0s autopkgtest [04:21:36]: starting date and time: 2024-03-21 04:21:36+0000 0s autopkgtest [04:21:36]: git checkout: 4a1cd702 l/adt_testbed: don't blame the testbed for unsolvable build deps 0s autopkgtest [04:21:36]: host juju-7f2275-prod-proposed-migration-environment-2; command line: /home/ubuntu/autopkgtest/runner/autopkgtest --output-dir /tmp/autopkgtest-work.tuaxubni/out --timeout-copy=6000 --setup-commands /home/ubuntu/autopkgtest-cloud/worker-config-production/setup-canonical.sh --setup-commands /home/ubuntu/autopkgtest/setup-commands/setup-testbed --apt-pocket=proposed=src:sudo,src:openssl --apt-upgrade sssd --timeout-short=300 --timeout-copy=20000 --timeout-build=20000 '--env=ADT_TEST_TRIGGERS=sudo/1.9.15p5-3ubuntu3 openssl/3.0.13-0ubuntu2' -- ssh -s /home/ubuntu/autopkgtest/ssh-setup/nova -- --flavor autopkgtest --security-groups autopkgtest-juju-7f2275-prod-proposed-migration-environment-2@bos02-s390x-7.secgroup --name adt-noble-s390x-sssd-20240321-042136-juju-7f2275-prod-proposed-migration-environment-2 --image adt/ubuntu-noble-s390x-server --keyname testbed-juju-7f2275-prod-proposed-migration-environment-2 --net-id=net_prod-proposed-migration -e TERM=linux -e ''"'"'http_proxy=http://squid.internal:3128'"'"'' -e ''"'"'https_proxy=http://squid.internal:3128'"'"'' -e ''"'"'no_proxy=127.0.0.1,127.0.1.1,login.ubuntu.com,localhost,localdomain,novalocal,internal,archive.ubuntu.com,ports.ubuntu.com,security.ubuntu.com,ddebs.ubuntu.com,changelogs.ubuntu.com,launchpadlibrarian.net,launchpadcontent.net,launchpad.net,10.24.0.0/24,keystone.ps5.canonical.com,objectstorage.prodstack5.canonical.com'"'"'' --mirror=http://ftpmaster.internal/ubuntu/ 172s autopkgtest [04:24:23]: testbed dpkg architecture: s390x 172s Get:1 http://ftpmaster.internal/ubuntu noble-proposed InRelease [117 kB] 172s autopkgtest [04:24:23]: testbed apt version: 2.7.12 172s autopkgtest [04:24:23]: @@@@@@@@@@@@@@@@@@@@ test bed setup 172s Get:2 http://ftpmaster.internal/ubuntu noble-proposed/universe Sources [3807 kB] 175s Get:3 http://ftpmaster.internal/ubuntu noble-proposed/main Sources [494 kB] 175s Get:4 http://ftpmaster.internal/ubuntu noble-proposed/restricted Sources [6540 B] 175s Get:5 http://ftpmaster.internal/ubuntu noble-proposed/multiverse Sources [53.9 kB] 175s Get:6 http://ftpmaster.internal/ubuntu noble-proposed/main s390x Packages [667 kB] 175s Get:7 http://ftpmaster.internal/ubuntu noble-proposed/main s390x c-n-f Metadata [3032 B] 175s Get:8 http://ftpmaster.internal/ubuntu noble-proposed/restricted s390x Packages [1372 B] 175s Get:9 http://ftpmaster.internal/ubuntu noble-proposed/restricted s390x c-n-f Metadata [116 B] 175s Get:10 http://ftpmaster.internal/ubuntu noble-proposed/universe s390x Packages [3978 kB] 177s Get:11 http://ftpmaster.internal/ubuntu noble-proposed/universe s390x c-n-f Metadata [7292 B] 177s Get:12 http://ftpmaster.internal/ubuntu noble-proposed/multiverse s390x Packages [45.1 kB] 177s Get:13 http://ftpmaster.internal/ubuntu noble-proposed/multiverse s390x c-n-f Metadata [116 B] 184s Fetched 9181 kB in 9s (983 kB/s) 184s Reading package lists... 187s Reading package lists... 187s Building dependency tree... 187s Reading state information... 187s Calculating upgrade... 187s The following packages will be REMOVED: 187s libssl3 187s The following NEW packages will be installed: 187s libssl3t64 187s The following packages will be upgraded: 187s openssl sudo 187s 2 upgraded, 1 newly installed, 1 to remove and 0 not upgraded. 187s Need to get 3653 kB of archives. 187s After this operation, 243 kB of additional disk space will be used. 187s Get:1 http://ftpmaster.internal/ubuntu noble-proposed/main s390x sudo s390x 1.9.15p5-3ubuntu3 [968 kB] 188s Get:2 http://ftpmaster.internal/ubuntu noble-proposed/main s390x openssl s390x 3.0.13-0ubuntu2 [1010 kB] 188s Get:3 http://ftpmaster.internal/ubuntu noble-proposed/main s390x libssl3t64 s390x 3.0.13-0ubuntu2 [1675 kB] 188s Fetched 3653 kB in 1s (3651 kB/s) 189s (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 52171 files and directories currently installed.) 189s Preparing to unpack .../sudo_1.9.15p5-3ubuntu3_s390x.deb ... 189s Unpacking sudo (1.9.15p5-3ubuntu3) over (1.9.15p5-3ubuntu1) ... 189s Preparing to unpack .../openssl_3.0.13-0ubuntu2_s390x.deb ... 189s Unpacking openssl (3.0.13-0ubuntu2) over (3.0.10-1ubuntu4) ... 189s dpkg: libssl3:s390x: dependency problems, but removing anyway as you requested: 189s wget depends on libssl3 (>= 3.0.0). 189s tnftp depends on libssl3 (>= 3.0.0). 189s tcpdump depends on libssl3 (>= 3.0.0). 189s systemd-resolved depends on libssl3 (>= 3.0.0). 189s systemd depends on libssl3 (>= 3.0.0). 189s s390-tools depends on libssl3 (>= 3.0.0). 189s rsync depends on libssl3 (>= 3.0.0). 189s python3-cryptography depends on libssl3 (>= 3.0.0). 189s openssh-server depends on libssl3 (>= 3.0.10). 189s openssh-client depends on libssl3 (>= 3.0.10). 189s linux-headers-6.8.0-11-generic depends on libssl3 (>= 3.0.0). 189s libsystemd-shared:s390x depends on libssl3 (>= 3.0.0). 189s libssh-4:s390x depends on libssl3 (>= 3.0.0). 189s libsasl2-modules:s390x depends on libssl3 (>= 3.0.0). 189s libsasl2-2:s390x depends on libssl3 (>= 3.0.0). 189s libpython3.12-minimal:s390x depends on libssl3 (>= 3.0.0). 189s libpython3.11-minimal:s390x depends on libssl3 (>= 3.0.0). 189s libnvme1 depends on libssl3 (>= 3.0.0). 189s libkrb5-3:s390x depends on libssl3 (>= 3.0.0). 189s libkmod2:s390x depends on libssl3 (>= 3.0.0). 189s libfido2-1:s390x depends on libssl3 (>= 3.0.0). 189s libcurl4:s390x depends on libssl3 (>= 3.0.0). 189s libcryptsetup12:s390x depends on libssl3 (>= 3.0.0). 189s kmod depends on libssl3 (>= 3.0.0). 189s dhcpcd-base depends on libssl3 (>= 3.0.0). 189s bind9-libs:s390x depends on libssl3 (>= 3.0.0). 189s 189s (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 52171 files and directories currently installed.) 189s Removing libssl3:s390x (3.0.10-1ubuntu4) ... 189s Selecting previously unselected package libssl3t64:s390x. 189s (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 52160 files and directories currently installed.) 189s Preparing to unpack .../libssl3t64_3.0.13-0ubuntu2_s390x.deb ... 189s Unpacking libssl3t64:s390x (3.0.13-0ubuntu2) ... 189s Setting up libssl3t64:s390x (3.0.13-0ubuntu2) ... 189s Setting up sudo (1.9.15p5-3ubuntu3) ... 189s Setting up openssl (3.0.13-0ubuntu2) ... 189s Processing triggers for man-db (2.12.0-3) ... 190s Processing triggers for libc-bin (2.39-0ubuntu2) ... 190s Reading package lists... 190s Building dependency tree... 190s Reading state information... 193s 0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded. 193s Unknown architecture, assuming PC-style ttyS0 193s sh: Attempting to set up Debian/Ubuntu apt sources automatically 193s sh: Distribution appears to be Ubuntu 193s Reading package lists... 193s Building dependency tree... 193s Reading state information... 193s eatmydata is already the newest version (131-1). 193s 0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded. 193s Reading package lists... 193s Building dependency tree... 193s Reading state information... 193s dbus is already the newest version (1.14.10-4ubuntu1). 193s 0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded. 193s Reading package lists... 193s Building dependency tree... 193s Reading state information... 194s rng-tools-debian is already the newest version (2.4). 194s 0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded. 194s Reading package lists... 194s Building dependency tree... 194s Reading state information... 194s The following packages will be REMOVED: 194s cloud-init* python3-configobj* python3-debconf* 194s 0 upgraded, 0 newly installed, 3 to remove and 0 not upgraded. 194s After this operation, 3252 kB disk space will be freed. 194s (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 52173 files and directories currently installed.) 194s Removing cloud-init (24.1.1-0ubuntu1) ... 195s Removing python3-configobj (5.0.8-3) ... 195s Removing python3-debconf (1.5.86) ... 195s Processing triggers for man-db (2.12.0-3) ... 195s (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 51784 files and directories currently installed.) 195s Purging configuration files for cloud-init (24.1.1-0ubuntu1) ... 202s dpkg: warning: while removing cloud-init, directory '/etc/cloud/cloud.cfg.d' not empty so not removed 202s Hit:1 http://ftpmaster.internal/ubuntu noble InRelease 202s Processing triggers for rsyslog (8.2312.0-3ubuntu3) ... 202s invoke-rc.d: policy-rc.d denied execution of try-restart. 202s Reading package lists... 202s Building dependency tree... 202s Reading state information... 202s linux-generic is already the newest version (6.8.0-11.11+1). 202s 0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded. 202s Reading package lists... 202s Building dependency tree... 202s Reading state information... 202s Calculating upgrade... 202s 0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded. 202s Reading package lists... 202s Building dependency tree... 202s Reading state information... 202s 0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded. 202s Hit:2 http://ftpmaster.internal/ubuntu noble-updates InRelease 202s Hit:3 http://ftpmaster.internal/ubuntu noble-security InRelease 202s Reading package lists... 202s autopkgtest [04:24:57]: rebooting testbed after setup commands that affected boot 217s autopkgtest [04:25:13]: testbed running kernel: Linux 6.8.0-11-generic #11-Ubuntu SMP Tue Feb 13 23:45:46 UTC 2024 221s autopkgtest [04:25:17]: @@@@@@@@@@@@@@@@@@@@ apt-source sssd 237s Get:1 http://ftpmaster.internal/ubuntu noble/main sssd 2.9.4-1ubuntu1 (dsc) [5269 B] 237s Get:2 http://ftpmaster.internal/ubuntu noble/main sssd 2.9.4-1ubuntu1 (tar) [7983 kB] 237s Get:3 http://ftpmaster.internal/ubuntu noble/main sssd 2.9.4-1ubuntu1 (asc) [833 B] 237s Get:4 http://ftpmaster.internal/ubuntu noble/main sssd 2.9.4-1ubuntu1 (diff) [48.4 kB] 237s gpgv: Signature made Mon Feb 26 21:56:54 2024 UTC 237s gpgv: using RSA key E92FD0B36B14F1F4D8E0EB2F106DA1C8C3CBBF14 237s gpgv: Can't check signature: No public key 237s dpkg-source: warning: cannot verify inline signature for ./sssd_2.9.4-1ubuntu1.dsc: no acceptable signature found 238s autopkgtest [04:25:34]: testing package sssd version 2.9.4-1ubuntu1 239s autopkgtest [04:25:35]: build not needed 268s autopkgtest [04:26:04]: test ldap-user-group-ldap-auth: preparing testbed 282s Reading package lists... 282s Building dependency tree... 282s Reading state information... 282s Starting pkgProblemResolver with broken count: 0 282s Starting 2 pkgProblemResolver with broken count: 0 282s Done 283s The following additional packages will be installed: 283s expect ldap-utils libavahi-client3 libavahi-common-data libavahi-common3 283s libbasicobjects0 libc-ares2 libcollection4 libcrack2 libdhash1 283s libevent-2.1-7 libini-config5 libipa-hbac-dev libipa-hbac0 libjose0 libkrad0 283s libldb2 libltdl7 libnfsidmap1 libnss-sss libnss-sudo libodbc2 283s libpam-pwquality libpam-sss libpath-utils1 libpwquality-common libpwquality1 283s libref-array1 libsmbclient libsss-certmap-dev libsss-certmap0 283s libsss-idmap-dev libsss-idmap0 libsss-nss-idmap-dev libsss-nss-idmap0 283s libsss-sudo libtalloc2 libtcl8.6 libtdb1 libtevent0 libverto-libevent1 283s libverto1 libwbclient0 python3-libipa-hbac python3-libsss-nss-idmap 283s python3-sss samba-libs slapd sssd sssd-ad sssd-ad-common sssd-common 283s sssd-dbus sssd-idp sssd-ipa sssd-kcm sssd-krb5 sssd-krb5-common sssd-ldap 283s sssd-passkey sssd-proxy sssd-tools tcl-expect tcl8.6 283s Suggested packages: 283s tk8.6 libsasl2-modules-gssapi-mit | libsasl2-modules-gssapi-heimdal 283s odbc-postgresql tdsodbc adcli libsasl2-modules-ldap tcl-tclreadline 283s Recommended packages: 283s cracklib-runtime libsasl2-modules-gssapi-mit 283s | libsasl2-modules-gssapi-heimdal 283s The following NEW packages will be installed: 283s autopkgtest-satdep expect ldap-utils libavahi-client3 libavahi-common-data 283s libavahi-common3 libbasicobjects0 libc-ares2 libcollection4 libcrack2 283s libdhash1 libevent-2.1-7 libini-config5 libipa-hbac-dev libipa-hbac0 283s libjose0 libkrad0 libldb2 libltdl7 libnfsidmap1 libnss-sss libnss-sudo 283s libodbc2 libpam-pwquality libpam-sss libpath-utils1 libpwquality-common 283s libpwquality1 libref-array1 libsmbclient libsss-certmap-dev libsss-certmap0 283s libsss-idmap-dev libsss-idmap0 libsss-nss-idmap-dev libsss-nss-idmap0 283s libsss-sudo libtalloc2 libtcl8.6 libtdb1 libtevent0 libverto-libevent1 283s libverto1 libwbclient0 python3-libipa-hbac python3-libsss-nss-idmap 283s python3-sss samba-libs slapd sssd sssd-ad sssd-ad-common sssd-common 283s sssd-dbus sssd-idp sssd-ipa sssd-kcm sssd-krb5 sssd-krb5-common sssd-ldap 283s sssd-passkey sssd-proxy sssd-tools tcl-expect tcl8.6 283s 0 upgraded, 65 newly installed, 0 to remove and 0 not upgraded. 283s Need to get 12.9 MB/12.9 MB of archives. 283s After this operation, 50.0 MB of additional disk space will be used. 283s Get:1 /tmp/autopkgtest.7Qr1lf/1-autopkgtest-satdep.deb autopkgtest-satdep s390x 0 [864 B] 283s Get:2 http://ftpmaster.internal/ubuntu noble/main s390x libltdl7 s390x 2.4.7-7 [41.6 kB] 283s Get:3 http://ftpmaster.internal/ubuntu noble/main s390x libodbc2 s390x 2.3.12-1 [164 kB] 283s Get:4 http://ftpmaster.internal/ubuntu noble/main s390x slapd s390x 2.6.7+dfsg-1~exp1ubuntu1 [1617 kB] 283s Get:5 http://ftpmaster.internal/ubuntu noble/main s390x libtcl8.6 s390x 8.6.13+dfsg-2 [948 kB] 283s Get:6 http://ftpmaster.internal/ubuntu noble/main s390x tcl8.6 s390x 8.6.13+dfsg-2 [14.7 kB] 284s Get:7 http://ftpmaster.internal/ubuntu noble/universe s390x tcl-expect s390x 5.45.4-2build1 [99.7 kB] 284s Get:8 http://ftpmaster.internal/ubuntu noble/universe s390x expect s390x 5.45.4-2build1 [137 kB] 284s Get:9 http://ftpmaster.internal/ubuntu noble/main s390x ldap-utils s390x 2.6.7+dfsg-1~exp1ubuntu1 [165 kB] 284s Get:10 http://ftpmaster.internal/ubuntu noble/main s390x libavahi-common-data s390x 0.8-13ubuntu2 [29.5 kB] 284s Get:11 http://ftpmaster.internal/ubuntu noble/main s390x libavahi-common3 s390x 0.8-13ubuntu2 [23.8 kB] 284s Get:12 http://ftpmaster.internal/ubuntu noble/main s390x libavahi-client3 s390x 0.8-13ubuntu2 [26.7 kB] 284s Get:13 http://ftpmaster.internal/ubuntu noble/main s390x libcrack2 s390x 2.9.6-5.1 [29.6 kB] 284s Get:14 http://ftpmaster.internal/ubuntu noble/main s390x libevent-2.1-7 s390x 2.1.12-stable-9 [144 kB] 284s Get:15 http://ftpmaster.internal/ubuntu noble/universe s390x libjose0 s390x 11-3 [45.2 kB] 284s Get:16 http://ftpmaster.internal/ubuntu noble/main s390x libverto-libevent1 s390x 0.3.1-1ubuntu5 [5810 B] 284s Get:17 http://ftpmaster.internal/ubuntu noble/main s390x libverto1 s390x 0.3.1-1ubuntu5 [10.6 kB] 284s Get:18 http://ftpmaster.internal/ubuntu noble/main s390x libkrad0 s390x 1.20.1-5build1 [22.0 kB] 284s Get:19 http://ftpmaster.internal/ubuntu noble/main s390x libtalloc2 s390x 2.4.2-1 [28.3 kB] 284s Get:20 http://ftpmaster.internal/ubuntu noble/main s390x libtdb1 s390x 1.4.10-1 [49.9 kB] 284s Get:21 http://ftpmaster.internal/ubuntu noble/main s390x libtevent0 s390x 0.16.1-1 [43.1 kB] 284s Get:22 http://ftpmaster.internal/ubuntu noble/main s390x libldb2 s390x 2:2.8.0+samba4.19.5+dfsg-1ubuntu1 [191 kB] 284s Get:23 http://ftpmaster.internal/ubuntu noble/main s390x libnfsidmap1 s390x 1:2.6.3-3ubuntu1 [49.0 kB] 284s Get:24 http://ftpmaster.internal/ubuntu noble/universe s390x libnss-sudo all 1.9.15p5-3ubuntu1 [14.9 kB] 284s Get:25 http://ftpmaster.internal/ubuntu noble/main s390x libpwquality-common all 1.4.5-3 [7658 B] 284s Get:26 http://ftpmaster.internal/ubuntu noble/main s390x libpwquality1 s390x 1.4.5-3 [14.7 kB] 284s Get:27 http://ftpmaster.internal/ubuntu noble/main s390x libpam-pwquality s390x 1.4.5-3 [11.6 kB] 284s Get:28 http://ftpmaster.internal/ubuntu noble/main s390x libwbclient0 s390x 2:4.19.5+dfsg-1ubuntu1 [70.3 kB] 284s Get:29 http://ftpmaster.internal/ubuntu noble/main s390x samba-libs s390x 2:4.19.5+dfsg-1ubuntu1 [6231 kB] 284s Get:30 http://ftpmaster.internal/ubuntu noble/main s390x libnss-sss s390x 2.9.4-1ubuntu1 [32.6 kB] 284s Get:31 http://ftpmaster.internal/ubuntu noble/main s390x libpam-sss s390x 2.9.4-1ubuntu1 [51.9 kB] 284s Get:32 http://ftpmaster.internal/ubuntu noble/main s390x python3-sss s390x 2.9.4-1ubuntu1 [46.6 kB] 284s Get:33 http://ftpmaster.internal/ubuntu noble/main s390x libc-ares2 s390x 1.27.0-1 [79.2 kB] 284s Get:34 http://ftpmaster.internal/ubuntu noble/main s390x libdhash1 s390x 0.6.2-2 [8648 B] 284s Get:35 http://ftpmaster.internal/ubuntu noble/main s390x libbasicobjects0 s390x 0.6.2-2 [5476 B] 284s Get:36 http://ftpmaster.internal/ubuntu noble/main s390x libcollection4 s390x 0.6.2-2 [23.2 kB] 284s Get:37 http://ftpmaster.internal/ubuntu noble/main s390x libpath-utils1 s390x 0.6.2-2 [8994 B] 284s Get:38 http://ftpmaster.internal/ubuntu noble/main s390x libref-array1 s390x 0.6.2-2 [6880 B] 284s Get:39 http://ftpmaster.internal/ubuntu noble/main s390x libini-config5 s390x 0.6.2-2 [45.3 kB] 284s Get:40 http://ftpmaster.internal/ubuntu noble/main s390x libsss-certmap0 s390x 2.9.4-1ubuntu1 [46.7 kB] 284s Get:41 http://ftpmaster.internal/ubuntu noble/main s390x libsss-idmap0 s390x 2.9.4-1ubuntu1 [22.1 kB] 284s Get:42 http://ftpmaster.internal/ubuntu noble/main s390x libsss-nss-idmap0 s390x 2.9.4-1ubuntu1 [31.4 kB] 284s Get:43 http://ftpmaster.internal/ubuntu noble/main s390x sssd-common s390x 2.9.4-1ubuntu1 [1125 kB] 285s Get:44 http://ftpmaster.internal/ubuntu noble/universe s390x sssd-idp s390x 2.9.4-1ubuntu1 [27.3 kB] 285s Get:45 http://ftpmaster.internal/ubuntu noble/universe s390x sssd-passkey s390x 2.9.4-1ubuntu1 [32.3 kB] 285s Get:46 http://ftpmaster.internal/ubuntu noble/main s390x sssd-ad-common s390x 2.9.4-1ubuntu1 [74.8 kB] 285s Get:47 http://ftpmaster.internal/ubuntu noble/main s390x sssd-krb5-common s390x 2.9.4-1ubuntu1 [90.3 kB] 285s Get:48 http://ftpmaster.internal/ubuntu noble/main s390x libsmbclient s390x 2:4.19.5+dfsg-1ubuntu1 [65.1 kB] 285s Get:49 http://ftpmaster.internal/ubuntu noble/main s390x sssd-ad s390x 2.9.4-1ubuntu1 [133 kB] 285s Get:50 http://ftpmaster.internal/ubuntu noble/main s390x libipa-hbac0 s390x 2.9.4-1ubuntu1 [16.8 kB] 285s Get:51 http://ftpmaster.internal/ubuntu noble/main s390x sssd-ipa s390x 2.9.4-1ubuntu1 [215 kB] 285s Get:52 http://ftpmaster.internal/ubuntu noble/main s390x sssd-krb5 s390x 2.9.4-1ubuntu1 [14.4 kB] 285s Get:53 http://ftpmaster.internal/ubuntu noble/main s390x sssd-ldap s390x 2.9.4-1ubuntu1 [31.0 kB] 285s Get:54 http://ftpmaster.internal/ubuntu noble/main s390x sssd-proxy s390x 2.9.4-1ubuntu1 [43.9 kB] 285s Get:55 http://ftpmaster.internal/ubuntu noble/main s390x sssd s390x 2.9.4-1ubuntu1 [4120 B] 285s Get:56 http://ftpmaster.internal/ubuntu noble/main s390x sssd-dbus s390x 2.9.4-1ubuntu1 [101 kB] 285s Get:57 http://ftpmaster.internal/ubuntu noble/universe s390x sssd-kcm s390x 2.9.4-1ubuntu1 [137 kB] 285s Get:58 http://ftpmaster.internal/ubuntu noble/main s390x sssd-tools s390x 2.9.4-1ubuntu1 [97.6 kB] 285s Get:59 http://ftpmaster.internal/ubuntu noble/main s390x libipa-hbac-dev s390x 2.9.4-1ubuntu1 [6660 B] 285s Get:60 http://ftpmaster.internal/ubuntu noble/main s390x libsss-certmap-dev s390x 2.9.4-1ubuntu1 [5734 B] 285s Get:61 http://ftpmaster.internal/ubuntu noble/main s390x libsss-idmap-dev s390x 2.9.4-1ubuntu1 [8376 B] 285s Get:62 http://ftpmaster.internal/ubuntu noble/main s390x libsss-nss-idmap-dev s390x 2.9.4-1ubuntu1 [6708 B] 285s Get:63 http://ftpmaster.internal/ubuntu noble/universe s390x libsss-sudo s390x 2.9.4-1ubuntu1 [21.3 kB] 285s Get:64 http://ftpmaster.internal/ubuntu noble/universe s390x python3-libipa-hbac s390x 2.9.4-1ubuntu1 [16.9 kB] 285s Get:65 http://ftpmaster.internal/ubuntu noble/universe s390x python3-libsss-nss-idmap s390x 2.9.4-1ubuntu1 [9140 B] 285s Preconfiguring packages ... 285s Fetched 12.9 MB in 2s (5839 kB/s) 285s Selecting previously unselected package libltdl7:s390x. 285s (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 51729 files and directories currently installed.) 285s Preparing to unpack .../00-libltdl7_2.4.7-7_s390x.deb ... 285s Unpacking libltdl7:s390x (2.4.7-7) ... 285s Selecting previously unselected package libodbc2:s390x. 285s Preparing to unpack .../01-libodbc2_2.3.12-1_s390x.deb ... 285s Unpacking libodbc2:s390x (2.3.12-1) ... 285s Selecting previously unselected package slapd. 285s Preparing to unpack .../02-slapd_2.6.7+dfsg-1~exp1ubuntu1_s390x.deb ... 286s Unpacking slapd (2.6.7+dfsg-1~exp1ubuntu1) ... 286s Selecting previously unselected package libtcl8.6:s390x. 286s Preparing to unpack .../03-libtcl8.6_8.6.13+dfsg-2_s390x.deb ... 286s Unpacking libtcl8.6:s390x (8.6.13+dfsg-2) ... 286s Selecting previously unselected package tcl8.6. 286s Preparing to unpack .../04-tcl8.6_8.6.13+dfsg-2_s390x.deb ... 286s Unpacking tcl8.6 (8.6.13+dfsg-2) ... 286s Selecting previously unselected package tcl-expect:s390x. 286s Preparing to unpack .../05-tcl-expect_5.45.4-2build1_s390x.deb ... 286s Unpacking tcl-expect:s390x (5.45.4-2build1) ... 286s Selecting previously unselected package expect. 286s Preparing to unpack .../06-expect_5.45.4-2build1_s390x.deb ... 286s Unpacking expect (5.45.4-2build1) ... 286s Selecting previously unselected package ldap-utils. 286s Preparing to unpack .../07-ldap-utils_2.6.7+dfsg-1~exp1ubuntu1_s390x.deb ... 286s Unpacking ldap-utils (2.6.7+dfsg-1~exp1ubuntu1) ... 286s Selecting previously unselected package libavahi-common-data:s390x. 286s Preparing to unpack .../08-libavahi-common-data_0.8-13ubuntu2_s390x.deb ... 286s Unpacking libavahi-common-data:s390x (0.8-13ubuntu2) ... 286s Selecting previously unselected package libavahi-common3:s390x. 286s Preparing to unpack .../09-libavahi-common3_0.8-13ubuntu2_s390x.deb ... 286s Unpacking libavahi-common3:s390x (0.8-13ubuntu2) ... 286s Selecting previously unselected package libavahi-client3:s390x. 286s Preparing to unpack .../10-libavahi-client3_0.8-13ubuntu2_s390x.deb ... 286s Unpacking libavahi-client3:s390x (0.8-13ubuntu2) ... 286s Selecting previously unselected package libcrack2:s390x. 286s Preparing to unpack .../11-libcrack2_2.9.6-5.1_s390x.deb ... 286s Unpacking libcrack2:s390x (2.9.6-5.1) ... 286s Selecting previously unselected package libevent-2.1-7:s390x. 286s Preparing to unpack .../12-libevent-2.1-7_2.1.12-stable-9_s390x.deb ... 286s Unpacking libevent-2.1-7:s390x (2.1.12-stable-9) ... 286s Selecting previously unselected package libjose0:s390x. 286s Preparing to unpack .../13-libjose0_11-3_s390x.deb ... 286s Unpacking libjose0:s390x (11-3) ... 286s Selecting previously unselected package libverto-libevent1:s390x. 286s Preparing to unpack .../14-libverto-libevent1_0.3.1-1ubuntu5_s390x.deb ... 286s Unpacking libverto-libevent1:s390x (0.3.1-1ubuntu5) ... 286s Selecting previously unselected package libverto1:s390x. 286s Preparing to unpack .../15-libverto1_0.3.1-1ubuntu5_s390x.deb ... 286s Unpacking libverto1:s390x (0.3.1-1ubuntu5) ... 286s Selecting previously unselected package libkrad0:s390x. 286s Preparing to unpack .../16-libkrad0_1.20.1-5build1_s390x.deb ... 286s Unpacking libkrad0:s390x (1.20.1-5build1) ... 286s Selecting previously unselected package libtalloc2:s390x. 286s Preparing to unpack .../17-libtalloc2_2.4.2-1_s390x.deb ... 286s Unpacking libtalloc2:s390x (2.4.2-1) ... 286s Selecting previously unselected package libtdb1:s390x. 286s Preparing to unpack .../18-libtdb1_1.4.10-1_s390x.deb ... 286s Unpacking libtdb1:s390x (1.4.10-1) ... 286s Selecting previously unselected package libtevent0:s390x. 286s Preparing to unpack .../19-libtevent0_0.16.1-1_s390x.deb ... 286s Unpacking libtevent0:s390x (0.16.1-1) ... 286s Selecting previously unselected package libldb2:s390x. 286s Preparing to unpack .../20-libldb2_2%3a2.8.0+samba4.19.5+dfsg-1ubuntu1_s390x.deb ... 286s Unpacking libldb2:s390x (2:2.8.0+samba4.19.5+dfsg-1ubuntu1) ... 286s Selecting previously unselected package libnfsidmap1:s390x. 286s Preparing to unpack .../21-libnfsidmap1_1%3a2.6.3-3ubuntu1_s390x.deb ... 286s Unpacking libnfsidmap1:s390x (1:2.6.3-3ubuntu1) ... 286s Selecting previously unselected package libnss-sudo. 286s Preparing to unpack .../22-libnss-sudo_1.9.15p5-3ubuntu1_all.deb ... 286s Unpacking libnss-sudo (1.9.15p5-3ubuntu1) ... 286s Selecting previously unselected package libpwquality-common. 286s Preparing to unpack .../23-libpwquality-common_1.4.5-3_all.deb ... 286s Unpacking libpwquality-common (1.4.5-3) ... 286s Selecting previously unselected package libpwquality1:s390x. 286s Preparing to unpack .../24-libpwquality1_1.4.5-3_s390x.deb ... 286s Unpacking libpwquality1:s390x (1.4.5-3) ... 286s Selecting previously unselected package libpam-pwquality:s390x. 286s Preparing to unpack .../25-libpam-pwquality_1.4.5-3_s390x.deb ... 286s Unpacking libpam-pwquality:s390x (1.4.5-3) ... 286s Selecting previously unselected package libwbclient0:s390x. 286s Preparing to unpack .../26-libwbclient0_2%3a4.19.5+dfsg-1ubuntu1_s390x.deb ... 286s Unpacking libwbclient0:s390x (2:4.19.5+dfsg-1ubuntu1) ... 286s Selecting previously unselected package samba-libs:s390x. 286s Preparing to unpack .../27-samba-libs_2%3a4.19.5+dfsg-1ubuntu1_s390x.deb ... 286s Unpacking samba-libs:s390x (2:4.19.5+dfsg-1ubuntu1) ... 286s Selecting previously unselected package libnss-sss:s390x. 286s Preparing to unpack .../28-libnss-sss_2.9.4-1ubuntu1_s390x.deb ... 286s Unpacking libnss-sss:s390x (2.9.4-1ubuntu1) ... 286s Selecting previously unselected package libpam-sss:s390x. 286s Preparing to unpack .../29-libpam-sss_2.9.4-1ubuntu1_s390x.deb ... 286s Unpacking libpam-sss:s390x (2.9.4-1ubuntu1) ... 286s Selecting previously unselected package python3-sss. 286s Preparing to unpack .../30-python3-sss_2.9.4-1ubuntu1_s390x.deb ... 286s Unpacking python3-sss (2.9.4-1ubuntu1) ... 286s Selecting previously unselected package libc-ares2:s390x. 286s Preparing to unpack .../31-libc-ares2_1.27.0-1_s390x.deb ... 286s Unpacking libc-ares2:s390x (1.27.0-1) ... 286s Selecting previously unselected package libdhash1:s390x. 286s Preparing to unpack .../32-libdhash1_0.6.2-2_s390x.deb ... 286s Unpacking libdhash1:s390x (0.6.2-2) ... 286s Selecting previously unselected package libbasicobjects0:s390x. 286s Preparing to unpack .../33-libbasicobjects0_0.6.2-2_s390x.deb ... 286s Unpacking libbasicobjects0:s390x (0.6.2-2) ... 286s Selecting previously unselected package libcollection4:s390x. 286s Preparing to unpack .../34-libcollection4_0.6.2-2_s390x.deb ... 286s Unpacking libcollection4:s390x (0.6.2-2) ... 287s Selecting previously unselected package libpath-utils1:s390x. 287s Preparing to unpack .../35-libpath-utils1_0.6.2-2_s390x.deb ... 287s Unpacking libpath-utils1:s390x (0.6.2-2) ... 287s Selecting previously unselected package libref-array1:s390x. 287s Preparing to unpack .../36-libref-array1_0.6.2-2_s390x.deb ... 287s Unpacking libref-array1:s390x (0.6.2-2) ... 287s Selecting previously unselected package libini-config5:s390x. 287s Preparing to unpack .../37-libini-config5_0.6.2-2_s390x.deb ... 287s Unpacking libini-config5:s390x (0.6.2-2) ... 287s Selecting previously unselected package libsss-certmap0. 287s Preparing to unpack .../38-libsss-certmap0_2.9.4-1ubuntu1_s390x.deb ... 287s Unpacking libsss-certmap0 (2.9.4-1ubuntu1) ... 287s Selecting previously unselected package libsss-idmap0. 287s Preparing to unpack .../39-libsss-idmap0_2.9.4-1ubuntu1_s390x.deb ... 287s Unpacking libsss-idmap0 (2.9.4-1ubuntu1) ... 287s Selecting previously unselected package libsss-nss-idmap0. 287s Preparing to unpack .../40-libsss-nss-idmap0_2.9.4-1ubuntu1_s390x.deb ... 287s Unpacking libsss-nss-idmap0 (2.9.4-1ubuntu1) ... 287s Selecting previously unselected package sssd-common. 287s Preparing to unpack .../41-sssd-common_2.9.4-1ubuntu1_s390x.deb ... 287s Unpacking sssd-common (2.9.4-1ubuntu1) ... 287s Selecting previously unselected package sssd-idp. 287s Preparing to unpack .../42-sssd-idp_2.9.4-1ubuntu1_s390x.deb ... 287s Unpacking sssd-idp (2.9.4-1ubuntu1) ... 287s Selecting previously unselected package sssd-passkey. 287s Preparing to unpack .../43-sssd-passkey_2.9.4-1ubuntu1_s390x.deb ... 287s Unpacking sssd-passkey (2.9.4-1ubuntu1) ... 287s Selecting previously unselected package sssd-ad-common. 287s Preparing to unpack .../44-sssd-ad-common_2.9.4-1ubuntu1_s390x.deb ... 287s Unpacking sssd-ad-common (2.9.4-1ubuntu1) ... 287s Selecting previously unselected package sssd-krb5-common. 287s Preparing to unpack .../45-sssd-krb5-common_2.9.4-1ubuntu1_s390x.deb ... 287s Unpacking sssd-krb5-common (2.9.4-1ubuntu1) ... 287s Selecting previously unselected package libsmbclient:s390x. 287s Preparing to unpack .../46-libsmbclient_2%3a4.19.5+dfsg-1ubuntu1_s390x.deb ... 287s Unpacking libsmbclient:s390x (2:4.19.5+dfsg-1ubuntu1) ... 287s Selecting previously unselected package sssd-ad. 287s Preparing to unpack .../47-sssd-ad_2.9.4-1ubuntu1_s390x.deb ... 287s Unpacking sssd-ad (2.9.4-1ubuntu1) ... 287s Selecting previously unselected package libipa-hbac0. 287s Preparing to unpack .../48-libipa-hbac0_2.9.4-1ubuntu1_s390x.deb ... 287s Unpacking libipa-hbac0 (2.9.4-1ubuntu1) ... 287s Selecting previously unselected package sssd-ipa. 287s Preparing to unpack .../49-sssd-ipa_2.9.4-1ubuntu1_s390x.deb ... 287s Unpacking sssd-ipa (2.9.4-1ubuntu1) ... 287s Selecting previously unselected package sssd-krb5. 287s Preparing to unpack .../50-sssd-krb5_2.9.4-1ubuntu1_s390x.deb ... 287s Unpacking sssd-krb5 (2.9.4-1ubuntu1) ... 287s Selecting previously unselected package sssd-ldap. 287s Preparing to unpack .../51-sssd-ldap_2.9.4-1ubuntu1_s390x.deb ... 287s Unpacking sssd-ldap (2.9.4-1ubuntu1) ... 287s Selecting previously unselected package sssd-proxy. 287s Preparing to unpack .../52-sssd-proxy_2.9.4-1ubuntu1_s390x.deb ... 287s Unpacking sssd-proxy (2.9.4-1ubuntu1) ... 287s Selecting previously unselected package sssd. 287s Preparing to unpack .../53-sssd_2.9.4-1ubuntu1_s390x.deb ... 287s Unpacking sssd (2.9.4-1ubuntu1) ... 287s Selecting previously unselected package sssd-dbus. 287s Preparing to unpack .../54-sssd-dbus_2.9.4-1ubuntu1_s390x.deb ... 287s Unpacking sssd-dbus (2.9.4-1ubuntu1) ... 287s Selecting previously unselected package sssd-kcm. 287s Preparing to unpack .../55-sssd-kcm_2.9.4-1ubuntu1_s390x.deb ... 287s Unpacking sssd-kcm (2.9.4-1ubuntu1) ... 287s Selecting previously unselected package sssd-tools. 287s Preparing to unpack .../56-sssd-tools_2.9.4-1ubuntu1_s390x.deb ... 287s Unpacking sssd-tools (2.9.4-1ubuntu1) ... 287s Selecting previously unselected package libipa-hbac-dev. 287s Preparing to unpack .../57-libipa-hbac-dev_2.9.4-1ubuntu1_s390x.deb ... 287s Unpacking libipa-hbac-dev (2.9.4-1ubuntu1) ... 287s Selecting previously unselected package libsss-certmap-dev. 287s Preparing to unpack .../58-libsss-certmap-dev_2.9.4-1ubuntu1_s390x.deb ... 287s Unpacking libsss-certmap-dev (2.9.4-1ubuntu1) ... 287s Selecting previously unselected package libsss-idmap-dev. 287s Preparing to unpack .../59-libsss-idmap-dev_2.9.4-1ubuntu1_s390x.deb ... 287s Unpacking libsss-idmap-dev (2.9.4-1ubuntu1) ... 287s Selecting previously unselected package libsss-nss-idmap-dev. 287s Preparing to unpack .../60-libsss-nss-idmap-dev_2.9.4-1ubuntu1_s390x.deb ... 287s Unpacking libsss-nss-idmap-dev (2.9.4-1ubuntu1) ... 287s Selecting previously unselected package libsss-sudo. 287s Preparing to unpack .../61-libsss-sudo_2.9.4-1ubuntu1_s390x.deb ... 287s Unpacking libsss-sudo (2.9.4-1ubuntu1) ... 287s Selecting previously unselected package python3-libipa-hbac. 287s Preparing to unpack .../62-python3-libipa-hbac_2.9.4-1ubuntu1_s390x.deb ... 287s Unpacking python3-libipa-hbac (2.9.4-1ubuntu1) ... 287s Selecting previously unselected package python3-libsss-nss-idmap. 287s Preparing to unpack .../63-python3-libsss-nss-idmap_2.9.4-1ubuntu1_s390x.deb ... 287s Unpacking python3-libsss-nss-idmap (2.9.4-1ubuntu1) ... 287s Selecting previously unselected package autopkgtest-satdep. 287s Preparing to unpack .../64-1-autopkgtest-satdep.deb ... 287s Unpacking autopkgtest-satdep (0) ... 287s Setting up libpwquality-common (1.4.5-3) ... 287s Setting up libpath-utils1:s390x (0.6.2-2) ... 287s Setting up libnfsidmap1:s390x (1:2.6.3-3ubuntu1) ... 287s Setting up libsss-idmap0 (2.9.4-1ubuntu1) ... 287s Setting up libbasicobjects0:s390x (0.6.2-2) ... 287s Setting up libsss-idmap-dev (2.9.4-1ubuntu1) ... 287s Setting up libtdb1:s390x (1.4.10-1) ... 287s Setting up libc-ares2:s390x (1.27.0-1) ... 287s Setting up ldap-utils (2.6.7+dfsg-1~exp1ubuntu1) ... 287s Setting up libjose0:s390x (11-3) ... 287s Setting up libwbclient0:s390x (2:4.19.5+dfsg-1ubuntu1) ... 287s Setting up libtalloc2:s390x (2.4.2-1) ... 287s Setting up libdhash1:s390x (0.6.2-2) ... 287s Setting up libtevent0:s390x (0.16.1-1) ... 287s Setting up libavahi-common-data:s390x (0.8-13ubuntu2) ... 287s Setting up libevent-2.1-7:s390x (2.1.12-stable-9) ... 287s Setting up libtcl8.6:s390x (8.6.13+dfsg-2) ... 287s Setting up libltdl7:s390x (2.4.7-7) ... 287s Setting up libcrack2:s390x (2.9.6-5.1) ... 287s Setting up libcollection4:s390x (0.6.2-2) ... 287s Setting up libodbc2:s390x (2.3.12-1) ... 287s Setting up libipa-hbac0 (2.9.4-1ubuntu1) ... 287s Setting up python3-libipa-hbac (2.9.4-1ubuntu1) ... 287s Setting up libref-array1:s390x (0.6.2-2) ... 287s Setting up libnss-sudo (1.9.15p5-3ubuntu1) ... 287s Setting up libldb2:s390x (2:2.8.0+samba4.19.5+dfsg-1ubuntu1) ... 287s Setting up libsss-nss-idmap0 (2.9.4-1ubuntu1) ... 287s Setting up libnss-sss:s390x (2.9.4-1ubuntu1) ... 287s Setting up slapd (2.6.7+dfsg-1~exp1ubuntu1) ... 288s Creating new user openldap... done. 288s Creating initial configuration... done. 288s Creating LDAP directory... done. 288s Setting up tcl8.6 (8.6.13+dfsg-2) ... 288s Setting up libsss-sudo (2.9.4-1ubuntu1) ... 288s Setting up libsss-nss-idmap-dev (2.9.4-1ubuntu1) ... 288s Setting up libipa-hbac-dev (2.9.4-1ubuntu1) ... 288s Setting up libini-config5:s390x (0.6.2-2) ... 288s Setting up libavahi-common3:s390x (0.8-13ubuntu2) ... 288s Setting up tcl-expect:s390x (5.45.4-2build1) ... 288s Setting up python3-sss (2.9.4-1ubuntu1) ... 288s Setting up libsss-certmap0 (2.9.4-1ubuntu1) ... 288s Setting up libpwquality1:s390x (1.4.5-3) ... 288s Setting up python3-libsss-nss-idmap (2.9.4-1ubuntu1) ... 288s Setting up libavahi-client3:s390x (0.8-13ubuntu2) ... 288s Setting up expect (5.45.4-2build1) ... 288s Setting up libpam-pwquality:s390x (1.4.5-3) ... 289s Setting up samba-libs:s390x (2:4.19.5+dfsg-1ubuntu1) ... 289s Setting up libsss-certmap-dev (2.9.4-1ubuntu1) ... 289s Setting up libsmbclient:s390x (2:4.19.5+dfsg-1ubuntu1) ... 289s Setting up libpam-sss:s390x (2.9.4-1ubuntu1) ... 289s Setting up sssd-common (2.9.4-1ubuntu1) ... 289s Creating SSSD system user & group... 289s warn: The home directory `/var/lib/sss' already exists. Not touching this directory. 289s warn: Warning: The home directory `/var/lib/sss' does not belong to the user you are currently creating. 289s Warning: found usr.sbin.sssd in /etc/apparmor.d/force-complain, forcing complain mode 289s Warning from /etc/apparmor.d/usr.sbin.sssd (/etc/apparmor.d/usr.sbin.sssd line 63): Caching disabled for: 'usr.sbin.sssd' due to force complain 289s Created symlink /etc/systemd/system/sssd.service.wants/sssd-autofs.socket → /usr/lib/systemd/system/sssd-autofs.socket. 290s Created symlink /etc/systemd/system/sssd.service.wants/sssd-nss.socket → /usr/lib/systemd/system/sssd-nss.socket. 290s Created symlink /etc/systemd/system/sssd.service.wants/sssd-pam-priv.socket → /usr/lib/systemd/system/sssd-pam-priv.socket. 290s Created symlink /etc/systemd/system/sssd.service.wants/sssd-pam.socket → /usr/lib/systemd/system/sssd-pam.socket. 290s Created symlink /etc/systemd/system/sssd.service.wants/sssd-ssh.socket → /usr/lib/systemd/system/sssd-ssh.socket. 291s Created symlink /etc/systemd/system/sssd.service.wants/sssd-sudo.socket → /usr/lib/systemd/system/sssd-sudo.socket. 291s Created symlink /etc/systemd/system/multi-user.target.wants/sssd.service → /usr/lib/systemd/system/sssd.service. 291s sssd-autofs.service is a disabled or a static unit, not starting it. 291s sssd-nss.service is a disabled or a static unit, not starting it. 291s sssd-pam.service is a disabled or a static unit, not starting it. 291s sssd-ssh.service is a disabled or a static unit, not starting it. 291s sssd-sudo.service is a disabled or a static unit, not starting it. 291s Could not execute systemctl: at /usr/bin/deb-systemd-invoke line 148. 291s Setting up sssd-proxy (2.9.4-1ubuntu1) ... 291s Setting up sssd-kcm (2.9.4-1ubuntu1) ... 291s Created symlink /etc/systemd/system/sockets.target.wants/sssd-kcm.socket → /usr/lib/systemd/system/sssd-kcm.socket. 292s sssd-kcm.service is a disabled or a static unit, not starting it. 292s Setting up sssd-dbus (2.9.4-1ubuntu1) ... 292s sssd-ifp.service is a disabled or a static unit, not starting it. 292s Setting up sssd-ad-common (2.9.4-1ubuntu1) ... 292s Created symlink /etc/systemd/system/sssd.service.wants/sssd-pac.socket → /usr/lib/systemd/system/sssd-pac.socket. 293s sssd-pac.service is a disabled or a static unit, not starting it. 293s Could not execute systemctl: at /usr/bin/deb-systemd-invoke line 148. 293s Setting up sssd-krb5-common (2.9.4-1ubuntu1) ... 293s Setting up sssd-krb5 (2.9.4-1ubuntu1) ... 293s Setting up sssd-ldap (2.9.4-1ubuntu1) ... 293s Setting up sssd-ad (2.9.4-1ubuntu1) ... 293s Setting up sssd-tools (2.9.4-1ubuntu1) ... 293s Setting up sssd-ipa (2.9.4-1ubuntu1) ... 293s Setting up sssd (2.9.4-1ubuntu1) ... 293s Setting up libverto-libevent1:s390x (0.3.1-1ubuntu5) ... 293s Setting up libverto1:s390x (0.3.1-1ubuntu5) ... 293s Setting up libkrad0:s390x (1.20.1-5build1) ... 293s Setting up sssd-passkey (2.9.4-1ubuntu1) ... 293s Setting up sssd-idp (2.9.4-1ubuntu1) ... 293s Setting up autopkgtest-satdep (0) ... 293s Processing triggers for libc-bin (2.39-0ubuntu2) ... 293s Processing triggers for ufw (0.36.2-5) ... 293s Processing triggers for man-db (2.12.0-3) ... 294s Processing triggers for dbus (1.14.10-4ubuntu1) ... 306s (Reading database ... 53014 files and directories currently installed.) 306s Removing autopkgtest-satdep (0) ... 307s autopkgtest [04:26:43]: test ldap-user-group-ldap-auth: [----------------------- 307s + . debian/tests/util 307s + . debian/tests/common-tests 307s + mydomain=example.com 307s + myhostname=ldap.example.com 307s + mysuffix=dc=example,dc=com 307s + admin_dn=cn=admin,dc=example,dc=com 307s + admin_pw=secret 307s + ldap_user=testuser1 307s + ldap_user_pw=testuser1secret 307s + ldap_group=ldapusers 307s + adjust_hostname ldap.example.com 307s + local myhostname=ldap.example.com 307s + echo ldap.example.com 307s + hostname ldap.example.com 307s + grep -qE ldap.example.com /etc/hosts 307s + echo 127.0.1.10 ldap.example.com 307s + reconfigure_slapd 307s + debconf-set-selections 307s + rm -rf /var/backups/*slapd* /var/backups/unknown*ldapdb 307s + dpkg-reconfigure -fnoninteractive -pcritical slapd 308s Backing up /etc/ldap/slapd.d in /var/backups/slapd-2.6.7+dfsg-1~exp1ubuntu1... done. 308s Moving old database directory to /var/backups: 308s - directory unknown... done. 308s Creating initial configuration... done. 308s Creating LDAP directory... done. 308s + generate_certs ldap.example.com 308s + local cn=ldap.example.com 308s + local cert=/etc/ldap/server.pem 308s + local key=/etc/ldap/server.key 308s + local cnf=/etc/ldap/openssl.cnf 308s + cat 308s + openssl req -new -x509 -nodes -out /etc/ldap/server.pem -keyout /etc/ldap/server.key -config /etc/ldap/openssl.cnf 308s ........................................................................++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 308s ......++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 308s ----- 308s + chmod 0640 /etc/ldap/server.key 308s + chgrp openldap /etc/ldap/server.key 308s + [ ! -f /etc/ldap/server.pem ] 308s + [ ! -f /etc/ldap/server.key ] 308s + enable_ldap_ssl 308s + cat 308s + cat+ ldapmodify -H ldapi:/// -Y EXTERNAL -Q 308s 308s + populate_ldap_rfc2307 308s modifying entry "cn=config" 308s 308s + cat 308s + ldapadd -x -D cn=admin,dc=example,dc=com -w secret 308s adding new entry "ou=People,dc=example,dc=com" 308s 308s adding new entry "ou=Group,dc=example,dc=com" 308s 308s adding new entry "uid=testuser1,ou=People,dc=example,dc=com" 308s 308s adding new entry "cn=testuser1,ou=Group,dc=example,dc=com" 308s 308s adding new entry "cn=ldapusers,ou=Group,dc=example,dc=com" 308s 308s + configure_sssd_ldap_rfc2307 308s + cat 308s + chmod 0600 /etc/sssd/sssd.conf 308s + systemctl restart sssd 308s + enable_pam_mkhomedir 308s + grep -qE ^session.*pam_mkhomedir\.so /etc/pam.d/common-session 308s + echo session optional pam_mkhomedir.so 308s Assert local user databases do not have our LDAP test data 308s + run_common_tests 308s + echo Assert local user databases do not have our LDAP test data 308s + check_local_user testuser1 308s + local local_user=testuser1 308s + grep -q ^testuser1 /etc/passwd 308s + check_local_group testuser1 308s + local local_group=testuser1 308s + grep -q ^testuser1 /etc/group 308s + check_local_group ldapusers 308s + local local_group=ldapusers 308s + grep -q ^ldapusers /etc/group 308s The LDAP user is known to the system via getent 308s + echo The LDAP user is known to the system via getent 308s + check_getent_user testuser1 308s + local getent_user=testuser1 308s + local output 308s + getent passwd testuser1 308s The LDAP user's private group is known to the system via getent 308s + output=testuser1:*:10001:10001:testuser1:/home/testuser1:/bin/bash 308s + [ -z testuser1:*:10001:10001:testuser1:/home/testuser1:/bin/bash ] 308s + echo The LDAP user's private group is known to the system via getent 308s + check_getent_group testuser1 308s + local getent_group=testuser1 308s + local output 308s + getent group testuser1 308s The LDAP group ldapusers is known to the system via getent 308s + output=testuser1:*:10001:testuser1 308s + [ -z testuser1:*:10001:testuser1 ] 308s + echo The LDAP group ldapusers is known to the system via getent 308s + check_getent_group ldapusers 308s + local getent_group=ldapusers 308s + local output 308s + getent group ldapusers 308s + The id(1) command can resolve the group membership of the LDAP user 308s output=ldapusers:*:10100:testuser1 308s + [ -z ldapusers:*:10100:testuser1 ] 308s + echo The id(1) command can resolve the group membership of the LDAP user 308s + id -Gn testuser1 308s + output=testuser1 ldapusers 308s + [ testuser1 ldapusers !=The LDAP user can login on a terminal 308s testuser1 ldapusers ] 308s + echo The LDAP user can login on a terminal 308s + /usr/bin/expect -f debian/tests/login.exp testuser1 testuser1secret 308s spawn login 308s ldap.example.com login: testuser1 308s Password: 308s Welcome to Ubuntu Noble Numbat (development branch) (GNU/Linux 6.8.0-11-generic s390x) 308s 308s * Documentation: https://help.ubuntu.com 308s * Management: https://landscape.canonical.com 308s * Support: https://ubuntu.com/pro 308s 308s 308s The programs included with the Ubuntu system are free software; 308s the exact distribution terms for each program are described in the 308s individual files in /usr/share/doc/*/copyright. 308s 308s Ubuntu comes with ABSOLUTELY NO WARRANTY, to the extent permitted by 308s applicable law. 308s 308s 308s The programs included with the Ubuntu system are free software; 308s the exact distribution terms for each program are described in the 308s individual files in /usr/share/doc/*/copyright. 308s 308s Ubuntu comes with ABSOLUTELY NO WARRANTY, to the extent permitted by 308s applicable law. 308s 309s Creating directory '/home/testuser1'. 309s [?2004htestuser1@ldap:~$ id -un 309s [?2004l testuser1 309s [?2004htestuser1@ldap:~$ autopkgtest [04:26:45]: test ldap-user-group-ldap-auth: -----------------------] 309s autopkgtest [04:26:45]: test ldap-user-group-ldap-auth: - - - - - - - - - - results - - - - - - - - - - 309s ldap-user-group-ldap-auth PASS 310s autopkgtest [04:26:46]: test ldap-user-group-krb5-auth: preparing testbed 329s Reading package lists... 329s Building dependency tree... 329s Reading state information... 329s Starting pkgProblemResolver with broken count: 0 329s Starting 2 pkgProblemResolver with broken count: 0 329s Done 330s The following additional packages will be installed: 330s krb5-admin-server krb5-config krb5-kdc krb5-user libgssrpc4 330s libkadm5clnt-mit12 libkadm5srv-mit12 libkdb5-10 330s Suggested packages: 330s krb5-kdc-ldap krb5-kpropd krb5-k5tls krb5-doc 330s The following NEW packages will be installed: 330s autopkgtest-satdep krb5-admin-server krb5-config krb5-kdc krb5-user 330s libgssrpc4 libkadm5clnt-mit12 libkadm5srv-mit12 libkdb5-10 330s 0 upgraded, 9 newly installed, 0 to remove and 0 not upgraded. 330s Need to get 612 kB/613 kB of archives. 330s After this operation, 2067 kB of additional disk space will be used. 330s Get:1 /tmp/autopkgtest.7Qr1lf/2-autopkgtest-satdep.deb autopkgtest-satdep s390x 0 [888 B] 330s Get:2 http://ftpmaster.internal/ubuntu noble/main s390x krb5-config all 2.7 [22.0 kB] 330s Get:3 http://ftpmaster.internal/ubuntu noble/main s390x libgssrpc4 s390x 1.20.1-5build1 [58.9 kB] 330s Get:4 http://ftpmaster.internal/ubuntu noble/main s390x libkadm5clnt-mit12 s390x 1.20.1-5build1 [40.5 kB] 330s Get:5 http://ftpmaster.internal/ubuntu noble/main s390x libkdb5-10 s390x 1.20.1-5build1 [41.4 kB] 330s Get:6 http://ftpmaster.internal/ubuntu noble/main s390x libkadm5srv-mit12 s390x 1.20.1-5build1 [55.2 kB] 330s Get:7 http://ftpmaster.internal/ubuntu noble/universe s390x krb5-user s390x 1.20.1-5build1 [110 kB] 330s Get:8 http://ftpmaster.internal/ubuntu noble/universe s390x krb5-kdc s390x 1.20.1-5build1 [188 kB] 330s Get:9 http://ftpmaster.internal/ubuntu noble/universe s390x krb5-admin-server s390x 1.20.1-5build1 [95.9 kB] 331s Preconfiguring packages ... 331s Fetched 612 kB in 1s (807 kB/s) 331s Selecting previously unselected package krb5-config. 331s (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 53014 files and directories currently installed.) 331s Preparing to unpack .../0-krb5-config_2.7_all.deb ... 