details: 378s Serial Number: 5 (0x5) 378s Validity 378s Not Before: Mar 21 03:53:17 2024 GMT 378s Not After : Mar 21 03:53:17 2025 GMT 378s Subject: 378s organizationName = Test Organization 378s organizationalUnitName = Test Organization Unit 378s commonName = Test Organization Sub Intermediate Trusted Certificate 0001 378s X509v3 extensions: 378s X509v3 Authority Key Identifier: 378s 4B:0B:B2:10:B8:D4:0F:4D:3C:47:00:3C:7F:66:8F:DF:C4:42:3F:FA 378s X509v3 Basic Constraints: 378s CA:FALSE 378s Netscape Cert Type: 378s SSL Client, S/MIME 378s Netscape Comment: 378s Test Organization Sub Intermediate CA trusted Certificate 378s X509v3 Subject Key Identifier: 378s 31:B6:6F:93:11:13:8F:85:38:EB:0D:84:76:41:44:F6:11:8F:8E:FC 378s X509v3 Key Usage: critical 378s Digital Signature, Non Repudiation, Key Encipherment 378s X509v3 Extended Key Usage: 378s TLS Web Client Authentication, E-mail Protection 378s X509v3 Subject Alternative Name: 378s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 378s Certificate is to be certified until Mar 21 03:53:17 2025 GMT (365 days) 378s 378s Write out database with 1 new entries 378s Database updated 378s + openssl x509 -noout -in /tmp/sssd-softhsm2-F2KOnK/test-sub-intermediate-CA-trusted-certificate-0001.pem 378s This certificate should not be trusted fully 378s + echo 'This certificate should not be trusted fully' 378s + expect_fail openssl verify -CAfile /tmp/sssd-softhsm2-F2KOnK/test-sub-intermediate-CA.pem /tmp/sssd-softhsm2-F2KOnK/test-sub-intermediate-CA-trusted-certificate-0001.pem 378s + local cmd=openssl 378s + shift 378s + openssl verify -CAfile /tmp/sssd-softhsm2-F2KOnK/test-sub-intermediate-CA.pem /tmp/sssd-softhsm2-F2KOnK/test-sub-intermediate-CA-trusted-certificate-0001.pem 378s O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate CA 378s error 2 at 1 depth lookup: unable to get issuer certificate 378s error /tmp/sssd-softhsm2-F2KOnK/test-sub-intermediate-CA-trusted-certificate-0001.pem: verification failed 378s + expect_fail openssl verify -CAfile /tmp/sssd-softhsm2-F2KOnK/test-intermediate-CA.pem /tmp/sssd-softhsm2-F2KOnK/test-sub-intermediate-CA-trusted-certificate-0001.pem 378s + local cmd=openssl 378s + shift 378s + openssl verify -CAfile /tmp/sssd-softhsm2-F2KOnK/test-intermediate-CA.pem /tmp/sssd-softhsm2-F2KOnK/test-sub-intermediate-CA-trusted-certificate-0001.pem 378s O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate Trusted Certificate 0001 378s error 20 at 0 depth lookup: unable to get local issuer certificate 378s error /tmp/sssd-softhsm2-F2KOnK/test-sub-intermediate-CA-trusted-certificate-0001.pem: verification failed 378s + openssl verify -partial_chain -CAfile /tmp/sssd-softhsm2-F2KOnK/test-sub-intermediate-CA.pem /tmp/sssd-softhsm2-F2KOnK/test-sub-intermediate-CA-trusted-certificate-0001.pem 378s + expect_fail openssl verify -partial_chain -CAfile /tmp/sssd-softhsm2-F2KOnK/test-intermediate-CA.pem /tmp/sssd-softhsm2-F2KOnK/test-sub-intermediate-CA-trusted-certificate-0001.pem 378s + local cmd=openssl 378s + shift 378s + openssl verify -partial_chain -CAfile /tmp/sssd-softhsm2-F2KOnK/test-intermediate-CA.pem /tmp/sssd-softhsm2-F2KOnK/test-sub-intermediate-CA-trusted-certificate-0001.pem 378s O = /tmp/sssd-softhsm2-F2KOnK/test-sub-intermediate-CA-trusted-certificate-0001.pem: OK 378s Building a the full-chain CA file... 378s subject=O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root CA 378s issuer=O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root CA 378s 378s subject=O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate CA 378s issuer=O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root CA 378s 378s subject=O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate CA 378s issuer=O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate CA 378s 378s Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate Trusted Certificate 0001 378s error 20 at 0 depth lookup: unable to get local issuer certificate 378s error /tmp/sssd-softhsm2-F2KOnK/test-sub-intermediate-CA-trusted-certificate-0001.pem: verification failed 378s + echo 'Building a the full-chain CA file...' 378s + cat /tmp/sssd-softhsm2-F2KOnK/test-root-CA.pem /tmp/sssd-softhsm2-F2KOnK/test-intermediate-CA.pem /tmp/sssd-softhsm2-F2KOnK/test-sub-intermediate-CA.pem 378s + cat /tmp/sssd-softhsm2-F2KOnK/test-root-CA.pem /tmp/sssd-softhsm2-F2KOnK/test-intermediate-CA.pem 378s + cat /tmp/sssd-softhsm2-F2KOnK/test-intermediate-CA.pem /tmp/sssd-softhsm2-F2KOnK/test-sub-intermediate-CA.pem 378s + openssl crl2pkcs7 -nocrl -certfile /tmp/sssd-softhsm2-F2KOnK/test-full-chain-CA.pem 378s + openssl pkcs7 -print_certs -noout 378s + openssl verify -CAfile /tmp/sssd-softhsm2-F2KOnK/test-full-chain-CA.pem /tmp/sssd-softhsm2-F2KOnK/test-intermediate-CA.pem 378s + openssl verify -CAfile /tmp/sssd-softhsm2-F2KOnK/test-full-chain-CA.pem /tmp/sssd-softhsm2-F2KOnK/test-root-CA-trusted-certificate-0001.pem 378s /tmp/sssd-softhsm2-F2KOnK/test-intermediate-CA.pem: OK 378s /tmp/sssd-softhsm2-F2KOnK/test-root-CA-trusted-certificate-0001.pem: OK 378s + openssl verify -CAfile /tmp/sssd-softhsm2-F2KOnK/test-full-chain-CA.pem /tmp/sssd-softhsm2-F2KOnK/test-intermediate-CA-trusted-certificate-0001.pem 378s /tmp/sssd-softhsm2-F2KOnK/test-intermediate-CA-trusted-certificate-0001.pem: OK 378s + openssl verify -CAfile /tmp/sssd-softhsm2-F2KOnK/test-full-chain-CA.pem /tmp/sssd-softhsm2-F2KOnK/test-root-intermediate-chain-CA.pem 378s /tmp/sssd-softhsm2-F2KOnK/test-root-intermediate-chain-CA.pem: OK 378s + openssl verify -CAfile /tmp/sssd-softhsm2-F2KOnK/test-full-chain-CA.pem /tmp/sssd-softhsm2-F2KOnK/test-sub-intermediate-CA-trusted-certificate-0001.pem 378s /tmp/sssd-softhsm2-F2KOnK/test-sub-intermediate-CA-trusted-certificate-0001.pem: OK 378s + echo 'Certificates generation completed!' 378s Certificates generation completed! 378s + [[ -v NO_SSSD_TESTS ]] 378s + invalid_certificate /tmp/sssd-softhsm2-F2KOnK/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-23072 /dev/null 378s + check_certificate /tmp/sssd-softhsm2-F2KOnK/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-23072 /dev/null 378s + local certificate=/tmp/sssd-softhsm2-F2KOnK/test-root-CA-trusted-certificate-0001.pem 378s + local key_pass=pass:random-root-ca-trusted-cert-0001-23072 378s + local key_ring=/dev/null 378s + local verify_option= 378s + prepare_softhsm2_card /tmp/sssd-softhsm2-F2KOnK/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-23072 378s + local certificate=/tmp/sssd-softhsm2-F2KOnK/test-root-CA-trusted-certificate-0001.pem 378s + local key_pass=pass:random-root-ca-trusted-cert-0001-23072 378s + local key_cn 378s + local key_name 378s + local tokens_dir 378s + local output_cert_file 378s + token_name= 378s ++ basename /tmp/sssd-softhsm2-F2KOnK/test-root-CA-trusted-certificate-0001.pem .pem 378s + key_name=test-root-CA-trusted-certificate-0001 378s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-F2KOnK/test-root-CA-trusted-certificate-0001.pem 378s ++ sed -n 's/ *commonName *= //p' 378s + key_cn='Test Organization Root Trusted Certificate 0001' 378s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 378s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-F2KOnK/softhsm2-test-root-CA-trusted-certificate-0001.conf 378s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-F2KOnK/softhsm2-test-root-CA-trusted-certificate-0001.conf 378s ++ basename /tmp/sssd-softhsm2-F2KOnK/softhsm2-test-root-CA-trusted-certificate-0001.conf .conf 378s + tokens_dir=/tmp/sssd-softhsm2-F2KOnK/softhsm2-test-root-CA-trusted-certificate-0001 378s + token_name='Test Organization Root Tr Token' 378s + '[' '!' -e /tmp/sssd-softhsm2-F2KOnK/softhsm2-test-root-CA-trusted-certificate-0001.conf ']' 378s + local key_file 378s + local decrypted_key 378s + mkdir -p /tmp/sssd-softhsm2-F2KOnK/softhsm2-test-root-CA-trusted-certificate-0001 378s + key_file=/tmp/sssd-softhsm2-F2KOnK/test-root-CA-trusted-certificate-0001-key.pem 378s + decrypted_key=/tmp/sssd-softhsm2-F2KOnK/test-root-CA-trusted-certificate-0001-key-decrypted.pem 378s + cat 378s + softhsm2-util --init-token --label 'Test Organization Root Tr Token' --pin 053350 --so-pin 053350 --free 378s Slot 0 has a free/uninitialized token. 378s The token has been initialized and is reassigned to slot 2082970455 378s + softhsm2-util --show-slots 378s Available slots: 378s Slot 2082970455 378s Slot info: 378s Description: SoftHSM slot ID 0x7c279b57 378s Manufacturer ID: SoftHSM project 378s Hardware version: 2.6 378s Firmware version: 2.6 378s Token present: yes 378s Token info: 378s Manufacturer ID: SoftHSM project 378s Model: SoftHSM v2 378s Hardware version: 2.6 378s Firmware version: 2.6 378s Serial number: bbe5593b7c279b57 378s Initialized: yes 378s User PIN init.: yes 378s Label: Test Organization Root Tr Token 378s Slot 1 378s Slot info: 378s Description: SoftHSM slot ID 0x1 378s Manufacturer ID: SoftHSM project 378s Hardware version: 2.6 378s Firmware version: 2.6 378s Token present: yes 378s Token info: 378s Manufacturer ID: SoftHSM project 378s Model: SoftHSM v2 378s Hardware version: 2.6 378s Firmware version: 2.6 378s Serial number: 378s Initialized: no 378s User PIN init.: no 378s Label: 378s + p11tool --provider=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so --write --no-mark-private --load-certificate=/tmp/sssd-softhsm2-F2KOnK/test-root-CA-trusted-certificate-0001.pem --login --set-pin=053350 --label 'Test Organization Root Trusted Certificate 0001' --id 00112233445566778899FFAABBCCDDEEFF012345 378s + openssl rsa -passin pass:random-root-ca-trusted-cert-0001-23072 -in /tmp/sssd-softhsm2-F2KOnK/test-root-CA-trusted-certificate-0001-key.pem -out /tmp/sssd-softhsm2-F2KOnK/test-root-CA-trusted-certificate-0001-key-decrypted.pem 378s writing RSA key 378s + p11tool --provider=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so --write --load-privkey=/tmp/sssd-softhsm2-F2KOnK/test-root-CA-trusted-certificate-0001-key-decrypted.pem --login --set-pin=053350 --label 'Test Organization Root Trusted Certificate 0001 Key' --id 00112233445566778899FFAABBCCDDEEFF012345 378s + rm /tmp/sssd-softhsm2-F2KOnK/test-root-CA-trusted-certificate-0001-key-decrypted.pem 378s + p11tool --provider=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so --list-all 378s Object 0: 378s URL: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=bbe5593b7c279b57;token=Test%20Organization%20Root%20Tr%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Root%20Trusted%20Certificate%200001;type=cert 378s Type: X.509 Certificate (RSA-1024) 378s Expires: Fri Mar 21 03:53:17 2025 378s Label: Test Organization Root Trusted Certificate 0001 378s ID: 00:11:22:33:44:55:66:77:88:99:ff:aa:bb:cc:dd:ee:ff:01:23:45 378s 378s Test Organization Root Tr Token 378s + echo 'Test Organization Root Tr Token' 378s + '[' -n '' ']' 378s + local output_base_name=SSSD-child-425 378s + local output_file=/tmp/sssd-softhsm2-F2KOnK/SSSD-child-425.output 378s + output_cert_file=/tmp/sssd-softhsm2-F2KOnK/SSSD-child-425.pem 378s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so '' --ca_db=/dev/null 378s [p11_child[2028]] [main] (0x0400): p11_child started. 378s [p11_child[2028]] [main] (0x2000): Running in [pre-auth] mode. 378s [p11_child[2028]] [main] (0x2000): Running with effective IDs: [0][0]. 378s [p11_child[2028]] [main] (0x2000): Running with real IDs [0][0]. 378s [p11_child[2028]] [init_verification] (0x0040): X509_LOOKUP_load_file [/dev/null] failed [92274824][error:05800088:x509 certificate routines::no certificate or crl found]. 378s [p11_child[2028]] [do_work] (0x0040): init_verification failed. 378s [p11_child[2028]] [main] (0x0020): p11_child failed (5) 378s + return 2 378s + valid_certificate /tmp/sssd-softhsm2-F2KOnK/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-23072 /dev/null no_verification 378s + check_certificate /tmp/sssd-softhsm2-F2KOnK/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-23072 /dev/null no_verification 378s + local certificate=/tmp/sssd-softhsm2-F2KOnK/test-root-CA-trusted-certificate-0001.pem 378s + local key_pass=pass:random-root-ca-trusted-cert-0001-23072 378s + local key_ring=/dev/null 378s + local verify_option=no_verification 378s + prepare_softhsm2_card /tmp/sssd-softhsm2-F2KOnK/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-23072 378s + local certificate=/tmp/sssd-softhsm2-F2KOnK/test-root-CA-trusted-certificate-0001.pem 378s + local key_pass=pass:random-root-ca-trusted-cert-0001-23072 378s + local key_cn 378s + local key_name 378s + local tokens_dir 378s + local output_cert_file 378s + token_name= 378s ++ basename /tmp/sssd-softhsm2-F2KOnK/test-root-CA-trusted-certificate-0001.pem .pem 378s + key_name=test-root-CA-trusted-certificate-0001 378s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-F2KOnK/test-root-CA-trusted-certificate-0001.pem 378s ++ sed -n 's/ *commonName *= //p' 378s + key_cn='Test Organization Root Trusted Certificate 0001' 378s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 378s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-F2KOnK/softhsm2-test-root-CA-trusted-certificate-0001.conf 378s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-F2KOnK/softhsm2-test-root-CA-trusted-certificate-0001.conf 378s ++ basename /tmp/sssd-softhsm2-F2KOnK/softhsm2-test-root-CA-trusted-certificate-0001.conf .conf 378s + tokens_dir=/tmp/sssd-softhsm2-F2KOnK/softhsm2-test-root-CA-trusted-certificate-0001 378s + token_name='Test Organization Root Tr Token' 378s + '[' '!' -e /tmp/sssd-softhsm2-F2KOnK/softhsm2-test-root-CA-trusted-certificate-0001.conf ']' 378s + '[' '!' -d /tmp/sssd-softhsm2-F2KOnK/softhsm2-test-root-CA-trusted-certificate-0001 ']' 378s + echo 'Test Organization Root Tr Token' 378s Test Organization Root Tr Token 378s + '[' -n no_verification ']' 378s + local verify_arg=--verify=no_verification 378s + local output_base_name=SSSD-child-32471 378s + local output_file=/tmp/sssd-softhsm2-F2KOnK/SSSD-child-32471.output 378s + output_cert_file=/tmp/sssd-softhsm2-F2KOnK/SSSD-child-32471.pem 378s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so --verify=no_verification --ca_db=/dev/null 378s [p11_child[2034]] [main] (0x0400): p11_child started. 378s [p11_child[2034]] [main] (0x2000): Running in [pre-auth] mode. 378s [p11_child[2034]] [main] (0x2000): Running with effective IDs: [0][0]. 378s [p11_child[2034]] [main] (0x2000): Running with real IDs [0][0]. 378s [p11_child[2034]] [parse_cert_verify_opts] (0x0020): Found 'no_verification' option, disabling verification completely. This should not be used in production. 378s [p11_child[2034]] [do_card] (0x4000): Module List: 378s [p11_child[2034]] [do_card] (0x4000): common name: [softhsm2]. 378s [p11_child[2034]] [do_card] (0x4000): dll name: [/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 378s [p11_child[2034]] [do_card] (0x4000): Description [SoftHSM slot ID 0x7c279b57] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 378s [p11_child[2034]] [do_card] (0x4000): Token label [Test Organization Root Tr Token]. 378s [p11_child[2034]] [do_card] (0x4000): Found [Test Organization Root Tr Token] in slot [SoftHSM slot ID 0x7c279b57][2082970455] of module [0][/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 378s [p11_child[2034]] [do_card] (0x4000): Login NOT required. 378s [p11_child[2034]] [read_certs] (0x4000): found cert[Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] 378s [p11_child[2034]] [do_card] (0x4000): /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so (null) Test Organization Root Tr Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 378s [p11_child[2034]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x7c279b57;slot-manufacturer=SoftHSM%20project;slot-id=2082970455;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=bbe5593b7c279b57;token=Test%20Organization%20Root%20Tr%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Root%20Trusted%20Certificate%200001;type=cert. 378s [p11_child[2034]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 378s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-F2KOnK/SSSD-child-32471.output 378s + echo '-----BEGIN CERTIFICATE-----' 378s + tail -n1 /tmp/sssd-softhsm2-F2KOnK/SSSD-child-32471.output 378s + echo '-----END CERTIFICATE-----' 378s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-F2KOnK/SSSD-child-32471.pem 378s Certificate: 378s Data: 378s Version: 3 (0x2) 378s Serial Number: 3 (0x3) 378s Signature Algorithm: sha256WithRSAEncryption 378s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root CA 378s Validity 378s Not Before: Mar 21 03:53:17 2024 GMT 378s Not After : Mar 21 03:53:17 2025 GMT 378s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root Trusted Certificate 0001 378s Subject Public Key Info: 378s Public Key Algorithm: rsaEncryption 378s Public-Key: (1024 bit) 378s Modulus: 378s 00:c3:7f:b9:bc:aa:ad:e1:be:ec:3a:a0:83:6c:66: 378s ec:7c:aa:f0:14:61:3b:44:5a:35:fb:1b:6b:f4:d8: 378s 1d:ce:e7:12:16:86:5e:86:21:e0:fd:64:4f:33:d2: 378s 13:11:e5:ff:b7:1e:14:a8:98:9f:3a:fb:a2:f0:42: 378s 37:ec:b7:b0:b1:36:0f:65:54:bb:49:bd:47:2d:0e: 378s d3:37:04:05:3b:d7:f2:f0:f5:17:1b:f6:f2:56:c6: 378s 0a:db:7d:9d:dc:9d:b1:60:65:74:ce:29:34:df:6c: 378s 47:97:5e:07:f7:ce:d1:a5:5c:a6:18:f8:5b:8c:ad: 378s 43:6e:b3:5e:01:14:be:c2:c7 378s Exponent: 65537 (0x10001) 378s X509v3 extensions: 378s X509v3 Authority Key Identifier: 378s 93:87:C4:7E:36:2A:10:7A:E9:9B:C1:A3:18:0A:B0:B4:96:79:9F:C7 378s X509v3 Basic Constraints: 378s CA:FALSE 378s Netscape Cert Type: 378s SSL Client, S/MIME 378s Netscape Comment: 378s Test Organization Root CA trusted Certificate 378s X509v3 Subject Key Identifier: 378s FB:1D:A5:DD:4F:E0:B5:0A:3F:66:C4:1A:60:E4:97:AB:CC:70:6B:4A 378s X509v3 Key Usage: critical 378s Digital Signature, Non Repudiation, Key Encipherment 378s X509v3 Extended Key Usage: 378s TLS Web Client Authentication, E-mail Protection 378s X509v3 Subject Alternative Name: 378s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 378s Signature Algorithm: sha256WithRSAEncryption 378s Signature Value: 378s 93:e3:86:cf:eb:1e:56:06:21:eb:80:bf:de:c1:9a:48:76:c3: 378s cb:91:8a:9e:20:a8:36:a6:c3:6d:15:8d:ad:61:d0:56:58:d0: 378s 89:74:e3:85:5a:01:a4:4d:2e:f4:f9:fc:45:71:31:e9:09:2a: 378s 8d:17:54:3f:20:b7:c4:da:f9:78:94:63:64:76:20:6c:47:10: 378s 6e:c1:25:64:8b:0d:6d:44:7d:90:95:9e:ff:9f:87:d2:78:5b: 378s f9:43:48:10:06:db:ea:f5:41:dd:8c:2e:67:55:20:e7:96:3c: 378s 1e:61:70:8a:26:25:d6:d3:2e:4d:44:dd:23:35:e4:b8:82:a2: 378s 0f:8e 378s + local found_md5 expected_md5 378s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-F2KOnK/test-root-CA-trusted-certificate-0001.pem 378s + expected_md5=Modulus=C37FB9BCAAADE1BEEC3AA0836C66EC7CAAF014613B445A35FB1B6BF4D81DCEE71216865E8621E0FD644F33D21311E5FFB71E14A8989F3AFBA2F04237ECB7B0B1360F6554BB49BD472D0ED33704053BD7F2F0F5171BF6F256C60ADB7D9DDC9DB1606574CE2934DF6C47975E07F7CED1A55CA618F85B8CAD436EB35E0114BEC2C7 378s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-F2KOnK/SSSD-child-32471.pem 378s + found_md5=Modulus=C37FB9BCAAADE1BEEC3AA0836C66EC7CAAF014613B445A35FB1B6BF4D81DCEE71216865E8621E0FD644F33D21311E5FFB71E14A8989F3AFBA2F04237ECB7B0B1360F6554BB49BD472D0ED33704053BD7F2F0F5171BF6F256C60ADB7D9DDC9DB1606574CE2934DF6C47975E07F7CED1A55CA618F85B8CAD436EB35E0114BEC2C7 378s + '[' Modulus=C37FB9BCAAADE1BEEC3AA0836C66EC7CAAF014613B445A35FB1B6BF4D81DCEE71216865E8621E0FD644F33D21311E5FFB71E14A8989F3AFBA2F04237ECB7B0B1360F6554BB49BD472D0ED33704053BD7F2F0F5171BF6F256C60ADB7D9DDC9DB1606574CE2934DF6C47975E07F7CED1A55CA618F85B8CAD436EB35E0114BEC2C7 '!=' Modulus=C37FB9BCAAADE1BEEC3AA0836C66EC7CAAF014613B445A35FB1B6BF4D81DCEE71216865E8621E0FD644F33D21311E5FFB71E14A8989F3AFBA2F04237ECB7B0B1360F6554BB49BD472D0ED33704053BD7F2F0F5171BF6F256C60ADB7D9DDC9DB1606574CE2934DF6C47975E07F7CED1A55CA618F85B8CAD436EB35E0114BEC2C7 ']' 378s + output_file=/tmp/sssd-softhsm2-F2KOnK/SSSD-child-32471-auth.output 378s ++ basename /tmp/sssd-softhsm2-F2KOnK/SSSD-child-32471-auth.output .output 378s + output_cert_file=/tmp/sssd-softhsm2-F2KOnK/SSSD-child-32471-auth.pem 378s + echo -n 053350 378s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/dev/null --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 --verify=no_verification --token_name 'Test Organization Root Tr Token' --module_name /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so 378s [p11_child[2042]] [main] (0x0400): p11_child started. 378s [p11_child[2042]] [main] (0x2000): Running in [auth] mode. 378s [p11_child[2042]] [main] (0x2000): Running with effective IDs: [0][0]. 378s [p11_child[2042]] [main] (0x2000): Running with real IDs [0][0]. 378s [p11_child[2042]] [parse_cert_verify_opts] (0x0020): Found 'no_verification' option, disabling verification completely. This should not be used in production. 378s [p11_child[2042]] [do_card] (0x4000): Module List: 378s [p11_child[2042]] [do_card] (0x4000): common name: [softhsm2]. 378s [p11_child[2042]] [do_card] (0x4000): dll name: [/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 378s [p11_child[2042]] [do_card] (0x4000): Description [SoftHSM slot ID 0x7c279b57] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 378s [p11_child[2042]] [do_card] (0x4000): Token label [Test Organization Root Tr Token]. 378s [p11_child[2042]] [do_card] (0x4000): Found [Test Organization Root Tr Token] in slot [SoftHSM slot ID 0x7c279b57][2082970455] of module [0][/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 378s [p11_child[2042]] [do_card] (0x4000): Login required. 378s [p11_child[2042]] [read_certs] (0x4000): found cert[Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] 378s Certificate: 378s Data: 378s Version: 3 (0x2) 378s Serial Number: 3 (0x3) 378s Signature Algorithm: sha256WithRSAEncryption 378s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root CA 378s Validity 378s Not Before: Mar 21 03:53:17 2024 GMT 378s Not After : Mar 21 03:53:17 2025 GMT 378s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root Trusted Certificate 0001 378s Subject Public Key Info: 378s Public Key Algorithm: rsaEncryption 378s Public-Key: (1024 bit) 378s Modulus: 378s 00:c3:7f:b9:bc:aa:ad:e1:be:ec:3a:a0:83:6c:66: 378s ec:7c:aa:f0:14:61:3b:44:5a:35:fb:1b:6b:f4:d8: 378s 1d:ce:e7:12:16:86:5e:86:21:e0:fd:64:4f:33:d2: 378s 13:11:e5:ff:b7:1e:14:a8:98:9f:3a:fb:a2:f0:42: 378s 37:ec:b7:b0:b1:36:0f:65:54:bb:49:bd:47:2d:0e: 378s d3:37:04:05:3b:d7:f2:f0:f5:17:1b:f6:f2:56:c6: 378s 0a:db:7d:9d:dc:9d:b1:60:65:74:ce:29:34:df:6c: 378s 47:97:5e:07:f7:ce:d1:a5:5c:a6:18:f8:5b:8c:ad: 378s 43:6e:b3:5e:01:14:be:c2:c7 378s Exponent: 65537 (0x10001) 378s X509v3 extensions: 378s X509v3 Authority Key Identifier: 378s 93:87:C4:7E:36:2A:10:7A:E9:9B:C1:A3:18:0A:B0:B4:96:79:9F:C7 378s X509v3 Basic Constraints: 378s CA:FALSE 378s Netscape Cert Type: 378s SSL Client, S/MIME 378s Netscape Comment: 378s Test Organization Root CA trusted Certificate 378s X509v3 Subject Key Identifier: 378s FB:1D:A5:DD:4F:E0:B5:0A:3F:66:C4:1A:60:E4:97:AB:CC:70:6B:4A 378s X509v3 Key Usage: critical 378s Digital Signature, Non Repudiation, Key Encipherment 378s X509v3 Extended Key Usage: 378s TLS Web Client Authentication, E-mail Protection 378s X509v3 Subject Alternative Name: 378s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 378s Signature Algorithm: sha256WithRSAEncryption 378s Signature Value: 378s 93:e3:86:cf:eb:1e:56:06:21:eb:80:bf:de:c1:9a:48:76:c3: 378s cb:91:8a:9e:20:a8:36:a6:c3:6d:15:8d:ad:61:d0:56:58:d0: 378s 89:74:e3:85:5a:01:a4:4d:2e:f4:f9:fc:45:71:31:e9:09:2a: 378s 8d:17:54:3f:20:b7:c4:da:f9:78:94:63:64:76:20:6c:47:10: 378s 6e:c1:25:64:8b:0d:6d:44:7d:90:95:9e:ff:9f:87:d2:78:5b: 378s f9:43:48:10:06:db:ea:f5:41:dd:8c:2e:67:55:20:e7:96:3c: 378s 1e:61:70:8a:26:25:d6:d3:2e:4d:44:dd:23:35:e4:b8:82:a2: 378s 0f:8e 378s [p11_child[2042]] [do_card] (0x4000): /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so Test Organization Root Tr Token Test Organization Root Tr Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 378s [p11_child[2042]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x7c279b57;slot-manufacturer=SoftHSM%20project;slot-id=2082970455;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=bbe5593b7c279b57;token=Test%20Organization%20Root%20Tr%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Root%20Trusted%20Certificate%200001;type=cert. 378s [p11_child[2042]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 378s [p11_child[2042]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 378s [p11_child[2042]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 378s [p11_child[2042]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 378s [p11_child[2042]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 378s [p11_child[2042]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 378s [p11_child[2042]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 378s [p11_child[2042]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 378s [p11_child[2042]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 378s [p11_child[2042]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 378s [p11_child[2042]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 378s [p11_child[2042]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 378s [p11_child[2042]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 378s [p11_child[2042]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 378s [p11_child[2042]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 378s [p11_child[2042]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 378s [p11_child[2042]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 378s [p11_child[2042]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 378s [p11_child[2042]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 378s [p11_child[2042]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 378s [p11_child[2042]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 378s [p11_child[2042]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 378s [p11_child[2042]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 378s [p11_child[2042]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 378s [p11_child[2042]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 378s [p11_child[2042]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 378s [p11_child[2042]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 378s [p11_child[2042]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 378s [p11_child[2042]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 378s [p11_child[2042]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 378s [p11_child[2042]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 378s [p11_child[2042]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 378s [p11_child[2042]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 378s [p11_child[2042]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 378s [p11_child[2042]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 378s [p11_child[2042]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 378s [p11_child[2042]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 378s [p11_child[2042]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 378s [p11_child[2042]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 378s [p11_child[2042]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 378s [p11_child[2042]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 378s [p11_child[2042]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 378s [p11_child[2042]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 378s [p11_child[2042]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 378s [p11_child[2042]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 378s [p11_child[2042]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 378s [p11_child[2042]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 378s [p11_child[2042]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 378s [p11_child[2042]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 378s [p11_child[2042]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 378s [p11_child[2042]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 378s [p11_child[2042]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 378s [p11_child[2042]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 378s [p11_child[2042]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 378s [p11_child[2042]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 378s [p11_child[2042]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 378s [p11_child[2042]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 378s [p11_child[2042]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 378s [p11_child[2042]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 378s [p11_child[2042]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 378s [p11_child[2042]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 378s [p11_child[2042]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 378s [p11_child[2042]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 378s [p11_child[2042]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 378s [p11_child[2042]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 378s [p11_child[2042]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 378s [p11_child[2042]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 378s [p11_child[2042]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 378s [p11_child[2042]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 378s [p11_child[2042]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 378s [p11_child[2042]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 378s [p11_child[2042]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 378s [p11_child[2042]] [do_card] (0x4000): Certificate verified and validated. 378s [p11_child[2042]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 378s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-F2KOnK/SSSD-child-32471-auth.output 378s + echo '-----BEGIN CERTIFICATE-----' 378s + tail -n1 /tmp/sssd-softhsm2-F2KOnK/SSSD-child-32471-auth.output 378s + echo '-----END CERTIFICATE-----' 378s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-F2KOnK/SSSD-child-32471-auth.pem 378s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-F2KOnK/SSSD-child-32471-auth.pem 378s + found_md5=Modulus=C37FB9BCAAADE1BEEC3AA0836C66EC7CAAF014613B445A35FB1B6BF4D81DCEE71216865E8621E0FD644F33D21311E5FFB71E14A8989F3AFBA2F04237ECB7B0B1360F6554BB49BD472D0ED33704053BD7F2F0F5171BF6F256C60ADB7D9DDC9DB1606574CE2934DF6C47975E07F7CED1A55CA618F85B8CAD436EB35E0114BEC2C7 378s + '[' Modulus=C37FB9BCAAADE1BEEC3AA0836C66EC7CAAF014613B445A35FB1B6BF4D81DCEE71216865E8621E0FD644F33D21311E5FFB71E14A8989F3AFBA2F04237ECB7B0B1360F6554BB49BD472D0ED33704053BD7F2F0F5171BF6F256C60ADB7D9DDC9DB1606574CE2934DF6C47975E07F7CED1A55CA618F85B8CAD436EB35E0114BEC2C7 '!=' Modulus=C37FB9BCAAADE1BEEC3AA0836C66EC7CAAF014613B445A35FB1B6BF4D81DCEE71216865E8621E0FD644F33D21311E5FFB71E14A8989F3AFBA2F04237ECB7B0B1360F6554BB49BD472D0ED33704053BD7F2F0F5171BF6F256C60ADB7D9DDC9DB1606574CE2934DF6C47975E07F7CED1A55CA618F85B8CAD436EB35E0114BEC2C7 ']' 378s + valid_certificate /tmp/sssd-softhsm2-F2KOnK/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-23072 /tmp/sssd-softhsm2-F2KOnK/test-root-CA.pem 378s + check_certificate /tmp/sssd-softhsm2-F2KOnK/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-23072 /tmp/sssd-softhsm2-F2KOnK/test-root-CA.pem 378s + local certificate=/tmp/sssd-softhsm2-F2KOnK/test-root-CA-trusted-certificate-0001.pem 378s + local key_pass=pass:random-root-ca-trusted-cert-0001-23072 378s + local key_ring=/tmp/sssd-softhsm2-F2KOnK/test-root-CA.pem 378s + local verify_option= 378s + prepare_softhsm2_card /tmp/sssd-softhsm2-F2KOnK/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-23072 378s + local certificate=/tmp/sssd-softhsm2-F2KOnK/test-root-CA-trusted-certificate-0001.pem 378s + local key_pass=pass:random-root-ca-trusted-cert-0001-23072 378s + local key_cn 378s + local key_name 378s + local tokens_dir 378s + local output_cert_file 378s + token_name= 378s ++ basename /tmp/sssd-softhsm2-F2KOnK/test-root-CA-trusted-certificate-0001.pem .pem 378s + key_name=test-root-CA-trusted-certificate-0001 378s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-F2KOnK/test-root-CA-trusted-certificate-0001.pem 378s ++ sed -n 's/ *commonName *= //p' 379s + key_cn='Test Organization Root Trusted Certificate 0001' 379s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 379s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-F2KOnK/softhsm2-test-root-CA-trusted-certificate-0001.conf 379s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-F2KOnK/softhsm2-test-root-CA-trusted-certificate-0001.conf 379s ++ basename /tmp/sssd-softhsm2-F2KOnK/softhsm2-test-root-CA-trusted-certificate-0001.conf .conf 379s + tokens_dir=/tmp/sssd-softhsm2-F2KOnK/softhsm2-test-root-CA-trusted-certificate-0001 379s Test Organization Root Tr Token 379s + token_name='Test Organization Root Tr Token' 379s + '[' '!' -e /tmp/sssd-softhsm2-F2KOnK/softhsm2-test-root-CA-trusted-certificate-0001.conf ']' 379s + '[' '!' -d /tmp/sssd-softhsm2-F2KOnK/softhsm2-test-root-CA-trusted-certificate-0001 ']' 379s + echo 'Test Organization Root Tr Token' 379s + '[' -n '' ']' 379s + local output_base_name=SSSD-child-14069 379s + local output_file=/tmp/sssd-softhsm2-F2KOnK/SSSD-child-14069.output 379s + output_cert_file=/tmp/sssd-softhsm2-F2KOnK/SSSD-child-14069.pem 379s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so '' --ca_db=/tmp/sssd-softhsm2-F2KOnK/test-root-CA.pem 379s [p11_child[2052]] [main] (0x0400): p11_child started. 379s [p11_child[2052]] [main] (0x2000): Running in [pre-auth] mode. 379s [p11_child[2052]] [main] (0x2000): Running with effective IDs: [0][0]. 379s [p11_child[2052]] [main] (0x2000): Running with real IDs [0][0]. 379s [p11_child[2052]] [do_card] (0x4000): Module List: 379s [p11_child[2052]] [do_card] (0x4000): common name: [softhsm2]. 379s [p11_child[2052]] [do_card] (0x4000): dll name: [/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 379s [p11_child[2052]] [do_card] (0x4000): Description [SoftHSM slot ID 0x7c279b57] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 379s [p11_child[2052]] [do_card] (0x4000): Token label [Test Organization Root Tr Token]. 379s [p11_child[2052]] [do_card] (0x4000): Found [Test Organization Root Tr Token] in slot [SoftHSM slot ID 0x7c279b57][2082970455] of module [0][/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 379s [p11_child[2052]] [do_card] (0x4000): Login NOT required. 379s [p11_child[2052]] [read_certs] (0x4000): found cert[Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] 379s [p11_child[2052]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 379s [p11_child[2052]] [do_card] (0x4000): /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so (null) Test Organization Root Tr Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 379s [p11_child[2052]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x7c279b57;slot-manufacturer=SoftHSM%20project;slot-id=2082970455;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=bbe5593b7c279b57;token=Test%20Organization%20Root%20Tr%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Root%20Trusted%20Certificate%200001;type=cert. 379s [p11_child[2052]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 379s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-F2KOnK/SSSD-child-14069.output 379s + echo '-----BEGIN CERTIFICATE-----' 379s + tail -n1 /tmp/sssd-softhsm2-F2KOnK/SSSD-child-14069.output 379s + echo '-----END CERTIFICATE-----' 379s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-F2KOnK/SSSD-child-14069.pem 379s + local found_md5 expected_md5 379s Certificate: 379s Data: 379s Version: 3 (0x2) 379s Serial Number: 3 (0x3) 379s Signature Algorithm: sha256WithRSAEncryption 379s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root CA 379s Validity 379s Not Before: Mar 21 03:53:17 2024 GMT 379s Not After : Mar 21 03:53:17 2025 GMT 379s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root Trusted Certificate 0001 379s Subject Public Key Info: 379s Public Key Algorithm: rsaEncryption 379s Public-Key: (1024 bit) 379s Modulus: 379s 00:c3:7f:b9:bc:aa:ad:e1:be:ec:3a:a0:83:6c:66: 379s ec:7c:aa:f0:14:61:3b:44:5a:35:fb:1b:6b:f4:d8: 379s 1d:ce:e7:12:16:86:5e:86:21:e0:fd:64:4f:33:d2: 379s 13:11:e5:ff:b7:1e:14:a8:98:9f:3a:fb:a2:f0:42: 379s 37:ec:b7:b0:b1:36:0f:65:54:bb:49:bd:47:2d:0e: 379s d3:37:04:05:3b:d7:f2:f0:f5:17:1b:f6:f2:56:c6: 379s 0a:db:7d:9d:dc:9d:b1:60:65:74:ce:29:34:df:6c: 379s 47:97:5e:07:f7:ce:d1:a5:5c:a6:18:f8:5b:8c:ad: 379s 43:6e:b3:5e:01:14:be:c2:c7 379s Exponent: 65537 (0x10001) 379s X509v3 extensions: 379s X509v3 Authority Key Identifier: 379s 93:87:C4:7E:36:2A:10:7A:E9:9B:C1:A3:18:0A:B0:B4:96:79:9F:C7 379s X509v3 Basic Constraints: 379s CA:FALSE 379s Netscape Cert Type: 379s SSL Client, S/MIME 379s Netscape Comment: 379s Test Organization Root CA trusted Certificate 379s X509v3 Subject Key Identifier: 379s FB:1D:A5:DD:4F:E0:B5:0A:3F:66:C4:1A:60:E4:97:AB:CC:70:6B:4A 379s X509v3 Key Usage: critical 379s Digital Signature, Non Repudiation, Key Encipherment 379s X509v3 Extended Key Usage: 379s TLS Web Client Authentication, E-mail Protection 379s X509v3 Subject Alternative Name: 379s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 379s Signature Algorithm: sha256WithRSAEncryption 379s Signature Value: 379s 93:e3:86:cf:eb:1e:56:06:21:eb:80:bf:de:c1:9a:48:76:c3: 379s cb:91:8a:9e:20:a8:36:a6:c3:6d:15:8d:ad:61:d0:56:58:d0: 379s 89:74:e3:85:5a:01:a4:4d:2e:f4:f9:fc:45:71:31:e9:09:2a: 379s 8d:17:54:3f:20:b7:c4:da:f9:78:94:63:64:76:20:6c:47:10: 379s 6e:c1:25:64:8b:0d:6d:44:7d:90:95:9e:ff:9f:87:d2:78:5b: 379s f9:43:48:10:06:db:ea:f5:41:dd:8c:2e:67:55:20:e7:96:3c: 379s 1e:61:70:8a:26:25:d6:d3:2e:4d:44:dd:23:35:e4:b8:82:a2: 379s 0f:8e 379s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-F2KOnK/test-root-CA-trusted-certificate-0001.pem 379s + expected_md5=Modulus=C37FB9BCAAADE1BEEC3AA0836C66EC7CAAF014613B445A35FB1B6BF4D81DCEE71216865E8621E0FD644F33D21311E5FFB71E14A8989F3AFBA2F04237ECB7B0B1360F6554BB49BD472D0ED33704053BD7F2F0F5171BF6F256C60ADB7D9DDC9DB1606574CE2934DF6C47975E07F7CED1A55CA618F85B8CAD436EB35E0114BEC2C7 379s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-F2KOnK/SSSD-child-14069.pem 379s + found_md5=Modulus=C37FB9BCAAADE1BEEC3AA0836C66EC7CAAF014613B445A35FB1B6BF4D81DCEE71216865E8621E0FD644F33D21311E5FFB71E14A8989F3AFBA2F04237ECB7B0B1360F6554BB49BD472D0ED33704053BD7F2F0F5171BF6F256C60ADB7D9DDC9DB1606574CE2934DF6C47975E07F7CED1A55CA618F85B8CAD436EB35E0114BEC2C7 379s + '[' Modulus=C37FB9BCAAADE1BEEC3AA0836C66EC7CAAF014613B445A35FB1B6BF4D81DCEE71216865E8621E0FD644F33D21311E5FFB71E14A8989F3AFBA2F04237ECB7B0B1360F6554BB49BD472D0ED33704053BD7F2F0F5171BF6F256C60ADB7D9DDC9DB1606574CE2934DF6C47975E07F7CED1A55CA618F85B8CAD436EB35E0114BEC2C7 '!=' Modulus=C37FB9BCAAADE1BEEC3AA0836C66EC7CAAF014613B445A35FB1B6BF4D81DCEE71216865E8621E0FD644F33D21311E5FFB71E14A8989F3AFBA2F04237ECB7B0B1360F6554BB49BD472D0ED33704053BD7F2F0F5171BF6F256C60ADB7D9DDC9DB1606574CE2934DF6C47975E07F7CED1A55CA618F85B8CAD436EB35E0114BEC2C7 ']' 379s + output_file=/tmp/sssd-softhsm2-F2KOnK/SSSD-child-14069-auth.output 379s ++ basename /tmp/sssd-softhsm2-F2KOnK/SSSD-child-14069-auth.output .output 379s + output_cert_file=/tmp/sssd-softhsm2-F2KOnK/SSSD-child-14069-auth.pem 379s + echo -n 053350 379s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/tmp/sssd-softhsm2-F2KOnK/test-root-CA.pem --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 '' --token_name 'Test Organization Root Tr Token' --module_name /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so 379s [p11_child[2060]] [main] (0x0400): p11_child started. 379s [p11_child[2060]] [main] (0x2000): Running in [auth] mode. 379s [p11_child[2060]] [main] (0x2000): Running with effective IDs: [0][0]. 379s [p11_child[2060]] [main] (0x2000): Running with real IDs [0][0]. 379s [p11_child[2060]] [do_card] (0x4000): Module List: 379s [p11_child[2060]] [do_card] (0x4000): common name: [softhsm2]. 379s [p11_child[2060]] [do_card] (0x4000): dll name: [/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 379s [p11_child[2060]] [do_card] (0x4000): Description [SoftHSM slot ID 0x7c279b57] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 379s [p11_child[2060]] [do_card] (0x4000): Token label [Test Organization Root Tr Token]. 379s [p11_child[2060]] [do_card] (0x4000): Found [Test Organization Root Tr Token] in slot [SoftHSM slot ID 0x7c279b57][2082970455] of module [0][/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 379s [p11_child[2060]] [do_card] (0x4000): Login required. 379s [p11_child[2060]] [read_certs] (0x4000): found cert[Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] 379s [p11_child[2060]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 379s [p11_child[2060]] [do_card] (0x4000): /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so Test Organization Root Tr Token Test Organization Root Tr Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 379s [p11_child[2060]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x7c279b57;slot-manufacturer=SoftHSM%20project;slot-id=2082970455;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=bbe5593b7c279b57;token=Test%20Organization%20Root%20Tr%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Root%20Trusted%20Certificate%200001;type=cert. 379s [p11_child[2060]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 379s [p11_child[2060]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 379s [p11_child[2060]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 379s [p11_child[2060]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 379s [p11_child[2060]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 379s [p11_child[2060]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 379s [p11_child[2060]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 379s [p11_child[2060]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 379s [p11_child[2060]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 379s [p11_child[2060]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 379s [p11_child[2060]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 379s [p11_child[2060]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 379s [p11_child[2060]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 379s [p11_child[2060]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 379s [p11_child[2060]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 379s [p11_child[2060]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 379s [p11_child[2060]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 379s [p11_child[2060]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 379s [p11_child[2060]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 379s [p11_child[2060]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 379s [p11_child[2060]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 379s [p11_child[2060]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 379s [p11_child[2060]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 379s [p11_child[2060]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 379s [p11_child[2060]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 379s [p11_child[2060]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 379s [p11_child[2060]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 379s [p11_child[2060]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 379s [p11_child[2060]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 379s [p11_child[2060]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 379s [p11_child[2060]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 379s [p11_child[2060]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 379s [p11_child[2060]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 379s [p11_child[2060]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 379s [p11_child[2060]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 379s [p11_child[2060]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 379s [p11_child[2060]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 379s [p11_child[2060]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 379s [p11_child[2060]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 379s [p11_child[2060]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 379s [p11_child[2060]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 379s [p11_child[2060]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 379s [p11_child[2060]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 379s [p11_child[2060]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 379s [p11_child[2060]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 379s [p11_child[2060]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 379s [p11_child[2060]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 379s [p11_child[2060]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 379s [p11_child[2060]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 379s [p11_child[2060]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 379s [p11_child[2060]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 379s [p11_child[2060]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 379s [p11_child[2060]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 379s [p11_child[2060]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 379s [p11_child[2060]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 379s [p11_child[2060]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 379s [p11_child[2060]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 379s [p11_child[2060]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 379s [p11_child[2060]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 379s [p11_child[2060]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 379s [p11_child[2060]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 379s [p11_child[2060]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 379s [p11_child[2060]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 379s [p11_child[2060]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 379s [p11_child[2060]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 379s [p11_child[2060]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 379s [p11_child[2060]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 379s [p11_child[2060]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 379s [p11_child[2060]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 379s [p11_child[2060]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 379s [p11_child[2060]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 379s [p11_child[2060]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 379s [p11_child[2060]] [do_card] (0x4000): Certificate verified and validated. 379s [p11_child[2060]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 379s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-F2KOnK/SSSD-child-14069-auth.output 379s + echo '-----BEGIN CERTIFICATE-----' 379s + tail -n1 /tmp/sssd-softhsm2-F2KOnK/SSSD-child-14069-auth.output 379s + echo '-----END CERTIFICATE-----' 379s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-F2KOnK/SSSD-child-14069-auth.pem 379s Certificate: 379s Data: 379s Version: 3 (0x2) 379s Serial Number: 3 (0x3) 379s Signature Algorithm: sha256WithRSAEncryption 379s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root CA 379s Validity 379s Not Before: Mar 21 03:53:17 2024 GMT 379s Not After : Mar 21 03:53:17 2025 GMT 379s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root Trusted Certificate 0001 379s Subject Public Key Info: 379s Public Key Algorithm: rsaEncryption 379s Public-Key: (1024 bit) 379s Modulus: 379s 00:c3:7f:b9:bc:aa:ad:e1:be:ec:3a:a0:83:6c:66: 379s ec:7c:aa:f0:14:61:3b:44:5a:35:fb:1b:6b:f4:d8: 379s 1d:ce:e7:12:16:86:5e:86:21:e0:fd:64:4f:33:d2: 379s 13:11:e5:ff:b7:1e:14:a8:98:9f:3a:fb:a2:f0:42: 379s 37:ec:b7:b0:b1:36:0f:65:54:bb:49:bd:47:2d:0e: 379s d3:37:04:05:3b:d7:f2:f0:f5:17:1b:f6:f2:56:c6: 379s 0a:db:7d:9d:dc:9d:b1:60:65:74:ce:29:34:df:6c: 379s 47:97:5e:07:f7:ce:d1:a5:5c:a6:18:f8:5b:8c:ad: 379s 43:6e:b3:5e:01:14:be:c2:c7 379s Exponent: 65537 (0x10001) 379s X509v3 extensions: 379s X509v3 Authority Key Identifier: 379s 93:87:C4:7E:36:2A:10:7A:E9:9B:C1:A3:18:0A:B0:B4:96:79:9F:C7 379s X509v3 Basic Constraints: 379s CA:FALSE 379s Netscape Cert Type: 379s SSL Client, S/MIME 379s Netscape Comment: 379s Test Organization Root CA trusted Certificate 379s X509v3 Subject Key Identifier: 379s FB:1D:A5:DD:4F:E0:B5:0A:3F:66:C4:1A:60:E4:97:AB:CC:70:6B:4A 379s X509v3 Key Usage: critical 379s Digital Signature, Non Repudiation, Key Encipherment 379s X509v3 Extended Key Usage: 379s TLS Web Client Authentication, E-mail Protection 379s X509v3 Subject Alternative Name: 379s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 379s Signature Algorithm: sha256WithRSAEncryption 379s Signature Value: 379s 93:e3:86:cf:eb:1e:56:06:21:eb:80:bf:de:c1:9a:48:76:c3: 379s cb:91:8a:9e:20:a8:36:a6:c3:6d:15:8d:ad:61:d0:56:58:d0: 379s 89:74:e3:85:5a:01:a4:4d:2e:f4:f9:fc:45:71:31:e9:09:2a: 379s 8d:17:54:3f:20:b7:c4:da:f9:78:94:63:64:76:20:6c:47:10: 379s 6e:c1:25:64:8b:0d:6d:44:7d:90:95:9e:ff:9f:87:d2:78:5b: 379s f9:43:48:10:06:db:ea:f5:41:dd:8c:2e:67:55:20:e7:96:3c: 379s 1e:61:70:8a:26:25:d6:d3:2e:4d:44:dd:23:35:e4:b8:82:a2: 379s 0f:8e 379s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-F2KOnK/SSSD-child-14069-auth.pem 379s + found_md5=Modulus=C37FB9BCAAADE1BEEC3AA0836C66EC7CAAF014613B445A35FB1B6BF4D81DCEE71216865E8621E0FD644F33D21311E5FFB71E14A8989F3AFBA2F04237ECB7B0B1360F6554BB49BD472D0ED33704053BD7F2F0F5171BF6F256C60ADB7D9DDC9DB1606574CE2934DF6C47975E07F7CED1A55CA618F85B8CAD436EB35E0114BEC2C7 379s + '[' Modulus=C37FB9BCAAADE1BEEC3AA0836C66EC7CAAF014613B445A35FB1B6BF4D81DCEE71216865E8621E0FD644F33D21311E5FFB71E14A8989F3AFBA2F04237ECB7B0B1360F6554BB49BD472D0ED33704053BD7F2F0F5171BF6F256C60ADB7D9DDC9DB1606574CE2934DF6C47975E07F7CED1A55CA618F85B8CAD436EB35E0114BEC2C7 '!