331s Unpacking krb5-config (2.7) ... 331s Selecting previously unselected package libgssrpc4:s390x. 331s Preparing to unpack .../1-libgssrpc4_1.20.1-5build1_s390x.deb ... 331s Unpacking libgssrpc4:s390x (1.20.1-5build1) ... 331s Selecting previously unselected package libkadm5clnt-mit12:s390x. 331s Preparing to unpack .../2-libkadm5clnt-mit12_1.20.1-5build1_s390x.deb ... 331s Unpacking libkadm5clnt-mit12:s390x (1.20.1-5build1) ... 331s Selecting previously unselected package libkdb5-10:s390x. 331s Preparing to unpack .../3-libkdb5-10_1.20.1-5build1_s390x.deb ... 331s Unpacking libkdb5-10:s390x (1.20.1-5build1) ... 331s Selecting previously unselected package libkadm5srv-mit12:s390x. 331s Preparing to unpack .../4-libkadm5srv-mit12_1.20.1-5build1_s390x.deb ... 331s Unpacking libkadm5srv-mit12:s390x (1.20.1-5build1) ... 331s Selecting previously unselected package krb5-user. 331s Preparing to unpack .../5-krb5-user_1.20.1-5build1_s390x.deb ... 331s Unpacking krb5-user (1.20.1-5build1) ... 331s Selecting previously unselected package krb5-kdc. 331s Preparing to unpack .../6-krb5-kdc_1.20.1-5build1_s390x.deb ... 331s Unpacking krb5-kdc (1.20.1-5build1) ... 331s Selecting previously unselected package krb5-admin-server. 331s Preparing to unpack .../7-krb5-admin-server_1.20.1-5build1_s390x.deb ... 331s Unpacking krb5-admin-server (1.20.1-5build1) ... 331s Selecting previously unselected package autopkgtest-satdep. 331s Preparing to unpack .../8-2-autopkgtest-satdep.deb ... 331s Unpacking autopkgtest-satdep (0) ... 331s Setting up libgssrpc4:s390x (1.20.1-5build1) ... 331s Setting up krb5-config (2.7) ... 331s Setting up libkadm5clnt-mit12:s390x (1.20.1-5build1) ... 331s Setting up libkdb5-10:s390x (1.20.1-5build1) ... 331s Setting up libkadm5srv-mit12:s390x (1.20.1-5build1) ... 331s Setting up krb5-user (1.20.1-5build1) ... 331s update-alternatives: using /usr/bin/kinit.mit to provide /usr/bin/kinit (kinit) in auto mode 331s update-alternatives: using /usr/bin/klist.mit to provide /usr/bin/klist (klist) in auto mode 331s update-alternatives: using /usr/bin/kswitch.mit to provide /usr/bin/kswitch (kswitch) in auto mode 331s update-alternatives: using /usr/bin/ksu.mit to provide /usr/bin/ksu (ksu) in auto mode 331s update-alternatives: using /usr/bin/kpasswd.mit to provide /usr/bin/kpasswd (kpasswd) in auto mode 331s update-alternatives: using /usr/bin/kdestroy.mit to provide /usr/bin/kdestroy (kdestroy) in auto mode 331s update-alternatives: using /usr/bin/kadmin.mit to provide /usr/bin/kadmin (kadmin) in auto mode 331s update-alternatives: using /usr/bin/ktutil.mit to provide /usr/bin/ktutil (ktutil) in auto mode 331s Setting up krb5-kdc (1.20.1-5build1) ... 332s Created symlink /etc/systemd/system/multi-user.target.wants/krb5-kdc.service → /usr/lib/systemd/system/krb5-kdc.service. 332s Could not execute systemctl: at /usr/bin/deb-systemd-invoke line 148. 332s Setting up krb5-admin-server (1.20.1-5build1) ... 333s Created symlink /etc/systemd/system/multi-user.target.wants/krb5-admin-server.service → /usr/lib/systemd/system/krb5-admin-server.service. 333s Setting up autopkgtest-satdep (0) ... 333s Processing triggers for man-db (2.12.0-3) ... 334s Processing triggers for libc-bin (2.39-0ubuntu2) ... 345s (Reading database ... 53107 files and directories currently installed.) 345s Removing autopkgtest-satdep (0) ... 345s autopkgtest [04:27:21]: test ldap-user-group-krb5-auth: [----------------------- 346s + . debian/tests/util 346s + . debian/tests/common-tests 346s + mydomain=example.com 346s + myhostname=ldap.example.com 346s + mysuffix=dc=example,dc=com 346s + myrealm=EXAMPLE.COM 346s + admin_dn=cn=admin,dc=example,dc=com 346s + admin_pw=secret 346s + ldap_user=testuser1 346s + ldap_user_pw=testuser1secret 346s + kerberos_principal_pw=testuser1kerberos 346s + ldap_group=ldapusers 346s + adjust_hostname ldap.example.com 346s + local myhostname=ldap.example.com 346s + echo ldap.example.com 346s + hostname ldap.example.com 346s + grep -qE ldap.example.com /etc/hosts 346s + reconfigure_slapd 346s + debconf-set-selections 346s + rm -rf /var/backups/slapd-2.6.7+dfsg-1~exp1ubuntu1 /var/backups/unknown-2.6.7+dfsg-1~exp1ubuntu1-20240321-042644.ldapdb 346s + dpkg-reconfigure -fnoninteractive -pcritical slapd 346s Backing up /etc/ldap/slapd.d in /var/backups/slapd-2.6.7+dfsg-1~exp1ubuntu1... done. 346s Moving old database directory to /var/backups: 346s - directory unknown... done. 346s Creating initial configuration... done. 346s Creating LDAP directory... done. 346s + generate_certs ldap.example.com 346s + local cn=ldap.example.com 346s + local cert=/etc/ldap/server.pem 346s + local key=/etc/ldap/server.key 346s + local cnf=/etc/ldap/openssl.cnf 346s + cat 346s + openssl req -new -x509 -nodes -out /etc/ldap/server.pem -keyout /etc/ldap/server.key -config /etc/ldap/openssl.cnf 347s ..++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 347s ...............................................++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 347s ----- 347s + chmod 0640 /etc/ldap/server.key 347s + chgrp openldap /etc/ldap/server.key 347s + [ ! -f /etc/ldap/server.pem ] 347s + [ ! -f /etc/ldap/server.key ] 347s + enable_ldap_ssl 347s + cat 347s + cat 347s + ldapmodify -H ldapi:/// -Y EXTERNAL -Q 347s + populate_ldap_rfc2307 347s + cat 347s + ldapadd -x -D cn=admin,dc=example,dc=com -w secret 347s modifying entry "cn=config" 347s 347s adding new entry "ou=People,dc=example,dc=com" 347s 347s adding new entry "ou=Group,dc=example,dc=com" 347s 347s adding new entry "uid=testuser1,ou=People,dc=example,dc=com" 347s 347s adding new entry "cn=testuser1,ou=Group,dc=example,dc=com" 347s 347s adding new entry "cn=ldapusers,ou=Group,dc=example,dc=com" 347s 347s + create_realm EXAMPLE.COM ldap.example.com 347s + local realm_name=EXAMPLE.COM 347s + local kerberos_server=ldap.example.com 347s + rm -rf /var/lib/krb5kdc/* 347s + rm -rf /etc/krb5kdc/kdc.conf 347s + rm -f /etc/krb5.keytab 347s + cat 347s + cat 347s + echo # */admin *Initializing database '/var/lib/krb5kdc/principal' for realm 'EXAMPLE.COM', 347s master key name 'K/M@EXAMPLE.COM' 347s 347s + kdb5_util create -s -P secretpassword 347s + systemctl restart krb5-kdc.service krb5-admin-server.service 347s + create_krb_principal testuser1 testuser1kerberos 347s + local principal=testuser1 347s + local password=testuser1kerberos 347s + kadmin.local -q addprinc -pw testuser1kerberos testuser1 347s No policy specified for testuser1@EXAMPLE.COM; defaulting to no policy 347s Authenticating as principal root/admin@EXAMPLE.COM with password. 347s Principal "testuser1@EXAMPLE.COM" created. 347s + configure_sssd_ldap_rfc2307_krb5_auth 347s + cat 347s + chmod 0600 /etc/sssd/sssd.conf 347s + systemctl restart sssd 347s + enable_pam_mkhomedir 347s + grep -qE ^session.*pam_mkhomedir\.so /etc/pam.d/common-session 347s + Assert local user databases do not have our LDAP test data 347s run_common_tests 347s + echo Assert local user databases do not have our LDAP test data 347s + check_local_user testuser1 347s + local local_user=testuser1 347s + grep -q ^testuser1 /etc/passwd 347s + check_local_group testuser1 347s + local local_group=testuser1 347s + grep -q ^testuser1 /etc/group 347s + check_local_group ldapusers 347s + local local_group=ldapusers 347s + grep -q ^ldapusers /etc/group 347s + echo The LDAP user is known to the system via getentThe LDAP user is known to the system via getent 347s 347s + check_getent_user testuser1 347s + local getent_user=testuser1 347s + local output 347s + getent passwd testuser1 347s The LDAP user's private group is known to the system via getent 347s + output=testuser1:*:10001:10001:testuser1:/home/testuser1:/bin/bash 347s + [ -z testuser1:*:10001:10001:testuser1:/home/testuser1:/bin/bash ] 347s + echo The LDAP user's private group is known to the system via getent 347s + check_getent_group testuser1 347s + local getent_group=testuser1 347s + local output 347s + getent group testuser1 347s + The LDAP group ldapusers is known to the system via getent 347s output=testuser1:*:10001:testuser1 347s + [ -z testuser1:*:10001:testuser1 ] 347s + echo The LDAP group ldapusers is known to the system via getent 347s + check_getent_group ldapusers 347s + local getent_group=ldapusers 347s + local output 347s + getent group ldapusers 347s The id(1) command can resolve the group membership of the LDAP user 347s + output=ldapusers:*:10100:testuser1 347s + [ -z ldapusers:*:10100:testuser1 ] 347s + echo The id(1) command can resolve the group membership of the LDAP user 347s + id -Gn testuser1 347s The Kerberos principal can login on a terminal 347s + output=testuser1 ldapusers 347s + [ testuser1 ldapusers != testuser1 ldapusers ] 347s + echo The Kerberos principal can login on a terminal 347s + kdestroy 347s + /usr/bin/expect -f debian/tests/login.exp testuser1 testuser1kerberos testuser1@EXAMPLE.COM 347s spawn login 347s ldap.example.com login: testuser1 347s Password: 347s Welcome to Ubuntu Noble Numbat (development branch) (GNU/Linux 6.8.0-11-generic s390x) 347s 347s * Documentation: https://help.ubuntu.com 347s * Management: https://landscape.canonical.com 347s * Support: https://ubuntu.com/pro 347s 347s 347s The programs included with the Ubuntu system are free software; 347s the exact distribution terms for each program are described in the 347s individual files in /usr/share/doc/*/copyright. 347s 347s Ubuntu comes with ABSOLUTELY NO WARRANTY, to the extent permitted by 347s applicable law. 347s 347s Last login: Thu Mar 21 04:26:44 UTC 2024 on pts/0 347s [?2004htestuser1@ldap:~$ id -un 347s [?2004l testuser1 347s [?2004htestuser1@ldap:~$ klist 347s [?2004l Ticket cache: FILE:/tmp/krb5cc_10001_DcUPLD 347s Default principal: testuser1@EXAMPLE.COM 348s autopkgtest [04:27:24]: test ldap-user-group-krb5-auth: -----------------------] 348s autopkgtest [04:27:24]: test ldap-user-group-krb5-auth: - - - - - - - - - - results - - - - - - - - - - 348s ldap-user-group-krb5-auth PASS 348s autopkgtest [04:27:24]: test sssd-softhism2-certificates-tests.sh: preparing testbed 426s autopkgtest [04:28:42]: testbed dpkg architecture: s390x 426s autopkgtest [04:28:42]: testbed apt version: 2.7.12 426s autopkgtest [04:28:42]: @@@@@@@@@@@@@@@@@@@@ test bed setup 427s Get:1 http://ftpmaster.internal/ubuntu noble-proposed InRelease [117 kB] 427s Get:2 http://ftpmaster.internal/ubuntu noble-proposed/main Sources [494 kB] 428s Get:3 http://ftpmaster.internal/ubuntu noble-proposed/universe Sources [3807 kB] 428s Get:4 http://ftpmaster.internal/ubuntu noble-proposed/multiverse Sources [53.9 kB] 428s Get:5 http://ftpmaster.internal/ubuntu noble-proposed/restricted Sources [6540 B] 428s Get:6 http://ftpmaster.internal/ubuntu noble-proposed/main s390x Packages [667 kB] 428s Get:7 http://ftpmaster.internal/ubuntu noble-proposed/main s390x c-n-f Metadata [3032 B] 428s Get:8 http://ftpmaster.internal/ubuntu noble-proposed/restricted s390x Packages [1372 B] 428s Get:9 http://ftpmaster.internal/ubuntu noble-proposed/restricted s390x c-n-f Metadata [116 B] 428s Get:10 http://ftpmaster.internal/ubuntu noble-proposed/universe s390x Packages [3978 kB] 428s Get:11 http://ftpmaster.internal/ubuntu noble-proposed/universe s390x c-n-f Metadata [7292 B] 428s Get:12 http://ftpmaster.internal/ubuntu noble-proposed/multiverse s390x Packages [45.1 kB] 428s Get:13 http://ftpmaster.internal/ubuntu noble-proposed/multiverse s390x c-n-f Metadata [116 B] 430s Fetched 9181 kB in 3s (3564 kB/s) 431s Reading package lists... 433s Reading package lists... 433s Building dependency tree... 433s Reading state information... 434s Calculating upgrade... 434s The following packages will be REMOVED: 434s libssl3 434s The following NEW packages will be installed: 434s libssl3t64 434s The following packages will be upgraded: 434s openssl sudo 434s 2 upgraded, 1 newly installed, 1 to remove and 0 not upgraded. 434s Need to get 3653 kB of archives. 434s After this operation, 243 kB of additional disk space will be used. 434s Get:1 http://ftpmaster.internal/ubuntu noble-proposed/main s390x sudo s390x 1.9.15p5-3ubuntu3 [968 kB] 435s Get:2 http://ftpmaster.internal/ubuntu noble-proposed/main s390x openssl s390x 3.0.13-0ubuntu2 [1010 kB] 435s Get:3 http://ftpmaster.internal/ubuntu noble-proposed/main s390x libssl3t64 s390x 3.0.13-0ubuntu2 [1675 kB] 435s Fetched 3653 kB in 1s (4973 kB/s) 435s (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 52171 files and directories currently installed.) 435s Preparing to unpack .../sudo_1.9.15p5-3ubuntu3_s390x.deb ... 435s Unpacking sudo (1.9.15p5-3ubuntu3) over (1.9.15p5-3ubuntu1) ... 435s Preparing to unpack .../openssl_3.0.13-0ubuntu2_s390x.deb ... 435s Unpacking openssl (3.0.13-0ubuntu2) over (3.0.10-1ubuntu4) ... 435s dpkg: libssl3:s390x: dependency problems, but removing anyway as you requested: 435s wget depends on libssl3 (>= 3.0.0). 435s tnftp depends on libssl3 (>= 3.0.0). 435s tcpdump depends on libssl3 (>= 3.0.0). 435s systemd-resolved depends on libssl3 (>= 3.0.0). 435s systemd depends on libssl3 (>= 3.0.0). 435s s390-tools depends on libssl3 (>= 3.0.0). 435s rsync depends on libssl3 (>= 3.0.0). 435s python3-cryptography depends on libssl3 (>= 3.0.0). 435s openssh-server depends on libssl3 (>= 3.0.10). 435s openssh-client depends on libssl3 (>= 3.0.10). 435s linux-headers-6.8.0-11-generic depends on libssl3 (>= 3.0.0). 435s libsystemd-shared:s390x depends on libssl3 (>= 3.0.0). 435s libssh-4:s390x depends on libssl3 (>= 3.0.0). 435s libsasl2-modules:s390x depends on libssl3 (>= 3.0.0). 435s libsasl2-2:s390x depends on libssl3 (>= 3.0.0). 435s libpython3.12-minimal:s390x depends on libssl3 (>= 3.0.0). 435s libpython3.11-minimal:s390x depends on libssl3 (>= 3.0.0). 435s libnvme1 depends on libssl3 (>= 3.0.0). 435s libkrb5-3:s390x depends on libssl3 (>= 3.0.0). 435s libkmod2:s390x depends on libssl3 (>= 3.0.0). 435s libfido2-1:s390x depends on libssl3 (>= 3.0.0). 435s libcurl4:s390x depends on libssl3 (>= 3.0.0). 435s libcryptsetup12:s390x depends on libssl3 (>= 3.0.0). 435s kmod depends on libssl3 (>= 3.0.0). 435s dhcpcd-base depends on libssl3 (>= 3.0.0). 435s bind9-libs:s390x depends on libssl3 (>= 3.0.0). 435s 435s (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 52171 files and directories currently installed.) 435s Removing libssl3:s390x (3.0.10-1ubuntu4) ... 435s Selecting previously unselected package libssl3t64:s390x. 435s (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 52160 files and directories currently installed.) 435s Preparing to unpack .../libssl3t64_3.0.13-0ubuntu2_s390x.deb ... 435s Unpacking libssl3t64:s390x (3.0.13-0ubuntu2) ... 435s Setting up libssl3t64:s390x (3.0.13-0ubuntu2) ... 435s Setting up sudo (1.9.15p5-3ubuntu3) ... 435s Setting up openssl (3.0.13-0ubuntu2) ... 435s Processing triggers for man-db (2.12.0-3) ... 437s Processing triggers for libc-bin (2.39-0ubuntu2) ... 437s Reading package lists... 437s Building dependency tree... 437s Reading state information... 437s 0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded. 437s Unknown architecture, assuming PC-style ttyS0 437s sh: Attempting to set up Debian/Ubuntu apt sources automatically 437s sh: Distribution appears to be Ubuntu 438s Reading package lists... 438s Building dependency tree... 438s Reading state information... 439s eatmydata is already the newest version (131-1). 439s 0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded. 439s Reading package lists... 439s Building dependency tree... 439s Reading state information... 439s dbus is already the newest version (1.14.10-4ubuntu1). 439s 0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded. 439s Reading package lists... 440s Building dependency tree... 440s Reading state information... 440s rng-tools-debian is already the newest version (2.4). 440s 0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded. 440s Reading package lists... 440s Building dependency tree... 440s Reading state information... 440s The following packages will be REMOVED: 440s cloud-init* python3-configobj* python3-debconf* 441s 0 upgraded, 0 newly installed, 3 to remove and 0 not upgraded. 441s After this operation, 3252 kB disk space will be freed. 441s (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 52173 files and directories currently installed.) 441s Removing cloud-init (24.1.1-0ubuntu1) ... 441s Removing python3-configobj (5.0.8-3) ... 441s Removing python3-debconf (1.5.86) ... 441s Processing triggers for man-db (2.12.0-3) ... 442s (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 51784 files and directories currently installed.) 442s Purging configuration files for cloud-init (24.1.1-0ubuntu1) ... 442s dpkg: warning: while removing cloud-init, directory '/etc/cloud/cloud.cfg.d' not empty so not removed 442s Processing triggers for rsyslog (8.2312.0-3ubuntu3) ... 442s invoke-rc.d: policy-rc.d denied execution of try-restart. 443s Reading package lists... 443s Building dependency tree... 443s Reading state information... 443s linux-generic is already the newest version (6.8.0-11.11+1). 443s 0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded. 443s Hit:1 http://ftpmaster.internal/ubuntu noble InRelease 444s Hit:2 http://ftpmaster.internal/ubuntu noble-updates InRelease 444s Hit:3 http://ftpmaster.internal/ubuntu noble-security InRelease 445s Reading package lists... 445s Reading package lists... 446s Building dependency tree... 446s Reading state information... 446s Calculating upgrade... 446s 0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded. 446s Reading package lists... 446s Building dependency tree... 446s Reading state information... 447s 0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded. 447s autopkgtest [04:29:03]: rebooting testbed after setup commands that affected boot 465s Reading package lists... 465s Building dependency tree... 465s Reading state information... 465s Starting pkgProblemResolver with broken count: 0 465s Starting 2 pkgProblemResolver with broken count: 0 465s Done 466s The following additional packages will be installed: 466s gnutls-bin libavahi-client3 libavahi-common-data libavahi-common3 466s libbasicobjects0 libc-ares2 libcollection4 libcrack2 libdhash1 466s libevent-2.1-7 libgnutls-dane0 libini-config5 libipa-hbac0 libldb2 466s libnfsidmap1 libnss-sss libpam-pwquality libpam-sss libpath-utils1 466s libpwquality-common libpwquality1 libref-array1 libsmbclient libsofthsm2 466s libsss-certmap0 libsss-idmap0 libsss-nss-idmap0 libtalloc2 libtdb1 466s libtevent0 libunbound8 libwbclient0 python3-sss samba-libs softhsm2 466s softhsm2-common sssd sssd-ad sssd-ad-common sssd-common sssd-ipa sssd-krb5 466s sssd-krb5-common sssd-ldap sssd-proxy 466s Suggested packages: 466s dns-root-data adcli libsss-sudo sssd-tools libsasl2-modules-ldap 466s Recommended packages: 466s cracklib-runtime libsasl2-modules-gssapi-mit 466s | libsasl2-modules-gssapi-heimdal ldap-utils 466s The following NEW packages will be installed: 466s autopkgtest-satdep gnutls-bin libavahi-client3 libavahi-common-data 466s libavahi-common3 libbasicobjects0 libc-ares2 libcollection4 libcrack2 466s libdhash1 libevent-2.1-7 libgnutls-dane0 libini-config5 libipa-hbac0 libldb2 466s libnfsidmap1 libnss-sss libpam-pwquality libpam-sss libpath-utils1 466s libpwquality-common libpwquality1 libref-array1 libsmbclient libsofthsm2 466s libsss-certmap0 libsss-idmap0 libsss-nss-idmap0 libtalloc2 libtdb1 466s libtevent0 libunbound8 libwbclient0 python3-sss samba-libs softhsm2 466s softhsm2-common sssd sssd-ad sssd-ad-common sssd-common sssd-ipa sssd-krb5 466s sssd-krb5-common sssd-ldap sssd-proxy 466s 0 upgraded, 46 newly installed, 0 to remove and 0 not upgraded. 466s Need to get 10.4 MB/10.4 MB of archives. 466s After this operation, 40.5 MB of additional disk space will be used. 466s Get:1 /tmp/autopkgtest.7Qr1lf/3-autopkgtest-satdep.deb autopkgtest-satdep s390x 0 [744 B] 466s Get:2 http://ftpmaster.internal/ubuntu noble/main s390x libevent-2.1-7 s390x 2.1.12-stable-9 [144 kB] 466s Get:3 http://ftpmaster.internal/ubuntu noble/main s390x libunbound8 s390x 1.19.1-1ubuntu1 [453 kB] 466s Get:4 http://ftpmaster.internal/ubuntu noble/main s390x libgnutls-dane0 s390x 3.8.3-1ubuntu1 [23.6 kB] 466s Get:5 http://ftpmaster.internal/ubuntu noble/universe s390x gnutls-bin s390x 3.8.3-1ubuntu1 [284 kB] 466s Get:6 http://ftpmaster.internal/ubuntu noble/main s390x libavahi-common-data s390x 0.8-13ubuntu2 [29.5 kB] 466s Get:7 http://ftpmaster.internal/ubuntu noble/main s390x libavahi-common3 s390x 0.8-13ubuntu2 [23.8 kB] 466s Get:8 http://ftpmaster.internal/ubuntu noble/main s390x libavahi-client3 s390x 0.8-13ubuntu2 [26.7 kB] 466s Get:9 http://ftpmaster.internal/ubuntu noble/main s390x libcrack2 s390x 2.9.6-5.1 [29.6 kB] 466s Get:10 http://ftpmaster.internal/ubuntu noble/main s390x libtalloc2 s390x 2.4.2-1 [28.3 kB] 466s Get:11 http://ftpmaster.internal/ubuntu noble/main s390x libtdb1 s390x 1.4.10-1 [49.9 kB] 466s Get:12 http://ftpmaster.internal/ubuntu noble/main s390x libtevent0 s390x 0.16.1-1 [43.1 kB] 466s Get:13 http://ftpmaster.internal/ubuntu noble/main s390x libldb2 s390x 2:2.8.0+samba4.19.5+dfsg-1ubuntu1 [191 kB] 466s Get:14 http://ftpmaster.internal/ubuntu noble/main s390x libnfsidmap1 s390x 1:2.6.3-3ubuntu1 [49.0 kB] 466s Get:15 http://ftpmaster.internal/ubuntu noble/main s390x libpwquality-common all 1.4.5-3 [7658 B] 466s Get:16 http://ftpmaster.internal/ubuntu noble/main s390x libpwquality1 s390x 1.4.5-3 [14.7 kB] 466s Get:17 http://ftpmaster.internal/ubuntu noble/main s390x libpam-pwquality s390x 1.4.5-3 [11.6 kB] 466s Get:18 http://ftpmaster.internal/ubuntu noble/main s390x libwbclient0 s390x 2:4.19.5+dfsg-1ubuntu1 [70.3 kB] 466s Get:19 http://ftpmaster.internal/ubuntu noble/main s390x samba-libs s390x 2:4.19.5+dfsg-1ubuntu1 [6231 kB] 467s Get:20 http://ftpmaster.internal/ubuntu noble/universe s390x softhsm2-common s390x 2.6.1-2.2 [5808 B] 467s Get:21 http://ftpmaster.internal/ubuntu noble/universe s390x libsofthsm2 s390x 2.6.1-2.2 [265 kB] 467s Get:22 http://ftpmaster.internal/ubuntu noble/universe s390x softhsm2 s390x 2.6.1-2.2 [174 kB] 467s Get:23 http://ftpmaster.internal/ubuntu noble/main s390x python3-sss s390x 2.9.4-1ubuntu1 [46.6 kB] 467s Get:24 http://ftpmaster.internal/ubuntu noble/main s390x libsss-idmap0 s390x 2.9.4-1ubuntu1 [22.1 kB] 467s Get:25 http://ftpmaster.internal/ubuntu noble/main s390x libnss-sss s390x 2.9.4-1ubuntu1 [32.6 kB] 467s Get:26 http://ftpmaster.internal/ubuntu noble/main s390x libpam-sss s390x 2.9.4-1ubuntu1 [51.9 kB] 467s Get:27 http://ftpmaster.internal/ubuntu noble/main s390x libc-ares2 s390x 1.27.0-1 [79.2 kB] 467s Get:28 http://ftpmaster.internal/ubuntu noble/main s390x libdhash1 s390x 0.6.2-2 [8648 B] 467s Get:29 http://ftpmaster.internal/ubuntu noble/main s390x libbasicobjects0 s390x 0.6.2-2 [5476 B] 467s Get:30 http://ftpmaster.internal/ubuntu noble/main s390x libcollection4 s390x 0.6.2-2 [23.2 kB] 467s Get:31 http://ftpmaster.internal/ubuntu noble/main s390x libpath-utils1 s390x 0.6.2-2 [8994 B] 467s Get:32 http://ftpmaster.internal/ubuntu noble/main s390x libref-array1 s390x 0.6.2-2 [6880 B] 467s Get:33 http://ftpmaster.internal/ubuntu noble/main s390x libini-config5 s390x 0.6.2-2 [45.3 kB] 467s Get:34 http://ftpmaster.internal/ubuntu noble/main s390x libsss-certmap0 s390x 2.9.4-1ubuntu1 [46.7 kB] 467s Get:35 http://ftpmaster.internal/ubuntu noble/main s390x libsss-nss-idmap0 s390x 2.9.4-1ubuntu1 [31.4 kB] 467s Get:36 http://ftpmaster.internal/ubuntu noble/main s390x sssd-common s390x 2.9.4-1ubuntu1 [1125 kB] 467s Get:37 http://ftpmaster.internal/ubuntu noble/main s390x sssd-ad-common s390x 2.9.4-1ubuntu1 [74.8 kB] 467s Get:38 http://ftpmaster.internal/ubuntu noble/main s390x sssd-krb5-common s390x 2.9.4-1ubuntu1 [90.3 kB] 467s Get:39 http://ftpmaster.internal/ubuntu noble/main s390x libsmbclient s390x 2:4.19.5+dfsg-1ubuntu1 [65.1 kB] 467s Get:40 http://ftpmaster.internal/ubuntu noble/main s390x sssd-ad s390x 2.9.4-1ubuntu1 [133 kB] 467s Get:41 http://ftpmaster.internal/ubuntu noble/main s390x libipa-hbac0 s390x 2.9.4-1ubuntu1 [16.8 kB] 467s Get:42 http://ftpmaster.internal/ubuntu noble/main s390x sssd-ipa s390x 2.9.4-1ubuntu1 [215 kB] 467s Get:43 http://ftpmaster.internal/ubuntu noble/main s390x sssd-krb5 s390x 2.9.4-1ubuntu1 [14.4 kB] 467s Get:44 http://ftpmaster.internal/ubuntu noble/main s390x sssd-ldap s390x 2.9.4-1ubuntu1 [31.0 kB] 467s Get:45 http://ftpmaster.internal/ubuntu noble/main s390x sssd-proxy s390x 2.9.4-1ubuntu1 [43.9 kB] 467s Get:46 http://ftpmaster.internal/ubuntu noble/main s390x sssd s390x 2.9.4-1ubuntu1 [4120 B] 467s Fetched 10.4 MB in 1s (8316 kB/s) 467s Selecting previously unselected package libevent-2.1-7:s390x. 468s (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 51729 files and directories currently installed.) 468s Preparing to unpack .../00-libevent-2.1-7_2.1.12-stable-9_s390x.deb ... 468s Unpacking libevent-2.1-7:s390x (2.1.12-stable-9) ... 468s Selecting previously unselected package libunbound8:s390x. 468s Preparing to unpack .../01-libunbound8_1.19.1-1ubuntu1_s390x.deb ... 468s Unpacking libunbound8:s390x (1.19.1-1ubuntu1) ... 468s Selecting previously unselected package libgnutls-dane0:s390x. 468s Preparing to unpack .../02-libgnutls-dane0_3.8.3-1ubuntu1_s390x.deb ... 468s Unpacking libgnutls-dane0:s390x (3.8.3-1ubuntu1) ... 468s Selecting previously unselected package gnutls-bin. 468s Preparing to unpack .../03-gnutls-bin_3.8.3-1ubuntu1_s390x.deb ... 468s Unpacking gnutls-bin (3.8.3-1ubuntu1) ... 468s Selecting previously unselected package libavahi-common-data:s390x. 468s Preparing to unpack .../04-libavahi-common-data_0.8-13ubuntu2_s390x.deb ... 468s Unpacking libavahi-common-data:s390x (0.8-13ubuntu2) ... 468s Selecting previously unselected package libavahi-common3:s390x. 468s Preparing to unpack .../05-libavahi-common3_0.8-13ubuntu2_s390x.deb ... 468s Unpacking libavahi-common3:s390x (0.8-13ubuntu2) ... 468s Selecting previously unselected package libavahi-client3:s390x. 468s Preparing to unpack .../06-libavahi-client3_0.8-13ubuntu2_s390x.deb ... 468s Unpacking libavahi-client3:s390x (0.8-13ubuntu2) ... 468s Selecting previously unselected package libcrack2:s390x. 468s Preparing to unpack .../07-libcrack2_2.9.6-5.1_s390x.deb ... 468s Unpacking libcrack2:s390x (2.9.6-5.1) ... 468s Selecting previously unselected package libtalloc2:s390x. 468s Preparing to unpack .../08-libtalloc2_2.4.2-1_s390x.deb ... 468s Unpacking libtalloc2:s390x (2.4.2-1) ... 468s Selecting previously unselected package libtdb1:s390x. 468s Preparing to unpack .../09-libtdb1_1.4.10-1_s390x.deb ... 468s Unpacking libtdb1:s390x (1.4.10-1) ... 468s Selecting previously unselected package libtevent0:s390x. 468s Preparing to unpack .../10-libtevent0_0.16.1-1_s390x.deb ... 468s Unpacking libtevent0:s390x (0.16.1-1) ... 468s Selecting previously unselected package libldb2:s390x. 468s Preparing to unpack .../11-libldb2_2%3a2.8.0+samba4.19.5+dfsg-1ubuntu1_s390x.deb ... 468s Unpacking libldb2:s390x (2:2.8.0+samba4.19.5+dfsg-1ubuntu1) ... 468s Selecting previously unselected package libnfsidmap1:s390x. 468s Preparing to unpack .../12-libnfsidmap1_1%3a2.6.3-3ubuntu1_s390x.deb ... 468s Unpacking libnfsidmap1:s390x (1:2.6.3-3ubuntu1) ... 468s Selecting previously unselected package libpwquality-common. 468s Preparing to unpack .../13-libpwquality-common_1.4.5-3_all.deb ... 468s Unpacking libpwquality-common (1.4.5-3) ... 468s Selecting previously unselected package libpwquality1:s390x. 468s Preparing to unpack .../14-libpwquality1_1.4.5-3_s390x.deb ... 468s Unpacking libpwquality1:s390x (1.4.5-3) ... 468s Selecting previously unselected package libpam-pwquality:s390x. 468s Preparing to unpack .../15-libpam-pwquality_1.4.5-3_s390x.deb ... 468s Unpacking libpam-pwquality:s390x (1.4.5-3) ... 468s Selecting previously unselected package libwbclient0:s390x. 468s Preparing to unpack .../16-libwbclient0_2%3a4.19.5+dfsg-1ubuntu1_s390x.deb ... 468s Unpacking libwbclient0:s390x (2:4.19.5+dfsg-1ubuntu1) ... 468s Selecting previously unselected package samba-libs:s390x. 468s Preparing to unpack .../17-samba-libs_2%3a4.19.5+dfsg-1ubuntu1_s390x.deb ... 468s Unpacking samba-libs:s390x (2:4.19.5+dfsg-1ubuntu1) ... 468s Selecting previously unselected package softhsm2-common. 468s Preparing to unpack .../18-softhsm2-common_2.6.1-2.2_s390x.deb ... 468s Unpacking softhsm2-common (2.6.1-2.2) ... 468s Selecting previously unselected package libsofthsm2. 468s Preparing to unpack .../19-libsofthsm2_2.6.1-2.2_s390x.deb ... 468s Unpacking libsofthsm2 (2.6.1-2.2) ... 468s Selecting previously unselected package softhsm2. 468s Preparing to unpack .../20-softhsm2_2.6.1-2.2_s390x.deb ... 468s Unpacking softhsm2 (2.6.1-2.2) ... 468s Selecting previously unselected package python3-sss. 468s Preparing to unpack .../21-python3-sss_2.9.4-1ubuntu1_s390x.deb ... 468s Unpacking python3-sss (2.9.4-1ubuntu1) ... 468s Selecting previously unselected package libsss-idmap0. 468s Preparing to unpack .../22-libsss-idmap0_2.9.4-1ubuntu1_s390x.deb ... 468s Unpacking libsss-idmap0 (2.9.4-1ubuntu1) ... 468s Selecting previously unselected package libnss-sss:s390x. 468s Preparing to unpack .../23-libnss-sss_2.9.4-1ubuntu1_s390x.deb ... 468s Unpacking libnss-sss:s390x (2.9.4-1ubuntu1) ... 468s Selecting previously unselected package libpam-sss:s390x. 468s Preparing to unpack .../24-libpam-sss_2.9.4-1ubuntu1_s390x.deb ... 468s Unpacking libpam-sss:s390x (2.9.4-1ubuntu1) ... 468s Selecting previously unselected package libc-ares2:s390x. 468s Preparing to unpack .../25-libc-ares2_1.27.0-1_s390x.deb ... 468s Unpacking libc-ares2:s390x (1.27.0-1) ... 468s Selecting previously unselected package libdhash1:s390x. 468s Preparing to unpack .../26-libdhash1_0.6.2-2_s390x.deb ... 468s Unpacking libdhash1:s390x (0.6.2-2) ... 468s Selecting previously unselected package libbasicobjects0:s390x. 468s Preparing to unpack .../27-libbasicobjects0_0.6.2-2_s390x.deb ... 468s Unpacking libbasicobjects0:s390x (0.6.2-2) ... 468s Selecting previously unselected package libcollection4:s390x. 468s Preparing to unpack .../28-libcollection4_0.6.2-2_s390x.deb ... 468s Unpacking libcollection4:s390x (0.6.2-2) ... 468s Selecting previously unselected package libpath-utils1:s390x. 468s Preparing to unpack .../29-libpath-utils1_0.6.2-2_s390x.deb ... 468s Unpacking libpath-utils1:s390x (0.6.2-2) ... 468s Selecting previously unselected package libref-array1:s390x. 468s Preparing to unpack .../30-libref-array1_0.6.2-2_s390x.deb ... 468s Unpacking libref-array1:s390x (0.6.2-2) ... 468s Selecting previously unselected package libini-config5:s390x. 468s Preparing to unpack .../31-libini-config5_0.6.2-2_s390x.deb ... 468s Unpacking libini-config5:s390x (0.6.2-2) ... 468s Selecting previously unselected package libsss-certmap0. 468s Preparing to unpack .../32-libsss-certmap0_2.9.4-1ubuntu1_s390x.deb ... 468s Unpacking libsss-certmap0 (2.9.4-1ubuntu1) ... 468s Selecting previously unselected package libsss-nss-idmap0. 468s Preparing to unpack .../33-libsss-nss-idmap0_2.9.4-1ubuntu1_s390x.deb ... 468s Unpacking libsss-nss-idmap0 (2.9.4-1ubuntu1) ... 468s Selecting previously unselected package sssd-common. 468s Preparing to unpack .../34-sssd-common_2.9.4-1ubuntu1_s390x.deb ... 468s Unpacking sssd-common (2.9.4-1ubuntu1) ... 468s Selecting previously unselected package sssd-ad-common. 468s Preparing to unpack .../35-sssd-ad-common_2.9.4-1ubuntu1_s390x.deb ... 468s Unpacking sssd-ad-common (2.9.4-1ubuntu1) ... 468s Selecting previously unselected package sssd-krb5-common. 468s Preparing to unpack .../36-sssd-krb5-common_2.9.4-1ubuntu1_s390x.deb ... 468s Unpacking sssd-krb5-common (2.9.4-1ubuntu1) ... 468s Selecting previously unselected package libsmbclient:s390x. 468s Preparing to unpack .../37-libsmbclient_2%3a4.19.5+dfsg-1ubuntu1_s390x.deb ... 468s Unpacking libsmbclient:s390x (2:4.19.5+dfsg-1ubuntu1) ... 468s Selecting previously unselected package sssd-ad. 468s Preparing to unpack .../38-sssd-ad_2.9.4-1ubuntu1_s390x.deb ... 468s Unpacking sssd-ad (2.9.4-1ubuntu1) ... 468s Selecting previously unselected package libipa-hbac0. 468s Preparing to unpack .../39-libipa-hbac0_2.9.4-1ubuntu1_s390x.deb ... 468s Unpacking libipa-hbac0 (2.9.4-1ubuntu1) ... 469s Selecting previously unselected package sssd-ipa. 469s Preparing to unpack .../40-sssd-ipa_2.9.4-1ubuntu1_s390x.deb ... 469s Unpacking sssd-ipa (2.9.4-1ubuntu1) ... 469s Selecting previously unselected package sssd-krb5. 469s Preparing to unpack .../41-sssd-krb5_2.9.4-1ubuntu1_s390x.deb ... 469s Unpacking sssd-krb5 (2.9.4-1ubuntu1) ... 469s Selecting previously unselected package sssd-ldap. 469s Preparing to unpack .../42-sssd-ldap_2.9.4-1ubuntu1_s390x.deb ... 469s Unpacking sssd-ldap (2.9.4-1ubuntu1) ... 469s Selecting previously unselected package sssd-proxy. 469s Preparing to unpack .../43-sssd-proxy_2.9.4-1ubuntu1_s390x.deb ... 469s Unpacking sssd-proxy (2.9.4-1ubuntu1) ... 469s Selecting previously unselected package sssd. 469s Preparing to unpack .../44-sssd_2.9.4-1ubuntu1_s390x.deb ... 469s Unpacking sssd (2.9.4-1ubuntu1) ... 469s Selecting previously unselected package autopkgtest-satdep. 469s Preparing to unpack .../45-3-autopkgtest-satdep.deb ... 469s Unpacking autopkgtest-satdep (0) ... 469s Setting up libpwquality-common (1.4.5-3) ... 469s Setting up libpath-utils1:s390x (0.6.2-2) ... 469s Setting up softhsm2-common (2.6.1-2.2) ... 469s 469s Creating config file /etc/softhsm/softhsm2.conf with new version 469s Setting up libnfsidmap1:s390x (1:2.6.3-3ubuntu1) ... 469s Setting up libsss-idmap0 (2.9.4-1ubuntu1) ... 469s Setting up libbasicobjects0:s390x (0.6.2-2) ... 469s Setting up libtdb1:s390x (1.4.10-1) ... 469s Setting up libc-ares2:s390x (1.27.0-1) ... 469s Setting up libwbclient0:s390x (2:4.19.5+dfsg-1ubuntu1) ... 469s Setting up libtalloc2:s390x (2.4.2-1) ... 469s Setting up libdhash1:s390x (0.6.2-2) ... 469s Setting up libtevent0:s390x (0.16.1-1) ... 469s Setting up libavahi-common-data:s390x (0.8-13ubuntu2) ... 469s Setting up libevent-2.1-7:s390x (2.1.12-stable-9) ... 469s Setting up libcrack2:s390x (2.9.6-5.1) ... 469s Setting up libcollection4:s390x (0.6.2-2) ... 469s Setting up libipa-hbac0 (2.9.4-1ubuntu1) ... 469s Setting up libref-array1:s390x (0.6.2-2) ... 469s Setting up libldb2:s390x (2:2.8.0+samba4.19.5+dfsg-1ubuntu1) ... 469s Setting up libsss-nss-idmap0 (2.9.4-1ubuntu1) ... 469s Setting up libnss-sss:s390x (2.9.4-1ubuntu1) ... 469s Setting up libsofthsm2 (2.6.1-2.2) ... 469s Setting up softhsm2 (2.6.1-2.2) ... 469s Setting up libini-config5:s390x (0.6.2-2) ... 469s Setting up libavahi-common3:s390x (0.8-13ubuntu2) ... 469s Setting up python3-sss (2.9.4-1ubuntu1) ... 469s Setting up libsss-certmap0 (2.9.4-1ubuntu1) ... 469s Setting up libunbound8:s390x (1.19.1-1ubuntu1) ... 469s Setting up libpwquality1:s390x (1.4.5-3) ... 469s Setting up libavahi-client3:s390x (0.8-13ubuntu2) ... 469s Setting up libgnutls-dane0:s390x (3.8.3-1ubuntu1) ... 469s Setting up libpam-pwquality:s390x (1.4.5-3) ... 469s Setting up samba-libs:s390x (2:4.19.5+dfsg-1ubuntu1) ... 469s Setting up libsmbclient:s390x (2:4.19.5+dfsg-1ubuntu1) ... 469s Setting up libpam-sss:s390x (2.9.4-1ubuntu1) ... 469s Setting up gnutls-bin (3.8.3-1ubuntu1) ... 469s Setting up sssd-common (2.9.4-1ubuntu1) ... 469s Creating SSSD system user & group... 469s warn: The home directory `/var/lib/sss' already exists. Not touching this directory. 469s warn: Warning: The home directory `/var/lib/sss' does not belong to the user you are currently creating. 469s Warning: found usr.sbin.sssd in /etc/apparmor.d/force-complain, forcing complain mode 469s Warning from /etc/apparmor.d/usr.sbin.sssd (/etc/apparmor.d/usr.sbin.sssd line 63): Caching disabled for: 'usr.sbin.sssd' due to force complain 470s Created symlink /etc/systemd/system/sssd.service.wants/sssd-autofs.socket → /usr/lib/systemd/system/sssd-autofs.socket. 470s Created symlink /etc/systemd/system/sssd.service.wants/sssd-nss.socket → /usr/lib/systemd/system/sssd-nss.socket. 471s Created symlink /etc/systemd/system/sssd.service.wants/sssd-pam-priv.socket → /usr/lib/systemd/system/sssd-pam-priv.socket. 471s Created symlink /etc/systemd/system/sssd.service.wants/sssd-pam.socket → /usr/lib/systemd/system/sssd-pam.socket. 471s Created symlink /etc/systemd/system/sssd.service.wants/sssd-ssh.socket → /usr/lib/systemd/system/sssd-ssh.socket. 471s Created symlink /etc/systemd/system/sssd.service.wants/sssd-sudo.socket → /usr/lib/systemd/system/sssd-sudo.socket. 472s Created symlink /etc/systemd/system/multi-user.target.wants/sssd.service → /usr/lib/systemd/system/sssd.service. 472s sssd-autofs.service is a disabled or a static unit, not starting it. 472s sssd-nss.service is a disabled or a static unit, not starting it. 472s sssd-pam.service is a disabled or a static unit, not starting it. 472s sssd-ssh.service is a disabled or a static unit, not starting it. 472s sssd-sudo.service is a disabled or a static unit, not starting it. 472s Could not execute systemctl: at /usr/bin/deb-systemd-invoke line 148. 472s Setting up sssd-proxy (2.9.4-1ubuntu1) ... 472s Setting up sssd-ad-common (2.9.4-1ubuntu1) ... 472s Created symlink /etc/systemd/system/sssd.service.wants/sssd-pac.socket → /usr/lib/systemd/system/sssd-pac.socket. 473s sssd-pac.service is a disabled or a static unit, not starting it. 473s Could not execute systemctl: at /usr/bin/deb-systemd-invoke line 148. 473s Setting up sssd-krb5-common (2.9.4-1ubuntu1) ... 473s Setting up sssd-krb5 (2.9.4-1ubuntu1) ... 473s Setting up sssd-ldap (2.9.4-1ubuntu1) ... 473s Setting up sssd-ad (2.9.4-1ubuntu1) ... 473s Setting up sssd-ipa (2.9.4-1ubuntu1) ... 473s Setting up sssd (2.9.4-1ubuntu1) ... 473s Setting up autopkgtest-satdep (0) ... 473s Processing triggers for man-db (2.12.0-3) ... 474s Processing triggers for libc-bin (2.39-0ubuntu2) ... 477s (Reading database ... 52317 files and directories currently installed.) 477s Removing autopkgtest-satdep (0) ... 484s autopkgtest [04:29:40]: test sssd-softhism2-certificates-tests.sh: [----------------------- 484s + '[' -z ubuntu ']' 484s + required_tools=(p11tool openssl softhsm2-util) 484s + for cmd in "${required_tools[@]}" 484s + command -v p11tool 484s + for cmd in "${required_tools[@]}" 484s + command -v openssl 484s + for cmd in "${required_tools[@]}" 484s + command -v softhsm2-util 484s + PIN=053350 484s +++ find /usr/lib/softhsm/libsofthsm2.so 484s +++ head -n 1 484s ++ realpath /usr/lib/softhsm/libsofthsm2.so 484s + SOFTHSM2_MODULE=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so 484s + SSSD_P11_CHILD=/usr/libexec/sssd/p11_child 484s + TOKEN_ID=00112233445566778899FFAABBCCDDEEFF012345 484s + '[' '!' -v NO_SSSD_TESTS ']' 484s + '[' '!' -x /usr/libexec/sssd/p11_child ']' 484s + ca_db_arg=ca_db 484s ++ /usr/libexec/sssd/p11_child --help 484s + p11_child_help='Usage: p11_child [OPTION...] 484s -d, --debug-level=INT Debug level 484s --debug-timestamps=INT Add debug timestamps 484s --debug-microseconds=INT Show timestamps with microseconds 484s --dumpable=INT Allow core dumps 484s --debug-fd=INT An open file descriptor for the debug 484s logs 484s --logger=stderr|files|journald Set logger 484s --auth Run in auth mode 484s --pre Run in pre-auth mode 484s --wait_for_card Wait until card is available 484s --verification Run in verification mode 484s --pin Expect PIN on stdin 484s --keypad Expect PIN on keypad 484s --verify=STRING Tune validation 484s --ca_db=STRING CA DB to use 484s --module_name=STRING Module name for authentication 484s --token_name=STRING Token name for authentication 484s --key_id=STRING Key ID for authentication 484s --label=STRING Label for authentication 484s --certificate=STRING certificate to verify, base64 encoded 484s --uri=STRING PKCS#11 URI to restrict selection 484s --chain-id=LONG Tevent chain ID used for logging 484s purposes 484s 484s Help options: 484s -?, --help Show this help message 484s --usage Display brief usage message' 484s + echo 'Usage: p11_child [OPTION...] 484s -d, --debug-level=INT Debug level 484s --debug-timestamps=INT Add debug timestamps 484s --debug-microseconds=INT Show timestamps with microseconds 484s --dumpable=INT Allow core dumps 484s --debug-fd=INT An open file descriptor for the debug 484s logs 484s --logger=stderr|files|journald Set logger 484s --auth Run in auth mode 484s --pre Run in pre-auth mode 484s --wait_for_card Wait until card is available 484s --verification Run in verification mode 484s --pin Expect PIN on stdin 484s --keypad Expect PIN on keypad 484s --verify=STRING Tune validation 484s --ca_db=STRING CA DB to use 484s --module_name=STRING Module name for authentication 484s --token_name=STRING Token name for authentication 484s --key_id=STRING Key ID for authentication 484s --label=STRING Label for authentication 484s --certificate=STRING certificate to verify, base64 encoded 484s --uri=STRING PKCS#11 URI to restrict selection 484s --chain-id=LONG Tevent chain ID used for logging 484s purposes 484s 484s Help options: 484s -?, --help Show this help message 484s --usage Display brief usage message' 484s + grep nssdb -qs 484s + echo 'Usage: p11_child [OPTION...] 484s -d, --debug-level=INT Debug level 484s + grep -qs -- --ca_db 484s --debug-timestamps=INT Add debug timestamps 484s --debug-microseconds=INT Show timestamps with microseconds 484s --dumpable=INT Allow core dumps 484s --debug-fd=INT An open file descriptor for the debug 484s logs 484s --logger=stderr|files|journald Set logger 484s --auth Run in auth mode 484s --pre Run in pre-auth mode 484s --wait_for_card Wait until card is available 484s --verification Run in verification mode 484s --pin Expect PIN on stdin 484s --keypad Expect PIN on keypad 484s --verify=STRING Tune validation 484s --ca_db=STRING CA DB to use 484s --module_name=STRING Module name for authentication 484s --token_name=STRING Token name for authentication 484s --key_id=STRING Key ID for authentication 484s --label=STRING Label for authentication 484s --certificate=STRING certificate to verify, base64 encoded 484s --uri=STRING PKCS#11 URI to restrict selection 484s --chain-id=LONG Tevent chain ID used for logging 484s purposes 484s 484s Help options: 484s -?, --help Show this help message 484s --usage Display brief usage message' 484s + '[' '!' -e /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so ']' 484s ++ mktemp -d -t sssd-softhsm2-XXXXXX 484s + tmpdir=/tmp/sssd-softhsm2-GcvsPX 484s + keys_size=1024 484s + [[ ! -v KEEP_TEMPORARY_FILES ]] 484s + trap 'rm -rf "$tmpdir"' EXIT 484s + trap 'set +x; echo -e "\nUnexpected failure!!!"' ERR 484s + echo -n 01 484s + touch /tmp/sssd-softhsm2-GcvsPX/index.txt 484s + mkdir -p /tmp/sssd-softhsm2-GcvsPX/new_certs 484s + cat 484s + root_ca_key_pass=pass:random-root-CA-password-29749 484s + openssl genrsa -aes256 -out /tmp/sssd-softhsm2-GcvsPX/test-root-CA-key.pem -passout pass:random-root-CA-password-29749 1024 484s + openssl req -passin pass:random-root-CA-password-29749 -batch -config /tmp/sssd-softhsm2-GcvsPX/test-root-CA.config -x509 -new -nodes -key /tmp/sssd-softhsm2-GcvsPX/test-root-CA-key.pem -sha256 -days 1024 -set_serial 0 -extensions v3_ca -out /tmp/sssd-softhsm2-GcvsPX/test-root-CA.pem 484s + openssl x509 -noout -in /tmp/sssd-softhsm2-GcvsPX/test-root-CA.pem 484s + cat 484s + intermediate_ca_key_pass=pass:random-intermediate-CA-password-8915 484s + openssl genrsa -aes256 -out /tmp/sssd-softhsm2-GcvsPX/test-intermediate-CA-key.pem -passout pass:random-intermediate-CA-password-8915 1024 484s + openssl req -batch -new -nodes -passin pass:random-intermediate-CA-password-8915 -config /tmp/sssd-softhsm2-GcvsPX/test-intermediate-CA.config -key /tmp/sssd-softhsm2-GcvsPX/test-intermediate-CA-key.pem -passout pass:random-root-CA-password-29749 -sha256 -extensions v3_ca -out /tmp/sssd-softhsm2-GcvsPX/test-intermediate-CA-certificate-request.pem 484s + openssl req -text -noout -in /tmp/sssd-softhsm2-GcvsPX/test-intermediate-CA-certificate-request.pem 484s Certificate Request: 484s Data: 484s Version: 1 (0x0) 484s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate CA 484s Subject Public Key Info: 484s Public Key Algorithm: rsaEncryption 484s Public-Key: (1024 bit) 484s Modulus: 484s 00:bd:3e:36:ae:af:43:30:19:d3:8b:f3:f3:e9:78: 484s 26:53:38:84:17:66:ba:ed:1f:64:9f:3b:b5:81:3a: 484s 99:e4:e7:05:05:52:ff:b1:ce:8a:3c:7b:10:a7:32: 484s 1d:45:8b:bf:15:3f:4f:27:2d:97:1d:76:60:60:05: 484s 62:1a:49:84:2f:6b:75:df:e3:e2:b4:ec:e2:ed:c9: 484s c8:d8:04:b0:a3:cf:b6:9d:91:9c:7a:f0:fc:35:24: 484s 38:9d:b2:b9:39:41:be:0d:df:e1:cc:8c:93:8a:30: 484s 04:be:ed:02:1e:65:01:e2:02:aa:46:51:78:d7:41: 484s d7:cb:f2:d4:3b:ae:76:ba:f7 484s Exponent: 65537 (0x10001) 484s Attributes: 484s (none) 484s Requested Extensions: 484s Signature Algorithm: sha256WithRSAEncryption 484s Signature Value: 484s 4e:85:6a:06:ba:11:f1:57:1c:18:7b:e3:3c:34:1a:26:16:73: 484s 2b:3a:36:a2:66:22:54:ae:20:ea:95:f8:b4:34:d4:fd:0b:6a: 484s 2e:b4:93:9e:e6:0b:f6:32:f3:2f:4b:ee:5c:2f:df:3d:4b:4c: 484s 3f:ed:ca:18:8a:90:59:6b:38:ee:e2:54:02:33:5b:56:07:a0: 484s bd:9d:0f:cb:e8:d0:35:34:be:20:db:8d:55:63:4b:7f:c6:70: 484s 14:fc:ce:b8:8a:6f:ff:17:ea:65:47:37:3c:bf:c7:db:ea:05: 484s 32:15:d7:d4:e5:93:a4:cb:7f:49:1b:71:5f:0a:eb:89:de:c5: 484s a4:fb 484s + openssl ca -batch -notext -config /tmp/sssd-softhsm2-GcvsPX/test-root-CA.config -passin pass:random-root-CA-password-29749 -keyfile /tmp/sssd-softhsm2-GcvsPX/test-root-CA-key.pem -in /tmp/sssd-softhsm2-GcvsPX/test-intermediate-CA-certificate-request.pem -days 365 -extensions v3_intermediate_ca -out /tmp/sssd-softhsm2-GcvsPX/test-intermediate-CA.pem 484s Using configuration from /tmp/sssd-softhsm2-GcvsPX/test-root-CA.config 484s Check that the request matches the signature 484s Signature ok 484s Certificate Details: 484s Serial Number: 1 (0x1) 484s Validity 484s Not Before: Mar 21 04:29:38 2024 GMT 484s Not After : Mar 21 04:29:38 2025 GMT 484s Subject: 484s organizationName = Test Organization 484s organizationalUnitName = Test Organization Unit 484s commonName = Test Organization Intermediate CA 484s X509v3 extensions: 484s X509v3 Subject Key Identifier: 484s 74:FD:D9:A8:9F:82:FD:62:62:80:C5:E2:83:D3:E3:01:CB:15:7A:6A 484s X509v3 Authority Key Identifier: 484s keyid:89:8D:63:AB:A2:E0:29:05:93:CC:C0:49:C1:1C:32:86:E4:BE:D7:6F 484s DirName:/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root CA 484s serial:00 484s X509v3 Basic Constraints: 484s CA:TRUE 484s X509v3 Key Usage: critical 484s Digital Signature, Certificate Sign, CRL Sign 484s Certificate is to be certified until Mar 21 04:29:38 2025 GMT (365 days) 484s 484s Write out database with 1 new entries 484s Database updated 484s + openssl x509 -noout -in /tmp/sssd-softhsm2-GcvsPX/test-intermediate-CA.pem 484s + openssl verify -CAfile /tmp/sssd-softhsm2-GcvsPX/test-root-CA.pem /tmp/sssd-softhsm2-GcvsPX/test-intermediate-CA.pem 484s /tmp/sssd-softhsm2-GcvsPX/test-intermediate-CA.pem: OK 484s + cat 484s + sub_intermediate_ca_key_pass=pass:random-sub-intermediate-CA-password-32153 484s + openssl genrsa -aes256 -out /tmp/sssd-softhsm2-GcvsPX/test-sub-intermediate-CA-key.pem -passout pass:random-sub-intermediate-CA-password-32153 1024 484s + openssl req -batch -new -nodes -passin pass:random-sub-intermediate-CA-password-32153 -config /tmp/sssd-softhsm2-GcvsPX/test-sub-intermediate-CA.config -key /tmp/sssd-softhsm2-GcvsPX/test-sub-intermediate-CA-key.pem -passout pass:random-intermediate-CA-password-8915 -sha256 -extensions v3_ca -out /tmp/sssd-softhsm2-GcvsPX/test-sub-intermediate-CA-certificate-request.pem 484s + openssl req -text -noout -in /tmp/sssd-softhsm2-GcvsPX/test-sub-intermediate-CA-certificate-request.pem 484s Certificate Request: 484s Data: 484s Version: 1 (0x0) 484s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate CA 484s Subject Public Key Info: 484s Public Key Algorithm: rsaEncryption 484s Public-Key: (1024 bit) 484s Modulus: 484s 00:de:e4:f7:98:a4:34:3b:4b:ad:19:63:7d:95:87: 484s 86:9c:0a:eb:ed:cc:35:d1:48:98:71:a5:2a:02:8c: 484s 49:a3:3c:76:a1:54:43:c8:b4:e9:f3:64:64:22:ed: 484s 2f:06:7f:32:a3:a7:66:5f:70:01:4a:22:67:c6:ea: 484s 48:17:bf:49:36:73:12:c1:8b:0a:a0:7c:1d:8a:3e: 484s 15:95:f5:50:4b:7b:ed:73:da:d2:b4:39:6b:c4:fe: 484s 16:d5:21:e2:96:15:8b:34:00:9f:a5:ba:95:5f:2c: 484s 15:9b:60:9a:c5:d4:0c:4f:83:00:55:12:1a:43:46: 484s f2:49:58:21:7e:20:5f:97:1f 484s Exponent: 65537 (0x10001) 484s Attributes: 484s (none) 484s Requested Extensions: 484s Signature Algorithm: sha256WithRSAEncryption 484s Signature Value: 484s d0:35:99:d7:64:16:a0:79:d9:fd:2b:a6:10:72:74:59:ed:0f: 484s 76:2b:84:d3:9f:c2:2e:24:f4:e6:cc:59:b6:ff:c3:05:69:81: 484s 57:ed:33:12:8e:28:c0:bb:45:63:65:7a:38:d3:d8:c3:1f:f9: 484s 7d:04:ca:e6:3f:41:36:75:f5:99:15:2c:d2:c8:f2:cf:09:dc: 484s 6c:33:97:5d:5e:1a:d2:17:8f:4f:c8:24:77:97:ae:00:bb:20: 484s 49:7d:c3:cc:03:73:aa:67:5b:85:90:cc:09:e9:46:a3:d8:b3: 484s f7:38:9c:78:c5:8d:22:32:57:38:33:7e:6f:d0:7e:05:45:4b: 484s 96:35 484s + openssl ca -batch -notext -config /tmp/sssd-softhsm2-GcvsPX/test-intermediate-CA.config -passin pass:random-intermediate-CA-password-8915 -keyfile /tmp/sssd-softhsm2-GcvsPX/test-intermediate-CA-key.pem -in /tmp/sssd-softhsm2-GcvsPX/test-sub-intermediate-CA-certificate-request.pem -days 365 -extensions v3_intermediate_ca -out /tmp/sssd-softhsm2-GcvsPX/test-sub-intermediate-CA.pem 484s Using configuration from /tmp/sssd-softhsm2-GcvsPX/test-intermediate-CA.config 484s Check that the request matches the signature 484s Signature ok 484s Certificate Details: 484s Serial Number: 2 (0x2) 484s Validity 484s Not Before: Mar 21 04:29:39 2024 GMT 484s Not After : Mar 21 04:29:39 2025 GMT 484s Subject: 484s organizationName = Test Organization 484s organizationalUnitName = Test Organization Unit 484s commonName = Test Organization Sub Intermediate CA 484s X509v3 extensions: 484s X509v3 Subject Key Identifier: 484s A4:AB:CC:91:E8:43:9F:7A:94:C1:64:41:93:66:F5:7A:17:5E:DF:32 484s X509v3 Authority Key Identifier: 484s keyid:74:FD:D9:A8:9F:82:FD:62:62:80:C5:E2:83:D3:E3:01:CB:15:7A:6A 484s DirName:/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root CA 484s serial:01 484s X509v3 Basic Constraints: 484s CA:TRUE 484s X509v3 Key Usage: critical 484s Digital Signature, Certificate Sign, CRL Sign 484s Certificate is to be certified until Mar 21 04:29:39 2025 GMT (365 days) 484s 484s Write out database with 1 new entries 484s Database updated 484s + openssl x509 -noout -in /tmp/sssd-softhsm2-GcvsPX/test-sub-intermediate-CA.pem 484s + openssl verify -partial_chain -CAfile /tmp/sssd-softhsm2-GcvsPX/test-intermediate-CA.pem /tmp/sssd-softhsm2-GcvsPX/test-sub-intermediate-CA.pem 484s /tmp/sssd-softhsm2-GcvsPX/test-sub-intermediate-CA.pem: OK 484s + expect_fail openssl verify -CAfile /tmp/sssd-softhsm2-GcvsPX/test-root-CA.pem /tmp/sssd-softhsm2-GcvsPX/test-sub-intermediate-CA.pem 484s + local cmd=openssl 484s + shift 484s + openssl verify -CAfile /tmp/sssd-softhsm2-GcvsPX/test-root-CA.pem /tmp/sssd-softhsm2-GcvsPX/test-sub-intermediate-CA.pem 484s O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate CA 484s error 20 at 0 depth lookup: unable to get local issuer certificate 484s error /tmp/sssd-softhsm2-GcvsPX/test-sub-intermediate-CA.pem: verification failed 484s + cat 484s + root_ca_trusted_cert_0001_key_pass=pass:random-root-ca-trusted-cert-0001-17636 484s + openssl genrsa -aes256 -out /tmp/sssd-softhsm2-GcvsPX/test-root-CA-trusted-certificate-0001-key.pem -passout pass:random-root-ca-trusted-cert-0001-17636 1024 484s + openssl req -new -nodes -reqexts req_exts -passin pass:random-root-ca-trusted-cert-0001-17636 -key /tmp/sssd-softhsm2-GcvsPX/test-root-CA-trusted-certificate-0001-key.pem -config /tmp/sssd-softhsm2-GcvsPX/test-root-CA-trusted-certificate-0001.config -out /tmp/sssd-softhsm2-GcvsPX/test-root-CA-trusted-certificate-0001-request.pem 484s + openssl req -text -noout -in /tmp/sssd-softhsm2-GcvsPX/test-root-CA-trusted-certificate-0001-request.pem 484s Certificate Request: 484s Data: 484s Version: 1 (0x0) 484s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root Trusted Certificate 0001 484s Subject Public Key Info: 484s Public Key Algorithm: rsaEncryption 484s Public-Key: (1024 bit) 484s Modulus: 484s 00:b7:4c:8c:62:a8:04:e0:ba:7d:1a:96:fe:6d:59: 484s 16:62:65:0f:a5:4c:a9:72:16:5f:6b:6f:b3:4c:d6: 484s df:95:18:8a:c7:ca:a3:98:38:08:d8:d9:7e:65:2e: 484s 9e:a0:f0:b4:c5:09:92:d7:9c:91:0d:06:12:1c:d6: 484s fd:f0:52:c0:91:cc:18:b7:11:13:92:f8:4d:f8:b1: 484s 2d:7d:f7:09:aa:81:6f:66:4e:09:34:4e:d9:5a:00: 484s eb:b4:7c:7a:0e:e5:12:e3:4d:bb:42:3a:6d:b3:be: 484s 93:dd:a7:52:29:1e:d7:4b:fc:c0:d1:ad:de:52:5c: 484s 71:fa:65:05:28:d7:d0:6a:a7 484s Exponent: 65537 (0x10001) 484s Attributes: 484s Requested Extensions: 484s X509v3 Basic Constraints: 484s CA:FALSE 484s Netscape Cert Type: 484s SSL Client, S/MIME 484s Netscape Comment: 484s Test Organization Root CA trusted Certificate 484s X509v3 Subject Key Identifier: 484s 0A:2C:32:93:65:73:D2:16:B8:46:61:13:01:ED:5D:E8:ED:FC:96:73 484s X509v3 Key Usage: critical 484s Digital Signature, Non Repudiation, Key Encipherment 484s X509v3 Extended Key Usage: 484s TLS Web Client Authentication, E-mail Protection 484s X509v3 Subject Alternative Name: 484s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 484s Signature Algorithm: sha256WithRSAEncryption 484s Signature Value: 484s ac:42:74:1e:70:f1:dc:82:1c:01:12:18:da:79:36:7c:52:2a: 484s 68:00:0b:77:48:15:0e:67:be:58:26:22:39:b4:da:f8:8a:5f: 484s d3:10:14:a0:6e:82:91:38:6e:e2:55:6f:10:8c:1b:e6:e3:87: 484s ba:47:ec:97:a4:c1:43:aa:76:ac:54:ba:c1:6f:e1:58:3f:51: 484s 8f:29:c6:d3:d1:3e:b9:ad:8f:26:32:07:2c:c3:6a:33:17:9c: 484s a3:37:9a:f3:9e:f3:c9:62:d1:87:e2:9e:7b:55:95:41:eb:d5: 484s 2a:11:92:5b:26:ff:c8:9b:97:50:5f:fa:e4:da:1b:d1:c1:b1: 484s 61:af 484s + openssl ca -batch -notext -config /tmp/sssd-softhsm2-GcvsPX/test-root-CA.config -passin pass:random-root-CA-password-29749 -keyfile /tmp/sssd-softhsm2-GcvsPX/test-root-CA-key.pem -in /tmp/sssd-softhsm2-GcvsPX/test-root-CA-trusted-certificate-0001-request.pem -days 365 -extensions usr_cert -out /tmp/sssd-softhsm2-GcvsPX/test-root-CA-trusted-certificate-0001.pem 484s Using configuration from /tmp/sssd-softhsm2-GcvsPX/test-root-CA.config 484s Check that the request matches the signature 484s Signature ok 484s Certificate Details: 484s Serial Number: 3 (0x3) 484s Validity 484s Not Before: Mar 21 04:29:39 2024 GMT 484s Not After : Mar 21 04:29:39 2025 GMT 484s Subject: 484s organizationName = Test Organization 484s organizationalUnitName = Test Organization Unit 484s commonName = Test Organization Root Trusted Certificate 0001 484s X509v3 extensions: 484s X509v3 Authority Key Identifier: 484s 89:8D:63:AB:A2:E0:29:05:93:CC:C0:49:C1:1C:32:86:E4:BE:D7:6F 484s X509v3 Basic Constraints: 484s CA:FALSE 484s Netscape Cert Type: 484s SSL Client, S/MIME 484s Netscape Comment: 484s Test Organization Root CA trusted Certificate 484s X509v3 Subject Key Identifier: 484s 0A:2C:32:93:65:73:D2:16:B8:46:61:13:01:ED:5D:E8:ED:FC:96:73 484s X509v3 Key Usage: critical 484s Digital Signature, Non Repudiation, Key Encipherment 484s X509v3 Extended Key Usage: 484s TLS Web Client Authentication, E-mail Protection 484s X509v3 Subject Alternative Name: 484s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 484s Certificate is to be certified until Mar 21 04:29:39 2025 GMT (365 days) 484s 484s Write out database with 1 new entries 484s Database updated 484s + openssl x509 -noout -in /tmp/sssd-softhsm2-GcvsPX/test-root-CA-trusted-certificate-0001.pem 484s + openssl verify -CAfile /tmp/sssd-softhsm2-GcvsPX/test-root-CA.pem /tmp/sssd-softhsm2-GcvsPX/test-root-CA-trusted-certificate-0001.pem 484s /tmp/sssd-softhsm2-GcvsPX/test-root-CA-trusted-certificate-0001.pem: OK 484s + expect_fail openssl verify -CAfile /tmp/sssd-softhsm2-GcvsPX/test-intermediate-CA.pem /tmp/sssd-softhsm2-GcvsPX/test-root-CA-trusted-certificate-0001.pem 484s + local cmd=openssl 484s + shift 484s + openssl verify -CAfile /tmp/sssd-softhsm2-GcvsPX/test-intermediate-CA.pem /tmp/sssd-softhsm2-GcvsPX/test-root-CA-trusted-certificate-0001.pem 484s O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root Trusted Certificate 0001 484s error 20 at 0 depth lookup: unable to get local issuer certificate 484s error /tmp/sssd-softhsm2-GcvsPX/test-root-CA-trusted-certificate-0001.pem: verification failed 484s + cat 484s + intermediate_ca_trusted_cert_0001_key_pass=pass:random-intermediate-ca-trusted-cert-0001-6367 484s + openssl genrsa -aes256 -out /tmp/sssd-softhsm2-GcvsPX/test-intermediate-CA-trusted-certificate-0001-key.pem -passout pass:random-intermediate-ca-trusted-cert-0001-6367 1024 484s + openssl req -new -nodes -reqexts req_exts -passin pass:random-intermediate-ca-trusted-cert-0001-6367 -key /tmp/sssd-softhsm2-GcvsPX/test-intermediate-CA-trusted-certificate-0001-key.pem -config /tmp/sssd-softhsm2-GcvsPX/test-intermediate-CA-trusted-certificate-0001.config -out /tmp/sssd-softhsm2-GcvsPX/test-intermediate-CA-trusted-certificate-0001-request.pem 484s + openssl req -text -noout -in /tmp/sssd-softhsm2-GcvsPX/test-intermediate-CA-trusted-certificate-0001-request.pem 484s Certificate Request: 484s Data: 484s Version: 1 (0x0) 484s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate Trusted Certificate 0001 484s Subject Public Key Info: 484s Public Key Algorithm: rsaEncryption 484s Public-Key: (1024 bit) 484s Modulus: 484s 00:db:c0:0d:02:33:24:61:23:cf:3d:44:cb:a1:f1: 484s f5:83:a7:a5:f6:f2:2d:95:75:27:be:d0:a6:b9:cd: 484s 58:87:bb:f3:c6:a4:48:4f:8f:d1:6c:f9:43:50:1c: 484s ef:65:c5:d3:4b:6c:95:c6:83:a4:b3:5f:66:32:b5: 484s dc:11:1e:24:42:04:4a:66:60:33:65:7f:b9:eb:4d: 484s bb:2c:da:0c:f7:a6:c1:3f:34:0d:7f:28:1d:4f:71: 484s a9:1e:93:10:14:76:d1:70:07:a8:bb:a3:50:e1:80: 484s 6a:e5:96:43:fa:ac:85:b9:72:24:27:59:a0:91:94: 484s 73:67:8f:df:27:46:48:77:a5 484s Exponent: 65537 (0x10001) 484s Attributes: 484s Requested Extensions: 484s X509v3 Basic Constraints: 484s CA:FALSE 484s Netscape Cert Type: 484s SSL Client, S/MIME 484s Netscape Comment: 484s Test Organization Intermediate CA trusted Certificate 484s X509v3 Subject Key Identifier: 484s 49:12:9B:F7:23:04:01:51:3D:D1:7D:FB:F4:7F:37:C3:66:DF:8E:AB 484s X509v3 Key Usage: critical 484s Digital Signature, Non Repudiation, Key Encipherment 484s X509v3 Extended Key Usage: 484s TLS Web Client Authentication, E-mail Protection 484s X509v3 Subject Alternative Name: 484s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 484s Signature Algorithm: sha256WithRSAEncryption 484s Signature Value: 484s 53:0a:59:67:dd:70:f0:1d:a4:81:02:c1:d9:0a:b5:02:87:23: 484s 8c:16:0a:f7:4c:4f:58:f2:d0:5b:75:0c:8a:f5:e2:db:62:e6: 484s b0:0a:f2:ce:f0:77:61:b6:81:50:f4:68:85:20:e0:11:a9:35: 484s 77:0a:88:3a:b6:88:e5:b7:c8:75:1c:65:48:2d:f9:c6:9e:32: 484s 9a:84:df:54:5a:c8:ae:fa:76:cf:c9:71:a3:bf:ed:63:78:2f: 484s f6:46:6d:e0:9c:08:04:8b:64:5c:d9:3f:45:1a:6c:07:d1:d7: 484s c6:ff:31:f7:7e:e4:61:1d:39:83:8c:f7:0a:e0:90:a3:a8:3e: 484s 10:d3 484s + openssl ca -passin pass:random-intermediate-CA-password-8915 -config /tmp/sssd-softhsm2-GcvsPX/test-intermediate-CA.config -batch -notext -keyfile /tmp/sssd-softhsm2-GcvsPX/test-intermediate-CA-key.pem -in /tmp/sssd-softhsm2-GcvsPX/test-intermediate-CA-trusted-certificate-0001-request.pem -days 365 -extensions usr_cert -out /tmp/sssd-softhsm2-GcvsPX/test-intermediate-CA-trusted-certificate-0001.pem 484s Using configuration from /tmp/sssd-softhsm2-GcvsPX/test-intermediate-CA.config 484s Check that the request matches the signature 484s Signature ok 484s Certificate Details: 484s Serial Number: 4 (0x4) 484s Validity 484s Not Before: Mar 21 04:29:39 2024 GMT 484s Not After : Mar 21 04:29:39 2025 GMT 484s Subject: 484s organizationName = Test Organization 484s organizationalUnitName = Test Organization Unit 484s commonName = Test Organization Intermediate Trusted Certificate 0001 484s X509v3 extensions: 484s X509v3 Authority Key Identifier: 484s 74:FD:D9:A8:9F:82:FD:62:62:80:C5:E2:83:D3:E3:01:CB:15:7A:6A 484s X509v3 Basic Constraints: 484s CA:FALSE 484s Netscape Cert Type: 484s SSL Client, S/MIME 484s Netscape Comment: 484s Test Organization Intermediate CA trusted Certificate 484s X509v3 Subject Key Identifier: 484s 49:12:9B:F7:23:04:01:51:3D:D1:7D:FB:F4:7F:37:C3:66:DF:8E:AB 484s X509v3 Key Usage: critical 484s Digital Signature, Non Repudiation, Key Encipherment 484s X509v3 Extended Key Usage: 484s TLS Web Client Authentication, E-mail Protection 484s X509v3 Subject Alternative Name: 484s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 484s Certificate is to be certified until Mar 21 04:29:39 2025 GMT (365 days) 484s 484s Write out database with 1 new entries 484s Database updated 484s + openssl x509 -noout -in /tmp/sssd-softhsm2-GcvsPX/test-intermediate-CA-trusted-certificate-0001.pem 484s This certificate should not be trusted fully 484s + echo 'This certificate should not be trusted fully' 484s + expect_fail openssl verify -CAfile /tmp/sssd-softhsm2-GcvsPX/test-intermediate-CA.pem /tmp/sssd-softhsm2-GcvsPX/test-intermediate-CA-trusted-certificate-0001.pem 484s + local cmd=openssl 484s + shift 484s + openssl verify -CAfile /tmp/sssd-softhsm2-GcvsPX/test-intermediate-CA.pem /tmp/sssd-softhsm2-GcvsPX/test-intermediate-CA-trusted-certificate-0001.pem 484s O = Test Organization, /tmp/sssd-softhsm2-GcvsPX/test-intermediate-CA-trusted-certificate-0001.pem: OK 484s OU = Test Organization Unit, CN = Test Organization Intermediate CA 484s error 2 at 1 depth lookup: unable to get issuer certificate 484s error /tmp/sssd-softhsm2-GcvsPX/test-intermediate-CA-trusted-certificate-0001.pem: verification failed 484s + openssl verify -partial_chain -CAfile /tmp/sssd-softhsm2-GcvsPX/test-intermediate-CA.pem /tmp/sssd-softhsm2-GcvsPX/test-intermediate-CA-trusted-certificate-0001.pem 484s + cat 484s + sub_intermediate_ca_trusted_cert_0001_key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-24609 484s + openssl genrsa -aes256 -out /tmp/sssd-softhsm2-GcvsPX/test-sub-intermediate-CA-trusted-certificate-0001-key.pem -passout pass:random-sub-intermediate-ca-trusted-cert-0001-24609 1024 485s + openssl req -new -nodes -reqexts req_exts -passin pass:random-sub-intermediate-ca-trusted-cert-0001-24609 -key /tmp/sssd-softhsm2-GcvsPX/test-sub-intermediate-CA-trusted-certificate-0001-key.pem -config /tmp/sssd-softhsm2-GcvsPX/test-sub-intermediate-CA-trusted-certificate-0001.config -out /tmp/sssd-softhsm2-GcvsPX/test-sub-intermediate-CA-trusted-certificate-0001-request.pem 485s + openssl req -text -noout -in /tmp/sssd-softhsm2-GcvsPX/test-sub-intermediate-CA-trusted-certificate-0001-request.pem 485s Certificate Request: 485s Data: 485s Version: 1 (0x0) 485s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate Trusted Certificate 0001 485s Subject Public Key Info: 485s Public Key Algorithm: rsaEncryption 485s Public-Key: (1024 bit) 485s Modulus: 485s 00:da:8d:8b:49:cb:20:9a:81:7a:e7:c6:d8:32:bd: 485s 5d:52:85:75:b2:06:77:4b:51:d8:c5:ec:60:c4:d7: 485s 94:91:24:23:9f:82:6c:76:ff:8e:3a:06:b3:a5:35: 485s b6:16:54:03:6a:ae:b9:7b:34:c7:f3:b6:5b:62:91: 485s d3:8d:f6:25:25:f5:a1:15:17:01:df:0b:f3:31:72: 485s 5c:da:aa:99:39:39:2d:89:51:45:50:63:d7:e1:45: 485s 15:04:de:2a:bc:13:f8:22:3e:8b:3d:70:44:87:64: 485s aa:4f:de:c2:5e:ed:fb:aa:b0:26:15:de:a3:cc:06: 485s 5f:d6:3f:0b:40:59:67:93:d5 485s Exponent: 65537 (0x10001) 485s Attributes: 485s Requested Extensions: 485s X509v3 Basic Constraints: 485s CA:FALSE 485s Netscape Cert Type: 485s SSL Client, S/MIME 485s Netscape Comment: 485s Test Organization Sub Intermediate CA trusted Certificate 485s X509v3 Subject Key Identifier: 485s A1:F4:56:C2:30:56:60:54:98:98:E6:CC:EF:05:80:F9:FD:97:90:DC 485s X509v3 Key Usage: critical 485s Digital Signature, Non Repudiation, Key Encipherment 485s X509v3 Extended Key Usage: 485s TLS Web Client Authentication, E-mail Protection 485s X509v3 Subject Alternative Name: 485s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 485s Signature Algorithm: sha256WithRSAEncryption 485s Signature Value: 485s a7:96:53:2e:83:26:a3:d5:e8:6d:62:61:3b:e7:ae:1f:58:b9: 485s 87:6b:07:a7:68:2d:49:1b:4f:db:48:71:d3:52:a6:9b:df:16: 485s b0:05:f3:b8:e7:67:d2:fe:f2:d1:c5:80:1a:fd:62:2a:13:95: 485s 0a:7a:95:7a:9a:ba:1a:3d:a3:9b:cb:f2:3f:5e:01:8b:0c:71: 485s 30:17:f2:dd:f4:fc:48:a8:89:2b:34:66:ed:85:2a:be:28:ef: 485s d1:6b:03:05:7b:e1:7c:93:cf:14:57:97:ef:f7:92:1d:cd:5c: 485s cc:b4:24:f0:86:19:1e:6d:3d:48:93:c3:94:17:c9:45:94:de: 485s 40:b5 485s + openssl ca -passin pass:random-sub-intermediate-CA-password-32153 -config /tmp/sssd-softhsm2-GcvsPX/test-sub-intermediate-CA.config -batch -notext -keyfile /tmp/sssd-softhsm2-GcvsPX/test-sub-intermediate-CA-key.pem -in /tmp/sssd-softhsm2-GcvsPX/test-sub-intermediate-CA-trusted-certificate-0001-request.pem -days 365 -extensions usr_cert -out /tmp/sssd-softhsm2-GcvsPX/test-sub-intermediate-CA-trusted-certificate-0001.pem 485s Using configuration from /tmp/sssd-softhsm2-GcvsPX/test-sub-intermediate-CA.config 485s Check that the request matches the signature 485s Signature ok 485s Certificate Details: 485s Serial Number: 5 (0x5) 485s Validity 485s Not Before: Mar 21 04:29:39 2024 GMT 485s Not After : Mar 21 04:29:39 2025 GMT 485s Subject: 485s organizationName = Test Organization 485s organizationalUnitName = Test Organization Unit 485s commonName = Test Organization Sub Intermediate Trusted Certificate 0001 485s X509v3 extensions: 485s X509v3 Authority Key Identifier: 485s A4:AB:CC:91:E8:43:9F:7A:94:C1:64:41:93:66:F5:7A:17:5E:DF:32 485s X509v3 Basic Constraints: 485s CA:FALSE 485s Netscape Cert Type: 485s SSL Client, S/MIME 485s Netscape Comment: 485s Test Organization Sub Intermediate CA trusted Certificate 485s X509v3 Subject Key Identifier: 485s A1:F4:56:C2:30:56:60:54:98:98:E6:CC:EF:05:80:F9:FD:97:90:DC 485s X509v3 Key Usage: critical 485s Digital Signature, Non Repudiation, Key Encipherment 485s X509v3 Extended Key Usage: 485s TLS Web Client Authentication, E-mail Protection 485s X509v3 Subject Alternative Name: 485s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 485s Certificate is to be certified until Mar 21 04:29:39 2025 GMT (365 days) 485s 485s Write out database with 1 new entries 485s Database updated 485s + openssl x509 -noout -in /tmp/sssd-softhsm2-GcvsPX/test-sub-intermediate-CA-trusted-certificate-0001.pem 485s This certificate should not be trusted fully 485s + echo 'This certificate should not be trusted fully' 485s + expect_fail openssl verify -CAfile /tmp/sssd-softhsm2-GcvsPX/test-sub-intermediate-CA.pem /tmp/sssd-softhsm2-GcvsPX/test-sub-intermediate-CA-trusted-certificate-0001.pem 485s + local cmd=openssl 485s + shift 485s + openssl verify -CAfile /tmp/sssd-softhsm2-GcvsPX/test-sub-intermediate-CA.pem /tmp/sssd-softhsm2-GcvsPX/test-sub-intermediate-CA-trusted-certificate-0001.pem 485s O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate CA 485s error 2 at 1 depth lookup: unable to get issuer certificate 485s error /tmp/sssd-softhsm2-GcvsPX/test-sub-intermediate-CA-trusted-certificate-0001.pem: verification failed 485s + expect_fail openssl verify -CAfile /tmp/sssd-softhsm2-GcvsPX/test-intermediate-CA.pem /tmp/sssd-softhsm2-GcvsPX/test-sub-intermediate-CA-trusted-certificate-0001.pem 485s + local cmd=openssl 485s + shift 485s + openssl verify -CAfile /tmp/sssd-softhsm2-GcvsPX/test-intermediate-CA.pem /tmp/sssd-softhsm2-GcvsPX/test-sub-intermediate-CA-trusted-certificate-0001.pem 485s O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate Trusted Certificate 0001 485s error 20 at 0 depth lookup: unable to get local issuer certificate 485s error /tmp/sssd-softhsm2-GcvsPX/test-sub-intermediate-CA-trusted-certificate-0001.pem: verification failed 485s + openssl verify -partial_chain -CAfile /tmp/sssd-softhsm2-GcvsPX/test-sub-intermediate-CA.pem /tmp/sssd-softhsm2-GcvsPX/test-sub-intermediate-CA-trusted-certificate-0001.pem 485s /tmp/sssd-softhsm2-GcvsPX/test-sub-intermediate-CA-trusted-certificate-0001.pem: OK 485s + expect_fail openssl verify -partial_chain -CAfile /tmp/sssd-softhsm2-GcvsPX/test-intermediate-CA.pem /tmp/sssd-softhsm2-GcvsPX/test-sub-intermediate-CA-trusted-certificate-0001.pem 485s + local cmd=openssl 485s + shift 485s + openssl verify -partial_chain -CAfile /tmp/sssd-softhsm2-GcvsPX/test-intermediate-CA.pem /tmp/sssd-softhsm2-GcvsPX/test-sub-intermediate-CA-trusted-certificate-0001.pem 485s Building a the full-chain CA file... 485s O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate Trusted Certificate 0001 485s error 20 at 0 depth lookup: unable to get local issuer certificate 485s error /tmp/sssd-softhsm2-GcvsPX/test-sub-intermediate-CA-trusted-certificate-0001.pem: verification failed 485s + echo 'Building a the full-chain CA file...' 485s + cat /tmp/sssd-softhsm2-GcvsPX/test-root-CA.pem /tmp/sssd-softhsm2-GcvsPX/test-intermediate-CA.pem /tmp/sssd-softhsm2-GcvsPX/test-sub-intermediate-CA.pem 485s + cat /tmp/sssd-softhsm2-GcvsPX/test-root-CA.pem /tmp/sssd-softhsm2-GcvsPX/test-intermediate-CA.pem 485s + cat /tmp/sssd-softhsm2-GcvsPX/test-intermediate-CA.pem /tmp/sssd-softhsm2-GcvsPX/test-sub-intermediate-CA.pem 485s + openssl crl2pkcs7 -nocrl -certfile /tmp/sssd-softhsm2-GcvsPX/test-full-chain-CA.pem 485s + openssl pkcs7 -print_certs -noout 485s subject=O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root CA 485s issuer=O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root CA 485s 485s subject=O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate CA 485s issuer=O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root CA 485s 485s subject=O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate CA 485s issuer=O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate CA 485s 485s + openssl verify -CAfile /tmp/sssd-softhsm2-GcvsPX/test-full-chain-CA.pem /tmp/sssd-softhsm2-GcvsPX/test-intermediate-CA.pem 485s /tmp/sssd-softhsm2-GcvsPX/test-intermediate-CA.pem: OK 485s + openssl verify -CAfile /tmp/sssd-softhsm2-GcvsPX/test-full-chain-CA.pem /tmp/sssd-softhsm2-GcvsPX/test-root-CA-trusted-certificate-0001.pem 485s /tmp/sssd-softhsm2-GcvsPX/test-root-CA-trusted-certificate-0001.pem: OK 485s + openssl verify -CAfile /tmp/sssd-softhsm2-GcvsPX/test-full-chain-CA.pem /tmp/sssd-softhsm2-GcvsPX/test-intermediate-CA-trusted-certificate-0001.pem 485s + openssl verify -CAfile /tmp/sssd-softhsm2-GcvsPX/test-full-chain-CA.pem /tmp/sssd-softhsm2-GcvsPX/test-root-intermediate-chain-CA.pem 485s /tmp/sssd-softhsm2-GcvsPX/test-intermediate-CA-trusted-certificate-0001.pem: OK 485s /tmp/sssd-softhsm2-GcvsPX/test-root-intermediate-chain-CA.pem: OK 485s + openssl verify -CAfile /tmp/sssd-softhsm2-GcvsPX/test-full-chain-CA.pem /tmp/sssd-softhsm2-GcvsPX/test-sub-intermediate-CA-trusted-certificate-0001.pem 485s /tmp/sssd-softhsm2-GcvsPX/test-sub-intermediate-CA-trusted-certificate-0001.pem: OK 485s + echo 'Certificates generation completed!' 485s + [[ -v NO_SSSD_TESTS ]] 485s + invalid_certificate /tmp/sssd-softhsm2-GcvsPX/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-17636 /dev/null 485s + check_certificate /tmp/sssd-softhsm2-GcvsPX/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-17636 /dev/null 485s + local certificate=/tmp/sssd-softhsm2-GcvsPX/test-root-CA-trusted-certificate-0001.pem 485s + local key_pass=pass:random-root-ca-trusted-cert-0001-17636 485s + local key_ring=/dev/null 485s + local verify_option= 485s + prepare_softhsm2_card /tmp/sssd-softhsm2-GcvsPX/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-17636 485s + local certificate=/tmp/sssd-softhsm2-GcvsPX/test-root-CA-trusted-certificate-0001.pem 485s + local key_pass=pass:random-root-ca-trusted-cert-0001-17636 485s + local key_cn 485s + local key_name 485s + local tokens_dir 485s + local output_cert_file 485s + token_name= 485s ++ basename /tmp/sssd-softhsm2-GcvsPX/test-root-CA-trusted-certificate-0001.pem .pem 485s + key_name=test-root-CA-trusted-certificate-0001 485s Certificates generation completed! 485s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-GcvsPX/test-root-CA-trusted-certificate-0001.pem 485s ++ sed -n 's/ *commonName *= //p' 485s + key_cn='Test Organization Root Trusted Certificate 0001' 485s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 485s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-GcvsPX/softhsm2-test-root-CA-trusted-certificate-0001.conf 485s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-GcvsPX/softhsm2-test-root-CA-trusted-certificate-0001.conf 485s ++ basename /tmp/sssd-softhsm2-GcvsPX/softhsm2-test-root-CA-trusted-certificate-0001.conf .conf 485s + tokens_dir=/tmp/sssd-softhsm2-GcvsPX/softhsm2-test-root-CA-trusted-certificate-0001 485s + token_name='Test Organization Root Tr Token' 485s + '[' '!' -e /tmp/sssd-softhsm2-GcvsPX/softhsm2-test-root-CA-trusted-certificate-0001.conf ']' 485s + local key_file 485s + local decrypted_key 485s + mkdir -p /tmp/sssd-softhsm2-GcvsPX/softhsm2-test-root-CA-trusted-certificate-0001 485s + key_file=/tmp/sssd-softhsm2-GcvsPX/test-root-CA-trusted-certificate-0001-key.pem 485s + decrypted_key=/tmp/sssd-softhsm2-GcvsPX/test-root-CA-trusted-certificate-0001-key-decrypted.pem 485s + cat 485s + softhsm2-util --init-token --label 'Test Organization Root Tr Token' --pin 053350 --so-pin 053350 --free 485s Slot 0 has a free/uninitialized token. 485s The token has been initialized and is reassigned to slot 276822294 485s + softhsm2-util --show-slots 485s Available slots: 485s Slot 276822294 485s Slot info: 485s Description: SoftHSM slot ID 0x107ff916 485s Manufacturer ID: SoftHSM project 485s Hardware version: 2.6 485s Firmware version: 2.6 485s Token present: yes 485s Token info: 485s Manufacturer ID: SoftHSM project 485s Model: SoftHSM v2 485s Hardware version: 2.6 485s Firmware version: 2.6 485s Serial number: 68dc4eb3107ff916 485s Initialized: yes 485s User PIN init.: yes 485s Label: Test Organization Root Tr Token 485s Slot 1 485s Slot info: 485s Description: SoftHSM slot ID 0x1 485s Manufacturer ID: SoftHSM project 485s Hardware version: 2.6 485s Firmware version: 2.6 485s Token present: yes 485s Token info: 485s Manufacturer ID: SoftHSM project 485s Model: SoftHSM v2 485s Hardware version: 2.6 485s Firmware version: 2.6 485s Serial number: 485s Initialized: no 485s User PIN init.: no 485s Label: 485s + p11tool --provider=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so --write --no-mark-private --load-certificate=/tmp/sssd-softhsm2-GcvsPX/test-root-CA-trusted-certificate-0001.pem --login --set-pin=053350 --label 'Test Organization Root Trusted Certificate 0001' --id 00112233445566778899FFAABBCCDDEEFF012345 485s + openssl rsa -passin pass:random-root-ca-trusted-cert-0001-17636 -in /tmp/sssd-softhsm2-GcvsPX/test-root-CA-trusted-certificate-0001-key.pem -out /tmp/sssd-softhsm2-GcvsPX/test-root-CA-trusted-certificate-0001-key-decrypted.pem 485s writing RSA key 485s + p11tool --provider=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so --write --load-privkey=/tmp/sssd-softhsm2-GcvsPX/test-root-CA-trusted-certificate-0001-key-decrypted.pem --login --set-pin=053350 --label 'Test Organization Root Trusted Certificate 0001 Key' --id 00112233445566778899FFAABBCCDDEEFF012345 485s + rm /tmp/sssd-softhsm2-GcvsPX/test-root-CA-trusted-certificate-0001-key-decrypted.pem 485s + p11tool --provider=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so --list-all 485s Object 0: 485s URL: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=68dc4eb3107ff916;token=Test%20Organization%20Root%20Tr%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Root%20Trusted%20Certificate%200001;type=cert 485s Type: X.509 Certificate (RSA-1024) 485s Expires: Fri Mar 21 04:29:39 2025 485s Label: Test Organization Root Trusted Certificate 0001 485s ID: 00:11:22:33:44:55:66:77:88:99:ff:aa:bb:cc:dd:ee:ff:01:23:45 485s 485s + echo 'Test Organization Root Tr Token' 485s + '[' -n '' ']' 485s + local output_base_name=SSSD-child-32253 485s + local output_file=/tmp/sssd-softhsm2-GcvsPX/SSSD-child-32253.output 485s + output_cert_file=/tmp/sssd-softhsm2-GcvsPX/SSSD-child-32253.pem 485s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so '' --ca_db=/dev/null 485s Test Organization Root Tr Token 485s [p11_child[2025]] [main] (0x0400): p11_child started. 485s [p11_child[2025]] [main] (0x2000): Running in [pre-auth] mode. 485s [p11_child[2025]] [main] (0x2000): Running with effective IDs: [0][0]. 485s [p11_child[2025]] [main] (0x2000): Running with real IDs [0][0]. 485s [p11_child[2025]] [init_verification] (0x0040): X509_LOOKUP_load_file [/dev/null] failed [92274824][error:05800088:x509 certificate routines::no certificate or crl found]. 485s [p11_child[2025]] [do_work] (0x0040): init_verification failed. 485s [p11_child[2025]] [main] (0x0020): p11_child failed (5) 485s + return 2 485s + valid_certificate /tmp/sssd-softhsm2-GcvsPX/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-17636 /dev/null no_verification 485s + check_certificate /tmp/sssd-softhsm2-GcvsPX/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-17636 /dev/null no_verification 485s + local certificate=/tmp/sssd-softhsm2-GcvsPX/test-root-CA-trusted-certificate-0001.pem 485s + local key_pass=pass:random-root-ca-trusted-cert-0001-17636 485s + local key_ring=/dev/null 485s + local verify_option=no_verification 485s + prepare_softhsm2_card /tmp/sssd-softhsm2-GcvsPX/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-17636 485s + local certificate=/tmp/sssd-softhsm2-GcvsPX/test-root-CA-trusted-certificate-0001.pem 485s + local key_pass=pass:random-root-ca-trusted-cert-0001-17636 485s + local key_cn 485s + local key_name 485s + local tokens_dir 485s + local output_cert_file 485s + token_name= 485s ++ basename /tmp/sssd-softhsm2-GcvsPX/test-root-CA-trusted-certificate-0001.pem .pem 485s + key_name=test-root-CA-trusted-certificate-0001 485s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-GcvsPX/test-root-CA-trusted-certificate-0001.pem 485s ++ sed -n 's/ *commonName *= //p' 485s Test Organization Root Tr Token 485s + key_cn='Test Organization Root Trusted Certificate 0001' 485s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 485s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-GcvsPX/softhsm2-test-root-CA-trusted-certificate-0001.conf 485s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-GcvsPX/softhsm2-test-root-CA-trusted-certificate-0001.conf 485s ++ basename /tmp/sssd-softhsm2-GcvsPX/softhsm2-test-root-CA-trusted-certificate-0001.conf .conf 485s + tokens_dir=/tmp/sssd-softhsm2-GcvsPX/softhsm2-test-root-CA-trusted-certificate-0001 485s + token_name='Test Organization Root Tr Token' 485s + '[' '!' -e /tmp/sssd-softhsm2-GcvsPX/softhsm2-test-root-CA-trusted-certificate-0001.conf ']' 485s + '[' '!' -d /tmp/sssd-softhsm2-GcvsPX/softhsm2-test-root-CA-trusted-certificate-0001 ']' 485s + echo 'Test Organization Root Tr Token' 485s + '[' -n no_verification ']' 485s + local verify_arg=--verify=no_verification 485s + local output_base_name=SSSD-child-18230 485s + local output_file=/tmp/sssd-softhsm2-GcvsPX/SSSD-child-18230.output 485s + output_cert_file=/tmp/sssd-softhsm2-GcvsPX/SSSD-child-18230.pem 485s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so --verify=no_verification --ca_db=/dev/null 485s [p11_child[2031]] [main] (0x0400): p11_child started. 485s [p11_child[2031]] [main] (0x2000): Running in [pre-auth] mode. 485s [p11_child[2031]] [main] (0x2000): Running with effective IDs: [0][0]. 485s [p11_child[2031]] [main] (0x2000): Running with real IDs [0][0]. 485s [p11_child[2031]] [parse_cert_verify_opts] (0x0020): Found 'no_verification' option, disabling verification completely. This should not be used in production. 485s [p11_child[2031]] [do_card] (0x4000): Module List: 485s [p11_child[2031]] [do_card] (0x4000): common name: [softhsm2]. 485s [p11_child[2031]] [do_card] (0x4000): dll name: [/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 485s [p11_child[2031]] [do_card] (0x4000): Description [SoftHSM slot ID 0x107ff916] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 485s [p11_child[2031]] [do_card] (0x4000): Token label [Test Organization Root Tr Token]. 485s [p11_child[2031]] [do_card] (0x4000): Found [Test Organization Root Tr Token] in slot [SoftHSM slot ID 0x107ff916][276822294] of module [0][/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 485s [p11_child[2031]] [do_card] (0x4000): Login NOT required. 485s [p11_child[2031]] [read_certs] (0x4000): found cert[Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] 485s [p11_child[2031]] [do_card] (0x4000): /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so (null) Test Organization Root Tr Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 485s [p11_child[2031]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x107ff916;slot-manufacturer=SoftHSM%20project;slot-id=276822294;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=68dc4eb3107ff916;token=Test%20Organization%20Root%20Tr%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Root%20Trusted%20Certificate%200001;type=cert. 485s [p11_child[2031]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 485s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-GcvsPX/SSSD-child-18230.output 485s + echo '-----BEGIN CERTIFICATE-----' 485s + tail -n1 /tmp/sssd-softhsm2-GcvsPX/SSSD-child-18230.output 485s + echo '-----END CERTIFICATE-----' 485s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-GcvsPX/SSSD-child-18230.pem 485s + local found_md5 expected_md5 485s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-GcvsPX/test-root-CA-trusted-certificate-0001.pem 485s Certificate: 485s Data: 485s Version: 3 (0x2) 485s Serial Number: 3 (0x3) 485s Signature Algorithm: sha256WithRSAEncryption 485s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root CA 485s Validity 485s Not Before: Mar 21 04:29:39 2024 GMT 485s Not After : Mar 21 04:29:39 2025 GMT 485s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root Trusted Certificate 0001 485s Subject Public Key Info: 485s Public Key Algorithm: rsaEncryption 485s Public-Key: (1024 bit) 485s Modulus: 485s 00:b7:4c:8c:62:a8:04:e0:ba:7d:1a:96:fe:6d:59: 485s 16:62:65:0f:a5:4c:a9:72:16:5f:6b:6f:b3:4c:d6: 485s df:95:18:8a:c7:ca:a3:98:38:08:d8:d9:7e:65:2e: 485s 9e:a0:f0:b4:c5:09:92:d7:9c:91:0d:06:12:1c:d6: 485s fd:f0:52:c0:91:cc:18:b7:11:13:92:f8:4d:f8:b1: 485s 2d:7d:f7:09:aa:81:6f:66:4e:09:34:4e:d9:5a:00: 485s eb:b4:7c:7a:0e:e5:12:e3:4d:bb:42:3a:6d:b3:be: 485s 93:dd:a7:52:29:1e:d7:4b:fc:c0:d1:ad:de:52:5c: 485s 71:fa:65:05:28:d7:d0:6a:a7 485s Exponent: 65537 (0x10001) 485s X509v3 extensions: 485s X509v3 Authority Key Identifier: 485s 89:8D:63:AB:A2:E0:29:05:93:CC:C0:49:C1:1C:32:86:E4:BE:D7:6F 485s X509v3 Basic Constraints: 485s CA:FALSE 485s Netscape Cert Type: 485s SSL Client, S/MIME 485s Netscape Comment: 485s Test Organization Root CA trusted Certificate 485s X509v3 Subject Key Identifier: 485s 0A:2C:32:93:65:73:D2:16:B8:46:61:13:01:ED:5D:E8:ED:FC:96:73 485s X509v3 Key Usage: critical 485s Digital Signature, Non Repudiation, Key Encipherment 485s X509v3 Extended Key Usage: 485s TLS Web Client Authentication, E-mail Protection 485s X509v3 Subject Alternative Name: 485s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 485s Signature Algorithm: sha256WithRSAEncryption 485s Signature Value: 485s 14:e3:32:43:60:32:f0:b6:22:10:d8:82:2c:53:71:ea:df:52: 485s b8:4a:65:e8:76:54:51:f3:85:a5:64:c3:19:1b:a1:f1:1c:b9: 485s 28:34:02:bf:4a:2e:34:05:f3:0c:82:22:9b:3f:1a:0c:12:34: 485s 1c:71:b8:d9:49:94:28:94:e9:78:41:fc:a5:4b:b3:c6:ee:b8: 485s ef:d6:1d:ed:e3:26:1e:b1:eb:57:c1:db:f7:ae:81:4a:7e:29: 485s 40:f1:df:02:ac:e7:33:2c:ba:81:03:33:32:e3:a0:77:17:60: 485s 3c:85:e2:46:75:5e:c3:b2:b7:13:4d:77:91:63:b1:d5:9e:98: 485s 0c:75 485s + expected_md5=Modulus=B74C8C62A804E0BA7D1A96FE6D591662650FA54CA972165F6B6FB34CD6DF95188AC7CAA3983808D8D97E652E9EA0F0B4C50992D79C910D06121CD6FDF052C091CC18B7111392F84DF8B12D7DF709AA816F664E09344ED95A00EBB47C7A0EE512E34DBB423A6DB3BE93DDA752291ED74BFCC0D1ADDE525C71FA650528D7D06AA7 485s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-GcvsPX/SSSD-child-18230.pem 485s + found_md5=Modulus=B74C8C62A804E0BA7D1A96FE6D591662650FA54CA972165F6B6FB34CD6DF95188AC7CAA3983808D8D97E652E9EA0F0B4C50992D79C910D06121CD6FDF052C091CC18B7111392F84DF8B12D7DF709AA816F664E09344ED95A00EBB47C7A0EE512E34DBB423A6DB3BE93DDA752291ED74BFCC0D1ADDE525C71FA650528D7D06AA7 485s + '[' Modulus=B74C8C62A804E0BA7D1A96FE6D591662650FA54CA972165F6B6FB34CD6DF95188AC7CAA3983808D8D97E652E9EA0F0B4C50992D79C910D06121CD6FDF052C091CC18B7111392F84DF8B12D7DF709AA816F664E09344ED95A00EBB47C7A0EE512E34DBB423A6DB3BE93DDA752291ED74BFCC0D1ADDE525C71FA650528D7D06AA7 '!=' Modulus=B74C8C62A804E0BA7D1A96FE6D591662650FA54CA972165F6B6FB34CD6DF95188AC7CAA3983808D8D97E652E9EA0F0B4C50992D79C910D06121CD6FDF052C091CC18B7111392F84DF8B12D7DF709AA816F664E09344ED95A00EBB47C7A0EE512E34DBB423A6DB3BE93DDA752291ED74BFCC0D1ADDE525C71FA650528D7D06AA7 ']' 485s + output_file=/tmp/sssd-softhsm2-GcvsPX/SSSD-child-18230-auth.output 485s ++ basename /tmp/sssd-softhsm2-GcvsPX/SSSD-child-18230-auth.output .output 485s + output_cert_file=/tmp/sssd-softhsm2-GcvsPX/SSSD-child-18230-auth.pem 485s + echo -n 053350 485s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/dev/null --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 --verify=no_verification --token_name 'Test Organization Root Tr Token' --module_name /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so 485s [p11_child[2039]] [main] (0x0400): p11_child started. 485s [p11_child[2039]] [main] (0x2000): Running in [auth] mode. 485s [p11_child[2039]] [main] (0x2000): Running with effective IDs: [0][0]. 485s [p11_child[2039]] [main] (0x2000): Running with real IDs [0][0]. 485s [p11_child[2039]] [parse_cert_verify_opts] (0x0020): Found 'no_verification' option, disabling verification completely. This should not be used in production. 485s [p11_child[2039]] [do_card] (0x4000): Module List: 485s [p11_child[2039]] [do_card] (0x4000): common name: [softhsm2]. 485s [p11_child[2039]] [do_card] (0x4000): dll name: [/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 485s [p11_child[2039]] [do_card] (0x4000): Description [SoftHSM slot ID 0x107ff916] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 485s [p11_child[2039]] [do_card] (0x4000): Token label [Test Organization Root Tr Token]. 485s [p11_child[2039]] [do_card] (0x4000): Found [Test Organization Root Tr Token] in slot [SoftHSM slot ID 0x107ff916][276822294] of module [0][/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 485s [p11_child[2039]] [do_card] (0x4000): Login required. 485s [p11_child[2039]] [read_certs] (0x4000): found cert[Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] 485s [p11_child[2039]] [do_card] (0x4000): /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so Test Organization Root Tr Token Test Organization Root Tr Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 485s [p11_child[2039]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x107ff916;slot-manufacturer=SoftHSM%20project;slot-id=276822294;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=68dc4eb3107ff916;token=Test%20Organization%20Root%20Tr%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Root%20Trusted%20Certificate%200001;type=cert. 485s [p11_child[2039]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 485s [p11_child[2039]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 485s [p11_child[2039]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 485s [p11_child[2039]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 485s [p11_child[2039]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 485s [p11_child[2039]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 485s [p11_child[2039]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 485s [p11_child[2039]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 485s [p11_child[2039]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 485s [p11_child[2039]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 485s [p11_child[2039]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 485s [p11_child[2039]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 485s [p11_child[2039]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 485s [p11_child[2039]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 485s [p11_child[2039]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 485s [p11_child[2039]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 485s [p11_child[2039]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 485s [p11_child[2039]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 485s [p11_child[2039]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 485s [p11_child[2039]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 485s [p11_child[2039]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 485s [p11_child[2039]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 485s [p11_child[2039]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 485s [p11_child[2039]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 485s [p11_child[2039]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 485s [p11_child[2039]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 485s [p11_child[2039]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 485s [p11_child[2039]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 485s [p11_child[2039]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 485s [p11_child[2039]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 485s [p11_child[2039]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 485s [p11_child[2039]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 485s [p11_child[2039]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 485s [p11_child[2039]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 485s [p11_child[2039]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 485s [p11_child[2039]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 485s [p11_child[2039]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 485s [p11_child[2039]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 485s [p11_child[2039]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 485s [p11_child[2039]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 485s [p11_child[2039]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 485s [p11_child[2039]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 485s [p11_child[2039]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 485s [p11_child[2039]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 485s [p11_child[2039]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 485s [p11_child[2039]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 485s [p11_child[2039]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 485s [p11_child[2039]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 485s [p11_child[2039]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 485s [p11_child[2039]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 485s [p11_child[2039]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 485s [p11_child[2039]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 485s [p11_child[2039]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 485s [p11_child[2039]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 485s [p11_child[2039]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 485s [p11_child[2039]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 485s [p11_child[2039]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 485s [p11_child[2039]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 485s [p11_child[2039]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 485s [p11_child[2039]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 485s [p11_child[2039]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 485s [p11_child[2039]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 485s [p11_child[2039]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 485s [p11_child[2039]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 485s [p11_child[2039]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 485s [p11_child[2039]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 485s [p11_child[2039]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 485s [p11_child[2039]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 485s [p11_child[2039]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 485s [p11_child[2039]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 485s [p11_child[2039]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 485s [p11_child[2039]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 485s [p11_child[2039]] [do_card] (0x4000): Certificate verified and validated. 