=' Modulus=C37FB9BCAAADE1BEEC3AA0836C66EC7CAAF014613B445A35FB1B6BF4D81DCEE71216865E8621E0FD644F33D21311E5FFB71E14A8989F3AFBA2F04237ECB7B0B1360F6554BB49BD472D0ED33704053BD7F2F0F5171BF6F256C60ADB7D9DDC9DB1606574CE2934DF6C47975E07F7CED1A55CA618F85B8CAD436EB35E0114BEC2C7 ']' 379s + valid_certificate /tmp/sssd-softhsm2-F2KOnK/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-23072 /tmp/sssd-softhsm2-F2KOnK/test-root-CA.pem partial_chain 379s + check_certificate /tmp/sssd-softhsm2-F2KOnK/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-23072 /tmp/sssd-softhsm2-F2KOnK/test-root-CA.pem partial_chain 379s + local certificate=/tmp/sssd-softhsm2-F2KOnK/test-root-CA-trusted-certificate-0001.pem 379s + local key_pass=pass:random-root-ca-trusted-cert-0001-23072 379s + local key_ring=/tmp/sssd-softhsm2-F2KOnK/test-root-CA.pem 379s + local verify_option=partial_chain 379s + prepare_softhsm2_card /tmp/sssd-softhsm2-F2KOnK/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-23072 379s + local certificate=/tmp/sssd-softhsm2-F2KOnK/test-root-CA-trusted-certificate-0001.pem 379s + local key_pass=pass:random-root-ca-trusted-cert-0001-23072 379s + local key_cn 379s + local key_name 379s + local tokens_dir 379s + local output_cert_file 379s + token_name= 379s ++ basename /tmp/sssd-softhsm2-F2KOnK/test-root-CA-trusted-certificate-0001.pem .pem 379s + key_name=test-root-CA-trusted-certificate-0001 379s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-F2KOnK/test-root-CA-trusted-certificate-0001.pem 379s ++ sed -n 's/ *commonName *= //p' 379s + key_cn='Test Organization Root Trusted Certificate 0001' 379s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 379s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-F2KOnK/softhsm2-test-root-CA-trusted-certificate-0001.conf 379s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-F2KOnK/softhsm2-test-root-CA-trusted-certificate-0001.conf 379s ++ basename /tmp/sssd-softhsm2-F2KOnK/softhsm2-test-root-CA-trusted-certificate-0001.conf .conf 379s + tokens_dir=/tmp/sssd-softhsm2-F2KOnK/softhsm2-test-root-CA-trusted-certificate-0001 379s + token_name='Test Organization Root Tr Token' 379s + '[' '!' -e /tmp/sssd-softhsm2-F2KOnK/softhsm2-test-root-CA-trusted-certificate-0001.conf ']' 379s + '[' '!' -d /tmp/sssd-softhsm2-F2KOnK/softhsm2-test-root-CA-trusted-certificate-0001 ']' 379s + echo 'Test Organization Root Tr Token' 379s Test Organization Root Tr Token 379s + '[' -n partial_chain ']' 379s + local verify_arg=--verify=partial_chain 379s + local output_base_name=SSSD-child-11978 379s + local output_file=/tmp/sssd-softhsm2-F2KOnK/SSSD-child-11978.output 379s + output_cert_file=/tmp/sssd-softhsm2-F2KOnK/SSSD-child-11978.pem 379s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so --verify=partial_chain --ca_db=/tmp/sssd-softhsm2-F2KOnK/test-root-CA.pem 379s [p11_child[2070]] [main] (0x0400): p11_child started. 379s [p11_child[2070]] [main] (0x2000): Running in [pre-auth] mode. 379s [p11_child[2070]] [main] (0x2000): Running with effective IDs: [0][0]. 379s [p11_child[2070]] [main] (0x2000): Running with real IDs [0][0]. 379s [p11_child[2070]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 379s [p11_child[2070]] [do_card] (0x4000): Module List: 379s [p11_child[2070]] [do_card] (0x4000): common name: [softhsm2]. 379s [p11_child[2070]] [do_card] (0x4000): dll name: [/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 379s [p11_child[2070]] [do_card] (0x4000): Description [SoftHSM slot ID 0x7c279b57] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 379s [p11_child[2070]] [do_card] (0x4000): Token label [Test Organization Root Tr Token]. 379s [p11_child[2070]] [do_card] (0x4000): Found [Test Organization Root Tr Token] in slot [SoftHSM slot ID 0x7c279b57][2082970455] of module [0][/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 379s [p11_child[2070]] [do_card] (0x4000): Login NOT required. 379s [p11_child[2070]] [read_certs] (0x4000): found cert[Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] 379s [p11_child[2070]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 379s [p11_child[2070]] [do_card] (0x4000): /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so (null) Test Organization Root Tr Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 379s [p11_child[2070]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x7c279b57;slot-manufacturer=SoftHSM%20project;slot-id=2082970455;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=bbe5593b7c279b57;token=Test%20Organization%20Root%20Tr%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Root%20Trusted%20Certificate%200001;type=cert. 379s [p11_child[2070]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 379s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-F2KOnK/SSSD-child-11978.output 379s + echo '-----BEGIN CERTIFICATE-----' 379s + tail -n1 /tmp/sssd-softhsm2-F2KOnK/SSSD-child-11978.output 379s + echo '-----END CERTIFICATE-----' 379s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-F2KOnK/SSSD-child-11978.pem 379s Certificate: 379s Data: 379s Version: 3 (0x2) 379s Serial Number: 3 (0x3) 379s Signature Algorithm: sha256WithRSAEncryption 379s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root CA 379s Validity 379s Not Before: Mar 21 03:53:17 2024 GMT 379s Not After : Mar 21 03:53:17 2025 GMT 379s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root Trusted Certificate 0001 379s Subject Public Key Info: 379s Public Key Algorithm: rsaEncryption 379s Public-Key: (1024 bit) 379s Modulus: 379s 00:c3:7f:b9:bc:aa:ad:e1:be:ec:3a:a0:83:6c:66: 379s ec:7c:aa:f0:14:61:3b:44:5a:35:fb:1b:6b:f4:d8: 379s 1d:ce:e7:12:16:86:5e:86:21:e0:fd:64:4f:33:d2: 379s 13:11:e5:ff:b7:1e:14:a8:98:9f:3a:fb:a2:f0:42: 379s 37:ec:b7:b0:b1:36:0f:65:54:bb:49:bd:47:2d:0e: 379s d3:37:04:05:3b:d7:f2:f0:f5:17:1b:f6:f2:56:c6: 379s 0a:db:7d:9d:dc:9d:b1:60:65:74:ce:29:34:df:6c: 379s 47:97:5e:07:f7:ce:d1:a5:5c:a6:18:f8:5b:8c:ad: 379s 43:6e:b3:5e:01:14:be:c2:c7 379s Exponent: 65537 (0x10001) 379s X509v3 extensions: 379s X509v3 Authority Key Identifier: 379s 93:87:C4:7E:36:2A:10:7A:E9:9B:C1:A3:18:0A:B0:B4:96:79:9F:C7 379s X509v3 Basic Constraints: 379s CA:FALSE 379s Netscape Cert Type: 379s SSL Client, S/MIME 379s Netscape Comment: 379s Test Organization Root CA trusted Certificate 379s X509v3 Subject Key Identifier: 379s FB:1D:A5:DD:4F:E0:B5:0A:3F:66:C4:1A:60:E4:97:AB:CC:70:6B:4A 379s X509v3 Key Usage: critical 379s Digital Signature, Non Repudiation, Key Encipherment 379s X509v3 Extended Key Usage: 379s TLS Web Client Authentication, E-mail Protection 379s X509v3 Subject Alternative Name: 379s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 379s Signature Algorithm: sha256WithRSAEncryption 379s Signature Value: 379s 93:e3:86:cf:eb:1e:56:06:21:eb:80:bf:de:c1:9a:48:76:c3: 379s cb:91:8a:9e:20:a8:36:a6:c3:6d:15:8d:ad:61:d0:56:58:d0: 379s 89:74:e3:85:5a:01:a4:4d:2e:f4:f9:fc:45:71:31:e9:09:2a: 379s 8d:17:54:3f:20:b7:c4:da:f9:78:94:63:64:76:20:6c:47:10: 379s 6e:c1:25:64:8b:0d:6d:44:7d:90:95:9e:ff:9f:87:d2:78:5b: 379s f9:43:48:10:06:db:ea:f5:41:dd:8c:2e:67:55:20:e7:96:3c: 379s 1e:61:70:8a:26:25:d6:d3:2e:4d:44:dd:23:35:e4:b8:82:a2: 379s 0f:8e 379s + local found_md5 expected_md5 379s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-F2KOnK/test-root-CA-trusted-certificate-0001.pem 379s + expected_md5=Modulus=C37FB9BCAAADE1BEEC3AA0836C66EC7CAAF014613B445A35FB1B6BF4D81DCEE71216865E8621E0FD644F33D21311E5FFB71E14A8989F3AFBA2F04237ECB7B0B1360F6554BB49BD472D0ED33704053BD7F2F0F5171BF6F256C60ADB7D9DDC9DB1606574CE2934DF6C47975E07F7CED1A55CA618F85B8CAD436EB35E0114BEC2C7 379s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-F2KOnK/SSSD-child-11978.pem 379s + found_md5=Modulus=C37FB9BCAAADE1BEEC3AA0836C66EC7CAAF014613B445A35FB1B6BF4D81DCEE71216865E8621E0FD644F33D21311E5FFB71E14A8989F3AFBA2F04237ECB7B0B1360F6554BB49BD472D0ED33704053BD7F2F0F5171BF6F256C60ADB7D9DDC9DB1606574CE2934DF6C47975E07F7CED1A55CA618F85B8CAD436EB35E0114BEC2C7 379s + '[' Modulus=C37FB9BCAAADE1BEEC3AA0836C66EC7CAAF014613B445A35FB1B6BF4D81DCEE71216865E8621E0FD644F33D21311E5FFB71E14A8989F3AFBA2F04237ECB7B0B1360F6554BB49BD472D0ED33704053BD7F2F0F5171BF6F256C60ADB7D9DDC9DB1606574CE2934DF6C47975E07F7CED1A55CA618F85B8CAD436EB35E0114BEC2C7 '!=' Modulus=C37FB9BCAAADE1BEEC3AA0836C66EC7CAAF014613B445A35FB1B6BF4D81DCEE71216865E8621E0FD644F33D21311E5FFB71E14A8989F3AFBA2F04237ECB7B0B1360F6554BB49BD472D0ED33704053BD7F2F0F5171BF6F256C60ADB7D9DDC9DB1606574CE2934DF6C47975E07F7CED1A55CA618F85B8CAD436EB35E0114BEC2C7 ']' 379s + output_file=/tmp/sssd-softhsm2-F2KOnK/SSSD-child-11978-auth.output 379s ++ basename /tmp/sssd-softhsm2-F2KOnK/SSSD-child-11978-auth.output .output 379s + output_cert_file=/tmp/sssd-softhsm2-F2KOnK/SSSD-child-11978-auth.pem 379s + echo -n 053350 379s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/tmp/sssd-softhsm2-F2KOnK/test-root-CA.pem --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 --verify=partial_chain --token_name 'Test Organization Root Tr Token' --module_name /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so 379s [p11_child[2078]] [main] (0x0400): p11_child started. 379s [p11_child[2078]] [main] (0x2000): Running in [auth] mode. 379s [p11_child[2078]] [main] (0x2000): Running with effective IDs: [0][0]. 379s [p11_child[2078]] [main] (0x2000): Running with real IDs [0][0]. 379s [p11_child[2078]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 379s [p11_child[2078]] [do_card] (0x4000): Module List: 379s [p11_child[2078]] [do_card] (0x4000): common name: [softhsm2]. 379s [p11_child[2078]] [do_card] (0x4000): dll name: [/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 379s [p11_child[2078]] [do_card] (0x4000): Description [SoftHSM slot ID 0x7c279b57] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 379s [p11_child[2078]] [do_card] (0x4000): Token label [Test Organization Root Tr Token]. 379s [p11_child[2078]] [do_card] (0x4000): Found [Test Organization Root Tr Token] in slot [SoftHSM slot ID 0x7c279b57][2082970455] of module [0][/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 379s [p11_child[2078]] [do_card] (0x4000): Login required. 379s [p11_child[2078]] [read_certs] (0x4000): found cert[Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] 379s [p11_child[2078]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 379s [p11_child[2078]] [do_card] (0x4000): /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so Test Organization Root Tr Token Test Organization Root Tr Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 379s [p11_child[2078]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x7c279b57;slot-manufacturer=SoftHSM%20project;slot-id=2082970455;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=bbe5593b7c279b57;token=Test%20Organization%20Root%20Tr%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Root%20Trusted%20Certificate%200001;type=cert. 379s [p11_child[2078]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 379s [p11_child[2078]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 379s [p11_child[2078]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 379s [p11_child[2078]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 379s [p11_child[2078]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 379s [p11_child[2078]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 379s [p11_child[2078]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 379s [p11_child[2078]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 379s [p11_child[2078]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 379s [p11_child[2078]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 379s [p11_child[2078]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 379s [p11_child[2078]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 379s [p11_child[2078]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 379s [p11_child[2078]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 379s [p11_child[2078]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 379s [p11_child[2078]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 379s [p11_child[2078]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 379s [p11_child[2078]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 379s [p11_child[2078]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 379s [p11_child[2078]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 379s [p11_child[2078]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 379s [p11_child[2078]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 379s [p11_child[2078]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 379s [p11_child[2078]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 379s [p11_child[2078]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 379s [p11_child[2078]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 379s [p11_child[2078]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 379s [p11_child[2078]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 379s [p11_child[2078]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 379s [p11_child[2078]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 379s [p11_child[2078]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 379s [p11_child[2078]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 379s [p11_child[2078]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 379s [p11_child[2078]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 379s [p11_child[2078]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 379s [p11_child[2078]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 379s [p11_child[2078]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 379s [p11_child[2078]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 379s [p11_child[2078]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 379s [p11_child[2078]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 379s [p11_child[2078]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 379s [p11_child[2078]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 379s [p11_child[2078]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 379s [p11_child[2078]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 379s [p11_child[2078]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 379s [p11_child[2078]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 379s [p11_child[2078]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 379s [p11_child[2078]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 379s [p11_child[2078]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 379s [p11_child[2078]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 379s [p11_child[2078]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 379s [p11_child[2078]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 379s [p11_child[2078]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 379s [p11_child[2078]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 379s [p11_child[2078]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 379s [p11_child[2078]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 379s [p11_child[2078]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 379s [p11_child[2078]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 379s [p11_child[2078]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 379s [p11_child[2078]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 379s [p11_child[2078]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 379s [p11_child[2078]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 379s [p11_child[2078]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 379s [p11_child[2078]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 379s [p11_child[2078]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 379s [p11_child[2078]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 379s [p11_child[2078]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 379s [p11_child[2078]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 379s [p11_child[2078]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 379s [p11_child[2078]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 379s [p11_child[2078]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 379s [p11_child[2078]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 379s [p11_child[2078]] [do_card] (0x4000): Certificate verified and validated. 379s [p11_child[2078]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 379s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-F2KOnK/SSSD-child-11978-auth.output 379s + echo '-----BEGIN CERTIFICATE-----' 379s + tail -n1 /tmp/sssd-softhsm2-F2KOnK/SSSD-child-11978-auth.output 379s + echo '-----END CERTIFICATE-----' 379s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-F2KOnK/SSSD-child-11978-auth.pem 379s Certificate: 379s Data: 379s Version: 3 (0x2) 379s Serial Number: 3 (0x3) 379s Signature Algorithm: sha256WithRSAEncryption 379s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root CA 379s Validity 379s Not Before: Mar 21 03:53:17 2024 GMT 379s Not After : Mar 21 03:53:17 2025 GMT 379s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root Trusted Certificate 0001 379s Subject Public Key Info: 379s Public Key Algorithm: rsaEncryption 379s Public-Key: (1024 bit) 379s Modulus: 379s 00:c3:7f:b9:bc:aa:ad:e1:be:ec:3a:a0:83:6c:66: 379s ec:7c:aa:f0:14:61:3b:44:5a:35:fb:1b:6b:f4:d8: 379s 1d:ce:e7:12:16:86:5e:86:21:e0:fd:64:4f:33:d2: 379s 13:11:e5:ff:b7:1e:14:a8:98:9f:3a:fb:a2:f0:42: 379s 37:ec:b7:b0:b1:36:0f:65:54:bb:49:bd:47:2d:0e: 379s d3:37:04:05:3b:d7:f2:f0:f5:17:1b:f6:f2:56:c6: 379s 0a:db:7d:9d:dc:9d:b1:60:65:74:ce:29:34:df:6c: 379s 47:97:5e:07:f7:ce:d1:a5:5c:a6:18:f8:5b:8c:ad: 379s 43:6e:b3:5e:01:14:be:c2:c7 379s Exponent: 65537 (0x10001) 379s X509v3 extensions: 379s X509v3 Authority Key Identifier: 379s 93:87:C4:7E:36:2A:10:7A:E9:9B:C1:A3:18:0A:B0:B4:96:79:9F:C7 379s X509v3 Basic Constraints: 379s CA:FALSE 379s Netscape Cert Type: 379s SSL Client, S/MIME 379s Netscape Comment: 379s Test Organization Root CA trusted Certificate 379s X509v3 Subject Key Identifier: 379s FB:1D:A5:DD:4F:E0:B5:0A:3F:66:C4:1A:60:E4:97:AB:CC:70:6B:4A 379s X509v3 Key Usage: critical 379s Digital Signature, Non Repudiation, Key Encipherment 379s X509v3 Extended Key Usage: 379s TLS Web Client Authentication, E-mail Protection 379s X509v3 Subject Alternative Name: 379s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 379s Signature Algorithm: sha256WithRSAEncryption 379s Signature Value: 379s 93:e3:86:cf:eb:1e:56:06:21:eb:80:bf:de:c1:9a:48:76:c3: 379s cb:91:8a:9e:20:a8:36:a6:c3:6d:15:8d:ad:61:d0:56:58:d0: 379s 89:74:e3:85:5a:01:a4:4d:2e:f4:f9:fc:45:71:31:e9:09:2a: 379s 8d:17:54:3f:20:b7:c4:da:f9:78:94:63:64:76:20:6c:47:10: 379s 6e:c1:25:64:8b:0d:6d:44:7d:90:95:9e:ff:9f:87:d2:78:5b: 379s f9:43:48:10:06:db:ea:f5:41:dd:8c:2e:67:55:20:e7:96:3c: 379s 1e:61:70:8a:26:25:d6:d3:2e:4d:44:dd:23:35:e4:b8:82:a2: 379s 0f:8e 379s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-F2KOnK/SSSD-child-11978-auth.pem 379s + found_md5=Modulus=C37FB9BCAAADE1BEEC3AA0836C66EC7CAAF014613B445A35FB1B6BF4D81DCEE71216865E8621E0FD644F33D21311E5FFB71E14A8989F3AFBA2F04237ECB7B0B1360F6554BB49BD472D0ED33704053BD7F2F0F5171BF6F256C60ADB7D9DDC9DB1606574CE2934DF6C47975E07F7CED1A55CA618F85B8CAD436EB35E0114BEC2C7 379s + '[' Modulus=C37FB9BCAAADE1BEEC3AA0836C66EC7CAAF014613B445A35FB1B6BF4D81DCEE71216865E8621E0FD644F33D21311E5FFB71E14A8989F3AFBA2F04237ECB7B0B1360F6554BB49BD472D0ED33704053BD7F2F0F5171BF6F256C60ADB7D9DDC9DB1606574CE2934DF6C47975E07F7CED1A55CA618F85B8CAD436EB35E0114BEC2C7 '!=' Modulus=C37FB9BCAAADE1BEEC3AA0836C66EC7CAAF014613B445A35FB1B6BF4D81DCEE71216865E8621E0FD644F33D21311E5FFB71E14A8989F3AFBA2F04237ECB7B0B1360F6554BB49BD472D0ED33704053BD7F2F0F5171BF6F256C60ADB7D9DDC9DB1606574CE2934DF6C47975E07F7CED1A55CA618F85B8CAD436EB35E0114BEC2C7 ']' 379s + valid_certificate /tmp/sssd-softhsm2-F2KOnK/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-23072 /tmp/sssd-softhsm2-F2KOnK/test-full-chain-CA.pem 379s + check_certificate /tmp/sssd-softhsm2-F2KOnK/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-23072 /tmp/sssd-softhsm2-F2KOnK/test-full-chain-CA.pem 379s + local certificate=/tmp/sssd-softhsm2-F2KOnK/test-root-CA-trusted-certificate-0001.pem 379s + local key_pass=pass:random-root-ca-trusted-cert-0001-23072 379s + local key_ring=/tmp/sssd-softhsm2-F2KOnK/test-full-chain-CA.pem 379s + local verify_option= 379s + prepare_softhsm2_card /tmp/sssd-softhsm2-F2KOnK/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-23072 379s + local certificate=/tmp/sssd-softhsm2-F2KOnK/test-root-CA-trusted-certificate-0001.pem 379s + local key_pass=pass:random-root-ca-trusted-cert-0001-23072 379s + local key_cn 379s + local key_name 379s + local tokens_dir 379s + local output_cert_file 379s + token_name= 379s ++ basename /tmp/sssd-softhsm2-F2KOnK/test-root-CA-trusted-certificate-0001.pem .pem 379s + key_name=test-root-CA-trusted-certificate-0001 379s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-F2KOnK/test-root-CA-trusted-certificate-0001.pem 379s ++ sed -n 's/ *commonName *= //p' 379s + key_cn='Test Organization Root Trusted Certificate 0001' 379s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 379s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-F2KOnK/softhsm2-test-root-CA-trusted-certificate-0001.conf 379s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-F2KOnK/softhsm2-test-root-CA-trusted-certificate-0001.conf 379s ++ basename /tmp/sssd-softhsm2-F2KOnK/softhsm2-test-root-CA-trusted-certificate-0001.conf .conf 379s + tokens_dir=/tmp/sssd-softhsm2-F2KOnK/softhsm2-test-root-CA-trusted-certificate-0001 379s + token_name='Test Organization Root Tr Token' 379s + '[' '!' -e /tmp/sssd-softhsm2-F2KOnK/softhsm2-test-root-CA-trusted-certificate-0001.conf ']' 379s + '[' '!' -d /tmp/sssd-softhsm2-F2KOnK/softhsm2-test-root-CA-trusted-certificate-0001 ']' 379s + echo 'Test Organization Root Tr Token' 379s Test Organization Root Tr Token 379s + '[' -n '' ']' 379s + local output_base_name=SSSD-child-2293 379s + local output_file=/tmp/sssd-softhsm2-F2KOnK/SSSD-child-2293.output 379s + output_cert_file=/tmp/sssd-softhsm2-F2KOnK/SSSD-child-2293.pem 379s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so '' --ca_db=/tmp/sssd-softhsm2-F2KOnK/test-full-chain-CA.pem 379s [p11_child[2088]] [main] (0x0400): p11_child started. 379s [p11_child[2088]] [main] (0x2000): Running in [pre-auth] mode. 379s [p11_child[2088]] [main] (0x2000): Running with effective IDs: [0][0]. 379s [p11_child[2088]] [main] (0x2000): Running with real IDs [0][0]. 379s [p11_child[2088]] [do_card] (0x4000): Module List: 379s [p11_child[2088]] [do_card] (0x4000): common name: [softhsm2]. 379s [p11_child[2088]] [do_card] (0x4000): dll name: [/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 379s [p11_child[2088]] [do_card] (0x4000): Description [SoftHSM slot ID 0x7c279b57] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 379s [p11_child[2088]] [do_card] (0x4000): Token label [Test Organization Root Tr Token]. 379s [p11_child[2088]] [do_card] (0x4000): Found [Test Organization Root Tr Token] in slot [SoftHSM slot ID 0x7c279b57][2082970455] of module [0][/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 379s [p11_child[2088]] [do_card] (0x4000): Login NOT required. 379s [p11_child[2088]] [read_certs] (0x4000): found cert[Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] 379s [p11_child[2088]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 379s [p11_child[2088]] [do_card] (0x4000): /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so (null) Test Organization Root Tr Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 379s [p11_child[2088]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x7c279b57;slot-manufacturer=SoftHSM%20project;slot-id=2082970455;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=bbe5593b7c279b57;token=Test%20Organization%20Root%20Tr%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Root%20Trusted%20Certificate%200001;type=cert. 379s [p11_child[2088]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 379s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-F2KOnK/SSSD-child-2293.output 379s + echo '-----BEGIN CERTIFICATE-----' 379s + tail -n1 /tmp/sssd-softhsm2-F2KOnK/SSSD-child-2293.output 379s + echo '-----END CERTIFICATE-----' 379s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-F2KOnK/SSSD-child-2293.pem 379s Certificate: 379s Data: 379s Version: 3 (0x2) 379s Serial Number: 3 (0x3) 379s Signature Algorithm: sha256WithRSAEncryption 379s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root CA 379s Validity 379s Not Before: Mar 21 03:53:17 2024 GMT 379s Not After : Mar 21 03:53:17 2025 GMT 379s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root Trusted Certificate 0001 379s Subject Public Key Info: 379s Public Key Algorithm: rsaEncryption 379s Public-Key: (1024 bit) 379s Modulus: 379s 00:c3:7f:b9:bc:aa:ad:e1:be:ec:3a:a0:83:6c:66: 379s ec:7c:aa:f0:14:61:3b:44:5a:35:fb:1b:6b:f4:d8: 379s 1d:ce:e7:12:16:86:5e:86:21:e0:fd:64:4f:33:d2: 379s 13:11:e5:ff:b7:1e:14:a8:98:9f:3a:fb:a2:f0:42: 379s 37:ec:b7:b0:b1:36:0f:65:54:bb:49:bd:47:2d:0e: 379s d3:37:04:05:3b:d7:f2:f0:f5:17:1b:f6:f2:56:c6: 379s 0a:db:7d:9d:dc:9d:b1:60:65:74:ce:29:34:df:6c: 379s 47:97:5e:07:f7:ce:d1:a5:5c:a6:18:f8:5b:8c:ad: 379s 43:6e:b3:5e:01:14:be:c2:c7 379s Exponent: 65537 (0x10001) 379s X509v3 extensions: 379s X509v3 Authority Key Identifier: 379s 93:87:C4:7E:36:2A:10:7A:E9:9B:C1:A3:18:0A:B0:B4:96:79:9F:C7 379s X509v3 Basic Constraints: 379s CA:FALSE 379s Netscape Cert Type: 379s SSL Client, S/MIME 379s Netscape Comment: 379s Test Organization Root CA trusted Certificate 379s X509v3 Subject Key Identifier: 379s FB:1D:A5:DD:4F:E0:B5:0A:3F:66:C4:1A:60:E4:97:AB:CC:70:6B:4A 379s X509v3 Key Usage: critical 379s Digital Signature, Non Repudiation, Key Encipherment 379s X509v3 Extended Key Usage: 379s TLS Web Client Authentication, E-mail Protection 379s X509v3 Subject Alternative Name: 379s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 379s Signature Algorithm: sha256WithRSAEncryption 379s Signature Value: 379s 93:e3:86:cf:eb:1e:56:06:21:eb:80:bf:de:c1:9a:48:76:c3: 379s cb:91:8a:9e:20:a8:36:a6:c3:6d:15:8d:ad:61:d0:56:58:d0: 379s 89:74:e3:85:5a:01:a4:4d:2e:f4:f9:fc:45:71:31:e9:09:2a: 379s 8d:17:54:3f:20:b7:c4:da:f9:78:94:63:64:76:20:6c:47:10: 379s 6e:c1:25:64:8b:0d:6d:44:7d:90:95:9e:ff:9f:87:d2:78:5b: 379s f9:43:48:10:06:db:ea:f5:41:dd:8c:2e:67:55:20:e7:96:3c: 379s 1e:61:70:8a:26:25:d6:d3:2e:4d:44:dd:23:35:e4:b8:82:a2: 379s 0f:8e 379s + local found_md5 expected_md5 379s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-F2KOnK/test-root-CA-trusted-certificate-0001.pem 379s + expected_md5=Modulus=C37FB9BCAAADE1BEEC3AA0836C66EC7CAAF014613B445A35FB1B6BF4D81DCEE71216865E8621E0FD644F33D21311E5FFB71E14A8989F3AFBA2F04237ECB7B0B1360F6554BB49BD472D0ED33704053BD7F2F0F5171BF6F256C60ADB7D9DDC9DB1606574CE2934DF6C47975E07F7CED1A55CA618F85B8CAD436EB35E0114BEC2C7 379s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-F2KOnK/SSSD-child-2293.pem 379s + found_md5=Modulus=C37FB9BCAAADE1BEEC3AA0836C66EC7CAAF014613B445A35FB1B6BF4D81DCEE71216865E8621E0FD644F33D21311E5FFB71E14A8989F3AFBA2F04237ECB7B0B1360F6554BB49BD472D0ED33704053BD7F2F0F5171BF6F256C60ADB7D9DDC9DB1606574CE2934DF6C47975E07F7CED1A55CA618F85B8CAD436EB35E0114BEC2C7 379s + '[' Modulus=C37FB9BCAAADE1BEEC3AA0836C66EC7CAAF014613B445A35FB1B6BF4D81DCEE71216865E8621E0FD644F33D21311E5FFB71E14A8989F3AFBA2F04237ECB7B0B1360F6554BB49BD472D0ED33704053BD7F2F0F5171BF6F256C60ADB7D9DDC9DB1606574CE2934DF6C47975E07F7CED1A55CA618F85B8CAD436EB35E0114BEC2C7 '!=' Modulus=C37FB9BCAAADE1BEEC3AA0836C66EC7CAAF014613B445A35FB1B6BF4D81DCEE71216865E8621E0FD644F33D21311E5FFB71E14A8989F3AFBA2F04237ECB7B0B1360F6554BB49BD472D0ED33704053BD7F2F0F5171BF6F256C60ADB7D9DDC9DB1606574CE2934DF6C47975E07F7CED1A55CA618F85B8CAD436EB35E0114BEC2C7 ']' 379s + output_file=/tmp/sssd-softhsm2-F2KOnK/SSSD-child-2293-auth.output 379s ++ basename /tmp/sssd-softhsm2-F2KOnK/SSSD-child-2293-auth.output .output 379s + output_cert_file=/tmp/sssd-softhsm2-F2KOnK/SSSD-child-2293-auth.pem 379s + echo -n 053350 379s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/tmp/sssd-softhsm2-F2KOnK/test-full-chain-CA.pem --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 '' --token_name 'Test Organization Root Tr Token' --module_name /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so 379s [p11_child[2096]] [main] (0x0400): p11_child started. 379s [p11_child[2096]] [main] (0x2000): Running in [auth] mode. 379s [p11_child[2096]] [main] (0x2000): Running with effective IDs: [0][0]. 379s [p11_child[2096]] [main] (0x2000): Running with real IDs [0][0]. 379s [p11_child[2096]] [do_card] (0x4000): Module List: 379s [p11_child[2096]] [do_card] (0x4000): common name: [softhsm2]. 379s [p11_child[2096]] [do_card] (0x4000): dll name: [/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 379s [p11_child[2096]] [do_card] (0x4000): Description [SoftHSM slot ID 0x7c279b57] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 379s [p11_child[2096]] [do_card] (0x4000): Token label [Test Organization Root Tr Token]. 379s [p11_child[2096]] [do_card] (0x4000): Found [Test Organization Root Tr Token] in slot [SoftHSM slot ID 0x7c279b57][2082970455] of module [0][/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 379s [p11_child[2096]] [do_card] (0x4000): Login required. 379s [p11_child[2096]] [read_certs] (0x4000): found cert[Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] 379s [p11_child[2096]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 379s [p11_child[2096]] [do_card] (0x4000): /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so Test Organization Root Tr Token Test Organization Root Tr Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 379s [p11_child[2096]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x7c279b57;slot-manufacturer=SoftHSM%20project;slot-id=2082970455;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=bbe5593b7c279b57;token=Test%20Organization%20Root%20Tr%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Root%20Trusted%20Certificate%200001;type=cert. 379s [p11_child[2096]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 379s [p11_child[2096]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 379s [p11_child[2096]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 379s [p11_child[2096]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 379s [p11_child[2096]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 379s [p11_child[2096]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 379s [p11_child[2096]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 379s [p11_child[2096]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 379s [p11_child[2096]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 379s [p11_child[2096]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 379s [p11_child[2096]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 379s [p11_child[2096]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 379s [p11_child[2096]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 379s [p11_child[2096]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 379s [p11_child[2096]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 379s [p11_child[2096]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 379s [p11_child[2096]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 379s [p11_child[2096]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 379s [p11_child[2096]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 379s [p11_child[2096]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 379s [p11_child[2096]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 379s [p11_child[2096]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 379s [p11_child[2096]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 379s [p11_child[2096]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 379s [p11_child[2096]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 379s [p11_child[2096]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 379s [p11_child[2096]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 379s [p11_child[2096]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 379s [p11_child[2096]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 379s [p11_child[2096]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 379s [p11_child[2096]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 379s [p11_child[2096]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 379s [p11_child[2096]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 379s [p11_child[2096]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 379s [p11_child[2096]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 379s [p11_child[2096]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 379s [p11_child[2096]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 379s [p11_child[2096]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 379s [p11_child[2096]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 379s [p11_child[2096]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 379s [p11_child[2096]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 379s [p11_child[2096]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 379s [p11_child[2096]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 379s [p11_child[2096]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 379s [p11_child[2096]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 379s [p11_child[2096]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 379s [p11_child[2096]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 379s [p11_child[2096]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 379s [p11_child[2096]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 379s [p11_child[2096]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 379s [p11_child[2096]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 379s [p11_child[2096]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 379s [p11_child[2096]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 379s [p11_child[2096]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 379s [p11_child[2096]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 379s [p11_child[2096]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 379s [p11_child[2096]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 379s [p11_child[2096]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 379s [p11_child[2096]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 379s [p11_child[2096]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 379s [p11_child[2096]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 379s [p11_child[2096]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 379s [p11_child[2096]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 379s [p11_child[2096]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 379s [p11_child[2096]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 379s [p11_child[2096]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 379s [p11_child[2096]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 379s [p11_child[2096]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 379s [p11_child[2096]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 379s [p11_child[2096]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 379s [p11_child[2096]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 379s [p11_child[2096]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 379s [p11_child[2096]] [do_card] (0x4000): Certificate verified and validated. 379s [p11_child[2096]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 379s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-F2KOnK/SSSD-child-2293-auth.output 379s + echo '-----BEGIN CERTIFICATE-----' 379s + tail -n1 /tmp/sssd-softhsm2-F2KOnK/SSSD-child-2293-auth.output 379s + echo '-----END CERTIFICATE-----' 379s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-F2KOnK/SSSD-child-2293-auth.pem 379s Certificate: 379s Data: 379s Version: 3 (0x2) 379s Serial Number: 3 (0x3) 379s Signature Algorithm: sha256WithRSAEncryption 379s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root CA 379s Validity 379s Not Before: Mar 21 03:53:17 2024 GMT 379s Not After : Mar 21 03:53:17 2025 GMT 379s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root Trusted Certificate 0001 379s Subject Public Key Info: 379s Public Key Algorithm: rsaEncryption 379s Public-Key: (1024 bit) 379s Modulus: 379s 00:c3:7f:b9:bc:aa:ad:e1:be:ec:3a:a0:83:6c:66: 379s ec:7c:aa:f0:14:61:3b:44:5a:35:fb:1b:6b:f4:d8: 379s 1d:ce:e7:12:16:86:5e:86:21:e0:fd:64:4f:33:d2: 379s 13:11:e5:ff:b7:1e:14:a8:98:9f:3a:fb:a2:f0:42: 379s 37:ec:b7:b0:b1:36:0f:65:54:bb:49:bd:47:2d:0e: 379s d3:37:04:05:3b:d7:f2:f0:f5:17:1b:f6:f2:56:c6: 379s 0a:db:7d:9d:dc:9d:b1:60:65:74:ce:29:34:df:6c: 379s 47:97:5e:07:f7:ce:d1:a5:5c:a6:18:f8:5b:8c:ad: 379s 43:6e:b3:5e:01:14:be:c2:c7 379s Exponent: 65537 (0x10001) 379s X509v3 extensions: 379s X509v3 Authority Key Identifier: 379s 93:87:C4:7E:36:2A:10:7A:E9:9B:C1:A3:18:0A:B0:B4:96:79:9F:C7 379s X509v3 Basic Constraints: 379s CA:FALSE 379s Netscape Cert Type: 379s SSL Client, S/MIME 379s Netscape Comment: 379s Test Organization Root CA trusted Certificate 379s X509v3 Subject Key Identifier: 379s FB:1D:A5:DD:4F:E0:B5:0A:3F:66:C4:1A:60:E4:97:AB:CC:70:6B:4A 379s X509v3 Key Usage: critical 379s Digital Signature, Non Repudiation, Key Encipherment 379s X509v3 Extended Key Usage: 379s TLS Web Client Authentication, E-mail Protection 379s X509v3 Subject Alternative Name: 379s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 379s Signature Algorithm: sha256WithRSAEncryption 379s Signature Value: 379s 93:e3:86:cf:eb:1e:56:06:21:eb:80:bf:de:c1:9a:48:76:c3: 379s cb:91:8a:9e:20:a8:36:a6:c3:6d:15:8d:ad:61:d0:56:58:d0: 379s 89:74:e3:85:5a:01:a4:4d:2e:f4:f9:fc:45:71:31:e9:09:2a: 379s 8d:17:54:3f:20:b7:c4:da:f9:78:94:63:64:76:20:6c:47:10: 379s 6e:c1:25:64:8b:0d:6d:44:7d:90:95:9e:ff:9f:87:d2:78:5b: 379s f9:43:48:10:06:db:ea:f5:41:dd:8c:2e:67:55:20:e7:96:3c: 379s 1e:61:70:8a:26:25:d6:d3:2e:4d:44:dd:23:35:e4:b8:82:a2: 379s 0f:8e 379s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-F2KOnK/SSSD-child-2293-auth.pem 379s + found_md5=Modulus=C37FB9BCAAADE1BEEC3AA0836C66EC7CAAF014613B445A35FB1B6BF4D81DCEE71216865E8621E0FD644F33D21311E5FFB71E14A8989F3AFBA2F04237ECB7B0B1360F6554BB49BD472D0ED33704053BD7F2F0F5171BF6F256C60ADB7D9DDC9DB1606574CE2934DF6C47975E07F7CED1A55CA618F85B8CAD436EB35E0114BEC2C7 379s + '[' Modulus=C37FB9BCAAADE1BEEC3AA0836C66EC7CAAF014613B445A35FB1B6BF4D81DCEE71216865E8621E0FD644F33D21311E5FFB71E14A8989F3AFBA2F04237ECB7B0B1360F6554BB49BD472D0ED33704053BD7F2F0F5171BF6F256C60ADB7D9DDC9DB1606574CE2934DF6C47975E07F7CED1A55CA618F85B8CAD436EB35E0114BEC2C7 '!=' Modulus=C37FB9BCAAADE1BEEC3AA0836C66EC7CAAF014613B445A35FB1B6BF4D81DCEE71216865E8621E0FD644F33D21311E5FFB71E14A8989F3AFBA2F04237ECB7B0B1360F6554BB49BD472D0ED33704053BD7F2F0F5171BF6F256C60ADB7D9DDC9DB1606574CE2934DF6C47975E07F7CED1A55CA618F85B8CAD436EB35E0114BEC2C7 ']' 379s + valid_certificate /tmp/sssd-softhsm2-F2KOnK/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-23072 /tmp/sssd-softhsm2-F2KOnK/test-full-chain-CA.pem partial_chain 379s + check_certificate /tmp/sssd-softhsm2-F2KOnK/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-23072 /tmp/sssd-softhsm2-F2KOnK/test-full-chain-CA.pem partial_chain 379s + local certificate=/tmp/sssd-softhsm2-F2KOnK/test-root-CA-trusted-certificate-0001.pem 379s + local key_pass=pass:random-root-ca-trusted-cert-0001-23072 379s + local key_ring=/tmp/sssd-softhsm2-F2KOnK/test-full-chain-CA.pem 379s + local verify_option=partial_chain 379s + prepare_softhsm2_card /tmp/sssd-softhsm2-F2KOnK/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-23072 379s + local certificate=/tmp/sssd-softhsm2-F2KOnK/test-root-CA-trusted-certificate-0001.pem 379s + local key_pass=pass:random-root-ca-trusted-cert-0001-23072 379s + local key_cn 379s + local key_name 379s + local tokens_dir 379s + local output_cert_file 379s + token_name= 379s ++ basename /tmp/sssd-softhsm2-F2KOnK/test-root-CA-trusted-certificate-0001.pem .pem 379s + key_name=test-root-CA-trusted-certificate-0001 379s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-F2KOnK/test-root-CA-trusted-certificate-0001.pem 379s ++ sed -n 's/ *commonName *= //p' 379s + key_cn='Test Organization Root Trusted Certificate 0001' 379s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 379s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-F2KOnK/softhsm2-test-root-CA-trusted-certificate-0001.conf 379s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-F2KOnK/softhsm2-test-root-CA-trusted-certificate-0001.conf 379s ++ basename /tmp/sssd-softhsm2-F2KOnK/softhsm2-test-root-CA-trusted-certificate-0001.conf .conf 379s + tokens_dir=/tmp/sssd-softhsm2-F2KOnK/softhsm2-test-root-CA-trusted-certificate-0001 379s + token_name='Test Organization Root Tr Token' 379s + '[' '!' -e /tmp/sssd-softhsm2-F2KOnK/softhsm2-test-root-CA-trusted-certificate-0001.conf ']' 379s + '[' '!' -d /tmp/sssd-softhsm2-F2KOnK/softhsm2-test-root-CA-trusted-certificate-0001 ']' 379s Test Organization Root Tr Token 379s + echo 'Test Organization Root Tr Token' 379s + '[' -n partial_chain ']' 379s + local verify_arg=--verify=partial_chain 379s + local output_base_name=SSSD-child-5217 379s + local output_file=/tmp/sssd-softhsm2-F2KOnK/SSSD-child-5217.output 379s + output_cert_file=/tmp/sssd-softhsm2-F2KOnK/SSSD-child-5217.pem 379s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so --verify=partial_chain --ca_db=/tmp/sssd-softhsm2-F2KOnK/test-full-chain-CA.pem 379s [p11_child[2106]] [main] (0x0400): p11_child started. 379s [p11_child[2106]] [main] (0x2000): Running in [pre-auth] mode. 379s [p11_child[2106]] [main] (0x2000): Running with effective IDs: [0][0]. 379s [p11_child[2106]] [main] (0x2000): Running with real IDs [0][0]. 379s [p11_child[2106]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 379s [p11_child[2106]] [do_card] (0x4000): Module List: 379s [p11_child[2106]] [do_card] (0x4000): common name: [softhsm2]. 379s [p11_child[2106]] [do_card] (0x4000): dll name: [/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 379s [p11_child[2106]] [do_card] (0x4000): Description [SoftHSM slot ID 0x7c279b57] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 379s [p11_child[2106]] [do_card] (0x4000): Token label [Test Organization Root Tr Token]. 379s [p11_child[2106]] [do_card] (0x4000): Found [Test Organization Root Tr Token] in slot [SoftHSM slot ID 0x7c279b57][2082970455] of module [0][/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 379s [p11_child[2106]] [do_card] (0x4000): Login NOT required. 379s [p11_child[2106]] [read_certs] (0x4000): found cert[Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] 379s [p11_child[2106]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 379s [p11_child[2106]] [do_card] (0x4000): /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so (null) Test Organization Root Tr Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 379s [p11_child[2106]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x7c279b57;slot-manufacturer=SoftHSM%20project;slot-id=2082970455;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=bbe5593b7c279b57;token=Test%20Organization%20Root%20Tr%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Root%20Trusted%20Certificate%200001;type=cert. 379s [p11_child[2106]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 379s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-F2KOnK/SSSD-child-5217.output 379s + echo '-----BEGIN CERTIFICATE-----' 379s + tail -n1 /tmp/sssd-softhsm2-F2KOnK/SSSD-child-5217.output 379s + echo '-----END CERTIFICATE-----' 379s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-F2KOnK/SSSD-child-5217.pem 379s Certificate: 379s Data: 379s Version: 3 (0x2) 379s Serial Number: 3 (0x3) 379s Signature Algorithm: sha256WithRSAEncryption 379s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root CA 379s Validity 379s Not Before: Mar 21 03:53:17 2024 GMT 379s Not After : Mar 21 03:53:17 2025 GMT 379s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root Trusted Certificate 0001 379s Subject Public Key Info: 379s Public Key Algorithm: rsaEncryption 379s Public-Key: (1024 bit) 379s Modulus: 379s 00:c3:7f:b9:bc:aa:ad:e1:be:ec:3a:a0:83:6c:66: 379s ec:7c:aa:f0:14:61:3b:44:5a:35:fb:1b:6b:f4:d8: 379s 1d:ce:e7:12:16:86:5e:86:21:e0:fd:64:4f:33:d2: 379s 13:11:e5:ff:b7:1e:14:a8:98:9f:3a:fb:a2:f0:42: 379s 37:ec:b7:b0:b1:36:0f:65:54:bb:49:bd:47:2d:0e: 379s d3:37:04:05:3b:d7:f2:f0:f5:17:1b:f6:f2:56:c6: 379s 0a:db:7d:9d:dc:9d:b1:60:65:74:ce:29:34:df:6c: 379s 47:97:5e:07:f7:ce:d1:a5:5c:a6:18:f8:5b:8c:ad: 379s 43:6e:b3:5e:01:14:be:c2:c7 379s Exponent: 65537 (0x10001) 379s X509v3 extensions: 379s X509v3 Authority Key Identifier: 379s 93:87:C4:7E:36:2A:10:7A:E9:9B:C1:A3:18:0A:B0:B4:96:79:9F:C7 379s X509v3 Basic Constraints: 379s CA:FALSE 379s Netscape Cert Type: 379s SSL Client, S/MIME 379s Netscape Comment: 379s Test Organization Root CA trusted Certificate 379s X509v3 Subject Key Identifier: 379s FB:1D:A5:DD:4F:E0:B5:0A:3F:66:C4:1A:60:E4:97:AB:CC:70:6B:4A 379s X509v3 Key Usage: critical 379s Digital Signature, Non Repudiation, Key Encipherment 379s X509v3 Extended Key Usage: 379s TLS Web Client Authentication, E-mail Protection 379s X509v3 Subject Alternative Name: 379s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 379s Signature Algorithm: sha256WithRSAEncryption 379s Signature Value: 379s 93:e3:86:cf:eb:1e:56:06:21:eb:80:bf:de:c1:9a:48:76:c3: 379s cb:91:8a:9e:20:a8:36:a6:c3:6d:15:8d:ad:61:d0:56:58:d0: 379s 89:74:e3:85:5a:01:a4:4d:2e:f4:f9:fc:45:71:31:e9:09:2a: 379s 8d:17:54:3f:20:b7:c4:da:f9:78:94:63:64:76:20:6c:47:10: 379s 6e:c1:25:64:8b:0d:6d:44:7d:90:95:9e:ff:9f:87:d2:78:5b: 379s f9:43:48:10:06:db:ea:f5:41:dd:8c:2e:67:55:20:e7:96:3c: 379s 1e:61:70:8a:26:25:d6:d3:2e:4d:44:dd:23:35:e4:b8:82:a2: 379s 0f:8e 379s + local found_md5 expected_md5 379s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-F2KOnK/test-root-CA-trusted-certificate-0001.pem 379s + expected_md5=Modulus=C37FB9BCAAADE1BEEC3AA0836C66EC7CAAF014613B445A35FB1B6BF4D81DCEE71216865E8621E0FD644F33D21311E5FFB71E14A8989F3AFBA2F04237ECB7B0B1360F6554BB49BD472D0ED33704053BD7F2F0F5171BF6F256C60ADB7D9DDC9DB1606574CE2934DF6C47975E07F7CED1A55CA618F85B8CAD436EB35E0114BEC2C7 379s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-F2KOnK/SSSD-child-5217.pem 379s + found_md5=Modulus=C37FB9BCAAADE1BEEC3AA0836C66EC7CAAF014613B445A35FB1B6BF4D81DCEE71216865E8621E0FD644F33D21311E5FFB71E14A8989F3AFBA2F04237ECB7B0B1360F6554BB49BD472D0ED33704053BD7F2F0F5171BF6F256C60ADB7D9DDC9DB1606574CE2934DF6C47975E07F7CED1A55CA618F85B8CAD436EB35E0114BEC2C7 379s + '[' Modulus=C37FB9BCAAADE1BEEC3AA0836C66EC7CAAF014613B445A35FB1B6BF4D81DCEE71216865E8621E0FD644F33D21311E5FFB71E14A8989F3AFBA2F04237ECB7B0B1360F6554BB49BD472D0ED33704053BD7F2F0F5171BF6F256C60ADB7D9DDC9DB1606574CE2934DF6C47975E07F7CED1A55CA618F85B8CAD436EB35E0114BEC2C7 '!