485s [p11_child[2039]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 485s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-GcvsPX/SSSD-child-18230-auth.output 485s + echo '-----BEGIN CERTIFICATE-----' 485s + tail -n1 /tmp/sssd-softhsm2-GcvsPX/SSSD-child-18230-auth.output 485s + echo '-----END CERTIFICATE-----' 485s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-GcvsPX/SSSD-child-18230-auth.pem 485s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-GcvsPX/SSSD-child-18230-auth.pem 485s Certificate: 485s Data: 485s Version: 3 (0x2) 485s Serial Number: 3 (0x3) 485s Signature Algorithm: sha256WithRSAEncryption 485s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root CA 485s Validity 485s Not Before: Mar 21 04:29:39 2024 GMT 485s Not After : Mar 21 04:29:39 2025 GMT 485s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root Trusted Certificate 0001 485s Subject Public Key Info: 485s Public Key Algorithm: rsaEncryption 485s Public-Key: (1024 bit) 485s Modulus: 485s 00:b7:4c:8c:62:a8:04:e0:ba:7d:1a:96:fe:6d:59: 485s 16:62:65:0f:a5:4c:a9:72:16:5f:6b:6f:b3:4c:d6: 485s df:95:18:8a:c7:ca:a3:98:38:08:d8:d9:7e:65:2e: 485s 9e:a0:f0:b4:c5:09:92:d7:9c:91:0d:06:12:1c:d6: 485s fd:f0:52:c0:91:cc:18:b7:11:13:92:f8:4d:f8:b1: 485s 2d:7d:f7:09:aa:81:6f:66:4e:09:34:4e:d9:5a:00: 485s eb:b4:7c:7a:0e:e5:12:e3:4d:bb:42:3a:6d:b3:be: 485s 93:dd:a7:52:29:1e:d7:4b:fc:c0:d1:ad:de:52:5c: 485s 71:fa:65:05:28:d7:d0:6a:a7 485s Exponent: 65537 (0x10001) 485s X509v3 extensions: 485s X509v3 Authority Key Identifier: 485s 89:8D:63:AB:A2:E0:29:05:93:CC:C0:49:C1:1C:32:86:E4:BE:D7:6F 485s X509v3 Basic Constraints: 485s CA:FALSE 485s Netscape Cert Type: 485s SSL Client, S/MIME 485s Netscape Comment: 485s Test Organization Root CA trusted Certificate 485s X509v3 Subject Key Identifier: 485s 0A:2C:32:93:65:73:D2:16:B8:46:61:13:01:ED:5D:E8:ED:FC:96:73 485s X509v3 Key Usage: critical 485s Digital Signature, Non Repudiation, Key Encipherment 485s X509v3 Extended Key Usage: 485s TLS Web Client Authentication, E-mail Protection 485s X509v3 Subject Alternative Name: 485s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 485s Signature Algorithm: sha256WithRSAEncryption 485s Signature Value: 485s 14:e3:32:43:60:32:f0:b6:22:10:d8:82:2c:53:71:ea:df:52: 485s b8:4a:65:e8:76:54:51:f3:85:a5:64:c3:19:1b:a1:f1:1c:b9: 485s 28:34:02:bf:4a:2e:34:05:f3:0c:82:22:9b:3f:1a:0c:12:34: 485s 1c:71:b8:d9:49:94:28:94:e9:78:41:fc:a5:4b:b3:c6:ee:b8: 485s ef:d6:1d:ed:e3:26:1e:b1:eb:57:c1:db:f7:ae:81:4a:7e:29: 485s 40:f1:df:02:ac:e7:33:2c:ba:81:03:33:32:e3:a0:77:17:60: 485s 3c:85:e2:46:75:5e:c3:b2:b7:13:4d:77:91:63:b1:d5:9e:98: 485s 0c:75 485s + found_md5=Modulus=B74C8C62A804E0BA7D1A96FE6D591662650FA54CA972165F6B6FB34CD6DF95188AC7CAA3983808D8D97E652E9EA0F0B4C50992D79C910D06121CD6FDF052C091CC18B7111392F84DF8B12D7DF709AA816F664E09344ED95A00EBB47C7A0EE512E34DBB423A6DB3BE93DDA752291ED74BFCC0D1ADDE525C71FA650528D7D06AA7 485s + '[' Modulus=B74C8C62A804E0BA7D1A96FE6D591662650FA54CA972165F6B6FB34CD6DF95188AC7CAA3983808D8D97E652E9EA0F0B4C50992D79C910D06121CD6FDF052C091CC18B7111392F84DF8B12D7DF709AA816F664E09344ED95A00EBB47C7A0EE512E34DBB423A6DB3BE93DDA752291ED74BFCC0D1ADDE525C71FA650528D7D06AA7 '!=' Modulus=B74C8C62A804E0BA7D1A96FE6D591662650FA54CA972165F6B6FB34CD6DF95188AC7CAA3983808D8D97E652E9EA0F0B4C50992D79C910D06121CD6FDF052C091CC18B7111392F84DF8B12D7DF709AA816F664E09344ED95A00EBB47C7A0EE512E34DBB423A6DB3BE93DDA752291ED74BFCC0D1ADDE525C71FA650528D7D06AA7 ']' 485s + valid_certificate /tmp/sssd-softhsm2-GcvsPX/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-17636 /tmp/sssd-softhsm2-GcvsPX/test-root-CA.pem 485s + check_certificate /tmp/sssd-softhsm2-GcvsPX/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-17636 /tmp/sssd-softhsm2-GcvsPX/test-root-CA.pem 485s + local certificate=/tmp/sssd-softhsm2-GcvsPX/test-root-CA-trusted-certificate-0001.pem 485s + local key_pass=pass:random-root-ca-trusted-cert-0001-17636 485s + local key_ring=/tmp/sssd-softhsm2-GcvsPX/test-root-CA.pem 485s + local verify_option= 485s + prepare_softhsm2_card /tmp/sssd-softhsm2-GcvsPX/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-17636 485s + local certificate=/tmp/sssd-softhsm2-GcvsPX/test-root-CA-trusted-certificate-0001.pem 485s + local key_pass=pass:random-root-ca-trusted-cert-0001-17636 485s + local key_cn 485s + local key_name 485s + local tokens_dir 485s + local output_cert_file 485s + token_name= 485s ++ basename /tmp/sssd-softhsm2-GcvsPX/test-root-CA-trusted-certificate-0001.pem .pem 485s + key_name=test-root-CA-trusted-certificate-0001 485s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-GcvsPX/test-root-CA-trusted-certificate-0001.pem 485s ++ sed -n 's/ *commonName *= //p' 485s + key_cn='Test Organization Root Trusted Certificate 0001' 485s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 485s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-GcvsPX/softhsm2-test-root-CA-trusted-certificate-0001.conf 485s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-GcvsPX/softhsm2-test-root-CA-trusted-certificate-0001.conf 485s ++ basename /tmp/sssd-softhsm2-GcvsPX/softhsm2-test-root-CA-trusted-certificate-0001.conf .conf 485s + tokens_dir=/tmp/sssd-softhsm2-GcvsPX/softhsm2-test-root-CA-trusted-certificate-0001 485s + token_name='Test Organization Root Tr Token' 485s + '[' '!' -e /tmp/sssd-softhsm2-GcvsPX/softhsm2-test-root-CA-trusted-certificate-0001.conf ']' 485s + '[' '!' -d /tmp/sssd-softhsm2-GcvsPX/softhsm2-test-root-CA-trusted-certificate-0001 ']' 485s + echo 'Test Organization Root Tr Token' 485s + '[' -n '' ']' 485s + local output_base_name=SSSD-child-7582 485s + local output_file=/tmp/sssd-softhsm2-GcvsPX/SSSD-child-7582.output 485s + output_cert_file=/tmp/sssd-softhsm2-GcvsPX/SSSD-child-7582.pem 485s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so '' --ca_db=/tmp/sssd-softhsm2-GcvsPX/test-root-CA.pem 485s Test Organization Root Tr Token 485s [p11_child[2049]] [main] (0x0400): p11_child started. 485s [p11_child[2049]] [main] (0x2000): Running in [pre-auth] mode. 485s [p11_child[2049]] [main] (0x2000): Running with effective IDs: [0][0]. 485s [p11_child[2049]] [main] (0x2000): Running with real IDs [0][0]. 485s [p11_child[2049]] [do_card] (0x4000): Module List: 485s [p11_child[2049]] [do_card] (0x4000): common name: [softhsm2]. 485s [p11_child[2049]] [do_card] (0x4000): dll name: [/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 485s [p11_child[2049]] [do_card] (0x4000): Description [SoftHSM slot ID 0x107ff916] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 485s [p11_child[2049]] [do_card] (0x4000): Token label [Test Organization Root Tr Token]. 485s [p11_child[2049]] [do_card] (0x4000): Found [Test Organization Root Tr Token] in slot [SoftHSM slot ID 0x107ff916][276822294] of module [0][/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 485s [p11_child[2049]] [do_card] (0x4000): Login NOT required. 485s [p11_child[2049]] [read_certs] (0x4000): found cert[Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] 485s [p11_child[2049]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 485s [p11_child[2049]] [do_card] (0x4000): /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so (null) Test Organization Root Tr Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 485s [p11_child[2049]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x107ff916;slot-manufacturer=SoftHSM%20project;slot-id=276822294;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=68dc4eb3107ff916;token=Test%20Organization%20Root%20Tr%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Root%20Trusted%20Certificate%200001;type=cert. 485s [p11_child[2049]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 485s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-GcvsPX/SSSD-child-7582.output 485s + echo '-----BEGIN CERTIFICATE-----' 485s + tail -n1 /tmp/sssd-softhsm2-GcvsPX/SSSD-child-7582.output 485s + echo '-----END CERTIFICATE-----' 485s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-GcvsPX/SSSD-child-7582.pem 485s Certificate: 485s Data: 485s Version: 3 (0x2) 485s Serial Number: 3 (0x3) 485s Signature Algorithm: sha256WithRSAEncryption 485s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root CA 485s Validity 485s Not Before: Mar 21 04:29:39 2024 GMT 485s Not After : Mar 21 04:29:39 2025 GMT 485s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root Trusted Certificate 0001 485s Subject Public Key Info: 485s Public Key Algorithm: rsaEncryption 485s Public-Key: (1024 bit) 485s Modulus: 485s 00:b7:4c:8c:62:a8:04:e0:ba:7d:1a:96:fe:6d:59: 485s 16:62:65:0f:a5:4c:a9:72:16:5f:6b:6f:b3:4c:d6: 485s df:95:18:8a:c7:ca:a3:98:38:08:d8:d9:7e:65:2e: 485s 9e:a0:f0:b4:c5:09:92:d7:9c:91:0d:06:12:1c:d6: 485s fd:f0:52:c0:91:cc:18:b7:11:13:92:f8:4d:f8:b1: 485s 2d:7d:f7:09:aa:81:6f:66:4e:09:34:4e:d9:5a:00: 485s eb:b4:7c:7a:0e:e5:12:e3:4d:bb:42:3a:6d:b3:be: 485s 93:dd:a7:52:29:1e:d7:4b:fc:c0:d1:ad:de:52:5c: 485s 71:fa:65:05:28:d7:d0:6a:a7 485s Exponent: 65537 (0x10001) 485s X509v3 extensions: 485s X509v3 Authority Key Identifier: 485s 89:8D:63:AB:A2:E0:29:05:93:CC:C0:49:C1:1C:32:86:E4:BE:D7:6F 485s X509v3 Basic Constraints: 485s CA:FALSE 485s Netscape Cert Type: 485s SSL Client, S/MIME 485s Netscape Comment: 485s Test Organization Root CA trusted Certificate 485s X509v3 Subject Key Identifier: 485s 0A:2C:32:93:65:73:D2:16:B8:46:61:13:01:ED:5D:E8:ED:FC:96:73 485s X509v3 Key Usage: critical 485s Digital Signature, Non Repudiation, Key Encipherment 485s X509v3 Extended Key Usage: 485s TLS Web Client Authentication, E-mail Protection 485s X509v3 Subject Alternative Name: 485s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 485s Signature Algorithm: sha256WithRSAEncryption 485s Signature Value: 485s 14:e3:32:43:60:32:f0:b6:22:10:d8:82:2c:53:71:ea:df:52: 485s b8:4a:65:e8:76:54:51:f3:85:a5:64:c3:19:1b:a1:f1:1c:b9: 485s 28:34:02:bf:4a:2e:34:05:f3:0c:82:22:9b:3f:1a:0c:12:34: 485s 1c:71:b8:d9:49:94:28:94:e9:78:41:fc:a5:4b:b3:c6:ee:b8: 485s ef:d6:1d:ed:e3:26:1e:b1:eb:57:c1:db:f7:ae:81:4a:7e:29: 485s 40:f1:df:02:ac:e7:33:2c:ba:81:03:33:32:e3:a0:77:17:60: 485s 3c:85:e2:46:75:5e:c3:b2:b7:13:4d:77:91:63:b1:d5:9e:98: 485s 0c:75 485s + local found_md5 expected_md5 485s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-GcvsPX/test-root-CA-trusted-certificate-0001.pem 485s + expected_md5=Modulus=B74C8C62A804E0BA7D1A96FE6D591662650FA54CA972165F6B6FB34CD6DF95188AC7CAA3983808D8D97E652E9EA0F0B4C50992D79C910D06121CD6FDF052C091CC18B7111392F84DF8B12D7DF709AA816F664E09344ED95A00EBB47C7A0EE512E34DBB423A6DB3BE93DDA752291ED74BFCC0D1ADDE525C71FA650528D7D06AA7 485s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-GcvsPX/SSSD-child-7582.pem 485s + found_md5=Modulus=B74C8C62A804E0BA7D1A96FE6D591662650FA54CA972165F6B6FB34CD6DF95188AC7CAA3983808D8D97E652E9EA0F0B4C50992D79C910D06121CD6FDF052C091CC18B7111392F84DF8B12D7DF709AA816F664E09344ED95A00EBB47C7A0EE512E34DBB423A6DB3BE93DDA752291ED74BFCC0D1ADDE525C71FA650528D7D06AA7 485s + '[' Modulus=B74C8C62A804E0BA7D1A96FE6D591662650FA54CA972165F6B6FB34CD6DF95188AC7CAA3983808D8D97E652E9EA0F0B4C50992D79C910D06121CD6FDF052C091CC18B7111392F84DF8B12D7DF709AA816F664E09344ED95A00EBB47C7A0EE512E34DBB423A6DB3BE93DDA752291ED74BFCC0D1ADDE525C71FA650528D7D06AA7 '!=' Modulus=B74C8C62A804E0BA7D1A96FE6D591662650FA54CA972165F6B6FB34CD6DF95188AC7CAA3983808D8D97E652E9EA0F0B4C50992D79C910D06121CD6FDF052C091CC18B7111392F84DF8B12D7DF709AA816F664E09344ED95A00EBB47C7A0EE512E34DBB423A6DB3BE93DDA752291ED74BFCC0D1ADDE525C71FA650528D7D06AA7 ']' 485s + output_file=/tmp/sssd-softhsm2-GcvsPX/SSSD-child-7582-auth.output 485s ++ basename /tmp/sssd-softhsm2-GcvsPX/SSSD-child-7582-auth.output .output 485s + output_cert_file=/tmp/sssd-softhsm2-GcvsPX/SSSD-child-7582-auth.pem 485s + echo -n 053350 485s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/tmp/sssd-softhsm2-GcvsPX/test-root-CA.pem --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 '' --token_name 'Test Organization Root Tr Token' --module_name /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so 485s [p11_child[2057]] [main] (0x0400): p11_child started. 485s [p11_child[2057]] [main] (0x2000): Running in [auth] mode. 485s [p11_child[2057]] [main] (0x2000): Running with effective IDs: [0][0]. 485s [p11_child[2057]] [main] (0x2000): Running with real IDs [0][0]. 485s [p11_child[2057]] [do_card] (0x4000): Module List: 485s [p11_child[2057]] [do_card] (0x4000): common name: [softhsm2]. 485s [p11_child[2057]] [do_card] (0x4000): dll name: [/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 485s [p11_child[2057]] [do_card] (0x4000): Description [SoftHSM slot ID 0x107ff916] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 485s [p11_child[2057]] [do_card] (0x4000): Token label [Test Organization Root Tr Token]. 485s [p11_child[2057]] [do_card] (0x4000): Found [Test Organization Root Tr Token] in slot [SoftHSM slot ID 0x107ff916][276822294] of module [0][/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 485s [p11_child[2057]] [do_card] (0x4000): Login required. 485s [p11_child[2057]] [read_certs] (0x4000): found cert[Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] 485s [p11_child[2057]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 485s [p11_child[2057]] [do_card] (0x4000): /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so Test Organization Root Tr Token Test Organization Root Tr Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 485s [p11_child[2057]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x107ff916;slot-manufacturer=SoftHSM%20project;slot-id=276822294;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=68dc4eb3107ff916;token=Test%20Organization%20Root%20Tr%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Root%20Trusted%20Certificate%200001;type=cert. 485s [p11_child[2057]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 485s [p11_child[2057]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 485s [p11_child[2057]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 485s [p11_child[2057]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 485s [p11_child[2057]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 485s [p11_child[2057]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 485s [p11_child[2057]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 485s [p11_child[2057]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 485s [p11_child[2057]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 485s [p11_child[2057]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 485s [p11_child[2057]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 485s [p11_child[2057]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 485s [p11_child[2057]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 485s [p11_child[2057]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 485s [p11_child[2057]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 485s [p11_child[2057]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 485s [p11_child[2057]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 485s [p11_child[2057]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 485s [p11_child[2057]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 485s [p11_child[2057]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 485s [p11_child[2057]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 485s [p11_child[2057]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 485s [p11_child[2057]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 485s [p11_child[2057]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 485s [p11_child[2057]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 485s [p11_child[2057]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 485s [p11_child[2057]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 485s [p11_child[2057]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 485s [p11_child[2057]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 485s [p11_child[2057]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 485s [p11_child[2057]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 485s [p11_child[2057]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 485s [p11_child[2057]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 485s [p11_child[2057]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 485s [p11_child[2057]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 485s [p11_child[2057]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 485s [p11_child[2057]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 485s [p11_child[2057]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 485s [p11_child[2057]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 485s [p11_child[2057]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 485s [p11_child[2057]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 485s [p11_child[2057]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 485s [p11_child[2057]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 485s [p11_child[2057]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 485s [p11_child[2057]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 485s [p11_child[2057]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 485s [p11_child[2057]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 485s [p11_child[2057]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 485s [p11_child[2057]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 485s [p11_child[2057]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 485s [p11_child[2057]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 485s [p11_child[2057]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 485s [p11_child[2057]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 485s [p11_child[2057]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 485s [p11_child[2057]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 485s [p11_child[2057]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 485s [p11_child[2057]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 485s [p11_child[2057]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 485s [p11_child[2057]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 485s [p11_child[2057]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 485s [p11_child[2057]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 485s [p11_child[2057]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 485s [p11_child[2057]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 485s [p11_child[2057]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 485s [p11_child[2057]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 485s [p11_child[2057]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 485s [p11_child[2057]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 485s [p11_child[2057]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 485s [p11_child[2057]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 485s [p11_child[2057]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 485s [p11_child[2057]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 485s [p11_child[2057]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 485s [p11_child[2057]] [do_card] (0x4000): Certificate verified and validated. 485s [p11_child[2057]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 485s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-GcvsPX/SSSD-child-7582-auth.output 485s + echo '-----BEGIN CERTIFICATE-----' 485s + tail -n1 /tmp/sssd-softhsm2-GcvsPX/SSSD-child-7582-auth.output 485s + echo '-----END CERTIFICATE-----' 485s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-GcvsPX/SSSD-child-7582-auth.pem 485s Certificate: 485s Data: 485s Version: 3 (0x2) 485s Serial Number: 3 (0x3) 485s Signature Algorithm: sha256WithRSAEncryption 485s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root CA 485s Validity 485s Not Before: Mar 21 04:29:39 2024 GMT 485s Not After : Mar 21 04:29:39 2025 GMT 485s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root Trusted Certificate 0001 485s Subject Public Key Info: 485s Public Key Algorithm: rsaEncryption 485s Public-Key: (1024 bit) 485s Modulus: 485s 00:b7:4c:8c:62:a8:04:e0:ba:7d:1a:96:fe:6d:59: 485s 16:62:65:0f:a5:4c:a9:72:16:5f:6b:6f:b3:4c:d6: 485s df:95:18:8a:c7:ca:a3:98:38:08:d8:d9:7e:65:2e: 485s 9e:a0:f0:b4:c5:09:92:d7:9c:91:0d:06:12:1c:d6: 485s fd:f0:52:c0:91:cc:18:b7:11:13:92:f8:4d:f8:b1: 485s 2d:7d:f7:09:aa:81:6f:66:4e:09:34:4e:d9:5a:00: 485s eb:b4:7c:7a:0e:e5:12:e3:4d:bb:42:3a:6d:b3:be: 485s 93:dd:a7:52:29:1e:d7:4b:fc:c0:d1:ad:de:52:5c: 485s 71:fa:65:05:28:d7:d0:6a:a7 485s Exponent: 65537 (0x10001) 485s X509v3 extensions: 485s X509v3 Authority Key Identifier: 485s 89:8D:63:AB:A2:E0:29:05:93:CC:C0:49:C1:1C:32:86:E4:BE:D7:6F 485s X509v3 Basic Constraints: 485s CA:FALSE 485s Netscape Cert Type: 485s SSL Client, S/MIME 485s Netscape Comment: 485s Test Organization Root CA trusted Certificate 485s X509v3 Subject Key Identifier: 485s 0A:2C:32:93:65:73:D2:16:B8:46:61:13:01:ED:5D:E8:ED:FC:96:73 485s X509v3 Key Usage: critical 485s Digital Signature, Non Repudiation, Key Encipherment 485s X509v3 Extended Key Usage: 485s TLS Web Client Authentication, E-mail Protection 485s X509v3 Subject Alternative Name: 485s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 485s Signature Algorithm: sha256WithRSAEncryption 485s Signature Value: 485s 14:e3:32:43:60:32:f0:b6:22:10:d8:82:2c:53:71:ea:df:52: 485s b8:4a:65:e8:76:54:51:f3:85:a5:64:c3:19:1b:a1:f1:1c:b9: 485s 28:34:02:bf:4a:2e:34:05:f3:0c:82:22:9b:3f:1a:0c:12:34: 485s 1c:71:b8:d9:49:94:28:94:e9:78:41:fc:a5:4b:b3:c6:ee:b8: 485s ef:d6:1d:ed:e3:26:1e:b1:eb:57:c1:db:f7:ae:81:4a:7e:29: 485s 40:f1:df:02:ac:e7:33:2c:ba:81:03:33:32:e3:a0:77:17:60: 485s 3c:85:e2:46:75:5e:c3:b2:b7:13:4d:77:91:63:b1:d5:9e:98: 485s 0c:75 485s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-GcvsPX/SSSD-child-7582-auth.pem 485s + found_md5=Modulus=B74C8C62A804E0BA7D1A96FE6D591662650FA54CA972165F6B6FB34CD6DF95188AC7CAA3983808D8D97E652E9EA0F0B4C50992D79C910D06121CD6FDF052C091CC18B7111392F84DF8B12D7DF709AA816F664E09344ED95A00EBB47C7A0EE512E34DBB423A6DB3BE93DDA752291ED74BFCC0D1ADDE525C71FA650528D7D06AA7 485s + '[' Modulus=B74C8C62A804E0BA7D1A96FE6D591662650FA54CA972165F6B6FB34CD6DF95188AC7CAA3983808D8D97E652E9EA0F0B4C50992D79C910D06121CD6FDF052C091CC18B7111392F84DF8B12D7DF709AA816F664E09344ED95A00EBB47C7A0EE512E34DBB423A6DB3BE93DDA752291ED74BFCC0D1ADDE525C71FA650528D7D06AA7 '!=' Modulus=B74C8C62A804E0BA7D1A96FE6D591662650FA54CA972165F6B6FB34CD6DF95188AC7CAA3983808D8D97E652E9EA0F0B4C50992D79C910D06121CD6FDF052C091CC18B7111392F84DF8B12D7DF709AA816F664E09344ED95A00EBB47C7A0EE512E34DBB423A6DB3BE93DDA752291ED74BFCC0D1ADDE525C71FA650528D7D06AA7 ']' 485s + valid_certificate /tmp/sssd-softhsm2-GcvsPX/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-17636 /tmp/sssd-softhsm2-GcvsPX/test-root-CA.pem partial_chain 485s + check_certificate /tmp/sssd-softhsm2-GcvsPX/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-17636 /tmp/sssd-softhsm2-GcvsPX/test-root-CA.pem partial_chain 485s + local certificate=/tmp/sssd-softhsm2-GcvsPX/test-root-CA-trusted-certificate-0001.pem 485s + local key_pass=pass:random-root-ca-trusted-cert-0001-17636 485s + local key_ring=/tmp/sssd-softhsm2-GcvsPX/test-root-CA.pem 485s + local verify_option=partial_chain 485s + prepare_softhsm2_card /tmp/sssd-softhsm2-GcvsPX/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-17636 485s + local certificate=/tmp/sssd-softhsm2-GcvsPX/test-root-CA-trusted-certificate-0001.pem 485s + local key_pass=pass:random-root-ca-trusted-cert-0001-17636 485s + local key_cn 485s + local key_name 485s + local tokens_dir 485s + local output_cert_file 485s + token_name= 485s ++ basename /tmp/sssd-softhsm2-GcvsPX/test-root-CA-trusted-certificate-0001.pem .pem 485s + key_name=test-root-CA-trusted-certificate-0001 485s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-GcvsPX/test-root-CA-trusted-certificate-0001.pem 485s ++ sed -n 's/ *commonName *= //p' 485s + key_cn='Test Organization Root Trusted Certificate 0001' 485s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 485s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-GcvsPX/softhsm2-test-root-CA-trusted-certificate-0001.conf 485s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-GcvsPX/softhsm2-test-root-CA-trusted-certificate-0001.conf 485s ++ basename /tmp/sssd-softhsm2-GcvsPX/softhsm2-test-root-CA-trusted-certificate-0001.conf .conf 485s + tokens_dir=/tmp/sssd-softhsm2-GcvsPX/softhsm2-test-root-CA-trusted-certificate-0001 485s + token_name='Test Organization Root Tr Token' 485s + '[' '!' -e /tmp/sssd-softhsm2-GcvsPX/softhsm2-test-root-CA-trusted-certificate-0001.conf ']' 485s + '[' '!' -d /tmp/sssd-softhsm2-GcvsPX/softhsm2-test-root-CA-trusted-certificate-0001 ']' 485s + echo 'Test Organization Root Tr Token' 485s + '[' -n partial_chain ']' 485s + local verify_arg=--verify=partial_chain 485s Test Organization Root Tr Token 485s + local output_base_name=SSSD-child-25905 485s + local output_file=/tmp/sssd-softhsm2-GcvsPX/SSSD-child-25905.output 485s + output_cert_file=/tmp/sssd-softhsm2-GcvsPX/SSSD-child-25905.pem 485s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so --verify=partial_chain --ca_db=/tmp/sssd-softhsm2-GcvsPX/test-root-CA.pem 485s [p11_child[2067]] [main] (0x0400): p11_child started. 485s [p11_child[2067]] [main] (0x2000): Running in [pre-auth] mode. 485s [p11_child[2067]] [main] (0x2000): Running with effective IDs: [0][0]. 485s [p11_child[2067]] [main] (0x2000): Running with real IDs [0][0]. 485s [p11_child[2067]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 485s [p11_child[2067]] [do_card] (0x4000): Module List: 485s [p11_child[2067]] [do_card] (0x4000): common name: [softhsm2]. 485s [p11_child[2067]] [do_card] (0x4000): dll name: [/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 485s [p11_child[2067]] [do_card] (0x4000): Description [SoftHSM slot ID 0x107ff916] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 485s [p11_child[2067]] [do_card] (0x4000): Token label [Test Organization Root Tr Token]. 485s [p11_child[2067]] [do_card] (0x4000): Found [Test Organization Root Tr Token] in slot [SoftHSM slot ID 0x107ff916][276822294] of module [0][/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 485s [p11_child[2067]] [do_card] (0x4000): Login NOT required. 485s [p11_child[2067]] [read_certs] (0x4000): found cert[Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] 485s [p11_child[2067]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 485s [p11_child[2067]] [do_card] (0x4000): /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so (null) Test Organization Root Tr Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 485s [p11_child[2067]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x107ff916;slot-manufacturer=SoftHSM%20project;slot-id=276822294;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=68dc4eb3107ff916;token=Test%20Organization%20Root%20Tr%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Root%20Trusted%20Certificate%200001;type=cert. 485s [p11_child[2067]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 485s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-GcvsPX/SSSD-child-25905.output 485s + echo '-----BEGIN CERTIFICATE-----' 485s + tail -n1 /tmp/sssd-softhsm2-GcvsPX/SSSD-child-25905.output 485s + echo '-----END CERTIFICATE-----' 485s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-GcvsPX/SSSD-child-25905.pem 485s + local found_md5 expected_md5 485s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-GcvsPX/test-root-CA-trusted-certificate-0001.pem 485s Certificate: 485s Data: 485s Version: 3 (0x2) 485s Serial Number: 3 (0x3) 485s Signature Algorithm: sha256WithRSAEncryption 485s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root CA 485s Validity 485s Not Before: Mar 21 04:29:39 2024 GMT 485s Not After : Mar 21 04:29:39 2025 GMT 485s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root Trusted Certificate 0001 485s Subject Public Key Info: 485s Public Key Algorithm: rsaEncryption 485s Public-Key: (1024 bit) 485s Modulus: 485s 00:b7:4c:8c:62:a8:04:e0:ba:7d:1a:96:fe:6d:59: 485s 16:62:65:0f:a5:4c:a9:72:16:5f:6b:6f:b3:4c:d6: 485s df:95:18:8a:c7:ca:a3:98:38:08:d8:d9:7e:65:2e: 485s 9e:a0:f0:b4:c5:09:92:d7:9c:91:0d:06:12:1c:d6: 485s fd:f0:52:c0:91:cc:18:b7:11:13:92:f8:4d:f8:b1: 485s 2d:7d:f7:09:aa:81:6f:66:4e:09:34:4e:d9:5a:00: 485s eb:b4:7c:7a:0e:e5:12:e3:4d:bb:42:3a:6d:b3:be: 485s 93:dd:a7:52:29:1e:d7:4b:fc:c0:d1:ad:de:52:5c: 485s 71:fa:65:05:28:d7:d0:6a:a7 485s Exponent: 65537 (0x10001) 485s X509v3 extensions: 485s X509v3 Authority Key Identifier: 485s 89:8D:63:AB:A2:E0:29:05:93:CC:C0:49:C1:1C:32:86:E4:BE:D7:6F 485s X509v3 Basic Constraints: 485s CA:FALSE 485s Netscape Cert Type: 485s SSL Client, S/MIME 485s Netscape Comment: 485s Test Organization Root CA trusted Certificate 485s X509v3 Subject Key Identifier: 485s 0A:2C:32:93:65:73:D2:16:B8:46:61:13:01:ED:5D:E8:ED:FC:96:73 485s X509v3 Key Usage: critical 485s Digital Signature, Non Repudiation, Key Encipherment 485s X509v3 Extended Key Usage: 485s TLS Web Client Authentication, E-mail Protection 485s X509v3 Subject Alternative Name: 485s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 485s Signature Algorithm: sha256WithRSAEncryption 485s Signature Value: 485s 14:e3:32:43:60:32:f0:b6:22:10:d8:82:2c:53:71:ea:df:52: 485s b8:4a:65:e8:76:54:51:f3:85:a5:64:c3:19:1b:a1:f1:1c:b9: 485s 28:34:02:bf:4a:2e:34:05:f3:0c:82:22:9b:3f:1a:0c:12:34: 485s 1c:71:b8:d9:49:94:28:94:e9:78:41:fc:a5:4b:b3:c6:ee:b8: 485s ef:d6:1d:ed:e3:26:1e:b1:eb:57:c1:db:f7:ae:81:4a:7e:29: 485s 40:f1:df:02:ac:e7:33:2c:ba:81:03:33:32:e3:a0:77:17:60: 485s 3c:85:e2:46:75:5e:c3:b2:b7:13:4d:77:91:63:b1:d5:9e:98: 485s 0c:75 485s + expected_md5=Modulus=B74C8C62A804E0BA7D1A96FE6D591662650FA54CA972165F6B6FB34CD6DF95188AC7CAA3983808D8D97E652E9EA0F0B4C50992D79C910D06121CD6FDF052C091CC18B7111392F84DF8B12D7DF709AA816F664E09344ED95A00EBB47C7A0EE512E34DBB423A6DB3BE93DDA752291ED74BFCC0D1ADDE525C71FA650528D7D06AA7 485s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-GcvsPX/SSSD-child-25905.pem 485s + found_md5=Modulus=B74C8C62A804E0BA7D1A96FE6D591662650FA54CA972165F6B6FB34CD6DF95188AC7CAA3983808D8D97E652E9EA0F0B4C50992D79C910D06121CD6FDF052C091CC18B7111392F84DF8B12D7DF709AA816F664E09344ED95A00EBB47C7A0EE512E34DBB423A6DB3BE93DDA752291ED74BFCC0D1ADDE525C71FA650528D7D06AA7 485s + '[' Modulus=B74C8C62A804E0BA7D1A96FE6D591662650FA54CA972165F6B6FB34CD6DF95188AC7CAA3983808D8D97E652E9EA0F0B4C50992D79C910D06121CD6FDF052C091CC18B7111392F84DF8B12D7DF709AA816F664E09344ED95A00EBB47C7A0EE512E34DBB423A6DB3BE93DDA752291ED74BFCC0D1ADDE525C71FA650528D7D06AA7 '!=' Modulus=B74C8C62A804E0BA7D1A96FE6D591662650FA54CA972165F6B6FB34CD6DF95188AC7CAA3983808D8D97E652E9EA0F0B4C50992D79C910D06121CD6FDF052C091CC18B7111392F84DF8B12D7DF709AA816F664E09344ED95A00EBB47C7A0EE512E34DBB423A6DB3BE93DDA752291ED74BFCC0D1ADDE525C71FA650528D7D06AA7 ']' 485s + output_file=/tmp/sssd-softhsm2-GcvsPX/SSSD-child-25905-auth.output 485s ++ basename /tmp/sssd-softhsm2-GcvsPX/SSSD-child-25905-auth.output .output 485s + output_cert_file=/tmp/sssd-softhsm2-GcvsPX/SSSD-child-25905-auth.pem 485s + echo -n 053350 485s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/tmp/sssd-softhsm2-GcvsPX/test-root-CA.pem --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 --verify=partial_chain --token_name 'Test Organization Root Tr Token' --module_name /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so 485s [p11_child[2075]] [main] (0x0400): p11_child started. 485s [p11_child[2075]] [main] (0x2000): Running in [auth] mode. 485s [p11_child[2075]] [main] (0x2000): Running with effective IDs: [0][0]. 485s [p11_child[2075]] [main] (0x2000): Running with real IDs [0][0]. 485s [p11_child[2075]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 485s [p11_child[2075]] [do_card] (0x4000): Module List: 485s [p11_child[2075]] [do_card] (0x4000): common name: [softhsm2]. 485s [p11_child[2075]] [do_card] (0x4000): dll name: [/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 485s [p11_child[2075]] [do_card] (0x4000): Description [SoftHSM slot ID 0x107ff916] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 485s [p11_child[2075]] [do_card] (0x4000): Token label [Test Organization Root Tr Token]. 485s [p11_child[2075]] [do_card] (0x4000): Found [Test Organization Root Tr Token] in slot [SoftHSM slot ID 0x107ff916][276822294] of module [0][/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 485s [p11_child[2075]] [do_card] (0x4000): Login required. 485s [p11_child[2075]] [read_certs] (0x4000): found cert[Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] 485s [p11_child[2075]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 485s [p11_child[2075]] [do_card] (0x4000): /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so Test Organization Root Tr Token Test Organization Root Tr Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 485s [p11_child[2075]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x107ff916;slot-manufacturer=SoftHSM%20project;slot-id=276822294;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=68dc4eb3107ff916;token=Test%20Organization%20Root%20Tr%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Root%20Trusted%20Certificate%200001;type=cert. 485s [p11_child[2075]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 485s [p11_child[2075]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 485s [p11_child[2075]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 485s [p11_child[2075]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 485s [p11_child[2075]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 485s [p11_child[2075]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 485s [p11_child[2075]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 485s [p11_child[2075]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 485s [p11_child[2075]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 485s [p11_child[2075]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 485s [p11_child[2075]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 485s [p11_child[2075]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 485s [p11_child[2075]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 485s [p11_child[2075]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 485s [p11_child[2075]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 485s [p11_child[2075]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 485s [p11_child[2075]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 485s [p11_child[2075]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 485s [p11_child[2075]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 485s [p11_child[2075]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 485s [p11_child[2075]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 485s [p11_child[2075]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 485s [p11_child[2075]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 485s [p11_child[2075]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 485s [p11_child[2075]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 485s [p11_child[2075]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 485s [p11_child[2075]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 485s [p11_child[2075]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 485s [p11_child[2075]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 485s [p11_child[2075]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 485s [p11_child[2075]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 485s [p11_child[2075]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 485s [p11_child[2075]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 485s [p11_child[2075]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 485s [p11_child[2075]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 485s [p11_child[2075]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 485s [p11_child[2075]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 485s [p11_child[2075]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 485s [p11_child[2075]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 485s [p11_child[2075]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 485s [p11_child[2075]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 485s [p11_child[2075]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 485s [p11_child[2075]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 485s [p11_child[2075]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 485s [p11_child[2075]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 485s [p11_child[2075]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 485s [p11_child[2075]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 485s [p11_child[2075]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 485s [p11_child[2075]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 485s [p11_child[2075]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 485s [p11_child[2075]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 485s [p11_child[2075]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 485s [p11_child[2075]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 485s [p11_child[2075]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 485s [p11_child[2075]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 485s [p11_child[2075]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 485s [p11_child[2075]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 485s [p11_child[2075]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 485s [p11_child[2075]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 485s [p11_child[2075]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 485s [p11_child[2075]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 485s [p11_child[2075]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 485s [p11_child[2075]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 485s [p11_child[2075]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 485s [p11_child[2075]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 485s [p11_child[2075]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 485s [p11_child[2075]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 485s [p11_child[2075]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 485s [p11_child[2075]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 485s [p11_child[2075]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 485s [p11_child[2075]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 485s [p11_child[2075]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 485s [p11_child[2075]] [do_card] (0x4000): Certificate verified and validated. 485s [p11_child[2075]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 485s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-GcvsPX/SSSD-child-25905-auth.output 485s + echo '-----BEGIN CERTIFICATE-----' 485s + tail -n1 /tmp/sssd-softhsm2-GcvsPX/SSSD-child-25905-auth.output 485s + echo '-----END CERTIFICATE-----' 485s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-GcvsPX/SSSD-child-25905-auth.pem 485s Certificate: 485s Data: 485s Version: 3 (0x2) 485s Serial Number: 3 (0x3) 485s Signature Algorithm: sha256WithRSAEncryption 485s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root CA 485s Validity 485s Not Before: Mar 21 04:29:39 2024 GMT 485s Not After : Mar 21 04:29:39 2025 GMT 485s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root Trusted Certificate 0001 485s Subject Public Key Info: 485s Public Key Algorithm: rsaEncryption 485s Public-Key: (1024 bit) 485s Modulus: 485s 00:b7:4c:8c:62:a8:04:e0:ba:7d:1a:96:fe:6d:59: 485s 16:62:65:0f:a5:4c:a9:72:16:5f:6b:6f:b3:4c:d6: 485s df:95:18:8a:c7:ca:a3:98:38:08:d8:d9:7e:65:2e: 485s 9e:a0:f0:b4:c5:09:92:d7:9c:91:0d:06:12:1c:d6: 485s fd:f0:52:c0:91:cc:18:b7:11:13:92:f8:4d:f8:b1: 485s 2d:7d:f7:09:aa:81:6f:66:4e:09:34:4e:d9:5a:00: 485s eb:b4:7c:7a:0e:e5:12:e3:4d:bb:42:3a:6d:b3:be: 485s 93:dd:a7:52:29:1e:d7:4b:fc:c0:d1:ad:de:52:5c: 485s 71:fa:65:05:28:d7:d0:6a:a7 485s Exponent: 65537 (0x10001) 485s X509v3 extensions: 485s X509v3 Authority Key Identifier: 485s 89:8D:63:AB:A2:E0:29:05:93:CC:C0:49:C1:1C:32:86:E4:BE:D7:6F 485s X509v3 Basic Constraints: 485s CA:FALSE 485s Netscape Cert Type: 485s SSL Client, S/MIME 485s Netscape Comment: 485s Test Organization Root CA trusted Certificate 485s X509v3 Subject Key Identifier: 485s 0A:2C:32:93:65:73:D2:16:B8:46:61:13:01:ED:5D:E8:ED:FC:96:73 485s X509v3 Key Usage: critical 485s Digital Signature, Non Repudiation, Key Encipherment 485s X509v3 Extended Key Usage: 485s TLS Web Client Authentication, E-mail Protection 485s X509v3 Subject Alternative Name: 485s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 485s Signature Algorithm: sha256WithRSAEncryption 485s Signature Value: 485s 14:e3:32:43:60:32:f0:b6:22:10:d8:82:2c:53:71:ea:df:52: 485s b8:4a:65:e8:76:54:51:f3:85:a5:64:c3:19:1b:a1:f1:1c:b9: 485s 28:34:02:bf:4a:2e:34:05:f3:0c:82:22:9b:3f:1a:0c:12:34: 485s 1c:71:b8:d9:49:94:28:94:e9:78:41:fc:a5:4b:b3:c6:ee:b8: 485s ef:d6:1d:ed:e3:26:1e:b1:eb:57:c1:db:f7:ae:81:4a:7e:29: 485s 40:f1:df:02:ac:e7:33:2c:ba:81:03:33:32:e3:a0:77:17:60: 485s 3c:85:e2:46:75:5e:c3:b2:b7:13:4d:77:91:63:b1:d5:9e:98: 485s 0c:75 485s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-GcvsPX/SSSD-child-25905-auth.pem 486s + found_md5=Modulus=B74C8C62A804E0BA7D1A96FE6D591662650FA54CA972165F6B6FB34CD6DF95188AC7CAA3983808D8D97E652E9EA0F0B4C50992D79C910D06121CD6FDF052C091CC18B7111392F84DF8B12D7DF709AA816F664E09344ED95A00EBB47C7A0EE512E34DBB423A6DB3BE93DDA752291ED74BFCC0D1ADDE525C71FA650528D7D06AA7 486s + '[' Modulus=B74C8C62A804E0BA7D1A96FE6D591662650FA54CA972165F6B6FB34CD6DF95188AC7CAA3983808D8D97E652E9EA0F0B4C50992D79C910D06121CD6FDF052C091CC18B7111392F84DF8B12D7DF709AA816F664E09344ED95A00EBB47C7A0EE512E34DBB423A6DB3BE93DDA752291ED74BFCC0D1ADDE525C71FA650528D7D06AA7 '!=' Modulus=B74C8C62A804E0BA7D1A96FE6D591662650FA54CA972165F6B6FB34CD6DF95188AC7CAA3983808D8D97E652E9EA0F0B4C50992D79C910D06121CD6FDF052C091CC18B7111392F84DF8B12D7DF709AA816F664E09344ED95A00EBB47C7A0EE512E34DBB423A6DB3BE93DDA752291ED74BFCC0D1ADDE525C71FA650528D7D06AA7 ']' 486s + valid_certificate /tmp/sssd-softhsm2-GcvsPX/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-17636 /tmp/sssd-softhsm2-GcvsPX/test-full-chain-CA.pem 486s + check_certificate /tmp/sssd-softhsm2-GcvsPX/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-17636 /tmp/sssd-softhsm2-GcvsPX/test-full-chain-CA.pem 486s + local certificate=/tmp/sssd-softhsm2-GcvsPX/test-root-CA-trusted-certificate-0001.pem 486s + local key_pass=pass:random-root-ca-trusted-cert-0001-17636 486s + local key_ring=/tmp/sssd-softhsm2-GcvsPX/test-full-chain-CA.pem 486s + local verify_option= 486s + prepare_softhsm2_card /tmp/sssd-softhsm2-GcvsPX/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-17636 486s + local certificate=/tmp/sssd-softhsm2-GcvsPX/test-root-CA-trusted-certificate-0001.pem 486s + local key_pass=pass:random-root-ca-trusted-cert-0001-17636 486s + local key_cn 486s + local key_name 486s + local tokens_dir 486s + local output_cert_file 486s + token_name= 486s ++ basename /tmp/sssd-softhsm2-GcvsPX/test-root-CA-trusted-certificate-0001.pem .pem 486s + key_name=test-root-CA-trusted-certificate-0001 486s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-GcvsPX/test-root-CA-trusted-certificate-0001.pem 486s ++ sed -n 's/ *commonName *= //p' 486s + key_cn='Test Organization Root Trusted Certificate 0001' 486s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 486s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-GcvsPX/softhsm2-test-root-CA-trusted-certificate-0001.conf 486s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-GcvsPX/softhsm2-test-root-CA-trusted-certificate-0001.conf 486s ++ basename /tmp/sssd-softhsm2-GcvsPX/softhsm2-test-root-CA-trusted-certificate-0001.conf .conf 486s + tokens_dir=/tmp/sssd-softhsm2-GcvsPX/softhsm2-test-root-CA-trusted-certificate-0001 486s + token_name='Test Organization Root Tr Token' 486s + '[' '!' -e /tmp/sssd-softhsm2-GcvsPX/softhsm2-test-root-CA-trusted-certificate-0001.conf ']' 486s + '[' '!' -d /tmp/sssd-softhsm2-GcvsPX/softhsm2-test-root-CA-trusted-certificate-0001 ']' 486s + echo 'Test Organization Root Tr Token' 486s Test Organization Root Tr Token 486s + '[' -n '' ']' 486s + local output_base_name=SSSD-child-8766 486s + local output_file=/tmp/sssd-softhsm2-GcvsPX/SSSD-child-8766.output 486s + output_cert_file=/tmp/sssd-softhsm2-GcvsPX/SSSD-child-8766.pem 486s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so '' --ca_db=/tmp/sssd-softhsm2-GcvsPX/test-full-chain-CA.pem 486s [p11_child[2085]] [main] (0x0400): p11_child started. 486s [p11_child[2085]] [main] (0x2000): Running in [pre-auth] mode. 486s [p11_child[2085]] [main] (0x2000): Running with effective IDs: [0][0]. 486s [p11_child[2085]] [main] (0x2000): Running with real IDs [0][0]. 486s [p11_child[2085]] [do_card] (0x4000): Module List: 486s [p11_child[2085]] [do_card] (0x4000): common name: [softhsm2]. 486s [p11_child[2085]] [do_card] (0x4000): dll name: [/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 486s [p11_child[2085]] [do_card] (0x4000): Description [SoftHSM slot ID 0x107ff916] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 486s [p11_child[2085]] [do_card] (0x4000): Token label [Test Organization Root Tr Token]. 486s [p11_child[2085]] [do_card] (0x4000): Found [Test Organization Root Tr Token] in slot [SoftHSM slot ID 0x107ff916][276822294] of module [0][/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 486s [p11_child[2085]] [do_card] (0x4000): Login NOT required. 486s [p11_child[2085]] [read_certs] (0x4000): found cert[Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] 486s [p11_child[2085]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 486s [p11_child[2085]] [do_card] (0x4000): /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so (null) Test Organization Root Tr Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 486s [p11_child[2085]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x107ff916;slot-manufacturer=SoftHSM%20project;slot-id=276822294;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=68dc4eb3107ff916;token=Test%20Organization%20Root%20Tr%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Root%20Trusted%20Certificate%200001;type=cert. 486s [p11_child[2085]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 486s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-GcvsPX/SSSD-child-8766.output 486s + echo '-----BEGIN CERTIFICATE-----' 486s + tail -n1 /tmp/sssd-softhsm2-GcvsPX/SSSD-child-8766.output 486s + echo '-----END CERTIFICATE-----' 486s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-GcvsPX/SSSD-child-8766.pem 486s Certificate: 486s Data: 486s Version: 3 (0x2) 486s Serial Number: 3 (0x3) 486s Signature Algorithm: sha256WithRSAEncryption 486s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root CA 486s Validity 486s Not Before: Mar 21 04:29:39 2024 GMT 486s Not After : Mar 21 04:29:39 2025 GMT 486s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root Trusted Certificate 0001 486s Subject Public Key Info: 486s Public Key Algorithm: rsaEncryption 486s Public-Key: (1024 bit) 486s Modulus: 486s 00:b7:4c:8c:62:a8:04:e0:ba:7d:1a:96:fe:6d:59: 486s 16:62:65:0f:a5:4c:a9:72:16:5f:6b:6f:b3:4c:d6: 486s df:95:18:8a:c7:ca:a3:98:38:08:d8:d9:7e:65:2e: 486s 9e:a0:f0:b4:c5:09:92:d7:9c:91:0d:06:12:1c:d6: 486s fd:f0:52:c0:91:cc:18:b7:11:13:92:f8:4d:f8:b1: 486s 2d:7d:f7:09:aa:81:6f:66:4e:09:34:4e:d9:5a:00: 486s eb:b4:7c:7a:0e:e5:12:e3:4d:bb:42:3a:6d:b3:be: 486s 93:dd:a7:52:29:1e:d7:4b:fc:c0:d1:ad:de:52:5c: 486s 71:fa:65:05:28:d7:d0:6a:a7 486s Exponent: 65537 (0x10001) 486s X509v3 extensions: 486s X509v3 Authority Key Identifier: 486s 89:8D:63:AB:A2:E0:29:05:93:CC:C0:49:C1:1C:32:86:E4:BE:D7:6F 486s X509v3 Basic Constraints: 486s CA:FALSE 486s Netscape Cert Type: 486s SSL Client, S/MIME 486s Netscape Comment: 486s Test Organization Root CA trusted Certificate 486s X509v3 Subject Key Identifier: 486s 0A:2C:32:93:65:73:D2:16:B8:46:61:13:01:ED:5D:E8:ED:FC:96:73 486s X509v3 Key Usage: critical 486s Digital Signature, Non Repudiation, Key Encipherment 486s X509v3 Extended Key Usage: 486s TLS Web Client Authentication, E-mail Protection 486s X509v3 Subject Alternative Name: 486s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 486s Signature Algorithm: sha256WithRSAEncryption 486s Signature Value: 486s 14:e3:32:43:60:32:f0:b6:22:10:d8:82:2c:53:71:ea:df:52: 486s b8:4a:65:e8:76:54:51:f3:85:a5:64:c3:19:1b:a1:f1:1c:b9: 486s 28:34:02:bf:4a:2e:34:05:f3:0c:82:22:9b:3f:1a:0c:12:34: 486s 1c:71:b8:d9:49:94:28:94:e9:78:41:fc:a5:4b:b3:c6:ee:b8: 486s ef:d6:1d:ed:e3:26:1e:b1:eb:57:c1:db:f7:ae:81:4a:7e:29: 486s 40:f1:df:02:ac:e7:33:2c:ba:81:03:33:32:e3:a0:77:17:60: 486s 3c:85:e2:46:75:5e:c3:b2:b7:13:4d:77:91:63:b1:d5:9e:98: 486s 0c:75 486s + local found_md5 expected_md5 486s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-GcvsPX/test-root-CA-trusted-certificate-0001.pem 486s + expected_md5=Modulus=B74C8C62A804E0BA7D1A96FE6D591662650FA54CA972165F6B6FB34CD6DF95188AC7CAA3983808D8D97E652E9EA0F0B4C50992D79C910D06121CD6FDF052C091CC18B7111392F84DF8B12D7DF709AA816F664E09344ED95A00EBB47C7A0EE512E34DBB423A6DB3BE93DDA752291ED74BFCC0D1ADDE525C71FA650528D7D06AA7 486s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-GcvsPX/SSSD-child-8766.pem 486s + found_md5=Modulus=B74C8C62A804E0BA7D1A96FE6D591662650FA54CA972165F6B6FB34CD6DF95188AC7CAA3983808D8D97E652E9EA0F0B4C50992D79C910D06121CD6FDF052C091CC18B7111392F84DF8B12D7DF709AA816F664E09344ED95A00EBB47C7A0EE512E34DBB423A6DB3BE93DDA752291ED74BFCC0D1ADDE525C71FA650528D7D06AA7 486s + '[' Modulus=B74C8C62A804E0BA7D1A96FE6D591662650FA54CA972165F6B6FB34CD6DF95188AC7CAA3983808D8D97E652E9EA0F0B4C50992D79C910D06121CD6FDF052C091CC18B7111392F84DF8B12D7DF709AA816F664E09344ED95A00EBB47C7A0EE512E34DBB423A6DB3BE93DDA752291ED74BFCC0D1ADDE525C71FA650528D7D06AA7 '!=' Modulus=B74C8C62A804E0BA7D1A96FE6D591662650FA54CA972165F6B6FB34CD6DF95188AC7CAA3983808D8D97E652E9EA0F0B4C50992D79C910D06121CD6FDF052C091CC18B7111392F84DF8B12D7DF709AA816F664E09344ED95A00EBB47C7A0EE512E34DBB423A6DB3BE93DDA752291ED74BFCC0D1ADDE525C71FA650528D7D06AA7 ']' 486s + output_file=/tmp/sssd-softhsm2-GcvsPX/SSSD-child-8766-auth.output 486s ++ basename /tmp/sssd-softhsm2-GcvsPX/SSSD-child-8766-auth.output .output 486s + output_cert_file=/tmp/sssd-softhsm2-GcvsPX/SSSD-child-8766-auth.pem 486s + echo -n 053350 486s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/tmp/sssd-softhsm2-GcvsPX/test-full-chain-CA.pem --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 '' --token_name 'Test Organization Root Tr Token' --module_name /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so 486s [p11_child[2093]] [main] (0x0400): p11_child started. 486s [p11_child[2093]] [main] (0x2000): Running in [auth] mode. 486s [p11_child[2093]] [main] (0x2000): Running with effective IDs: [0][0]. 486s [p11_child[2093]] [main] (0x2000): Running with real IDs [0][0]. 486s [p11_child[2093]] [do_card] (0x4000): Module List: 486s [p11_child[2093]] [do_card] (0x4000): common name: [softhsm2]. 486s [p11_child[2093]] [do_card] (0x4000): dll name: [/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 486s [p11_child[2093]] [do_card] (0x4000): Description [SoftHSM slot ID 0x107ff916] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 486s [p11_child[2093]] [do_card] (0x4000): Token label [Test Organization Root Tr Token]. 486s [p11_child[2093]] [do_card] (0x4000): Found [Test Organization Root Tr Token] in slot [SoftHSM slot ID 0x107ff916][276822294] of module [0][/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 486s [p11_child[2093]] [do_card] (0x4000): Login required. 486s [p11_child[2093]] [read_certs] (0x4000): found cert[Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] 486s [p11_child[2093]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 486s [p11_child[2093]] [do_card] (0x4000): /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so Test Organization Root Tr Token Test Organization Root Tr Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 486s [p11_child[2093]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x107ff916;slot-manufacturer=SoftHSM%20project;slot-id=276822294;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=68dc4eb3107ff916;token=Test%20Organization%20Root%20Tr%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Root%20Trusted%20Certificate%200001;type=cert. 486s [p11_child[2093]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 486s [p11_child[2093]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 486s [p11_child[2093]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 486s [p11_child[2093]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 486s [p11_child[2093]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 486s [p11_child[2093]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 486s [p11_child[2093]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 486s [p11_child[2093]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 486s [p11_child[2093]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 486s [p11_child[2093]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 486s [p11_child[2093]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 486s [p11_child[2093]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 486s [p11_child[2093]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 486s [p11_child[2093]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 486s [p11_child[2093]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 486s [p11_child[2093]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 486s [p11_child[2093]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 486s [p11_child[2093]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 486s [p11_child[2093]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 486s [p11_child[2093]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 486s [p11_child[2093]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 486s [p11_child[2093]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 486s [p11_child[2093]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 486s [p11_child[2093]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 486s [p11_child[2093]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 486s [p11_child[2093]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 486s [p11_child[2093]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 486s [p11_child[2093]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 486s [p11_child[2093]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 486s [p11_child[2093]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 486s [p11_child[2093]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 486s [p11_child[2093]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 486s [p11_child[2093]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 486s [p11_child[2093]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 486s [p11_child[2093]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 486s [p11_child[2093]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 486s [p11_child[2093]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 486s [p11_child[2093]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 486s [p11_child[2093]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 486s [p11_child[2093]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 486s [p11_child[2093]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 486s [p11_child[2093]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 486s [p11_child[2093]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 486s [p11_child[2093]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 486s [p11_child[2093]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 486s [p11_child[2093]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 486s [p11_child[2093]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 486s [p11_child[2093]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 486s [p11_child[2093]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 486s [p11_child[2093]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 486s [p11_child[2093]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 486s [p11_child[2093]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 486s [p11_child[2093]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 486s [p11_child[2093]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 486s [p11_child[2093]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 486s [p11_child[2093]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 486s [p11_child[2093]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 486s [p11_child[2093]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 486s [p11_child[2093]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 486s [p11_child[2093]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 486s [p11_child[2093]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 486s [p11_child[2093]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 486s [p11_child[2093]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 486s [p11_child[2093]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 486s [p11_child[2093]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 486s [p11_child[2093]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 486s [p11_child[2093]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 486s [p11_child[2093]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 486s [p11_child[2093]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 486s [p11_child[2093]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 486s [p11_child[2093]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 486s [p11_child[2093]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 486s [p11_child[2093]] [do_card] (0x4000): Certificate verified and validated. 486s [p11_child[2093]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 486s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-GcvsPX/SSSD-child-8766-auth.output 486s + echo '-----BEGIN CERTIFICATE-----' 486s + tail -n1 /tmp/sssd-softhsm2-GcvsPX/SSSD-child-8766-auth.output 486s + echo '-----END CERTIFICATE-----' 486s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-GcvsPX/SSSD-child-8766-auth.pem 486s Certificate: 486s Data: 486s Version: 3 (0x2) 486s Serial Number: 3 (0x3) 486s Signature Algorithm: sha256WithRSAEncryption 486s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root CA 486s Validity 486s Not Before: Mar 21 04:29:39 2024 GMT 486s Not After : Mar 21 04:29:39 2025 GMT 486s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root Trusted Certificate 0001 486s Subject Public Key Info: 486s Public Key Algorithm: rsaEncryption 486s Public-Key: (1024 bit) 486s Modulus: 486s 00:b7:4c:8c:62:a8:04:e0:ba:7d:1a:96:fe:6d:59: 486s 16:62:65:0f:a5:4c:a9:72:16:5f:6b:6f:b3:4c:d6: 486s df:95:18:8a:c7:ca:a3:98:38:08:d8:d9:7e:65:2e: 486s 9e:a0:f0:b4:c5:09:92:d7:9c:91:0d:06:12:1c:d6: 486s fd:f0:52:c0:91:cc:18:b7:11:13:92:f8:4d:f8:b1: 486s 2d:7d:f7:09:aa:81:6f:66:4e:09:34:4e:d9:5a:00: 486s eb:b4:7c:7a:0e:e5:12:e3:4d:bb:42:3a:6d:b3:be: 486s 93:dd:a7:52:29:1e:d7:4b:fc:c0:d1:ad:de:52:5c: 486s 71:fa:65:05:28:d7:d0:6a:a7 486s Exponent: 65537 (0x10001) 486s X509v3 extensions: 486s X509v3 Authority Key Identifier: 486s 89:8D:63:AB:A2:E0:29:05:93:CC:C0:49:C1:1C:32:86:E4:BE:D7:6F 486s X509v3 Basic Constraints: 486s CA:FALSE 486s Netscape Cert Type: 486s SSL Client, S/MIME 486s Netscape Comment: 486s Test Organization Root CA trusted Certificate 486s X509v3 Subject Key Identifier: 486s 0A:2C:32:93:65:73:D2:16:B8:46:61:13:01:ED:5D:E8:ED:FC:96:73 486s X509v3 Key Usage: critical 486s Digital Signature, Non Repudiation, Key Encipherment 486s X509v3 Extended Key Usage: 486s TLS Web Client Authentication, E-mail Protection 486s X509v3 Subject Alternative Name: 486s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 486s Signature Algorithm: sha256WithRSAEncryption 486s Signature Value: 486s 14:e3:32:43:60:32:f0:b6:22:10:d8:82:2c:53:71:ea:df:52: 486s b8:4a:65:e8:76:54:51:f3:85:a5:64:c3:19:1b:a1:f1:1c:b9: 486s 28:34:02:bf:4a:2e:34:05:f3:0c:82:22:9b:3f:1a:0c:12:34: 486s 1c:71:b8:d9:49:94:28:94:e9:78:41:fc:a5:4b:b3:c6:ee:b8: 486s ef:d6:1d:ed:e3:26:1e:b1:eb:57:c1:db:f7:ae:81:4a:7e:29: 486s 40:f1:df:02:ac:e7:33:2c:ba:81:03:33:32:e3:a0:77:17:60: 486s 3c:85:e2:46:75:5e:c3:b2:b7:13:4d:77:91:63:b1:d5:9e:98: 486s 0c:75 486s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-GcvsPX/SSSD-child-8766-auth.pem 486s + found_md5=Modulus=B74C8C62A804E0BA7D1A96FE6D591662650FA54CA972165F6B6FB34CD6DF95188AC7CAA3983808D8D97E652E9EA0F0B4C50992D79C910D06121CD6FDF052C091CC18B7111392F84DF8B12D7DF709AA816F664E09344ED95A00EBB47C7A0EE512E34DBB423A6DB3BE93DDA752291ED74BFCC0D1ADDE525C71FA650528D7D06AA7 486s + '[' Modulus=B74C8C62A804E0BA7D1A96FE6D591662650FA54CA972165F6B6FB34CD6DF95188AC7CAA3983808D8D97E652E9EA0F0B4C50992D79C910D06121CD6FDF052C091CC18B7111392F84DF8B12D7DF709AA816F664E09344ED95A00EBB47C7A0EE512E34DBB423A6DB3BE93DDA752291ED74BFCC0D1ADDE525C71FA650528D7D06AA7 '!=' Modulus=B74C8C62A804E0BA7D1A96FE6D591662650FA54CA972165F6B6FB34CD6DF95188AC7CAA3983808D8D97E652E9EA0F0B4C50992D79C910D06121CD6FDF052C091CC18B7111392F84DF8B12D7DF709AA816F664E09344ED95A00EBB47C7A0EE512E34DBB423A6DB3BE93DDA752291ED74BFCC0D1ADDE525C71FA650528D7D06AA7 ']' 486s + valid_certificate /tmp/sssd-softhsm2-GcvsPX/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-17636 /tmp/sssd-softhsm2-GcvsPX/test-full-chain-CA.pem partial_chain 486s + check_certificate /tmp/sssd-softhsm2-GcvsPX/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-17636 /tmp/sssd-softhsm2-GcvsPX/test-full-chain-CA.pem partial_chain 486s + local certificate=/tmp/sssd-softhsm2-GcvsPX/test-root-CA-trusted-certificate-0001.pem 486s + local key_pass=pass:random-root-ca-trusted-cert-0001-17636 486s + local key_ring=/tmp/sssd-softhsm2-GcvsPX/test-full-chain-CA.pem 486s + local verify_option=partial_chain 486s + prepare_softhsm2_card /tmp/sssd-softhsm2-GcvsPX/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-17636 486s + local certificate=/tmp/sssd-softhsm2-GcvsPX/test-root-CA-trusted-certificate-0001.pem 486s + local key_pass=pass:random-root-ca-trusted-cert-0001-17636 486s + local key_cn 486s + local key_name 486s + local tokens_dir 486s + local output_cert_file 486s + token_name= 486s ++ basename /tmp/sssd-softhsm2-GcvsPX/test-root-CA-trusted-certificate-0001.pem .pem 486s + key_name=test-root-CA-trusted-certificate-0001 486s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-GcvsPX/test-root-CA-trusted-certificate-0001.pem 486s ++ sed -n 's/ *commonName *= //p' 486s + key_cn='Test Organization Root Trusted Certificate 0001' 486s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 486s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-GcvsPX/softhsm2-test-root-CA-trusted-certificate-0001.conf 486s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-GcvsPX/softhsm2-test-root-CA-trusted-certificate-0001.conf 486s ++ basename /tmp/sssd-softhsm2-GcvsPX/softhsm2-test-root-CA-trusted-certificate-0001.conf .conf 486s + tokens_dir=/tmp/sssd-softhsm2-GcvsPX/softhsm2-test-root-CA-trusted-certificate-0001 486s + token_name='Test Organization Root Tr Token' 486s + '[' '!' -e /tmp/sssd-softhsm2-GcvsPX/softhsm2-test-root-CA-trusted-certificate-0001.conf ']' 486s + '[' '!' -d /tmp/sssd-softhsm2-GcvsPX/softhsm2-test-root-CA-trusted-certificate-0001 ']' 486s + echo 'Test Organization Root Tr Token' 486s + '[' -n partial_chain ']' 486s + local verify_arg=--verify=partial_chain 486s + local output_base_name=SSSD-child-3630 486s + local output_file=/tmp/sssd-softhsm2-GcvsPX/SSSD-child-3630.output 486s + output_cert_file=/tmp/sssd-softhsm2-GcvsPX/SSSD-child-3630.pem 486s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so --verify=partial_chain --ca_db=/tmp/sssd-softhsm2-GcvsPX/test-full-chain-CA.pem 486s Test Organization Root Tr Token 486s [p11_child[2103]] [main] (0x0400): p11_child started. 486s [p11_child[2103]] [main] (0x2000): Running in [pre-auth] mode. 486s [p11_child[2103]] [main] (0x2000): Running with effective IDs: [0][0]. 486s [p11_child[2103]] [main] (0x2000): Running with real IDs [0][0]. 486s [p11_child[2103]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 486s [p11_child[2103]] [do_card] (0x4000): Module List: 486s [p11_child[2103]] [do_card] (0x4000): common name: [softhsm2]. 486s [p11_child[2103]] [do_card] (0x4000): dll name: [/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 486s [p11_child[2103]] [do_card] (0x4000): Description [SoftHSM slot ID 0x107ff916] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 486s [p11_child[2103]] [do_card] (0x4000): Token label [Test Organization Root Tr Token]. 486s [p11_child[2103]] [do_card] (0x4000): Found [Test Organization Root Tr Token] in slot [SoftHSM slot ID 0x107ff916][276822294] of module [0][/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 486s [p11_child[2103]] [do_card] (0x4000): Login NOT required. 486s [p11_child[2103]] [read_certs] (0x4000): found cert[Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] 486s [p11_child[2103]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 486s [p11_child[2103]] [do_card] (0x4000): /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so (null) Test Organization Root Tr Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 486s [p11_child[2103]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x107ff916;slot-manufacturer=SoftHSM%20project;slot-id=276822294;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=68dc4eb3107ff916;token=Test%20Organization%20Root%20Tr%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Root%20Trusted%20Certificate%200001;type=cert. 486s [p11_child[2103]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 486s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-GcvsPX/SSSD-child-3630.output 486s + echo '-----BEGIN CERTIFICATE-----' 486s + tail -n1 /tmp/sssd-softhsm2-GcvsPX/SSSD-child-3630.output 486s + echo '-----END CERTIFICATE-----' 486s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-GcvsPX/SSSD-child-3630.pem 486s Certificate: 486s Data: 486s Version: 3 (0x2) 486s Serial Number: 3 (0x3) 486s Signature Algorithm: sha256WithRSAEncryption 486s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root CA 486s Validity 486s Not Before: Mar 21 04:29:39 2024 GMT 486s Not After : Mar 21 04:29:39 2025 GMT 486s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root Trusted Certificate 0001 486s Subject Public Key Info: 486s Public Key Algorithm: rsaEncryption 486s Public-Key: (1024 bit) 486s Modulus: 486s 00:b7:4c:8c:62:a8:04:e0:ba:7d:1a:96:fe:6d:59: 486s 16:62:65:0f:a5:4c:a9:72:16:5f:6b:6f:b3:4c:d6: 486s df:95:18:8a:c7:ca:a3:98:38:08:d8:d9:7e:65:2e: 486s 9e:a0:f0:b4:c5:09:92:d7:9c:91:0d:06:12:1c:d6: 486s fd:f0:52:c0:91:cc:18:b7:11:13:92:f8:4d:f8:b1: 486s 2d:7d:f7:09:aa:81:6f:66:4e:09:34:4e:d9:5a:00: 486s eb:b4:7c:7a:0e:e5:12:e3:4d:bb:42:3a:6d:b3:be: 486s 93:dd:a7:52:29:1e:d7:4b:fc:c0:d1:ad:de:52:5c: 486s 71:fa:65:05:28:d7:d0:6a:a7 486s Exponent: 65537 (0x10001) 486s X509v3 extensions: 486s X509v3 Authority Key Identifier: 486s 89:8D:63:AB:A2:E0:29:05:93:CC:C0:49:C1:1C:32:86:E4:BE:D7:6F 486s X509v3 Basic Constraints: 486s CA:FALSE 486s Netscape Cert Type: 486s SSL Client, S/MIME 486s Netscape Comment: 486s Test Organization Root CA trusted Certificate 486s X509v3 Subject Key Identifier: 486s 0A:2C:32:93:65:73:D2:16:B8:46:61:13:01:ED:5D:E8:ED:FC:96:73 486s X509v3 Key Usage: critical 486s Digital Signature, Non Repudiation, Key Encipherment 486s X509v3 Extended Key Usage: 486s TLS Web Client Authentication, E-mail Protection 486s X509v3 Subject Alternative Name: 486s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 486s Signature Algorithm: sha256WithRSAEncryption 486s Signature Value: 486s 14:e3:32:43:60:32:f0:b6:22:10:d8:82:2c:53:71:ea:df:52: 486s b8:4a:65:e8:76:54:51:f3:85:a5:64:c3:19:1b:a1:f1:1c:b9: 486s 28:34:02:bf:4a:2e:34:05:f3:0c:82:22:9b:3f:1a:0c:12:34: 486s 1c:71:b8:d9:49:94:28:94:e9:78:41:fc:a5:4b:b3:c6:ee:b8: 486s ef:d6:1d:ed:e3:26:1e:b1:eb:57:c1:db:f7:ae:81:4a:7e:29: 486s 40:f1:df:02:ac:e7:33:2c:ba:81:03:33:32:e3:a0:77:17:60: 486s 3c:85:e2:46:75:5e:c3:b2:b7:13:4d:77:91:63:b1:d5:9e:98: 486s 0c:75 486s + local found_md5 expected_md5 486s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-GcvsPX/test-root-CA-trusted-certificate-0001.pem 486s + expected_md5=Modulus=B74C8C62A804E0BA7D1A96FE6D591662650FA54CA972165F6B6FB34CD6DF95188AC7CAA3983808D8D97E652E9EA0F0B4C50992D79C910D06121CD6FDF052C091CC18B7111392F84DF8B12D7DF709AA816F664E09344ED95A00EBB47C7A0EE512E34DBB423A6DB3BE93DDA752291ED74BFCC0D1ADDE525C71FA650528D7D06AA7 486s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-GcvsPX/SSSD-child-3630.pem 486s + found_md5=Modulus=B74C8C62A804E0BA7D1A96FE6D591662650FA54CA972165F6B6FB34CD6DF95188AC7CAA3983808D8D97E652E9EA0F0B4C50992D79C910D06121CD6FDF052C091CC18B7111392F84DF8B12D7DF709AA816F664E09344ED95A00EBB47C7A0EE512E34DBB423A6DB3BE93DDA752291ED74BFCC0D1ADDE525C71FA650528D7D06AA7 486s + '[' Modulus=B74C8C62A804E0BA7D1A96FE6D591662650FA54CA972165F6B6FB34CD6DF95188AC7CAA3983808D8D97E652E9EA0F0B4C50992D79C910D06121CD6FDF052C091CC18B7111392F84DF8B12D7DF709AA816F664E09344ED95A00EBB47C7A0EE512E34DBB423A6DB3BE93DDA752291ED74BFCC0D1ADDE525C71FA650528D7D06AA7 '!=' Modulus=B74C8C62A804E0BA7D1A96FE6D591662650FA54CA972165F6B6FB34CD6DF95188AC7CAA3983808D8D97E652E9EA0F0B4C50992D79C910D06121CD6FDF052C091CC18B7111392F84DF8B12D7DF709AA816F664E09344ED95A00EBB47C7A0EE512E34DBB423A6DB3BE93DDA752291ED74BFCC0D1ADDE525C71FA650528D7D06AA7 ']' 486s + output_file=/tmp/sssd-softhsm2-GcvsPX/SSSD-child-3630-auth.output 486s ++ basename /tmp/sssd-softhsm2-GcvsPX/SSSD-child-3630-auth.output .output 486s + output_cert_file=/tmp/sssd-softhsm2-GcvsPX/SSSD-child-3630-auth.pem 486s + echo -n 053350 486s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/tmp/sssd-softhsm2-GcvsPX/test-full-chain-CA.pem --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 --verify=partial_chain --token_name 'Test Organization Root Tr Token' --module_name /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so 486s [p11_child[2111]] [main] (0x0400): p11_child started. 486s [p11_child[2111]] [main] (0x2000): Running in [auth] mode. 486s [p11_child[2111]] [main] (0x2000): Running with effective IDs: [0][0]. 486s [p11_child[2111]] [main] (0x2000): Running with real IDs [0][0]. 486s [p11_child[2111]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 486s [p11_child[2111]] [do_card] (0x4000): Module List: 486s [p11_child[2111]] [do_card] (0x4000): common name: [softhsm2]. 486s [p11_child[2111]] [do_card] (0x4000): dll name: [/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 486s [p11_child[2111]] [do_card] (0x4000): Description [SoftHSM slot ID 0x107ff916] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 486s [p11_child[2111]] [do_card] (0x4000): Token label [Test Organization Root Tr Token]. 486s [p11_child[2111]] [do_card] (0x4000): Found [Test Organization Root Tr Token] in slot [SoftHSM slot ID 0x107ff916][276822294] of module [0][/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 486s [p11_child[2111]] [do_card] (0x4000): Login required. 486s [p11_child[2111]] [read_certs] (0x4000): found cert[Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] 486s [p11_child[2111]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 486s [p11_child[2111]] [do_card] (0x4000): /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so Test Organization Root Tr Token Test Organization Root Tr Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 486s [p11_child[2111]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x107ff916;slot-manufacturer=SoftHSM%20project;slot-id=276822294;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=68dc4eb3107ff916;token=Test%20Organization%20Root%20Tr%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Root%20Trusted%20Certificate%200001;type=cert. 486s [p11_child[2111]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 486s [p11_child[2111]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 486s [p11_child[2111]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 486s [p11_child[2111]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 486s [p11_child[2111]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 486s [p11_child[2111]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 486s [p11_child[2111]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 486s [p11_child[2111]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 486s [p11_child[2111]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 486s [p11_child[2111]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 486s [p11_child[2111]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 486s [p11_child[2111]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 486s [p11_child[2111]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 486s [p11_child[2111]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 486s [p11_child[2111]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 486s [p11_child[2111]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 486s [p11_child[2111]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 486s [p11_child[2111]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 486s [p11_child[2111]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 486s [p11_child[2111]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 486s [p11_child[2111]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 486s [p11_child[2111]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 486s [p11_child[2111]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 486s [p11_child[2111]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 486s [p11_child[2111]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 486s [p11_child[2111]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 486s [p11_child[2111]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 486s [p11_child[2111]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 486s [p11_child[2111]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 486s [p11_child[2111]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 486s [p11_child[2111]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 486s [p11_child[2111]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 486s [p11_child[2111]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 486s [p11_child[2111]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 486s [p11_child[2111]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 486s [p11_child[2111]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 486s [p11_child[2111]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 486s [p11_child[2111]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 486s [p11_child[2111]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 486s [p11_child[2111]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 486s [p11_child[2111]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 486s [p11_child[2111]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 486s [p11_child[2111]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 486s [p11_child[2111]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 486s [p11_child[2111]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 486s [p11_child[2111]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 486s [p11_child[2111]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 486s [p11_child[2111]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 486s [p11_child[2111]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 486s [p11_child[2111]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 486s [p11_child[2111]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 486s [p11_child[2111]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 486s [p11_child[2111]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 486s [p11_child[2111]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 486s [p11_child[2111]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 486s [p11_child[2111]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 486s [p11_child[2111]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 486s [p11_child[2111]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 486s [p11_child[2111]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 486s [p11_child[2111]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 486s [p11_child[2111]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 486s [p11_child[2111]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 486s [p11_child[2111]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 486s [p11_child[2111]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 486s [p11_child[2111]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 486s [p11_child[2111]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 486s [p11_child[2111]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 486s [p11_child[2111]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 486s [p11_child[2111]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 486s [p11_child[2111]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 486s [p11_child[2111]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 486s [p11_child[2111]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 486s [p11_child[2111]] [do_card] (0x4000): Certificate verified and validated. 486s [p11_child[2111]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 486s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-GcvsPX/SSSD-child-3630-auth.output 486s + echo '-----BEGIN CERTIFICATE-----' 486s + tail -n1 /tmp/sssd-softhsm2-GcvsPX/SSSD-child-3630-auth.output 486s + echo '-----END CERTIFICATE-----' 486s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-GcvsPX/SSSD-child-3630-auth.pem 486s Certificate: 486s Data: 486s Version: 3 (0x2) 486s Serial Number: 3 (0x3) 486s Signature Algorithm: sha256WithRSAEncryption 486s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root CA 486s Validity 486s Not Before: Mar 21 04:29:39 2024 GMT 486s Not After : Mar 21 04:29:39 2025 GMT 486s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root Trusted Certificate 0001 486s Subject Public Key Info: 486s Public Key Algorithm: rsaEncryption 486s Public-Key: (1024 bit) 486s Modulus: 486s 00:b7:4c:8c:62:a8:04:e0:ba:7d:1a:96:fe:6d:59: 486s 16:62:65:0f:a5:4c:a9:72:16:5f:6b:6f:b3:4c:d6: 486s df:95:18:8a:c7:ca:a3:98:38:08:d8:d9:7e:65:2e: 486s 9e:a0:f0:b4:c5:09:92:d7:9c:91:0d:06:12:1c:d6: 486s fd:f0:52:c0:91:cc:18:b7:11:13:92:f8:4d:f8:b1: 486s 2d:7d:f7:09:aa:81:6f:66:4e:09:34:4e:d9:5a:00: 486s eb:b4:7c:7a:0e:e5:12:e3:4d:bb:42:3a:6d:b3:be: 486s 93:dd:a7:52:29:1e:d7:4b:fc:c0:d1:ad:de:52:5c: 486s 71:fa:65:05:28:d7:d0:6a:a7 486s Exponent: 65537 (0x10001) 486s X509v3 extensions: 486s X509v3 Authority Key Identifier: 486s 89:8D:63:AB:A2:E0:29:05:93:CC:C0:49:C1:1C:32:86:E4:BE:D7:6F 486s X509v3 Basic Constraints: 486s CA:FALSE 486s Netscape Cert Type: 486s SSL Client, S/MIME 486s Netscape Comment: 486s Test Organization Root CA trusted Certificate 486s X509v3 Subject Key Identifier: 486s 0A:2C:32:93:65:73:D2:16:B8:46:61:13:01:ED:5D:E8:ED:FC:96:73 486s X509v3 Key Usage: critical 486s Digital Signature, Non Repudiation, Key Encipherment 486s X509v3 Extended Key Usage: 486s TLS Web Client Authentication, E-mail Protection 486s X509v3 Subject Alternative Name: 486s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 486s Signature Algorithm: sha256WithRSAEncryption 486s Signature Value: 486s 14:e3:32:43:60:32:f0:b6:22:10:d8:82:2c:53:71:ea:df:52: 486s b8:4a:65:e8:76:54:51:f3:85:a5:64:c3:19:1b:a1:f1:1c:b9: 486s 28:34:02:bf:4a:2e:34:05:f3:0c:82:22:9b:3f:1a:0c:12:34: 486s 1c:71:b8:d9:49:94:28:94:e9:78:41:fc:a5:4b:b3:c6:ee:b8: 486s ef:d6:1d:ed:e3:26:1e:b1:eb:57:c1:db:f7:ae:81:4a:7e:29: 486s 40:f1:df:02:ac:e7:33:2c:ba:81:03:33:32:e3:a0:77:17:60: 486s 3c:85:e2:46:75:5e:c3:b2:b7:13:4d:77:91:63:b1:d5:9e:98: 486s 0c:75 486s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-GcvsPX/SSSD-child-3630-auth.pem 486s + found_md5=Modulus=B74C8C62A804E0BA7D1A96FE6D591662650FA54CA972165F6B6FB34CD6DF95188AC7CAA3983808D8D97E652E9EA0F0B4C50992D79C910D06121CD6FDF052C091CC18B7111392F84DF8B12D7DF709AA816F664E09344ED95A00EBB47C7A0EE512E34DBB423A6DB3BE93DDA752291ED74BFCC0D1ADDE525C71FA650528D7D06AA7 486s + '[' Modulus=B74C8C62A804E0BA7D1A96FE6D591662650FA54CA972165F6B6FB34CD6DF95188AC7CAA3983808D8D97E652E9EA0F0B4C50992D79C910D06121CD6FDF052C091CC18B7111392F84DF8B12D7DF709AA816F664E09344ED95A00EBB47C7A0EE512E34DBB423A6DB3BE93DDA752291ED74BFCC0D1ADDE525C71FA650528D7D06AA7 '!=' Modulus=B74C8C62A804E0BA7D1A96FE6D591662650FA54CA972165F6B6FB34CD6DF95188AC7CAA3983808D8D97E652E9EA0F0B4C50992D79C910D06121CD6FDF052C091CC18B7111392F84DF8B12D7DF709AA816F664E09344ED95A00EBB47C7A0EE512E34DBB423A6DB3BE93DDA752291ED74BFCC0D1ADDE525C71FA650528D7D06AA7 ']' 486s + invalid_certificate /tmp/sssd-softhsm2-GcvsPX/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-17636 /tmp/sssd-softhsm2-GcvsPX/test-intermediate-CA.pem 486s + check_certificate /tmp/sssd-softhsm2-GcvsPX/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-17636 /tmp/sssd-softhsm2-GcvsPX/test-intermediate-CA.pem 486s + local certificate=/tmp/sssd-softhsm2-GcvsPX/test-root-CA-trusted-certificate-0001.pem 486s + local key_pass=pass:random-root-ca-trusted-cert-0001-17636 486s + local key_ring=/tmp/sssd-softhsm2-GcvsPX/test-intermediate-CA.pem 486s + local verify_option= 486s + prepare_softhsm2_card /tmp/sssd-softhsm2-GcvsPX/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-17636 486s + local certificate=/tmp/sssd-softhsm2-GcvsPX/test-root-CA-trusted-certificate-0001.pem 486s + local key_pass=pass:random-root-ca-trusted-cert-0001-17636 486s + local key_cn 486s + local key_name 486s + local tokens_dir 486s + local output_cert_file 486s + token_name= 486s ++ basename /tmp/sssd-softhsm2-GcvsPX/test-root-CA-trusted-certificate-0001.pem .pem 486s + key_name=test-root-CA-trusted-certificate-0001 486s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-GcvsPX/test-root-CA-trusted-certificate-0001.pem 486s ++ sed -n 's/ *commonName *= //p' 486s + key_cn='Test Organization Root Trusted Certificate 0001' 486s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 486s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-GcvsPX/softhsm2-test-root-CA-trusted-certificate-0001.conf 486s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-GcvsPX/softhsm2-test-root-CA-trusted-certificate-0001.conf 486s ++ basename /tmp/sssd-softhsm2-GcvsPX/softhsm2-test-root-CA-trusted-certificate-0001.conf .conf 486s Test Organization Root Tr Token 486s + tokens_dir=/tmp/sssd-softhsm2-GcvsPX/softhsm2-test-root-CA-trusted-certificate-0001 486s + token_name='Test Organization Root Tr Token' 486s + '[' '!' -e /tmp/sssd-softhsm2-GcvsPX/softhsm2-test-root-CA-trusted-certificate-0001.conf ']' 486s + '[' '!' -d /tmp/sssd-softhsm2-GcvsPX/softhsm2-test-root-CA-trusted-certificate-0001 ']' 486s + echo 'Test Organization Root Tr Token' 486s + '[' -n '' ']' 486s + local output_base_name=SSSD-child-12643 486s + local output_file=/tmp/sssd-softhsm2-GcvsPX/SSSD-child-12643.output 486s + output_cert_file=/tmp/sssd-softhsm2-GcvsPX/SSSD-child-12643.pem 486s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so '' --ca_db=/tmp/sssd-softhsm2-GcvsPX/test-intermediate-CA.pem 486s [p11_child[2121]] [main] (0x0400): p11_child started. 486s [p11_child[2121]] [main] (0x2000): Running in [pre-auth] mode. 486s [p11_child[2121]] [main] (0x2000): Running with effective IDs: [0][0]. 486s [p11_child[2121]] [main] (0x2000): Running with real IDs [0][0]. 486s [p11_child[2121]] [do_card] (0x4000): Module List: 486s [p11_child[2121]] [do_card] (0x4000): common name: [softhsm2]. 486s [p11_child[2121]] [do_card] (0x4000): dll name: [/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 486s [p11_child[2121]] [do_card] (0x4000): Description [SoftHSM slot ID 0x107ff916] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 486s [p11_child[2121]] [do_card] (0x4000): Token label [Test Organization Root Tr Token]. 486s [p11_child[2121]] [do_card] (0x4000): Found [Test Organization Root Tr Token] in slot [SoftHSM slot ID 0x107ff916][276822294] of module [0][/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 486s [p11_child[2121]] [do_card] (0x4000): Login NOT required. 486s [p11_child[2121]] [read_certs] (0x4000): found cert[Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] 486s [p11_child[2121]] [do_verification] (0x0040): X509_verify_cert failed [0]. 486s [p11_child[2121]] [do_verification] (0x0040): X509_verify_cert failed [20][unable to get local issuer certificate]. 486s [p11_child[2121]] [read_certs] (0x0040): Certificate [Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] not valid, skipping. 486s [p11_child[2121]] [do_card] (0x4000): No certificate found. 486s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-GcvsPX/SSSD-child-12643.output 486s + return 2 486s + invalid_certificate /tmp/sssd-softhsm2-GcvsPX/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-17636 /tmp/sssd-softhsm2-GcvsPX/test-intermediate-CA.pem partial_chain 486s + check_certificate /tmp/sssd-softhsm2-GcvsPX/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-17636 /tmp/sssd-softhsm2-GcvsPX/test-intermediate-CA.pem partial_chain 486s + local certificate=/tmp/sssd-softhsm2-GcvsPX/test-root-CA-trusted-certificate-0001.pem 486s + local key_pass=pass:random-root-ca-trusted-cert-0001-17636 486s + local key_ring=/tmp/sssd-softhsm2-GcvsPX/test-intermediate-CA.pem 486s + local verify_option=partial_chain 486s + prepare_softhsm2_card /tmp/sssd-softhsm2-GcvsPX/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-17636 486s + local certificate=/tmp/sssd-softhsm2-GcvsPX/test-root-CA-trusted-certificate-0001.pem 486s + local key_pass=pass:random-root-ca-trusted-cert-0001-17636 486s + local key_cn 486s + local key_name 486s + local tokens_dir 486s + local output_cert_file 486s + token_name= 486s ++ basename /tmp/sssd-softhsm2-GcvsPX/test-root-CA-trusted-certificate-0001.pem .pem 486s + key_name=test-root-CA-trusted-certificate-0001 486s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-GcvsPX/test-root-CA-trusted-certificate-0001.pem 486s ++ sed -n 's/ *commonName *= //p' 486s + key_cn='Test Organization Root Trusted Certificate 0001' 486s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 486s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-GcvsPX/softhsm2-test-root-CA-trusted-certificate-0001.conf 486s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-GcvsPX/softhsm2-test-root-CA-trusted-certificate-0001.conf 486s ++ basename /tmp/sssd-softhsm2-GcvsPX/softhsm2-test-root-CA-trusted-certificate-0001.conf .conf 486s + tokens_dir=/tmp/sssd-softhsm2-GcvsPX/softhsm2-test-root-CA-trusted-certificate-0001 486s + token_name='Test Organization Root Tr Token' 486s + '[' '!' -e /tmp/sssd-softhsm2-GcvsPX/softhsm2-test-root-CA-trusted-certificate-0001.conf ']' 486s Test Organization Root Tr Token 486s + '[' '!' -d /tmp/sssd-softhsm2-GcvsPX/softhsm2-test-root-CA-trusted-certificate-0001 ']' 486s + echo 'Test Organization Root Tr Token' 486s + '[' -n partial_chain ']' 486s + local verify_arg=--verify=partial_chain 486s + local output_base_name=SSSD-child-29835 486s + local output_file=/tmp/sssd-softhsm2-GcvsPX/SSSD-child-29835.output 486s + output_cert_file=/tmp/sssd-softhsm2-GcvsPX/SSSD-child-29835.pem 486s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so --verify=partial_chain --ca_db=/tmp/sssd-softhsm2-GcvsPX/test-intermediate-CA.pem 486s [p11_child[2128]] [main] (0x0400): p11_child started. 486s [p11_child[2128]] [main] (0x2000): Running in [pre-auth] mode. 486s [p11_child[2128]] [main] (0x2000): Running with effective IDs: [0][0]. 486s [p11_child[2128]] [main] (0x2000): Running with real IDs [0][0]. 486s [p11_child[2128]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 486s [p11_child[2128]] [do_card] (0x4000): Module List: 486s [p11_child[2128]] [do_card] (0x4000): common name: [softhsm2]. 486s [p11_child[2128]] [do_card] (0x4000): dll name: [/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 486s [p11_child[2128]] [do_card] (0x4000): Description [SoftHSM slot ID 0x107ff916] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 486s [p11_child[2128]] [do_card] (0x4000): Token label [Test Organization Root Tr Token]. 486s [p11_child[2128]] [do_card] (0x4000): Found [Test Organization Root Tr Token] in slot [SoftHSM slot ID 0x107ff916][276822294] of module [0][/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 486s [p11_child[2128]] [do_card] (0x4000): Login NOT required. 486s [p11_child[2128]] [read_certs] (0x4000): found cert[Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] 486s [p11_child[2128]] [do_verification] (0x0040): X509_verify_cert failed [0]. 486s [p11_child[2128]] [do_verification] (0x0040): X509_verify_cert failed [20][unable to get local issuer certificate]. 486s [p11_child[2128]] [read_certs] (0x0040): Certificate [Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] not valid, skipping. 486s [p11_child[2128]] [do_card] (0x4000): No certificate found. 486s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-GcvsPX/SSSD-child-29835.output 486s + return 2 486s + invalid_certificate /tmp/sssd-softhsm2-GcvsPX/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-6367 /dev/null 486s + check_certificate /tmp/sssd-softhsm2-GcvsPX/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-6367 /dev/null 486s + local certificate=/tmp/sssd-softhsm2-GcvsPX/test-intermediate-CA-trusted-certificate-0001.pem 486s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-6367 486s + local key_ring=/dev/null 486s + local verify_option= 486s + prepare_softhsm2_card /tmp/sssd-softhsm2-GcvsPX/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-6367 486s + local certificate=/tmp/sssd-softhsm2-GcvsPX/test-intermediate-CA-trusted-certificate-0001.pem 486s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-6367 486s + local key_cn 486s + local key_name 486s + local tokens_dir 486s + local output_cert_file 486s + token_name= 486s ++ basename /tmp/sssd-softhsm2-GcvsPX/test-intermediate-CA-trusted-certificate-0001.pem .pem 486s + key_name=test-intermediate-CA-trusted-certificate-0001 486s ++ sed -n 's/ *commonName *= //p' 486s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-GcvsPX/test-intermediate-CA-trusted-certificate-0001.pem 486s + key_cn='Test Organization Intermediate Trusted Certificate 0001' 486s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 486s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-GcvsPX/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 486s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-GcvsPX/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 486s ++ basename /tmp/sssd-softhsm2-GcvsPX/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf .conf 486s + tokens_dir=/tmp/sssd-softhsm2-GcvsPX/softhsm2-test-intermediate-CA-trusted-certificate-0001 486s + token_name='Test Organization Interme Token' 486s + '[' '!' -e /tmp/sssd-softhsm2-GcvsPX/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf ']' 486s + local key_file 486s + local decrypted_key 486s + mkdir -p /tmp/sssd-softhsm2-GcvsPX/softhsm2-test-intermediate-CA-trusted-certificate-0001 486s + key_file=/tmp/sssd-softhsm2-GcvsPX/test-intermediate-CA-trusted-certificate-0001-key.pem 486s + decrypted_key=/tmp/sssd-softhsm2-GcvsPX/test-intermediate-CA-trusted-certificate-0001-key-decrypted.pem 486s + cat 486s + softhsm2-util --init-token --label 'Test Organization Interme Token' --pin 053350 --so-pin 053350 --free 486s Slot 0 has a free/uninitialized token. 