=' Modulus=C37FB9BCAAADE1BEEC3AA0836C66EC7CAAF014613B445A35FB1B6BF4D81DCEE71216865E8621E0FD644F33D21311E5FFB71E14A8989F3AFBA2F04237ECB7B0B1360F6554BB49BD472D0ED33704053BD7F2F0F5171BF6F256C60ADB7D9DDC9DB1606574CE2934DF6C47975E07F7CED1A55CA618F85B8CAD436EB35E0114BEC2C7 ']' 379s + output_file=/tmp/sssd-softhsm2-F2KOnK/SSSD-child-5217-auth.output 379s ++ basename /tmp/sssd-softhsm2-F2KOnK/SSSD-child-5217-auth.output .output 379s + output_cert_file=/tmp/sssd-softhsm2-F2KOnK/SSSD-child-5217-auth.pem 379s + echo -n 053350 379s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/tmp/sssd-softhsm2-F2KOnK/test-full-chain-CA.pem --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 --verify=partial_chain --token_name 'Test Organization Root Tr Token' --module_name /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so 379s [p11_child[2114]] [main] (0x0400): p11_child started. 379s [p11_child[2114]] [main] (0x2000): Running in [auth] mode. 379s [p11_child[2114]] [main] (0x2000): Running with effective IDs: [0][0]. 379s [p11_child[2114]] [main] (0x2000): Running with real IDs [0][0]. 379s [p11_child[2114]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 379s [p11_child[2114]] [do_card] (0x4000): Module List: 379s [p11_child[2114]] [do_card] (0x4000): common name: [softhsm2]. 379s [p11_child[2114]] [do_card] (0x4000): dll name: [/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 379s [p11_child[2114]] [do_card] (0x4000): Description [SoftHSM slot ID 0x7c279b57] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 379s [p11_child[2114]] [do_card] (0x4000): Token label [Test Organization Root Tr Token]. 379s [p11_child[2114]] [do_card] (0x4000): Found [Test Organization Root Tr Token] in slot [SoftHSM slot ID 0x7c279b57][2082970455] of module [0][/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 379s [p11_child[2114]] [do_card] (0x4000): Login required. 379s [p11_child[2114]] [read_certs] (0x4000): found cert[Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] 379s [p11_child[2114]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 379s [p11_child[2114]] [do_card] (0x4000): /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so Test Organization Root Tr Token Test Organization Root Tr Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 379s [p11_child[2114]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x7c279b57;slot-manufacturer=SoftHSM%20project;slot-id=2082970455;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=bbe5593b7c279b57;token=Test%20Organization%20Root%20Tr%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Root%20Trusted%20Certificate%200001;type=cert. 379s [p11_child[2114]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 379s [p11_child[2114]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 379s [p11_child[2114]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 379s [p11_child[2114]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 379s [p11_child[2114]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 379s [p11_child[2114]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 379s [p11_child[2114]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 379s [p11_child[2114]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 379s [p11_child[2114]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 379s [p11_child[2114]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 379s [p11_child[2114]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 379s [p11_child[2114]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 379s [p11_child[2114]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 379s [p11_child[2114]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 379s [p11_child[2114]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 379s [p11_child[2114]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 379s [p11_child[2114]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 379s [p11_child[2114]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 379s [p11_child[2114]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 379s [p11_child[2114]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 379s [p11_child[2114]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 379s [p11_child[2114]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 379s [p11_child[2114]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 379s [p11_child[2114]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 379s [p11_child[2114]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 379s [p11_child[2114]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 379s [p11_child[2114]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 379s [p11_child[2114]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 379s [p11_child[2114]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 379s [p11_child[2114]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 379s [p11_child[2114]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 379s [p11_child[2114]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 379s [p11_child[2114]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 379s [p11_child[2114]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 379s [p11_child[2114]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 379s [p11_child[2114]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 379s [p11_child[2114]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 379s [p11_child[2114]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 379s [p11_child[2114]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 379s [p11_child[2114]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 379s [p11_child[2114]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 379s [p11_child[2114]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 379s [p11_child[2114]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 379s [p11_child[2114]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 379s [p11_child[2114]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 379s [p11_child[2114]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 379s [p11_child[2114]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 379s [p11_child[2114]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 379s [p11_child[2114]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 379s [p11_child[2114]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 379s [p11_child[2114]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 379s [p11_child[2114]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 379s [p11_child[2114]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 379s [p11_child[2114]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 379s [p11_child[2114]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 379s [p11_child[2114]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 379s [p11_child[2114]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 379s [p11_child[2114]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 379s [p11_child[2114]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 379s [p11_child[2114]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 379s [p11_child[2114]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 379s [p11_child[2114]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 379s [p11_child[2114]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 379s [p11_child[2114]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 379s [p11_child[2114]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 379s [p11_child[2114]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 379s [p11_child[2114]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 379s [p11_child[2114]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 379s [p11_child[2114]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 379s [p11_child[2114]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 379s [p11_child[2114]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 379s [p11_child[2114]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 379s [p11_child[2114]] [do_card] (0x4000): Certificate verified and validated. 379s [p11_child[2114]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 379s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-F2KOnK/SSSD-child-5217-auth.output 379s + echo '-----BEGIN CERTIFICATE-----' 379s + tail -n1 /tmp/sssd-softhsm2-F2KOnK/SSSD-child-5217-auth.output 379s + echo '-----END CERTIFICATE-----' 379s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-F2KOnK/SSSD-child-5217-auth.pem 379s Certificate: 379s Data: 379s Version: 3 (0x2) 379s Serial Number: 3 (0x3) 379s Signature Algorithm: sha256WithRSAEncryption 379s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root CA 379s Validity 379s Not Before: Mar 21 03:53:17 2024 GMT 379s Not After : Mar 21 03:53:17 2025 GMT 379s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root Trusted Certificate 0001 379s Subject Public Key Info: 379s Public Key Algorithm: rsaEncryption 379s Public-Key: (1024 bit) 379s Modulus: 379s 00:c3:7f:b9:bc:aa:ad:e1:be:ec:3a:a0:83:6c:66: 379s ec:7c:aa:f0:14:61:3b:44:5a:35:fb:1b:6b:f4:d8: 379s 1d:ce:e7:12:16:86:5e:86:21:e0:fd:64:4f:33:d2: 379s 13:11:e5:ff:b7:1e:14:a8:98:9f:3a:fb:a2:f0:42: 379s 37:ec:b7:b0:b1:36:0f:65:54:bb:49:bd:47:2d:0e: 379s d3:37:04:05:3b:d7:f2:f0:f5:17:1b:f6:f2:56:c6: 379s 0a:db:7d:9d:dc:9d:b1:60:65:74:ce:29:34:df:6c: 379s 47:97:5e:07:f7:ce:d1:a5:5c:a6:18:f8:5b:8c:ad: 379s 43:6e:b3:5e:01:14:be:c2:c7 379s Exponent: 65537 (0x10001) 379s X509v3 extensions: 379s X509v3 Authority Key Identifier: 379s 93:87:C4:7E:36:2A:10:7A:E9:9B:C1:A3:18:0A:B0:B4:96:79:9F:C7 379s X509v3 Basic Constraints: 379s CA:FALSE 379s Netscape Cert Type: 379s SSL Client, S/MIME 379s Netscape Comment: 379s Test Organization Root CA trusted Certificate 379s X509v3 Subject Key Identifier: 379s FB:1D:A5:DD:4F:E0:B5:0A:3F:66:C4:1A:60:E4:97:AB:CC:70:6B:4A 379s X509v3 Key Usage: critical 379s Digital Signature, Non Repudiation, Key Encipherment 379s X509v3 Extended Key Usage: 379s TLS Web Client Authentication, E-mail Protection 379s X509v3 Subject Alternative Name: 379s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 379s Signature Algorithm: sha256WithRSAEncryption 379s Signature Value: 379s 93:e3:86:cf:eb:1e:56:06:21:eb:80:bf:de:c1:9a:48:76:c3: 379s cb:91:8a:9e:20:a8:36:a6:c3:6d:15:8d:ad:61:d0:56:58:d0: 379s 89:74:e3:85:5a:01:a4:4d:2e:f4:f9:fc:45:71:31:e9:09:2a: 379s 8d:17:54:3f:20:b7:c4:da:f9:78:94:63:64:76:20:6c:47:10: 379s 6e:c1:25:64:8b:0d:6d:44:7d:90:95:9e:ff:9f:87:d2:78:5b: 379s f9:43:48:10:06:db:ea:f5:41:dd:8c:2e:67:55:20:e7:96:3c: 379s 1e:61:70:8a:26:25:d6:d3:2e:4d:44:dd:23:35:e4:b8:82:a2: 379s 0f:8e 379s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-F2KOnK/SSSD-child-5217-auth.pem 379s + found_md5=Modulus=C37FB9BCAAADE1BEEC3AA0836C66EC7CAAF014613B445A35FB1B6BF4D81DCEE71216865E8621E0FD644F33D21311E5FFB71E14A8989F3AFBA2F04237ECB7B0B1360F6554BB49BD472D0ED33704053BD7F2F0F5171BF6F256C60ADB7D9DDC9DB1606574CE2934DF6C47975E07F7CED1A55CA618F85B8CAD436EB35E0114BEC2C7 379s + '[' Modulus=C37FB9BCAAADE1BEEC3AA0836C66EC7CAAF014613B445A35FB1B6BF4D81DCEE71216865E8621E0FD644F33D21311E5FFB71E14A8989F3AFBA2F04237ECB7B0B1360F6554BB49BD472D0ED33704053BD7F2F0F5171BF6F256C60ADB7D9DDC9DB1606574CE2934DF6C47975E07F7CED1A55CA618F85B8CAD436EB35E0114BEC2C7 '!=' Modulus=C37FB9BCAAADE1BEEC3AA0836C66EC7CAAF014613B445A35FB1B6BF4D81DCEE71216865E8621E0FD644F33D21311E5FFB71E14A8989F3AFBA2F04237ECB7B0B1360F6554BB49BD472D0ED33704053BD7F2F0F5171BF6F256C60ADB7D9DDC9DB1606574CE2934DF6C47975E07F7CED1A55CA618F85B8CAD436EB35E0114BEC2C7 ']' 379s + invalid_certificate /tmp/sssd-softhsm2-F2KOnK/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-23072 /tmp/sssd-softhsm2-F2KOnK/test-intermediate-CA.pem 379s + check_certificate /tmp/sssd-softhsm2-F2KOnK/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-23072 /tmp/sssd-softhsm2-F2KOnK/test-intermediate-CA.pem 379s + local certificate=/tmp/sssd-softhsm2-F2KOnK/test-root-CA-trusted-certificate-0001.pem 379s + local key_pass=pass:random-root-ca-trusted-cert-0001-23072 379s + local key_ring=/tmp/sssd-softhsm2-F2KOnK/test-intermediate-CA.pem 379s + local verify_option= 379s + prepare_softhsm2_card /tmp/sssd-softhsm2-F2KOnK/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-23072 379s + local certificate=/tmp/sssd-softhsm2-F2KOnK/test-root-CA-trusted-certificate-0001.pem 379s + local key_pass=pass:random-root-ca-trusted-cert-0001-23072 379s + local key_cn 379s + local key_name 379s + local tokens_dir 379s + local output_cert_file 379s + token_name= 379s ++ basename /tmp/sssd-softhsm2-F2KOnK/test-root-CA-trusted-certificate-0001.pem .pem 379s + key_name=test-root-CA-trusted-certificate-0001 379s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-F2KOnK/test-root-CA-trusted-certificate-0001.pem 379s ++ sed -n 's/ *commonName *= //p' 379s + key_cn='Test Organization Root Trusted Certificate 0001' 379s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 379s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-F2KOnK/softhsm2-test-root-CA-trusted-certificate-0001.conf 379s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-F2KOnK/softhsm2-test-root-CA-trusted-certificate-0001.conf 379s ++ basename /tmp/sssd-softhsm2-F2KOnK/softhsm2-test-root-CA-trusted-certificate-0001.conf .conf 379s + tokens_dir=/tmp/sssd-softhsm2-F2KOnK/softhsm2-test-root-CA-trusted-certificate-0001 379s + token_name='Test Organization Root Tr Token' 379s + '[' '!' -e /tmp/sssd-softhsm2-F2KOnK/softhsm2-test-root-CA-trusted-certificate-0001.conf ']' 379s + '[' '!' -d /tmp/sssd-softhsm2-F2KOnK/softhsm2-test-root-CA-trusted-certificate-0001 ']' 379s + echo 'Test Organization Root Tr Token' 379s Test Organization Root Tr Token 379s + '[' -n '' ']' 379s + local output_base_name=SSSD-child-24074 379s + local output_file=/tmp/sssd-softhsm2-F2KOnK/SSSD-child-24074.output 379s + output_cert_file=/tmp/sssd-softhsm2-F2KOnK/SSSD-child-24074.pem 379s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so '' --ca_db=/tmp/sssd-softhsm2-F2KOnK/test-intermediate-CA.pem 379s [p11_child[2124]] [main] (0x0400): p11_child started. 379s [p11_child[2124]] [main] (0x2000): Running in [pre-auth] mode. 379s [p11_child[2124]] [main] (0x2000): Running with effective IDs: [0][0]. 379s [p11_child[2124]] [main] (0x2000): Running with real IDs [0][0]. 379s [p11_child[2124]] [do_card] (0x4000): Module List: 379s [p11_child[2124]] [do_card] (0x4000): common name: [softhsm2]. 379s [p11_child[2124]] [do_card] (0x4000): dll name: [/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 379s [p11_child[2124]] [do_card] (0x4000): Description [SoftHSM slot ID 0x7c279b57] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 379s [p11_child[2124]] [do_card] (0x4000): Token label [Test Organization Root Tr Token]. 379s [p11_child[2124]] [do_card] (0x4000): Found [Test Organization Root Tr Token] in slot [SoftHSM slot ID 0x7c279b57][2082970455] of module [0][/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 379s [p11_child[2124]] [do_card] (0x4000): Login NOT required. 379s [p11_child[2124]] [read_certs] (0x4000): found cert[Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] 379s [p11_child[2124]] [do_verification] (0x0040): X509_verify_cert failed [0]. 379s [p11_child[2124]] [do_verification] (0x0040): X509_verify_cert failed [20][unable to get local issuer certificate]. 379s [p11_child[2124]] [read_certs] (0x0040): Certificate [Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] not valid, skipping. 379s [p11_child[2124]] [do_card] (0x4000): No certificate found. 379s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-F2KOnK/SSSD-child-24074.output 379s + return 2 379s + invalid_certificate /tmp/sssd-softhsm2-F2KOnK/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-23072 /tmp/sssd-softhsm2-F2KOnK/test-intermediate-CA.pem partial_chain 379s + check_certificate /tmp/sssd-softhsm2-F2KOnK/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-23072 /tmp/sssd-softhsm2-F2KOnK/test-intermediate-CA.pem partial_chain 379s + local certificate=/tmp/sssd-softhsm2-F2KOnK/test-root-CA-trusted-certificate-0001.pem 379s + local key_pass=pass:random-root-ca-trusted-cert-0001-23072 379s + local key_ring=/tmp/sssd-softhsm2-F2KOnK/test-intermediate-CA.pem 379s + local verify_option=partial_chain 379s + prepare_softhsm2_card /tmp/sssd-softhsm2-F2KOnK/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-23072 379s + local certificate=/tmp/sssd-softhsm2-F2KOnK/test-root-CA-trusted-certificate-0001.pem 379s + local key_pass=pass:random-root-ca-trusted-cert-0001-23072 379s + local key_cn 379s + local key_name 379s + local tokens_dir 379s + local output_cert_file 379s + token_name= 379s ++ basename /tmp/sssd-softhsm2-F2KOnK/test-root-CA-trusted-certificate-0001.pem .pem 379s + key_name=test-root-CA-trusted-certificate-0001 379s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-F2KOnK/test-root-CA-trusted-certificate-0001.pem 379s ++ sed -n 's/ *commonName *= //p' 379s + key_cn='Test Organization Root Trusted Certificate 0001' 379s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 379s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-F2KOnK/softhsm2-test-root-CA-trusted-certificate-0001.conf 379s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-F2KOnK/softhsm2-test-root-CA-trusted-certificate-0001.conf 379s ++ basename /tmp/sssd-softhsm2-F2KOnK/softhsm2-test-root-CA-trusted-certificate-0001.conf .conf 379s + tokens_dir=/tmp/sssd-softhsm2-F2KOnK/softhsm2-test-root-CA-trusted-certificate-0001 379s + token_name='Test Organization Root Tr Token' 379s + '[' '!' -e /tmp/sssd-softhsm2-F2KOnK/softhsm2-test-root-CA-trusted-certificate-0001.conf ']' 379s + '[' '!' -d /tmp/sssd-softhsm2-F2KOnK/softhsm2-test-root-CA-trusted-certificate-0001 ']' 379s + echo 'Test Organization Root Tr Token' 379s + '[' -n partial_chain ']' 379s + local verify_arg=--verify=partial_chain 379s + local output_base_name=SSSD-child-28404 379s + local output_file=/tmp/sssd-softhsm2-F2KOnK/SSSD-child-28404.output 379s Test Organization Root Tr Token 379s + output_cert_file=/tmp/sssd-softhsm2-F2KOnK/SSSD-child-28404.pem 379s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so --verify=partial_chain --ca_db=/tmp/sssd-softhsm2-F2KOnK/test-intermediate-CA.pem 379s [p11_child[2131]] [main] (0x0400): p11_child started. 379s [p11_child[2131]] [main] (0x2000): Running in [pre-auth] mode. 379s [p11_child[2131]] [main] (0x2000): Running with effective IDs: [0][0]. 379s [p11_child[2131]] [main] (0x2000): Running with real IDs [0][0]. 379s [p11_child[2131]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 379s [p11_child[2131]] [do_card] (0x4000): Module List: 379s [p11_child[2131]] [do_card] (0x4000): common name: [softhsm2]. 379s [p11_child[2131]] [do_card] (0x4000): dll name: [/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 379s [p11_child[2131]] [do_card] (0x4000): Description [SoftHSM slot ID 0x7c279b57] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 379s [p11_child[2131]] [do_card] (0x4000): Token label [Test Organization Root Tr Token]. 379s [p11_child[2131]] [do_card] (0x4000): Found [Test Organization Root Tr Token] in slot [SoftHSM slot ID 0x7c279b57][2082970455] of module [0][/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 379s [p11_child[2131]] [do_card] (0x4000): Login NOT required. 379s [p11_child[2131]] [read_certs] (0x4000): found cert[Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] 379s [p11_child[2131]] [do_verification] (0x0040): X509_verify_cert failed [0]. 379s [p11_child[2131]] [do_verification] (0x0040): X509_verify_cert failed [20][unable to get local issuer certificate]. 379s [p11_child[2131]] [read_certs] (0x0040): Certificate [Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] not valid, skipping. 379s [p11_child[2131]] [do_card] (0x4000): No certificate found. 379s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-F2KOnK/SSSD-child-28404.output 379s + return 2 379s + invalid_certificate /tmp/sssd-softhsm2-F2KOnK/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-6530 /dev/null 379s + check_certificate /tmp/sssd-softhsm2-F2KOnK/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-6530 /dev/null 379s + local certificate=/tmp/sssd-softhsm2-F2KOnK/test-intermediate-CA-trusted-certificate-0001.pem 379s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-6530 379s + local key_ring=/dev/null 379s + local verify_option= 379s + prepare_softhsm2_card /tmp/sssd-softhsm2-F2KOnK/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-6530 379s + local certificate=/tmp/sssd-softhsm2-F2KOnK/test-intermediate-CA-trusted-certificate-0001.pem 379s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-6530 379s + local key_cn 379s + local key_name 379s + local tokens_dir 379s + local output_cert_file 379s + token_name= 379s ++ basename /tmp/sssd-softhsm2-F2KOnK/test-intermediate-CA-trusted-certificate-0001.pem .pem 379s + key_name=test-intermediate-CA-trusted-certificate-0001 379s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-F2KOnK/test-intermediate-CA-trusted-certificate-0001.pem 379s ++ sed -n 's/ *commonName *= //p' 380s + key_cn='Test Organization Intermediate Trusted Certificate 0001' 380s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 380s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-F2KOnK/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 380s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-F2KOnK/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 380s ++ basename /tmp/sssd-softhsm2-F2KOnK/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf .conf 380s + tokens_dir=/tmp/sssd-softhsm2-F2KOnK/softhsm2-test-intermediate-CA-trusted-certificate-0001 380s + token_name='Test Organization Interme Token' 380s + '[' '!' -e /tmp/sssd-softhsm2-F2KOnK/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf ']' 380s + local key_file 380s + local decrypted_key 380s + mkdir -p /tmp/sssd-softhsm2-F2KOnK/softhsm2-test-intermediate-CA-trusted-certificate-0001 380s + key_file=/tmp/sssd-softhsm2-F2KOnK/test-intermediate-CA-trusted-certificate-0001-key.pem 380s + decrypted_key=/tmp/sssd-softhsm2-F2KOnK/test-intermediate-CA-trusted-certificate-0001-key-decrypted.pem 380s + cat 380s + softhsm2-util --init-token --label 'Test Organization Interme Token' --pin 053350 --so-pin 053350 --free 380s Slot 0 has a free/uninitialized token. 380s The token has been initialized and is reassigned to slot 505445110 380s + softhsm2-util --show-slots 380s Available slots: 380s Slot 505445110 380s Slot info: 380s Description: SoftHSM slot ID 0x1e207af6 380s Manufacturer ID: SoftHSM project 380s Hardware version: 2.6 380s Firmware version: 2.6 380s Token present: yes 380s Token info: 380s Manufacturer ID: SoftHSM project 380s Model: SoftHSM v2 380s Hardware version: 2.6 380s Firmware version: 2.6 380s Serial number: 32b4c29c9e207af6 380s Initialized: yes 380s User PIN init.: yes 380s Label: Test Organization Interme Token 380s Slot 1 380s Slot info: 380s Description: SoftHSM slot ID 0x1 380s Manufacturer ID: SoftHSM project 380s Hardware version: 2.6 380s Firmware version: 2.6 380s Token present: yes 380s Token info: 380s Manufacturer ID: SoftHSM project 380s Model: SoftHSM v2 380s Hardware version: 2.6 380s Firmware version: 2.6 380s Serial number: 380s Initialized: no 380s User PIN init.: no 380s Label: 380s + p11tool --provider=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so --write --no-mark-private --load-certificate=/tmp/sssd-softhsm2-F2KOnK/test-intermediate-CA-trusted-certificate-0001.pem --login --set-pin=053350 --label 'Test Organization Intermediate Trusted Certificate 0001' --id 00112233445566778899FFAABBCCDDEEFF012345 380s + openssl rsa -passin pass:random-intermediate-ca-trusted-cert-0001-6530 -in /tmp/sssd-softhsm2-F2KOnK/test-intermediate-CA-trusted-certificate-0001-key.pem -out /tmp/sssd-softhsm2-F2KOnK/test-intermediate-CA-trusted-certificate-0001-key-decrypted.pem 380s writing RSA key 380s + p11tool --provider=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so --write --load-privkey=/tmp/sssd-softhsm2-F2KOnK/test-intermediate-CA-trusted-certificate-0001-key-decrypted.pem --login --set-pin=053350 --label 'Test Organization Intermediate Trusted Certificate 0001 Key' --id 00112233445566778899FFAABBCCDDEEFF012345 380s + rm /tmp/sssd-softhsm2-F2KOnK/test-intermediate-CA-trusted-certificate-0001-key-decrypted.pem 380s + p11tool --provider=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so --list-all 380s Object 0: 380s URL: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=32b4c29c9e207af6;token=Test%20Organization%20Interme%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Intermediate%20Trusted%20Certificate%200001;type=cert 380s Type: X.509 Certificate (RSA-1024) 380s Expires: Fri Mar 21 03:53:17 2025 380s Label: Test Organization Intermediate Trusted Certificate 0001 380s ID: 00:11:22:33:44:55:66:77:88:99:ff:aa:bb:cc:dd:ee:ff:01:23:45 380s 380s Test Organization Interme Token 380s + echo 'Test Organization Interme Token' 380s + '[' -n '' ']' 380s + local output_base_name=SSSD-child-32476 380s + local output_file=/tmp/sssd-softhsm2-F2KOnK/SSSD-child-32476.output 380s + output_cert_file=/tmp/sssd-softhsm2-F2KOnK/SSSD-child-32476.pem 380s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so '' --ca_db=/dev/null 380s [p11_child[2147]] [main] (0x0400): p11_child started. 380s [p11_child[2147]] [main] (0x2000): Running in [pre-auth] mode. 380s [p11_child[2147]] [main] (0x2000): Running with effective IDs: [0][0]. 380s [p11_child[2147]] [main] (0x2000): Running with real IDs [0][0]. 380s [p11_child[2147]] [init_verification] (0x0040): X509_LOOKUP_load_file [/dev/null] failed [92274824][error:05800088:x509 certificate routines::no certificate or crl found]. 380s [p11_child[2147]] [do_work] (0x0040): init_verification failed. 380s [p11_child[2147]] [main] (0x0020): p11_child failed (5) 380s + return 2 380s + valid_certificate /tmp/sssd-softhsm2-F2KOnK/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-6530 /dev/null no_verification 380s + check_certificate /tmp/sssd-softhsm2-F2KOnK/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-6530 /dev/null no_verification 380s + local certificate=/tmp/sssd-softhsm2-F2KOnK/test-intermediate-CA-trusted-certificate-0001.pem 380s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-6530 380s + local key_ring=/dev/null 380s + local verify_option=no_verification 380s + prepare_softhsm2_card /tmp/sssd-softhsm2-F2KOnK/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-6530 380s + local certificate=/tmp/sssd-softhsm2-F2KOnK/test-intermediate-CA-trusted-certificate-0001.pem 380s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-6530 380s + local key_cn 380s + local key_name 380s + local tokens_dir 380s + local output_cert_file 380s + token_name= 380s ++ basename /tmp/sssd-softhsm2-F2KOnK/test-intermediate-CA-trusted-certificate-0001.pem .pem 380s + key_name=test-intermediate-CA-trusted-certificate-0001 380s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-F2KOnK/test-intermediate-CA-trusted-certificate-0001.pem 380s ++ sed -n 's/ *commonName *= //p' 380s + key_cn='Test Organization Intermediate Trusted Certificate 0001' 380s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 380s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-F2KOnK/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 380s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-F2KOnK/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 380s ++ basename /tmp/sssd-softhsm2-F2KOnK/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf .conf 380s + tokens_dir=/tmp/sssd-softhsm2-F2KOnK/softhsm2-test-intermediate-CA-trusted-certificate-0001 380s + token_name='Test Organization Interme Token' 380s Test Organization Interme Token 380s + '[' '!' -e /tmp/sssd-softhsm2-F2KOnK/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf ']' 380s + '[' '!' -d /tmp/sssd-softhsm2-F2KOnK/softhsm2-test-intermediate-CA-trusted-certificate-0001 ']' 380s + echo 'Test Organization Interme Token' 380s + '[' -n no_verification ']' 380s + local verify_arg=--verify=no_verification 380s + local output_base_name=SSSD-child-19072 380s + local output_file=/tmp/sssd-softhsm2-F2KOnK/SSSD-child-19072.output 380s + output_cert_file=/tmp/sssd-softhsm2-F2KOnK/SSSD-child-19072.pem 380s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so --verify=no_verification --ca_db=/dev/null 380s [p11_child[2153]] [main] (0x0400): p11_child started. 380s [p11_child[2153]] [main] (0x2000): Running in [pre-auth] mode. 380s [p11_child[2153]] [main] (0x2000): Running with effective IDs: [0][0]. 380s [p11_child[2153]] [main] (0x2000): Running with real IDs [0][0]. 380s [p11_child[2153]] [parse_cert_verify_opts] (0x0020): Found 'no_verification' option, disabling verification completely. This should not be used in production. 380s [p11_child[2153]] [do_card] (0x4000): Module List: 380s [p11_child[2153]] [do_card] (0x4000): common name: [softhsm2]. 380s [p11_child[2153]] [do_card] (0x4000): dll name: [/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 380s [p11_child[2153]] [do_card] (0x4000): Description [SoftHSM slot ID 0x1e207af6] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 380s [p11_child[2153]] [do_card] (0x4000): Token label [Test Organization Interme Token]. 380s [p11_child[2153]] [do_card] (0x4000): Found [Test Organization Interme Token] in slot [SoftHSM slot ID 0x1e207af6][505445110] of module [0][/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 380s [p11_child[2153]] [do_card] (0x4000): Login NOT required. 380s [p11_child[2153]] [read_certs] (0x4000): found cert[Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] 380s [p11_child[2153]] [do_card] (0x4000): /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so (null) Test Organization Interme Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 380s [p11_child[2153]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x1e207af6;slot-manufacturer=SoftHSM%20project;slot-id=505445110;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=32b4c29c9e207af6;token=Test%20Organization%20Interme%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Intermediate%20Trusted%20Certificate%200001;type=cert. 380s [p11_child[2153]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 380s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-F2KOnK/SSSD-child-19072.output 380s + echo '-----BEGIN CERTIFICATE-----' 380s + tail -n1 /tmp/sssd-softhsm2-F2KOnK/SSSD-child-19072.output 380s + echo '-----END CERTIFICATE-----' 380s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-F2KOnK/SSSD-child-19072.pem 380s Certificate: 380s Data: 380s Version: 3 (0x2) 380s Serial Number: 4 (0x4) 380s Signature Algorithm: sha256WithRSAEncryption 380s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate CA 380s Validity 380s Not Before: Mar 21 03:53:17 2024 GMT 380s Not After : Mar 21 03:53:17 2025 GMT 380s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate Trusted Certificate 0001 380s Subject Public Key Info: 380s Public Key Algorithm: rsaEncryption 380s Public-Key: (1024 bit) 380s Modulus: 380s 00:d7:1f:86:c8:34:2a:46:48:a1:20:58:5a:45:33: 380s dc:6c:d0:11:2a:00:36:88:d3:0d:76:e2:2c:cf:3d: 380s fd:f8:43:57:99:bb:d1:20:5d:87:dc:4c:27:53:06: 380s 6d:11:e3:47:35:80:15:e3:b0:ff:cd:6a:9b:2a:94: 380s 81:6d:2d:fa:aa:10:41:0b:0c:e2:06:0e:75:ed:32: 380s f3:e2:26:ab:f1:ea:a3:16:52:28:d4:6d:3c:3c:12: 380s e2:8e:98:e3:d7:73:b4:52:b7:80:03:ba:f6:f4:3f: 380s 0f:22:39:5b:d1:f6:57:d3:25:46:4c:58:ec:fc:34: 380s a9:d4:31:25:62:5b:d6:59:fb 380s Exponent: 65537 (0x10001) 380s X509v3 extensions: 380s X509v3 Authority Key Identifier: 380s 48:8E:0E:87:44:83:DE:4A:49:48:82:98:08:92:EF:0B:A5:4C:2F:F2 380s X509v3 Basic Constraints: 380s CA:FALSE 380s Netscape Cert Type: 380s SSL Client, S/MIME 380s Netscape Comment: 380s Test Organization Intermediate CA trusted Certificate 380s X509v3 Subject Key Identifier: 380s 11:1B:CF:EB:B5:FD:AD:C1:B2:A6:90:23:93:4C:E5:CB:8C:28:3C:C8 380s X509v3 Key Usage: critical 380s Digital Signature, Non Repudiation, Key Encipherment 380s X509v3 Extended Key Usage: 380s TLS Web Client Authentication, E-mail Protection 380s X509v3 Subject Alternative Name: 380s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 380s Signature Algorithm: sha256WithRSAEncryption 380s Signature Value: 380s 0a:1b:90:5f:91:24:43:b3:cc:ed:4d:d7:57:61:7f:e8:e6:cb: 380s 38:08:63:c7:fb:3b:f6:74:22:e9:15:a8:3e:3c:34:8f:eb:0f: 380s 5e:7a:88:44:3f:b3:74:7f:82:85:14:9d:7d:f8:d8:a8:a1:91: 380s 7c:0e:86:23:60:71:16:c1:54:18:0c:56:0b:fa:f4:7d:c9:59: 380s a1:78:a0:56:48:54:b9:8f:af:d6:bf:69:13:e5:cc:48:43:2e: 380s f0:30:6d:7a:2d:33:ca:5e:11:26:a8:69:79:1d:ae:89:74:2c: 380s 68:eb:cb:9c:24:02:6a:aa:11:71:85:01:b5:f5:59:61:90:c9: 380s d5:49 380s + local found_md5 expected_md5 380s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-F2KOnK/test-intermediate-CA-trusted-certificate-0001.pem 380s + expected_md5=Modulus=D71F86C8342A4648A120585A4533DC6CD0112A003688D30D76E22CCF3DFDF8435799BBD1205D87DC4C2753066D11E347358015E3B0FFCD6A9B2A94816D2DFAAA10410B0CE2060E75ED32F3E226ABF1EAA3165228D46D3C3C12E28E98E3D773B452B78003BAF6F43F0F22395BD1F657D325464C58ECFC34A9D43125625BD659FB 380s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-F2KOnK/SSSD-child-19072.pem 380s + found_md5=Modulus=D71F86C8342A4648A120585A4533DC6CD0112A003688D30D76E22CCF3DFDF8435799BBD1205D87DC4C2753066D11E347358015E3B0FFCD6A9B2A94816D2DFAAA10410B0CE2060E75ED32F3E226ABF1EAA3165228D46D3C3C12E28E98E3D773B452B78003BAF6F43F0F22395BD1F657D325464C58ECFC34A9D43125625BD659FB 380s + '[' Modulus=D71F86C8342A4648A120585A4533DC6CD0112A003688D30D76E22CCF3DFDF8435799BBD1205D87DC4C2753066D11E347358015E3B0FFCD6A9B2A94816D2DFAAA10410B0CE2060E75ED32F3E226ABF1EAA3165228D46D3C3C12E28E98E3D773B452B78003BAF6F43F0F22395BD1F657D325464C58ECFC34A9D43125625BD659FB '!=' Modulus=D71F86C8342A4648A120585A4533DC6CD0112A003688D30D76E22CCF3DFDF8435799BBD1205D87DC4C2753066D11E347358015E3B0FFCD6A9B2A94816D2DFAAA10410B0CE2060E75ED32F3E226ABF1EAA3165228D46D3C3C12E28E98E3D773B452B78003BAF6F43F0F22395BD1F657D325464C58ECFC34A9D43125625BD659FB ']' 380s + output_file=/tmp/sssd-softhsm2-F2KOnK/SSSD-child-19072-auth.output 380s ++ basename /tmp/sssd-softhsm2-F2KOnK/SSSD-child-19072-auth.output .output 380s + output_cert_file=/tmp/sssd-softhsm2-F2KOnK/SSSD-child-19072-auth.pem 380s + echo -n 053350 380s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/dev/null --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 --verify=no_verification --token_name 'Test Organization Interme Token' --module_name /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so 380s [p11_child[2161]] [main] (0x0400): p11_child started. 380s [p11_child[2161]] [main] (0x2000): Running in [auth] mode. 380s [p11_child[2161]] [main] (0x2000): Running with effective IDs: [0][0]. 380s [p11_child[2161]] [main] (0x2000): Running with real IDs [0][0]. 380s [p11_child[2161]] [parse_cert_verify_opts] (0x0020): Found 'no_verification' option, disabling verification completely. This should not be used in production. 380s [p11_child[2161]] [do_card] (0x4000): Module List: 380s [p11_child[2161]] [do_card] (0x4000): common name: [softhsm2]. 380s [p11_child[2161]] [do_card] (0x4000): dll name: [/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 380s [p11_child[2161]] [do_card] (0x4000): Description [SoftHSM slot ID 0x1e207af6] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 380s [p11_child[2161]] [do_card] (0x4000): Token label [Test Organization Interme Token]. 380s [p11_child[2161]] [do_card] (0x4000): Found [Test Organization Interme Token] in slot [SoftHSM slot ID 0x1e207af6][505445110] of module [0][/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 380s [p11_child[2161]] [do_card] (0x4000): Login required. 380s [p11_child[2161]] [read_certs] (0x4000): found cert[Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] 380s [p11_child[2161]] [do_card] (0x4000): /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so Test Organization Interme Token Test Organization Interme Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 380s [p11_child[2161]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x1e207af6;slot-manufacturer=SoftHSM%20project;slot-id=505445110;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=32b4c29c9e207af6;token=Test%20Organization%20Interme%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Intermediate%20Trusted%20Certificate%200001;type=cert. 380s [p11_child[2161]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 380s [p11_child[2161]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 380s [p11_child[2161]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 380s [p11_child[2161]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 380s [p11_child[2161]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 380s [p11_child[2161]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 380s [p11_child[2161]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 380s [p11_child[2161]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 380s [p11_child[2161]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 380s [p11_child[2161]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 380s [p11_child[2161]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 380s [p11_child[2161]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 380s [p11_child[2161]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 380s [p11_child[2161]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 380s [p11_child[2161]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 380s [p11_child[2161]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 380s [p11_child[2161]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 380s [p11_child[2161]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 380s [p11_child[2161]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 380s [p11_child[2161]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 380s [p11_child[2161]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 380s [p11_child[2161]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 380s [p11_child[2161]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 380s [p11_child[2161]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 380s [p11_child[2161]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 380s [p11_child[2161]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 380s [p11_child[2161]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 380s [p11_child[2161]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 380s [p11_child[2161]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 380s [p11_child[2161]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 380s [p11_child[2161]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 380s [p11_child[2161]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 380s [p11_child[2161]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 380s [p11_child[2161]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 380s [p11_child[2161]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 380s [p11_child[2161]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 380s [p11_child[2161]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 380s [p11_child[2161]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 380s [p11_child[2161]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 380s [p11_child[2161]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 380s [p11_child[2161]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 380s [p11_child[2161]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 380s [p11_child[2161]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 380s [p11_child[2161]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 380s [p11_child[2161]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 380s [p11_child[2161]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 380s [p11_child[2161]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 380s [p11_child[2161]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 380s [p11_child[2161]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 380s [p11_child[2161]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 380s [p11_child[2161]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 380s [p11_child[2161]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 380s [p11_child[2161]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 380s [p11_child[2161]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 380s [p11_child[2161]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 380s [p11_child[2161]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 380s [p11_child[2161]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 380s [p11_child[2161]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 380s [p11_child[2161]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 380s [p11_child[2161]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 380s [p11_child[2161]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 380s [p11_child[2161]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 380s [p11_child[2161]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 380s [p11_child[2161]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 380s [p11_child[2161]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 380s [p11_child[2161]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 380s [p11_child[2161]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 380s [p11_child[2161]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 380s [p11_child[2161]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 380s [p11_child[2161]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 380s [p11_child[2161]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 380s [p11_child[2161]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 380s [p11_child[2161]] [do_card] (0x4000): Certificate verified and validated. 380s [p11_child[2161]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 380s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-F2KOnK/SSSD-child-19072-auth.output 380s + echo '-----BEGIN CERTIFICATE-----' 380s + tail -n1 /tmp/sssd-softhsm2-F2KOnK/SSSD-child-19072-auth.output 380s + echo '-----END CERTIFICATE-----' 380s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-F2KOnK/SSSD-child-19072-auth.pem 380s Certificate: 380s Data: 380s Version: 3 (0x2) 380s Serial Number: 4 (0x4) 380s Signature Algorithm: sha256WithRSAEncryption 380s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate CA 380s Validity 380s Not Before: Mar 21 03:53:17 2024 GMT 380s Not After : Mar 21 03:53:17 2025 GMT 380s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate Trusted Certificate 0001 380s Subject Public Key Info: 380s Public Key Algorithm: rsaEncryption 380s Public-Key: (1024 bit) 380s Modulus: 380s 00:d7:1f:86:c8:34:2a:46:48:a1:20:58:5a:45:33: 380s dc:6c:d0:11:2a:00:36:88:d3:0d:76:e2:2c:cf:3d: 380s fd:f8:43:57:99:bb:d1:20:5d:87:dc:4c:27:53:06: 380s 6d:11:e3:47:35:80:15:e3:b0:ff:cd:6a:9b:2a:94: 380s 81:6d:2d:fa:aa:10:41:0b:0c:e2:06:0e:75:ed:32: 380s f3:e2:26:ab:f1:ea:a3:16:52:28:d4:6d:3c:3c:12: 380s e2:8e:98:e3:d7:73:b4:52:b7:80:03:ba:f6:f4:3f: 380s 0f:22:39:5b:d1:f6:57:d3:25:46:4c:58:ec:fc:34: 380s a9:d4:31:25:62:5b:d6:59:fb 380s Exponent: 65537 (0x10001) 380s X509v3 extensions: 380s X509v3 Authority Key Identifier: 380s 48:8E:0E:87:44:83:DE:4A:49:48:82:98:08:92:EF:0B:A5:4C:2F:F2 380s X509v3 Basic Constraints: 380s CA:FALSE 380s Netscape Cert Type: 380s SSL Client, S/MIME 380s Netscape Comment: 380s Test Organization Intermediate CA trusted Certificate 380s X509v3 Subject Key Identifier: 380s 11:1B:CF:EB:B5:FD:AD:C1:B2:A6:90:23:93:4C:E5:CB:8C:28:3C:C8 380s X509v3 Key Usage: critical 380s Digital Signature, Non Repudiation, Key Encipherment 380s X509v3 Extended Key Usage: 380s TLS Web Client Authentication, E-mail Protection 380s X509v3 Subject Alternative Name: 380s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 380s Signature Algorithm: sha256WithRSAEncryption 380s Signature Value: 380s 0a:1b:90:5f:91:24:43:b3:cc:ed:4d:d7:57:61:7f:e8:e6:cb: 380s 38:08:63:c7:fb:3b:f6:74:22:e9:15:a8:3e:3c:34:8f:eb:0f: 380s 5e:7a:88:44:3f:b3:74:7f:82:85:14:9d:7d:f8:d8:a8:a1:91: 380s 7c:0e:86:23:60:71:16:c1:54:18:0c:56:0b:fa:f4:7d:c9:59: 380s a1:78:a0:56:48:54:b9:8f:af:d6:bf:69:13:e5:cc:48:43:2e: 380s f0:30:6d:7a:2d:33:ca:5e:11:26:a8:69:79:1d:ae:89:74:2c: 380s 68:eb:cb:9c:24:02:6a:aa:11:71:85:01:b5:f5:59:61:90:c9: 380s d5:49 380s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-F2KOnK/SSSD-child-19072-auth.pem 380s + found_md5=Modulus=D71F86C8342A4648A120585A4533DC6CD0112A003688D30D76E22CCF3DFDF8435799BBD1205D87DC4C2753066D11E347358015E3B0FFCD6A9B2A94816D2DFAAA10410B0CE2060E75ED32F3E226ABF1EAA3165228D46D3C3C12E28E98E3D773B452B78003BAF6F43F0F22395BD1F657D325464C58ECFC34A9D43125625BD659FB 380s + '[' Modulus=D71F86C8342A4648A120585A4533DC6CD0112A003688D30D76E22CCF3DFDF8435799BBD1205D87DC4C2753066D11E347358015E3B0FFCD6A9B2A94816D2DFAAA10410B0CE2060E75ED32F3E226ABF1EAA3165228D46D3C3C12E28E98E3D773B452B78003BAF6F43F0F22395BD1F657D325464C58ECFC34A9D43125625BD659FB '!=' Modulus=D71F86C8342A4648A120585A4533DC6CD0112A003688D30D76E22CCF3DFDF8435799BBD1205D87DC4C2753066D11E347358015E3B0FFCD6A9B2A94816D2DFAAA10410B0CE2060E75ED32F3E226ABF1EAA3165228D46D3C3C12E28E98E3D773B452B78003BAF6F43F0F22395BD1F657D325464C58ECFC34A9D43125625BD659FB ']' 380s + invalid_certificate /tmp/sssd-softhsm2-F2KOnK/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-6530 /tmp/sssd-softhsm2-F2KOnK/test-root-CA.pem 380s + check_certificate /tmp/sssd-softhsm2-F2KOnK/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-6530 /tmp/sssd-softhsm2-F2KOnK/test-root-CA.pem 380s + local certificate=/tmp/sssd-softhsm2-F2KOnK/test-intermediate-CA-trusted-certificate-0001.pem 380s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-6530 380s + local key_ring=/tmp/sssd-softhsm2-F2KOnK/test-root-CA.pem 380s + local verify_option= 380s + prepare_softhsm2_card /tmp/sssd-softhsm2-F2KOnK/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-6530 380s + local certificate=/tmp/sssd-softhsm2-F2KOnK/test-intermediate-CA-trusted-certificate-0001.pem 380s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-6530 380s + local key_cn 380s + local key_name 380s + local tokens_dir 380s + local output_cert_file 380s + token_name= 380s ++ basename /tmp/sssd-softhsm2-F2KOnK/test-intermediate-CA-trusted-certificate-0001.pem .pem 380s + key_name=test-intermediate-CA-trusted-certificate-0001 380s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-F2KOnK/test-intermediate-CA-trusted-certificate-0001.pem 380s ++ sed -n 's/ *commonName *= //p' 380s + key_cn='Test Organization Intermediate Trusted Certificate 0001' 380s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 380s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-F2KOnK/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 380s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-F2KOnK/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 380s ++ basename /tmp/sssd-softhsm2-F2KOnK/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf .conf 380s Test Organization Interme Token 380s + tokens_dir=/tmp/sssd-softhsm2-F2KOnK/softhsm2-test-intermediate-CA-trusted-certificate-0001 380s + token_name='Test Organization Interme Token' 380s + '[' '!' -e /tmp/sssd-softhsm2-F2KOnK/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf ']' 380s + '[' '!' -d /tmp/sssd-softhsm2-F2KOnK/softhsm2-test-intermediate-CA-trusted-certificate-0001 ']' 380s + echo 'Test Organization Interme Token' 380s + '[' -n '' ']' 380s + local output_base_name=SSSD-child-2164 380s + local output_file=/tmp/sssd-softhsm2-F2KOnK/SSSD-child-2164.output 380s + output_cert_file=/tmp/sssd-softhsm2-F2KOnK/SSSD-child-2164.pem 380s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so '' --ca_db=/tmp/sssd-softhsm2-F2KOnK/test-root-CA.pem 380s [p11_child[2171]] [main] (0x0400): p11_child started. 380s [p11_child[2171]] [main] (0x2000): Running in [pre-auth] mode. 380s [p11_child[2171]] [main] (0x2000): Running with effective IDs: [0][0]. 380s [p11_child[2171]] [main] (0x2000): Running with real IDs [0][0]. 380s [p11_child[2171]] [do_card] (0x4000): Module List: 380s [p11_child[2171]] [do_card] (0x4000): common name: [softhsm2]. 380s [p11_child[2171]] [do_card] (0x4000): dll name: [/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 380s [p11_child[2171]] [do_card] (0x4000): Description [SoftHSM slot ID 0x1e207af6] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 380s [p11_child[2171]] [do_card] (0x4000): Token label [Test Organization Interme Token]. 380s [p11_child[2171]] [do_card] (0x4000): Found [Test Organization Interme Token] in slot [SoftHSM slot ID 0x1e207af6][505445110] of module [0][/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 380s [p11_child[2171]] [do_card] (0x4000): Login NOT required. 380s [p11_child[2171]] [read_certs] (0x4000): found cert[Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] 380s [p11_child[2171]] [do_verification] (0x0040): X509_verify_cert failed [0]. 380s [p11_child[2171]] [do_verification] (0x0040): X509_verify_cert failed [20][unable to get local issuer certificate]. 380s [p11_child[2171]] [read_certs] (0x0040): Certificate [Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] not valid, skipping. 380s [p11_child[2171]] [do_card] (0x4000): No certificate found. 380s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-F2KOnK/SSSD-child-2164.output 380s + return 2 380s + invalid_certificate /tmp/sssd-softhsm2-F2KOnK/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-6530 /tmp/sssd-softhsm2-F2KOnK/test-root-CA.pem partial_chain 380s + check_certificate /tmp/sssd-softhsm2-F2KOnK/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-6530 /tmp/sssd-softhsm2-F2KOnK/test-root-CA.pem partial_chain 380s + local certificate=/tmp/sssd-softhsm2-F2KOnK/test-intermediate-CA-trusted-certificate-0001.pem 380s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-6530 380s + local key_ring=/tmp/sssd-softhsm2-F2KOnK/test-root-CA.pem 380s + local verify_option=partial_chain 380s + prepare_softhsm2_card /tmp/sssd-softhsm2-F2KOnK/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-6530 380s + local certificate=/tmp/sssd-softhsm2-F2KOnK/test-intermediate-CA-trusted-certificate-0001.pem 380s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-6530 380s + local key_cn 380s + local key_name 380s + local tokens_dir 380s + local output_cert_file 380s + token_name= 380s ++ basename /tmp/sssd-softhsm2-F2KOnK/test-intermediate-CA-trusted-certificate-0001.pem .pem 380s + key_name=test-intermediate-CA-trusted-certificate-0001 380s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-F2KOnK/test-intermediate-CA-trusted-certificate-0001.pem 380s ++ sed -n 's/ *commonName *= //p' 380s + key_cn='Test Organization Intermediate Trusted Certificate 0001' 380s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 380s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-F2KOnK/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 380s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-F2KOnK/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 380s ++ basename /tmp/sssd-softhsm2-F2KOnK/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf .conf 380s + tokens_dir=/tmp/sssd-softhsm2-F2KOnK/softhsm2-test-intermediate-CA-trusted-certificate-0001 380s + token_name='Test Organization Interme Token' 380s + '[' '!' -e /tmp/sssd-softhsm2-F2KOnK/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf ']' 380s Test Organization Interme Token 380s + '[' '!' -d /tmp/sssd-softhsm2-F2KOnK/softhsm2-test-intermediate-CA-trusted-certificate-0001 ']' 380s + echo 'Test Organization Interme Token' 380s + '[' -n partial_chain ']' 380s + local verify_arg=--verify=partial_chain 380s + local output_base_name=SSSD-child-30861 380s + local output_file=/tmp/sssd-softhsm2-F2KOnK/SSSD-child-30861.output 380s + output_cert_file=/tmp/sssd-softhsm2-F2KOnK/SSSD-child-30861.pem 380s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so --verify=partial_chain --ca_db=/tmp/sssd-softhsm2-F2KOnK/test-root-CA.pem 380s [p11_child[2178]] [main] (0x0400): p11_child started. 380s [p11_child[2178]] [main] (0x2000): Running in [pre-auth] mode. 380s [p11_child[2178]] [main] (0x2000): Running with effective IDs: [0][0]. 380s [p11_child[2178]] [main] (0x2000): Running with real IDs [0][0]. 380s [p11_child[2178]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 380s [p11_child[2178]] [do_card] (0x4000): Module List: 380s [p11_child[2178]] [do_card] (0x4000): common name: [softhsm2]. 380s [p11_child[2178]] [do_card] (0x4000): dll name: [/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 380s [p11_child[2178]] [do_card] (0x4000): Description [SoftHSM slot ID 0x1e207af6] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 380s [p11_child[2178]] [do_card] (0x4000): Token label [Test Organization Interme Token]. 380s [p11_child[2178]] [do_card] (0x4000): Found [Test Organization Interme Token] in slot [SoftHSM slot ID 0x1e207af6][505445110] of module [0][/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 380s [p11_child[2178]] [do_card] (0x4000): Login NOT required. 380s [p11_child[2178]] [read_certs] (0x4000): found cert[Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] 380s [p11_child[2178]] [do_verification] (0x0040): X509_verify_cert failed [0]. 380s [p11_child[2178]] [do_verification] (0x0040): X509_verify_cert failed [20][unable to get local issuer certificate]. 380s [p11_child[2178]] [read_certs] (0x0040): Certificate [Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] not valid, skipping. 380s [p11_child[2178]] [do_card] (0x4000): No certificate found. 380s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-F2KOnK/SSSD-child-30861.output 380s + return 2 380s + valid_certificate /tmp/sssd-softhsm2-F2KOnK/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-6530 /tmp/sssd-softhsm2-F2KOnK/test-full-chain-CA.pem 380s + check_certificate /tmp/sssd-softhsm2-F2KOnK/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-6530 /tmp/sssd-softhsm2-F2KOnK/test-full-chain-CA.pem 380s + local certificate=/tmp/sssd-softhsm2-F2KOnK/test-intermediate-CA-trusted-certificate-0001.pem 380s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-6530 380s + local key_ring=/tmp/sssd-softhsm2-F2KOnK/test-full-chain-CA.pem 380s + local verify_option= 380s + prepare_softhsm2_card /tmp/sssd-softhsm2-F2KOnK/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-6530 380s + local certificate=/tmp/sssd-softhsm2-F2KOnK/test-intermediate-CA-trusted-certificate-0001.pem 380s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-6530 380s + local key_cn 380s + local key_name 380s + local tokens_dir 380s + local output_cert_file 380s + token_name= 380s ++ basename /tmp/sssd-softhsm2-F2KOnK/test-intermediate-CA-trusted-certificate-0001.pem .pem 380s + key_name=test-intermediate-CA-trusted-certificate-0001 380s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-F2KOnK/test-intermediate-CA-trusted-certificate-0001.pem 380s ++ sed -n 's/ *commonName *= //p' 380s + key_cn='Test Organization Intermediate Trusted Certificate 0001' 380s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 380s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-F2KOnK/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 380s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-F2KOnK/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 380s ++ basename /tmp/sssd-softhsm2-F2KOnK/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf .conf 380s + tokens_dir=/tmp/sssd-softhsm2-F2KOnK/softhsm2-test-intermediate-CA-trusted-certificate-0001 380s + token_name='Test Organization Interme Token' 380s + '[' '!' -e /tmp/sssd-softhsm2-F2KOnK/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf ']' 380s Test Organization Interme Token 380s + '[' '!' -d /tmp/sssd-softhsm2-F2KOnK/softhsm2-test-intermediate-CA-trusted-certificate-0001 ']' 380s + echo 'Test Organization Interme Token' 380s + '[' -n '' ']' 380s + local output_base_name=SSSD-child-15625 380s + local output_file=/tmp/sssd-softhsm2-F2KOnK/SSSD-child-15625.output 380s + output_cert_file=/tmp/sssd-softhsm2-F2KOnK/SSSD-child-15625.pem 380s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so '' --ca_db=/tmp/sssd-softhsm2-F2KOnK/test-full-chain-CA.pem 380s [p11_child[2185]] [main] (0x0400): p11_child started. 380s [p11_child[2185]] [main] (0x2000): Running in [pre-auth] mode. 380s [p11_child[2185]] [main] (0x2000): Running with effective IDs: [0][0]. 380s [p11_child[2185]] [main] (0x2000): Running with real IDs [0][0]. 380s [p11_child[2185]] [do_card] (0x4000): Module List: 380s [p11_child[2185]] [do_card] (0x4000): common name: [softhsm2]. 380s [p11_child[2185]] [do_card] (0x4000): dll name: [/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 380s [p11_child[2185]] [do_card] (0x4000): Description [SoftHSM slot ID 0x1e207af6] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 380s [p11_child[2185]] [do_card] (0x4000): Token label [Test Organization Interme Token]. 380s [p11_child[2185]] [do_card] (0x4000): Found [Test Organization Interme Token] in slot [SoftHSM slot ID 0x1e207af6][505445110] of module [0][/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 380s [p11_child[2185]] [do_card] (0x4000): Login NOT required. 380s [p11_child[2185]] [read_certs] (0x4000): found cert[Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] 380s [p11_child[2185]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 380s [p11_child[2185]] [do_card] (0x4000): /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so (null) Test Organization Interme Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 380s [p11_child[2185]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x1e207af6;slot-manufacturer=SoftHSM%20project;slot-id=505445110;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=32b4c29c9e207af6;token=Test%20Organization%20Interme%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Intermediate%20Trusted%20Certificate%200001;type=cert. 380s [p11_child[2185]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 380s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-F2KOnK/SSSD-child-15625.output 380s + echo '-----BEGIN CERTIFICATE-----' 380s + tail -n1 /tmp/sssd-softhsm2-F2KOnK/SSSD-child-15625.output 380s + echo '-----END CERTIFICATE-----' 380s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-F2KOnK/SSSD-child-15625.pem 380s Certificate: 380s Data: 380s Version: 3 (0x2) 380s Serial Number: 4 (0x4) 380s Signature Algorithm: sha256WithRSAEncryption 380s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate CA 380s Validity 380s Not Before: Mar 21 03:53:17 2024 GMT 380s Not After : Mar 21 03:53:17 2025 GMT 380s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate Trusted Certificate 0001 380s Subject Public Key Info: 380s Public Key Algorithm: rsaEncryption 380s Public-Key: (1024 bit) 380s Modulus: 380s 00:d7:1f:86:c8:34:2a:46:48:a1:20:58:5a:45:33: 380s dc:6c:d0:11:2a:00:36:88:d3:0d:76:e2:2c:cf:3d: 380s fd:f8:43:57:99:bb:d1:20:5d:87:dc:4c:27:53:06: 380s 6d:11:e3:47:35:80:15:e3:b0:ff:cd:6a:9b:2a:94: 380s 81:6d:2d:fa:aa:10:41:0b:0c:e2:06:0e:75:ed:32: 380s f3:e2:26:ab:f1:ea:a3:16:52:28:d4:6d:3c:3c:12: 380s e2:8e:98:e3:d7:73:b4:52:b7:80:03:ba:f6:f4:3f: 380s 0f:22:39:5b:d1:f6:57:d3:25:46:4c:58:ec:fc:34: 380s a9:d4:31:25:62:5b:d6:59:fb 380s Exponent: 65537 (0x10001) 380s X509v3 extensions: 380s X509v3 Authority Key Identifier: 380s 48:8E:0E:87:44:83:DE:4A:49:48:82:98:08:92:EF:0B:A5:4C:2F:F2 380s X509v3 Basic Constraints: 380s CA:FALSE 380s Netscape Cert Type: 380s SSL Client, S/MIME 380s Netscape Comment: 380s Test Organization Intermediate CA trusted Certificate 380s X509v3 Subject Key Identifier: 380s 11:1B:CF:EB:B5:FD:AD:C1:B2:A6:90:23:93:4C:E5:CB:8C:28:3C:C8 380s X509v3 Key Usage: critical 380s Digital Signature, Non Repudiation, Key Encipherment 380s X509v3 Extended Key Usage: 380s TLS Web Client Authentication, E-mail Protection 380s X509v3 Subject Alternative Name: 380s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 380s Signature Algorithm: sha256WithRSAEncryption 380s Signature Value: 380s 0a:1b:90:5f:91:24:43:b3:cc:ed:4d:d7:57:61:7f:e8:e6:cb: 380s 38:08:63:c7:fb:3b:f6:74:22:e9:15:a8:3e:3c:34:8f:eb:0f: 380s 5e:7a:88:44:3f:b3:74:7f:82:85:14:9d:7d:f8:d8:a8:a1:91: 380s 7c:0e:86:23:60:71:16:c1:54:18:0c:56:0b:fa:f4:7d:c9:59: 380s a1:78:a0:56:48:54:b9:8f:af:d6:bf:69:13:e5:cc:48:43:2e: 380s f0:30:6d:7a:2d:33:ca:5e:11:26:a8:69:79:1d:ae:89:74:2c: 380s 68:eb:cb:9c:24:02:6a:aa:11:71:85:01:b5:f5:59:61:90:c9: 380s d5:49 380s + local found_md5 expected_md5 380s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-F2KOnK/test-intermediate-CA-trusted-certificate-0001.pem 380s + expected_md5=Modulus=D71F86C8342A4648A120585A4533DC6CD0112A003688D30D76E22CCF3DFDF8435799BBD1205D87DC4C2753066D11E347358015E3B0FFCD6A9B2A94816D2DFAAA10410B0CE2060E75ED32F3E226ABF1EAA3165228D46D3C3C12E28E98E3D773B452B78003BAF6F43F0F22395BD1F657D325464C58ECFC34A9D43125625BD659FB 380s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-F2KOnK/SSSD-child-15625.pem 380s + found_md5=Modulus=D71F86C8342A4648A120585A4533DC6CD0112A003688D30D76E22CCF3DFDF8435799BBD1205D87DC4C2753066D11E347358015E3B0FFCD6A9B2A94816D2DFAAA10410B0CE2060E75ED32F3E226ABF1EAA3165228D46D3C3C12E28E98E3D773B452B78003BAF6F43F0F22395BD1F657D325464C58ECFC34A9D43125625BD659FB 380s + '[' Modulus=D71F86C8342A4648A120585A4533DC6CD0112A003688D30D76E22CCF3DFDF8435799BBD1205D87DC4C2753066D11E347358015E3B0FFCD6A9B2A94816D2DFAAA10410B0CE2060E75ED32F3E226ABF1EAA3165228D46D3C3C12E28E98E3D773B452B78003BAF6F43F0F22395BD1F657D325464C58ECFC34A9D43125625BD659FB '!=' Modulus=D71F86C8342A4648A120585A4533DC6CD0112A003688D30D76E22CCF3DFDF8435799BBD1205D87DC4C2753066D11E347358015E3B0FFCD6A9B2A94816D2DFAAA10410B0CE2060E75ED32F3E226ABF1EAA3165228D46D3C3C12E28E98E3D773B452B78003BAF6F43F0F22395BD1F657D325464C58ECFC34A9D43125625BD659FB ']' 380s + output_file=/tmp/sssd-softhsm2-F2KOnK/SSSD-child-15625-auth.output 380s ++ basename /tmp/sssd-softhsm2-F2KOnK/SSSD-child-15625-auth.output .output 380s + output_cert_file=/tmp/sssd-softhsm2-F2KOnK/SSSD-child-15625-auth.pem 380s + echo -n 053350 380s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/tmp/sssd-softhsm2-F2KOnK/test-full-chain-CA.pem --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 '' --token_name 'Test Organization Interme Token' --module_name /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so 380s [p11_child[2193]] [main] (0x0400): p11_child started. 380s [p11_child[2193]] [main] (0x2000): Running in [auth] mode. 380s [p11_child[2193]] [main] (0x2000): Running with effective IDs: [0][0]. 380s [p11_child[2193]] [main] (0x2000): Running with real IDs [0][0]. 380s [p11_child[2193]] [do_card] (0x4000): Module List: 380s [p11_child[2193]] [do_card] (0x4000): common name: [softhsm2]. 380s [p11_child[2193]] [do_card] (0x4000): dll name: [/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 380s [p11_child[2193]] [do_card] (0x4000): Description [SoftHSM slot ID 0x1e207af6] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 380s [p11_child[2193]] [do_card] (0x4000): Token label [Test Organization Interme Token]. 380s [p11_child[2193]] [do_card] (0x4000): Found [Test Organization Interme Token] in slot [SoftHSM slot ID 0x1e207af6][505445110] of module [0][/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 380s [p11_child[2193]] [do_card] (0x4000): Login required. 380s [p11_child[2193]] [read_certs] (0x4000): found cert[Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] 380s [p11_child[2193]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 380s [p11_child[2193]] [do_card] (0x4000): /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so Test Organization Interme Token Test Organization Interme Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 380s [p11_child[2193]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x1e207af6;slot-manufacturer=SoftHSM%20project;slot-id=505445110;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=32b4c29c9e207af6;token=Test%20Organization%20Interme%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Intermediate%20Trusted%20Certificate%200001;type=cert. 380s [p11_child[2193]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 380s [p11_child[2193]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 380s [p11_child[2193]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 380s [p11_child[2193]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 380s [p11_child[2193]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 380s [p11_child[2193]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 380s [p11_child[2193]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 380s [p11_child[2193]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 380s [p11_child[2193]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 380s [p11_child[2193]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 380s [p11_child[2193]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 380s [p11_child[2193]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 380s [p11_child[2193]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 380s [p11_child[2193]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 380s [p11_child[2193]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 380s [p11_child[2193]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 380s [p11_child[2193]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 380s [p11_child[2193]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 380s [p11_child[2193]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 380s [p11_child[2193]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 380s [p11_child[2193]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 380s [p11_child[2193]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 380s [p11_child[2193]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 380s [p11_child[2193]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 380s [p11_child[2193]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 380s [p11_child[2193]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 380s [p11_child[2193]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 380s [p11_child[2193]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 380s [p11_child[2193]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 380s [p11_child[2193]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 380s [p11_child[2193]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 380s [p11_child[2193]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 380s [p11_child[2193]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 380s [p11_child[2193]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 380s [p11_child[2193]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 380s [p11_child[2193]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 380s [p11_child[2193]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 380s [p11_child[2193]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 380s [p11_child[2193]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 380s [p11_child[2193]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 380s [p11_child[2193]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 380s [p11_child[2193]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 380s [p11_child[2193]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 380s [p11_child[2193]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 380s [p11_child[2193]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 380s [p11_child[2193]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 380s [p11_child[2193]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 380s [p11_child[2193]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 380s [p11_child[2193]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 380s [p11_child[2193]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 380s [p11_child[2193]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 380s [p11_child[2193]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 380s [p11_child[2193]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 380s [p11_child[2193]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 380s [p11_child[2193]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 380s [p11_child[2193]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 380s [p11_child[2193]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 380s [p11_child[2193]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 380s [p11_child[2193]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 380s [p11_child[2193]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 380s [p11_child[2193]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 380s [p11_child[2193]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 380s [p11_child[2193]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 380s [p11_child[2193]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 380s [p11_child[2193]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 380s [p11_child[2193]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 380s [p11_child[2193]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 380s [p11_child[2193]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 380s [p11_child[2193]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 380s [p11_child[2193]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 380s [p11_child[2193]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 380s [p11_child[2193]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 380s [p11_child[2193]] [do_card] (0x4000): Certificate verified and validated. 380s [p11_child[2193]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 380s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-F2KOnK/SSSD-child-15625-auth.output 380s + echo '-----BEGIN CERTIFICATE-----' 380s + tail -n1 /tmp/sssd-softhsm2-F2KOnK/SSSD-child-15625-auth.output 380s + echo '-----END CERTIFICATE-----' 380s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-F2KOnK/SSSD-child-15625-auth.pem 380s Certificate: 380s Data: 380s Version: 3 (0x2) 380s Serial Number: 4 (0x4) 380s Signature Algorithm: sha256WithRSAEncryption 380s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate CA 380s Validity 380s Not Before: Mar 21 03:53:17 2024 GMT 380s Not After : Mar 21 03:53:17 2025 GMT 380s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate Trusted Certificate 0001 380s Subject Public Key Info: 380s Public Key Algorithm: rsaEncryption 380s Public-Key: (1024 bit) 380s Modulus: 380s 00:d7:1f:86:c8:34:2a:46:48:a1:20:58:5a:45:33: 380s dc:6c:d0:11:2a:00:36:88:d3:0d:76:e2:2c:cf:3d: 380s fd:f8:43:57:99:bb:d1:20:5d:87:dc:4c:27:53:06: 380s 6d:11:e3:47:35:80:15:e3:b0:ff:cd:6a:9b:2a:94: 380s 81:6d:2d:fa:aa:10:41:0b:0c:e2:06:0e:75:ed:32: 380s f3:e2:26:ab:f1:ea:a3:16:52:28:d4:6d:3c:3c:12: 380s e2:8e:98:e3:d7:73:b4:52:b7:80:03:ba:f6:f4:3f: 380s 0f:22:39:5b:d1:f6:57:d3:25:46:4c:58:ec:fc:34: 380s a9:d4:31:25:62:5b:d6:59:fb 380s Exponent: 65537 (0x10001) 380s X509v3 extensions: 380s X509v3 Authority Key Identifier: 380s 48:8E:0E:87:44:83:DE:4A:49:48:82:98:08:92:EF:0B:A5:4C:2F:F2 380s X509v3 Basic Constraints: 380s CA:FALSE 380s Netscape Cert Type: 380s SSL Client, S/MIME 380s Netscape Comment: 380s Test Organization Intermediate CA trusted Certificate 380s X509v3 Subject Key Identifier: 380s 11:1B:CF:EB:B5:FD:AD:C1:B2:A6:90:23:93:4C:E5:CB:8C:28:3C:C8 380s X509v3 Key Usage: critical 380s Digital Signature, Non Repudiation, Key Encipherment 380s X509v3 Extended Key Usage: 380s TLS Web Client Authentication, E-mail Protection 380s X509v3 Subject Alternative Name: 380s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 380s Signature Algorithm: sha256WithRSAEncryption 380s Signature Value: 380s 0a:1b:90:5f:91:24:43:b3:cc:ed:4d:d7:57:61:7f:e8:e6:cb: 380s 38:08:63:c7:fb:3b:f6:74:22:e9:15:a8:3e:3c:34:8f:eb:0f: 380s 5e:7a:88:44:3f:b3:74:7f:82:85:14:9d:7d:f8:d8:a8:a1:91: 380s 7c:0e:86:23:60:71:16:c1:54:18:0c:56:0b:fa:f4:7d:c9:59: 380s a1:78:a0:56:48:54:b9:8f:af:d6:bf:69:13:e5:cc:48:43:2e: 380s f0:30:6d:7a:2d:33:ca:5e:11:26:a8:69:79:1d:ae:89:74:2c: 380s 68:eb:cb:9c:24:02:6a:aa:11:71:85:01:b5:f5:59:61:90:c9: 380s d5:49 380s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-F2KOnK/SSSD-child-15625-auth.pem 380s + found_md5=Modulus=D71F86C8342A4648A120585A4533DC6CD0112A003688D30D76E22CCF3DFDF8435799BBD1205D87DC4C2753066D11E347358015E3B0FFCD6A9B2A94816D2DFAAA10410B0CE2060E75ED32F3E226ABF1EAA3165228D46D3C3C12E28E98E3D773B452B78003BAF6F43F0F22395BD1F657D325464C58ECFC34A9D43125625BD659FB 380s + '[' Modulus=D71F86C8342A4648A120585A4533DC6CD0112A003688D30D76E22CCF3DFDF8435799BBD1205D87DC4C2753066D11E347358015E3B0FFCD6A9B2A94816D2DFAAA10410B0CE2060E75ED32F3E226ABF1EAA3165228D46D3C3C12E28E98E3D773B452B78003BAF6F43F0F22395BD1F657D325464C58ECFC34A9D43125625BD659FB '!=' Modulus=D71F86C8342A4648A120585A4533DC6CD0112A003688D30D76E22CCF3DFDF8435799BBD1205D87DC4C2753066D11E347358015E3B0FFCD6A9B2A94816D2DFAAA10410B0CE2060E75ED32F3E226ABF1EAA3165228D46D3C3C12E28E98E3D773B452B78003BAF6F43F0F22395BD1F657D325464C58ECFC34A9D43125625BD659FB ']' 380s + valid_certificate /tmp/sssd-softhsm2-F2KOnK/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-6530 /tmp/sssd-softhsm2-F2KOnK/test-full-chain-CA.pem partial_chain 380s + check_certificate /tmp/sssd-softhsm2-F2KOnK/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-6530 /tmp/sssd-softhsm2-F2KOnK/test-full-chain-CA.pem partial_chain 380s + local certificate=/tmp/sssd-softhsm2-F2KOnK/test-intermediate-CA-trusted-certificate-0001.pem 380s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-6530 380s + local key_ring=/tmp/sssd-softhsm2-F2KOnK/test-full-chain-CA.pem 380s + local verify_option=partial_chain 380s + prepare_softhsm2_card /tmp/sssd-softhsm2-F2KOnK/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-6530 380s + local certificate=/tmp/sssd-softhsm2-F2KOnK/test-intermediate-CA-trusted-certificate-0001.pem 380s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-6530 380s + local key_cn 380s + local key_name 380s + local tokens_dir 380s + local output_cert_file 380s + token_name= 380s ++ basename /tmp/sssd-softhsm2-F2KOnK/test-intermediate-CA-trusted-certificate-0001.pem .pem 380s + key_name=test-intermediate-CA-trusted-certificate-0001 380s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-F2KOnK/test-intermediate-CA-trusted-certificate-0001.pem 380s ++ sed -n 's/ *commonName *= //p' 380s + key_cn='Test Organization Intermediate Trusted Certificate 0001' 380s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 380s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-F2KOnK/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 380s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-F2KOnK/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 380s ++ basename /tmp/sssd-softhsm2-F2KOnK/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf .conf 380s Test Organization Interme Token 380s + tokens_dir=/tmp/sssd-softhsm2-F2KOnK/softhsm2-test-intermediate-CA-trusted-certificate-0001 380s + token_name='Test Organization Interme Token' 380s + '[' '!' -e /tmp/sssd-softhsm2-F2KOnK/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf ']' 380s + '[' '!' -d /tmp/sssd-softhsm2-F2KOnK/softhsm2-test-intermediate-CA-trusted-certificate-0001 ']' 380s + echo 'Test Organization Interme Token' 380s + '[' -n partial_chain ']' 380s + local verify_arg=--verify=partial_chain 380s + local output_base_name=SSSD-child-29269 380s + local output_file=/tmp/sssd-softhsm2-F2KOnK/SSSD-child-29269.output 380s + output_cert_file=/tmp/sssd-softhsm2-F2KOnK/SSSD-child-29269.pem 380s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so --verify=partial_chain --ca_db=/tmp/sssd-softhsm2-F2KOnK/test-full-chain-CA.pem 380s [p11_child[2203]] [main] (0x0400): p11_child started. 380s [p11_child[2203]] [main] (0x2000): Running in [pre-auth] mode. 380s [p11_child[2203]] [main] (0x2000): Running with effective IDs: [0][0]. 380s [p11_child[2203]] [main] (0x2000): Running with real IDs [0][0]. 380s [p11_child[2203]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 380s [p11_child[2203]] [do_card] (0x4000): Module List: 380s [p11_child[2203]] [do_card] (0x4000): common name: [softhsm2]. 380s [p11_child[2203]] [do_card] (0x4000): dll name: [/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 380s [p11_child[2203]] [do_card] (0x4000): Description [SoftHSM slot ID 0x1e207af6] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 380s [p11_child[2203]] [do_card] (0x4000): Token label [Test Organization Interme Token]. 380s [p11_child[2203]] [do_card] (0x4000): Found [Test Organization Interme Token] in slot [SoftHSM slot ID 0x1e207af6][505445110] of module [0][/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 380s [p11_child[2203]] [do_card] (0x4000): Login NOT required. 380s [p11_child[2203]] [read_certs] (0x4000): found cert[Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] 380s [p11_child[2203]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 380s [p11_child[2203]] [do_card] (0x4000): /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so (null) Test Organization Interme Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 380s [p11_child[2203]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x1e207af6;slot-manufacturer=SoftHSM%20project;slot-id=505445110;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=32b4c29c9e207af6;token=Test%20Organization%20Interme%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Intermediate%20Trusted%20Certificate%200001;type=cert. 380s [p11_child[2203]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 380s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-F2KOnK/SSSD-child-29269.output 380s + echo '-----BEGIN CERTIFICATE-----' 380s + tail -n1 /tmp/sssd-softhsm2-F2KOnK/SSSD-child-29269.output 380s + echo '-----END CERTIFICATE-----' 380s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-F2KOnK/SSSD-child-29269.pem 380s Certificate: 380s Data: 380s Version: 3 (0x2) 380s Serial Number: 4 (0x4) 380s Signature Algorithm: sha256WithRSAEncryption 380s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate CA 380s Validity 380s Not Before: Mar 21 03:53:17 2024 GMT 380s Not After : Mar 21 03:53:17 2025 GMT 380s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate Trusted Certificate 0001 380s Subject Public Key Info: 380s Public Key Algorithm: rsaEncryption 380s Public-Key: (1024 bit) 380s Modulus: 380s 00:d7:1f:86:c8:34:2a:46:48:a1:20:58:5a:45:33: 380s dc:6c:d0:11:2a:00:36:88:d3:0d:76:e2:2c:cf:3d: 380s fd:f8:43:57:99:bb:d1:20:5d:87:dc:4c:27:53:06: 380s 6d:11:e3:47:35:80:15:e3:b0:ff:cd:6a:9b:2a:94: 380s 81:6d:2d:fa:aa:10:41:0b:0c:e2:06:0e:75:ed:32: 380s f3:e2:26:ab:f1:ea:a3:16:52:28:d4:6d:3c:3c:12: 380s e2:8e:98:e3:d7:73:b4:52:b7:80:03:ba:f6:f4:3f: 380s 0f:22:39:5b:d1:f6:57:d3:25:46:4c:58:ec:fc:34: 380s a9:d4:31:25:62:5b:d6:59:fb 380s Exponent: 65537 (0x10001) 380s X509v3 extensions: 380s X509v3 Authority Key Identifier: 380s 48:8E:0E:87:44:83:DE:4A:49:48:82:98:08:92:EF:0B:A5:4C:2F:F2 380s X509v3 Basic Constraints: 380s CA:FALSE 380s Netscape Cert Type: 380s SSL Client, S/MIME 380s Netscape Comment: 380s Test Organization Intermediate CA trusted Certificate 380s X509v3 Subject Key Identifier: 380s 11:1B:CF:EB:B5:FD:AD:C1:B2:A6:90:23:93:4C:E5:CB:8C:28:3C:C8 380s X509v3 Key Usage: critical 380s Digital Signature, Non Repudiation, Key Encipherment 380s X509v3 Extended Key Usage: 380s TLS Web Client Authentication, E-mail Protection 380s X509v3 Subject Alternative Name: 380s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 380s Signature Algorithm: sha256WithRSAEncryption 380s Signature Value: 380s 0a:1b:90:5f:91:24:43:b3:cc:ed:4d:d7:57:61:7f:e8:e6:cb: 380s 38:08:63:c7:fb:3b:f6:74:22:e9:15:a8:3e:3c:34:8f:eb:0f: 380s 5e:7a:88:44:3f:b3:74:7f:82:85:14:9d:7d:f8:d8:a8:a1:91: 380s 7c:0e:86:23:60:71:16:c1:54:18:0c:56:0b:fa:f4:7d:c9:59: 380s a1:78:a0:56:48:54:b9:8f:af:d6:bf:69:13:e5:cc:48:43:2e: 380s f0:30:6d:7a:2d:33:ca:5e:11:26:a8:69:79:1d:ae:89:74:2c: 380s 68:eb:cb:9c:24:02:6a:aa:11:71:85:01:b5:f5:59:61:90:c9: 380s d5:49 380s + local found_md5 expected_md5 380s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-F2KOnK/test-intermediate-CA-trusted-certificate-0001.pem 380s + expected_md5=Modulus=D71F86C8342A4648A120585A4533DC6CD0112A003688D30D76E22CCF3DFDF8435799BBD1205D87DC4C2753066D11E347358015E3B0FFCD6A9B2A94816D2DFAAA10410B0CE2060E75ED32F3E226ABF1EAA3165228D46D3C3C12E28E98E3D773B452B78003BAF6F43F0F22395BD1F657D325464C58ECFC34A9D43125625BD659FB 380s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-F2KOnK/SSSD-child-29269.pem 380s + found_md5=Modulus=D71F86C8342A4648A120585A4533DC6CD0112A003688D30D76E22CCF3DFDF8435799BBD1205D87DC4C2753066D11E347358015E3B0FFCD6A9B2A94816D2DFAAA10410B0CE2060E75ED32F3E226ABF1EAA3165228D46D3C3C12E28E98E3D773B452B78003BAF6F43F0F22395BD1F657D325464C58ECFC34A9D43125625BD659FB 380s + '[' Modulus=D71F86C8342A4648A120585A4533DC6CD0112A003688D30D76E22CCF3DFDF8435799BBD1205D87DC4C2753066D11E347358015E3B0FFCD6A9B2A94816D2DFAAA10410B0CE2060E75ED32F3E226ABF1EAA3165228D46D3C3C12E28E98E3D773B452B78003BAF6F43F0F22395BD1F657D325464C58ECFC34A9D43125625BD659FB '!=' Modulus=D71F86C8342A4648A120585A4533DC6CD0112A003688D30D76E22CCF3DFDF8435799BBD1205D87DC4C2753066D11E347358015E3B0FFCD6A9B2A94816D2DFAAA10410B0CE2060E75ED32F3E226ABF1EAA3165228D46D3C3C12E28E98E3D773B452B78003BAF6F43F0F22395BD1F657D325464C58ECFC34A9D43125625BD659FB ']' 380s + output_file=/tmp/sssd-softhsm2-F2KOnK/SSSD-child-29269-auth.output 380s ++ basename /tmp/sssd-softhsm2-F2KOnK/SSSD-child-29269-auth.output .output 380s + output_cert_file=/tmp/sssd-softhsm2-F2KOnK/SSSD-child-29269-auth.pem 380s + echo -n 053350 380s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/tmp/sssd-softhsm2-F2KOnK/test-full-chain-CA.pem --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 --verify=partial_chain --token_name 'Test Organization Interme Token' --module_name /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so 380s [p11_child[2211]] [main] (0x0400): p11_child started. 380s [p11_child[2211]] [main] (0x2000): Running in [auth] mode. 380s [p11_child[2211]] [main] (0x2000): Running with effective IDs: [0][0]. 380s [p11_child[2211]] [main] (0x2000): Running with real IDs [0][0]. 380s [p11_child[2211]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 380s [p11_child[2211]] [do_card] (0x4000): Module List: 380s [p11_child[2211]] [do_card] (0x4000): common name: [softhsm2]. 380s [p11_child[2211]] [do_card] (0x4000): dll name: [/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 380s [p11_child[2211]] [do_card] (0x4000): Description [SoftHSM slot ID 0x1e207af6] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 380s [p11_child[2211]] [do_card] (0x4000): Token label [Test Organization Interme Token]. 380s [p11_child[2211]] [do_card] (0x4000): Found [Test Organization Interme Token] in slot [SoftHSM slot ID 0x1e207af6][505445110] of module [0][/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 380s [p11_child[2211]] [do_card] (0x4000): Login required. 380s [p11_child[2211]] [read_certs] (0x4000): found cert[Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] 380s [p11_child[2211]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 380s [p11_child[2211]] [do_card] (0x4000): /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so Test Organization Interme Token Test Organization Interme Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 380s [p11_child[2211]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x1e207af6;slot-manufacturer=SoftHSM%20project;slot-id=505445110;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=32b4c29c9e207af6;token=Test%20Organization%20Interme%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Intermediate%20Trusted%20Certificate%200001;type=cert. 380s [p11_child[2211]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 380s [p11_child[2211]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 380s [p11_child[2211]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 380s [p11_child[2211]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 380s [p11_child[2211]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 380s [p11_child[2211]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 380s [p11_child[2211]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 380s [p11_child[2211]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 380s [p11_child[2211]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 380s [p11_child[2211]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 380s [p11_child[2211]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 380s [p11_child[2211]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 380s [p11_child[2211]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 380s [p11_child[2211]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 380s [p11_child[2211]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 380s [p11_child[2211]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 380s [p11_child[2211]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 380s [p11_child[2211]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 380s [p11_child[2211]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 380s [p11_child[2211]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 380s [p11_child[2211]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 380s [p11_child[2211]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 380s [p11_child[2211]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 380s [p11_child[2211]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 380s [p11_child[2211]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 380s [p11_child[2211]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 380s [p11_child[2211]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 380s [p11_child[2211]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 380s [p11_child[2211]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 380s [p11_child[2211]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 380s [p11_child[2211]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 380s [p11_child[2211]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 380s [p11_child[2211]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 380s [p11_child[2211]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 380s [p11_child[2211]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 380s [p11_child[2211]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 380s [p11_child[2211]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 380s [p11_child[2211]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 380s [p11_child[2211]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 380s [p11_child[2211]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 380s [p11_child[2211]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 380s [p11_child[2211]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 380s [p11_child[2211]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 380s [p11_child[2211]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 380s [p11_child[2211]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 380s [p11_child[2211]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 380s [p11_child[2211]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 380s [p11_child[2211]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 380s [p11_child[2211]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 380s [p11_child[2211]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 380s [p11_child[2211]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 380s [p11_child[2211]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 380s [p11_child[2211]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 380s [p11_child[2211]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 380s [p11_child[2211]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 380s [p11_child[2211]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 380s [p11_child[2211]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 380s [p11_child[2211]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 380s [p11_child[2211]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 380s [p11_child[2211]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 380s [p11_child[2211]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 380s [p11_child[2211]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 380s [p11_child[2211]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 380s [p11_child[2211]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 380s [p11_child[2211]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 380s [p11_child[2211]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 380s [p11_child[2211]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 380s [p11_child[2211]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 380s [p11_child[2211]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 380s [p11_child[2211]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 380s [p11_child[2211]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 380s [p11_child[2211]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 380s [p11_child[2211]] [do_card] (0x4000): Certificate verified and validated. 380s [p11_child[2211]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 380s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-F2KOnK/SSSD-child-29269-auth.output 380s + echo '-----BEGIN CERTIFICATE-----' 380s + tail -n1 /tmp/sssd-softhsm2-F2KOnK/SSSD-child-29269-auth.output 380s + echo '-----END CERTIFICATE-----' 380s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-F2KOnK/SSSD-child-29269-auth.pem 380s Certificate: 380s Data: 380s Version: 3 (0x2) 380s Serial Number: 4 (0x4) 380s Signature Algorithm: sha256WithRSAEncryption 380s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate CA 380s Validity 380s Not Before: Mar 21 03:53:17 2024 GMT 380s Not After : Mar 21 03:53:17 2025 GMT 380s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate Trusted Certificate 0001 380s Subject Public Key Info: 380s Public Key Algorithm: rsaEncryption 380s Public-Key: (1024 bit) 380s Modulus: 380s 00:d7:1f:86:c8:34:2a:46:48:a1:20:58:5a:45:33: 380s dc:6c:d0:11:2a:00:36:88:d3:0d:76:e2:2c:cf:3d: 380s fd:f8:43:57:99:bb:d1:20:5d:87:dc:4c:27:53:06: 380s 6d:11:e3:47:35:80:15:e3:b0:ff:cd:6a:9b:2a:94: 380s 81:6d:2d:fa:aa:10:41:0b:0c:e2:06:0e:75:ed:32: 380s f3:e2:26:ab:f1:ea:a3:16:52:28:d4:6d:3c:3c:12: 380s e2:8e:98:e3:d7:73:b4:52:b7:80:03:ba:f6:f4:3f: 380s 0f:22:39:5b:d1:f6:57:d3:25:46:4c:58:ec:fc:34: 380s a9:d4:31:25:62:5b:d6:59:fb 380s Exponent: 65537 (0x10001) 380s X509v3 extensions: 380s X509v3 Authority Key Identifier: 380s 48:8E:0E:87:44:83:DE:4A:49:48:82:98:08:92:EF:0B:A5:4C:2F:F2 380s X509v3 Basic Constraints: 380s CA:FALSE 380s Netscape Cert Type: 380s SSL Client, S/MIME 380s Netscape Comment: 380s Test Organization Intermediate CA trusted Certificate 380s X509v3 Subject Key Identifier: 380s 11:1B:CF:EB:B5:FD:AD:C1:B2:A6:90:23:93:4C:E5:CB:8C:28:3C:C8 380s X509v3 Key Usage: critical 380s Digital Signature, Non Repudiation, Key Encipherment 380s X509v3 Extended Key Usage: 380s TLS Web Client Authentication, E-mail Protection 380s X509v3 Subject Alternative Name: 380s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 380s Signature Algorithm: sha256WithRSAEncryption 380s Signature Value: 380s 0a:1b:90:5f:91:24:43:b3:cc:ed:4d:d7:57:61:7f:e8:e6:cb: 380s 38:08:63:c7:fb:3b:f6:74:22:e9:15:a8:3e:3c:34:8f:eb:0f: 380s 5e:7a:88:44:3f:b3:74:7f:82:85:14:9d:7d:f8:d8:a8:a1:91: 380s 7c:0e:86:23:60:71:16:c1:54:18:0c:56:0b:fa:f4:7d:c9:59: 380s a1:78:a0:56:48:54:b9:8f:af:d6:bf:69:13:e5:cc:48:43:2e: 380s f0:30:6d:7a:2d:33:ca:5e:11:26:a8:69:79:1d:ae:89:74:2c: 380s 68:eb:cb:9c:24:02:6a:aa:11:71:85:01:b5:f5:59:61:90:c9: 380s d5:49 380s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-F2KOnK/SSSD-child-29269-auth.pem 380s + found_md5=Modulus=D71F86C8342A4648A120585A4533DC6CD0112A003688D30D76E22CCF3DFDF8435799BBD1205D87DC4C2753066D11E347358015E3B0FFCD6A9B2A94816D2DFAAA10410B0CE2060E75ED32F3E226ABF1EAA3165228D46D3C3C12E28E98E3D773B452B78003BAF6F43F0F22395BD1F657D325464C58ECFC34A9D43125625BD659FB 380s + '[' Modulus=D71F86C8342A4648A120585A4533DC6CD0112A003688D30D76E22CCF3DFDF8435799BBD1205D87DC4C2753066D11E347358015E3B0FFCD6A9B2A94816D2DFAAA10410B0CE2060E75ED32F3E226ABF1EAA3165228D46D3C3C12E28E98E3D773B452B78003BAF6F43F0F22395BD1F657D325464C58ECFC34A9D43125625BD659FB '!=' Modulus=D71F86C8342A4648A120585A4533DC6CD0112A003688D30D76E22CCF3DFDF8435799BBD1205D87DC4C2753066D11E347358015E3B0FFCD6A9B2A94816D2DFAAA10410B0CE2060E75ED32F3E226ABF1EAA3165228D46D3C3C12E28E98E3D773B452B78003BAF6F43F0F22395BD1F657D325464C58ECFC34A9D43125625BD659FB ']' 380s + invalid_certificate /tmp/sssd-softhsm2-F2KOnK/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-6530 /tmp/sssd-softhsm2-F2KOnK/test-intermediate-CA.pem 380s + check_certificate /tmp/sssd-softhsm2-F2KOnK/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-6530 /tmp/sssd-softhsm2-F2KOnK/test-intermediate-CA.pem 380s + local certificate=/tmp/sssd-softhsm2-F2KOnK/test-intermediate-CA-trusted-certificate-0001.pem 380s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-6530 380s + local key_ring=/tmp/sssd-softhsm2-F2KOnK/test-intermediate-CA.pem 380s + local verify_option= 380s + prepare_softhsm2_card /tmp/sssd-softhsm2-F2KOnK/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-6530 380s + local certificate=/tmp/sssd-softhsm2-F2KOnK/test-intermediate-CA-trusted-certificate-0001.pem 380s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-6530 380s + local key_cn 380s + local key_name 380s + local tokens_dir 380s + local output_cert_file 380s + token_name= 380s ++ basename /tmp/sssd-softhsm2-F2KOnK/test-intermediate-CA-trusted-certificate-0001.pem .pem 380s + key_name=test-intermediate-CA-trusted-certificate-0001 380s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-F2KOnK/test-intermediate-CA-trusted-certificate-0001.pem 380s ++ sed -n 's/ *commonName *= //p' 380s + key_cn='Test Organization Intermediate Trusted Certificate 0001' 380s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 380s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-F2KOnK/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 380s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-F2KOnK/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 380s ++ basename /tmp/sssd-softhsm2-F2KOnK/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf .conf 380s + tokens_dir=/tmp/sssd-softhsm2-F2KOnK/softhsm2-test-intermediate-CA-trusted-certificate-0001 380s + token_name='Test Organization Interme Token' 380s + '[' '!' -e /tmp/sssd-softhsm2-F2KOnK/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf ']' 380s + '[' '!' -d /tmp/sssd-softhsm2-F2KOnK/softhsm2-test-intermediate-CA-trusted-certificate-0001 ']' 380s + echo 'Test Organization Interme Token' 380s Test Organization Interme Token 380s + '[' -n '' ']' 380s + local output_base_name=SSSD-child-12204 380s + local output_file=/tmp/sssd-softhsm2-F2KOnK/SSSD-child-12204.output 380s + output_cert_file=/tmp/sssd-softhsm2-F2KOnK/SSSD-child-12204.pem 380s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so '' --ca_db=/tmp/sssd-softhsm2-F2KOnK/test-intermediate-CA.pem 380s [p11_child[2221]] [main] (0x0400): p11_child started. 380s [p11_child[2221]] [main] (0x2000): Running in [pre-auth] mode. 380s [p11_child[2221]] [main] (0x2000): Running with effective IDs: [0][0]. 380s [p11_child[2221]] [main] (0x2000): Running with real IDs [0][0]. 380s [p11_child[2221]] [do_card] (0x4000): Module List: 380s [p11_child[2221]] [do_card] (0x4000): common name: [softhsm2]. 380s [p11_child[2221]] [do_card] (0x4000): dll name: [/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 380s [p11_child[2221]] [do_card] (0x4000): Description [SoftHSM slot ID 0x1e207af6] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 380s [p11_child[2221]] [do_card] (0x4000): Token label [Test Organization Interme Token]. 380s [p11_child[2221]] [do_card] (0x4000): Found [Test Organization Interme Token] in slot [SoftHSM slot ID 0x1e207af6][505445110] of module [0][/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 380s [p11_child[2221]] [do_card] (0x4000): Login NOT required. 380s [p11_child[2221]] [read_certs] (0x4000): found cert[Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] 380s [p11_child[2221]] [do_verification] (0x0040): X509_verify_cert failed [0]. 380s [p11_child[2221]] [do_verification] (0x0040): X509_verify_cert failed [2][unable to get issuer certificate]. 380s [p11_child[2221]] [read_certs] (0x0040): Certificate [Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] not valid, skipping. 380s [p11_child[2221]] [do_card] (0x4000): No certificate found. 