486s The token has been initialized and is reassigned to slot 1626440707 486s + softhsm2-util --show-slots 486s Available slots: 486s Slot 1626440707 486s Slot info: 486s Description: SoftHSM slot ID 0x60f18403 486s Manufacturer ID: SoftHSM project 486s Hardware version: 2.6 486s Firmware version: 2.6 486s Token present: yes 486s Token info: 486s Manufacturer ID: SoftHSM project 486s Model: SoftHSM v2 486s Hardware version: 2.6 486s Firmware version: 2.6 486s Serial number: 2435a958e0f18403 486s Initialized: yes 486s User PIN init.: yes 486s Label: Test Organization Interme Token 486s Slot 1 486s Slot info: 486s Description: SoftHSM slot ID 0x1 486s Manufacturer ID: SoftHSM project 486s Hardware version: 2.6 486s Firmware version: 2.6 486s Token present: yes 486s Token info: 486s Manufacturer ID: SoftHSM project 486s Model: SoftHSM v2 486s Hardware version: 2.6 486s Firmware version: 2.6 486s Serial number: 486s Initialized: no 486s User PIN init.: no 486s Label: 486s + p11tool --provider=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so --write --no-mark-private --load-certificate=/tmp/sssd-softhsm2-GcvsPX/test-intermediate-CA-trusted-certificate-0001.pem --login --set-pin=053350 --label 'Test Organization Intermediate Trusted Certificate 0001' --id 00112233445566778899FFAABBCCDDEEFF012345 486s + openssl rsa -passin pass:random-intermediate-ca-trusted-cert-0001-6367 -in /tmp/sssd-softhsm2-GcvsPX/test-intermediate-CA-trusted-certificate-0001-key.pem -out /tmp/sssd-softhsm2-GcvsPX/test-intermediate-CA-trusted-certificate-0001-key-decrypted.pem 486s writing RSA key 486s + p11tool --provider=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so --write --load-privkey=/tmp/sssd-softhsm2-GcvsPX/test-intermediate-CA-trusted-certificate-0001-key-decrypted.pem --login --set-pin=053350 --label 'Test Organization Intermediate Trusted Certificate 0001 Key' --id 00112233445566778899FFAABBCCDDEEFF012345 486s + rm /tmp/sssd-softhsm2-GcvsPX/test-intermediate-CA-trusted-certificate-0001-key-decrypted.pem 486s + p11tool --provider=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so --list-all 486s Object 0: 486s URL: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=2435a958e0f18403;token=Test%20Organization%20Interme%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Intermediate%20Trusted%20Certificate%200001;type=cert 486s Type: X.509 Certificate (RSA-1024) 486s Expires: Fri Mar 21 04:29:39 2025 486s Label: Test Organization Intermediate Trusted Certificate 0001 486s ID: 00:11:22:33:44:55:66:77:88:99:ff:aa:bb:cc:dd:ee:ff:01:23:45 486s 486s + echo 'Test Organization Interme Token' 486s + '[' -n '' ']' 486s Test Organization Interme Token 486s + local output_base_name=SSSD-child-26254 486s + local output_file=/tmp/sssd-softhsm2-GcvsPX/SSSD-child-26254.output 486s + output_cert_file=/tmp/sssd-softhsm2-GcvsPX/SSSD-child-26254.pem 486s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so '' --ca_db=/dev/null 486s [p11_child[2144]] [main] (0x0400): p11_child started. 486s [p11_child[2144]] [main] (0x2000): Running in [pre-auth] mode. 486s [p11_child[2144]] [main] (0x2000): Running with effective IDs: [0][0]. 486s [p11_child[2144]] [main] (0x2000): Running with real IDs [0][0]. 486s [p11_child[2144]] [init_verification] (0x0040): X509_LOOKUP_load_file [/dev/null] failed [92274824][error:05800088:x509 certificate routines::no certificate or crl found]. 486s [p11_child[2144]] [do_work] (0x0040): init_verification failed. 486s [p11_child[2144]] [main] (0x0020): p11_child failed (5) 486s + return 2 486s + valid_certificate /tmp/sssd-softhsm2-GcvsPX/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-6367 /dev/null no_verification 486s + check_certificate /tmp/sssd-softhsm2-GcvsPX/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-6367 /dev/null no_verification 486s + local certificate=/tmp/sssd-softhsm2-GcvsPX/test-intermediate-CA-trusted-certificate-0001.pem 486s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-6367 486s + local key_ring=/dev/null 486s + local verify_option=no_verification 486s + prepare_softhsm2_card /tmp/sssd-softhsm2-GcvsPX/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-6367 486s + local certificate=/tmp/sssd-softhsm2-GcvsPX/test-intermediate-CA-trusted-certificate-0001.pem 486s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-6367 486s + local key_cn 486s + local key_name 486s + local tokens_dir 486s + local output_cert_file 486s + token_name= 486s ++ basename /tmp/sssd-softhsm2-GcvsPX/test-intermediate-CA-trusted-certificate-0001.pem .pem 486s + key_name=test-intermediate-CA-trusted-certificate-0001 486s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-GcvsPX/test-intermediate-CA-trusted-certificate-0001.pem 486s ++ sed -n 's/ *commonName *= //p' 487s Test Organization Interme Token 487s + key_cn='Test Organization Intermediate Trusted Certificate 0001' 487s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 487s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-GcvsPX/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 487s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-GcvsPX/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 487s ++ basename /tmp/sssd-softhsm2-GcvsPX/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf .conf 487s + tokens_dir=/tmp/sssd-softhsm2-GcvsPX/softhsm2-test-intermediate-CA-trusted-certificate-0001 487s + token_name='Test Organization Interme Token' 487s + '[' '!' -e /tmp/sssd-softhsm2-GcvsPX/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf ']' 487s + '[' '!' -d /tmp/sssd-softhsm2-GcvsPX/softhsm2-test-intermediate-CA-trusted-certificate-0001 ']' 487s + echo 'Test Organization Interme Token' 487s + '[' -n no_verification ']' 487s + local verify_arg=--verify=no_verification 487s + local output_base_name=SSSD-child-2245 487s + local output_file=/tmp/sssd-softhsm2-GcvsPX/SSSD-child-2245.output 487s + output_cert_file=/tmp/sssd-softhsm2-GcvsPX/SSSD-child-2245.pem 487s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so --verify=no_verification --ca_db=/dev/null 487s [p11_child[2150]] [main] (0x0400): p11_child started. 487s [p11_child[2150]] [main] (0x2000): Running in [pre-auth] mode. 487s [p11_child[2150]] [main] (0x2000): Running with effective IDs: [0][0]. 487s [p11_child[2150]] [main] (0x2000): Running with real IDs [0][0]. 487s [p11_child[2150]] [parse_cert_verify_opts] (0x0020): Found 'no_verification' option, disabling verification completely. This should not be used in production. 487s [p11_child[2150]] [do_card] (0x4000): Module List: 487s [p11_child[2150]] [do_card] (0x4000): common name: [softhsm2]. 487s [p11_child[2150]] [do_card] (0x4000): dll name: [/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 487s [p11_child[2150]] [do_card] (0x4000): Description [SoftHSM slot ID 0x60f18403] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 487s [p11_child[2150]] [do_card] (0x4000): Token label [Test Organization Interme Token]. 487s [p11_child[2150]] [do_card] (0x4000): Found [Test Organization Interme Token] in slot [SoftHSM slot ID 0x60f18403][1626440707] of module [0][/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 487s [p11_child[2150]] [do_card] (0x4000): Login NOT required. 487s [p11_child[2150]] [read_certs] (0x4000): found cert[Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] 487s [p11_child[2150]] [do_card] (0x4000): /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so (null) Test Organization Interme Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 487s [p11_child[2150]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x60f18403;slot-manufacturer=SoftHSM%20project;slot-id=1626440707;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=2435a958e0f18403;token=Test%20Organization%20Interme%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Intermediate%20Trusted%20Certificate%200001;type=cert. 487s [p11_child[2150]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 487s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-GcvsPX/SSSD-child-2245.output 487s + echo '-----BEGIN CERTIFICATE-----' 487s + tail -n1 /tmp/sssd-softhsm2-GcvsPX/SSSD-child-2245.output 487s + echo '-----END CERTIFICATE-----' 487s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-GcvsPX/SSSD-child-2245.pem 487s Certificate: 487s Data: 487s Version: 3 (0x2) 487s Serial Number: 4 (0x4) 487s Signature Algorithm: sha256WithRSAEncryption 487s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate CA 487s Validity 487s Not Before: Mar 21 04:29:39 2024 GMT 487s Not After : Mar 21 04:29:39 2025 GMT 487s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate Trusted Certificate 0001 487s Subject Public Key Info: 487s Public Key Algorithm: rsaEncryption 487s Public-Key: (1024 bit) 487s Modulus: 487s 00:db:c0:0d:02:33:24:61:23:cf:3d:44:cb:a1:f1: 487s f5:83:a7:a5:f6:f2:2d:95:75:27:be:d0:a6:b9:cd: 487s 58:87:bb:f3:c6:a4:48:4f:8f:d1:6c:f9:43:50:1c: 487s ef:65:c5:d3:4b:6c:95:c6:83:a4:b3:5f:66:32:b5: 487s dc:11:1e:24:42:04:4a:66:60:33:65:7f:b9:eb:4d: 487s bb:2c:da:0c:f7:a6:c1:3f:34:0d:7f:28:1d:4f:71: 487s a9:1e:93:10:14:76:d1:70:07:a8:bb:a3:50:e1:80: 487s 6a:e5:96:43:fa:ac:85:b9:72:24:27:59:a0:91:94: 487s 73:67:8f:df:27:46:48:77:a5 487s Exponent: 65537 (0x10001) 487s X509v3 extensions: 487s X509v3 Authority Key Identifier: 487s 74:FD:D9:A8:9F:82:FD:62:62:80:C5:E2:83:D3:E3:01:CB:15:7A:6A 487s X509v3 Basic Constraints: 487s CA:FALSE 487s Netscape Cert Type: 487s SSL Client, S/MIME 487s Netscape Comment: 487s Test Organization Intermediate CA trusted Certificate 487s X509v3 Subject Key Identifier: 487s 49:12:9B:F7:23:04:01:51:3D:D1:7D:FB:F4:7F:37:C3:66:DF:8E:AB 487s X509v3 Key Usage: critical 487s Digital Signature, Non Repudiation, Key Encipherment 487s X509v3 Extended Key Usage: 487s TLS Web Client Authentication, E-mail Protection 487s X509v3 Subject Alternative Name: 487s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 487s Signature Algorithm: sha256WithRSAEncryption 487s Signature Value: 487s 62:a8:56:c6:2c:e0:ec:0f:17:c6:5b:d7:3a:7e:7d:f0:5c:a6: 487s 85:4a:cb:12:fa:ff:ae:4a:2b:13:8d:4b:2c:0a:96:4a:34:a8: 487s 0e:14:36:66:4a:3e:41:05:2e:cd:0e:8d:e6:fa:9a:6e:61:b7: 487s 78:c8:44:44:ed:eb:c0:87:64:2b:a9:1e:90:58:de:6b:4c:18: 487s 32:49:9e:2a:37:db:0f:46:8e:d2:dc:b5:a8:37:64:fc:04:3f: 487s 10:f3:a2:f4:39:67:27:fa:a3:03:c5:cd:eb:f3:e9:60:d4:8a: 487s 46:90:35:77:de:94:bf:1c:d4:f6:c8:92:27:78:b1:35:b7:9d: 487s 94:6d 487s + local found_md5 expected_md5 487s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-GcvsPX/test-intermediate-CA-trusted-certificate-0001.pem 487s + expected_md5=Modulus=DBC00D0233246123CF3D44CBA1F1F583A7A5F6F22D957527BED0A6B9CD5887BBF3C6A4484F8FD16CF943501CEF65C5D34B6C95C683A4B35F6632B5DC111E2442044A666033657FB9EB4DBB2CDA0CF7A6C13F340D7F281D4F71A91E93101476D17007A8BBA350E1806AE59643FAAC85B972242759A0919473678FDF27464877A5 487s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-GcvsPX/SSSD-child-2245.pem 487s + found_md5=Modulus=DBC00D0233246123CF3D44CBA1F1F583A7A5F6F22D957527BED0A6B9CD5887BBF3C6A4484F8FD16CF943501CEF65C5D34B6C95C683A4B35F6632B5DC111E2442044A666033657FB9EB4DBB2CDA0CF7A6C13F340D7F281D4F71A91E93101476D17007A8BBA350E1806AE59643FAAC85B972242759A0919473678FDF27464877A5 487s + '[' Modulus=DBC00D0233246123CF3D44CBA1F1F583A7A5F6F22D957527BED0A6B9CD5887BBF3C6A4484F8FD16CF943501CEF65C5D34B6C95C683A4B35F6632B5DC111E2442044A666033657FB9EB4DBB2CDA0CF7A6C13F340D7F281D4F71A91E93101476D17007A8BBA350E1806AE59643FAAC85B972242759A0919473678FDF27464877A5 '!=' Modulus=DBC00D0233246123CF3D44CBA1F1F583A7A5F6F22D957527BED0A6B9CD5887BBF3C6A4484F8FD16CF943501CEF65C5D34B6C95C683A4B35F6632B5DC111E2442044A666033657FB9EB4DBB2CDA0CF7A6C13F340D7F281D4F71A91E93101476D17007A8BBA350E1806AE59643FAAC85B972242759A0919473678FDF27464877A5 ']' 487s + output_file=/tmp/sssd-softhsm2-GcvsPX/SSSD-child-2245-auth.output 487s ++ basename /tmp/sssd-softhsm2-GcvsPX/SSSD-child-2245-auth.output .output 487s + output_cert_file=/tmp/sssd-softhsm2-GcvsPX/SSSD-child-2245-auth.pem 487s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/dev/null --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 --verify=no_verification --token_name 'Test Organization Interme Token' --module_name /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so 487s + echo -n 053350 487s [p11_child[2158]] [main] (0x0400): p11_child started. 487s [p11_child[2158]] [main] (0x2000): Running in [auth] mode. 487s [p11_child[2158]] [main] (0x2000): Running with effective IDs: [0][0]. 487s [p11_child[2158]] [main] (0x2000): Running with real IDs [0][0]. 487s [p11_child[2158]] [parse_cert_verify_opts] (0x0020): Found 'no_verification' option, disabling verification completely. This should not be used in production. 487s [p11_child[2158]] [do_card] (0x4000): Module List: 487s [p11_child[2158]] [do_card] (0x4000): common name: [softhsm2]. 487s [p11_child[2158]] [do_card] (0x4000): dll name: [/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 487s [p11_child[2158]] [do_card] (0x4000): Description [SoftHSM slot ID 0x60f18403] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 487s [p11_child[2158]] [do_card] (0x4000): Token label [Test Organization Interme Token]. 487s [p11_child[2158]] [do_card] (0x4000): Found [Test Organization Interme Token] in slot [SoftHSM slot ID 0x60f18403][1626440707] of module [0][/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 487s [p11_child[2158]] [do_card] (0x4000): Login required. 487s [p11_child[2158]] [read_certs] (0x4000): found cert[Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] 487s [p11_child[2158]] [do_card] (0x4000): /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so Test Organization Interme Token Test Organization Interme Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 487s [p11_child[2158]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x60f18403;slot-manufacturer=SoftHSM%20project;slot-id=1626440707;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=2435a958e0f18403;token=Test%20Organization%20Interme%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Intermediate%20Trusted%20Certificate%200001;type=cert. 487s [p11_child[2158]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 487s [p11_child[2158]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 487s [p11_child[2158]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 487s [p11_child[2158]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 487s [p11_child[2158]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 487s [p11_child[2158]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 487s [p11_child[2158]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 487s [p11_child[2158]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 487s [p11_child[2158]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 487s [p11_child[2158]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 487s [p11_child[2158]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 487s [p11_child[2158]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 487s [p11_child[2158]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 487s [p11_child[2158]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 487s [p11_child[2158]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 487s [p11_child[2158]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 487s [p11_child[2158]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 487s [p11_child[2158]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 487s [p11_child[2158]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 487s [p11_child[2158]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 487s [p11_child[2158]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 487s [p11_child[2158]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 487s [p11_child[2158]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 487s [p11_child[2158]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 487s [p11_child[2158]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 487s [p11_child[2158]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 487s [p11_child[2158]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 487s [p11_child[2158]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 487s [p11_child[2158]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 487s [p11_child[2158]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 487s [p11_child[2158]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 487s [p11_child[2158]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 487s [p11_child[2158]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 487s [p11_child[2158]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 487s [p11_child[2158]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 487s [p11_child[2158]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 487s [p11_child[2158]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 487s [p11_child[2158]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 487s [p11_child[2158]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 487s [p11_child[2158]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 487s [p11_child[2158]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 487s [p11_child[2158]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 487s [p11_child[2158]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 487s [p11_child[2158]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 487s [p11_child[2158]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 487s [p11_child[2158]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 487s [p11_child[2158]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 487s [p11_child[2158]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 487s [p11_child[2158]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 487s [p11_child[2158]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 487s [p11_child[2158]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 487s [p11_child[2158]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 487s [p11_child[2158]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 487s [p11_child[2158]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 487s [p11_child[2158]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 487s [p11_child[2158]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 487s [p11_child[2158]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 487s [p11_child[2158]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 487s [p11_child[2158]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 487s [p11_child[2158]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 487s [p11_child[2158]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 487s [p11_child[2158]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 487s [p11_child[2158]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 487s [p11_child[2158]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 487s [p11_child[2158]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 487s [p11_child[2158]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 487s [p11_child[2158]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 487s [p11_child[2158]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 487s [p11_child[2158]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 487s [p11_child[2158]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 487s [p11_child[2158]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 487s [p11_child[2158]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 487s [p11_child[2158]] [do_card] (0x4000): Certificate verified and validated. 487s [p11_child[2158]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 487s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-GcvsPX/SSSD-child-2245-auth.output 487s + echo '-----BEGIN CERTIFICATE-----' 487s + tail -n1 /tmp/sssd-softhsm2-GcvsPX/SSSD-child-2245-auth.output 487s + echo '-----END CERTIFICATE-----' 487s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-GcvsPX/SSSD-child-2245-auth.pem 487s Certificate: 487s Data: 487s Version: 3 (0x2) 487s Serial Number: 4 (0x4) 487s Signature Algorithm: sha256WithRSAEncryption 487s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate CA 487s Validity 487s Not Before: Mar 21 04:29:39 2024 GMT 487s Not After : Mar 21 04:29:39 2025 GMT 487s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate Trusted Certificate 0001 487s Subject Public Key Info: 487s Public Key Algorithm: rsaEncryption 487s Public-Key: (1024 bit) 487s Modulus: 487s 00:db:c0:0d:02:33:24:61:23:cf:3d:44:cb:a1:f1: 487s f5:83:a7:a5:f6:f2:2d:95:75:27:be:d0:a6:b9:cd: 487s 58:87:bb:f3:c6:a4:48:4f:8f:d1:6c:f9:43:50:1c: 487s ef:65:c5:d3:4b:6c:95:c6:83:a4:b3:5f:66:32:b5: 487s dc:11:1e:24:42:04:4a:66:60:33:65:7f:b9:eb:4d: 487s bb:2c:da:0c:f7:a6:c1:3f:34:0d:7f:28:1d:4f:71: 487s a9:1e:93:10:14:76:d1:70:07:a8:bb:a3:50:e1:80: 487s 6a:e5:96:43:fa:ac:85:b9:72:24:27:59:a0:91:94: 487s 73:67:8f:df:27:46:48:77:a5 487s Exponent: 65537 (0x10001) 487s X509v3 extensions: 487s X509v3 Authority Key Identifier: 487s 74:FD:D9:A8:9F:82:FD:62:62:80:C5:E2:83:D3:E3:01:CB:15:7A:6A 487s X509v3 Basic Constraints: 487s CA:FALSE 487s Netscape Cert Type: 487s SSL Client, S/MIME 487s Netscape Comment: 487s Test Organization Intermediate CA trusted Certificate 487s X509v3 Subject Key Identifier: 487s 49:12:9B:F7:23:04:01:51:3D:D1:7D:FB:F4:7F:37:C3:66:DF:8E:AB 487s X509v3 Key Usage: critical 487s Digital Signature, Non Repudiation, Key Encipherment 487s X509v3 Extended Key Usage: 487s TLS Web Client Authentication, E-mail Protection 487s X509v3 Subject Alternative Name: 487s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 487s Signature Algorithm: sha256WithRSAEncryption 487s Signature Value: 487s 62:a8:56:c6:2c:e0:ec:0f:17:c6:5b:d7:3a:7e:7d:f0:5c:a6: 487s 85:4a:cb:12:fa:ff:ae:4a:2b:13:8d:4b:2c:0a:96:4a:34:a8: 487s 0e:14:36:66:4a:3e:41:05:2e:cd:0e:8d:e6:fa:9a:6e:61:b7: 487s 78:c8:44:44:ed:eb:c0:87:64:2b:a9:1e:90:58:de:6b:4c:18: 487s 32:49:9e:2a:37:db:0f:46:8e:d2:dc:b5:a8:37:64:fc:04:3f: 487s 10:f3:a2:f4:39:67:27:fa:a3:03:c5:cd:eb:f3:e9:60:d4:8a: 487s 46:90:35:77:de:94:bf:1c:d4:f6:c8:92:27:78:b1:35:b7:9d: 487s 94:6d 487s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-GcvsPX/SSSD-child-2245-auth.pem 487s + found_md5=Modulus=DBC00D0233246123CF3D44CBA1F1F583A7A5F6F22D957527BED0A6B9CD5887BBF3C6A4484F8FD16CF943501CEF65C5D34B6C95C683A4B35F6632B5DC111E2442044A666033657FB9EB4DBB2CDA0CF7A6C13F340D7F281D4F71A91E93101476D17007A8BBA350E1806AE59643FAAC85B972242759A0919473678FDF27464877A5 487s + '[' Modulus=DBC00D0233246123CF3D44CBA1F1F583A7A5F6F22D957527BED0A6B9CD5887BBF3C6A4484F8FD16CF943501CEF65C5D34B6C95C683A4B35F6632B5DC111E2442044A666033657FB9EB4DBB2CDA0CF7A6C13F340D7F281D4F71A91E93101476D17007A8BBA350E1806AE59643FAAC85B972242759A0919473678FDF27464877A5 '!=' Modulus=DBC00D0233246123CF3D44CBA1F1F583A7A5F6F22D957527BED0A6B9CD5887BBF3C6A4484F8FD16CF943501CEF65C5D34B6C95C683A4B35F6632B5DC111E2442044A666033657FB9EB4DBB2CDA0CF7A6C13F340D7F281D4F71A91E93101476D17007A8BBA350E1806AE59643FAAC85B972242759A0919473678FDF27464877A5 ']' 487s + invalid_certificate /tmp/sssd-softhsm2-GcvsPX/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-6367 /tmp/sssd-softhsm2-GcvsPX/test-root-CA.pem 487s + check_certificate /tmp/sssd-softhsm2-GcvsPX/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-6367 /tmp/sssd-softhsm2-GcvsPX/test-root-CA.pem 487s + local certificate=/tmp/sssd-softhsm2-GcvsPX/test-intermediate-CA-trusted-certificate-0001.pem 487s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-6367 487s + local key_ring=/tmp/sssd-softhsm2-GcvsPX/test-root-CA.pem 487s + local verify_option= 487s + prepare_softhsm2_card /tmp/sssd-softhsm2-GcvsPX/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-6367 487s + local certificate=/tmp/sssd-softhsm2-GcvsPX/test-intermediate-CA-trusted-certificate-0001.pem 487s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-6367 487s + local key_cn 487s + local key_name 487s + local tokens_dir 487s + local output_cert_file 487s + token_name= 487s ++ basename /tmp/sssd-softhsm2-GcvsPX/test-intermediate-CA-trusted-certificate-0001.pem .pem 487s + key_name=test-intermediate-CA-trusted-certificate-0001 487s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-GcvsPX/test-intermediate-CA-trusted-certificate-0001.pem 487s ++ sed -n 's/ *commonName *= //p' 487s + key_cn='Test Organization Intermediate Trusted Certificate 0001' 487s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 487s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-GcvsPX/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 487s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-GcvsPX/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 487s ++ basename /tmp/sssd-softhsm2-GcvsPX/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf .conf 487s + tokens_dir=/tmp/sssd-softhsm2-GcvsPX/softhsm2-test-intermediate-CA-trusted-certificate-0001 487s + token_name='Test Organization Interme Token' 487s + '[' '!' -e /tmp/sssd-softhsm2-GcvsPX/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf ']' 487s + '[' '!' -d /tmp/sssd-softhsm2-GcvsPX/softhsm2-test-intermediate-CA-trusted-certificate-0001 ']' 487s + echo 'Test Organization Interme Token' 487s + '[' -n '' ']' 487s Test Organization Interme Token 487s + local output_base_name=SSSD-child-7030 487s + local output_file=/tmp/sssd-softhsm2-GcvsPX/SSSD-child-7030.output 487s + output_cert_file=/tmp/sssd-softhsm2-GcvsPX/SSSD-child-7030.pem 487s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so '' --ca_db=/tmp/sssd-softhsm2-GcvsPX/test-root-CA.pem 487s [p11_child[2168]] [main] (0x0400): p11_child started. 487s [p11_child[2168]] [main] (0x2000): Running in [pre-auth] mode. 487s [p11_child[2168]] [main] (0x2000): Running with effective IDs: [0][0]. 487s [p11_child[2168]] [main] (0x2000): Running with real IDs [0][0]. 487s [p11_child[2168]] [do_card] (0x4000): Module List: 487s [p11_child[2168]] [do_card] (0x4000): common name: [softhsm2]. 487s [p11_child[2168]] [do_card] (0x4000): dll name: [/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 487s [p11_child[2168]] [do_card] (0x4000): Description [SoftHSM slot ID 0x60f18403] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 487s [p11_child[2168]] [do_card] (0x4000): Token label [Test Organization Interme Token]. 487s [p11_child[2168]] [do_card] (0x4000): Found [Test Organization Interme Token] in slot [SoftHSM slot ID 0x60f18403][1626440707] of module [0][/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 487s [p11_child[2168]] [do_card] (0x4000): Login NOT required. 487s [p11_child[2168]] [read_certs] (0x4000): found cert[Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] 487s [p11_child[2168]] [do_verification] (0x0040): X509_verify_cert failed [0]. 487s [p11_child[2168]] [do_verification] (0x0040): X509_verify_cert failed [20][unable to get local issuer certificate]. 487s [p11_child[2168]] [read_certs] (0x0040): Certificate [Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] not valid, skipping. 487s [p11_child[2168]] [do_card] (0x4000): No certificate found. 487s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-GcvsPX/SSSD-child-7030.output 487s + return 2 487s + invalid_certificate /tmp/sssd-softhsm2-GcvsPX/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-6367 /tmp/sssd-softhsm2-GcvsPX/test-root-CA.pem partial_chain 487s + check_certificate /tmp/sssd-softhsm2-GcvsPX/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-6367 /tmp/sssd-softhsm2-GcvsPX/test-root-CA.pem partial_chain 487s + local certificate=/tmp/sssd-softhsm2-GcvsPX/test-intermediate-CA-trusted-certificate-0001.pem 487s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-6367 487s + local key_ring=/tmp/sssd-softhsm2-GcvsPX/test-root-CA.pem 487s + local verify_option=partial_chain 487s + prepare_softhsm2_card /tmp/sssd-softhsm2-GcvsPX/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-6367 487s + local certificate=/tmp/sssd-softhsm2-GcvsPX/test-intermediate-CA-trusted-certificate-0001.pem 487s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-6367 487s + local key_cn 487s + local key_name 487s + local tokens_dir 487s + local output_cert_file 487s + token_name= 487s ++ basename /tmp/sssd-softhsm2-GcvsPX/test-intermediate-CA-trusted-certificate-0001.pem .pem 487s + key_name=test-intermediate-CA-trusted-certificate-0001 487s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-GcvsPX/test-intermediate-CA-trusted-certificate-0001.pem 487s ++ sed -n 's/ *commonName *= //p' 487s + key_cn='Test Organization Intermediate Trusted Certificate 0001' 487s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 487s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-GcvsPX/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 487s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-GcvsPX/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 487s ++ basename /tmp/sssd-softhsm2-GcvsPX/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf .conf 487s + tokens_dir=/tmp/sssd-softhsm2-GcvsPX/softhsm2-test-intermediate-CA-trusted-certificate-0001 487s + token_name='Test Organization Interme Token' 487s + '[' '!' -e /tmp/sssd-softhsm2-GcvsPX/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf ']' 487s + '[' '!' -d /tmp/sssd-softhsm2-GcvsPX/softhsm2-test-intermediate-CA-trusted-certificate-0001 ']' 487s + echo 'Test Organization Interme Token' 487s + '[' -n partial_chain ']' 487s Test Organization Interme Token 487s + local verify_arg=--verify=partial_chain 487s + local output_base_name=SSSD-child-25441 487s + local output_file=/tmp/sssd-softhsm2-GcvsPX/SSSD-child-25441.output 487s + output_cert_file=/tmp/sssd-softhsm2-GcvsPX/SSSD-child-25441.pem 487s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so --verify=partial_chain --ca_db=/tmp/sssd-softhsm2-GcvsPX/test-root-CA.pem 487s [p11_child[2175]] [main] (0x0400): p11_child started. 487s [p11_child[2175]] [main] (0x2000): Running in [pre-auth] mode. 487s [p11_child[2175]] [main] (0x2000): Running with effective IDs: [0][0]. 487s [p11_child[2175]] [main] (0x2000): Running with real IDs [0][0]. 487s [p11_child[2175]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 487s [p11_child[2175]] [do_card] (0x4000): Module List: 487s [p11_child[2175]] [do_card] (0x4000): common name: [softhsm2]. 487s [p11_child[2175]] [do_card] (0x4000): dll name: [/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 487s [p11_child[2175]] [do_card] (0x4000): Description [SoftHSM slot ID 0x60f18403] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 487s [p11_child[2175]] [do_card] (0x4000): Token label [Test Organization Interme Token]. 487s [p11_child[2175]] [do_card] (0x4000): Found [Test Organization Interme Token] in slot [SoftHSM slot ID 0x60f18403][1626440707] of module [0][/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 487s [p11_child[2175]] [do_card] (0x4000): Login NOT required. 487s [p11_child[2175]] [read_certs] (0x4000): found cert[Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] 487s [p11_child[2175]] [do_verification] (0x0040): X509_verify_cert failed [0]. 487s [p11_child[2175]] [do_verification] (0x0040): X509_verify_cert failed [20][unable to get local issuer certificate]. 487s [p11_child[2175]] [read_certs] (0x0040): Certificate [Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] not valid, skipping. 487s [p11_child[2175]] [do_card] (0x4000): No certificate found. 487s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-GcvsPX/SSSD-child-25441.output 487s + return 2 487s + valid_certificate /tmp/sssd-softhsm2-GcvsPX/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-6367 /tmp/sssd-softhsm2-GcvsPX/test-full-chain-CA.pem 487s + check_certificate /tmp/sssd-softhsm2-GcvsPX/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-6367 /tmp/sssd-softhsm2-GcvsPX/test-full-chain-CA.pem 487s + local certificate=/tmp/sssd-softhsm2-GcvsPX/test-intermediate-CA-trusted-certificate-0001.pem 487s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-6367 487s + local key_ring=/tmp/sssd-softhsm2-GcvsPX/test-full-chain-CA.pem 487s + local verify_option= 487s + prepare_softhsm2_card /tmp/sssd-softhsm2-GcvsPX/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-6367 487s + local certificate=/tmp/sssd-softhsm2-GcvsPX/test-intermediate-CA-trusted-certificate-0001.pem 487s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-6367 487s + local key_cn 487s + local key_name 487s + local tokens_dir 487s + local output_cert_file 487s + token_name= 487s ++ basename /tmp/sssd-softhsm2-GcvsPX/test-intermediate-CA-trusted-certificate-0001.pem .pem 487s + key_name=test-intermediate-CA-trusted-certificate-0001 487s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-GcvsPX/test-intermediate-CA-trusted-certificate-0001.pem 487s ++ sed -n 's/ *commonName *= //p' 487s + key_cn='Test Organization Intermediate Trusted Certificate 0001' 487s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 487s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-GcvsPX/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 487s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-GcvsPX/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 487s ++ basename /tmp/sssd-softhsm2-GcvsPX/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf .conf 487s + tokens_dir=/tmp/sssd-softhsm2-GcvsPX/softhsm2-test-intermediate-CA-trusted-certificate-0001 487s + token_name='Test Organization Interme Token' 487s + '[' '!' -e /tmp/sssd-softhsm2-GcvsPX/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf ']' 487s + '[' '!' -d /tmp/sssd-softhsm2-GcvsPX/softhsm2-test-intermediate-CA-trusted-certificate-0001 ']' 487s + echo 'Test Organization Interme Token' 487s Test Organization Interme Token 487s + '[' -n '' ']' 487s + local output_base_name=SSSD-child-18346 487s + local output_file=/tmp/sssd-softhsm2-GcvsPX/SSSD-child-18346.output 487s + output_cert_file=/tmp/sssd-softhsm2-GcvsPX/SSSD-child-18346.pem 487s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so '' --ca_db=/tmp/sssd-softhsm2-GcvsPX/test-full-chain-CA.pem 487s [p11_child[2182]] [main] (0x0400): p11_child started. 487s [p11_child[2182]] [main] (0x2000): Running in [pre-auth] mode. 487s [p11_child[2182]] [main] (0x2000): Running with effective IDs: [0][0]. 487s [p11_child[2182]] [main] (0x2000): Running with real IDs [0][0]. 487s [p11_child[2182]] [do_card] (0x4000): Module List: 487s [p11_child[2182]] [do_card] (0x4000): common name: [softhsm2]. 487s [p11_child[2182]] [do_card] (0x4000): dll name: [/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 487s [p11_child[2182]] [do_card] (0x4000): Description [SoftHSM slot ID 0x60f18403] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 487s [p11_child[2182]] [do_card] (0x4000): Token label [Test Organization Interme Token]. 487s [p11_child[2182]] [do_card] (0x4000): Found [Test Organization Interme Token] in slot [SoftHSM slot ID 0x60f18403][1626440707] of module [0][/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 487s [p11_child[2182]] [do_card] (0x4000): Login NOT required. 487s [p11_child[2182]] [read_certs] (0x4000): found cert[Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] 487s [p11_child[2182]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 487s [p11_child[2182]] [do_card] (0x4000): /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so (null) Test Organization Interme Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 487s [p11_child[2182]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x60f18403;slot-manufacturer=SoftHSM%20project;slot-id=1626440707;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=2435a958e0f18403;token=Test%20Organization%20Interme%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Intermediate%20Trusted%20Certificate%200001;type=cert. 487s [p11_child[2182]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 487s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-GcvsPX/SSSD-child-18346.output 487s + echo '-----BEGIN CERTIFICATE-----' 487s + tail -n1 /tmp/sssd-softhsm2-GcvsPX/SSSD-child-18346.output 487s + echo '-----END CERTIFICATE-----' 487s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-GcvsPX/SSSD-child-18346.pem 487s Certificate: 487s Data: 487s Version: 3 (0x2) 487s Serial Number: 4 (0x4) 487s Signature Algorithm: sha256WithRSAEncryption 487s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate CA 487s Validity 487s Not Before: Mar 21 04:29:39 2024 GMT 487s Not After : Mar 21 04:29:39 2025 GMT 487s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate Trusted Certificate 0001 487s Subject Public Key Info: 487s Public Key Algorithm: rsaEncryption 487s Public-Key: (1024 bit) 487s Modulus: 487s 00:db:c0:0d:02:33:24:61:23:cf:3d:44:cb:a1:f1: 487s f5:83:a7:a5:f6:f2:2d:95:75:27:be:d0:a6:b9:cd: 487s 58:87:bb:f3:c6:a4:48:4f:8f:d1:6c:f9:43:50:1c: 487s ef:65:c5:d3:4b:6c:95:c6:83:a4:b3:5f:66:32:b5: 487s dc:11:1e:24:42:04:4a:66:60:33:65:7f:b9:eb:4d: 487s bb:2c:da:0c:f7:a6:c1:3f:34:0d:7f:28:1d:4f:71: 487s a9:1e:93:10:14:76:d1:70:07:a8:bb:a3:50:e1:80: 487s 6a:e5:96:43:fa:ac:85:b9:72:24:27:59:a0:91:94: 487s 73:67:8f:df:27:46:48:77:a5 487s Exponent: 65537 (0x10001) 487s X509v3 extensions: 487s X509v3 Authority Key Identifier: 487s 74:FD:D9:A8:9F:82:FD:62:62:80:C5:E2:83:D3:E3:01:CB:15:7A:6A 487s X509v3 Basic Constraints: 487s CA:FALSE 487s Netscape Cert Type: 487s SSL Client, S/MIME 487s Netscape Comment: 487s Test Organization Intermediate CA trusted Certificate 487s X509v3 Subject Key Identifier: 487s 49:12:9B:F7:23:04:01:51:3D:D1:7D:FB:F4:7F:37:C3:66:DF:8E:AB 487s X509v3 Key Usage: critical 487s Digital Signature, Non Repudiation, Key Encipherment 487s X509v3 Extended Key Usage: 487s TLS Web Client Authentication, E-mail Protection 487s X509v3 Subject Alternative Name: 487s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 487s Signature Algorithm: sha256WithRSAEncryption 487s Signature Value: 487s 62:a8:56:c6:2c:e0:ec:0f:17:c6:5b:d7:3a:7e:7d:f0:5c:a6: 487s 85:4a:cb:12:fa:ff:ae:4a:2b:13:8d:4b:2c:0a:96:4a:34:a8: 487s 0e:14:36:66:4a:3e:41:05:2e:cd:0e:8d:e6:fa:9a:6e:61:b7: 487s 78:c8:44:44:ed:eb:c0:87:64:2b:a9:1e:90:58:de:6b:4c:18: 487s 32:49:9e:2a:37:db:0f:46:8e:d2:dc:b5:a8:37:64:fc:04:3f: 487s 10:f3:a2:f4:39:67:27:fa:a3:03:c5:cd:eb:f3:e9:60:d4:8a: 487s 46:90:35:77:de:94:bf:1c:d4:f6:c8:92:27:78:b1:35:b7:9d: 487s 94:6d 487s + local found_md5 expected_md5 487s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-GcvsPX/test-intermediate-CA-trusted-certificate-0001.pem 487s + expected_md5=Modulus=DBC00D0233246123CF3D44CBA1F1F583A7A5F6F22D957527BED0A6B9CD5887BBF3C6A4484F8FD16CF943501CEF65C5D34B6C95C683A4B35F6632B5DC111E2442044A666033657FB9EB4DBB2CDA0CF7A6C13F340D7F281D4F71A91E93101476D17007A8BBA350E1806AE59643FAAC85B972242759A0919473678FDF27464877A5 487s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-GcvsPX/SSSD-child-18346.pem 487s + found_md5=Modulus=DBC00D0233246123CF3D44CBA1F1F583A7A5F6F22D957527BED0A6B9CD5887BBF3C6A4484F8FD16CF943501CEF65C5D34B6C95C683A4B35F6632B5DC111E2442044A666033657FB9EB4DBB2CDA0CF7A6C13F340D7F281D4F71A91E93101476D17007A8BBA350E1806AE59643FAAC85B972242759A0919473678FDF27464877A5 487s + '[' Modulus=DBC00D0233246123CF3D44CBA1F1F583A7A5F6F22D957527BED0A6B9CD5887BBF3C6A4484F8FD16CF943501CEF65C5D34B6C95C683A4B35F6632B5DC111E2442044A666033657FB9EB4DBB2CDA0CF7A6C13F340D7F281D4F71A91E93101476D17007A8BBA350E1806AE59643FAAC85B972242759A0919473678FDF27464877A5 '!=' Modulus=DBC00D0233246123CF3D44CBA1F1F583A7A5F6F22D957527BED0A6B9CD5887BBF3C6A4484F8FD16CF943501CEF65C5D34B6C95C683A4B35F6632B5DC111E2442044A666033657FB9EB4DBB2CDA0CF7A6C13F340D7F281D4F71A91E93101476D17007A8BBA350E1806AE59643FAAC85B972242759A0919473678FDF27464877A5 ']' 487s + output_file=/tmp/sssd-softhsm2-GcvsPX/SSSD-child-18346-auth.output 487s ++ basename /tmp/sssd-softhsm2-GcvsPX/SSSD-child-18346-auth.output .output 487s + output_cert_file=/tmp/sssd-softhsm2-GcvsPX/SSSD-child-18346-auth.pem 487s + echo -n 053350 487s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/tmp/sssd-softhsm2-GcvsPX/test-full-chain-CA.pem --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 '' --token_name 'Test Organization Interme Token' --module_name /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so 487s [p11_child[2190]] [main] (0x0400): p11_child started. 487s [p11_child[2190]] [main] (0x2000): Running in [auth] mode. 487s [p11_child[2190]] [main] (0x2000): Running with effective IDs: [0][0]. 487s [p11_child[2190]] [main] (0x2000): Running with real IDs [0][0]. 487s [p11_child[2190]] [do_card] (0x4000): Module List: 487s [p11_child[2190]] [do_card] (0x4000): common name: [softhsm2]. 487s [p11_child[2190]] [do_card] (0x4000): dll name: [/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 487s [p11_child[2190]] [do_card] (0x4000): Description [SoftHSM slot ID 0x60f18403] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 487s [p11_child[2190]] [do_card] (0x4000): Token label [Test Organization Interme Token]. 487s [p11_child[2190]] [do_card] (0x4000): Found [Test Organization Interme Token] in slot [SoftHSM slot ID 0x60f18403][1626440707] of module [0][/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 487s [p11_child[2190]] [do_card] (0x4000): Login required. 487s [p11_child[2190]] [read_certs] (0x4000): found cert[Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] 487s [p11_child[2190]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 487s [p11_child[2190]] [do_card] (0x4000): /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so Test Organization Interme Token Test Organization Interme Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 487s [p11_child[2190]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x60f18403;slot-manufacturer=SoftHSM%20project;slot-id=1626440707;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=2435a958e0f18403;token=Test%20Organization%20Interme%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Intermediate%20Trusted%20Certificate%200001;type=cert. 487s [p11_child[2190]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 487s [p11_child[2190]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 487s [p11_child[2190]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 487s [p11_child[2190]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 487s [p11_child[2190]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 487s [p11_child[2190]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 487s [p11_child[2190]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 487s [p11_child[2190]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 487s [p11_child[2190]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 487s [p11_child[2190]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 487s [p11_child[2190]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 487s [p11_child[2190]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 487s [p11_child[2190]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 487s [p11_child[2190]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 487s [p11_child[2190]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 487s [p11_child[2190]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 487s [p11_child[2190]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 487s [p11_child[2190]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 487s [p11_child[2190]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 487s [p11_child[2190]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 487s [p11_child[2190]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 487s [p11_child[2190]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 487s [p11_child[2190]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 487s [p11_child[2190]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 487s [p11_child[2190]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 487s [p11_child[2190]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 487s [p11_child[2190]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 487s [p11_child[2190]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 487s [p11_child[2190]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 487s [p11_child[2190]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 487s [p11_child[2190]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 487s [p11_child[2190]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 487s [p11_child[2190]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 487s [p11_child[2190]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 487s [p11_child[2190]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 487s [p11_child[2190]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 487s [p11_child[2190]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 487s [p11_child[2190]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 487s [p11_child[2190]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 487s [p11_child[2190]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 487s [p11_child[2190]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 487s [p11_child[2190]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 487s [p11_child[2190]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 487s [p11_child[2190]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 487s [p11_child[2190]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 487s [p11_child[2190]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 487s [p11_child[2190]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 487s [p11_child[2190]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 487s [p11_child[2190]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 487s [p11_child[2190]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 487s [p11_child[2190]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 487s [p11_child[2190]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 487s [p11_child[2190]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 487s [p11_child[2190]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 487s [p11_child[2190]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 487s [p11_child[2190]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 487s [p11_child[2190]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 487s [p11_child[2190]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 487s [p11_child[2190]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 487s [p11_child[2190]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 487s [p11_child[2190]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 487s [p11_child[2190]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 487s [p11_child[2190]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 487s [p11_child[2190]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 487s [p11_child[2190]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 487s [p11_child[2190]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 487s [p11_child[2190]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 487s [p11_child[2190]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 487s [p11_child[2190]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 487s [p11_child[2190]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 487s [p11_child[2190]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 487s [p11_child[2190]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 487s [p11_child[2190]] [do_card] (0x4000): Certificate verified and validated. 487s [p11_child[2190]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 487s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-GcvsPX/SSSD-child-18346-auth.output 487s + echo '-----BEGIN CERTIFICATE-----' 487s + tail -n1 /tmp/sssd-softhsm2-GcvsPX/SSSD-child-18346-auth.output 487s + echo '-----END CERTIFICATE-----' 487s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-GcvsPX/SSSD-child-18346-auth.pem 487s Certificate: 487s Data: 487s Version: 3 (0x2) 487s Serial Number: 4 (0x4) 487s Signature Algorithm: sha256WithRSAEncryption 487s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate CA 487s Validity 487s Not Before: Mar 21 04:29:39 2024 GMT 487s Not After : Mar 21 04:29:39 2025 GMT 487s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate Trusted Certificate 0001 487s Subject Public Key Info: 487s Public Key Algorithm: rsaEncryption 487s Public-Key: (1024 bit) 487s Modulus: 487s 00:db:c0:0d:02:33:24:61:23:cf:3d:44:cb:a1:f1: 487s f5:83:a7:a5:f6:f2:2d:95:75:27:be:d0:a6:b9:cd: 487s 58:87:bb:f3:c6:a4:48:4f:8f:d1:6c:f9:43:50:1c: 487s ef:65:c5:d3:4b:6c:95:c6:83:a4:b3:5f:66:32:b5: 487s dc:11:1e:24:42:04:4a:66:60:33:65:7f:b9:eb:4d: 487s bb:2c:da:0c:f7:a6:c1:3f:34:0d:7f:28:1d:4f:71: 487s a9:1e:93:10:14:76:d1:70:07:a8:bb:a3:50:e1:80: 487s 6a:e5:96:43:fa:ac:85:b9:72:24:27:59:a0:91:94: 487s 73:67:8f:df:27:46:48:77:a5 487s Exponent: 65537 (0x10001) 487s X509v3 extensions: 487s X509v3 Authority Key Identifier: 487s 74:FD:D9:A8:9F:82:FD:62:62:80:C5:E2:83:D3:E3:01:CB:15:7A:6A 487s X509v3 Basic Constraints: 487s CA:FALSE 487s Netscape Cert Type: 487s SSL Client, S/MIME 487s Netscape Comment: 487s Test Organization Intermediate CA trusted Certificate 487s X509v3 Subject Key Identifier: 487s 49:12:9B:F7:23:04:01:51:3D:D1:7D:FB:F4:7F:37:C3:66:DF:8E:AB 487s X509v3 Key Usage: critical 487s Digital Signature, Non Repudiation, Key Encipherment 487s X509v3 Extended Key Usage: 487s TLS Web Client Authentication, E-mail Protection 487s X509v3 Subject Alternative Name: 487s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 487s Signature Algorithm: sha256WithRSAEncryption 487s Signature Value: 487s 62:a8:56:c6:2c:e0:ec:0f:17:c6:5b:d7:3a:7e:7d:f0:5c:a6: 487s 85:4a:cb:12:fa:ff:ae:4a:2b:13:8d:4b:2c:0a:96:4a:34:a8: 487s 0e:14:36:66:4a:3e:41:05:2e:cd:0e:8d:e6:fa:9a:6e:61:b7: 487s 78:c8:44:44:ed:eb:c0:87:64:2b:a9:1e:90:58:de:6b:4c:18: 487s 32:49:9e:2a:37:db:0f:46:8e:d2:dc:b5:a8:37:64:fc:04:3f: 487s 10:f3:a2:f4:39:67:27:fa:a3:03:c5:cd:eb:f3:e9:60:d4:8a: 487s 46:90:35:77:de:94:bf:1c:d4:f6:c8:92:27:78:b1:35:b7:9d: 487s 94:6d 487s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-GcvsPX/SSSD-child-18346-auth.pem 487s + found_md5=Modulus=DBC00D0233246123CF3D44CBA1F1F583A7A5F6F22D957527BED0A6B9CD5887BBF3C6A4484F8FD16CF943501CEF65C5D34B6C95C683A4B35F6632B5DC111E2442044A666033657FB9EB4DBB2CDA0CF7A6C13F340D7F281D4F71A91E93101476D17007A8BBA350E1806AE59643FAAC85B972242759A0919473678FDF27464877A5 487s + '[' Modulus=DBC00D0233246123CF3D44CBA1F1F583A7A5F6F22D957527BED0A6B9CD5887BBF3C6A4484F8FD16CF943501CEF65C5D34B6C95C683A4B35F6632B5DC111E2442044A666033657FB9EB4DBB2CDA0CF7A6C13F340D7F281D4F71A91E93101476D17007A8BBA350E1806AE59643FAAC85B972242759A0919473678FDF27464877A5 '!=' Modulus=DBC00D0233246123CF3D44CBA1F1F583A7A5F6F22D957527BED0A6B9CD5887BBF3C6A4484F8FD16CF943501CEF65C5D34B6C95C683A4B35F6632B5DC111E2442044A666033657FB9EB4DBB2CDA0CF7A6C13F340D7F281D4F71A91E93101476D17007A8BBA350E1806AE59643FAAC85B972242759A0919473678FDF27464877A5 ']' 487s + valid_certificate /tmp/sssd-softhsm2-GcvsPX/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-6367 /tmp/sssd-softhsm2-GcvsPX/test-full-chain-CA.pem partial_chain 487s + check_certificate /tmp/sssd-softhsm2-GcvsPX/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-6367 /tmp/sssd-softhsm2-GcvsPX/test-full-chain-CA.pem partial_chain 487s + local certificate=/tmp/sssd-softhsm2-GcvsPX/test-intermediate-CA-trusted-certificate-0001.pem 487s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-6367 487s + local key_ring=/tmp/sssd-softhsm2-GcvsPX/test-full-chain-CA.pem 487s + local verify_option=partial_chain 487s + prepare_softhsm2_card /tmp/sssd-softhsm2-GcvsPX/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-6367 487s + local certificate=/tmp/sssd-softhsm2-GcvsPX/test-intermediate-CA-trusted-certificate-0001.pem 487s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-6367 487s + local key_cn 487s + local key_name 487s + local tokens_dir 487s + local output_cert_file 487s + token_name= 487s ++ basename /tmp/sssd-softhsm2-GcvsPX/test-intermediate-CA-trusted-certificate-0001.pem .pem 487s + key_name=test-intermediate-CA-trusted-certificate-0001 487s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-GcvsPX/test-intermediate-CA-trusted-certificate-0001.pem 487s ++ sed -n 's/ *commonName *= //p' 487s + key_cn='Test Organization Intermediate Trusted Certificate 0001' 487s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 487s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-GcvsPX/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 487s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-GcvsPX/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 487s ++ basename /tmp/sssd-softhsm2-GcvsPX/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf .conf 487s + tokens_dir=/tmp/sssd-softhsm2-GcvsPX/softhsm2-test-intermediate-CA-trusted-certificate-0001 487s + token_name='Test Organization Interme Token' 487s + '[' '!' -e /tmp/sssd-softhsm2-GcvsPX/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf ']' 487s + '[' '!' -d /tmp/sssd-softhsm2-GcvsPX/softhsm2-test-intermediate-CA-trusted-certificate-0001 ']' 487s + echo 'Test Organization Interme Token' 487s + '[' -n partial_chain ']' 487s Test Organization Interme Token 487s + local verify_arg=--verify=partial_chain 487s + local output_base_name=SSSD-child-10577 487s + local output_file=/tmp/sssd-softhsm2-GcvsPX/SSSD-child-10577.output 487s + output_cert_file=/tmp/sssd-softhsm2-GcvsPX/SSSD-child-10577.pem 487s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so --verify=partial_chain --ca_db=/tmp/sssd-softhsm2-GcvsPX/test-full-chain-CA.pem 487s [p11_child[2200]] [main] (0x0400): p11_child started. 487s [p11_child[2200]] [main] (0x2000): Running in [pre-auth] mode. 487s [p11_child[2200]] [main] (0x2000): Running with effective IDs: [0][0]. 487s [p11_child[2200]] [main] (0x2000): Running with real IDs [0][0]. 487s [p11_child[2200]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 487s [p11_child[2200]] [do_card] (0x4000): Module List: 487s [p11_child[2200]] [do_card] (0x4000): common name: [softhsm2]. 487s [p11_child[2200]] [do_card] (0x4000): dll name: [/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 487s [p11_child[2200]] [do_card] (0x4000): Description [SoftHSM slot ID 0x60f18403] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 487s [p11_child[2200]] [do_card] (0x4000): Token label [Test Organization Interme Token]. 487s [p11_child[2200]] [do_card] (0x4000): Found [Test Organization Interme Token] in slot [SoftHSM slot ID 0x60f18403][1626440707] of module [0][/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 487s [p11_child[2200]] [do_card] (0x4000): Login NOT required. 487s [p11_child[2200]] [read_certs] (0x4000): found cert[Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] 487s [p11_child[2200]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 487s [p11_child[2200]] [do_card] (0x4000): /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so (null) Test Organization Interme Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 487s [p11_child[2200]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x60f18403;slot-manufacturer=SoftHSM%20project;slot-id=1626440707;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=2435a958e0f18403;token=Test%20Organization%20Interme%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Intermediate%20Trusted%20Certificate%200001;type=cert. 487s [p11_child[2200]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 487s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-GcvsPX/SSSD-child-10577.output 487s + echo '-----BEGIN CERTIFICATE-----' 487s + tail -n1 /tmp/sssd-softhsm2-GcvsPX/SSSD-child-10577.output 487s + echo '-----END CERTIFICATE-----' 487s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-GcvsPX/SSSD-child-10577.pem 487s Certificate: 487s Data: 487s Version: 3 (0x2) 487s Serial Number: 4 (0x4) 487s Signature Algorithm: sha256WithRSAEncryption 487s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate CA 487s Validity 487s Not Before: Mar 21 04:29:39 2024 GMT 487s Not After : Mar 21 04:29:39 2025 GMT 487s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate Trusted Certificate 0001 487s Subject Public Key Info: 487s Public Key Algorithm: rsaEncryption 487s Public-Key: (1024 bit) 487s Modulus: 487s 00:db:c0:0d:02:33:24:61:23:cf:3d:44:cb:a1:f1: 487s f5:83:a7:a5:f6:f2:2d:95:75:27:be:d0:a6:b9:cd: 487s 58:87:bb:f3:c6:a4:48:4f:8f:d1:6c:f9:43:50:1c: 487s ef:65:c5:d3:4b:6c:95:c6:83:a4:b3:5f:66:32:b5: 487s dc:11:1e:24:42:04:4a:66:60:33:65:7f:b9:eb:4d: 487s bb:2c:da:0c:f7:a6:c1:3f:34:0d:7f:28:1d:4f:71: 487s a9:1e:93:10:14:76:d1:70:07:a8:bb:a3:50:e1:80: 487s 6a:e5:96:43:fa:ac:85:b9:72:24:27:59:a0:91:94: 487s 73:67:8f:df:27:46:48:77:a5 487s Exponent: 65537 (0x10001) 487s X509v3 extensions: 487s X509v3 Authority Key Identifier: 487s 74:FD:D9:A8:9F:82:FD:62:62:80:C5:E2:83:D3:E3:01:CB:15:7A:6A 487s X509v3 Basic Constraints: 487s CA:FALSE 487s Netscape Cert Type: 487s SSL Client, S/MIME 487s Netscape Comment: 487s Test Organization Intermediate CA trusted Certificate 487s X509v3 Subject Key Identifier: 487s 49:12:9B:F7:23:04:01:51:3D:D1:7D:FB:F4:7F:37:C3:66:DF:8E:AB 487s X509v3 Key Usage: critical 487s Digital Signature, Non Repudiation, Key Encipherment 487s X509v3 Extended Key Usage: 487s TLS Web Client Authentication, E-mail Protection 487s X509v3 Subject Alternative Name: 487s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 487s Signature Algorithm: sha256WithRSAEncryption 487s Signature Value: 487s 62:a8:56:c6:2c:e0:ec:0f:17:c6:5b:d7:3a:7e:7d:f0:5c:a6: 487s 85:4a:cb:12:fa:ff:ae:4a:2b:13:8d:4b:2c:0a:96:4a:34:a8: 487s 0e:14:36:66:4a:3e:41:05:2e:cd:0e:8d:e6:fa:9a:6e:61:b7: 487s 78:c8:44:44:ed:eb:c0:87:64:2b:a9:1e:90:58:de:6b:4c:18: 487s 32:49:9e:2a:37:db:0f:46:8e:d2:dc:b5:a8:37:64:fc:04:3f: 487s 10:f3:a2:f4:39:67:27:fa:a3:03:c5:cd:eb:f3:e9:60:d4:8a: 487s 46:90:35:77:de:94:bf:1c:d4:f6:c8:92:27:78:b1:35:b7:9d: 487s 94:6d 487s + local found_md5 expected_md5 487s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-GcvsPX/test-intermediate-CA-trusted-certificate-0001.pem 487s + expected_md5=Modulus=DBC00D0233246123CF3D44CBA1F1F583A7A5F6F22D957527BED0A6B9CD5887BBF3C6A4484F8FD16CF943501CEF65C5D34B6C95C683A4B35F6632B5DC111E2442044A666033657FB9EB4DBB2CDA0CF7A6C13F340D7F281D4F71A91E93101476D17007A8BBA350E1806AE59643FAAC85B972242759A0919473678FDF27464877A5 487s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-GcvsPX/SSSD-child-10577.pem 487s + found_md5=Modulus=DBC00D0233246123CF3D44CBA1F1F583A7A5F6F22D957527BED0A6B9CD5887BBF3C6A4484F8FD16CF943501CEF65C5D34B6C95C683A4B35F6632B5DC111E2442044A666033657FB9EB4DBB2CDA0CF7A6C13F340D7F281D4F71A91E93101476D17007A8BBA350E1806AE59643FAAC85B972242759A0919473678FDF27464877A5 487s + '[' Modulus=DBC00D0233246123CF3D44CBA1F1F583A7A5F6F22D957527BED0A6B9CD5887BBF3C6A4484F8FD16CF943501CEF65C5D34B6C95C683A4B35F6632B5DC111E2442044A666033657FB9EB4DBB2CDA0CF7A6C13F340D7F281D4F71A91E93101476D17007A8BBA350E1806AE59643FAAC85B972242759A0919473678FDF27464877A5 '!=' Modulus=DBC00D0233246123CF3D44CBA1F1F583A7A5F6F22D957527BED0A6B9CD5887BBF3C6A4484F8FD16CF943501CEF65C5D34B6C95C683A4B35F6632B5DC111E2442044A666033657FB9EB4DBB2CDA0CF7A6C13F340D7F281D4F71A91E93101476D17007A8BBA350E1806AE59643FAAC85B972242759A0919473678FDF27464877A5 ']' 487s + output_file=/tmp/sssd-softhsm2-GcvsPX/SSSD-child-10577-auth.output 487s ++ basename /tmp/sssd-softhsm2-GcvsPX/SSSD-child-10577-auth.output .output 487s + output_cert_file=/tmp/sssd-softhsm2-GcvsPX/SSSD-child-10577-auth.pem 487s + echo -n 053350 487s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/tmp/sssd-softhsm2-GcvsPX/test-full-chain-CA.pem --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 --verify=partial_chain --token_name 'Test Organization Interme Token' --module_name /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so 487s [p11_child[2208]] [main] (0x0400): p11_child started. 487s [p11_child[2208]] [main] (0x2000): Running in [auth] mode. 487s [p11_child[2208]] [main] (0x2000): Running with effective IDs: [0][0]. 487s [p11_child[2208]] [main] (0x2000): Running with real IDs [0][0]. 487s [p11_child[2208]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 487s [p11_child[2208]] [do_card] (0x4000): Module List: 487s [p11_child[2208]] [do_card] (0x4000): common name: [softhsm2]. 487s [p11_child[2208]] [do_card] (0x4000): dll name: [/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 487s [p11_child[2208]] [do_card] (0x4000): Description [SoftHSM slot ID 0x60f18403] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 487s [p11_child[2208]] [do_card] (0x4000): Token label [Test Organization Interme Token]. 487s [p11_child[2208]] [do_card] (0x4000): Found [Test Organization Interme Token] in slot [SoftHSM slot ID 0x60f18403][1626440707] of module [0][/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 487s [p11_child[2208]] [do_card] (0x4000): Login required. 487s [p11_child[2208]] [read_certs] (0x4000): found cert[Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] 487s [p11_child[2208]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 487s [p11_child[2208]] [do_card] (0x4000): /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so Test Organization Interme Token Test Organization Interme Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 487s [p11_child[2208]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x60f18403;slot-manufacturer=SoftHSM%20project;slot-id=1626440707;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=2435a958e0f18403;token=Test%20Organization%20Interme%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Intermediate%20Trusted%20Certificate%200001;type=cert. 487s [p11_child[2208]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 487s [p11_child[2208]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 487s [p11_child[2208]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 487s [p11_child[2208]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 487s [p11_child[2208]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 487s [p11_child[2208]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 487s [p11_child[2208]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 487s [p11_child[2208]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 487s [p11_child[2208]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 487s [p11_child[2208]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 487s [p11_child[2208]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 487s [p11_child[2208]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 487s [p11_child[2208]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 487s [p11_child[2208]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 487s [p11_child[2208]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 487s [p11_child[2208]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 487s [p11_child[2208]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 487s [p11_child[2208]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 487s [p11_child[2208]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 487s [p11_child[2208]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 487s [p11_child[2208]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 487s [p11_child[2208]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 487s [p11_child[2208]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 487s [p11_child[2208]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 487s [p11_child[2208]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 487s [p11_child[2208]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 487s [p11_child[2208]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 487s [p11_child[2208]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 487s [p11_child[2208]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 487s [p11_child[2208]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 487s [p11_child[2208]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 487s [p11_child[2208]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 487s [p11_child[2208]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 487s [p11_child[2208]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 487s [p11_child[2208]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 487s [p11_child[2208]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 487s [p11_child[2208]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 487s [p11_child[2208]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 487s [p11_child[2208]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 487s [p11_child[2208]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 487s [p11_child[2208]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 487s [p11_child[2208]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 487s [p11_child[2208]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 487s [p11_child[2208]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 487s [p11_child[2208]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 487s [p11_child[2208]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 487s [p11_child[2208]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 487s [p11_child[2208]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 487s [p11_child[2208]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 487s [p11_child[2208]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 487s [p11_child[2208]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 487s [p11_child[2208]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 487s [p11_child[2208]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 487s [p11_child[2208]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 487s [p11_child[2208]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 487s [p11_child[2208]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 487s [p11_child[2208]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 487s [p11_child[2208]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 487s [p11_child[2208]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 487s [p11_child[2208]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 487s [p11_child[2208]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 487s [p11_child[2208]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 487s [p11_child[2208]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 487s [p11_child[2208]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 487s [p11_child[2208]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 487s [p11_child[2208]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 487s [p11_child[2208]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 487s [p11_child[2208]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 487s [p11_child[2208]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 487s [p11_child[2208]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 487s [p11_child[2208]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 487s [p11_child[2208]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 487s [p11_child[2208]] [do_card] (0x4000): Certificate verified and validated. 487s [p11_child[2208]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 487s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-GcvsPX/SSSD-child-10577-auth.output 487s + echo '-----BEGIN CERTIFICATE-----' 487s + tail -n1 /tmp/sssd-softhsm2-GcvsPX/SSSD-child-10577-auth.output 487s + echo '-----END CERTIFICATE-----' 487s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-GcvsPX/SSSD-child-10577-auth.pem 487s Certificate: 487s Data: 487s Version: 3 (0x2) 487s Serial Number: 4 (0x4) 487s Signature Algorithm: sha256WithRSAEncryption 487s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate CA 487s Validity 487s Not Before: Mar 21 04:29:39 2024 GMT 487s Not After : Mar 21 04:29:39 2025 GMT 487s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate Trusted Certificate 0001 487s Subject Public Key Info: 487s Public Key Algorithm: rsaEncryption 487s Public-Key: (1024 bit) 487s Modulus: 487s 00:db:c0:0d:02:33:24:61:23:cf:3d:44:cb:a1:f1: 487s f5:83:a7:a5:f6:f2:2d:95:75:27:be:d0:a6:b9:cd: 487s 58:87:bb:f3:c6:a4:48:4f:8f:d1:6c:f9:43:50:1c: 487s ef:65:c5:d3:4b:6c:95:c6:83:a4:b3:5f:66:32:b5: 487s dc:11:1e:24:42:04:4a:66:60:33:65:7f:b9:eb:4d: 487s bb:2c:da:0c:f7:a6:c1:3f:34:0d:7f:28:1d:4f:71: 487s a9:1e:93:10:14:76:d1:70:07:a8:bb:a3:50:e1:80: 487s 6a:e5:96:43:fa:ac:85:b9:72:24:27:59:a0:91:94: 487s 73:67:8f:df:27:46:48:77:a5 487s Exponent: 65537 (0x10001) 487s X509v3 extensions: 487s X509v3 Authority Key Identifier: 487s 74:FD:D9:A8:9F:82:FD:62:62:80:C5:E2:83:D3:E3:01:CB:15:7A:6A 487s X509v3 Basic Constraints: 487s CA:FALSE 487s Netscape Cert Type: 487s SSL Client, S/MIME 487s Netscape Comment: 487s Test Organization Intermediate CA trusted Certificate 487s X509v3 Subject Key Identifier: 487s 49:12:9B:F7:23:04:01:51:3D:D1:7D:FB:F4:7F:37:C3:66:DF:8E:AB 487s X509v3 Key Usage: critical 487s Digital Signature, Non Repudiation, Key Encipherment 487s X509v3 Extended Key Usage: 487s TLS Web Client Authentication, E-mail Protection 487s X509v3 Subject Alternative Name: 487s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 487s Signature Algorithm: sha256WithRSAEncryption 487s Signature Value: 487s 62:a8:56:c6:2c:e0:ec:0f:17:c6:5b:d7:3a:7e:7d:f0:5c:a6: 487s 85:4a:cb:12:fa:ff:ae:4a:2b:13:8d:4b:2c:0a:96:4a:34:a8: 487s 0e:14:36:66:4a:3e:41:05:2e:cd:0e:8d:e6:fa:9a:6e:61:b7: 487s 78:c8:44:44:ed:eb:c0:87:64:2b:a9:1e:90:58:de:6b:4c:18: 487s 32:49:9e:2a:37:db:0f:46:8e:d2:dc:b5:a8:37:64:fc:04:3f: 487s 10:f3:a2:f4:39:67:27:fa:a3:03:c5:cd:eb:f3:e9:60:d4:8a: 487s 46:90:35:77:de:94:bf:1c:d4:f6:c8:92:27:78:b1:35:b7:9d: 487s 94:6d 487s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-GcvsPX/SSSD-child-10577-auth.pem 487s + found_md5=Modulus=DBC00D0233246123CF3D44CBA1F1F583A7A5F6F22D957527BED0A6B9CD5887BBF3C6A4484F8FD16CF943501CEF65C5D34B6C95C683A4B35F6632B5DC111E2442044A666033657FB9EB4DBB2CDA0CF7A6C13F340D7F281D4F71A91E93101476D17007A8BBA350E1806AE59643FAAC85B972242759A0919473678FDF27464877A5 487s + '[' Modulus=DBC00D0233246123CF3D44CBA1F1F583A7A5F6F22D957527BED0A6B9CD5887BBF3C6A4484F8FD16CF943501CEF65C5D34B6C95C683A4B35F6632B5DC111E2442044A666033657FB9EB4DBB2CDA0CF7A6C13F340D7F281D4F71A91E93101476D17007A8BBA350E1806AE59643FAAC85B972242759A0919473678FDF27464877A5 '!=' Modulus=DBC00D0233246123CF3D44CBA1F1F583A7A5F6F22D957527BED0A6B9CD5887BBF3C6A4484F8FD16CF943501CEF65C5D34B6C95C683A4B35F6632B5DC111E2442044A666033657FB9EB4DBB2CDA0CF7A6C13F340D7F281D4F71A91E93101476D17007A8BBA350E1806AE59643FAAC85B972242759A0919473678FDF27464877A5 ']' 487s + invalid_certificate /tmp/sssd-softhsm2-GcvsPX/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-6367 /tmp/sssd-softhsm2-GcvsPX/test-intermediate-CA.pem 487s + check_certificate /tmp/sssd-softhsm2-GcvsPX/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-6367 /tmp/sssd-softhsm2-GcvsPX/test-intermediate-CA.pem 487s + local certificate=/tmp/sssd-softhsm2-GcvsPX/test-intermediate-CA-trusted-certificate-0001.pem 487s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-6367 487s + local key_ring=/tmp/sssd-softhsm2-GcvsPX/test-intermediate-CA.pem 487s + local verify_option= 487s + prepare_softhsm2_card /tmp/sssd-softhsm2-GcvsPX/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-6367 487s + local certificate=/tmp/sssd-softhsm2-GcvsPX/test-intermediate-CA-trusted-certificate-0001.pem 487s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-6367 487s + local key_cn 487s + local key_name 487s + local tokens_dir 487s + local output_cert_file 487s + token_name= 487s ++ basename /tmp/sssd-softhsm2-GcvsPX/test-intermediate-CA-trusted-certificate-0001.pem .pem 487s + key_name=test-intermediate-CA-trusted-certificate-0001 487s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-GcvsPX/test-intermediate-CA-trusted-certificate-0001.pem 487s ++ sed -n 's/ *commonName *= //p' 487s + key_cn='Test Organization Intermediate Trusted Certificate 0001' 487s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 487s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-GcvsPX/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 487s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-GcvsPX/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 487s ++ basename /tmp/sssd-softhsm2-GcvsPX/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf .conf 487s + tokens_dir=/tmp/sssd-softhsm2-GcvsPX/softhsm2-test-intermediate-CA-trusted-certificate-0001 487s + token_name='Test Organization Interme Token' 487s + '[' '!' -e /tmp/sssd-softhsm2-GcvsPX/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf ']' 487s + '[' '!' -d /tmp/sssd-softhsm2-GcvsPX/softhsm2-test-intermediate-CA-trusted-certificate-0001 ']' 487s + echo 'Test Organization Interme Token' 487s + '[' -n '' ']' 487s + local output_base_name=SSSD-child-26636 487s + local output_file=/tmp/sssd-softhsm2-GcvsPX/SSSD-child-26636.output 487s Test Organization Interme Token 487s + output_cert_file=/tmp/sssd-softhsm2-GcvsPX/SSSD-child-26636.pem 487s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so '' --ca_db=/tmp/sssd-softhsm2-GcvsPX/test-intermediate-CA.pem 487s [p11_child[2218]] [main] (0x0400): p11_child started. 487s [p11_child[2218]] [main] (0x2000): Running in [pre-auth] mode. 487s [p11_child[2218]] [main] (0x2000): Running with effective IDs: [0][0]. 487s [p11_child[2218]] [main] (0x2000): Running with real IDs [0][0]. 487s [p11_child[2218]] [do_card] (0x4000): Module List: 487s [p11_child[2218]] [do_card] (0x4000): common name: [softhsm2]. 487s [p11_child[2218]] [do_card] (0x4000): dll name: [/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 487s [p11_child[2218]] [do_card] (0x4000): Description [SoftHSM slot ID 0x60f18403] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 487s [p11_child[2218]] [do_card] (0x4000): Token label [Test Organization Interme Token]. 487s [p11_child[2218]] [do_card] (0x4000): Found [Test Organization Interme Token] in slot [SoftHSM slot ID 0x60f18403][1626440707] of module [0][/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 487s [p11_child[2218]] [do_card] (0x4000): Login NOT required. 487s [p11_child[2218]] [read_certs] (0x4000): found cert[Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] 487s [p11_child[2218]] [do_verification] (0x0040): X509_verify_cert failed [0]. 487s [p11_child[2218]] [do_verification] (0x0040): X509_verify_cert failed [2][unable to get issuer certificate]. 487s [p11_child[2218]] [read_certs] (0x0040): Certificate [Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] not valid, skipping. 487s [p11_child[2218]] [do_card] (0x4000): No certificate found. 487s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-GcvsPX/SSSD-child-26636.output 487s + return 2 487s + valid_certificate /tmp/sssd-softhsm2-GcvsPX/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-6367 /tmp/sssd-softhsm2-GcvsPX/test-intermediate-CA.pem partial_chain 487s + check_certificate /tmp/sssd-softhsm2-GcvsPX/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-6367 /tmp/sssd-softhsm2-GcvsPX/test-intermediate-CA.pem partial_chain 487s + local certificate=/tmp/sssd-softhsm2-GcvsPX/test-intermediate-CA-trusted-certificate-0001.pem 487s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-6367 487s + local key_ring=/tmp/sssd-softhsm2-GcvsPX/test-intermediate-CA.pem 487s + local verify_option=partial_chain 487s + prepare_softhsm2_card /tmp/sssd-softhsm2-GcvsPX/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-6367 487s + local certificate=/tmp/sssd-softhsm2-GcvsPX/test-intermediate-CA-trusted-certificate-0001.pem 487s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-6367 487s + local key_cn 487s + local key_name 487s + local tokens_dir 487s + local output_cert_file 487s + token_name= 487s ++ basename /tmp/sssd-softhsm2-GcvsPX/test-intermediate-CA-trusted-certificate-0001.pem .pem 487s + key_name=test-intermediate-CA-trusted-certificate-0001 487s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-GcvsPX/test-intermediate-CA-trusted-certificate-0001.pem 487s ++ sed -n 's/ *commonName *= //p' 488s + key_cn='Test Organization Intermediate Trusted Certificate 0001' 488s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 488s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-GcvsPX/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 488s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-GcvsPX/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 488s ++ basename /tmp/sssd-softhsm2-GcvsPX/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf .conf 488s + tokens_dir=/tmp/sssd-softhsm2-GcvsPX/softhsm2-test-intermediate-CA-trusted-certificate-0001 488s + token_name='Test Organization Interme Token' 488s + '[' '!' -e /tmp/sssd-softhsm2-GcvsPX/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf ']' 488s + '[' '!' -d /tmp/sssd-softhsm2-GcvsPX/softhsm2-test-intermediate-CA-trusted-certificate-0001 ']' 488s + echo 'Test Organization Interme Token' 488s Test Organization Interme Token 488s + '[' -n partial_chain ']' 488s + local verify_arg=--verify=partial_chain 488s + local output_base_name=SSSD-child-19847 488s + local output_file=/tmp/sssd-softhsm2-GcvsPX/SSSD-child-19847.output 488s + output_cert_file=/tmp/sssd-softhsm2-GcvsPX/SSSD-child-19847.pem 488s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so --verify=partial_chain --ca_db=/tmp/sssd-softhsm2-GcvsPX/test-intermediate-CA.pem 488s [p11_child[2225]] [main] (0x0400): p11_child started. 488s [p11_child[2225]] [main] (0x2000): Running in [pre-auth] mode. 488s [p11_child[2225]] [main] (0x2000): Running with effective IDs: [0][0]. 488s [p11_child[2225]] [main] (0x2000): Running with real IDs [0][0]. 488s [p11_child[2225]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 488s [p11_child[2225]] [do_card] (0x4000): Module List: 488s [p11_child[2225]] [do_card] (0x4000): common name: [softhsm2]. 488s [p11_child[2225]] [do_card] (0x4000): dll name: [/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 488s [p11_child[2225]] [do_card] (0x4000): Description [SoftHSM slot ID 0x60f18403] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 488s [p11_child[2225]] [do_card] (0x4000): Token label [Test Organization Interme Token]. 488s [p11_child[2225]] [do_card] (0x4000): Found [Test Organization Interme Token] in slot [SoftHSM slot ID 0x60f18403][1626440707] of module [0][/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 488s [p11_child[2225]] [do_card] (0x4000): Login NOT required. 488s [p11_child[2225]] [read_certs] (0x4000): found cert[Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] 488s [p11_child[2225]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 488s [p11_child[2225]] [do_card] (0x4000): /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so (null) Test Organization Interme Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 488s [p11_child[2225]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x60f18403;slot-manufacturer=SoftHSM%20project;slot-id=1626440707;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=2435a958e0f18403;token=Test%20Organization%20Interme%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Intermediate%20Trusted%20Certificate%200001;type=cert. 488s [p11_child[2225]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 488s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-GcvsPX/SSSD-child-19847.output 488s + echo '-----BEGIN CERTIFICATE-----' 488s + tail -n1 /tmp/sssd-softhsm2-GcvsPX/SSSD-child-19847.output 488s + echo '-----END CERTIFICATE-----' 488s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-GcvsPX/SSSD-child-19847.pem 488s Certificate: 488s Data: 488s Version: 3 (0x2) 488s Serial Number: 4 (0x4) 488s Signature Algorithm: sha256WithRSAEncryption 488s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate CA 488s Validity 488s Not Before: Mar 21 04:29:39 2024 GMT 488s Not After : Mar 21 04:29:39 2025 GMT 488s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate Trusted Certificate 0001 488s Subject Public Key Info: 488s Public Key Algorithm: rsaEncryption 488s Public-Key: (1024 bit) 488s Modulus: 488s 00:db:c0:0d:02:33:24:61:23:cf:3d:44:cb:a1:f1: 488s f5:83:a7:a5:f6:f2:2d:95:75:27:be:d0:a6:b9:cd: 488s 58:87:bb:f3:c6:a4:48:4f:8f:d1:6c:f9:43:50:1c: 488s ef:65:c5:d3:4b:6c:95:c6:83:a4:b3:5f:66:32:b5: 488s dc:11:1e:24:42:04:4a:66:60:33:65:7f:b9:eb:4d: 488s bb:2c:da:0c:f7:a6:c1:3f:34:0d:7f:28:1d:4f:71: 488s a9:1e:93:10:14:76:d1:70:07:a8:bb:a3:50:e1:80: 488s 6a:e5:96:43:fa:ac:85:b9:72:24:27:59:a0:91:94: 488s 73:67:8f:df:27:46:48:77:a5 488s Exponent: 65537 (0x10001) 488s X509v3 extensions: 488s X509v3 Authority Key Identifier: 488s 74:FD:D9:A8:9F:82:FD:62:62:80:C5:E2:83:D3:E3:01:CB:15:7A:6A 488s X509v3 Basic Constraints: 488s CA:FALSE 488s Netscape Cert Type: 488s SSL Client, S/MIME 488s Netscape Comment: 488s Test Organization Intermediate CA trusted Certificate 488s X509v3 Subject Key Identifier: 488s 49:12:9B:F7:23:04:01:51:3D:D1:7D:FB:F4:7F:37:C3:66:DF:8E:AB 488s X509v3 Key Usage: critical 488s Digital Signature, Non Repudiation, Key Encipherment 488s X509v3 Extended Key Usage: 488s TLS Web Client Authentication, E-mail Protection 488s X509v3 Subject Alternative Name: 488s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 488s Signature Algorithm: sha256WithRSAEncryption 488s Signature Value: 488s 62:a8:56:c6:2c:e0:ec:0f:17:c6:5b:d7:3a:7e:7d:f0:5c:a6: 488s 85:4a:cb:12:fa:ff:ae:4a:2b:13:8d:4b:2c:0a:96:4a:34:a8: 488s 0e:14:36:66:4a:3e:41:05:2e:cd:0e:8d:e6:fa:9a:6e:61:b7: 488s 78:c8:44:44:ed:eb:c0:87:64:2b:a9:1e:90:58:de:6b:4c:18: 488s 32:49:9e:2a:37:db:0f:46:8e:d2:dc:b5:a8:37:64:fc:04:3f: 488s 10:f3:a2:f4:39:67:27:fa:a3:03:c5:cd:eb:f3:e9:60:d4:8a: 488s 46:90:35:77:de:94:bf:1c:d4:f6:c8:92:27:78:b1:35:b7:9d: 488s 94:6d 488s + local found_md5 expected_md5 488s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-GcvsPX/test-intermediate-CA-trusted-certificate-0001.pem 488s + expected_md5=Modulus=DBC00D0233246123CF3D44CBA1F1F583A7A5F6F22D957527BED0A6B9CD5887BBF3C6A4484F8FD16CF943501CEF65C5D34B6C95C683A4B35F6632B5DC111E2442044A666033657FB9EB4DBB2CDA0CF7A6C13F340D7F281D4F71A91E93101476D17007A8BBA350E1806AE59643FAAC85B972242759A0919473678FDF27464877A5 488s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-GcvsPX/SSSD-child-19847.pem 488s + found_md5=Modulus=DBC00D0233246123CF3D44CBA1F1F583A7A5F6F22D957527BED0A6B9CD5887BBF3C6A4484F8FD16CF943501CEF65C5D34B6C95C683A4B35F6632B5DC111E2442044A666033657FB9EB4DBB2CDA0CF7A6C13F340D7F281D4F71A91E93101476D17007A8BBA350E1806AE59643FAAC85B972242759A0919473678FDF27464877A5 488s + '[' Modulus=DBC00D0233246123CF3D44CBA1F1F583A7A5F6F22D957527BED0A6B9CD5887BBF3C6A4484F8FD16CF943501CEF65C5D34B6C95C683A4B35F6632B5DC111E2442044A666033657FB9EB4DBB2CDA0CF7A6C13F340D7F281D4F71A91E93101476D17007A8BBA350E1806AE59643FAAC85B972242759A0919473678FDF27464877A5 '!=' Modulus=DBC00D0233246123CF3D44CBA1F1F583A7A5F6F22D957527BED0A6B9CD5887BBF3C6A4484F8FD16CF943501CEF65C5D34B6C95C683A4B35F6632B5DC111E2442044A666033657FB9EB4DBB2CDA0CF7A6C13F340D7F281D4F71A91E93101476D17007A8BBA350E1806AE59643FAAC85B972242759A0919473678FDF27464877A5 ']' 488s + output_file=/tmp/sssd-softhsm2-GcvsPX/SSSD-child-19847-auth.output 488s ++ basename /tmp/sssd-softhsm2-GcvsPX/SSSD-child-19847-auth.output .output 488s + output_cert_file=/tmp/sssd-softhsm2-GcvsPX/SSSD-child-19847-auth.pem 488s + echo -n 053350 488s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/tmp/sssd-softhsm2-GcvsPX/test-intermediate-CA.pem --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 --verify=partial_chain --token_name 'Test Organization Interme Token' --module_name /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so 488s [p11_child[2233]] [main] (0x0400): p11_child started. 488s [p11_child[2233]] [main] (0x2000): Running in [auth] mode. 488s [p11_child[2233]] [main] (0x2000): Running with effective IDs: [0][0]. 488s [p11_child[2233]] [main] (0x2000): Running with real IDs [0][0]. 488s [p11_child[2233]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 488s [p11_child[2233]] [do_card] (0x4000): Module List: 488s [p11_child[2233]] [do_card] (0x4000): common name: [softhsm2]. 488s [p11_child[2233]] [do_card] (0x4000): dll name: [/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 488s [p11_child[2233]] [do_card] (0x4000): Description [SoftHSM slot ID 0x60f18403] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 488s [p11_child[2233]] [do_card] (0x4000): Token label [Test Organization Interme Token]. 488s [p11_child[2233]] [do_card] (0x4000): Found [Test Organization Interme Token] in slot [SoftHSM slot ID 0x60f18403][1626440707] of module [0][/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 488s [p11_child[2233]] [do_card] (0x4000): Login required. 488s [p11_child[2233]] [read_certs] (0x4000): found cert[Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] 488s [p11_child[2233]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 488s [p11_child[2233]] [do_card] (0x4000): /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so Test Organization Interme Token Test Organization Interme Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 488s [p11_child[2233]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x60f18403;slot-manufacturer=SoftHSM%20project;slot-id=1626440707;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=2435a958e0f18403;token=Test%20Organization%20Interme%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Intermediate%20Trusted%20Certificate%200001;type=cert. 488s [p11_child[2233]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 488s [p11_child[2233]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 488s [p11_child[2233]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 488s [p11_child[2233]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 488s [p11_child[2233]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 488s [p11_child[2233]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 488s [p11_child[2233]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 488s [p11_child[2233]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 488s [p11_child[2233]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 488s [p11_child[2233]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 488s [p11_child[2233]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 488s [p11_child[2233]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 488s [p11_child[2233]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 488s [p11_child[2233]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 488s [p11_child[2233]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 488s [p11_child[2233]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 488s [p11_child[2233]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 488s [p11_child[2233]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 488s [p11_child[2233]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 488s [p11_child[2233]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 488s [p11_child[2233]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 488s [p11_child[2233]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 488s [p11_child[2233]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 488s [p11_child[2233]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 488s [p11_child[2233]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 488s [p11_child[2233]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 488s [p11_child[2233]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 488s [p11_child[2233]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 488s [p11_child[2233]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 488s [p11_child[2233]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 488s [p11_child[2233]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 488s [p11_child[2233]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 488s [p11_child[2233]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 488s [p11_child[2233]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 488s [p11_child[2233]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 488s [p11_child[2233]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 488s [p11_child[2233]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 488s [p11_child[2233]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 488s [p11_child[2233]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 488s [p11_child[2233]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 488s [p11_child[2233]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 488s [p11_child[2233]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 488s [p11_child[2233]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 488s [p11_child[2233]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 488s [p11_child[2233]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 488s [p11_child[2233]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 488s [p11_child[2233]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 488s [p11_child[2233]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 488s [p11_child[2233]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 488s [p11_child[2233]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 488s [p11_child[2233]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 488s [p11_child[2233]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 488s [p11_child[2233]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 488s [p11_child[2233]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 488s [p11_child[2233]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 488s [p11_child[2233]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 488s [p11_child[2233]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 488s [p11_child[2233]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 488s [p11_child[2233]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 488s [p11_child[2233]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 488s [p11_child[2233]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 488s [p11_child[2233]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 488s [p11_child[2233]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 488s [p11_child[2233]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 488s [p11_child[2233]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 488s [p11_child[2233]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 488s [p11_child[2233]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 488s [p11_child[2233]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 488s [p11_child[2233]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 488s [p11_child[2233]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 488s [p11_child[2233]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 488s [p11_child[2233]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 488s [p11_child[2233]] [do_card] (0x4000): Certificate verified and validated. 