380s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-F2KOnK/SSSD-child-12204.output 380s + return 2 380s + valid_certificate /tmp/sssd-softhsm2-F2KOnK/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-6530 /tmp/sssd-softhsm2-F2KOnK/test-intermediate-CA.pem partial_chain 380s + check_certificate /tmp/sssd-softhsm2-F2KOnK/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-6530 /tmp/sssd-softhsm2-F2KOnK/test-intermediate-CA.pem partial_chain 380s + local certificate=/tmp/sssd-softhsm2-F2KOnK/test-intermediate-CA-trusted-certificate-0001.pem 380s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-6530 380s + local key_ring=/tmp/sssd-softhsm2-F2KOnK/test-intermediate-CA.pem 380s + local verify_option=partial_chain 380s + prepare_softhsm2_card /tmp/sssd-softhsm2-F2KOnK/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-6530 380s + local certificate=/tmp/sssd-softhsm2-F2KOnK/test-intermediate-CA-trusted-certificate-0001.pem 380s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-6530 380s + local key_cn 380s + local key_name 380s + local tokens_dir 380s + local output_cert_file 380s + token_name= 380s ++ basename /tmp/sssd-softhsm2-F2KOnK/test-intermediate-CA-trusted-certificate-0001.pem .pem 380s + key_name=test-intermediate-CA-trusted-certificate-0001 380s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-F2KOnK/test-intermediate-CA-trusted-certificate-0001.pem 380s ++ sed -n 's/ *commonName *= //p' 380s + key_cn='Test Organization Intermediate Trusted Certificate 0001' 380s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 380s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-F2KOnK/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 380s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-F2KOnK/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 380s ++ basename /tmp/sssd-softhsm2-F2KOnK/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf .conf 380s + tokens_dir=/tmp/sssd-softhsm2-F2KOnK/softhsm2-test-intermediate-CA-trusted-certificate-0001 380s + token_name='Test Organization Interme Token' 380s + '[' '!' -e /tmp/sssd-softhsm2-F2KOnK/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf ']' 380s + '[' '!' -d /tmp/sssd-softhsm2-F2KOnK/softhsm2-test-intermediate-CA-trusted-certificate-0001 ']' 380s Test Organization Interme Token 380s + echo 'Test Organization Interme Token' 380s + '[' -n partial_chain ']' 380s + local verify_arg=--verify=partial_chain 380s + local output_base_name=SSSD-child-8391 380s + local output_file=/tmp/sssd-softhsm2-F2KOnK/SSSD-child-8391.output 380s + output_cert_file=/tmp/sssd-softhsm2-F2KOnK/SSSD-child-8391.pem 380s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so --verify=partial_chain --ca_db=/tmp/sssd-softhsm2-F2KOnK/test-intermediate-CA.pem 380s [p11_child[2228]] [main] (0x0400): p11_child started. 380s [p11_child[2228]] [main] (0x2000): Running in [pre-auth] mode. 380s [p11_child[2228]] [main] (0x2000): Running with effective IDs: [0][0]. 380s [p11_child[2228]] [main] (0x2000): Running with real IDs [0][0]. 380s [p11_child[2228]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 380s [p11_child[2228]] [do_card] (0x4000): Module List: 380s [p11_child[2228]] [do_card] (0x4000): common name: [softhsm2]. 380s [p11_child[2228]] [do_card] (0x4000): dll name: [/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 380s [p11_child[2228]] [do_card] (0x4000): Description [SoftHSM slot ID 0x1e207af6] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 380s [p11_child[2228]] [do_card] (0x4000): Token label [Test Organization Interme Token]. 380s [p11_child[2228]] [do_card] (0x4000): Found [Test Organization Interme Token] in slot [SoftHSM slot ID 0x1e207af6][505445110] of module [0][/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 380s [p11_child[2228]] [do_card] (0x4000): Login NOT required. 380s [p11_child[2228]] [read_certs] (0x4000): found cert[Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] 380s [p11_child[2228]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 380s [p11_child[2228]] [do_card] (0x4000): /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so (null) Test Organization Interme Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 380s [p11_child[2228]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x1e207af6;slot-manufacturer=SoftHSM%20project;slot-id=505445110;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=32b4c29c9e207af6;token=Test%20Organization%20Interme%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Intermediate%20Trusted%20Certificate%200001;type=cert. 380s [p11_child[2228]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 380s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-F2KOnK/SSSD-child-8391.output 380s + echo '-----BEGIN CERTIFICATE-----' 380s + tail -n1 /tmp/sssd-softhsm2-F2KOnK/SSSD-child-8391.output 380s + echo '-----END CERTIFICATE-----' 380s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-F2KOnK/SSSD-child-8391.pem 380s Certificate: 380s Data: 380s Version: 3 (0x2) 380s Serial Number: 4 (0x4) 380s Signature Algorithm: sha256WithRSAEncryption 380s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate CA 380s Validity 380s Not Before: Mar 21 03:53:17 2024 GMT 380s Not After : Mar 21 03:53:17 2025 GMT 380s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate Trusted Certificate 0001 380s Subject Public Key Info: 380s Public Key Algorithm: rsaEncryption 380s Public-Key: (1024 bit) 380s Modulus: 380s 00:d7:1f:86:c8:34:2a:46:48:a1:20:58:5a:45:33: 380s dc:6c:d0:11:2a:00:36:88:d3:0d:76:e2:2c:cf:3d: 380s fd:f8:43:57:99:bb:d1:20:5d:87:dc:4c:27:53:06: 380s 6d:11:e3:47:35:80:15:e3:b0:ff:cd:6a:9b:2a:94: 380s 81:6d:2d:fa:aa:10:41:0b:0c:e2:06:0e:75:ed:32: 380s f3:e2:26:ab:f1:ea:a3:16:52:28:d4:6d:3c:3c:12: 380s e2:8e:98:e3:d7:73:b4:52:b7:80:03:ba:f6:f4:3f: 380s 0f:22:39:5b:d1:f6:57:d3:25:46:4c:58:ec:fc:34: 380s a9:d4:31:25:62:5b:d6:59:fb 380s Exponent: 65537 (0x10001) 380s X509v3 extensions: 380s X509v3 Authority Key Identifier: 380s 48:8E:0E:87:44:83:DE:4A:49:48:82:98:08:92:EF:0B:A5:4C:2F:F2 380s X509v3 Basic Constraints: 380s CA:FALSE 380s Netscape Cert Type: 380s SSL Client, S/MIME 380s Netscape Comment: 380s Test Organization Intermediate CA trusted Certificate 380s X509v3 Subject Key Identifier: 380s 11:1B:CF:EB:B5:FD:AD:C1:B2:A6:90:23:93:4C:E5:CB:8C:28:3C:C8 380s X509v3 Key Usage: critical 380s Digital Signature, Non Repudiation, Key Encipherment 380s X509v3 Extended Key Usage: 380s TLS Web Client Authentication, E-mail Protection 380s X509v3 Subject Alternative Name: 380s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 380s Signature Algorithm: sha256WithRSAEncryption 380s Signature Value: 380s 0a:1b:90:5f:91:24:43:b3:cc:ed:4d:d7:57:61:7f:e8:e6:cb: 380s 38:08:63:c7:fb:3b:f6:74:22:e9:15:a8:3e:3c:34:8f:eb:0f: 380s 5e:7a:88:44:3f:b3:74:7f:82:85:14:9d:7d:f8:d8:a8:a1:91: 380s 7c:0e:86:23:60:71:16:c1:54:18:0c:56:0b:fa:f4:7d:c9:59: 380s a1:78:a0:56:48:54:b9:8f:af:d6:bf:69:13:e5:cc:48:43:2e: 380s f0:30:6d:7a:2d:33:ca:5e:11:26:a8:69:79:1d:ae:89:74:2c: 380s 68:eb:cb:9c:24:02:6a:aa:11:71:85:01:b5:f5:59:61:90:c9: 380s d5:49 380s + local found_md5 expected_md5 380s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-F2KOnK/test-intermediate-CA-trusted-certificate-0001.pem 381s + expected_md5=Modulus=D71F86C8342A4648A120585A4533DC6CD0112A003688D30D76E22CCF3DFDF8435799BBD1205D87DC4C2753066D11E347358015E3B0FFCD6A9B2A94816D2DFAAA10410B0CE2060E75ED32F3E226ABF1EAA3165228D46D3C3C12E28E98E3D773B452B78003BAF6F43F0F22395BD1F657D325464C58ECFC34A9D43125625BD659FB 381s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-F2KOnK/SSSD-child-8391.pem 381s + found_md5=Modulus=D71F86C8342A4648A120585A4533DC6CD0112A003688D30D76E22CCF3DFDF8435799BBD1205D87DC4C2753066D11E347358015E3B0FFCD6A9B2A94816D2DFAAA10410B0CE2060E75ED32F3E226ABF1EAA3165228D46D3C3C12E28E98E3D773B452B78003BAF6F43F0F22395BD1F657D325464C58ECFC34A9D43125625BD659FB 381s + '[' Modulus=D71F86C8342A4648A120585A4533DC6CD0112A003688D30D76E22CCF3DFDF8435799BBD1205D87DC4C2753066D11E347358015E3B0FFCD6A9B2A94816D2DFAAA10410B0CE2060E75ED32F3E226ABF1EAA3165228D46D3C3C12E28E98E3D773B452B78003BAF6F43F0F22395BD1F657D325464C58ECFC34A9D43125625BD659FB '!=' Modulus=D71F86C8342A4648A120585A4533DC6CD0112A003688D30D76E22CCF3DFDF8435799BBD1205D87DC4C2753066D11E347358015E3B0FFCD6A9B2A94816D2DFAAA10410B0CE2060E75ED32F3E226ABF1EAA3165228D46D3C3C12E28E98E3D773B452B78003BAF6F43F0F22395BD1F657D325464C58ECFC34A9D43125625BD659FB ']' 381s + output_file=/tmp/sssd-softhsm2-F2KOnK/SSSD-child-8391-auth.output 381s ++ basename /tmp/sssd-softhsm2-F2KOnK/SSSD-child-8391-auth.output .output 381s + output_cert_file=/tmp/sssd-softhsm2-F2KOnK/SSSD-child-8391-auth.pem 381s + echo -n 053350 381s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/tmp/sssd-softhsm2-F2KOnK/test-intermediate-CA.pem --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 --verify=partial_chain --token_name 'Test Organization Interme Token' --module_name /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so 381s [p11_child[2236]] [main] (0x0400): p11_child started. 381s [p11_child[2236]] [main] (0x2000): Running in [auth] mode. 381s [p11_child[2236]] [main] (0x2000): Running with effective IDs: [0][0]. 381s [p11_child[2236]] [main] (0x2000): Running with real IDs [0][0]. 381s [p11_child[2236]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 381s [p11_child[2236]] [do_card] (0x4000): Module List: 381s [p11_child[2236]] [do_card] (0x4000): common name: [softhsm2]. 381s [p11_child[2236]] [do_card] (0x4000): dll name: [/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 381s [p11_child[2236]] [do_card] (0x4000): Description [SoftHSM slot ID 0x1e207af6] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 381s [p11_child[2236]] [do_card] (0x4000): Token label [Test Organization Interme Token]. 381s [p11_child[2236]] [do_card] (0x4000): Found [Test Organization Interme Token] in slot [SoftHSM slot ID 0x1e207af6][505445110] of module [0][/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 381s [p11_child[2236]] [do_card] (0x4000): Login required. 381s [p11_child[2236]] [read_certs] (0x4000): found cert[Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] 381s [p11_child[2236]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 381s [p11_child[2236]] [do_card] (0x4000): /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so Test Organization Interme Token Test Organization Interme Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 381s [p11_child[2236]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x1e207af6;slot-manufacturer=SoftHSM%20project;slot-id=505445110;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=32b4c29c9e207af6;token=Test%20Organization%20Interme%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Intermediate%20Trusted%20Certificate%200001;type=cert. 381s [p11_child[2236]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 381s [p11_child[2236]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 381s [p11_child[2236]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 381s [p11_child[2236]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 381s [p11_child[2236]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 381s [p11_child[2236]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 381s [p11_child[2236]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 381s [p11_child[2236]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 381s [p11_child[2236]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 381s [p11_child[2236]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 381s [p11_child[2236]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 381s [p11_child[2236]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 381s [p11_child[2236]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 381s [p11_child[2236]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 381s [p11_child[2236]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 381s [p11_child[2236]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 381s [p11_child[2236]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 381s [p11_child[2236]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 381s [p11_child[2236]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 381s [p11_child[2236]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 381s [p11_child[2236]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 381s [p11_child[2236]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 381s [p11_child[2236]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 381s [p11_child[2236]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 381s [p11_child[2236]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 381s [p11_child[2236]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 381s [p11_child[2236]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 381s [p11_child[2236]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 381s [p11_child[2236]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 381s [p11_child[2236]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 381s [p11_child[2236]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 381s [p11_child[2236]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 381s [p11_child[2236]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 381s [p11_child[2236]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 381s [p11_child[2236]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 381s [p11_child[2236]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 381s [p11_child[2236]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 381s [p11_child[2236]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 381s [p11_child[2236]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 381s [p11_child[2236]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 381s [p11_child[2236]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 381s [p11_child[2236]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 381s [p11_child[2236]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 381s [p11_child[2236]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 381s [p11_child[2236]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 381s [p11_child[2236]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 381s [p11_child[2236]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 381s [p11_child[2236]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 381s [p11_child[2236]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 381s [p11_child[2236]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 381s [p11_child[2236]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 381s [p11_child[2236]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 381s [p11_child[2236]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 381s [p11_child[2236]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 381s [p11_child[2236]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 381s [p11_child[2236]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 381s [p11_child[2236]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 381s [p11_child[2236]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 381s [p11_child[2236]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 381s [p11_child[2236]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 381s [p11_child[2236]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 381s [p11_child[2236]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 381s [p11_child[2236]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 381s [p11_child[2236]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 381s [p11_child[2236]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 381s [p11_child[2236]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 381s [p11_child[2236]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 381s [p11_child[2236]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 381s [p11_child[2236]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 381s [p11_child[2236]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 381s [p11_child[2236]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 381s [p11_child[2236]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 381s [p11_child[2236]] [do_card] (0x4000): Certificate verified and validated. 381s [p11_child[2236]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 381s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-F2KOnK/SSSD-child-8391-auth.output 381s + echo '-----BEGIN CERTIFICATE-----' 381s + tail -n1 /tmp/sssd-softhsm2-F2KOnK/SSSD-child-8391-auth.output 381s + echo '-----END CERTIFICATE-----' 381s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-F2KOnK/SSSD-child-8391-auth.pem 381s Certificate: 381s Data: 381s Version: 3 (0x2) 381s Serial Number: 4 (0x4) 381s Signature Algorithm: sha256WithRSAEncryption 381s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate CA 381s Validity 381s Not Before: Mar 21 03:53:17 2024 GMT 381s Not After : Mar 21 03:53:17 2025 GMT 381s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate Trusted Certificate 0001 381s Subject Public Key Info: 381s Public Key Algorithm: rsaEncryption 381s Public-Key: (1024 bit) 381s Modulus: 381s 00:d7:1f:86:c8:34:2a:46:48:a1:20:58:5a:45:33: 381s dc:6c:d0:11:2a:00:36:88:d3:0d:76:e2:2c:cf:3d: 381s fd:f8:43:57:99:bb:d1:20:5d:87:dc:4c:27:53:06: 381s 6d:11:e3:47:35:80:15:e3:b0:ff:cd:6a:9b:2a:94: 381s 81:6d:2d:fa:aa:10:41:0b:0c:e2:06:0e:75:ed:32: 381s f3:e2:26:ab:f1:ea:a3:16:52:28:d4:6d:3c:3c:12: 381s e2:8e:98:e3:d7:73:b4:52:b7:80:03:ba:f6:f4:3f: 381s 0f:22:39:5b:d1:f6:57:d3:25:46:4c:58:ec:fc:34: 381s a9:d4:31:25:62:5b:d6:59:fb 381s Exponent: 65537 (0x10001) 381s X509v3 extensions: 381s X509v3 Authority Key Identifier: 381s 48:8E:0E:87:44:83:DE:4A:49:48:82:98:08:92:EF:0B:A5:4C:2F:F2 381s X509v3 Basic Constraints: 381s CA:FALSE 381s Netscape Cert Type: 381s SSL Client, S/MIME 381s Netscape Comment: 381s Test Organization Intermediate CA trusted Certificate 381s X509v3 Subject Key Identifier: 381s 11:1B:CF:EB:B5:FD:AD:C1:B2:A6:90:23:93:4C:E5:CB:8C:28:3C:C8 381s X509v3 Key Usage: critical 381s Digital Signature, Non Repudiation, Key Encipherment 381s X509v3 Extended Key Usage: 381s TLS Web Client Authentication, E-mail Protection 381s X509v3 Subject Alternative Name: 381s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 381s Signature Algorithm: sha256WithRSAEncryption 381s Signature Value: 381s 0a:1b:90:5f:91:24:43:b3:cc:ed:4d:d7:57:61:7f:e8:e6:cb: 381s 38:08:63:c7:fb:3b:f6:74:22:e9:15:a8:3e:3c:34:8f:eb:0f: 381s 5e:7a:88:44:3f:b3:74:7f:82:85:14:9d:7d:f8:d8:a8:a1:91: 381s 7c:0e:86:23:60:71:16:c1:54:18:0c:56:0b:fa:f4:7d:c9:59: 381s a1:78:a0:56:48:54:b9:8f:af:d6:bf:69:13:e5:cc:48:43:2e: 381s f0:30:6d:7a:2d:33:ca:5e:11:26:a8:69:79:1d:ae:89:74:2c: 381s 68:eb:cb:9c:24:02:6a:aa:11:71:85:01:b5:f5:59:61:90:c9: 381s d5:49 381s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-F2KOnK/SSSD-child-8391-auth.pem 381s + found_md5=Modulus=D71F86C8342A4648A120585A4533DC6CD0112A003688D30D76E22CCF3DFDF8435799BBD1205D87DC4C2753066D11E347358015E3B0FFCD6A9B2A94816D2DFAAA10410B0CE2060E75ED32F3E226ABF1EAA3165228D46D3C3C12E28E98E3D773B452B78003BAF6F43F0F22395BD1F657D325464C58ECFC34A9D43125625BD659FB 381s + '[' Modulus=D71F86C8342A4648A120585A4533DC6CD0112A003688D30D76E22CCF3DFDF8435799BBD1205D87DC4C2753066D11E347358015E3B0FFCD6A9B2A94816D2DFAAA10410B0CE2060E75ED32F3E226ABF1EAA3165228D46D3C3C12E28E98E3D773B452B78003BAF6F43F0F22395BD1F657D325464C58ECFC34A9D43125625BD659FB '!=' Modulus=D71F86C8342A4648A120585A4533DC6CD0112A003688D30D76E22CCF3DFDF8435799BBD1205D87DC4C2753066D11E347358015E3B0FFCD6A9B2A94816D2DFAAA10410B0CE2060E75ED32F3E226ABF1EAA3165228D46D3C3C12E28E98E3D773B452B78003BAF6F43F0F22395BD1F657D325464C58ECFC34A9D43125625BD659FB ']' 381s + invalid_certificate /tmp/sssd-softhsm2-F2KOnK/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-24303 /tmp/sssd-softhsm2-F2KOnK/test-root-CA.pem 381s + check_certificate /tmp/sssd-softhsm2-F2KOnK/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-24303 /tmp/sssd-softhsm2-F2KOnK/test-root-CA.pem 381s + local certificate=/tmp/sssd-softhsm2-F2KOnK/test-sub-intermediate-CA-trusted-certificate-0001.pem 381s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-24303 381s + local key_ring=/tmp/sssd-softhsm2-F2KOnK/test-root-CA.pem 381s + local verify_option= 381s + prepare_softhsm2_card /tmp/sssd-softhsm2-F2KOnK/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-24303 381s + local certificate=/tmp/sssd-softhsm2-F2KOnK/test-sub-intermediate-CA-trusted-certificate-0001.pem 381s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-24303 381s + local key_cn 381s + local key_name 381s + local tokens_dir 381s + local output_cert_file 381s + token_name= 381s ++ basename /tmp/sssd-softhsm2-F2KOnK/test-sub-intermediate-CA-trusted-certificate-0001.pem .pem 381s + key_name=test-sub-intermediate-CA-trusted-certificate-0001 381s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-F2KOnK/test-sub-intermediate-CA-trusted-certificate-0001.pem 381s ++ sed -n 's/ *commonName *= //p' 381s + key_cn='Test Organization Sub Intermediate Trusted Certificate 0001' 381s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 381s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-F2KOnK/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 381s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-F2KOnK/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 381s ++ basename /tmp/sssd-softhsm2-F2KOnK/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf .conf 381s + tokens_dir=/tmp/sssd-softhsm2-F2KOnK/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 381s + token_name='Test Organization Sub Int Token' 381s + '[' '!' -e /tmp/sssd-softhsm2-F2KOnK/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf ']' 381s + local key_file 381s + local decrypted_key 381s + mkdir -p /tmp/sssd-softhsm2-F2KOnK/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 381s + key_file=/tmp/sssd-softhsm2-F2KOnK/test-sub-intermediate-CA-trusted-certificate-0001-key.pem 381s + decrypted_key=/tmp/sssd-softhsm2-F2KOnK/test-sub-intermediate-CA-trusted-certificate-0001-key-decrypted.pem 381s + cat 381s + softhsm2-util --init-token --label 'Test Organization Sub Int Token' --pin 053350 --so-pin 053350 --free 381s Slot 0 has a free/uninitialized token. 381s The token has been initialized and is reassigned to slot 797057478 381s + softhsm2-util --show-slots 381s Available slots: 381s Slot 797057478 381s Slot info: 381s Description: SoftHSM slot ID 0x2f8221c6 381s Manufacturer ID: SoftHSM project 381s Hardware version: 2.6 381s Firmware version: 2.6 381s Token present: yes 381s Token info: 381s Manufacturer ID: SoftHSM project 381s Model: SoftHSM v2 381s Hardware version: 2.6 381s Firmware version: 2.6 381s Serial number: 6f9b4c782f8221c6 381s Initialized: yes 381s User PIN init.: yes 381s Label: Test Organization Sub Int Token 381s Slot 1 381s Slot info: 381s Description: SoftHSM slot ID 0x1 381s Manufacturer ID: SoftHSM project 381s Hardware version: 2.6 381s Firmware version: 2.6 381s Token present: yes 381s Token info: 381s Manufacturer ID: SoftHSM project 381s Model: SoftHSM v2 381s Hardware version: 2.6 381s Firmware version: 2.6 381s Serial number: 381s Initialized: no 381s User PIN init.: no 381s Label: 381s + p11tool --provider=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so --write --no-mark-private --load-certificate=/tmp/sssd-softhsm2-F2KOnK/test-sub-intermediate-CA-trusted-certificate-0001.pem --login --set-pin=053350 --label 'Test Organization Sub Intermediate Trusted Certificate 0001' --id 00112233445566778899FFAABBCCDDEEFF012345 381s + openssl rsa -passin pass:random-sub-intermediate-ca-trusted-cert-0001-24303 -in /tmp/sssd-softhsm2-F2KOnK/test-sub-intermediate-CA-trusted-certificate-0001-key.pem -out /tmp/sssd-softhsm2-F2KOnK/test-sub-intermediate-CA-trusted-certificate-0001-key-decrypted.pem 381s writing RSA key 381s + p11tool --provider=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so --write --load-privkey=/tmp/sssd-softhsm2-F2KOnK/test-sub-intermediate-CA-trusted-certificate-0001-key-decrypted.pem --login --set-pin=053350 --label 'Test Organization Sub Intermediate Trusted Certificate 0001 Key' --id 00112233445566778899FFAABBCCDDEEFF012345 381s + rm /tmp/sssd-softhsm2-F2KOnK/test-sub-intermediate-CA-trusted-certificate-0001-key-decrypted.pem 381s + p11tool --provider=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so --list-all 381s Object 0: 381s URL: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=6f9b4c782f8221c6;token=Test%20Organization%20Sub%20Int%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Sub%20Intermediate%20Trusted%20Certificate%200001;type=cert 381s Type: X.509 Certificate (RSA-1024) 381s Expires: Fri Mar 21 03:53:17 2025 381s Label: Test Organization Sub Intermediate Trusted Certificate 0001 381s ID: 00:11:22:33:44:55:66:77:88:99:ff:aa:bb:cc:dd:ee:ff:01:23:45 381s 381s Test Organization Sub Int Token 381s + echo 'Test Organization Sub Int Token' 381s + '[' -n '' ']' 381s + local output_base_name=SSSD-child-29311 381s + local output_file=/tmp/sssd-softhsm2-F2KOnK/SSSD-child-29311.output 381s + output_cert_file=/tmp/sssd-softhsm2-F2KOnK/SSSD-child-29311.pem 381s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so '' --ca_db=/tmp/sssd-softhsm2-F2KOnK/test-root-CA.pem 381s [p11_child[2255]] [main] (0x0400): p11_child started. 381s [p11_child[2255]] [main] (0x2000): Running in [pre-auth] mode. 381s [p11_child[2255]] [main] (0x2000): Running with effective IDs: [0][0]. 381s [p11_child[2255]] [main] (0x2000): Running with real IDs [0][0]. 381s [p11_child[2255]] [do_card] (0x4000): Module List: 381s [p11_child[2255]] [do_card] (0x4000): common name: [softhsm2]. 381s [p11_child[2255]] [do_card] (0x4000): dll name: [/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 381s [p11_child[2255]] [do_card] (0x4000): Description [SoftHSM slot ID 0x2f8221c6] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 381s [p11_child[2255]] [do_card] (0x4000): Token label [Test Organization Sub Int Token]. 381s [p11_child[2255]] [do_card] (0x4000): Found [Test Organization Sub Int Token] in slot [SoftHSM slot ID 0x2f8221c6][797057478] of module [0][/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 381s [p11_child[2255]] [do_card] (0x4000): Login NOT required. 381s [p11_child[2255]] [read_certs] (0x4000): found cert[Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] 381s [p11_child[2255]] [do_verification] (0x0040): X509_verify_cert failed [0]. 381s [p11_child[2255]] [do_verification] (0x0040): X509_verify_cert failed [20][unable to get local issuer certificate]. 381s [p11_child[2255]] [read_certs] (0x0040): Certificate [Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] not valid, skipping. 381s [p11_child[2255]] [do_card] (0x4000): No certificate found. 381s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-F2KOnK/SSSD-child-29311.output 381s + return 2 381s + invalid_certificate /tmp/sssd-softhsm2-F2KOnK/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-24303 /tmp/sssd-softhsm2-F2KOnK/test-root-CA.pem partial_chain 381s + check_certificate /tmp/sssd-softhsm2-F2KOnK/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-24303 /tmp/sssd-softhsm2-F2KOnK/test-root-CA.pem partial_chain 381s + local certificate=/tmp/sssd-softhsm2-F2KOnK/test-sub-intermediate-CA-trusted-certificate-0001.pem 381s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-24303 381s + local key_ring=/tmp/sssd-softhsm2-F2KOnK/test-root-CA.pem 381s + local verify_option=partial_chain 381s + prepare_softhsm2_card /tmp/sssd-softhsm2-F2KOnK/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-24303 381s + local certificate=/tmp/sssd-softhsm2-F2KOnK/test-sub-intermediate-CA-trusted-certificate-0001.pem 381s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-24303 381s + local key_cn 381s + local key_name 381s + local tokens_dir 381s + local output_cert_file 381s + token_name= 381s ++ basename /tmp/sssd-softhsm2-F2KOnK/test-sub-intermediate-CA-trusted-certificate-0001.pem .pem 381s + key_name=test-sub-intermediate-CA-trusted-certificate-0001 381s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-F2KOnK/test-sub-intermediate-CA-trusted-certificate-0001.pem 381s ++ sed -n 's/ *commonName *= //p' 381s + key_cn='Test Organization Sub Intermediate Trusted Certificate 0001' 381s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 381s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-F2KOnK/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 381s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-F2KOnK/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 381s ++ basename /tmp/sssd-softhsm2-F2KOnK/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf .conf 381s + tokens_dir=/tmp/sssd-softhsm2-F2KOnK/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 381s + token_name='Test Organization Sub Int Token' 381s + '[' '!' -e /tmp/sssd-softhsm2-F2KOnK/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf ']' 381s + '[' '!' -d /tmp/sssd-softhsm2-F2KOnK/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 ']' 381s Test Organization Sub Int Token 381s + echo 'Test Organization Sub Int Token' 381s + '[' -n partial_chain ']' 381s + local verify_arg=--verify=partial_chain 381s + local output_base_name=SSSD-child-8704 381s + local output_file=/tmp/sssd-softhsm2-F2KOnK/SSSD-child-8704.output 381s + output_cert_file=/tmp/sssd-softhsm2-F2KOnK/SSSD-child-8704.pem 381s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so --verify=partial_chain --ca_db=/tmp/sssd-softhsm2-F2KOnK/test-root-CA.pem 381s [p11_child[2262]] [main] (0x0400): p11_child started. 381s [p11_child[2262]] [main] (0x2000): Running in [pre-auth] mode. 381s [p11_child[2262]] [main] (0x2000): Running with effective IDs: [0][0]. 381s [p11_child[2262]] [main] (0x2000): Running with real IDs [0][0]. 381s [p11_child[2262]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 381s [p11_child[2262]] [do_card] (0x4000): Module List: 381s [p11_child[2262]] [do_card] (0x4000): common name: [softhsm2]. 381s [p11_child[2262]] [do_card] (0x4000): dll name: [/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 381s [p11_child[2262]] [do_card] (0x4000): Description [SoftHSM slot ID 0x2f8221c6] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 381s [p11_child[2262]] [do_card] (0x4000): Token label [Test Organization Sub Int Token]. 381s [p11_child[2262]] [do_card] (0x4000): Found [Test Organization Sub Int Token] in slot [SoftHSM slot ID 0x2f8221c6][797057478] of module [0][/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 381s [p11_child[2262]] [do_card] (0x4000): Login NOT required. 381s [p11_child[2262]] [read_certs] (0x4000): found cert[Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] 381s [p11_child[2262]] [do_verification] (0x0040): X509_verify_cert failed [0]. 381s [p11_child[2262]] [do_verification] (0x0040): X509_verify_cert failed [20][unable to get local issuer certificate]. 381s [p11_child[2262]] [read_certs] (0x0040): Certificate [Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] not valid, skipping. 381s [p11_child[2262]] [do_card] (0x4000): No certificate found. 381s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-F2KOnK/SSSD-child-8704.output 381s + return 2 381s + valid_certificate /tmp/sssd-softhsm2-F2KOnK/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-24303 /tmp/sssd-softhsm2-F2KOnK/test-full-chain-CA.pem 381s + check_certificate /tmp/sssd-softhsm2-F2KOnK/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-24303 /tmp/sssd-softhsm2-F2KOnK/test-full-chain-CA.pem 381s + local certificate=/tmp/sssd-softhsm2-F2KOnK/test-sub-intermediate-CA-trusted-certificate-0001.pem 381s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-24303 381s + local key_ring=/tmp/sssd-softhsm2-F2KOnK/test-full-chain-CA.pem 381s + local verify_option= 381s + prepare_softhsm2_card /tmp/sssd-softhsm2-F2KOnK/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-24303 381s Test Organization Sub Int Token 381s + local certificate=/tmp/sssd-softhsm2-F2KOnK/test-sub-intermediate-CA-trusted-certificate-0001.pem 381s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-24303 381s + local key_cn 381s + local key_name 381s + local tokens_dir 381s + local output_cert_file 381s + token_name= 381s ++ basename /tmp/sssd-softhsm2-F2KOnK/test-sub-intermediate-CA-trusted-certificate-0001.pem .pem 381s + key_name=test-sub-intermediate-CA-trusted-certificate-0001 381s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-F2KOnK/test-sub-intermediate-CA-trusted-certificate-0001.pem 381s ++ sed -n 's/ *commonName *= //p' 381s + key_cn='Test Organization Sub Intermediate Trusted Certificate 0001' 381s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 381s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-F2KOnK/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 381s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-F2KOnK/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 381s ++ basename /tmp/sssd-softhsm2-F2KOnK/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf .conf 381s + tokens_dir=/tmp/sssd-softhsm2-F2KOnK/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 381s + token_name='Test Organization Sub Int Token' 381s + '[' '!' -e /tmp/sssd-softhsm2-F2KOnK/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf ']' 381s + '[' '!' -d /tmp/sssd-softhsm2-F2KOnK/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 ']' 381s + echo 'Test Organization Sub Int Token' 381s + '[' -n '' ']' 381s + local output_base_name=SSSD-child-6684 381s + local output_file=/tmp/sssd-softhsm2-F2KOnK/SSSD-child-6684.output 381s + output_cert_file=/tmp/sssd-softhsm2-F2KOnK/SSSD-child-6684.pem 381s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so '' --ca_db=/tmp/sssd-softhsm2-F2KOnK/test-full-chain-CA.pem 381s [p11_child[2269]] [main] (0x0400): p11_child started. 381s [p11_child[2269]] [main] (0x2000): Running in [pre-auth] mode. 381s [p11_child[2269]] [main] (0x2000): Running with effective IDs: [0][0]. 381s [p11_child[2269]] [main] (0x2000): Running with real IDs [0][0]. 381s [p11_child[2269]] [do_card] (0x4000): Module List: 381s [p11_child[2269]] [do_card] (0x4000): common name: [softhsm2]. 381s [p11_child[2269]] [do_card] (0x4000): dll name: [/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 381s [p11_child[2269]] [do_card] (0x4000): Description [SoftHSM slot ID 0x2f8221c6] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 381s [p11_child[2269]] [do_card] (0x4000): Token label [Test Organization Sub Int Token]. 381s [p11_child[2269]] [do_card] (0x4000): Found [Test Organization Sub Int Token] in slot [SoftHSM slot ID 0x2f8221c6][797057478] of module [0][/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 381s [p11_child[2269]] [do_card] (0x4000): Login NOT required. 381s [p11_child[2269]] [read_certs] (0x4000): found cert[Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] 381s [p11_child[2269]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 381s [p11_child[2269]] [do_card] (0x4000): /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so (null) Test Organization Sub Int Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 381s [p11_child[2269]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x2f8221c6;slot-manufacturer=SoftHSM%20project;slot-id=797057478;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=6f9b4c782f8221c6;token=Test%20Organization%20Sub%20Int%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Sub%20Intermediate%20Trusted%20Certificate%200001;type=cert. 381s [p11_child[2269]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 381s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-F2KOnK/SSSD-child-6684.output 381s + echo '-----BEGIN CERTIFICATE-----' 381s + tail -n1 /tmp/sssd-softhsm2-F2KOnK/SSSD-child-6684.output 381s + echo '-----END CERTIFICATE-----' 381s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-F2KOnK/SSSD-child-6684.pem 381s Certificate: 381s Data: 381s Version: 3 (0x2) 381s Serial Number: 5 (0x5) 381s Signature Algorithm: sha256WithRSAEncryption 381s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate CA 381s Validity 381s Not Before: Mar 21 03:53:17 2024 GMT 381s Not After : Mar 21 03:53:17 2025 GMT 381s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate Trusted Certificate 0001 381s Subject Public Key Info: 381s Public Key Algorithm: rsaEncryption 381s Public-Key: (1024 bit) 381s Modulus: 381s 00:de:3d:d0:b8:f7:ef:28:0d:18:41:cd:9e:03:87: 381s e0:76:ed:48:91:ac:99:f8:1d:43:98:e0:c3:2f:d5: 381s d2:a7:f0:86:55:a0:64:37:43:3c:70:e1:35:4d:85: 381s 9d:87:6b:da:81:da:fb:54:41:c8:bb:53:51:28:d3: 381s 00:91:f6:81:6e:26:13:c2:a9:41:96:23:f9:39:90: 381s 36:9f:37:69:0c:cf:d4:24:52:04:be:93:94:19:22: 381s f8:c4:dd:64:b0:af:b9:74:3b:8d:18:74:9d:c7:fb: 381s 53:c5:8d:1b:b8:79:90:06:f6:c5:2c:19:7e:9c:1f: 381s 56:cc:64:a2:a5:70:d5:4b:b5 381s Exponent: 65537 (0x10001) 381s X509v3 extensions: 381s X509v3 Authority Key Identifier: 381s 4B:0B:B2:10:B8:D4:0F:4D:3C:47:00:3C:7F:66:8F:DF:C4:42:3F:FA 381s X509v3 Basic Constraints: 381s CA:FALSE 381s Netscape Cert Type: 381s SSL Client, S/MIME 381s Netscape Comment: 381s Test Organization Sub Intermediate CA trusted Certificate 381s X509v3 Subject Key Identifier: 381s 31:B6:6F:93:11:13:8F:85:38:EB:0D:84:76:41:44:F6:11:8F:8E:FC 381s X509v3 Key Usage: critical 381s Digital Signature, Non Repudiation, Key Encipherment 381s X509v3 Extended Key Usage: 381s TLS Web Client Authentication, E-mail Protection 381s X509v3 Subject Alternative Name: 381s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 381s Signature Algorithm: sha256WithRSAEncryption 381s Signature Value: 381s 20:53:08:90:58:08:ae:2f:6a:d9:b7:75:29:d1:e3:d0:4f:f8: 381s 5b:49:ae:90:14:18:93:f0:9c:1c:5d:8e:31:91:8a:63:3d:2c: 381s 40:71:e0:b7:75:4a:c5:b0:8e:b6:b2:d4:b8:c3:6a:9b:8c:06: 381s f7:7c:ee:6a:0a:80:a5:43:ab:b3:4d:3a:c9:11:6c:9c:7e:92: 381s dd:77:ec:50:99:1c:6e:b1:3b:17:08:a6:e2:77:ff:12:d0:46: 381s d5:97:b0:3a:d5:49:f4:c6:0d:6a:fa:b7:14:93:65:41:20:1b: 381s 03:16:07:b2:bd:32:44:62:fd:11:6c:98:38:6c:26:a5:ef:4b: 381s 83:8c 381s + local found_md5 expected_md5 381s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-F2KOnK/test-sub-intermediate-CA-trusted-certificate-0001.pem 381s + expected_md5=Modulus=DE3DD0B8F7EF280D1841CD9E0387E076ED4891AC99F81D4398E0C32FD5D2A7F08655A06437433C70E1354D859D876BDA81DAFB5441C8BB535128D30091F6816E2613C2A9419623F93990369F37690CCFD4245204BE93941922F8C4DD64B0AFB9743B8D18749DC7FB53C58D1BB8799006F6C52C197E9C1F56CC64A2A570D54BB5 381s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-F2KOnK/SSSD-child-6684.pem 381s + found_md5=Modulus=DE3DD0B8F7EF280D1841CD9E0387E076ED4891AC99F81D4398E0C32FD5D2A7F08655A06437433C70E1354D859D876BDA81DAFB5441C8BB535128D30091F6816E2613C2A9419623F93990369F37690CCFD4245204BE93941922F8C4DD64B0AFB9743B8D18749DC7FB53C58D1BB8799006F6C52C197E9C1F56CC64A2A570D54BB5 381s + '[' Modulus=DE3DD0B8F7EF280D1841CD9E0387E076ED4891AC99F81D4398E0C32FD5D2A7F08655A06437433C70E1354D859D876BDA81DAFB5441C8BB535128D30091F6816E2613C2A9419623F93990369F37690CCFD4245204BE93941922F8C4DD64B0AFB9743B8D18749DC7FB53C58D1BB8799006F6C52C197E9C1F56CC64A2A570D54BB5 '!=' Modulus=DE3DD0B8F7EF280D1841CD9E0387E076ED4891AC99F81D4398E0C32FD5D2A7F08655A06437433C70E1354D859D876BDA81DAFB5441C8BB535128D30091F6816E2613C2A9419623F93990369F37690CCFD4245204BE93941922F8C4DD64B0AFB9743B8D18749DC7FB53C58D1BB8799006F6C52C197E9C1F56CC64A2A570D54BB5 ']' 381s + output_file=/tmp/sssd-softhsm2-F2KOnK/SSSD-child-6684-auth.output 381s ++ basename /tmp/sssd-softhsm2-F2KOnK/SSSD-child-6684-auth.output .output 381s + output_cert_file=/tmp/sssd-softhsm2-F2KOnK/SSSD-child-6684-auth.pem 381s + echo -n 053350 381s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/tmp/sssd-softhsm2-F2KOnK/test-full-chain-CA.pem --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 '' --token_name 'Test Organization Sub Int Token' --module_name /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so 381s [p11_child[2277]] [main] (0x0400): p11_child started. 381s [p11_child[2277]] [main] (0x2000): Running in [auth] mode. 381s [p11_child[2277]] [main] (0x2000): Running with effective IDs: [0][0]. 381s [p11_child[2277]] [main] (0x2000): Running with real IDs [0][0]. 381s [p11_child[2277]] [do_card] (0x4000): Module List: 381s [p11_child[2277]] [do_card] (0x4000): common name: [softhsm2]. 381s [p11_child[2277]] [do_card] (0x4000): dll name: [/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 381s [p11_child[2277]] [do_card] (0x4000): Description [SoftHSM slot ID 0x2f8221c6] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 381s [p11_child[2277]] [do_card] (0x4000): Token label [Test Organization Sub Int Token]. 381s [p11_child[2277]] [do_card] (0x4000): Found [Test Organization Sub Int Token] in slot [SoftHSM slot ID 0x2f8221c6][797057478] of module [0][/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 381s [p11_child[2277]] [do_card] (0x4000): Login required. 381s [p11_child[2277]] [read_certs] (0x4000): found cert[Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] 381s [p11_child[2277]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 381s [p11_child[2277]] [do_card] (0x4000): /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so Test Organization Sub Int Token Test Organization Sub Int Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 381s [p11_child[2277]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x2f8221c6;slot-manufacturer=SoftHSM%20project;slot-id=797057478;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=6f9b4c782f8221c6;token=Test%20Organization%20Sub%20Int%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Sub%20Intermediate%20Trusted%20Certificate%200001;type=cert. 381s [p11_child[2277]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 381s [p11_child[2277]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 381s [p11_child[2277]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 381s [p11_child[2277]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 381s [p11_child[2277]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 381s [p11_child[2277]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 381s [p11_child[2277]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 381s [p11_child[2277]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 381s [p11_child[2277]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 381s [p11_child[2277]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 381s [p11_child[2277]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 381s [p11_child[2277]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 381s [p11_child[2277]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 381s [p11_child[2277]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 381s [p11_child[2277]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 381s [p11_child[2277]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 381s [p11_child[2277]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 381s [p11_child[2277]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 381s [p11_child[2277]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 381s [p11_child[2277]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 381s [p11_child[2277]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 381s [p11_child[2277]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 381s [p11_child[2277]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 381s [p11_child[2277]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 381s [p11_child[2277]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 381s [p11_child[2277]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 381s [p11_child[2277]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 381s [p11_child[2277]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 381s [p11_child[2277]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 381s [p11_child[2277]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 381s [p11_child[2277]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 381s [p11_child[2277]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 381s [p11_child[2277]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 381s [p11_child[2277]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 381s [p11_child[2277]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 381s [p11_child[2277]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 381s [p11_child[2277]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 381s [p11_child[2277]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 381s [p11_child[2277]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 381s [p11_child[2277]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 381s [p11_child[2277]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 381s [p11_child[2277]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 381s [p11_child[2277]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 381s [p11_child[2277]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 381s [p11_child[2277]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 381s [p11_child[2277]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 381s [p11_child[2277]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 381s [p11_child[2277]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 381s [p11_child[2277]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 381s [p11_child[2277]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 381s [p11_child[2277]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 381s [p11_child[2277]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 381s [p11_child[2277]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 381s [p11_child[2277]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 381s [p11_child[2277]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 381s [p11_child[2277]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 381s [p11_child[2277]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 381s [p11_child[2277]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 381s [p11_child[2277]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 381s [p11_child[2277]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 381s [p11_child[2277]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 381s [p11_child[2277]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 381s [p11_child[2277]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 381s [p11_child[2277]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 381s [p11_child[2277]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 381s [p11_child[2277]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 381s [p11_child[2277]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 381s [p11_child[2277]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 381s [p11_child[2277]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 381s [p11_child[2277]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 381s [p11_child[2277]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 381s [p11_child[2277]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 381s [p11_child[2277]] [do_card] (0x4000): Certificate verified and validated. 381s [p11_child[2277]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 381s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-F2KOnK/SSSD-child-6684-auth.output 381s + echo '-----BEGIN CERTIFICATE-----' 381s + tail -n1 /tmp/sssd-softhsm2-F2KOnK/SSSD-child-6684-auth.output 381s + echo '-----END CERTIFICATE-----' 381s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-F2KOnK/SSSD-child-6684-auth.pem 381s Certificate: 381s Data: 381s Version: 3 (0x2) 381s Serial Number: 5 (0x5) 381s Signature Algorithm: sha256WithRSAEncryption 381s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate CA 381s Validity 381s Not Before: Mar 21 03:53:17 2024 GMT 381s Not After : Mar 21 03:53:17 2025 GMT 381s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate Trusted Certificate 0001 381s Subject Public Key Info: 381s Public Key Algorithm: rsaEncryption 381s Public-Key: (1024 bit) 381s Modulus: 381s 00:de:3d:d0:b8:f7:ef:28:0d:18:41:cd:9e:03:87: 381s e0:76:ed:48:91:ac:99:f8:1d:43:98:e0:c3:2f:d5: 381s d2:a7:f0:86:55:a0:64:37:43:3c:70:e1:35:4d:85: 381s 9d:87:6b:da:81:da:fb:54:41:c8:bb:53:51:28:d3: 381s 00:91:f6:81:6e:26:13:c2:a9:41:96:23:f9:39:90: 381s 36:9f:37:69:0c:cf:d4:24:52:04:be:93:94:19:22: 381s f8:c4:dd:64:b0:af:b9:74:3b:8d:18:74:9d:c7:fb: 381s 53:c5:8d:1b:b8:79:90:06:f6:c5:2c:19:7e:9c:1f: 381s 56:cc:64:a2:a5:70:d5:4b:b5 381s Exponent: 65537 (0x10001) 381s X509v3 extensions: 381s X509v3 Authority Key Identifier: 381s 4B:0B:B2:10:B8:D4:0F:4D:3C:47:00:3C:7F:66:8F:DF:C4:42:3F:FA 381s X509v3 Basic Constraints: 381s CA:FALSE 381s Netscape Cert Type: 381s SSL Client, S/MIME 381s Netscape Comment: 381s Test Organization Sub Intermediate CA trusted Certificate 381s X509v3 Subject Key Identifier: 381s 31:B6:6F:93:11:13:8F:85:38:EB:0D:84:76:41:44:F6:11:8F:8E:FC 381s X509v3 Key Usage: critical 381s Digital Signature, Non Repudiation, Key Encipherment 381s X509v3 Extended Key Usage: 381s TLS Web Client Authentication, E-mail Protection 381s X509v3 Subject Alternative Name: 381s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 381s Signature Algorithm: sha256WithRSAEncryption 381s Signature Value: 381s 20:53:08:90:58:08:ae:2f:6a:d9:b7:75:29:d1:e3:d0:4f:f8: 381s 5b:49:ae:90:14:18:93:f0:9c:1c:5d:8e:31:91:8a:63:3d:2c: 381s 40:71:e0:b7:75:4a:c5:b0:8e:b6:b2:d4:b8:c3:6a:9b:8c:06: 381s f7:7c:ee:6a:0a:80:a5:43:ab:b3:4d:3a:c9:11:6c:9c:7e:92: 381s dd:77:ec:50:99:1c:6e:b1:3b:17:08:a6:e2:77:ff:12:d0:46: 381s d5:97:b0:3a:d5:49:f4:c6:0d:6a:fa:b7:14:93:65:41:20:1b: 381s 03:16:07:b2:bd:32:44:62:fd:11:6c:98:38:6c:26:a5:ef:4b: 381s 83:8c 381s Test Organization Sub Int Token 381s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-F2KOnK/SSSD-child-6684-auth.pem 381s + found_md5=Modulus=DE3DD0B8F7EF280D1841CD9E0387E076ED4891AC99F81D4398E0C32FD5D2A7F08655A06437433C70E1354D859D876BDA81DAFB5441C8BB535128D30091F6816E2613C2A9419623F93990369F37690CCFD4245204BE93941922F8C4DD64B0AFB9743B8D18749DC7FB53C58D1BB8799006F6C52C197E9C1F56CC64A2A570D54BB5 381s + '[' Modulus=DE3DD0B8F7EF280D1841CD9E0387E076ED4891AC99F81D4398E0C32FD5D2A7F08655A06437433C70E1354D859D876BDA81DAFB5441C8BB535128D30091F6816E2613C2A9419623F93990369F37690CCFD4245204BE93941922F8C4DD64B0AFB9743B8D18749DC7FB53C58D1BB8799006F6C52C197E9C1F56CC64A2A570D54BB5 '!=' Modulus=DE3DD0B8F7EF280D1841CD9E0387E076ED4891AC99F81D4398E0C32FD5D2A7F08655A06437433C70E1354D859D876BDA81DAFB5441C8BB535128D30091F6816E2613C2A9419623F93990369F37690CCFD4245204BE93941922F8C4DD64B0AFB9743B8D18749DC7FB53C58D1BB8799006F6C52C197E9C1F56CC64A2A570D54BB5 ']' 381s + valid_certificate /tmp/sssd-softhsm2-F2KOnK/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-24303 /tmp/sssd-softhsm2-F2KOnK/test-full-chain-CA.pem partial_chain 381s + check_certificate /tmp/sssd-softhsm2-F2KOnK/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-24303 /tmp/sssd-softhsm2-F2KOnK/test-full-chain-CA.pem partial_chain 381s + local certificate=/tmp/sssd-softhsm2-F2KOnK/test-sub-intermediate-CA-trusted-certificate-0001.pem 381s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-24303 381s + local key_ring=/tmp/sssd-softhsm2-F2KOnK/test-full-chain-CA.pem 381s + local verify_option=partial_chain 381s + prepare_softhsm2_card /tmp/sssd-softhsm2-F2KOnK/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-24303 381s + local certificate=/tmp/sssd-softhsm2-F2KOnK/test-sub-intermediate-CA-trusted-certificate-0001.pem 381s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-24303 381s + local key_cn 381s + local key_name 381s + local tokens_dir 381s + local output_cert_file 381s + token_name= 381s ++ basename /tmp/sssd-softhsm2-F2KOnK/test-sub-intermediate-CA-trusted-certificate-0001.pem .pem 381s + key_name=test-sub-intermediate-CA-trusted-certificate-0001 381s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-F2KOnK/test-sub-intermediate-CA-trusted-certificate-0001.pem 381s ++ sed -n 's/ *commonName *= //p' 381s + key_cn='Test Organization Sub Intermediate Trusted Certificate 0001' 381s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 381s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-F2KOnK/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 381s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-F2KOnK/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 381s ++ basename /tmp/sssd-softhsm2-F2KOnK/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf .conf 381s + tokens_dir=/tmp/sssd-softhsm2-F2KOnK/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 381s + token_name='Test Organization Sub Int Token' 381s + '[' '!' -e /tmp/sssd-softhsm2-F2KOnK/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf ']' 381s + '[' '!' -d /tmp/sssd-softhsm2-F2KOnK/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 ']' 381s + echo 'Test Organization Sub Int Token' 381s + '[' -n partial_chain ']' 381s + local verify_arg=--verify=partial_chain 381s + local output_base_name=SSSD-child-20949 381s + local output_file=/tmp/sssd-softhsm2-F2KOnK/SSSD-child-20949.output 381s + output_cert_file=/tmp/sssd-softhsm2-F2KOnK/SSSD-child-20949.pem 381s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so --verify=partial_chain --ca_db=/tmp/sssd-softhsm2-F2KOnK/test-full-chain-CA.pem 381s [p11_child[2287]] [main] (0x0400): p11_child started. 381s [p11_child[2287]] [main] (0x2000): Running in [pre-auth] mode. 381s [p11_child[2287]] [main] (0x2000): Running with effective IDs: [0][0]. 381s [p11_child[2287]] [main] (0x2000): Running with real IDs [0][0]. 381s [p11_child[2287]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 381s [p11_child[2287]] [do_card] (0x4000): Module List: 381s [p11_child[2287]] [do_card] (0x4000): common name: [softhsm2]. 381s [p11_child[2287]] [do_card] (0x4000): dll name: [/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 381s [p11_child[2287]] [do_card] (0x4000): Description [SoftHSM slot ID 0x2f8221c6] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 381s [p11_child[2287]] [do_card] (0x4000): Token label [Test Organization Sub Int Token]. 381s [p11_child[2287]] [do_card] (0x4000): Found [Test Organization Sub Int Token] in slot [SoftHSM slot ID 0x2f8221c6][797057478] of module [0][/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 381s [p11_child[2287]] [do_card] (0x4000): Login NOT required. 381s [p11_child[2287]] [read_certs] (0x4000): found cert[Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] 381s [p11_child[2287]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 381s [p11_child[2287]] [do_card] (0x4000): /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so (null) Test Organization Sub Int Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 381s [p11_child[2287]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x2f8221c6;slot-manufacturer=SoftHSM%20project;slot-id=797057478;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=6f9b4c782f8221c6;token=Test%20Organization%20Sub%20Int%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Sub%20Intermediate%20Trusted%20Certificate%200001;type=cert. 381s [p11_child[2287]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 381s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-F2KOnK/SSSD-child-20949.output 381s + echo '-----BEGIN CERTIFICATE-----' 381s + tail -n1 /tmp/sssd-softhsm2-F2KOnK/SSSD-child-20949.output 381s + echo '-----END CERTIFICATE-----' 381s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-F2KOnK/SSSD-child-20949.pem 381s Certificate: 381s Data: 381s Version: 3 (0x2) 381s Serial Number: 5 (0x5) 381s Signature Algorithm: sha256WithRSAEncryption 381s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate CA 381s Validity 381s Not Before: Mar 21 03:53:17 2024 GMT 381s Not After : Mar 21 03:53:17 2025 GMT 381s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate Trusted Certificate 0001 381s Subject Public Key Info: 381s Public Key Algorithm: rsaEncryption 381s Public-Key: (1024 bit) 381s Modulus: 381s 00:de:3d:d0:b8:f7:ef:28:0d:18:41:cd:9e:03:87: 381s e0:76:ed:48:91:ac:99:f8:1d:43:98:e0:c3:2f:d5: 381s d2:a7:f0:86:55:a0:64:37:43:3c:70:e1:35:4d:85: 381s 9d:87:6b:da:81:da:fb:54:41:c8:bb:53:51:28:d3: 381s 00:91:f6:81:6e:26:13:c2:a9:41:96:23:f9:39:90: 381s 36:9f:37:69:0c:cf:d4:24:52:04:be:93:94:19:22: 381s f8:c4:dd:64:b0:af:b9:74:3b:8d:18:74:9d:c7:fb: 381s 53:c5:8d:1b:b8:79:90:06:f6:c5:2c:19:7e:9c:1f: 381s 56:cc:64:a2:a5:70:d5:4b:b5 381s Exponent: 65537 (0x10001) 381s X509v3 extensions: 381s X509v3 Authority Key Identifier: 381s 4B:0B:B2:10:B8:D4:0F:4D:3C:47:00:3C:7F:66:8F:DF:C4:42:3F:FA 381s X509v3 Basic Constraints: 381s CA:FALSE 381s Netscape Cert Type: 381s SSL Client, S/MIME 381s Netscape Comment: 381s Test Organization Sub Intermediate CA trusted Certificate 381s X509v3 Subject Key Identifier: 381s 31:B6:6F:93:11:13:8F:85:38:EB:0D:84:76:41:44:F6:11:8F:8E:FC 381s X509v3 Key Usage: critical 381s Digital Signature, Non Repudiation, Key Encipherment 381s X509v3 Extended Key Usage: 381s TLS Web Client Authentication, E-mail Protection 381s X509v3 Subject Alternative Name: 381s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 381s Signature Algorithm: sha256WithRSAEncryption 381s Signature Value: 381s 20:53:08:90:58:08:ae:2f:6a:d9:b7:75:29:d1:e3:d0:4f:f8: 381s 5b:49:ae:90:14:18:93:f0:9c:1c:5d:8e:31:91:8a:63:3d:2c: 381s 40:71:e0:b7:75:4a:c5:b0:8e:b6:b2:d4:b8:c3:6a:9b:8c:06: 381s f7:7c:ee:6a:0a:80:a5:43:ab:b3:4d:3a:c9:11:6c:9c:7e:92: 381s dd:77:ec:50:99:1c:6e:b1:3b:17:08:a6:e2:77:ff:12:d0:46: 381s d5:97:b0:3a:d5:49:f4:c6:0d:6a:fa:b7:14:93:65:41:20:1b: 381s 03:16:07:b2:bd:32:44:62:fd:11:6c:98:38:6c:26:a5:ef:4b: 381s 83:8c 381s + local found_md5 expected_md5 381s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-F2KOnK/test-sub-intermediate-CA-trusted-certificate-0001.pem 381s + expected_md5=Modulus=DE3DD0B8F7EF280D1841CD9E0387E076ED4891AC99F81D4398E0C32FD5D2A7F08655A06437433C70E1354D859D876BDA81DAFB5441C8BB535128D30091F6816E2613C2A9419623F93990369F37690CCFD4245204BE93941922F8C4DD64B0AFB9743B8D18749DC7FB53C58D1BB8799006F6C52C197E9C1F56CC64A2A570D54BB5 381s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-F2KOnK/SSSD-child-20949.pem 381s + found_md5=Modulus=DE3DD0B8F7EF280D1841CD9E0387E076ED4891AC99F81D4398E0C32FD5D2A7F08655A06437433C70E1354D859D876BDA81DAFB5441C8BB535128D30091F6816E2613C2A9419623F93990369F37690CCFD4245204BE93941922F8C4DD64B0AFB9743B8D18749DC7FB53C58D1BB8799006F6C52C197E9C1F56CC64A2A570D54BB5 381s + '[' Modulus=DE3DD0B8F7EF280D1841CD9E0387E076ED4891AC99F81D4398E0C32FD5D2A7F08655A06437433C70E1354D859D876BDA81DAFB5441C8BB535128D30091F6816E2613C2A9419623F93990369F37690CCFD4245204BE93941922F8C4DD64B0AFB9743B8D18749DC7FB53C58D1BB8799006F6C52C197E9C1F56CC64A2A570D54BB5 '!=' Modulus=DE3DD0B8F7EF280D1841CD9E0387E076ED4891AC99F81D4398E0C32FD5D2A7F08655A06437433C70E1354D859D876BDA81DAFB5441C8BB535128D30091F6816E2613C2A9419623F93990369F37690CCFD4245204BE93941922F8C4DD64B0AFB9743B8D18749DC7FB53C58D1BB8799006F6C52C197E9C1F56CC64A2A570D54BB5 ']' 381s + output_file=/tmp/sssd-softhsm2-F2KOnK/SSSD-child-20949-auth.output 381s ++ basename /tmp/sssd-softhsm2-F2KOnK/SSSD-child-20949-auth.output .output 381s + output_cert_file=/tmp/sssd-softhsm2-F2KOnK/SSSD-child-20949-auth.pem 381s + echo -n 053350 381s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/tmp/sssd-softhsm2-F2KOnK/test-full-chain-CA.pem --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 --verify=partial_chain --token_name 'Test Organization Sub Int Token' --module_name /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so 381s [p11_child[2295]] [main] (0x0400): p11_child started. 381s [p11_child[2295]] [main] (0x2000): Running in [auth] mode. 381s [p11_child[2295]] [main] (0x2000): Running with effective IDs: [0][0]. 381s [p11_child[2295]] [main] (0x2000): Running with real IDs [0][0]. 381s [p11_child[2295]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 381s [p11_child[2295]] [do_card] (0x4000): Module List: 381s [p11_child[2295]] [do_card] (0x4000): common name: [softhsm2]. 381s [p11_child[2295]] [do_card] (0x4000): dll name: [/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 381s [p11_child[2295]] [do_card] (0x4000): Description [SoftHSM slot ID 0x2f8221c6] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 381s [p11_child[2295]] [do_card] (0x4000): Token label [Test Organization Sub Int Token]. 381s [p11_child[2295]] [do_card] (0x4000): Found [Test Organization Sub Int Token] in slot [SoftHSM slot ID 0x2f8221c6][797057478] of module [0][/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 381s [p11_child[2295]] [do_card] (0x4000): Login required. 381s [p11_child[2295]] [read_certs] (0x4000): found cert[Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] 381s [p11_child[2295]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 381s [p11_child[2295]] [do_card] (0x4000): /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so Test Organization Sub Int Token Test Organization Sub Int Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 381s [p11_child[2295]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x2f8221c6;slot-manufacturer=SoftHSM%20project;slot-id=797057478;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=6f9b4c782f8221c6;token=Test%20Organization%20Sub%20Int%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Sub%20Intermediate%20Trusted%20Certificate%200001;type=cert. 381s [p11_child[2295]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 381s [p11_child[2295]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 381s [p11_child[2295]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 381s [p11_child[2295]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 381s [p11_child[2295]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 381s [p11_child[2295]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 381s [p11_child[2295]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 381s [p11_child[2295]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 381s [p11_child[2295]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 381s [p11_child[2295]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 381s [p11_child[2295]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 381s [p11_child[2295]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 381s [p11_child[2295]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 381s [p11_child[2295]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 381s [p11_child[2295]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 381s [p11_child[2295]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 381s [p11_child[2295]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 381s [p11_child[2295]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 381s [p11_child[2295]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 381s [p11_child[2295]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 381s [p11_child[2295]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 381s [p11_child[2295]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 381s [p11_child[2295]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 381s [p11_child[2295]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 381s [p11_child[2295]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 381s [p11_child[2295]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 381s [p11_child[2295]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 381s [p11_child[2295]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 381s [p11_child[2295]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 381s [p11_child[2295]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 381s [p11_child[2295]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 381s [p11_child[2295]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 381s [p11_child[2295]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 381s [p11_child[2295]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 381s [p11_child[2295]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 381s [p11_child[2295]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 381s [p11_child[2295]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 381s [p11_child[2295]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 381s [p11_child[2295]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 381s [p11_child[2295]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 381s [p11_child[2295]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 381s [p11_child[2295]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 381s [p11_child[2295]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 381s [p11_child[2295]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 381s [p11_child[2295]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 381s [p11_child[2295]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 381s [p11_child[2295]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 381s [p11_child[2295]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 381s [p11_child[2295]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 381s [p11_child[2295]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 381s [p11_child[2295]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 381s [p11_child[2295]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 381s [p11_child[2295]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 381s [p11_child[2295]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 381s [p11_child[2295]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 381s [p11_child[2295]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 381s [p11_child[2295]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 381s [p11_child[2295]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 381s [p11_child[2295]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 381s [p11_child[2295]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 381s [p11_child[2295]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 381s [p11_child[2295]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 381s [p11_child[2295]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 381s [p11_child[2295]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 381s [p11_child[2295]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 381s [p11_child[2295]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 381s [p11_child[2295]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 381s [p11_child[2295]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 381s [p11_child[2295]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 381s [p11_child[2295]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 381s [p11_child[2295]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 381s [p11_child[2295]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 381s [p11_child[2295]] [do_card] (0x4000): Certificate verified and validated. 381s [p11_child[2295]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 381s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-F2KOnK/SSSD-child-20949-auth.output 381s + echo '-----BEGIN CERTIFICATE-----' 381s + tail -n1 /tmp/sssd-softhsm2-F2KOnK/SSSD-child-20949-auth.output 381s + echo '-----END CERTIFICATE-----' 381s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-F2KOnK/SSSD-child-20949-auth.pem 381s Certificate: 381s Data: 381s Version: 3 (0x2) 381s Serial Number: 5 (0x5) 381s Signature Algorithm: sha256WithRSAEncryption 381s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate CA 381s Validity 381s Not Before: Mar 21 03:53:17 2024 GMT 381s Not After : Mar 21 03:53:17 2025 GMT 381s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate Trusted Certificate 0001 381s Subject Public Key Info: 381s Public Key Algorithm: rsaEncryption 381s Public-Key: (1024 bit) 381s Modulus: 381s 00:de:3d:d0:b8:f7:ef:28:0d:18:41:cd:9e:03:87: 381s e0:76:ed:48:91:ac:99:f8:1d:43:98:e0:c3:2f:d5: 381s d2:a7:f0:86:55:a0:64:37:43:3c:70:e1:35:4d:85: 381s 9d:87:6b:da:81:da:fb:54:41:c8:bb:53:51:28:d3: 381s 00:91:f6:81:6e:26:13:c2:a9:41:96:23:f9:39:90: 381s 36:9f:37:69:0c:cf:d4:24:52:04:be:93:94:19:22: 381s f8:c4:dd:64:b0:af:b9:74:3b:8d:18:74:9d:c7:fb: 381s 53:c5:8d:1b:b8:79:90:06:f6:c5:2c:19:7e:9c:1f: 381s 56:cc:64:a2:a5:70:d5:4b:b5 381s Exponent: 65537 (0x10001) 381s X509v3 extensions: 381s X509v3 Authority Key Identifier: 381s 4B:0B:B2:10:B8:D4:0F:4D:3C:47:00:3C:7F:66:8F:DF:C4:42:3F:FA 381s X509v3 Basic Constraints: 381s CA:FALSE 381s Netscape Cert Type: 381s SSL Client, S/MIME 381s Netscape Comment: 381s Test Organization Sub Intermediate CA trusted Certificate 381s X509v3 Subject Key Identifier: 381s 31:B6:6F:93:11:13:8F:85:38:EB:0D:84:76:41:44:F6:11:8F:8E:FC 381s X509v3 Key Usage: critical 381s Digital Signature, Non Repudiation, Key Encipherment 381s X509v3 Extended Key Usage: 381s TLS Web Client Authentication, E-mail Protection 381s X509v3 Subject Alternative Name: 381s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 381s Signature Algorithm: sha256WithRSAEncryption 381s Signature Value: 381s 20:53:08:90:58:08:ae:2f:6a:d9:b7:75:29:d1:e3:d0:4f:f8: 381s 5b:49:ae:90:14:18:93:f0:9c:1c:5d:8e:31:91:8a:63:3d:2c: 381s 40:71:e0:b7:75:4a:c5:b0:8e:b6:b2:d4:b8:c3:6a:9b:8c:06: 381s f7:7c:ee:6a:0a:80:a5:43:ab:b3:4d:3a:c9:11:6c:9c:7e:92: 381s dd:77:ec:50:99:1c:6e:b1:3b:17:08:a6:e2:77:ff:12:d0:46: 381s d5:97:b0:3a:d5:49:f4:c6:0d:6a:fa:b7:14:93:65:41:20:1b: 381s 03:16:07:b2:bd:32:44:62:fd:11:6c:98:38:6c:26:a5:ef:4b: 381s 83:8c 381s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-F2KOnK/SSSD-child-20949-auth.pem 381s + found_md5=Modulus=DE3DD0B8F7EF280D1841CD9E0387E076ED4891AC99F81D4398E0C32FD5D2A7F08655A06437433C70E1354D859D876BDA81DAFB5441C8BB535128D30091F6816E2613C2A9419623F93990369F37690CCFD4245204BE93941922F8C4DD64B0AFB9743B8D18749DC7FB53C58D1BB8799006F6C52C197E9C1F56CC64A2A570D54BB5 381s + '[' Modulus=DE3DD0B8F7EF280D1841CD9E0387E076ED4891AC99F81D4398E0C32FD5D2A7F08655A06437433C70E1354D859D876BDA81DAFB5441C8BB535128D30091F6816E2613C2A9419623F93990369F37690CCFD4245204BE93941922F8C4DD64B0AFB9743B8D18749DC7FB53C58D1BB8799006F6C52C197E9C1F56CC64A2A570D54BB5 '!=' Modulus=DE3DD0B8F7EF280D1841CD9E0387E076ED4891AC99F81D4398E0C32FD5D2A7F08655A06437433C70E1354D859D876BDA81DAFB5441C8BB535128D30091F6816E2613C2A9419623F93990369F37690CCFD4245204BE93941922F8C4DD64B0AFB9743B8D18749DC7FB53C58D1BB8799006F6C52C197E9C1F56CC64A2A570D54BB5 ']' 381s + invalid_certificate /tmp/sssd-softhsm2-F2KOnK/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-24303 /tmp/sssd-softhsm2-F2KOnK/test-sub-intermediate-CA.pem 381s + check_certificate /tmp/sssd-softhsm2-F2KOnK/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-24303 /tmp/sssd-softhsm2-F2KOnK/test-sub-intermediate-CA.pem 381s + local certificate=/tmp/sssd-softhsm2-F2KOnK/test-sub-intermediate-CA-trusted-certificate-0001.pem 381s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-24303 381s + local key_ring=/tmp/sssd-softhsm2-F2KOnK/test-sub-intermediate-CA.pem 381s + local verify_option= 381s + prepare_softhsm2_card /tmp/sssd-softhsm2-F2KOnK/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-24303 381s + local certificate=/tmp/sssd-softhsm2-F2KOnK/test-sub-intermediate-CA-trusted-certificate-0001.pem 381s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-24303 381s + local key_cn 381s + local key_name 381s + local tokens_dir 381s + local output_cert_file 381s + token_name= 381s ++ basename /tmp/sssd-softhsm2-F2KOnK/test-sub-intermediate-CA-trusted-certificate-0001.pem .pem 381s + key_name=test-sub-intermediate-CA-trusted-certificate-0001 381s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-F2KOnK/test-sub-intermediate-CA-trusted-certificate-0001.pem 381s ++ sed -n 's/ *commonName *= //p' 381s + key_cn='Test Organization Sub Intermediate Trusted Certificate 0001' 381s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 381s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-F2KOnK/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 381s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-F2KOnK/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 381s ++ basename /tmp/sssd-softhsm2-F2KOnK/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf .conf 381s Test Organization Sub Int Token 381s + tokens_dir=/tmp/sssd-softhsm2-F2KOnK/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 381s + token_name='Test Organization Sub Int Token' 381s + '[' '!' -e /tmp/sssd-softhsm2-F2KOnK/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf ']' 381s + '[' '!' -d /tmp/sssd-softhsm2-F2KOnK/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 ']' 381s + echo 'Test Organization Sub Int Token' 381s + '[' -n '' ']' 381s + local output_base_name=SSSD-child-23616 381s + local output_file=/tmp/sssd-softhsm2-F2KOnK/SSSD-child-23616.output 381s + output_cert_file=/tmp/sssd-softhsm2-F2KOnK/SSSD-child-23616.pem 381s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so '' --ca_db=/tmp/sssd-softhsm2-F2KOnK/test-sub-intermediate-CA.pem 381s [p11_child[2305]] [main] (0x0400): p11_child started. 381s [p11_child[2305]] [main] (0x2000): Running in [pre-auth] mode. 381s [p11_child[2305]] [main] (0x2000): Running with effective IDs: [0][0]. 381s [p11_child[2305]] [main] (0x2000): Running with real IDs [0][0]. 381s [p11_child[2305]] [do_card] (0x4000): Module List: 381s [p11_child[2305]] [do_card] (0x4000): common name: [softhsm2]. 381s [p11_child[2305]] [do_card] (0x4000): dll name: [/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 381s [p11_child[2305]] [do_card] (0x4000): Description [SoftHSM slot ID 0x2f8221c6] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 381s [p11_child[2305]] [do_card] (0x4000): Token label [Test Organization Sub Int Token]. 381s [p11_child[2305]] [do_card] (0x4000): Found [Test Organization Sub Int Token] in slot [SoftHSM slot ID 0x2f8221c6][797057478] of module [0][/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 381s [p11_child[2305]] [do_card] (0x4000): Login NOT required. 381s [p11_child[2305]] [read_certs] (0x4000): found cert[Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] 381s [p11_child[2305]] [do_verification] (0x0040): X509_verify_cert failed [0]. 381s [p11_child[2305]] [do_verification] (0x0040): X509_verify_cert failed [2][unable to get issuer certificate]. 381s [p11_child[2305]] [read_certs] (0x0040): Certificate [Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] not valid, skipping. 381s [p11_child[2305]] [do_card] (0x4000): No certificate found. 381s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-F2KOnK/SSSD-child-23616.output 381s + return 2 381s + invalid_certificate /tmp/sssd-softhsm2-F2KOnK/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-24303 /tmp/sssd-softhsm2-F2KOnK/test-root-intermediate-chain-CA.pem partial_chain 381s + check_certificate /tmp/sssd-softhsm2-F2KOnK/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-24303 /tmp/sssd-softhsm2-F2KOnK/test-root-intermediate-chain-CA.pem partial_chain 381s + local certificate=/tmp/sssd-softhsm2-F2KOnK/test-sub-intermediate-CA-trusted-certificate-0001.pem 381s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-24303 381s + local key_ring=/tmp/sssd-softhsm2-F2KOnK/test-root-intermediate-chain-CA.pem 381s + local verify_option=partial_chain 381s + prepare_softhsm2_card /tmp/sssd-softhsm2-F2KOnK/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-24303 381s + local certificate=/tmp/sssd-softhsm2-F2KOnK/test-sub-intermediate-CA-trusted-certificate-0001.pem 381s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-24303 381s + local key_cn 381s + local key_name 381s + local tokens_dir 381s + local output_cert_file 381s + token_name= 381s ++ basename /tmp/sssd-softhsm2-F2KOnK/test-sub-intermediate-CA-trusted-certificate-0001.pem .pem 381s + key_name=test-sub-intermediate-CA-trusted-certificate-0001 381s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-F2KOnK/test-sub-intermediate-CA-trusted-certificate-0001.pem 381s ++ sed -n 's/ *commonName *= //p' 381s + key_cn='Test Organization Sub Intermediate Trusted Certificate 0001' 381s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 381s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-F2KOnK/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 381s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-F2KOnK/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 381s ++ basename /tmp/sssd-softhsm2-F2KOnK/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf .conf 381s + tokens_dir=/tmp/sssd-softhsm2-F2KOnK/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 381s + token_name='Test Organization Sub Int Token' 381s + '[' '!' -e /tmp/sssd-softhsm2-F2KOnK/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf ']' 381s + '[' '!' -d /tmp/sssd-softhsm2-F2KOnK/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 ']' 381s Test Organization Sub Int Token 381s + echo 'Test Organization Sub Int Token' 381s + '[' -n partial_chain ']' 381s + local verify_arg=--verify=partial_chain 381s + local output_base_name=SSSD-child-74 381s + local output_file=/tmp/sssd-softhsm2-F2KOnK/SSSD-child-74.output 381s + output_cert_file=/tmp/sssd-softhsm2-F2KOnK/SSSD-child-74.pem 381s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so --verify=partial_chain --ca_db=/tmp/sssd-softhsm2-F2KOnK/test-root-intermediate-chain-CA.pem 381s [p11_child[2312]] [main] (0x0400): p11_child started. 381s [p11_child[2312]] [main] (0x2000): Running in [pre-auth] mode. 381s [p11_child[2312]] [main] (0x2000): Running with effective IDs: [0][0]. 381s [p11_child[2312]] [main] (0x2000): Running with real IDs [0][0]. 381s [p11_child[2312]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 381s [p11_child[2312]] [do_card] (0x4000): Module List: 381s [p11_child[2312]] [do_card] (0x4000): common name: [softhsm2]. 381s [p11_child[2312]] [do_card] (0x4000): dll name: [/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 381s [p11_child[2312]] [do_card] (0x4000): Description [SoftHSM slot ID 0x2f8221c6] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 381s [p11_child[2312]] [do_card] (0x4000): Token label [Test Organization Sub Int Token]. 381s [p11_child[2312]] [do_card] (0x4000): Found [Test Organization Sub Int Token] in slot [SoftHSM slot ID 0x2f8221c6][797057478] of module [0][/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 381s [p11_child[2312]] [do_card] (0x4000): Login NOT required. 381s [p11_child[2312]] [read_certs] (0x4000): found cert[Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] 381s [p11_child[2312]] [do_verification] (0x0040): X509_verify_cert failed [0]. 381s [p11_child[2312]] [do_verification] (0x0040): X509_verify_cert failed [20][unable to get local issuer certificate]. 381s [p11_child[2312]] [read_certs] (0x0040): Certificate [Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] not valid, skipping. 381s [p11_child[2312]] [do_card] (0x4000): No certificate found. 381s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-F2KOnK/SSSD-child-74.output 381s + return 2 381s + valid_certificate /tmp/sssd-softhsm2-F2KOnK/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-24303 /tmp/sssd-softhsm2-F2KOnK/test-sub-intermediate-CA.pem partial_chain 381s + check_certificate /tmp/sssd-softhsm2-F2KOnK/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-24303 /tmp/sssd-softhsm2-F2KOnK/test-sub-intermediate-CA.pem partial_chain 381s + local certificate=/tmp/sssd-softhsm2-F2KOnK/test-sub-intermediate-CA-trusted-certificate-0001.pem 381s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-24303 381s + local key_ring=/tmp/sssd-softhsm2-F2KOnK/test-sub-intermediate-CA.pem 381s + local verify_option=partial_chain 381s + prepare_softhsm2_card /tmp/sssd-softhsm2-F2KOnK/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-24303 381s + local certificate=/tmp/sssd-softhsm2-F2KOnK/test-sub-intermediate-CA-trusted-certificate-0001.pem 381s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-24303 381s + local key_cn 381s + local key_name 381s + local tokens_dir 381s + local output_cert_file 381s + token_name= 381s ++ basename /tmp/sssd-softhsm2-F2KOnK/test-sub-intermediate-CA-trusted-certificate-0001.pem .pem 381s + key_name=test-sub-intermediate-CA-trusted-certificate-0001 381s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-F2KOnK/test-sub-intermediate-CA-trusted-certificate-0001.pem 381s ++ sed -n 's/ *commonName *= //p' 381s + key_cn='Test Organization Sub Intermediate Trusted Certificate 0001' 381s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 381s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-F2KOnK/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 381s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-F2KOnK/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 381s ++ basename /tmp/sssd-softhsm2-F2KOnK/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf .conf 381s Test Organization Sub Int Token 381s + tokens_dir=/tmp/sssd-softhsm2-F2KOnK/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 381s + token_name='Test Organization Sub Int Token' 381s + '[' '!' -e /tmp/sssd-softhsm2-F2KOnK/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf ']' 381s + '[' '!' -d /tmp/sssd-softhsm2-F2KOnK/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 ']' 381s + echo 'Test Organization Sub Int Token' 381s + '[' -n partial_chain ']' 381s + local verify_arg=--verify=partial_chain 381s + local output_base_name=SSSD-child-23229 381s + local output_file=/tmp/sssd-softhsm2-F2KOnK/SSSD-child-23229.output 381s + output_cert_file=/tmp/sssd-softhsm2-F2KOnK/SSSD-child-23229.pem 381s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so --verify=partial_chain --ca_db=/tmp/sssd-softhsm2-F2KOnK/test-sub-intermediate-CA.pem 381s [p11_child[2319]] [main] (0x0400): p11_child started. 381s [p11_child[2319]] [main] (0x2000): Running in [pre-auth] mode. 381s [p11_child[2319]] [main] (0x2000): Running with effective IDs: [0][0]. 381s [p11_child[2319]] [main] (0x2000): Running with real IDs [0][0]. 381s [p11_child[2319]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 381s [p11_child[2319]] [do_card] (0x4000): Module List: 381s [p11_child[2319]] [do_card] (0x4000): common name: [softhsm2]. 381s [p11_child[2319]] [do_card] (0x4000): dll name: [/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 381s [p11_child[2319]] [do_card] (0x4000): Description [SoftHSM slot ID 0x2f8221c6] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 381s [p11_child[2319]] [do_card] (0x4000): Token label [Test Organization Sub Int Token]. 381s [p11_child[2319]] [do_card] (0x4000): Found [Test Organization Sub Int Token] in slot [SoftHSM slot ID 0x2f8221c6][797057478] of module [0][/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 381s [p11_child[2319]] [do_card] (0x4000): Login NOT required. 381s [p11_child[2319]] [read_certs] (0x4000): found cert[Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] 381s [p11_child[2319]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 381s [p11_child[2319]] [do_card] (0x4000): /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so (null) Test Organization Sub Int Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 381s [p11_child[2319]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x2f8221c6;slot-manufacturer=SoftHSM%20project;slot-id=797057478;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=6f9b4c782f8221c6;token=Test%20Organization%20Sub%20Int%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Sub%20Intermediate%20Trusted%20Certificate%200001;type=cert. 381s [p11_child[2319]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 381s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-F2KOnK/SSSD-child-23229.output 381s + echo '-----BEGIN CERTIFICATE-----' 381s + tail -n1 /tmp/sssd-softhsm2-F2KOnK/SSSD-child-23229.output 381s + echo '-----END CERTIFICATE-----' 381s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-F2KOnK/SSSD-child-23229.pem 381s Certificate: 381s Data: 381s Version: 3 (0x2) 381s Serial Number: 5 (0x5) 381s Signature Algorithm: sha256WithRSAEncryption 381s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate CA 381s Validity 381s Not Before: Mar 21 03:53:17 2024 GMT 381s Not After : Mar 21 03:53:17 2025 GMT 381s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate Trusted Certificate 0001 381s Subject Public Key Info: 381s Public Key Algorithm: rsaEncryption 381s Public-Key: (1024 bit) 381s Modulus: 381s 00:de:3d:d0:b8:f7:ef:28:0d:18:41:cd:9e:03:87: 381s e0:76:ed:48:91:ac:99:f8:1d:43:98:e0:c3:2f:d5: 381s d2:a7:f0:86:55:a0:64:37:43:3c:70:e1:35:4d:85: 381s 9d:87:6b:da:81:da:fb:54:41:c8:bb:53:51:28:d3: 381s 00:91:f6:81:6e:26:13:c2:a9:41:96:23:f9:39:90: 381s 36:9f:37:69:0c:cf:d4:24:52:04:be:93:94:19:22: 381s f8:c4:dd:64:b0:af:b9:74:3b:8d:18:74:9d:c7:fb: 381s 53:c5:8d:1b:b8:79:90:06:f6:c5:2c:19:7e:9c:1f: 381s 56:cc:64:a2:a5:70:d5:4b:b5 381s Exponent: 65537 (0x10001) 381s X509v3 extensions: 381s X509v3 Authority Key Identifier: 381s 4B:0B:B2:10:B8:D4:0F:4D:3C:47:00:3C:7F:66:8F:DF:C4:42:3F:FA 381s X509v3 Basic Constraints: 381s CA:FALSE 381s Netscape Cert Type: 381s SSL Client, S/MIME 381s Netscape Comment: 381s Test Organization Sub Intermediate CA trusted Certificate 381s X509v3 Subject Key Identifier: 381s 31:B6:6F:93:11:13:8F:85:38:EB:0D:84:76:41:44:F6:11:8F:8E:FC 381s X509v3 Key Usage: critical 381s Digital Signature, Non Repudiation, Key Encipherment 381s X509v3 Extended Key Usage: 381s TLS Web Client Authentication, E-mail Protection 381s X509v3 Subject Alternative Name: 381s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 381s Signature Algorithm: sha256WithRSAEncryption 381s Signature Value: 381s 20:53:08:90:58:08:ae:2f:6a:d9:b7:75:29:d1:e3:d0:4f:f8: 381s 5b:49:ae:90:14:18:93:f0:9c:1c:5d:8e:31:91:8a:63:3d:2c: 381s 40:71:e0:b7:75:4a:c5:b0:8e:b6:b2:d4:b8:c3:6a:9b:8c:06: 381s f7:7c:ee:6a:0a:80:a5:43:ab:b3:4d:3a:c9:11:6c:9c:7e:92: 381s dd:77:ec:50:99:1c:6e:b1:3b:17:08:a6:e2:77:ff:12:d0:46: 381s d5:97:b0:3a:d5:49:f4:c6:0d:6a:fa:b7:14:93:65:41:20:1b: 381s 03:16:07:b2:bd:32:44:62:fd:11:6c:98:38:6c:26:a5:ef:4b: 381s 83:8c 381s + local found_md5 expected_md5 381s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-F2KOnK/test-sub-intermediate-CA-trusted-certificate-0001.pem 381s + expected_md5=Modulus=DE3DD0B8F7EF280D1841CD9E0387E076ED4891AC99F81D4398E0C32FD5D2A7F08655A06437433C70E1354D859D876BDA81DAFB5441C8BB535128D30091F6816E2613C2A9419623F93990369F37690CCFD4245204BE93941922F8C4DD64B0AFB9743B8D18749DC7FB53C58D1BB8799006F6C52C197E9C1F56CC64A2A570D54BB5 381s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-F2KOnK/SSSD-child-23229.pem 381s + found_md5=Modulus=DE3DD0B8F7EF280D1841CD9E0387E076ED4891AC99F81D4398E0C32FD5D2A7F08655A06437433C70E1354D859D876BDA81DAFB5441C8BB535128D30091F6816E2613C2A9419623F93990369F37690CCFD4245204BE93941922F8C4DD64B0AFB9743B8D18749DC7FB53C58D1BB8799006F6C52C197E9C1F56CC64A2A570D54BB5 381s + '[' Modulus=DE3DD0B8F7EF280D1841CD9E0387E076ED4891AC99F81D4398E0C32FD5D2A7F08655A06437433C70E1354D859D876BDA81DAFB5441C8BB535128D30091F6816E2613C2A9419623F93990369F37690CCFD4245204BE93941922F8C4DD64B0AFB9743B8D18749DC7FB53C58D1BB8799006F6C52C197E9C1F56CC64A2A570D54BB5 '!=' Modulus=DE3DD0B8F7EF280D1841CD9E0387E076ED4891AC99F81D4398E0C32FD5D2A7F08655A06437433C70E1354D859D876BDA81DAFB5441C8BB535128D30091F6816E2613C2A9419623F93990369F37690CCFD4245204BE93941922F8C4DD64B0AFB9743B8D18749DC7FB53C58D1BB8799006F6C52C197E9C1F56CC64A2A570D54BB5 ']' 381s + output_file=/tmp/sssd-softhsm2-F2KOnK/SSSD-child-23229-auth.output 381s ++ basename /tmp/sssd-softhsm2-F2KOnK/SSSD-child-23229-auth.output .output 382s + output_cert_file=/tmp/sssd-softhsm2-F2KOnK/SSSD-child-23229-auth.pem 382s + echo -n 053350 382s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/tmp/sssd-softhsm2-F2KOnK/test-sub-intermediate-CA.pem --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 --verify=partial_chain --token_name 'Test Organization Sub Int Token' --module_name /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so 382s [p11_child[2327]] [main] (0x0400): p11_child started. 382s [p11_child[2327]] [main] (0x2000): Running in [auth] mode. 382s [p11_child[2327]] [main] (0x2000): Running with effective IDs: [0][0]. 382s [p11_child[2327]] [main] (0x2000): Running with real IDs [0][0]. 382s [p11_child[2327]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 382s [p11_child[2327]] [do_card] (0x4000): Module List: 382s [p11_child[2327]] [do_card] (0x4000): common name: [softhsm2]. 382s [p11_child[2327]] [do_card] (0x4000): dll name: [/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 382s [p11_child[2327]] [do_card] (0x4000): Description [SoftHSM slot ID 0x2f8221c6] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 382s [p11_child[2327]] [do_card] (0x4000): Token label [Test Organization Sub Int Token]. 382s [p11_child[2327]] [do_card] (0x4000): Found [Test Organization Sub Int Token] in slot [SoftHSM slot ID 0x2f8221c6][797057478] of module [0][/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 382s [p11_child[2327]] [do_card] (0x4000): Login required. 382s [p11_child[2327]] [read_certs] (0x4000): found cert[Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] 382s [p11_child[2327]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 382s [p11_child[2327]] [do_card] (0x4000): /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so Test Organization Sub Int Token Test Organization Sub Int Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 382s [p11_child[2327]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x2f8221c6;slot-manufacturer=SoftHSM%20project;slot-id=797057478;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=6f9b4c782f8221c6;token=Test%20Organization%20Sub%20Int%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Sub%20Intermediate%20Trusted%20Certificate%200001;type=cert. 382s [p11_child[2327]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 382s [p11_child[2327]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 382s [p11_child[2327]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 382s [p11_child[2327]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 382s [p11_child[2327]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 382s [p11_child[2327]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 382s [p11_child[2327]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 382s [p11_child[2327]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 382s [p11_child[2327]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 382s [p11_child[2327]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 382s [p11_child[2327]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 382s [p11_child[2327]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 382s [p11_child[2327]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 382s [p11_child[2327]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 382s [p11_child[2327]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 382s [p11_child[2327]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 382s [p11_child[2327]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 382s [p11_child[2327]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 382s [p11_child[2327]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 382s [p11_child[2327]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 382s [p11_child[2327]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 382s [p11_child[2327]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 382s [p11_child[2327]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 382s [p11_child[2327]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 382s [p11_child[2327]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 382s [p11_child[2327]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 382s [p11_child[2327]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 382s [p11_child[2327]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 382s [p11_child[2327]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 382s [p11_child[2327]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 382s [p11_child[2327]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 382s [p11_child[2327]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 382s [p11_child[2327]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 382s [p11_child[2327]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 382s [p11_child[2327]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 382s [p11_child[2327]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 382s [p11_child[2327]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 382s [p11_child[2327]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 382s [p11_child[2327]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 382s [p11_child[2327]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 382s [p11_child[2327]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 382s [p11_child[2327]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 382s [p11_child[2327]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 382s [p11_child[2327]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 382s [p11_child[2327]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 382s [p11_child[2327]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 382s [p11_child[2327]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 382s [p11_child[2327]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 382s [p11_child[2327]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 382s [p11_child[2327]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 382s [p11_child[2327]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 382s [p11_child[2327]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 382s [p11_child[2327]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 382s [p11_child[2327]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 382s [p11_child[2327]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 382s [p11_child[2327]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 382s [p11_child[2327]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 382s [p11_child[2327]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 382s [p11_child[2327]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 382s [p11_child[2327]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 382s [p11_child[2327]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 382s [p11_child[2327]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 382s [p11_child[2327]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 382s [p11_child[2327]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 382s [p11_child[2327]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 382s Certificate: 382s Data: 382s Version: 3 (0x2) 382s Serial Number: 5 (0x5) 382s Signature Algorithm: sha256WithRSAEncryption 382s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate CA 382s Validity 382s Not Before: Mar 21 03:53:17 2024 GMT 382s Not After : Mar 21 03:53:17 2025 GMT 382s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate Trusted Certificate 0001 382s Subject Public Key Info: 382s Public Key Algorithm: rsaEncryption 382s Public-Key: (1024 bit) 382s Modulus: 382s 00:de:3d:d0:b8:f7:ef:28:0d:18:41:cd:9e:03:87: 382s e0:76:ed:48:91:ac:99:f8:1d:43:98:e0:c3:2f:d5: 382s d2:a7:f0:86:55:a0:64:37:43:3c:70:e1:35:4d:85: 382s 9d:87:6b:da:81:da:fb:54:41:c8:bb:53:51:28:d3: 382s 00:91:f6:81:6e:26:13:c2:a9:41:96:23:f9:39:90: 382s 36:9f:37:69:0c:cf:d4:24:52:04:be:93:94:19:22: 382s f8:c4:dd:64:b0:af:b9:74:3b:8d:18:74:9d:c7:fb: 382s 53:c5:8d:1b:b8:79:90:06:f6:c5:2c:19:7e:9c:1f: 382s 56:cc:64:a2:a5:70:d5:4b:b5 382s Exponent: 65537 (0x10001) 382s X509v3 extensions: 382s X509v3 Authority Key Identifier: 382s 4B:0B:B2:10:B8:D4:0F:4D:3C:47:00:3C:7F:66:8F:DF:C4:42:3F:FA 382s X509v3 Basic Constraints: 382s CA:FALSE 382s Netscape Cert Type: 382s SSL Client, S/MIME 382s Netscape Comment: 382s Test Organization Sub Intermediate CA trusted Certificate 382s X509v3 Subject Key Identifier: 382s 31:B6:6F:93:11:13:8F:85:38:EB:0D:84:76:41:44:F6:11:8F:8E:FC 382s X509v3 Key Usage: critical 382s Digital Signature, Non Repudiation, Key Encipherment 382s X509v3 Extended Key Usage: 382s TLS Web Client Authentication, E-mail Protection 382s X509v3 Subject Alternative Name: 382s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 382s Signature Algorithm: sha256WithRSAEncryption 382s Signature Value: 382s 20:53:08:90:58:08:ae:2f:6a:d9:b7:75:29:d1:e3:d0:4f:f8: 382s 5b:49:ae:90:14:18:93:f0:9c:1c:5d:8e:31:91:8a:63:3d:2c: 382s 40:71:e0:b7:75:4a:c5:b0:8e:b6:b2:d4:b8:c3:6a:9b:8c:06: 382s f7:7c:ee:6a:0a:80:a5:43:ab:b3:4d:3a:c9:11:6c:9c:7e:92: 382s dd:77:ec:50:99:1c:6e:b1:3b:17:08:a6:e2:77:ff:12:d0:46: 382s d5:97:b0:3a:d5:49:f4:c6:0d:6a:fa:b7:14:93:65:41:20:1b: 382s 03:16:07:b2:bd:32:44:62:fd:11:6c:98:38:6c:26:a5:ef:4b: 382s 83:8c 382s [p11_child[2327]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 382s [p11_child[2327]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 382s [p11_child[2327]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 382s [p11_child[2327]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 382s [p11_child[2327]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 382s [p11_child[2327]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 382s [p11_child[2327]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 382s [p11_child[2327]] [do_card] (0x4000): Certificate verified and validated. 382s [p11_child[2327]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 382s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-F2KOnK/SSSD-child-23229-auth.output 382s + echo '-----BEGIN CERTIFICATE-----' 382s + tail -n1 /tmp/sssd-softhsm2-F2KOnK/SSSD-child-23229-auth.output 382s + echo '-----END CERTIFICATE-----' 382s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-F2KOnK/SSSD-child-23229-auth.pem 382s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-F2KOnK/SSSD-child-23229-auth.pem 382s + found_md5=Modulus=DE3DD0B8F7EF280D1841CD9E0387E076ED4891AC99F81D4398E0C32FD5D2A7F08655A06437433C70E1354D859D876BDA81DAFB5441C8BB535128D30091F6816E2613C2A9419623F93990369F37690CCFD4245204BE93941922F8C4DD64B0AFB9743B8D18749DC7FB53C58D1BB8799006F6C52C197E9C1F56CC64A2A570D54BB5 382s + '[' Modulus=DE3DD0B8F7EF280D1841CD9E0387E076ED4891AC99F81D4398E0C32FD5D2A7F08655A06437433C70E1354D859D876BDA81DAFB5441C8BB535128D30091F6816E2613C2A9419623F93990369F37690CCFD4245204BE93941922F8C4DD64B0AFB9743B8D18749DC7FB53C58D1BB8799006F6C52C197E9C1F56CC64A2A570D54BB5 '!=' Modulus=DE3DD0B8F7EF280D1841CD9E0387E076ED4891AC99F81D4398E0C32FD5D2A7F08655A06437433C70E1354D859D876BDA81DAFB5441C8BB535128D30091F6816E2613C2A9419623F93990369F37690CCFD4245204BE93941922F8C4DD64B0AFB9743B8D18749DC7FB53C58D1BB8799006F6C52C197E9C1F56CC64A2A570D54BB5 ']' 382s + valid_certificate /tmp/sssd-softhsm2-F2KOnK/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-24303 /tmp/sssd-softhsm2-F2KOnK/test-intermediate-sub-chain-CA.pem partial_chain 382s + check_certificate /tmp/sssd-softhsm2-F2KOnK/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-24303 /tmp/sssd-softhsm2-F2KOnK/test-intermediate-sub-chain-CA.pem partial_chain 382s + local certificate=/tmp/sssd-softhsm2-F2KOnK/test-sub-intermediate-CA-trusted-certificate-0001.pem 382s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-24303 382s + local key_ring=/tmp/sssd-softhsm2-F2KOnK/test-intermediate-sub-chain-CA.pem 382s + local verify_option=partial_chain 382s + prepare_softhsm2_card /tmp/sssd-softhsm2-F2KOnK/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-24303 382s + local certificate=/tmp/sssd-softhsm2-F2KOnK/test-sub-intermediate-CA-trusted-certificate-0001.pem 382s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-24303 382s + local key_cn 382s + local key_name 382s + local tokens_dir 382s + local output_cert_file 382s + token_name= 382s ++ basename /tmp/sssd-softhsm2-F2KOnK/test-sub-intermediate-CA-trusted-certificate-0001.pem .pem 382s + key_name=test-sub-intermediate-CA-trusted-certificate-0001 382s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-F2KOnK/test-sub-intermediate-CA-trusted-certificate-0001.pem 382s ++ sed -n 's/ *commonName *= //p' 382s + key_cn='Test Organization Sub Intermediate Trusted Certificate 0001' 382s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 382s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-F2KOnK/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 382s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-F2KOnK/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 382s ++ basename /tmp/sssd-softhsm2-F2KOnK/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf .conf 382s + tokens_dir=/tmp/sssd-softhsm2-F2KOnK/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 382s + token_name='Test Organization Sub Int Token' 382s + '[' '!' -e /tmp/sssd-softhsm2-F2KOnK/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf ']' 382s + '[' '!' -d /tmp/sssd-softhsm2-F2KOnK/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 ']' 382s + echo 'Test Organization Sub Int Token' 382s + '[' -n partial_chain ']' 382s + local verify_arg=--verify=partial_chain 382s + local output_base_name=SSSD-child-24753 382s + local output_file=/tmp/sssd-softhsm2-F2KOnK/SSSD-child-24753.output 382s + output_cert_file=/tmp/sssd-softhsm2-F2KOnK/SSSD-child-24753.pem 382s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so --verify=partial_chain --ca_db=/tmp/sssd-softhsm2-F2KOnK/test-intermediate-sub-chain-CA.pem 382s Test Organization Sub Int Token 382s [p11_child[2337]] [main] (0x0400): p11_child started. 382s [p11_child[2337]] [main] (0x2000): Running in [pre-auth] mode. 382s [p11_child[2337]] [main] (0x2000): Running with effective IDs: [0][0]. 382s [p11_child[2337]] [main] (0x2000): Running with real IDs [0][0]. 382s [p11_child[2337]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 382s [p11_child[2337]] [do_card] (0x4000): Module List: 382s [p11_child[2337]] [do_card] (0x4000): common name: [softhsm2]. 382s [p11_child[2337]] [do_card] (0x4000): dll name: [/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 382s [p11_child[2337]] [do_card] (0x4000): Description [SoftHSM slot ID 0x2f8221c6] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 382s [p11_child[2337]] [do_card] (0x4000): Token label [Test Organization Sub Int Token]. 382s [p11_child[2337]] [do_card] (0x4000): Found [Test Organization Sub Int Token] in slot [SoftHSM slot ID 0x2f8221c6][797057478] of module [0][/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 382s [p11_child[2337]] [do_card] (0x4000): Login NOT required. 382s [p11_child[2337]] [read_certs] (0x4000): found cert[Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] 382s [p11_child[2337]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 382s [p11_child[2337]] [do_card] (0x4000): /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so (null) Test Organization Sub Int Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 382s [p11_child[2337]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x2f8221c6;slot-manufacturer=SoftHSM%20project;slot-id=797057478;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=6f9b4c782f8221c6;token=Test%20Organization%20Sub%20Int%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Sub%20Intermediate%20Trusted%20Certificate%200001;type=cert. 382s [p11_child[2337]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 382s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-F2KOnK/SSSD-child-24753.output 382s + echo '-----BEGIN CERTIFICATE-----' 382s + tail -n1 /tmp/sssd-softhsm2-F2KOnK/SSSD-child-24753.output 382s + echo '-----END CERTIFICATE-----' 382s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-F2KOnK/SSSD-child-24753.pem 382s Certificate: 382s Data: 382s Version: 3 (0x2) 382s Serial Number: 5 (0x5) 382s Signature Algorithm: sha256WithRSAEncryption 382s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate CA 382s Validity 382s Not Before: Mar 21 03:53:17 2024 GMT 382s Not After : Mar 21 03:53:17 2025 GMT 382s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate Trusted Certificate 0001 382s Subject Public Key Info: 382s Public Key Algorithm: rsaEncryption 382s Public-Key: (1024 bit) 382s Modulus: 382s 00:de:3d:d0:b8:f7:ef:28:0d:18:41:cd:9e:03:87: 382s e0:76:ed:48:91:ac:99:f8:1d:43:98:e0:c3:2f:d5: 382s d2:a7:f0:86:55:a0:64:37:43:3c:70:e1:35:4d:85: 382s 9d:87:6b:da:81:da:fb:54:41:c8:bb:53:51:28:d3: 382s 00:91:f6:81:6e:26:13:c2:a9:41:96:23:f9:39:90: 382s 36:9f:37:69:0c:cf:d4:24:52:04:be:93:94:19:22: 382s f8:c4:dd:64:b0:af:b9:74:3b:8d:18:74:9d:c7:fb: 382s 53:c5:8d:1b:b8:79:90:06:f6:c5:2c:19:7e:9c:1f: 382s 56:cc:64:a2:a5:70:d5:4b:b5 382s Exponent: 65537 (0x10001) 382s X509v3 extensions: 382s X509v3 Authority Key Identifier: 382s 4B:0B:B2:10:B8:D4:0F:4D:3C:47:00:3C:7F:66:8F:DF:C4:42:3F:FA 382s X509v3 Basic Constraints: 382s CA:FALSE 382s Netscape Cert Type: 382s SSL Client, S/MIME 382s Netscape Comment: 382s Test Organization Sub Intermediate CA trusted Certificate 382s X509v3 Subject Key Identifier: 382s 31:B6:6F:93:11:13:8F:85:38:EB:0D:84:76:41:44:F6:11:8F:8E:FC 382s X509v3 Key Usage: critical 382s Digital Signature, Non Repudiation, Key Encipherment 382s X509v3 Extended Key Usage: 382s TLS Web Client Authentication, E-mail Protection 382s X509v3 Subject Alternative Name: 382s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 382s Signature Algorithm: sha256WithRSAEncryption 382s Signature Value: 382s 20:53:08:90:58:08:ae:2f:6a:d9:b7:75:29:d1:e3:d0:4f:f8: 382s 5b:49:ae:90:14:18:93:f0:9c:1c:5d:8e:31:91:8a:63:3d:2c: 382s 40:71:e0:b7:75:4a:c5:b0:8e:b6:b2:d4:b8:c3:6a:9b:8c:06: 382s f7:7c:ee:6a:0a:80:a5:43:ab:b3:4d:3a:c9:11:6c:9c:7e:92: 382s dd:77:ec:50:99:1c:6e:b1:3b:17:08:a6:e2:77:ff:12:d0:46: 382s d5:97:b0:3a:d5:49:f4:c6:0d:6a:fa:b7:14:93:65:41:20:1b: 382s 03:16:07:b2:bd:32:44:62:fd:11:6c:98:38:6c:26:a5:ef:4b: 382s 83:8c 382s + local found_md5 expected_md5 382s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-F2KOnK/test-sub-intermediate-CA-trusted-certificate-0001.pem 382s + expected_md5=Modulus=DE3DD0B8F7EF280D1841CD9E0387E076ED4891AC99F81D4398E0C32FD5D2A7F08655A06437433C70E1354D859D876BDA81DAFB5441C8BB535128D30091F6816E2613C2A9419623F93990369F37690CCFD4245204BE93941922F8C4DD64B0AFB9743B8D18749DC7FB53C58D1BB8799006F6C52C197E9C1F56CC64A2A570D54BB5 382s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-F2KOnK/SSSD-child-24753.pem 382s + found_md5=Modulus=DE3DD0B8F7EF280D1841CD9E0387E076ED4891AC99F81D4398E0C32FD5D2A7F08655A06437433C70E1354D859D876BDA81DAFB5441C8BB535128D30091F6816E2613C2A9419623F93990369F37690CCFD4245204BE93941922F8C4DD64B0AFB9743B8D18749DC7FB53C58D1BB8799006F6C52C197E9C1F56CC64A2A570D54BB5 382s + '[' Modulus=DE3DD0B8F7EF280D1841CD9E0387E076ED4891AC99F81D4398E0C32FD5D2A7F08655A06437433C70E1354D859D876BDA81DAFB5441C8BB535128D30091F6816E2613C2A9419623F93990369F37690CCFD4245204BE93941922F8C4DD64B0AFB9743B8D18749DC7FB53C58D1BB8799006F6C52C197E9C1F56CC64A2A570D54BB5 '!=' Modulus=DE3DD0B8F7EF280D1841CD9E0387E076ED4891AC99F81D4398E0C32FD5D2A7F08655A06437433C70E1354D859D876BDA81DAFB5441C8BB535128D30091F6816E2613C2A9419623F93990369F37690CCFD4245204BE93941922F8C4DD64B0AFB9743B8D18749DC7FB53C58D1BB8799006F6C52C197E9C1F56CC64A2A570D54BB5 ']' 382s + output_file=/tmp/sssd-softhsm2-F2KOnK/SSSD-child-24753-auth.output 382s ++ basename /tmp/sssd-softhsm2-F2KOnK/SSSD-child-24753-auth.output .output 382s + output_cert_file=/tmp/sssd-softhsm2-F2KOnK/SSSD-child-24753-auth.pem 382s + echo -n 053350 382s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/tmp/sssd-softhsm2-F2KOnK/test-intermediate-sub-chain-CA.pem --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 --verify=partial_chain --token_name 'Test Organization Sub Int Token' --module_name /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so 382s [p11_child[2345]] [main] (0x0400): p11_child started. 382s [p11_child[2345]] [main] (0x2000): Running in [auth] mode. 382s [p11_child[2345]] [main] (0x2000): Running with effective IDs: [0][0]. 382s [p11_child[2345]] [main] (0x2000): Running with real IDs [0][0]. 382s [p11_child[2345]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 382s [p11_child[2345]] [do_card] (0x4000): Module List: 382s [p11_child[2345]] [do_card] (0x4000): common name: [softhsm2]. 382s [p11_child[2345]] [do_card] (0x4000): dll name: [/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 382s [p11_child[2345]] [do_card] (0x4000): Description [SoftHSM slot ID 0x2f8221c6] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 382s [p11_child[2345]] [do_card] (0x4000): Token label [Test Organization Sub Int Token]. 382s [p11_child[2345]] [do_card] (0x4000): Found [Test Organization Sub Int Token] in slot [SoftHSM slot ID 0x2f8221c6][797057478] of module [0][/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 382s [p11_child[2345]] [do_card] (0x4000): Login required. 382s [p11_child[2345]] [read_certs] (0x4000): found cert[Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] 382s [p11_child[2345]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 382s [p11_child[2345]] [do_card] (0x4000): /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so Test Organization Sub Int Token Test Organization Sub Int Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 382s [p11_child[2345]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x2f8221c6;slot-manufacturer=SoftHSM%20project;slot-id=797057478;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=6f9b4c782f8221c6;token=Test%20Organization%20Sub%20Int%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Sub%20Intermediate%20Trusted%20Certificate%200001;type=cert. 382s [p11_child[2345]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 382s [p11_child[2345]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 382s [p11_child[2345]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 382s [p11_child[2345]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 382s [p11_child[2345]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 382s [p11_child[2345]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 382s [p11_child[2345]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 382s [p11_child[2345]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 382s [p11_child[2345]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 382s [p11_child[2345]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 382s [p11_child[2345]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 382s [p11_child[2345]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 382s [p11_child[2345]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 382s [p11_child[2345]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 382s [p11_child[2345]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 382s [p11_child[2345]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 382s [p11_child[2345]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 382s [p11_child[2345]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 382s [p11_child[2345]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 382s [p11_child[2345]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 382s [p11_child[2345]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 382s [p11_child[2345]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 382s [p11_child[2345]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 382s [p11_child[2345]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 382s [p11_child[2345]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 382s [p11_child[2345]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 382s [p11_child[2345]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 382s [p11_child[2345]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 382s [p11_child[2345]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 382s [p11_child[2345]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 382s [p11_child[2345]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 382s [p11_child[2345]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 382s [p11_child[2345]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 382s [p11_child[2345]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 382s [p11_child[2345]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 382s [p11_child[2345]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 382s [p11_child[2345]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 382s [p11_child[2345]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 382s [p11_child[2345]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 382s [p11_child[2345]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 382s [p11_child[2345]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 382s [p11_child[2345]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 382s [p11_child[2345]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 382s [p11_child[2345]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 382s [p11_child[2345]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 382s [p11_child[2345]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 382s [p11_child[2345]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 382s [p11_child[2345]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 382s [p11_child[2345]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 382s [p11_child[2345]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 382s [p11_child[2345]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 382s [p11_child[2345]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 382s [p11_child[2345]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 382s [p11_child[2345]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 382s [p11_child[2345]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 382s [p11_child[2345]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 382s [p11_child[2345]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 382s [p11_child[2345]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 382s [p11_child[2345]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 382s [p11_child[2345]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 382s [p11_child[2345]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 382s [p11_child[2345]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 382s [p11_child[2345]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 382s [p11_child[2345]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 382s [p11_child[2345]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 382s [p11_child[2345]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 382s [p11_child[2345]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 382s [p11_child[2345]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 382s [p11_child[2345]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 382s [p11_child[2345]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 382s [p11_child[2345]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 382s [p11_child[2345]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 382s [p11_child[2345]] [do_card] (0x4000): Certificate verified and validated. 382s [p11_child[2345]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 382s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-F2KOnK/SSSD-child-24753-auth.output 382s + echo '-----BEGIN CERTIFICATE-----' 382s + tail -n1 /tmp/sssd-softhsm2-F2KOnK/SSSD-child-24753-auth.output 382s + echo '-----END CERTIFICATE-----' 382s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-F2KOnK/SSSD-child-24753-auth.pem 382s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-F2KOnK/SSSD-child-24753-auth.pem 382s + found_md5=Modulus=DE3DD0B8F7EF280D1841CD9E0387E076ED4891AC99F81D4398E0C32FD5D2A7F08655A06437433C70E1354D859D876BDA81DAFB5441C8BB535128D30091F6816E2613C2A9419623F93990369F37690CCFD4245204BE93941922F8C4DD64B0AFB9743B8D18749DC7FB53C58D1BB8799006F6C52C197E9C1F56CC64A2A570D54BB5 382s + '[' Modulus=DE3DD0B8F7EF280D1841CD9E0387E076ED4891AC99F81D4398E0C32FD5D2A7F08655A06437433C70E1354D859D876BDA81DAFB5441C8BB535128D30091F6816E2613C2A9419623F93990369F37690CCFD4245204BE93941922F8C4DD64B0AFB9743B8D18749DC7FB53C58D1BB8799006F6C52C197E9C1F56CC64A2A570D54BB5 '!=' Modulus=DE3DD0B8F7EF280D1841CD9E0387E076ED4891AC99F81D4398E0C32FD5D2A7F08655A06437433C70E1354D859D876BDA81DAFB5441C8BB535128D30091F6816E2613C2A9419623F93990369F37690CCFD4245204BE93941922F8C4DD64B0AFB9743B8D18749DC7FB53C58D1BB8799006F6C52C197E9C1F56CC64A2A570D54BB5 ']' 382s + set +x 382s Certificate: 382s Data: 382s Version: 3 (0x2) 382s Serial Number: 5 (0x5) 382s Signature Algorithm: sha256WithRSAEncryption 382s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate CA 382s Validity 382s Not Before: Mar 21 03:53:17 2024 GMT 382s Not After : Mar 21 03:53:17 2025 GMT 382s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate Trusted Certificate 0001 382s Subject Public Key Info: 382s Public Key Algorithm: rsaEncryption 382s Public-Key: (1024 bit) 382s Modulus: 382s 00:de:3d:d0:b8:f7:ef:28:0d:18:41:cd:9e:03:87: 382s e0:76:ed:48:91:ac:99:f8:1d:43:98:e0:c3:2f:d5: 382s d2:a7:f0:86:55:a0:64:37:43:3c:70:e1:35:4d:85: 382s 9d:87:6b:da:81:da:fb:54:41:c8:bb:53:51:28:d3: 382s 00:91:f6:81:6e:26:13:c2:a9:41:96:23:f9:39:90: 382s 36:9f:37:69:0c:cf:d4:24:52:04:be:93:94:19:22: 382s f8:c4:dd:64:b0:af:b9:74:3b:8d:18:74:9d:c7:fb: 382s 53:c5:8d:1b:b8:79:90:06:f6:c5:2c:19:7e:9c:1f: 382s 56:cc:64:a2:a5:70:d5:4b:b5 382s Exponent: 65537 (0x10001) 382s X509v3 extensions: 382s X509v3 Authority Key Identifier: 382s 4B:0B:B2:10:B8:D4:0F:4D:3C:47:00:3C:7F:66:8F:DF:C4:42:3F:FA 382s X509v3 Basic Constraints: 382s CA:FALSE 382s Netscape Cert Type: 382s SSL Client, S/MIME 382s Netscape Comment: 382s Test Organization Sub Intermediate CA trusted Certificate 382s X509v3 Subject Key Identifier: 382s 31:B6:6F:93:11:13:8F:85:38:EB:0D:84:76:41:44:F6:11:8F:8E:FC 382s X509v3 Key Usage: critical 382s Digital Signature, Non Repudiation, Key Encipherment 382s X509v3 Extended Key Usage: 382s TLS Web Client Authentication, E-mail Protection 382s X509v3 Subject Alternative Name: 382s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 382s Signature Algorithm: sha256WithRSAEncryption 382s Signature Value: 382s 20:53:08:90:58:08:ae:2f:6a:d9:b7:75:29:d1:e3:d0:4f:f8: 382s 5b:49:ae:90:14:18:93:f0:9c:1c:5d:8e:31:91:8a:63:3d:2c: 382s 40:71:e0:b7:75:4a:c5:b0:8e:b6:b2:d4:b8:c3:6a:9b:8c:06: 382s f7:7c:ee:6a:0a:80:a5:43:ab:b3:4d:3a:c9:11:6c:9c:7e:92: 382s dd:77:ec:50:99:1c:6e:b1:3b:17:08:a6:e2:77:ff:12:d0:46: 382s d5:97:b0:3a:d5:49:f4:c6:0d:6a:fa:b7:14:93:65:41:20:1b: 382s 03:16:07:b2:bd:32:44:62:fd:11:6c:98:38:6c:26:a5:ef:4b: 382s 83:8c 382s 382s Test completed, Root CA and intermediate issued certificates verified! 382s autopkgtest [03:53:21]: test sssd-softhism2-certificates-tests.sh: -----------------------] 383s autopkgtest [03:53:22]: test sssd-softhism2-certificates-tests.sh: - - - - - - - - - - results - - - - - - - - - - 383s sssd-softhism2-certificates-tests.sh PASS 384s autopkgtest [03:53:23]: test sssd-smart-card-pam-auth-configs: preparing testbed 386s Reading package lists... 386s Building dependency tree... 386s Reading state information... 386s Starting pkgProblemResolver with broken count: 0 386s Starting 2 pkgProblemResolver with broken count: 0 386s Done 386s The following additional packages will be installed: 386s pamtester 386s The following NEW packages will be installed: 386s autopkgtest-satdep pamtester 386s 0 upgraded, 2 newly installed, 0 to remove and 0 not upgraded. 386s Need to get 12.2 kB/13.0 kB of archives. 386s After this operation, 36.9 kB of additional disk space will be used. 386s Get:1 /tmp/autopkgtest.4w16Y5/4-autopkgtest-satdep.deb autopkgtest-satdep s390x 0 [760 B] 387s Get:2 http://ftpmaster.internal/ubuntu noble/universe s390x pamtester s390x 0.1.2-4 [12.2 kB] 387s Fetched 12.2 kB in 0s (80.6 kB/s) 387s Selecting previously unselected package pamtester. 387s (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 52325 files and directories currently installed.) 387s Preparing to unpack .../pamtester_0.1.2-4_s390x.deb ... 387s Unpacking pamtester (0.1.2-4) ... 387s Selecting previously unselected package autopkgtest-satdep. 387s Preparing to unpack .../4-autopkgtest-satdep.deb ... 387s Unpacking autopkgtest-satdep (0) ... 387s Setting up pamtester (0.1.2-4) ... 387s Setting up autopkgtest-satdep (0) ... 387s Processing triggers for man-db (2.12.0-3) ... 389s (Reading database ... 52331 files and directories currently installed.) 389s Removing autopkgtest-satdep (0) ... 390s autopkgtest [03:53:29]: test sssd-smart-card-pam-auth-configs: env OFFLINE_MODE=1 bash debian/tests/sssd-smart-card-pam-auth-configs-tester.sh 390s autopkgtest [03:53:29]: test sssd-smart-card-pam-auth-configs: [----------------------- 390s + '[' -z ubuntu ']' 390s + export DEBIAN_FRONTEND=noninteractive 390s + DEBIAN_FRONTEND=noninteractive 390s + required_tools=(pamtester softhsm2-util sssd) 390s + [[ ! -v OFFLINE_MODE ]] 390s + for cmd in "${required_tools[@]}" 390s + command -v pamtester 390s + for cmd in "${required_tools[@]}" 390s + command -v softhsm2-util 390s + for cmd in "${required_tools[@]}" 390s + command -v sssd 390s + PIN=123456 390s ++ mktemp -d -t sssd-softhsm2-certs-XXXXXX 390s + tmpdir=/tmp/sssd-softhsm2-certs-CVA6Pg 390s + backupsdir= 390s + alternative_pam_configs=(sss-smart-card-optional sss-smart-card-required) 390s + declare -a restore_paths 390s + declare -a delete_paths 390s + trap handle_exit EXIT 390s ++ dirname debian/tests/sssd-smart-card-pam-auth-configs-tester.sh 390s + tester=debian/tests/sssd-softhism2-certificates-tests.sh 390s + '[' '!' -e debian/tests/sssd-softhism2-certificates-tests.sh ']' 390s + '[' '!' -e debian/tests/sssd-softhism2-certificates-tests.sh ']' 390s + export PIN TEST_TMPDIR=/tmp/sssd-softhsm2-certs-CVA6Pg GENERATE_SMART_CARDS=1 KEEP_TEMPORARY_FILES=1 NO_SSSD_TESTS=1 390s + TEST_TMPDIR=/tmp/sssd-softhsm2-certs-CVA6Pg 390s + GENERATE_SMART_CARDS=1 390s + KEEP_TEMPORARY_FILES=1 390s + NO_SSSD_TESTS=1 390s + bash debian/tests/sssd-softhism2-certificates-tests.sh 390s + '[' -z ubuntu ']' 390s + required_tools=(p11tool openssl softhsm2-util) 390s + for cmd in "${required_tools[@]}" 390s + command -v p11tool 390s + for cmd in "${required_tools[@]}" 390s + command -v openssl 390s + for cmd in "${required_tools[@]}" 390s + command -v softhsm2-util 390s + PIN=123456 390s +++ find /usr/lib/softhsm/libsofthsm2.so 390s +++ head -n 1 390s ++ realpath /usr/lib/softhsm/libsofthsm2.so 390s + SOFTHSM2_MODULE=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so 390s + SSSD_P11_CHILD=/usr/libexec/sssd/p11_child 390s + TOKEN_ID=00112233445566778899FFAABBCCDDEEFF012345 390s + '[' '!' -v NO_SSSD_TESTS ']' 390s + '[' '!' -e /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so ']' 390s + tmpdir=/tmp/sssd-softhsm2-certs-CVA6Pg 390s + keys_size=1024 390s + [[ ! -v KEEP_TEMPORARY_FILES ]] 390s + trap 'set +x; echo -e "\nUnexpected failure!!!"' ERR 390s + echo -n 01 390s + touch /tmp/sssd-softhsm2-certs-CVA6Pg/index.txt 390s + mkdir -p /tmp/sssd-softhsm2-certs-CVA6Pg/new_certs 390s + cat 390s + root_ca_key_pass=pass:random-root-CA-password-30149 390s + openssl genrsa -aes256 -out /tmp/sssd-softhsm2-certs-CVA6Pg/test-root-CA-key.pem -passout pass:random-root-CA-password-30149 1024 390s + openssl req -passin pass:random-root-CA-password-30149 -batch -config /tmp/sssd-softhsm2-certs-CVA6Pg/test-root-CA.config -x509 -new -nodes -key /tmp/sssd-softhsm2-certs-CVA6Pg/test-root-CA-key.pem -sha256 -days 1024 -set_serial 0 -extensions v3_ca -out /tmp/sssd-softhsm2-certs-CVA6Pg/test-root-CA.pem 390s + openssl x509 -noout -in /tmp/sssd-softhsm2-certs-CVA6Pg/test-root-CA.pem 390s + cat 390s + intermediate_ca_key_pass=pass:random-intermediate-CA-password-15791 390s + openssl genrsa -aes256 -out /tmp/sssd-softhsm2-certs-CVA6Pg/test-intermediate-CA-key.pem -passout pass:random-intermediate-CA-password-15791 1024 390s + openssl req -batch -new -nodes -passin pass:random-intermediate-CA-password-15791 -config /tmp/sssd-softhsm2-certs-CVA6Pg/test-intermediate-CA.config -key /tmp/sssd-softhsm2-certs-CVA6Pg/test-intermediate-CA-key.pem -passout pass:random-root-CA-password-30149 -sha256 -extensions v3_ca -out /tmp/sssd-softhsm2-certs-CVA6Pg/test-intermediate-CA-certificate-request.pem 390s + openssl req -text -noout -in /tmp/sssd-softhsm2-certs-CVA6Pg/test-intermediate-CA-certificate-request.pem 390s Certificate Request: 390s Data: 390s Version: 1 (0x0) 390s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate CA 390s Subject Public Key Info: 390s Public Key Algorithm: rsaEncryption 390s Public-Key: (1024 bit) 390s Modulus: 390s 00:b8:cc:b6:12:69:6c:d1:df:df:7d:23:25:62:ee: 390s 39:f5:0f:a5:a3:76:2c:56:66:00:f5:95:e8:02:5a: 390s 3f:8d:aa:53:23:45:89:24:72:78:2f:0d:d3:22:d6: 390s eb:1e:86:16:29:e1:6e:d3:76:ab:6c:1a:13:b7:55: 390s 44:8d:a1:59:29:41:1b:cc:b0:03:88:28:18:c4:10: 390s 0d:35:2a:5e:ab:e3:96:8c:b1:4a:1a:45:f3:27:63: 390s 49:00:05:44:e8:2a:b5:9b:52:de:a2:8a:63:fb:d8: 390s ef:42:d4:a5:be:62:de:7c:de:d6:cc:20:3a:e4:aa: 390s e4:69:c9:34:47:4d:d4:d9:cd 390s Exponent: 65537 (0x10001) 390s Attributes: 390s (none) 390s Requested Extensions: 390s Signature Algorithm: sha256WithRSAEncryption 390s Signature Value: 390s 3b:f2:a7:c7:9e:41:91:55:a7:06:a8:8d:23:4e:81:88:c2:5f: 390s 9d:0f:88:c4:fe:93:35:76:a8:55:fd:c7:f2:49:a0:52:46:18: 390s f5:10:4e:0f:ec:99:91:fa:3c:83:5f:07:f1:66:7d:ff:f0:51: 390s 4b:6a:48:02:e2:dc:13:58:24:51:97:f1:00:aa:68:88:e9:23: 390s 0c:b6:5b:59:de:3a:c9:7f:b4:47:d4:29:31:1c:63:4f:d2:36: 390s 04:3b:18:37:90:00:82:60:bb:f1:02:be:3e:df:45:06:9d:98: 390s a4:56:cf:36:03:5f:6f:8d:83:2e:5c:64:b5:16:45:de:e6:f8: 390s eb:5e 390s + openssl ca -batch -notext -config /tmp/sssd-softhsm2-certs-CVA6Pg/test-root-CA.config -passin pass:random-root-CA-password-30149 -keyfile /tmp/sssd-softhsm2-certs-CVA6Pg/test-root-CA-key.pem -in /tmp/sssd-softhsm2-certs-CVA6Pg/test-intermediate-CA-certificate-request.pem -days 365 -extensions v3_intermediate_ca -out /tmp/sssd-softhsm2-certs-CVA6Pg/test-intermediate-CA.pem 390s Using configuration from /tmp/sssd-softhsm2-certs-CVA6Pg/test-root-CA.config 390s Check that the request matches the signature 390s Signature ok 390s Certificate Details: 390s Serial Number: 1 (0x1) 390s Validity 390s Not Before: Mar 21 03:53:29 2024 GMT 390s Not After : Mar 21 03:53:29 2025 GMT 390s Subject: 390s organizationName = Test Organization 390s organizationalUnitName = Test Organization Unit 390s commonName = Test Organization Intermediate CA 390s X509v3 extensions: 390s X509v3 Subject Key Identifier: 390s 32:3B:14:8C:0C:5A:6C:E7:BF:22:7C:4B:4D:C0:B0:C5:C7:60:4F:64 390s X509v3 Authority Key Identifier: 390s keyid:5B:4F:35:BD:80:AD:3D:D2:1F:A7:D4:CF:9E:80:EA:54:7C:3B:F4:A3 390s DirName:/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root CA 390s serial:00 390s X509v3 Basic Constraints: 390s CA:TRUE 390s X509v3 Key Usage: critical 390s Digital Signature, Certificate Sign, CRL Sign 390s Certificate is to be certified until Mar 21 03:53:29 2025 GMT (365 days) 390s 390s Write out database with 1 new entries 390s Database updated 390s + openssl x509 -noout -in /tmp/sssd-softhsm2-certs-CVA6Pg/test-intermediate-CA.pem 390s + openssl verify -CAfile /tmp/sssd-softhsm2-certs-CVA6Pg/test-root-CA.pem /tmp/sssd-softhsm2-certs-CVA6Pg/test-intermediate-CA.pem 390s /tmp/sssd-softhsm2-certs-CVA6Pg/test-intermediate-CA.pem: OK 390s + cat 390s + sub_intermediate_ca_key_pass=pass:random-sub-intermediate-CA-password-404 390s + openssl genrsa -aes256 -out /tmp/sssd-softhsm2-certs-CVA6Pg/test-sub-intermediate-CA-key.pem -passout pass:random-sub-intermediate-CA-password-404 1024 390s + openssl req -batch -new -nodes -passin pass:random-sub-intermediate-CA-password-404 -config /tmp/sssd-softhsm2-certs-CVA6Pg/test-sub-intermediate-CA.config -key /tmp/sssd-softhsm2-certs-CVA6Pg/test-sub-intermediate-CA-key.pem -passout pass:random-intermediate-CA-password-15791 -sha256 -extensions v3_ca -out /tmp/sssd-softhsm2-certs-CVA6Pg/test-sub-intermediate-CA-certificate-request.pem 390s + openssl req -text -noout -in /tmp/sssd-softhsm2-certs-CVA6Pg/test-sub-intermediate-CA-certificate-request.pem 390s Certificate Request: 390s Data: 390s Version: 1 (0x0) 390s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate CA 390s Subject Public Key Info: 390s Public Key Algorithm: rsaEncryption 390s Public-Key: (1024 bit) 390s Modulus: 390s 00:9a:f5:3d:ee:d9:07:95:de:c9:ed:c6:80:d1:5a: 390s 26:54:50:23:e7:24:95:21:e5:43:a7:ed:92:92:4c: 390s 5b:a9:2e:3a:2a:86:2b:82:63:68:19:4d:59:f8:ac: 390s 99:c4:c4:1c:6a:b8:01:f7:7d:3a:10:f8:cc:ee:47: 390s 3f:8b:8b:32:6a:4a:9c:0d:86:1b:03:02:a3:e8:31: 390s 14:62:cc:e3:9f:3b:05:4d:48:2d:31:2e:2e:22:5f: 390s a2:1e:13:54:e4:07:92:21:13:9d:52:4c:f8:85:ae: 390s 0d:41:f2:0e:b4:ff:1f:13:f8:ba:3f:72:27:49:32: 390s 50:19:54:ea:a6:44:11:a5:87 390s Exponent: 65537 (0x10001) 390s Attributes: 390s (none) 390s Requested Extensions: 390s Signature Algorithm: sha256WithRSAEncryption 390s Signature Value: 390s 66:44:20:51:84:0c:52:c7:46:6f:03:62:f2:fd:14:1c:86:be: 390s 11:65:f0:02:2d:70:c6:db:18:73:22:6c:79:c4:07:cd:1c:3b: 390s 74:12:d8:06:09:e6:c5:7a:92:7d:d4:c3:f5:fa:74:fe:b1:4a: 390s 29:52:b5:c5:7f:dd:28:4b:7d:7f:ed:21:0f:67:16:de:76:23: 390s a2:a1:7e:aa:ad:92:2f:46:26:fc:42:3c:ce:54:06:cd:46:93: 390s ee:6b:64:1e:e5:cd:59:97:be:8a:4d:78:aa:a4:54:32:f6:29: 390s ab:22:e7:84:57:14:da:03:4b:00:36:ba:82:2f:54:1c:75:a7: 390s 59:d8 390s + openssl ca -batch -notext -config /tmp/sssd-softhsm2-certs-CVA6Pg/test-intermediate-CA.config -passin pass:random-intermediate-CA-password-15791 -keyfile /tmp/sssd-softhsm2-certs-CVA6Pg/test-intermediate-CA-key.pem -in /tmp/sssd-softhsm2-certs-CVA6Pg/test-sub-intermediate-CA-certificate-request.pem -days 365 -extensions v3_intermediate_ca -out /tmp/sssd-softhsm2-certs-CVA6Pg/test-sub-intermediate-CA.pem 390s Using configuration from /tmp/sssd-softhsm2-certs-CVA6Pg/test-intermediate-CA.config 390s Check that the request matches the signature 390s Signature ok 390s Certificate Details: 390s Serial Number: 2 (0x2) 390s Validity 390s Not Before: Mar 21 03:53:29 2024 GMT 390s Not After : Mar 21 03:53:29 2025 GMT 390s Subject: 390s organizationName = Test Organization 390s organizationalUnitName = Test Organization Unit 390s commonName = Test Organization Sub Intermediate CA 390s X509v3 extensions: 390s X509v3 Subject Key Identifier: 390s A5:B8:43:99:BA:E8:C2:40:8A:31:97:52:17:72:70:12:61:FC:26:1D 390s X509v3 Authority Key Identifier: 390s keyid:32:3B:14:8C:0C:5A:6C:E7:BF:22:7C:4B:4D:C0:B0:C5:C7:60:4F:64 390s DirName:/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root CA 390s serial:01 390s X509v3 Basic Constraints: 390s CA:TRUE 390s X509v3 Key Usage: critical 390s Digital Signature, Certificate Sign, CRL Sign 390s Certificate is to be certified until Mar 21 03:53:29 2025 GMT (365 days) 390s 390s Write out database with 1 new entries 390s Database updated 390s + openssl x509 -noout -in /tmp/sssd-softhsm2-certs-CVA6Pg/test-sub-intermediate-CA.pem 391s + openssl verify -partial_chain -CAfile /tmp/sssd-softhsm2-certs-CVA6Pg/test-intermediate-CA.pem /tmp/sssd-softhsm2-certs-CVA6Pg/test-sub-intermediate-CA.pem 391s /tmp/sssd-softhsm2-certs-CVA6Pg/test-sub-intermediate-CA.pem: OK 391s + expect_fail openssl verify -CAfile /tmp/sssd-softhsm2-certs-CVA6Pg/test-root-CA.pem /tmp/sssd-softhsm2-certs-CVA6Pg/test-sub-intermediate-CA.pem 391s + local cmd=openssl 391s + shift 391s + openssl verify -CAfile /tmp/sssd-softhsm2-certs-CVA6Pg/test-root-CA.pem /tmp/sssd-softhsm2-certs-CVA6Pg/test-sub-intermediate-CA.pem 391s O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate CA 391s error 20 at 0 depth lookup: unable to get local issuer certificate 391s error /tmp/sssd-softhsm2-certs-CVA6Pg/test-sub-intermediate-CA.pem: verification failed 391s + cat 391s + root_ca_trusted_cert_0001_key_pass=pass:random-root-ca-trusted-cert-0001-25156 391s + openssl genrsa -aes256 -out /tmp/sssd-softhsm2-certs-CVA6Pg/test-root-CA-trusted-certificate-0001-key.pem -passout pass:random-root-ca-trusted-cert-0001-25156 1024 391s + openssl req -new -nodes -reqexts req_exts -passin pass:random-root-ca-trusted-cert-0001-25156 -key /tmp/sssd-softhsm2-certs-CVA6Pg/test-root-CA-trusted-certificate-0001-key.pem -config /tmp/sssd-softhsm2-certs-CVA6Pg/test-root-CA-trusted-certificate-0001.config -out /tmp/sssd-softhsm2-certs-CVA6Pg/test-root-CA-trusted-certificate-0001-request.pem 391s + openssl req -text -noout -in /tmp/sssd-softhsm2-certs-CVA6Pg/test-root-CA-trusted-certificate-0001-request.pem 391s Certificate Request: 391s Data: 391s Version: 1 (0x0) 391s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root Trusted Certificate 0001 391s Subject Public Key Info: 391s Public Key Algorithm: rsaEncryption 391s Public-Key: (1024 bit) 391s Modulus: 391s 00:c9:f2:68:74:26:27:05:4e:16:28:2c:26:f3:fd: 391s a0:d1:eb:e0:90:34:b1:19:cb:49:89:cd:72:78:fb: 391s cd:20:eb:74:ec:57:7b:3b:be:74:d0:4e:f6:df:02: 391s a0:0a:76:9b:82:9a:d1:5d:5f:59:56:c4:22:26:c8: 391s ff:7d:61:34:31:af:50:81:40:60:9b:1d:9a:43:95: 391s 42:b9:3f:1d:6c:21:59:f0:a7:80:69:d0:44:53:52: 391s 15:25:a8:b1:55:4d:ba:ef:48:e5:41:a6:12:cd:07: 391s 46:63:87:e9:4c:a7:77:15:e0:88:49:a7:3a:b5:f0: 391s e6:d4:72:04:cb:0c:04:2f:d3 391s Exponent: 65537 (0x10001) 391s Attributes: 391s Requested Extensions: 391s X509v3 Basic Constraints: 391s CA:FALSE 391s Netscape Cert Type: 391s SSL Client, S/MIME 391s Netscape Comment: 391s Test Organization Root CA trusted Certificate 391s X509v3 Subject Key Identifier: 391s 42:ED:8A:0B:61:A3:CA:44:5A:0F:00:79:B5:3E:C2:93:C8:12:7A:70 391s X509v3 Key Usage: critical 391s Digital Signature, Non Repudiation, Key Encipherment 391s X509v3 Extended Key Usage: 391s TLS Web Client Authentication, E-mail Protection 391s X509v3 Subject Alternative Name: 391s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 391s Signature Algorithm: sha256WithRSAEncryption 391s Signature Value: 391s 53:3c:0a:b3:83:22:fd:df:bc:09:41:0d:96:36:b7:e0:fe:23: 391s 16:e6:70:49:27:48:0b:6b:d9:e7:a0:98:ce:c2:31:57:8a:1b: 391s 02:d3:dc:58:17:b8:26:f5:91:7f:61:0a:4f:19:83:bc:1a:a6: 391s b7:8d:97:8c:35:1a:e8:9d:64:0b:bb:45:b0:32:b7:10:77:3e: 391s 94:46:24:12:03:39:f4:d5:31:e9:2c:af:70:5c:d0:54:c0:4a: 391s f6:31:88:ec:7e:26:ad:82:bb:5d:a4:d8:9e:82:05:22:d6:16: 391s 00:f5:bb:53:7a:d4:c3:60:44:2b:5a:ae:26:2f:f1:c3:8b:50: 391s fd:7f 391s + openssl ca -batch -notext -config /tmp/sssd-softhsm2-certs-CVA6Pg/test-root-CA.config -passin pass:random-root-CA-password-30149 -keyfile /tmp/sssd-softhsm2-certs-CVA6Pg/test-root-CA-key.pem -in /tmp/sssd-softhsm2-certs-CVA6Pg/test-root-CA-trusted-certificate-0001-request.pem -days 365 -extensions usr_cert -out /tmp/sssd-softhsm2-certs-CVA6Pg/test-root-CA-trusted-certificate-0001.pem 391s Using configuration from /tmp/sssd-softhsm2-certs-CVA6Pg/test-root-CA.config 391s Check that the request matches the signature 391s Signature ok 391s Certificate Details: 391s Serial Number: 3 (0x3) 391s Validity 391s Not Before: Mar 21 03:53:30 2024 GMT 391s Not After : Mar 21 03:53:30 2025 GMT 391s Subject: 391s organizationName = Test Organization 391s organizationalUnitName = Test Organization Unit 391s commonName = Test Organization Root Trusted Certificate 0001 391s X509v3 extensions: 391s X509v3 Authority Key Identifier: 391s 5B:4F:35:BD:80:AD:3D:D2:1F:A7:D4:CF:9E:80:EA:54:7C:3B:F4:A3 391s X509v3 Basic Constraints: 391s CA:FALSE 391s Netscape Cert Type: 391s SSL Client, S/MIME 391s Netscape Comment: 391s Test Organization Root CA trusted Certificate 391s X509v3 Subject Key Identifier: 391s 42:ED:8A:0B:61:A3:CA:44:5A:0F:00:79:B5:3E:C2:93:C8:12:7A:70 391s X509v3 Key Usage: critical 391s Digital Signature, Non Repudiation, Key Encipherment 391s X509v3 Extended Key Usage: 391s TLS Web Client Authentication, E-mail Protection 391s X509v3 Subject Alternative Name: 391s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 391s Certificate is to be certified until Mar 21 03:53:30 2025 GMT (365 days) 391s 391s Write out database with 1 new entries 391s Database updated 391s + openssl x509 -noout -in /tmp/sssd-softhsm2-certs-CVA6Pg/test-root-CA-trusted-certificate-0001.pem 391s + openssl verify -CAfile /tmp/sssd-softhsm2-certs-CVA6Pg/test-root-CA.pem /tmp/sssd-softhsm2-certs-CVA6Pg/test-root-CA-trusted-certificate-0001.pem 391s + expect_fail openssl verify -CAfile /tmp/sssd-softhsm2-certs-CVA6Pg/test-intermediate-CA.pem /tmp/sssd-softhsm2-certs-CVA6Pg/test-root-CA-trusted-certificate-0001.pem 391s + local cmd=openssl 391s + shift 391s + openssl verify -CAfile /tmp/sssd-softhsm2-certs-CVA6Pg/test-intermediate-CA.pem /tmp/sssd-softhsm2-certs-CVA6Pg/test-root-CA-trusted-certificate-0001.pem 391s /tmp/sssd-softhsm2-certs-CVA6Pg/test-root-CA-trusted-certificate-0001.pem: OK 391s O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root Trusted Certificate 0001 391s error 20 at 0 depth lookup: unable to get local issuer certificate 391s error /tmp/sssd-softhsm2-certs-CVA6Pg/test-root-CA-trusted-certificate-0001.pem: verification failed 391s + cat 391s + intermediate_ca_trusted_cert_0001_key_pass=pass:random-intermediate-ca-trusted-cert-0001-5950 391s + openssl genrsa -aes256 -out /tmp/sssd-softhsm2-certs-CVA6Pg/test-intermediate-CA-trusted-certificate-0001-key.pem -passout pass:random-intermediate-ca-trusted-cert-0001-5950 1024 391s + openssl req -new -nodes -reqexts req_exts -passin pass:random-intermediate-ca-trusted-cert-0001-5950 -key /tmp/sssd-softhsm2-certs-CVA6Pg/test-intermediate-CA-trusted-certificate-0001-key.pem -config /tmp/sssd-softhsm2-certs-CVA6Pg/test-intermediate-CA-trusted-certificate-0001.config -out /tmp/sssd-softhsm2-certs-CVA6Pg/test-intermediate-CA-trusted-certificate-0001-request.pem 391s + openssl req -text -noout -in /tmp/sssd-softhsm2-certs-CVA6Pg/test-intermediate-CA-trusted-certificate-0001-request.pem 391s Certificate Request: 391s Data: 391s Version: 1 (0x0) 391s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate Trusted Certificate 0001 391s Subject Public Key Info: 391s Public Key Algorithm: rsaEncryption 391s Public-Key: (1024 bit) 391s Modulus: 391s 00:b4:91:d2:a3:be:1e:f6:c2:6b:92:08:b3:8b:d8: 391s 6d:a5:e8:14:c0:e9:6b:1c:e7:07:c6:3b:e2:4b:40: 391s 77:e2:24:18:c6:34:1d:21:00:dc:7e:fb:b1:f8:f2: 391s ac:0c:1c:80:e9:78:ca:02:6c:aa:27:f4:cc:b8:60: 391s d1:c7:f8:55:b8:25:dd:6e:df:82:f0:d9:b0:3d:31: 391s 0e:1f:72:a2:9b:56:a9:81:51:03:ee:c4:50:9b:55: 391s 54:f4:d1:f7:c0:4b:72:bf:95:1a:7f:98:2c:ee:e8: 391s 27:70:94:43:ac:80:93:b9:67:97:23:bf:01:c3:1f: 391s 8e:e9:46:8d:8c:7c:0c:9c:71 391s Exponent: 65537 (0x10001) 391s Attributes: 391s Requested Extensions: 391s X509v3 Basic Constraints: 391s CA:FALSE 391s Netscape Cert Type: 391s SSL Client, S/MIME 391s Netscape Comment: 391s Test Organization Intermediate CA trusted Certificate 391s X509v3 Subject Key Identifier: 391s 4C:33:F1:C5:08:57:F5:B4:92:6C:64:B8:A7:7C:48:0A:B5:BC:AB:B2 391s X509v3 Key Usage: critical 391s Digital Signature, Non Repudiation, Key Encipherment 391s X509v3 Extended Key Usage: 391s TLS Web Client Authentication, E-mail Protection 391s X509v3 Subject Alternative Name: 391s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 391s Signature Algorithm: sha256WithRSAEncryption 391s Signature Value: 391s ad:c0:bb:b6:6c:bc:da:88:00:b5:63:40:ea:a0:5f:96:d0:1b: 391s 87:9f:1f:99:a3:6a:3e:20:a8:b5:14:e5:75:c3:4d:5f:04:05: 391s 20:8a:54:a7:a0:23:88:77:4b:33:cf:78:b2:8c:cf:a8:c3:1e: 391s e7:79:54:9f:c8:e0:9c:56:f5:1b:18:82:5b:b0:b3:1c:78:28: 391s 6f:84:27:d7:8c:10:5b:6f:1e:24:a4:96:30:32:33:df:1d:b4: 391s c6:8f:dd:64:4a:48:c4:ff:17:ea:cf:69:8a:78:e4:c7:01:3c: 391s 0a:da:ca:c9:f9:35:f6:44:bb:28:30:a9:e6:f7:af:13:95:e4: 391s 29:74 391s + openssl ca -passin pass:random-intermediate-CA-password-15791 -config /tmp/sssd-softhsm2-certs-CVA6Pg/test-intermediate-CA.config -batch -notext -keyfile /tmp/sssd-softhsm2-certs-CVA6Pg/test-intermediate-CA-key.pem -in /tmp/sssd-softhsm2-certs-CVA6Pg/test-intermediate-CA-trusted-certificate-0001-request.pem -days 365 -extensions usr_cert -out /tmp/sssd-softhsm2-certs-CVA6Pg/test-intermediate-CA-trusted-certificate-0001.pem 391s Using configuration from /tmp/sssd-softhsm2-certs-CVA6Pg/test-intermediate-CA.config 391s Check that the request matches the signature 391s Signature ok 391s Certificate Details: 391s Serial Number: 4 (0x4) 391s Validity 391s Not Before: Mar 21 03:53:30 2024 GMT 391s Not After : Mar 21 03:53:30 2025 GMT 391s Subject: 391s organizationName = Test Organization 391s organizationalUnitName = Test Organization Unit 391s commonName = Test Organization Intermediate Trusted Certificate 0001 391s X509v3 extensions: 391s X509v3 Authority Key Identifier: 391s 32:3B:14:8C:0C:5A:6C:E7:BF:22:7C:4B:4D:C0:B0:C5:C7:60:4F:64 391s X509v3 Basic Constraints: 391s CA:FALSE 391s Netscape Cert Type: 391s SSL Client, S/MIME 391s Netscape Comment: 391s Test Organization Intermediate CA trusted Certificate 391s X509v3 Subject Key Identifier: 391s 4C:33:F1:C5:08:57:F5:B4:92:6C:64:B8:A7:7C:48:0A:B5:BC:AB:B2 391s X509v3 Key Usage: critical 391s Digital Signature, Non Repudiation, Key Encipherment 391s X509v3 Extended Key Usage: 391s TLS Web Client Authentication, E-mail Protection 391s X509v3 Subject Alternative Name: 391s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 391s Certificate is to be certified until Mar 21 03:53:30 2025 GMT (365 days) 391s 391s Write out database with 1 new entries 391s Database updated 391s + openssl x509 -noout -in /tmp/sssd-softhsm2-certs-CVA6Pg/test-intermediate-CA-trusted-certificate-0001.pem 391s + echo 'This certificate should not be trusted fully' 391s + expect_fail openssl verify -CAfile /tmp/sssd-softhsm2-certs-CVA6Pg/test-intermediate-CA.pem /tmp/sssd-softhsm2-certs-CVA6Pg/test-intermediate-CA-trusted-certificate-0001.pem 391s + local cmd=openssl 391s + shift 391s This certificate should not be trusted fully 391s + openssl verify -CAfile /tmp/sssd-softhsm2-certs-CVA6Pg/test-intermediate-CA.pem /tmp/sssd-softhsm2-certs-CVA6Pg/test-intermediate-CA-trusted-certificate-0001.pem 391s O = Test Organization, OU = Test Organization Unit, CN = Test Organi/tmp/sssd-softhsm2-certs-CVA6Pg/test-intermediate-CA-trusted-certificate-0001.pem: OK 391s zation Intermediate CA 391s error 2 at 1 depth lookup: unable to get issuer certificate 391s error /tmp/sssd-softhsm2-certs-CVA6Pg/test-intermediate-CA-trusted-certificate-0001.pem: verification failed 391s + openssl verify -partial_chain -CAfile /tmp/sssd-softhsm2-certs-CVA6Pg/test-intermediate-CA.pem /tmp/sssd-softhsm2-certs-CVA6Pg/test-intermediate-CA-trusted-certificate-0001.pem 391s + cat 391s + sub_intermediate_ca_trusted_cert_0001_key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-25926 391s + openssl genrsa -aes256 -out /tmp/sssd-softhsm2-certs-CVA6Pg/test-sub-intermediate-CA-trusted-certificate-0001-key.pem -passout pass:random-sub-intermediate-ca-trusted-cert-0001-25926 1024 391s + openssl req -new -nodes -reqexts req_exts -passin pass:random-sub-intermediate-ca-trusted-cert-0001-25926 -key /tmp/sssd-softhsm2-certs-CVA6Pg/test-sub-intermediate-CA-trusted-certificate-0001-key.pem -config /tmp/sssd-softhsm2-certs-CVA6Pg/test-sub-intermediate-CA-trusted-certificate-0001.config -out /tmp/sssd-softhsm2-certs-CVA6Pg/test-sub-intermediate-CA-trusted-certificate-0001-request.pem 391s + openssl req -text -noout -in /tmp/sssd-softhsm2-certs-CVA6Pg/test-sub-intermediate-CA-trusted-certificate-0001-request.pem 391s Certificate Request: 391s Data: 391s Version: 1 (0x0) 391s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate Trusted Certificate 0001 391s Subject Public Key Info: 391s Public Key Algorithm: rsaEncryption 391s Public-Key: (1024 bit) 391s Modulus: 391s 00:b2:8e:ed:12:9c:ef:14:78:d9:b0:91:fa:74:96: 391s 7f:ad:00:ab:e4:09:13:aa:2c:0b:60:1a:de:ec:a5: 391s a1:14:bb:bd:66:ef:ca:fd:42:38:75:fa:88:ec:52: 391s ea:f6:0e:a1:da:b6:ce:31:6a:a0:6f:82:d4:a2:c3: 391s 1e:96:02:09:66:36:63:c9:76:b7:4f:b0:10:10:0c: 391s 10:cb:45:05:f2:02:2a:fc:46:1e:91:0d:50:04:9b: 391s 84:9b:da:b3:a3:2e:7b:57:7f:60:13:f5:63:5b:c9: 391s 57:37:53:3b:bf:43:89:3a:46:59:e0:96:89:fb:3f: 391s 7d:1d:6c:f4:ef:e8:17:99:27 391s Exponent: 65537 (0x10001) 391s Attributes: 391s Requested Extensions: 391s X509v3 Basic Constraints: 391s CA:FALSE 391s Netscape Cert Type: 391s SSL Client, S/MIME 391s Netscape Comment: 391s Test Organization Sub Intermediate CA trusted Certificate 391s X509v3 Subject Key Identifier: 391s 35:43:61:9D:6F:8A:9B:8D:B4:F2:C8:FB:B3:92:4B:95:CA:00:6E:54 391s X509v3 Key Usage: critical 391s Digital Signature, Non Repudiation, Key Encipherment 391s X509v3 Extended Key Usage: 391s TLS Web Client Authentication, E-mail Protection 391s X509v3 Subject Alternative Name: 391s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 391s Signature Algorithm: sha256WithRSAEncryption 391s Signature Value: 391s 28:4e:6d:cf:e9:31:ab:84:ab:9f:e4:33:92:3e:01:55:34:13: 391s 78:00:2d:48:49:61:76:4a:39:1c:af:dd:a3:55:44:df:cd:67: 391s be:e4:8f:f7:a4:ec:3b:a0:94:07:da:ba:ba:77:1b:7d:af:be: 391s 58:df:f9:8f:ad:bb:a2:14:ee:7e:64:a9:8c:40:52:80:95:2a: 391s 9f:53:d9:25:81:8c:59:31:85:e8:b2:39:43:ef:a1:22:02:97: 391s 19:4a:f1:d3:06:8b:60:78:28:2f:58:a7:24:c3:26:7c:bb:9f: 391s b8:c7:8b:2e:2c:a1:ca:6a:77:48:7d:db:99:1c:2c:20:bf:6d: 391s 08:06 391s + openssl ca -passin pass:random-sub-intermediate-CA-password-404 -config /tmp/sssd-softhsm2-certs-CVA6Pg/test-sub-intermediate-CA.config -batch -notext -keyfile /tmp/sssd-softhsm2-certs-CVA6Pg/test-sub-intermediate-CA-key.pem -in /tmp/sssd-softhsm2-certs-CVA6Pg/test-sub-intermediate-CA-trusted-certificate-0001-request.pem -days 365 -extensions usr_cert -out /tmp/sssd-softhsm2-certs-CVA6Pg/test-sub-intermediate-CA-trusted-certificate-0001.pem 391s Using configuration from /tmp/sssd-softhsm2-certs-CVA6Pg/test-sub-intermediate-CA.config 391s Check that the request matches the signature 391s Signature ok 391s Certificate Details: 391s Serial Number: 5 (0x5) 391s Validity 391s Not Before: Mar 21 03:53:30 2024 GMT 391s Not After : Mar 21 03:53:30 2025 GMT 391s Subject: 391s organizationName = Test Organization 391s organizationalUnitName = Test Organization Unit 391s commonName = Test Organization Sub Intermediate Trusted Certificate 0001 391s X509v3 extensions: 391s X509v3 Authority Key Identifier: 391s A5:B8:43:99:BA:E8:C2:40:8A:31:97:52:17:72:70:12:61:FC:26:1D 391s X509v3 Basic Constraints: 391s CA:FALSE 391s Netscape Cert Type: 391s SSL Client, S/MIME 391s Netscape Comment: 391s Test Organization Sub Intermediate CA trusted Certificate 391s X509v3 Subject Key Identifier: 391s 35:43:61:9D:6F:8A:9B:8D:B4:F2:C8:FB:B3:92:4B:95:CA:00:6E:54 391s X509v3 Key Usage: critical 391s Digital Signature, Non Repudiation, Key Encipherment 391s X509v3 Extended Key Usage: 391s TLS Web Client Authentication, E-mail Protection 391s X509v3 Subject Alternative Name: 391s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 391s Certificate is to be certified until Mar 21 03:53:30 2025 GMT (365 days) 391s 391s Write out database with 1 new entries 391s Database updated 391s + openssl x509 -noout -in /tmp/sssd-softhsm2-certs-CVA6Pg/test-sub-intermediate-CA-trusted-certificate-0001.pem 391s This certificate should not be trusted fully 391s + echo 'This certificate should not be trusted fully' 391s + expect_fail openssl verify -CAfile /tmp/sssd-softhsm2-certs-CVA6Pg/test-sub-intermediate-CA.pem /tmp/sssd-softhsm2-certs-CVA6Pg/test-sub-intermediate-CA-trusted-certificate-0001.pem 391s + local cmd=openssl 391s + shift 391s + openssl verify -CAfile /tmp/sssd-softhsm2-certs-CVA6Pg/test-sub-intermediate-CA.pem /tmp/sssd-softhsm2-certs-CVA6Pg/test-sub-intermediate-CA-trusted-certificate-0001.pem 391s O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate CA 391s error 2 at 1 depth lookup: unable to get issuer certificate 391s error /tmp/sssd-softhsm2-certs-CVA6Pg/test-sub-intermediate-CA-trusted-certificate-0001.pem: verification failed 391s + expect_fail openssl verify -CAfile /tmp/sssd-softhsm2-certs-CVA6Pg/test-intermediate-CA.pem /tmp/sssd-softhsm2-certs-CVA6Pg/test-sub-intermediate-CA-trusted-certificate-0001.pem 391s + local cmd=openssl 391s + shift 391s + openssl verify -CAfile /tmp/sssd-softhsm2-certs-CVA6Pg/test-intermediate-CA.pem /tmp/sssd-softhsm2-certs-CVA6Pg/test-sub-intermediate-CA-trusted-certificate-0001.pem 391s /tmp/sssd-softhsm2-certs-CVA6Pg/test-sub-intermediate-CA-trusted-certificate-0001.pem: OK 391s O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate Trusted Certificate 0001 391s error 20 at 0 depth lookup: unable to get local issuer certificate 391s error /tmp/sssd-softhsm2-certs-CVA6Pg/test-sub-intermediate-CA-trusted-certificate-0001.pem: verification failed 391s + openssl verify -partial_chain -CAfile /tmp/sssd-softhsm2-certs-CVA6Pg/test-sub-intermediate-CA.pem /tmp/sssd-softhsm2-certs-CVA6Pg/test-sub-intermediate-CA-trusted-certificate-0001.pem 391s + expect_fail openssl verify -partial_chain -CAfile /tmp/sssd-softhsm2-certs-CVA6Pg/test-intermediate-CA.pem /tmp/sssd-softhsm2-certs-CVA6Pg/test-sub-intermediate-CA-trusted-certificate-0001.pem 391s + local cmd=openssl 391s + shift 391s + openssl verify -partial_chain -CAfile /tmp/sssd-softhsm2-certs-CVA6Pg/test-intermediate-CA.pem /tmp/sssd-softhsm2-certs-CVA6Pg/test-sub-intermediate-CA-trusted-certificate-0001.pem 391s OBuilding a the full-chain CA file... 391s = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate Trusted Certificate 0001 391s error 20 at 0 depth lookup: unable to get local issuer certificate 391s error /tmp/sssd-softhsm2-certs-CVA6Pg/test-sub-intermediate-CA-trusted-certificate-0001.pem: verification failed 391s + echo 'Building a the full-chain CA file...' 391s + cat /tmp/sssd-softhsm2-certs-CVA6Pg/test-root-CA.pem /tmp/sssd-softhsm2-certs-CVA6Pg/test-intermediate-CA.pem /tmp/sssd-softhsm2-certs-CVA6Pg/test-sub-intermediate-CA.pem 391s + cat /tmp/sssd-softhsm2-certs-CVA6Pg/test-root-CA.pem /tmp/sssd-softhsm2-certs-CVA6Pg/test-intermediate-CA.pem 391s + cat /tmp/sssd-softhsm2-certs-CVA6Pg/test-intermediate-CA.pem /tmp/sssd-softhsm2-certs-CVA6Pg/test-sub-intermediate-CA.pem 391s + openssl crl2pkcs7 -nocrl -certfile /tmp/sssd-softhsm2-certs-CVA6Pg/test-full-chain-CA.pem 391s + openssl pkcs7 -print_certs -noout 391s subject=O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root CA 391s issuer=O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root CA 391s 391s subject=O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate CA 391s issuer=O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root CA 391s 391s subject=O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate CA 391s issuer=O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate CA 391s 391s + openssl verify -CAfile /tmp/sssd-softhsm2-certs-CVA6Pg/test-full-chain-CA.pem /tmp/sssd-softhsm2-certs-CVA6Pg/test-intermediate-CA.pem 391s /tmp/sssd-softhsm2-certs-CVA6Pg/test-intermediate-CA.pem: OK 391s + openssl verify -CAfile /tmp/sssd-softhsm2-certs-CVA6Pg/test-full-chain-CA.pem /tmp/sssd-softhsm2-certs-CVA6Pg/test-root-CA-trusted-certificate-0001.pem 391s /tmp/sssd-softhsm2-certs-CVA6Pg/test-root-CA-trusted-certificate-0001.pem: OK 391s + openssl verify -CAfile /tmp/sssd-softhsm2-certs-CVA6Pg/test-full-chain-CA.pem /tmp/sssd-softhsm2-certs-CVA6Pg/test-intermediate-CA-trusted-certificate-0001.pem 391s /tmp/sssd-softhsm2-certs-CVA6Pg/test-intermediate-CA-trusted-certificate-0001.pem: OK 391s + openssl verify -CAfile /tmp/sssd-softhsm2-certs-CVA6Pg/test-full-chain-CA.pem /tmp/sssd-softhsm2-certs-CVA6Pg/test-root-intermediate-chain-CA.pem 391s /tmp/sssd-softhsm2-certs-CVA6Pg/test-root-intermediate-chain-CA.pem: OK 391s + openssl verify -CAfile /tmp/sssd-softhsm2-certs-CVA6Pg/test-full-chain-CA.pem /tmp/sssd-softhsm2-certs-CVA6Pg/test-sub-intermediate-CA-trusted-certificate-0001.pem 391s /tmp/sssd-softhsm2-certs-CVA6Pg/test-sub-intermediate-CA-trusted-certificate-0001.pem: OK 391s Certificates generation completed! 391s + echo 'Certificates generation completed!' 391s + [[ -v NO_SSSD_TESTS ]] 391s + [[ -v GENERATE_SMART_CARDS ]] 391s + prepare_softhsm2_card /tmp/sssd-softhsm2-certs-CVA6Pg/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-25156 391s + local certificate=/tmp/sssd-softhsm2-certs-CVA6Pg/test-root-CA-trusted-certificate-0001.pem 391s + local key_pass=pass:random-root-ca-trusted-cert-0001-25156 391s + local key_cn 391s + local key_name 391s + local tokens_dir 391s + local output_cert_file 391s + token_name= 391s ++ basename /tmp/sssd-softhsm2-certs-CVA6Pg/test-root-CA-trusted-certificate-0001.pem .pem 391s + key_name=test-root-CA-trusted-certificate-0001 391s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-certs-CVA6Pg/test-root-CA-trusted-certificate-0001.pem 391s ++ sed -n 's/ *commonName *= //p' 391s + key_cn='Test Organization Root Trusted Certificate 0001' 391s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 391s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-certs-CVA6Pg/softhsm2-test-root-CA-trusted-certificate-0001.conf 391s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-certs-CVA6Pg/softhsm2-test-root-CA-trusted-certificate-0001.conf 391s ++ basename /tmp/sssd-softhsm2-certs-CVA6Pg/softhsm2-test-root-CA-trusted-certificate-0001.conf .conf 391s + tokens_dir=/tmp/sssd-softhsm2-certs-CVA6Pg/softhsm2-test-root-CA-trusted-certificate-0001 391s + token_name='Test Organization Root Tr Token' 391s + '[' '!' -e /tmp/sssd-softhsm2-certs-CVA6Pg/softhsm2-test-root-CA-trusted-certificate-0001.conf ']' 391s + local key_file 391s + local decrypted_key 391s + mkdir -p /tmp/sssd-softhsm2-certs-CVA6Pg/softhsm2-test-root-CA-trusted-certificate-0001 391s + key_file=/tmp/sssd-softhsm2-certs-CVA6Pg/test-root-CA-trusted-certificate-0001-key.pem 391s + decrypted_key=/tmp/sssd-softhsm2-certs-CVA6Pg/test-root-CA-trusted-certificate-0001-key-decrypted.pem 391s + cat 391s + softhsm2-util --init-token --label 'Test Organization Root Tr Token' --pin 123456 --so-pin 123456 --free 391s Slot 0 has a free/uninitialized token. 391s The token has been initialized and is reassigned to slot 195984571 391s + softhsm2-util --show-slots 391s Available slots: 391s Slot 195984571 391s Slot info: 391s Description: SoftHSM slot ID 0xbae7cbb 391s Manufacturer ID: SoftHSM project 391s Hardware version: 2.6 391s Firmware version: 2.6 391s Token present: yes 391s Token info: 391s Manufacturer ID: SoftHSM project 391s Model: SoftHSM v2 391s Hardware version: 2.6 391s Firmware version: 2.6 391s Serial number: a7d4f33b8bae7cbb 391s Initialized: yes 391s User PIN init.: yes 391s Label: Test Organization Root Tr Token 391s Slot 1 391s Slot info: 391s Description: SoftHSM slot ID 0x1 391s Manufacturer ID: SoftHSM project 391s Hardware version: 2.6 391s Firmware version: 2.6 391s Token present: yes 391s Token info: 391s Manufacturer ID: SoftHSM project 391s Model: SoftHSM v2 391s Hardware version: 2.6 391s Firmware version: 2.6 391s Serial number: 391s Initialized: no 391s User PIN init.: no 391s Label: 391s + p11tool --provider=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so --write --no-mark-private --load-certificate=/tmp/sssd-softhsm2-certs-CVA6Pg/test-root-CA-trusted-certificate-0001.pem --login --set-pin=123456 --label 'Test Organization Root Trusted Certificate 0001' --id 00112233445566778899FFAABBCCDDEEFF012345 391s + openssl rsa -passin pass:random-root-ca-trusted-cert-0001-25156 -in /tmp/sssd-softhsm2-certs-CVA6Pg/test-root-CA-trusted-certificate-0001-key.pem -out /tmp/sssd-softhsm2-certs-CVA6Pg/test-root-CA-trusted-certificate-0001-key-decrypted.pem 391s writing RSA key 391s + p11tool --provider=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so --write --load-privkey=/tmp/sssd-softhsm2-certs-CVA6Pg/test-root-CA-trusted-certificate-0001-key-decrypted.pem --login --set-pin=123456 --label 'Test Organization Root Trusted Certificate 0001 Key' --id 00112233445566778899FFAABBCCDDEEFF012345 391s + rm /tmp/sssd-softhsm2-certs-CVA6Pg/test-root-CA-trusted-certificate-0001-key-decrypted.pem 391s + p11tool --provider=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so --list-all 391s Object 0: 391s URL: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=a7d4f33b8bae7cbb;token=Test%20Organization%20Root%20Tr%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Root%20Trusted%20Certificate%200001;type=cert 391s Type: X.509 Certificate (RSA-1024) 391s Expires: Fri Mar 21 03:53:30 2025 391s Label: Test Organization Root Trusted Certificate 0001 391s ID: 00:11:22:33:44:55:66:77:88:99:ff:aa:bb:cc:dd:ee:ff:01:23:45 391s 391s + echo 'Test Organization Root Tr Token' 391s + prepare_softhsm2_card /tmp/sssd-softhsm2-certs-CVA6Pg/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-5950 391s Test Organization Root Tr Token 391s + local certificate=/tmp/sssd-softhsm2-certs-CVA6Pg/test-intermediate-CA-trusted-certificate-0001.pem 391s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-5950 391s + local key_cn 391s + local key_name 391s + local tokens_dir 391s + local output_cert_file 391s + token_name= 391s ++ basename /tmp/sssd-softhsm2-certs-CVA6Pg/test-intermediate-CA-trusted-certificate-0001.pem .pem 391s + key_name=test-intermediate-CA-trusted-certificate-0001 391s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-certs-CVA6Pg/test-intermediate-CA-trusted-certificate-0001.pem 391s ++ sed -n 's/ *commonName *= //p' 391s + key_cn='Test Organization Intermediate Trusted Certificate 0001' 391s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 391s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-certs-CVA6Pg/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 391s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-certs-CVA6Pg/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 391s ++ basename /tmp/sssd-softhsm2-certs-CVA6Pg/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf .conf 391s + tokens_dir=/tmp/sssd-softhsm2-certs-CVA6Pg/softhsm2-test-intermediate-CA-trusted-certificate-0001 391s + token_name='Test Organization Interme Token' 391s + '[' '!' -e /tmp/sssd-softhsm2-certs-CVA6Pg/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf ']' 391s + local key_file 391s + local decrypted_key 391s + mkdir -p /tmp/sssd-softhsm2-certs-CVA6Pg/softhsm2-test-intermediate-CA-trusted-certificate-0001 391s + key_file=/tmp/sssd-softhsm2-certs-CVA6Pg/test-intermediate-CA-trusted-certificate-0001-key.pem 391s + decrypted_key=/tmp/sssd-softhsm2-certs-CVA6Pg/test-intermediate-CA-trusted-certificate-0001-key-decrypted.pem 391s + cat 391s + softhsm2-util --init-token --label 'Test Organization Interme Token' --pin 123456 --so-pin 123456 --free 391s Slot 0 has a free/uninitialized token. 391s The token has been initialized and is reassigned to slot 1203498921 391s + softhsm2-util --show-slots 391s + p11tool --provider=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so --write --no-mark-private --load-certificate=/tmp/sssd-softhsm2-certs-CVA6Pg/test-intermediate-CA-trusted-certificate-0001.pem --login --set-pin=123456 --label 'Test Organization Intermediate Trusted Certificate 0001' --id 00112233445566778899FFAABBCCDDEEFF012345 391s Available slots: 391s Slot 1203498921 391s Slot info: 391s Description: SoftHSM slot ID 0x47bbefa9 391s Manufacturer ID: SoftHSM project 391s Hardware version: 2.6 391s Firmware version: 2.6 391s Token present: yes 391s Token info: 391s Manufacturer ID: SoftHSM project 391s Model: SoftHSM v2 391s Hardware version: 2.6 391s Firmware version: 2.6 391s Serial number: 3f59e17c47bbefa9 391s Initialized: yes 391s User PIN init.: yes 391s Label: Test Organization Interme Token 391s Slot 1 391s Slot info: 391s Description: SoftHSM slot ID 0x1 391s Manufacturer ID: SoftHSM project 391s Hardware version: 2.6 391s Firmware version: 2.6 391s Token present: yes 391s Token info: 391s Manufacturer ID: SoftHSM project 391s Model: SoftHSM v2 391s Hardware version: 2.6 391s Firmware version: 2.6 391s Serial number: 391s Initialized: no 391s User PIN init.: no 391s Label: 391s + openssl rsa -passin pass:random-intermediate-ca-trusted-cert-0001-5950 -in /tmp/sssd-softhsm2-certs-CVA6Pg/test-intermediate-CA-trusted-certificate-0001-key.pem -out /tmp/sssd-softhsm2-certs-CVA6Pg/test-intermediate-CA-trusted-certificate-0001-key-decrypted.pem 391s writing RSA key 391s + p11tool --provider=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so --write --load-privkey=/tmp/sssd-softhsm2-certs-CVA6Pg/test-intermediate-CA-trusted-certificate-0001-key-decrypted.pem --login --set-pin=123456 --label 'Test Organization Intermediate Trusted Certificate 0001 Key' --id 00112233445566778899FFAABBCCDDEEFF012345 391s + rm /tmp/sssd-softhsm2-certs-CVA6Pg/test-intermediate-CA-trusted-certificate-0001-key-decrypted.pem 391s + p11tool --provider=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so --list-all 391s + echo 'Test Organization Interme Token' 391s + prepare_softhsm2_card /tmp/sssd-softhsm2-certs-CVA6Pg/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-25926 391s + local certificate=/tmp/sssd-softhsm2-certs-CVA6Pg/test-sub-intermediate-CA-trusted-certificate-0001.pem 391s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-25926 391s + local key_cn 391s + local key_name 391s + local tokens_dir 391s + local output_cert_file 391s + token_name= 391s Object 0: 391s URL: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=3f59e17c47bbefa9;token=Test%20Organization%20Interme%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Intermediate%20Trusted%20Certificate%200001;type=cert 391s Type: X.509 Certificate (RSA-1024) 391s Expires: Fri Mar 21 03:53:30 2025 391s Label: Test Organization Intermediate Trusted Certificate 0001 391s ID: 00:11:22:33:44:55:66:77:88:99:ff:aa:bb:cc:dd:ee:ff:01:23:45 391s 391s Test Organization Interme Token 391s ++ basename /tmp/sssd-softhsm2-certs-CVA6Pg/test-sub-intermediate-CA-trusted-certificate-0001.pem .pem 391s + key_name=test-sub-intermediate-CA-trusted-certificate-0001 391s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-certs-CVA6Pg/test-sub-intermediate-CA-trusted-certificate-0001.pem 391s ++ sed -n 's/ *commonName *= //p' 391s + key_cn='Test Organization Sub Intermediate Trusted Certificate 0001' 391s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 391s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-certs-CVA6Pg/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 391s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-certs-CVA6Pg/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 391s ++ basename /tmp/sssd-softhsm2-certs-CVA6Pg/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf .conf 391s + tokens_dir=/tmp/sssd-softhsm2-certs-CVA6Pg/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 391s + token_name='Test Organization Sub Int Token' 391s + '[' '!' -e /tmp/sssd-softhsm2-certs-CVA6Pg/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf ']' 391s + local key_file 391s + local decrypted_key 391s + mkdir -p /tmp/sssd-softhsm2-certs-CVA6Pg/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 391s + key_file=/tmp/sssd-softhsm2-certs-CVA6Pg/test-sub-intermediate-CA-trusted-certificate-0001-key.pem 391s + decrypted_key=/tmp/sssd-softhsm2-certs-CVA6Pg/test-sub-intermediate-CA-trusted-certificate-0001-key-decrypted.pem 391s + cat 391s + softhsm2-util --init-token --label 'Test Organization Sub Int Token' --pin 123456 --so-pin 123456 --free 391s + softhsm2-util --show-slots 391s Slot 0 has a free/uninitialized token. 391s The token has been initialized and is reassigned to slot 237538277 391s Available slots: 391s Slot 237538277 391s Slot info: 391s Description: SoftHSM slot ID 0xe288be5 391s Manufacturer ID: SoftHSM project 391s Hardware version: 2.6 391s Firmware version: 2.6 391s Token present: yes 391s Token info: 391s Manufacturer ID: SoftHSM project 391s Model: SoftHSM v2 391s Hardware version: 2.6 391s Firmware version: 2.6 391s Serial number: c4a45e058e288be5 391s Initialized: yes 391s User PIN init.: yes 391s Label: Test Organization Sub Int Token 391s Slot 1 391s Slot info: 391s Description: SoftHSM slot ID 0x1 391s Manufacturer ID: SoftHSM project 391s Hardware version: 2.6 391s Firmware version: 2.6 391s Token present: yes 391s Token info: 391s Manufacturer ID: SoftHSM project 391s Model: SoftHSM v2 391s Hardware version: 2.6 391s Firmware version: 2.6 391s Serial number: 391s Initialized: no 391s User PIN init.: no 391s Label: 391s + p11tool --provider=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so --write --no-mark-private --load-certificate=/tmp/sssd-softhsm2-certs-CVA6Pg/test-sub-intermediate-CA-trusted-certificate-0001.pem --login --set-pin=123456 --label 'Test Organization Sub Intermediate Trusted Certificate 0001' --id 00112233445566778899FFAABBCCDDEEFF012345 391s + openssl rsa -passin pass:random-sub-intermediate-ca-trusted-cert-0001-25926 -in /tmp/sssd-softhsm2-certs-CVA6Pg/test-sub-intermediate-CA-trusted-certificate-0001-key.pem -out /tmp/sssd-softhsm2-certs-CVA6Pg/test-sub-intermediate-CA-trusted-certificate-0001-key-decrypted.pem 391s writing RSA key 391s + p11tool --provider=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so --write --load-privkey=/tmp/sssd-softhsm2-certs-CVA6Pg/test-sub-intermediate-CA-trusted-certificate-0001-key-decrypted.pem --login --set-pin=123456 --label 'Test Organization Sub Intermediate Trusted Certificate 0001 Key' --id 00112233445566778899FFAABBCCDDEEFF012345 391s + rm /tmp/sssd-softhsm2-certs-CVA6Pg/test-sub-intermediate-CA-trusted-certificate-0001-key-decrypted.pem 391s + p11tool --provider=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so --list-all 391s Object 0: 391s URL: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=c4a45e058e288be5;token=Test%20Organization%20Sub%20Int%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Sub%20Intermediate%20Trusted%20Certificate%200001;type=cert 391s Type: X.509 Certificate (RSA-1024) 391s Expires: Fri Mar 21 03:53:30 2025 391s Label: Test Organization Sub Intermediate Trusted Certificate 0001 391s ID: 00:11:22:33:44:55:66:77:88:99:ff:aa:bb:cc:dd:ee:ff:01:23:45 391s 391s Test Organization Sub Int Token 391s Certificates generation completed! 391s + echo 'Test Organization Sub Int Token' 391s + echo 'Certificates generation completed!' 391s + exit 0 391s + find /tmp/sssd-softhsm2-certs-CVA6Pg -type d -exec chmod 777 '{}' ';' 391s + find /tmp/sssd-softhsm2-certs-CVA6Pg -type f -exec chmod 666 '{}' ';' 391s + backup_file /etc/sssd/sssd.conf 391s + '[' -z '' ']' 391s ++ mktemp -d -t sssd-softhsm2-backups-XXXXXX 391s + backupsdir=/tmp/sssd-softhsm2-backups-mRM2nq 391s + '[' -e /etc/sssd/sssd.conf ']' 391s + delete_paths+=("$1") 391s + rm -f /etc/sssd/sssd.conf 391s ++ runuser -u ubuntu -- sh -c 'echo ~' 391s + user_home=/home/ubuntu 391s + mkdir -p /home/ubuntu 391s + chown ubuntu:ubuntu /home/ubuntu 391s ++ runuser -u ubuntu -- sh -c 'echo ${XDG_CONFIG_HOME:-~/.config}' 391s + user_config=/home/ubuntu/.config 391s + system_config=/etc 391s + softhsm2_conf_paths=("${AUTOPKGTEST_NORMAL_USER}:$user_config/softhsm2/softhsm2.conf" "root:$system_config/softhsm/softhsm2.conf") 391s + for path_pair in "${softhsm2_conf_paths[@]}" 391s + IFS=: 391s + read -r -a path 391s + path=/home/ubuntu/.config/softhsm2/softhsm2.conf 391s + backup_file /home/ubuntu/.config/softhsm2/softhsm2.conf 391s + '[' -z /tmp/sssd-softhsm2-backups-mRM2nq ']' 391s + '[' -e /home/ubuntu/.config/softhsm2/softhsm2.conf ']' 391s + delete_paths+=("$1") 391s + rm -f /home/ubuntu/.config/softhsm2/softhsm2.conf 391s + for path_pair in "${softhsm2_conf_paths[@]}" 391s + IFS=: 391s + read -r -a path 391s + path=/etc/softhsm/softhsm2.conf 391s + backup_file /etc/softhsm/softhsm2.conf 391s + '[' -z /tmp/sssd-softhsm2-backups-mRM2nq ']' 391s + '[' -e /etc/softhsm/softhsm2.conf ']' 391s ++ dirname /etc/softhsm/softhsm2.conf 391s + local back_dir=/tmp/sssd-softhsm2-backups-mRM2nq//etc/softhsm 391s ++ basename /etc/softhsm/softhsm2.conf 391s + local back_path=/tmp/sssd-softhsm2-backups-mRM2nq//etc/softhsm/softhsm2.conf 391s + '[' '!' -e /tmp/sssd-softhsm2-backups-mRM2nq//etc/softhsm/softhsm2.conf ']' 391s + mkdir -p /tmp/sssd-softhsm2-backups-mRM2nq//etc/softhsm 391s + cp -a /etc/softhsm/softhsm2.conf /tmp/sssd-softhsm2-backups-mRM2nq//etc/softhsm/softhsm2.conf 391s Using CA DB '/tmp/sssd-softhsm2-certs-CVA6Pg/test-full-chain-CA.pem' with verification options: '' 391s + restore_paths+=("$back_path") 391s + rm -f /etc/softhsm/softhsm2.conf 391s + test_authentication login /tmp/sssd-softhsm2-certs-CVA6Pg/softhsm2-test-root-CA-trusted-certificate-0001.conf /tmp/sssd-softhsm2-certs-CVA6Pg/test-full-chain-CA.pem 391s + pam_service=login 391s + certificate_config=/tmp/sssd-softhsm2-certs-CVA6Pg/softhsm2-test-root-CA-trusted-certificate-0001.conf 391s + ca_db=/tmp/sssd-softhsm2-certs-CVA6Pg/test-full-chain-CA.pem 391s + verification_options= 391s + mkdir -p -m 700 /etc/sssd 391s + echo 'Using CA DB '\''/tmp/sssd-softhsm2-certs-CVA6Pg/test-full-chain-CA.pem'\'' with verification options: '\'''\''' 391s + cat 391s + chmod 600 /etc/sssd/sssd.conf 391s + for path_pair in "${softhsm2_conf_paths[@]}" 391s + IFS=: 391s + read -r -a path 391s + user=ubuntu 391s + path=/home/ubuntu/.config/softhsm2/softhsm2.conf 391s ++ dirname /home/ubuntu/.config/softhsm2/softhsm2.conf 391s + runuser -u ubuntu -- mkdir -p /home/ubuntu/.config/softhsm2 391s + runuser -u ubuntu -- ln -sf /tmp/sssd-softhsm2-certs-CVA6Pg/softhsm2-test-root-CA-trusted-certificate-0001.conf /home/ubuntu/.config/softhsm2/softhsm2.conf 391s + runuser -u ubuntu -- softhsm2-util --show-slots 391s + grep 'Test Organization' 391s + for path_pair in "${softhsm2_conf_paths[@]}" 391s + IFS=: 391s + read -r -a path 391s + user=root 391s + path=/etc/softhsm/softhsm2.conf 391s ++ dirname /etc/softhsm/softhsm2.conf 391s + runuser -u root -- mkdir -p /etc/softhsm 391s + runuser -u root -- ln -sf /tmp/sssd-softhsm2-certs-CVA6Pg/softhsm2-test-root-CA-trusted-certificate-0001.conf /etc/softhsm/softhsm2.conf 391s + runuser -u root -- softhsm2-util --show-slots 391s + grep 'Test Organization' 391s + systemctl restart sssd 391s Label: Test Organization Root Tr Token 391s Label: Test Organization Root Tr Token 391s + pam-auth-update --disable sss-smart-card-optional sss-smart-card-required 392s + for alternative in "${alternative_pam_configs[@]}" 392s + pam-auth-update --enable sss-smart-card-optional 392s + cat /etc/pam.d/common-auth 392s # 392s # /etc/pam.d/common-auth - authentication settings common to all services 392s # 392s # This file is included from other service-specific PAM config files, 392s # and should contain a list of the authentication modules that define 392s # the central authentication scheme for use on the system 392s # (e.g., /etc/shadow, LDAP, Kerberos, etc.). The default is to use the 392s # traditional Unix authentication mechanisms. 392s # 392s # As of pam 1.0.1-6, this file is managed by pam-auth-update by default. 392s # To take advantage of this, it is recommended that you configure any 392s # local modules either before or after the default block, and use 392s # pam-auth-update to manage selection of other modules. See 392s # pam-auth-update(8) for details. 392s 392s # here are the per-package modules (the "Primary" block) 392s auth [success=3 default=ignore] pam_sss.so allow_missing_name try_cert_auth 392s auth [success=2 default=ignore] pam_unix.so nullok try_first_pass 392s auth [success=1 default=ignore] pam_sss.so use_first_pass 392s # here's the fallback if no module succeeds 392s auth requisite pam_deny.so 392s # prime the stack with a positive return value if there isn't one already; 392s # this avoids us returning an error just because nothing sets a success code 392s # since the modules above will each just jump around 392s auth required pam_permit.so 392s # and here are more per-package modules (the "Additional" block) 392s auth optional pam_cap.so 392s # end of pam-auth-update config 392s + echo -n -e 123456 392s + runuser -u ubuntu -- pamtester -v login ubuntu authenticate 392s pamtester: invoking pam_start(login, ubuntu, ...) 392s pamtester: performing operation - authenticate 392s PIN for Test Organization Root Tr Token: + echo -n -e 123456 392s + runuser -u ubuntu -- pamtester -v login '' authenticate 392s pamtester: successfully authenticated 392s pamtester: invoking pam_start(login, , ...) 392s pamtester: performing operation - authenticate 392s PIN for Test Organization Root Tr Token: pamtester: successfully authenticated 392s + echo -n -e wrong123456 392s + runuser -u ubuntu -- pamtester -v login ubuntu authenticate 392s pamtester: invoking pam_start(login, ubuntu, ...) 392s pamtester: performing operation - authenticate 395s PIN for Test Organization Root Tr Token: Password: pamtester: Authentication failure 395s + echo -n -e wrong123456 395s + runuser -u ubuntu -- pamtester -v login '' authenticate 395s pamtester: invoking pam_start(login, , ...) 395s pamtester: performing operation - authenticate 398s PIN for Test Organization Root Tr Token: Password: pamtester: Authentication failure 398s + echo -n -e 123456 398s + pamtester -v login root authenticate 398s pamtester: invoking pam_start(login, root, ...) 398s pamtester: performing operation - authenticate 402s Password: pamtester: Authentication failure 402s + for alternative in "${alternative_pam_configs[@]}" 402s + pam-auth-update --enable sss-smart-card-required 402s PAM configuration 402s ----------------- 402s 402s Incompatible PAM profiles selected. 402s 402s The following PAM profiles cannot be used together: 402s 402s SSS required smart card authentication, SSS optional smart card 402s authentication 402s 402s Please select a different set of modules to enable. 402s 402s + cat /etc/pam.d/common-auth 402s # 402s # /etc/pam.d/common-auth - authentication settings common to all services 402s # 402s # This file is included from other service-specific PAM config files, 402s # and should contain a list of the authentication modules that define 402s # the central authentication scheme for use on the system 402s # (e.g., /etc/shadow, LDAP, Kerberos, etc.). The default is to use the 402s # traditional Unix authentication mechanisms. 402s # 402s # As of pam 1.0.1-6, this file is managed by pam-auth-update by default. 402s # To take advantage of this, it is recommended that you configure any 402s # local modules either before or after the default block, and use 402s # pam-auth-update to manage selection of other modules. See 402s # pam-auth-update(8) for details. 402s 402s # here are the per-package modules (the "Primary" block) 402s auth [success=3 ignore=ignore default=die] pam_sss.so allow_missing_name require_cert_auth 402s auth [success=2 default=ignore] pam_unix.so nullok try_first_pass 402s auth [success=1 default=ignore] pam_sss.so use_first_pass 402s # here's the fallback if no module succeeds 402s auth requisite pam_deny.so 402s # prime the stack with a positive return value if there isn't one already; 402s # this avoids us returning an error just because nothing sets a success code 402s # since the modules above will each just jump around 402s auth required pam_permit.so 402s # and here are more per-package modules (the "Additional" block) 402s auth optional pam_cap.so 402s # end of pam-auth-update config 402s + echo -n -e 123456 402s + runuser -u ubuntu -- pamtester -v login ubuntu authenticate 402s pamtester: invoking pam_start(login, ubuntu, ...) 402s pamtester: performing operation - authenticate 402s PIN for Test Organization Root Tr Token: pamtester: successfully authenticated 402s + echo -n -e 123456 402s + runuser -u ubuntu -- pamtester -v login '' authenticate 402s pamtester: invoking pam_start(login, , ...) 402s pamtester: performing operation - authenticate 402s PIN for Test Organization Root Tr Token: pamtester: successfully authenticated 402s + echo -n -e wrong123456 402s + runuser -u ubuntu -- pamtester -v login ubuntu authenticate 402s pamtester: invoking pam_start(login, ubuntu, ...) 402s pamtester: performing operation - authenticate 405s PIN for Test Organization Root Tr Token: pamtester: Authentication failure 405s + echo -n -e wrong123456 405s + runuser -u ubuntu -- pamtester -v login '' authenticate 405s pamtester: invoking pam_start(login, , ...) 405s pamtester: performing operation - authenticate 407s PIN for Test Organization Root Tr Token: pamtester: Authentication failure 407s + echo -n -e 123456 407s + pamtester -v login root authenticate 407s pamtester: invoking pam_start(login, root, ...) 407s pamtester: performing operation - authenticate 410s pamtester: Authentication service cannot retrieve authentication info 410s + test_authentication login /tmp/sssd-softhsm2-certs-CVA6Pg/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf /tmp/sssd-softhsm2-certs-CVA6Pg/test-full-chain-CA.pem 410s + pam_service=login 410s + certificate_config=/tmp/sssd-softhsm2-certs-CVA6Pg/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 410s + ca_db=/tmp/sssd-softhsm2-certs-CVA6Pg/test-full-chain-CA.pem 410s + verification_options= 410s + mkdir -p -m 700 /etc/sssd 410s + echo 'Using CA DB '\''/tmp/sssd-softhsm2-certs-CVA6Pg/test-full-chain-CA.pem'\'' with verification options: '\'''\''' 410s + cat 410s Using CA DB '/tmp/sssd-softhsm2-certs-CVA6Pg/test-full-chain-CA.pem' with verification options: '' 410s + chmod 600 /etc/sssd/sssd.conf 410s + for path_pair in "${softhsm2_conf_paths[@]}" 410s + IFS=: 410s + read -r -a path 410s + user=ubuntu 410s + path=/home/ubuntu/.config/softhsm2/softhsm2.conf 410s ++ dirname /home/ubuntu/.config/softhsm2/softhsm2.conf 410s + runuser -u ubuntu -- mkdir -p /home/ubuntu/.config/softhsm2 410s + runuser -u ubuntu -- ln -sf /tmp/sssd-softhsm2-certs-CVA6Pg/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf /home/ubuntu/.config/softhsm2/softhsm2.conf 410s + runuser -u ubuntu -- softhsm2-util --show-slots 410s + grep 'Test Organization' 410s + for path_pair in "${softhsm2_conf_paths[@]}" 410s + IFS=: 410s + read -r -a path 410s + user=root 410s + path=/etc/softhsm/softhsm2.conf 410s ++ dirname /etc/softhsm/softhsm2.conf 410s + runuser -u root -- mkdir -p /etc/softhsm 410s + runuser -u root -- ln -sf /tmp/sssd-softhsm2-certs-CVA6Pg/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf /etc/softhsm/softhsm2.conf 410s + runuser -u root -- softhsm2-util --show-slots 410s + grep 'Test Organization' 410s + systemctl restart sssd 410s Label: Test Organization Sub Int Token 410s Label: Test Organization Sub Int Token 410s + pam-auth-update --disable sss-smart-card-optional sss-smart-card-required 411s + for alternative in "${alternative_pam_configs[@]}" 411s + pam-auth-update --enable sss-smart-card-optional 411s + cat /etc/pam.d/common-auth 411s # 411s # /etc/pam.d/common-auth - authentication settings common to all services 411s # 411s # This file is included from other service-specific PAM config files, 411s # and should contain a list of the authentication modules that define 411s # the central authentication scheme for use on the system 411s # (e.g., /etc/shadow, LDAP, Kerberos, etc.). The default is to use the 411s # traditional Unix authentication mechanisms. 411s # 411s # As of pam 1.0.1-6, this file is managed by pam-auth-update by default. 411s # To take advantage of this, it is recommended that you configure any 411s # local modules either before or after the default block, and use 411s # pam-auth-update to manage selection of other modules. See 411s # pam-auth-update(8) for details. 411s 411s # here are the per-package modules (the "Primary" block) 411s auth [success=3 default=ignore] pam_sss.so allow_missing_name try_cert_auth 411s auth [success=2 default=ignore] pam_unix.so nullok try_first_pass 411s auth [success=1 default=ignore] pam_sss.so use_first_pass 411s # here's the fallback if no module succeeds 411s auth requisite pam_deny.so 411s # prime the stack with a positive return value if there isn't one already; 411s # this avoids us returning an error just because nothing sets a success code 411s # since the modules above will each just jump around 411s auth required pam_permit.so 411s # and here are more per-package modules (the "Additional" block) 411s auth optional pam_cap.so 411s # end of pam-auth-update config 411s + echo -n -e 123456 411s + runuser -u ubuntu -- pamtester -v login ubuntu authenticate 411s pamtester: invoking pam_start(login, ubuntu, ...) 411s pamtester: performing operation - authenticate 411s PIN for Test Organization Sub Int Token: + echo -n -e 123456 411s pamtester: successfully authenticated 411s + runuser -u ubuntu -- pamtester -v login '' authenticate 411s pamtester: invoking pam_start(login, , ...) 411s pamtester: performing operation - authenticate 411s PIN for Test Organization Sub Int Token: pamtester: successfully authenticated 411s + echo -n -e wrong123456 411s + runuser -u ubuntu -- pamtester -v login ubuntu authenticate 411s pamtester: invoking pam_start(login, ubuntu, ...) 411s pamtester: performing operation - authenticate 413s PIN for Test Organization Sub Int Token: Password: pamtester: Authentication failure 413s + echo -n -e wrong123456 413s + runuser -u ubuntu -- pamtester -v login '' authenticate 413s pamtester: invoking pam_start(login, , ...) 413s pamtester: performing operation - authenticate 416s PIN for Test Organization Sub Int Token: Password: pamtester: Authentication failure 416s + echo -n -e 123456 416s + pamtester -v login root authenticate 416s pamtester: invoking pam_start(login, root, ...) 416s pamtester: performing operation - authenticate 419s Password: pamtester: Authentication failure 419s + for alternative in "${alternative_pam_configs[@]}" 419s + pam-auth-update --enable sss-smart-card-required 419s PAM configuration 419s ----------------- 419s 419s Incompatible PAM profiles selected. 419s 419s The following PAM profiles cannot be used together: 419s 419s SSS required smart card authentication, SSS optional smart card 419s authentication 419s 419s Please select a different set of modules to enable. 419s 419s + cat /etc/pam.d/common-auth 419s # 419s # /etc/pam.d/common-auth - authentication settings common to all services 419s # 419s # This file is included from other service-specific PAM config files, 419s # and should contain a list of the authentication modules that define 419s # the central authentication scheme for use on the system 419s # (e.g., /etc/shadow, LDAP, Kerberos, etc.). The default is to use the 419s # traditional Unix authentication mechanisms. 419s # 419s # As of pam 1.0.1-6, this file is managed by pam-auth-update by default. 419s # To take advantage of this, it is recommended that you configure any 419s # local modules either before or after the default block, and use 419s # pam-auth-update to manage selection of other modules. See 419s # pam-auth-update(8) for details. 419s 419s # here are the per-package modules (the "Primary" block) 419s auth [success=3 ignore=ignore default=die] pam_sss.so allow_missing_name require_cert_auth 419s auth [success=2 default=ignore] pam_unix.so nullok try_first_pass 419s auth [success=1 default=ignore] pam_sss.so use_first_pass 419s # here's the fallback if no module succeeds 419s auth requisite pam_deny.so 419s # prime the stack with a positive return value if there isn't one already; 419s # this avoids us returning an error just because nothing sets a success code 419s # since the modules above will each just jump around 419s auth required pam_permit.so 419s # and here are more per-package modules (the "Additional" block) 419s auth optional pam_cap.so 419s # end of pam-auth-update config 419s + echo -n -e 123456 419s + runuser -u ubuntu -- pamtester -v login ubuntu authenticate 419s pamtester: invoking pam_start(login, ubuntu, ...) 419s pamtester: performing operation - authenticate 419s PIN for Test Organization Sub Int Token: pamtester: successfully authenticated 419s + echo -n -e 123456 419s pamtester: successfully authenticated 419s + runuser -u ubuntu -- pamtester -v login '' authenticate 419s pamtester: invoking pam_start(login, , ...) 419s pamtester: performing operation - authenticate 419s PIN for Test Organization Sub Int Token: + echo -n -e wrong123456 419s + runuser -u ubuntu -- pamtester -v login ubuntu authenticate 419s pamtester: invoking pam_start(login, ubuntu, ...) 419s pamtester: performing operation - authenticate 422s PIN for Test Organization Sub Int Token: pamtester: Authentication failure 422s + echo -n -e wrong123456 422s + runuser -u ubuntu -- pamtester -v login '' authenticate 422s pamtester: invoking pam_start(login, , ...) 422s pamtester: performing operation - authenticate 426s PIN for Test Organization Sub Int Token: pamtester: Authentication failure 426s + echo -n -e 123456 426s + pamtester -v login root authenticate 426s pamtester: invoking pam_start(login, root, ...) 426s pamtester: performing operation - authenticate 429s pamtester: Authentication service cannot retrieve authentication info 429s Using CA DB '/tmp/sssd-softhsm2-certs-CVA6Pg/test-sub-intermediate-CA.pem' with verification options: 'partial_chain' 429s + test_authentication login /tmp/sssd-softhsm2-certs-CVA6Pg/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf /tmp/sssd-softhsm2-certs-CVA6Pg/test-sub-intermediate-CA.pem partial_chain 429s + pam_service=login 429s + certificate_config=/tmp/sssd-softhsm2-certs-CVA6Pg/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 429s + ca_db=/tmp/sssd-softhsm2-certs-CVA6Pg/test-sub-intermediate-CA.pem 429s + verification_options=partial_chain 429s + mkdir -p -m 700 /etc/sssd 429s + echo 'Using CA DB '\''/tmp/sssd-softhsm2-certs-CVA6Pg/test-sub-intermediate-CA.pem'\'' with verification options: '\''partial_chain'\''' 429s + cat 429s + chmod 600 /etc/sssd/sssd.conf 429s + for path_pair in "${softhsm2_conf_paths[@]}" 429s + IFS=: 429s + read -r -a path 429s + user=ubuntu 429s + path=/home/ubuntu/.config/softhsm2/softhsm2.conf 429s ++ dirname /home/ubuntu/.config/softhsm2/softhsm2.conf 429s + runuser -u ubuntu -- mkdir -p /home/ubuntu/.config/softhsm2 429s + runuser -u ubuntu -- ln -sf /tmp/sssd-softhsm2-certs-CVA6Pg/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf /home/ubuntu/.config/softhsm2/softhsm2.conf 429s + runuser -u ubuntu -- softhsm2-util --show-slots 429s + grep 'Test Organization' 429s + for path_pair in "${softhsm2_conf_paths[@]}" 429s + IFS=: 429s + read -r -a path 429s + user=root 429s + path=/etc/softhsm/softhsm2.conf 429s ++ dirname /etc/softhsm/softhsm2.conf 429s + runuser -u root -- mkdir -p /etc/softhsm 429s + runuser -u root -- ln -sf /tmp/sssd-softhsm2-certs-CVA6Pg/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf /etc/softhsm/softhsm2.conf 429s + runuser -u root -- softhsm2-util --show-slots 429s + grep 'Test Organization' 429s + systemctl restart sssd 429s Label: Test Organization Sub Int Token 429s Label: Test Organization Sub Int Token 429s + pam-auth-update --disable sss-smart-card-optional sss-smart-card-required 430s + for alternative in "${alternative_pam_configs[@]}" 430s + pam-auth-update --enable sss-smart-card-optional 430s # 430s # /etc/pam.d/common-auth - authentication settings common to all services 430s # 430s # This file is included from other service-specific PAM config files, 430s # and should contain a list of the authentication modules that define 430s # the central authentication scheme for use on the system 430s # (e.g., /etc/shadow, LDAP, Kerberos, etc.). The default is to use the 430s # traditional Unix authentication mechanisms. 430s # 430s # As of pam 1.0.1-6, this file is managed by pam-auth-update by default. 430s # To take advantage of this, it is recommended that you configure any 430s # local modules either before or after the default block, and use 430s # pam-auth-update to manage selection of other modules. See 430s # pam-auth-update(8) for details. 430s 430s # here are the per-package modules (the "Primary" block) 430s auth [success=3 default=ignore] pam_sss.so allow_missing_name try_cert_auth 430s auth [success=2 default=ignore] pam_unix.so nullok try_first_pass 430s auth [success=1 default=ignore] pam_sss.so use_first_pass 430s # here's the fallback if no module succeeds 430s auth requisite pam_deny.so 430s # prime the stack with a positive return value if there isn't one already; 430s # this avoids us returning an error just because nothing sets a success code 430s # since the modules above will each just jump around 430s auth required pam_permit.so 430s # and here are more per-package modules (the "Additional" block) 430s auth optional pam_cap.so 430s # end of pam-auth-update config 430s + cat /etc/pam.d/common-auth 430s + echo -n -e 123456 430s + runuser -u ubuntu -- pamtester -v login ubuntu authenticate 430s pamtester: invoking pam_start(login, ubuntu, ...) 430s pamtester: performing operation - authenticate 430s PIN for Test Organization Sub Int Token: pamtester: successfully authenticated 430s + echo -n -e 123456 430s + runuser -u ubuntu -- pamtester -v login '' authenticate 430s pamtester: invoking pam_start(login, , ...) 430s pamtester: performing operation - authenticate 430s PIN for Test Organization Sub Int Token: pamtester: successfully authenticated 430s + echo -n -e wrong123456 430s + runuser -u ubuntu -- pamtester -v login ubuntu authenticate 430s pamtester: invoking pam_start(login, ubuntu, ...) 430s pamtester: performing operation - authenticate 433s PIN for Test Organization Sub Int Token: Password: pamtester: Authentication failure 433s + echo -n -e wrong123456 433s + runuser -u ubuntu -- pamtester -v login '' authenticate 433s pamtester: invoking pam_start(login, , ...) 433s pamtester: performing operation - authenticate 436s PIN for Test Organization Sub Int Token: Password: pamtester: Authentication failure 436s + echo -n -e 123456 436s + pamtester -v login root authenticate 436s pamtester: invoking pam_start(login, root, ...) 436s pamtester: performing operation - authenticate 439s Password: pamtester: Authentication failure 439s + for alternative in "${alternative_pam_configs[@]}" 439s + pam-auth-update --enable sss-smart-card-required 439s + cat /etc/pam.d/common-auth 439s + echo -n -e 123456 439s PAM configuration 439s ----------------- 439s 439s Incompatible PAM profiles selected. 439s 439s The following PAM profiles cannot be used together: 439s 439s SSS required smart card authentication, SSS optional smart card 439s authentication 439s 439s Please select a different set of modules to enable. 439s 439s # 439s # /etc/pam.d/common-auth - authentication settings common to all services 439s # 439s # This file is included from other service-specific PAM config files, 439s # and should contain a list of the authentication modules that define 439s # the central authentication scheme for use on the system 439s # (e.g., /etc/shadow, LDAP, Kerberos, etc.). The default is to use the 439s # traditional Unix authentication mechanisms. 439s # 439s # As of pam 1.0.1-6, this file is managed by pam-auth-update by default. 439s # To take advantage of this, it is recommended that you configure any 439s # local modules either before or after the default block, and use 439s # pam-auth-update to manage selection of other modules. See 439s # pam-auth-update(8) for details. 439s 439s # here are the per-package modules (the "Primary" block) 439s auth [success=3 ignore=ignore default=die] pam_sss.so allow_missing_name require_cert_auth 439s auth [success=2 default=ignore] pam_unix.so nullok try_first_pass 439s auth [success=1 default=ignore] pam_sss.so use_first_pass 439s # here's the fallback if no module succeeds 439s auth requisite pam_deny.so 439s # prime the stack with a positive return value if there isn't one already; 439s # this avoids us returning an error just because nothing sets a success code 439s # since the modules above will each just jump around 439s auth required pam_permit.so 439s # and here are more per-package modules (the "Additional" block) 439s auth optional pam_cap.so 439s # end of pam-auth-update config 439s + runuser -u ubuntu -- pamtester -v login ubuntu authenticate 439s pamtester: invoking pam_start(login, ubuntu, ...) 439s pamtester: performing operation - authenticate 439s PIN for Test Organization Sub Int Token: pamtester: successfully authenticated 439s + echo -n -e 123456 439s + runuser -u ubuntu -- pamtester -v login '' authenticate 439s pamtester: invoking pam_start(login, , ...) 439s pamtester: performing operation - authenticate 439s PIN for Test Organization Sub Int Token: + echo -n -e wrong123456 439s + runuser -u ubuntu -- pamtester -v login ubuntu authenticate 439s pamtester: successfully authenticated 439s pamtester: invoking pam_start(login, ubuntu, ...) 439s pamtester: performing operation - authenticate 442s PIN for Test Organization Sub Int Token: pamtester: Authentication failure 442s + echo -n -e wrong123456 442s + runuser -u ubuntu -- pamtester -v login '' authenticate 442s pamtester: invoking pam_start(login, , ...) 442s pamtester: performing operation - authenticate 444s PIN for Test Organization Sub Int Token: pamtester: Authentication failure 445s + echo -n -e 123456 445s + pamtester -v login root authenticate 445s pamtester: invoking pam_start(login, root, ...) 445s pamtester: performing operation - authenticate 447s pamtester: Authentication service cannot retrieve authentication info 447s + handle_exit 447s + exit_code=0 447s + restore_changes 447s + for path in "${restore_paths[@]}" 447s + local original_path 447s ++ realpath --strip --relative-base=/tmp/sssd-softhsm2-backups-mRM2nq /tmp/sssd-softhsm2-backups-mRM2nq//etc/softhsm/softhsm2.conf 447s + original_path=/etc/softhsm/softhsm2.conf 447s + rm /etc/softhsm/softhsm2.conf 447s + mv /tmp/sssd-softhsm2-backups-mRM2nq//etc/softhsm/softhsm2.conf /etc/softhsm/softhsm2.conf 447s + for path in "${delete_paths[@]}" 447s + rm -f /etc/sssd/sssd.conf 447s + for path in "${delete_paths[@]}" 447s + rm -f /home/ubuntu/.config/softhsm2/softhsm2.conf 447s + pam-auth-update --disable sss-smart-card-optional sss-smart-card-required 447s + '[' -e /etc/sssd/sssd.conf ']' 447s + systemctl stop sssd 448s + '[' -e /etc/softhsm/softhsm2.conf ']' 448s + chmod 600 /etc/softhsm/softhsm2.conf 448s + rm -rf /tmp/sssd-softhsm2-certs-CVA6Pg 448s + '[' 0 = 0 ']' 448s + rm -rf /tmp/sssd-softhsm2-backups-mRM2nq 448s + set +x 448s Script completed successfully! 448s autopkgtest [03:54:27]: test sssd-smart-card-pam-auth-configs: -----------------------] 449s sssd-smart-card-pam-auth-configs PASS 449s autopkgtest [03:54:28]: test sssd-smart-card-pam-auth-configs: - - - - - - - - - - results - - - - - - - - - - 449s autopkgtest [03:54:28]: @@@@@@@@@@@@@@@@@@@@ summary 449s ldap-user-group-ldap-auth PASS 449s ldap-user-group-krb5-auth PASS 449s sssd-softhism2-certificates-tests.sh PASS 449s sssd-smart-card-pam-auth-configs PASS 463s Creating nova instance adt-noble-s390x-sssd-20240321-034659-juju-7f2275-prod-proposed-migration-environment-2 from image adt/ubuntu-noble-s390x-server-20240320.img (UUID 6569a0ff-4984-4a4c-a4d0-b93f21cb5de9)... 463s Creating nova instance adt-noble-s390x-sssd-20240321-034659-juju-7f2275-prod-proposed-migration-environment-2 from image adt/ubuntu-noble-s390x-server-20240320.img (UUID 6569a0ff-4984-4a4c-a4d0-b93f21cb5de9)...