488s [p11_child[2233]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 488s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-GcvsPX/SSSD-child-19847-auth.output 488s + echo '-----BEGIN CERTIFICATE-----' 488s + tail -n1 /tmp/sssd-softhsm2-GcvsPX/SSSD-child-19847-auth.output 488s + echo '-----END CERTIFICATE-----' 488s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-GcvsPX/SSSD-child-19847-auth.pem 488s Certificate: 488s Data: 488s Version: 3 (0x2) 488s Serial Number: 4 (0x4) 488s Signature Algorithm: sha256WithRSAEncryption 488s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate CA 488s Validity 488s Not Before: Mar 21 04:29:39 2024 GMT 488s Not After : Mar 21 04:29:39 2025 GMT 488s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate Trusted Certificate 0001 488s Subject Public Key Info: 488s Public Key Algorithm: rsaEncryption 488s Public-Key: (1024 bit) 488s Modulus: 488s 00:db:c0:0d:02:33:24:61:23:cf:3d:44:cb:a1:f1: 488s f5:83:a7:a5:f6:f2:2d:95:75:27:be:d0:a6:b9:cd: 488s 58:87:bb:f3:c6:a4:48:4f:8f:d1:6c:f9:43:50:1c: 488s ef:65:c5:d3:4b:6c:95:c6:83:a4:b3:5f:66:32:b5: 488s dc:11:1e:24:42:04:4a:66:60:33:65:7f:b9:eb:4d: 488s bb:2c:da:0c:f7:a6:c1:3f:34:0d:7f:28:1d:4f:71: 488s a9:1e:93:10:14:76:d1:70:07:a8:bb:a3:50:e1:80: 488s 6a:e5:96:43:fa:ac:85:b9:72:24:27:59:a0:91:94: 488s 73:67:8f:df:27:46:48:77:a5 488s Exponent: 65537 (0x10001) 488s X509v3 extensions: 488s X509v3 Authority Key Identifier: 488s 74:FD:D9:A8:9F:82:FD:62:62:80:C5:E2:83:D3:E3:01:CB:15:7A:6A 488s X509v3 Basic Constraints: 488s CA:FALSE 488s Netscape Cert Type: 488s SSL Client, S/MIME 488s Netscape Comment: 488s Test Organization Intermediate CA trusted Certificate 488s X509v3 Subject Key Identifier: 488s 49:12:9B:F7:23:04:01:51:3D:D1:7D:FB:F4:7F:37:C3:66:DF:8E:AB 488s X509v3 Key Usage: critical 488s Digital Signature, Non Repudiation, Key Encipherment 488s X509v3 Extended Key Usage: 488s TLS Web Client Authentication, E-mail Protection 488s X509v3 Subject Alternative Name: 488s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 488s Signature Algorithm: sha256WithRSAEncryption 488s Signature Value: 488s 62:a8:56:c6:2c:e0:ec:0f:17:c6:5b:d7:3a:7e:7d:f0:5c:a6: 488s 85:4a:cb:12:fa:ff:ae:4a:2b:13:8d:4b:2c:0a:96:4a:34:a8: 488s 0e:14:36:66:4a:3e:41:05:2e:cd:0e:8d:e6:fa:9a:6e:61:b7: 488s 78:c8:44:44:ed:eb:c0:87:64:2b:a9:1e:90:58:de:6b:4c:18: 488s 32:49:9e:2a:37:db:0f:46:8e:d2:dc:b5:a8:37:64:fc:04:3f: 488s 10:f3:a2:f4:39:67:27:fa:a3:03:c5:cd:eb:f3:e9:60:d4:8a: 488s 46:90:35:77:de:94:bf:1c:d4:f6:c8:92:27:78:b1:35:b7:9d: 488s 94:6d 488s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-GcvsPX/SSSD-child-19847-auth.pem 488s + found_md5=Modulus=DBC00D0233246123CF3D44CBA1F1F583A7A5F6F22D957527BED0A6B9CD5887BBF3C6A4484F8FD16CF943501CEF65C5D34B6C95C683A4B35F6632B5DC111E2442044A666033657FB9EB4DBB2CDA0CF7A6C13F340D7F281D4F71A91E93101476D17007A8BBA350E1806AE59643FAAC85B972242759A0919473678FDF27464877A5 488s + '[' Modulus=DBC00D0233246123CF3D44CBA1F1F583A7A5F6F22D957527BED0A6B9CD5887BBF3C6A4484F8FD16CF943501CEF65C5D34B6C95C683A4B35F6632B5DC111E2442044A666033657FB9EB4DBB2CDA0CF7A6C13F340D7F281D4F71A91E93101476D17007A8BBA350E1806AE59643FAAC85B972242759A0919473678FDF27464877A5 '!=' Modulus=DBC00D0233246123CF3D44CBA1F1F583A7A5F6F22D957527BED0A6B9CD5887BBF3C6A4484F8FD16CF943501CEF65C5D34B6C95C683A4B35F6632B5DC111E2442044A666033657FB9EB4DBB2CDA0CF7A6C13F340D7F281D4F71A91E93101476D17007A8BBA350E1806AE59643FAAC85B972242759A0919473678FDF27464877A5 ']' 488s + invalid_certificate /tmp/sssd-softhsm2-GcvsPX/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-24609 /tmp/sssd-softhsm2-GcvsPX/test-root-CA.pem 488s + check_certificate /tmp/sssd-softhsm2-GcvsPX/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-24609 /tmp/sssd-softhsm2-GcvsPX/test-root-CA.pem 488s + local certificate=/tmp/sssd-softhsm2-GcvsPX/test-sub-intermediate-CA-trusted-certificate-0001.pem 488s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-24609 488s + local key_ring=/tmp/sssd-softhsm2-GcvsPX/test-root-CA.pem 488s + local verify_option= 488s + prepare_softhsm2_card /tmp/sssd-softhsm2-GcvsPX/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-24609 488s + local certificate=/tmp/sssd-softhsm2-GcvsPX/test-sub-intermediate-CA-trusted-certificate-0001.pem 488s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-24609 488s + local key_cn 488s + local key_name 488s + local tokens_dir 488s + local output_cert_file 488s + token_name= 488s ++ basename /tmp/sssd-softhsm2-GcvsPX/test-sub-intermediate-CA-trusted-certificate-0001.pem .pem 488s + key_name=test-sub-intermediate-CA-trusted-certificate-0001 488s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-GcvsPX/test-sub-intermediate-CA-trusted-certificate-0001.pem 488s ++ sed -n 's/ *commonName *= //p' 488s + key_cn='Test Organization Sub Intermediate Trusted Certificate 0001' 488s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 488s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-GcvsPX/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 488s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-GcvsPX/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 488s ++ basename /tmp/sssd-softhsm2-GcvsPX/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf .conf 488s + tokens_dir=/tmp/sssd-softhsm2-GcvsPX/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 488s + token_name='Test Organization Sub Int Token' 488s + '[' '!' -e /tmp/sssd-softhsm2-GcvsPX/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf ']' 488s + local key_file 488s + local decrypted_key 488s + mkdir -p /tmp/sssd-softhsm2-GcvsPX/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 488s + key_file=/tmp/sssd-softhsm2-GcvsPX/test-sub-intermediate-CA-trusted-certificate-0001-key.pem 488s + decrypted_key=/tmp/sssd-softhsm2-GcvsPX/test-sub-intermediate-CA-trusted-certificate-0001-key-decrypted.pem 488s + cat 488s + softhsm2-util --init-token --label 'Test Organization Sub Int Token' --pin 053350 --so-pin 053350 --free 488s Slot 0 has a free/uninitialized token. 488s The token has been initialized and is reassigned to slot 1512321962 488s + softhsm2-util --show-slots 488s Available slots: 488s Slot 1512321962 488s Slot info: 488s Description: SoftHSM slot ID 0x5a2433aa 488s Manufacturer ID: SoftHSM project 488s Hardware version: 2.6 488s Firmware version: 2.6 488s Token present: yes 488s Token info: 488s Manufacturer ID: SoftHSM project 488s Model: SoftHSM v2 488s Hardware version: 2.6 488s Firmware version: 2.6 488s Serial number: 1d8268625a2433aa 488s Initialized: yes 488s User PIN init.: yes 488s Label: Test Organization Sub Int Token 488s Slot 1 488s Slot info: 488s Description: SoftHSM slot ID 0x1 488s Manufacturer ID: SoftHSM project 488s Hardware version: 2.6 488s Firmware version: 2.6 488s Token present: yes 488s Token info: 488s Manufacturer ID: SoftHSM project 488s Model: SoftHSM v2 488s Hardware version: 2.6 488s Firmware version: 2.6 488s Serial number: 488s Initialized: no 488s User PIN init.: no 488s Label: 488s + p11tool --provider=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so --write --no-mark-private --load-certificate=/tmp/sssd-softhsm2-GcvsPX/test-sub-intermediate-CA-trusted-certificate-0001.pem --login --set-pin=053350 --label 'Test Organization Sub Intermediate Trusted Certificate 0001' --id 00112233445566778899FFAABBCCDDEEFF012345 488s + openssl rsa -passin pass:random-sub-intermediate-ca-trusted-cert-0001-24609 -in /tmp/sssd-softhsm2-GcvsPX/test-sub-intermediate-CA-trusted-certificate-0001-key.pem -out /tmp/sssd-softhsm2-GcvsPX/test-sub-intermediate-CA-trusted-certificate-0001-key-decrypted.pem 488s writing RSA key 488s + p11tool --provider=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so --write --load-privkey=/tmp/sssd-softhsm2-GcvsPX/test-sub-intermediate-CA-trusted-certificate-0001-key-decrypted.pem --login --set-pin=053350 --label 'Test Organization Sub Intermediate Trusted Certificate 0001 Key' --id 00112233445566778899FFAABBCCDDEEFF012345 488s + rm /tmp/sssd-softhsm2-GcvsPX/test-sub-intermediate-CA-trusted-certificate-0001-key-decrypted.pem 488s + p11tool --provider=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so --list-all 488s Object 0: 488s URL: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=1d8268625a2433aa;token=Test%20Organization%20Sub%20Int%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Sub%20Intermediate%20Trusted%20Certificate%200001;type=cert 488s Type: X.509 Certificate (RSA-1024) 488s Expires: Fri Mar 21 04:29:39 2025 488s Label: Test Organization Sub Intermediate Trusted Certificate 0001 488s ID: 00:11:22:33:44:55:66:77:88:99:ff:aa:bb:cc:dd:ee:ff:01:23:45 488s 488s Test Organization Sub Int Token 488s + echo 'Test Organization Sub Int Token' 488s + '[' -n '' ']' 488s + local output_base_name=SSSD-child-20563 488s + local output_file=/tmp/sssd-softhsm2-GcvsPX/SSSD-child-20563.output 488s + output_cert_file=/tmp/sssd-softhsm2-GcvsPX/SSSD-child-20563.pem 488s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so '' --ca_db=/tmp/sssd-softhsm2-GcvsPX/test-root-CA.pem 488s [p11_child[2255]] [main] (0x0400): p11_child started. 488s [p11_child[2255]] [main] (0x2000): Running in [pre-auth] mode. 488s [p11_child[2255]] [main] (0x2000): Running with effective IDs: [0][0]. 488s [p11_child[2255]] [main] (0x2000): Running with real IDs [0][0]. 488s [p11_child[2255]] [do_card] (0x4000): Module List: 488s [p11_child[2255]] [do_card] (0x4000): common name: [softhsm2]. 488s [p11_child[2255]] [do_card] (0x4000): dll name: [/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 488s [p11_child[2255]] [do_card] (0x4000): Description [SoftHSM slot ID 0x5a2433aa] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 488s [p11_child[2255]] [do_card] (0x4000): Token label [Test Organization Sub Int Token]. 488s [p11_child[2255]] [do_card] (0x4000): Found [Test Organization Sub Int Token] in slot [SoftHSM slot ID 0x5a2433aa][1512321962] of module [0][/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 488s [p11_child[2255]] [do_card] (0x4000): Login NOT required. 488s [p11_child[2255]] [read_certs] (0x4000): found cert[Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] 488s [p11_child[2255]] [do_verification] (0x0040): X509_verify_cert failed [0]. 488s [p11_child[2255]] [do_verification] (0x0040): X509_verify_cert failed [20][unable to get local issuer certificate]. 488s [p11_child[2255]] [read_certs] (0x0040): Certificate [Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] not valid, skipping. 488s [p11_child[2255]] [do_card] (0x4000): No certificate found. 488s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-GcvsPX/SSSD-child-20563.output 488s + return 2 488s + invalid_certificate /tmp/sssd-softhsm2-GcvsPX/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-24609 /tmp/sssd-softhsm2-GcvsPX/test-root-CA.pem partial_chain 488s + check_certificate /tmp/sssd-softhsm2-GcvsPX/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-24609 /tmp/sssd-softhsm2-GcvsPX/test-root-CA.pem partial_chain 488s + local certificate=/tmp/sssd-softhsm2-GcvsPX/test-sub-intermediate-CA-trusted-certificate-0001.pem 488s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-24609 488s + local key_ring=/tmp/sssd-softhsm2-GcvsPX/test-root-CA.pem 488s + local verify_option=partial_chain 488s + prepare_softhsm2_card /tmp/sssd-softhsm2-GcvsPX/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-24609 488s + local certificate=/tmp/sssd-softhsm2-GcvsPX/test-sub-intermediate-CA-trusted-certificate-0001.pem 488s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-24609 488s + local key_cn 488s + local key_name 488s + local tokens_dir 488s + local output_cert_file 488s + token_name= 488s ++ basename /tmp/sssd-softhsm2-GcvsPX/test-sub-intermediate-CA-trusted-certificate-0001.pem .pem 488s + key_name=test-sub-intermediate-CA-trusted-certificate-0001 488s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-GcvsPX/test-sub-intermediate-CA-trusted-certificate-0001.pem 488s ++ sed -n 's/ *commonName *= //p' 488s + key_cn='Test Organization Sub Intermediate Trusted Certificate 0001' 488s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 488s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-GcvsPX/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 488s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-GcvsPX/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 488s ++ basename /tmp/sssd-softhsm2-GcvsPX/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf .conf 488s + tokens_dir=/tmp/sssd-softhsm2-GcvsPX/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 488s + token_name='Test Organization Sub Int Token' 488s + '[' '!' -e /tmp/sssd-softhsm2-GcvsPX/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf ']' 488s + '[' '!' -d /tmp/sssd-softhsm2-GcvsPX/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 ']' 488s + echo 'Test Organization Sub Int Token' 488s Test Organization Sub Int Token 488s + '[' -n partial_chain ']' 488s + local verify_arg=--verify=partial_chain 488s + local output_base_name=SSSD-child-24571 488s + local output_file=/tmp/sssd-softhsm2-GcvsPX/SSSD-child-24571.output 488s + output_cert_file=/tmp/sssd-softhsm2-GcvsPX/SSSD-child-24571.pem 488s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so --verify=partial_chain --ca_db=/tmp/sssd-softhsm2-GcvsPX/test-root-CA.pem 488s [p11_child[2262]] [main] (0x0400): p11_child started. 488s [p11_child[2262]] [main] (0x2000): Running in [pre-auth] mode. 488s [p11_child[2262]] [main] (0x2000): Running with effective IDs: [0][0]. 488s [p11_child[2262]] [main] (0x2000): Running with real IDs [0][0]. 488s [p11_child[2262]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 488s [p11_child[2262]] [do_card] (0x4000): Module List: 488s [p11_child[2262]] [do_card] (0x4000): common name: [softhsm2]. 488s [p11_child[2262]] [do_card] (0x4000): dll name: [/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 488s [p11_child[2262]] [do_card] (0x4000): Description [SoftHSM slot ID 0x5a2433aa] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 488s [p11_child[2262]] [do_card] (0x4000): Token label [Test Organization Sub Int Token]. 488s [p11_child[2262]] [do_card] (0x4000): Found [Test Organization Sub Int Token] in slot [SoftHSM slot ID 0x5a2433aa][1512321962] of module [0][/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 488s [p11_child[2262]] [do_card] (0x4000): Login NOT required. 488s [p11_child[2262]] [read_certs] (0x4000): found cert[Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] 488s [p11_child[2262]] [do_verification] (0x0040): X509_verify_cert failed [0]. 488s [p11_child[2262]] [do_verification] (0x0040): X509_verify_cert failed [20][unable to get local issuer certificate]. 488s [p11_child[2262]] [read_certs] (0x0040): Certificate [Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] not valid, skipping. 488s [p11_child[2262]] [do_card] (0x4000): No certificate found. 488s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-GcvsPX/SSSD-child-24571.output 488s + return 2 488s + valid_certificate /tmp/sssd-softhsm2-GcvsPX/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-24609 /tmp/sssd-softhsm2-GcvsPX/test-full-chain-CA.pem 488s + check_certificate /tmp/sssd-softhsm2-GcvsPX/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-24609 /tmp/sssd-softhsm2-GcvsPX/test-full-chain-CA.pem 488s + local certificate=/tmp/sssd-softhsm2-GcvsPX/test-sub-intermediate-CA-trusted-certificate-0001.pem 488s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-24609 488s + local key_ring=/tmp/sssd-softhsm2-GcvsPX/test-full-chain-CA.pem 488s + local verify_option= 488s + prepare_softhsm2_card /tmp/sssd-softhsm2-GcvsPX/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-24609 488s + local certificate=/tmp/sssd-softhsm2-GcvsPX/test-sub-intermediate-CA-trusted-certificate-0001.pem 488s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-24609 488s + local key_cn 488s + local key_name 488s + local tokens_dir 488s + local output_cert_file 488s + token_name= 488s ++ basename /tmp/sssd-softhsm2-GcvsPX/test-sub-intermediate-CA-trusted-certificate-0001.pem .pem 488s + key_name=test-sub-intermediate-CA-trusted-certificate-0001 488s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-GcvsPX/test-sub-intermediate-CA-trusted-certificate-0001.pem 488s ++ sed -n 's/ *commonName *= //p' 488s + key_cn='Test Organization Sub Intermediate Trusted Certificate 0001' 488s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 488s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-GcvsPX/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 488s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-GcvsPX/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 488s ++ basename /tmp/sssd-softhsm2-GcvsPX/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf .conf 488s + tokens_dir=/tmp/sssd-softhsm2-GcvsPX/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 488s Test Organization Sub Int Token 488s + token_name='Test Organization Sub Int Token' 488s + '[' '!' -e /tmp/sssd-softhsm2-GcvsPX/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf ']' 488s + '[' '!' -d /tmp/sssd-softhsm2-GcvsPX/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 ']' 488s + echo 'Test Organization Sub Int Token' 488s + '[' -n '' ']' 488s + local output_base_name=SSSD-child-29183 488s + local output_file=/tmp/sssd-softhsm2-GcvsPX/SSSD-child-29183.output 488s + output_cert_file=/tmp/sssd-softhsm2-GcvsPX/SSSD-child-29183.pem 488s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so '' --ca_db=/tmp/sssd-softhsm2-GcvsPX/test-full-chain-CA.pem 488s [p11_child[2269]] [main] (0x0400): p11_child started. 488s [p11_child[2269]] [main] (0x2000): Running in [pre-auth] mode. 488s [p11_child[2269]] [main] (0x2000): Running with effective IDs: [0][0]. 488s [p11_child[2269]] [main] (0x2000): Running with real IDs [0][0]. 488s [p11_child[2269]] [do_card] (0x4000): Module List: 488s [p11_child[2269]] [do_card] (0x4000): common name: [softhsm2]. 488s [p11_child[2269]] [do_card] (0x4000): dll name: [/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 488s [p11_child[2269]] [do_card] (0x4000): Description [SoftHSM slot ID 0x5a2433aa] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 488s [p11_child[2269]] [do_card] (0x4000): Token label [Test Organization Sub Int Token]. 488s [p11_child[2269]] [do_card] (0x4000): Found [Test Organization Sub Int Token] in slot [SoftHSM slot ID 0x5a2433aa][1512321962] of module [0][/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 488s [p11_child[2269]] [do_card] (0x4000): Login NOT required. 488s [p11_child[2269]] [read_certs] (0x4000): found cert[Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] 488s [p11_child[2269]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 488s [p11_child[2269]] [do_card] (0x4000): /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so (null) Test Organization Sub Int Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 488s [p11_child[2269]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x5a2433aa;slot-manufacturer=SoftHSM%20project;slot-id=1512321962;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=1d8268625a2433aa;token=Test%20Organization%20Sub%20Int%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Sub%20Intermediate%20Trusted%20Certificate%200001;type=cert. 488s [p11_child[2269]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 488s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-GcvsPX/SSSD-child-29183.output 488s + echo '-----BEGIN CERTIFICATE-----' 488s + tail -n1 /tmp/sssd-softhsm2-GcvsPX/SSSD-child-29183.output 488s + echo '-----END CERTIFICATE-----' 488s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-GcvsPX/SSSD-child-29183.pem 488s Certificate: 488s Data: 488s Version: 3 (0x2) 488s Serial Number: 5 (0x5) 488s Signature Algorithm: sha256WithRSAEncryption 488s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate CA 488s Validity 488s Not Before: Mar 21 04:29:39 2024 GMT 488s Not After : Mar 21 04:29:39 2025 GMT 488s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate Trusted Certificate 0001 488s Subject Public Key Info: 488s Public Key Algorithm: rsaEncryption 488s Public-Key: (1024 bit) 488s Modulus: 488s 00:da:8d:8b:49:cb:20:9a:81:7a:e7:c6:d8:32:bd: 488s 5d:52:85:75:b2:06:77:4b:51:d8:c5:ec:60:c4:d7: 488s 94:91:24:23:9f:82:6c:76:ff:8e:3a:06:b3:a5:35: 488s b6:16:54:03:6a:ae:b9:7b:34:c7:f3:b6:5b:62:91: 488s d3:8d:f6:25:25:f5:a1:15:17:01:df:0b:f3:31:72: 488s 5c:da:aa:99:39:39:2d:89:51:45:50:63:d7:e1:45: 488s 15:04:de:2a:bc:13:f8:22:3e:8b:3d:70:44:87:64: 488s aa:4f:de:c2:5e:ed:fb:aa:b0:26:15:de:a3:cc:06: 488s 5f:d6:3f:0b:40:59:67:93:d5 488s Exponent: 65537 (0x10001) 488s X509v3 extensions: 488s X509v3 Authority Key Identifier: 488s A4:AB:CC:91:E8:43:9F:7A:94:C1:64:41:93:66:F5:7A:17:5E:DF:32 488s X509v3 Basic Constraints: 488s CA:FALSE 488s Netscape Cert Type: 488s SSL Client, S/MIME 488s Netscape Comment: 488s Test Organization Sub Intermediate CA trusted Certificate 488s X509v3 Subject Key Identifier: 488s A1:F4:56:C2:30:56:60:54:98:98:E6:CC:EF:05:80:F9:FD:97:90:DC 488s X509v3 Key Usage: critical 488s Digital Signature, Non Repudiation, Key Encipherment 488s X509v3 Extended Key Usage: 488s TLS Web Client Authentication, E-mail Protection 488s X509v3 Subject Alternative Name: 488s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 488s Signature Algorithm: sha256WithRSAEncryption 488s Signature Value: 488s d5:6d:a6:1c:d9:90:0c:15:d8:19:3d:2b:63:d2:75:fe:f9:b0: 488s 2c:60:26:07:0a:f5:2e:77:e5:6b:68:11:3b:20:0c:00:5a:84: 488s 09:70:dd:48:28:ac:d1:53:fd:f3:77:ca:f1:6a:fe:5f:e4:e5: 488s b8:07:95:5d:f7:ba:ad:eb:8a:a4:de:ac:21:1d:9e:6b:c4:a9: 488s 7c:87:a9:6c:b2:7c:a0:8d:0a:a0:4a:83:60:96:2f:f7:d2:59: 488s 91:e4:d1:16:4e:e6:d8:8e:1e:d1:5a:0f:b1:f8:98:f5:42:bb: 488s e0:6a:b2:1b:f2:4b:36:1a:03:a8:b6:9e:cc:89:6d:f9:84:d6: 488s a7:c8 488s + local found_md5 expected_md5 488s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-GcvsPX/test-sub-intermediate-CA-trusted-certificate-0001.pem 488s + expected_md5=Modulus=DA8D8B49CB209A817AE7C6D832BD5D528575B206774B51D8C5EC60C4D7949124239F826C76FF8E3A06B3A535B61654036AAEB97B34C7F3B65B6291D38DF62525F5A1151701DF0BF331725CDAAA9939392D8951455063D7E1451504DE2ABC13F8223E8B3D70448764AA4FDEC25EEDFBAAB02615DEA3CC065FD63F0B40596793D5 488s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-GcvsPX/SSSD-child-29183.pem 488s + found_md5=Modulus=DA8D8B49CB209A817AE7C6D832BD5D528575B206774B51D8C5EC60C4D7949124239F826C76FF8E3A06B3A535B61654036AAEB97B34C7F3B65B6291D38DF62525F5A1151701DF0BF331725CDAAA9939392D8951455063D7E1451504DE2ABC13F8223E8B3D70448764AA4FDEC25EEDFBAAB02615DEA3CC065FD63F0B40596793D5 488s + '[' Modulus=DA8D8B49CB209A817AE7C6D832BD5D528575B206774B51D8C5EC60C4D7949124239F826C76FF8E3A06B3A535B61654036AAEB97B34C7F3B65B6291D38DF62525F5A1151701DF0BF331725CDAAA9939392D8951455063D7E1451504DE2ABC13F8223E8B3D70448764AA4FDEC25EEDFBAAB02615DEA3CC065FD63F0B40596793D5 '!=' Modulus=DA8D8B49CB209A817AE7C6D832BD5D528575B206774B51D8C5EC60C4D7949124239F826C76FF8E3A06B3A535B61654036AAEB97B34C7F3B65B6291D38DF62525F5A1151701DF0BF331725CDAAA9939392D8951455063D7E1451504DE2ABC13F8223E8B3D70448764AA4FDEC25EEDFBAAB02615DEA3CC065FD63F0B40596793D5 ']' 488s + output_file=/tmp/sssd-softhsm2-GcvsPX/SSSD-child-29183-auth.output 488s ++ basename /tmp/sssd-softhsm2-GcvsPX/SSSD-child-29183-auth.output .output 488s + output_cert_file=/tmp/sssd-softhsm2-GcvsPX/SSSD-child-29183-auth.pem 488s + echo -n 053350 488s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/tmp/sssd-softhsm2-GcvsPX/test-full-chain-CA.pem --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 '' --token_name 'Test Organization Sub Int Token' --module_name /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so 488s [p11_child[2277]] [main] (0x0400): p11_child started. 488s [p11_child[2277]] [main] (0x2000): Running in [auth] mode. 488s [p11_child[2277]] [main] (0x2000): Running with effective IDs: [0][0]. 488s [p11_child[2277]] [main] (0x2000): Running with real IDs [0][0]. 488s [p11_child[2277]] [do_card] (0x4000): Module List: 488s [p11_child[2277]] [do_card] (0x4000): common name: [softhsm2]. 488s [p11_child[2277]] [do_card] (0x4000): dll name: [/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 488s [p11_child[2277]] [do_card] (0x4000): Description [SoftHSM slot ID 0x5a2433aa] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 488s [p11_child[2277]] [do_card] (0x4000): Token label [Test Organization Sub Int Token]. 488s [p11_child[2277]] [do_card] (0x4000): Found [Test Organization Sub Int Token] in slot [SoftHSM slot ID 0x5a2433aa][1512321962] of module [0][/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 488s [p11_child[2277]] [do_card] (0x4000): Login required. 488s [p11_child[2277]] [read_certs] (0x4000): found cert[Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] 488s [p11_child[2277]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 488s [p11_child[2277]] [do_card] (0x4000): /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so Test Organization Sub Int Token Test Organization Sub Int Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 488s [p11_child[2277]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x5a2433aa;slot-manufacturer=SoftHSM%20project;slot-id=1512321962;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=1d8268625a2433aa;token=Test%20Organization%20Sub%20Int%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Sub%20Intermediate%20Trusted%20Certificate%200001;type=cert. 488s [p11_child[2277]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 488s [p11_child[2277]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 488s [p11_child[2277]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 488s [p11_child[2277]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 488s [p11_child[2277]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 488s [p11_child[2277]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 488s [p11_child[2277]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 488s [p11_child[2277]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 488s [p11_child[2277]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 488s [p11_child[2277]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 488s [p11_child[2277]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 488s [p11_child[2277]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 488s [p11_child[2277]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 488s [p11_child[2277]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 488s [p11_child[2277]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 488s [p11_child[2277]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 488s [p11_child[2277]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 488s [p11_child[2277]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 488s [p11_child[2277]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 488s [p11_child[2277]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 488s [p11_child[2277]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 488s [p11_child[2277]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 488s [p11_child[2277]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 488s [p11_child[2277]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 488s [p11_child[2277]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 488s [p11_child[2277]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 488s [p11_child[2277]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 488s [p11_child[2277]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 488s [p11_child[2277]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 488s [p11_child[2277]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 488s [p11_child[2277]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 488s [p11_child[2277]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 488s [p11_child[2277]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 488s [p11_child[2277]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 488s [p11_child[2277]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 488s [p11_child[2277]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 488s [p11_child[2277]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 488s [p11_child[2277]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 488s [p11_child[2277]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 488s [p11_child[2277]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 488s [p11_child[2277]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 488s [p11_child[2277]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 488s [p11_child[2277]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 488s [p11_child[2277]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 488s [p11_child[2277]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 488s [p11_child[2277]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 488s [p11_child[2277]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 488s [p11_child[2277]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 488s [p11_child[2277]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 488s [p11_child[2277]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 488s [p11_child[2277]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 488s [p11_child[2277]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 488s [p11_child[2277]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 488s [p11_child[2277]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 488s [p11_child[2277]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 488s [p11_child[2277]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 488s [p11_child[2277]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 488s [p11_child[2277]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 488s [p11_child[2277]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 488s [p11_child[2277]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 488s [p11_child[2277]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 488s [p11_child[2277]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 488s [p11_child[2277]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 488s [p11_child[2277]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 488s [p11_child[2277]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 488s [p11_child[2277]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 488s [p11_child[2277]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 488s [p11_child[2277]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 488s [p11_child[2277]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 488s [p11_child[2277]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 488s [p11_child[2277]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 488s [p11_child[2277]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 488s [p11_child[2277]] [do_card] (0x4000): Certificate verified and validated. 488s [p11_child[2277]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 488s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-GcvsPX/SSSD-child-29183-auth.output 488s + echo '-----BEGIN CERTIFICATE-----' 488s + tail -n1 /tmp/sssd-softhsm2-GcvsPX/SSSD-child-29183-auth.output 488s + echo '-----END CERTIFICATE-----' 488s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-GcvsPX/SSSD-child-29183-auth.pem 488s Certificate: 488s Data: 488s Version: 3 (0x2) 488s Serial Number: 5 (0x5) 488s Signature Algorithm: sha256WithRSAEncryption 488s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate CA 488s Validity 488s Not Before: Mar 21 04:29:39 2024 GMT 488s Not After : Mar 21 04:29:39 2025 GMT 488s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate Trusted Certificate 0001 488s Subject Public Key Info: 488s Public Key Algorithm: rsaEncryption 488s Public-Key: (1024 bit) 488s Modulus: 488s 00:da:8d:8b:49:cb:20:9a:81:7a:e7:c6:d8:32:bd: 488s 5d:52:85:75:b2:06:77:4b:51:d8:c5:ec:60:c4:d7: 488s 94:91:24:23:9f:82:6c:76:ff:8e:3a:06:b3:a5:35: 488s b6:16:54:03:6a:ae:b9:7b:34:c7:f3:b6:5b:62:91: 488s d3:8d:f6:25:25:f5:a1:15:17:01:df:0b:f3:31:72: 488s 5c:da:aa:99:39:39:2d:89:51:45:50:63:d7:e1:45: 488s 15:04:de:2a:bc:13:f8:22:3e:8b:3d:70:44:87:64: 488s aa:4f:de:c2:5e:ed:fb:aa:b0:26:15:de:a3:cc:06: 488s 5f:d6:3f:0b:40:59:67:93:d5 488s Exponent: 65537 (0x10001) 488s X509v3 extensions: 488s X509v3 Authority Key Identifier: 488s A4:AB:CC:91:E8:43:9F:7A:94:C1:64:41:93:66:F5:7A:17:5E:DF:32 488s X509v3 Basic Constraints: 488s CA:FALSE 488s Netscape Cert Type: 488s SSL Client, S/MIME 488s Netscape Comment: 488s Test Organization Sub Intermediate CA trusted Certificate 488s X509v3 Subject Key Identifier: 488s A1:F4:56:C2:30:56:60:54:98:98:E6:CC:EF:05:80:F9:FD:97:90:DC 488s X509v3 Key Usage: critical 488s Digital Signature, Non Repudiation, Key Encipherment 488s X509v3 Extended Key Usage: 488s TLS Web Client Authentication, E-mail Protection 488s X509v3 Subject Alternative Name: 488s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 488s Signature Algorithm: sha256WithRSAEncryption 488s Signature Value: 488s d5:6d:a6:1c:d9:90:0c:15:d8:19:3d:2b:63:d2:75:fe:f9:b0: 488s 2c:60:26:07:0a:f5:2e:77:e5:6b:68:11:3b:20:0c:00:5a:84: 488s 09:70:dd:48:28:ac:d1:53:fd:f3:77:ca:f1:6a:fe:5f:e4:e5: 488s b8:07:95:5d:f7:ba:ad:eb:8a:a4:de:ac:21:1d:9e:6b:c4:a9: 488s 7c:87:a9:6c:b2:7c:a0:8d:0a:a0:4a:83:60:96:2f:f7:d2:59: 488s 91:e4:d1:16:4e:e6:d8:8e:1e:d1:5a:0f:b1:f8:98:f5:42:bb: 488s e0:6a:b2:1b:f2:4b:36:1a:03:a8:b6:9e:cc:89:6d:f9:84:d6: 488s a7:c8 488s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-GcvsPX/SSSD-child-29183-auth.pem 488s + found_md5=Modulus=DA8D8B49CB209A817AE7C6D832BD5D528575B206774B51D8C5EC60C4D7949124239F826C76FF8E3A06B3A535B61654036AAEB97B34C7F3B65B6291D38DF62525F5A1151701DF0BF331725CDAAA9939392D8951455063D7E1451504DE2ABC13F8223E8B3D70448764AA4FDEC25EEDFBAAB02615DEA3CC065FD63F0B40596793D5 488s + '[' Modulus=DA8D8B49CB209A817AE7C6D832BD5D528575B206774B51D8C5EC60C4D7949124239F826C76FF8E3A06B3A535B61654036AAEB97B34C7F3B65B6291D38DF62525F5A1151701DF0BF331725CDAAA9939392D8951455063D7E1451504DE2ABC13F8223E8B3D70448764AA4FDEC25EEDFBAAB02615DEA3CC065FD63F0B40596793D5 '!=' Modulus=DA8D8B49CB209A817AE7C6D832BD5D528575B206774B51D8C5EC60C4D7949124239F826C76FF8E3A06B3A535B61654036AAEB97B34C7F3B65B6291D38DF62525F5A1151701DF0BF331725CDAAA9939392D8951455063D7E1451504DE2ABC13F8223E8B3D70448764AA4FDEC25EEDFBAAB02615DEA3CC065FD63F0B40596793D5 ']' 488s + valid_certificate /tmp/sssd-softhsm2-GcvsPX/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-24609 /tmp/sssd-softhsm2-GcvsPX/test-full-chain-CA.pem partial_chain 488s + check_certificate /tmp/sssd-softhsm2-GcvsPX/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-24609 /tmp/sssd-softhsm2-GcvsPX/test-full-chain-CA.pem partial_chain 488s + local certificate=/tmp/sssd-softhsm2-GcvsPX/test-sub-intermediate-CA-trusted-certificate-0001.pem 488s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-24609 488s + local key_ring=/tmp/sssd-softhsm2-GcvsPX/test-full-chain-CA.pem 488s + local verify_option=partial_chain 488s + prepare_softhsm2_card /tmp/sssd-softhsm2-GcvsPX/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-24609 488s + local certificate=/tmp/sssd-softhsm2-GcvsPX/test-sub-intermediate-CA-trusted-certificate-0001.pem 488s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-24609 488s + local key_cn 488s + local key_name 488s + local tokens_dir 488s + local output_cert_file 488s + token_name= 488s ++ basename /tmp/sssd-softhsm2-GcvsPX/test-sub-intermediate-CA-trusted-certificate-0001.pem .pem 488s + key_name=test-sub-intermediate-CA-trusted-certificate-0001 488s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-GcvsPX/test-sub-intermediate-CA-trusted-certificate-0001.pem 488s ++ sed -n 's/ *commonName *= //p' 488s + key_cn='Test Organization Sub Intermediate Trusted Certificate 0001' 488s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 488s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-GcvsPX/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 488s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-GcvsPX/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 488s ++ basename /tmp/sssd-softhsm2-GcvsPX/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf .conf 488s + tokens_dir=/tmp/sssd-softhsm2-GcvsPX/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 488s + token_name='Test Organization Sub Int Token' 488s + '[' '!' -e /tmp/sssd-softhsm2-GcvsPX/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf ']' 488s + '[' '!' -d /tmp/sssd-softhsm2-GcvsPX/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 ']' 488s + echo 'Test Organization Sub Int Token' 488s + '[' -n partial_chain ']' 488s Test Organization Sub Int Token 488s + local verify_arg=--verify=partial_chain 488s + local output_base_name=SSSD-child-8450 488s + local output_file=/tmp/sssd-softhsm2-GcvsPX/SSSD-child-8450.output 488s + output_cert_file=/tmp/sssd-softhsm2-GcvsPX/SSSD-child-8450.pem 488s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so --verify=partial_chain --ca_db=/tmp/sssd-softhsm2-GcvsPX/test-full-chain-CA.pem 488s [p11_child[2287]] [main] (0x0400): p11_child started. 488s [p11_child[2287]] [main] (0x2000): Running in [pre-auth] mode. 488s [p11_child[2287]] [main] (0x2000): Running with effective IDs: [0][0]. 488s [p11_child[2287]] [main] (0x2000): Running with real IDs [0][0]. 488s [p11_child[2287]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 488s [p11_child[2287]] [do_card] (0x4000): Module List: 488s [p11_child[2287]] [do_card] (0x4000): common name: [softhsm2]. 488s [p11_child[2287]] [do_card] (0x4000): dll name: [/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 488s [p11_child[2287]] [do_card] (0x4000): Description [SoftHSM slot ID 0x5a2433aa] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 488s [p11_child[2287]] [do_card] (0x4000): Token label [Test Organization Sub Int Token]. 488s [p11_child[2287]] [do_card] (0x4000): Found [Test Organization Sub Int Token] in slot [SoftHSM slot ID 0x5a2433aa][1512321962] of module [0][/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 488s [p11_child[2287]] [do_card] (0x4000): Login NOT required. 488s [p11_child[2287]] [read_certs] (0x4000): found cert[Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] 488s [p11_child[2287]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 488s [p11_child[2287]] [do_card] (0x4000): /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so (null) Test Organization Sub Int Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 488s [p11_child[2287]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x5a2433aa;slot-manufacturer=SoftHSM%20project;slot-id=1512321962;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=1d8268625a2433aa;token=Test%20Organization%20Sub%20Int%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Sub%20Intermediate%20Trusted%20Certificate%200001;type=cert. 488s [p11_child[2287]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 488s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-GcvsPX/SSSD-child-8450.output 488s + echo '-----BEGIN CERTIFICATE-----' 488s + tail -n1 /tmp/sssd-softhsm2-GcvsPX/SSSD-child-8450.output 488s + echo '-----END CERTIFICATE-----' 488s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-GcvsPX/SSSD-child-8450.pem 488s Certificate: 488s Data: 488s Version: 3 (0x2) 488s Serial Number: 5 (0x5) 488s Signature Algorithm: sha256WithRSAEncryption 488s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate CA 488s Validity 488s Not Before: Mar 21 04:29:39 2024 GMT 488s Not After : Mar 21 04:29:39 2025 GMT 488s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate Trusted Certificate 0001 488s Subject Public Key Info: 488s Public Key Algorithm: rsaEncryption 488s Public-Key: (1024 bit) 488s Modulus: 488s 00:da:8d:8b:49:cb:20:9a:81:7a:e7:c6:d8:32:bd: 488s 5d:52:85:75:b2:06:77:4b:51:d8:c5:ec:60:c4:d7: 488s 94:91:24:23:9f:82:6c:76:ff:8e:3a:06:b3:a5:35: 488s b6:16:54:03:6a:ae:b9:7b:34:c7:f3:b6:5b:62:91: 488s d3:8d:f6:25:25:f5:a1:15:17:01:df:0b:f3:31:72: 488s 5c:da:aa:99:39:39:2d:89:51:45:50:63:d7:e1:45: 488s 15:04:de:2a:bc:13:f8:22:3e:8b:3d:70:44:87:64: 488s aa:4f:de:c2:5e:ed:fb:aa:b0:26:15:de:a3:cc:06: 488s 5f:d6:3f:0b:40:59:67:93:d5 488s Exponent: 65537 (0x10001) 488s X509v3 extensions: 488s X509v3 Authority Key Identifier: 488s A4:AB:CC:91:E8:43:9F:7A:94:C1:64:41:93:66:F5:7A:17:5E:DF:32 488s X509v3 Basic Constraints: 488s CA:FALSE 488s Netscape Cert Type: 488s SSL Client, S/MIME 488s Netscape Comment: 488s Test Organization Sub Intermediate CA trusted Certificate 488s X509v3 Subject Key Identifier: 488s A1:F4:56:C2:30:56:60:54:98:98:E6:CC:EF:05:80:F9:FD:97:90:DC 488s X509v3 Key Usage: critical 488s Digital Signature, Non Repudiation, Key Encipherment 488s X509v3 Extended Key Usage: 488s TLS Web Client Authentication, E-mail Protection 488s X509v3 Subject Alternative Name: 488s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 488s Signature Algorithm: sha256WithRSAEncryption 488s Signature Value: 488s d5:6d:a6:1c:d9:90:0c:15:d8:19:3d:2b:63:d2:75:fe:f9:b0: 488s 2c:60:26:07:0a:f5:2e:77:e5:6b:68:11:3b:20:0c:00:5a:84: 488s 09:70:dd:48:28:ac:d1:53:fd:f3:77:ca:f1:6a:fe:5f:e4:e5: 488s b8:07:95:5d:f7:ba:ad:eb:8a:a4:de:ac:21:1d:9e:6b:c4:a9: 488s 7c:87:a9:6c:b2:7c:a0:8d:0a:a0:4a:83:60:96:2f:f7:d2:59: 488s 91:e4:d1:16:4e:e6:d8:8e:1e:d1:5a:0f:b1:f8:98:f5:42:bb: 488s e0:6a:b2:1b:f2:4b:36:1a:03:a8:b6:9e:cc:89:6d:f9:84:d6: 488s a7:c8 488s + local found_md5 expected_md5 488s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-GcvsPX/test-sub-intermediate-CA-trusted-certificate-0001.pem 488s + expected_md5=Modulus=DA8D8B49CB209A817AE7C6D832BD5D528575B206774B51D8C5EC60C4D7949124239F826C76FF8E3A06B3A535B61654036AAEB97B34C7F3B65B6291D38DF62525F5A1151701DF0BF331725CDAAA9939392D8951455063D7E1451504DE2ABC13F8223E8B3D70448764AA4FDEC25EEDFBAAB02615DEA3CC065FD63F0B40596793D5 488s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-GcvsPX/SSSD-child-8450.pem 488s + found_md5=Modulus=DA8D8B49CB209A817AE7C6D832BD5D528575B206774B51D8C5EC60C4D7949124239F826C76FF8E3A06B3A535B61654036AAEB97B34C7F3B65B6291D38DF62525F5A1151701DF0BF331725CDAAA9939392D8951455063D7E1451504DE2ABC13F8223E8B3D70448764AA4FDEC25EEDFBAAB02615DEA3CC065FD63F0B40596793D5 488s + '[' Modulus=DA8D8B49CB209A817AE7C6D832BD5D528575B206774B51D8C5EC60C4D7949124239F826C76FF8E3A06B3A535B61654036AAEB97B34C7F3B65B6291D38DF62525F5A1151701DF0BF331725CDAAA9939392D8951455063D7E1451504DE2ABC13F8223E8B3D70448764AA4FDEC25EEDFBAAB02615DEA3CC065FD63F0B40596793D5 '!=' Modulus=DA8D8B49CB209A817AE7C6D832BD5D528575B206774B51D8C5EC60C4D7949124239F826C76FF8E3A06B3A535B61654036AAEB97B34C7F3B65B6291D38DF62525F5A1151701DF0BF331725CDAAA9939392D8951455063D7E1451504DE2ABC13F8223E8B3D70448764AA4FDEC25EEDFBAAB02615DEA3CC065FD63F0B40596793D5 ']' 488s + output_file=/tmp/sssd-softhsm2-GcvsPX/SSSD-child-8450-auth.output 488s ++ basename /tmp/sssd-softhsm2-GcvsPX/SSSD-child-8450-auth.output .output 488s + output_cert_file=/tmp/sssd-softhsm2-GcvsPX/SSSD-child-8450-auth.pem 488s + echo -n 053350 488s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/tmp/sssd-softhsm2-GcvsPX/test-full-chain-CA.pem --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 --verify=partial_chain --token_name 'Test Organization Sub Int Token' --module_name /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so 488s [p11_child[2295]] [main] (0x0400): p11_child started. 488s [p11_child[2295]] [main] (0x2000): Running in [auth] mode. 488s [p11_child[2295]] [main] (0x2000): Running with effective IDs: [0][0]. 488s [p11_child[2295]] [main] (0x2000): Running with real IDs [0][0]. 488s [p11_child[2295]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 488s [p11_child[2295]] [do_card] (0x4000): Module List: 488s [p11_child[2295]] [do_card] (0x4000): common name: [softhsm2]. 488s [p11_child[2295]] [do_card] (0x4000): dll name: [/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 488s [p11_child[2295]] [do_card] (0x4000): Description [SoftHSM slot ID 0x5a2433aa] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 488s [p11_child[2295]] [do_card] (0x4000): Token label [Test Organization Sub Int Token]. 488s [p11_child[2295]] [do_card] (0x4000): Found [Test Organization Sub Int Token] in slot [SoftHSM slot ID 0x5a2433aa][1512321962] of module [0][/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 488s [p11_child[2295]] [do_card] (0x4000): Login required. 488s [p11_child[2295]] [read_certs] (0x4000): found cert[Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] 488s [p11_child[2295]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 488s [p11_child[2295]] [do_card] (0x4000): /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so Test Organization Sub Int Token Test Organization Sub Int Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 488s [p11_child[2295]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x5a2433aa;slot-manufacturer=SoftHSM%20project;slot-id=1512321962;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=1d8268625a2433aa;token=Test%20Organization%20Sub%20Int%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Sub%20Intermediate%20Trusted%20Certificate%200001;type=cert. 488s [p11_child[2295]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 488s [p11_child[2295]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 488s [p11_child[2295]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 488s [p11_child[2295]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 488s [p11_child[2295]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 488s [p11_child[2295]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 488s [p11_child[2295]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 488s [p11_child[2295]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 488s [p11_child[2295]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 488s [p11_child[2295]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 488s [p11_child[2295]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 488s [p11_child[2295]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 488s [p11_child[2295]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 488s [p11_child[2295]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 488s [p11_child[2295]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 488s [p11_child[2295]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 488s [p11_child[2295]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 488s [p11_child[2295]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 488s [p11_child[2295]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 488s [p11_child[2295]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 488s [p11_child[2295]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 488s [p11_child[2295]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 488s [p11_child[2295]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 488s [p11_child[2295]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 488s [p11_child[2295]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 488s [p11_child[2295]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 488s [p11_child[2295]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 488s [p11_child[2295]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 488s [p11_child[2295]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 488s [p11_child[2295]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 488s [p11_child[2295]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 488s [p11_child[2295]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 488s [p11_child[2295]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 488s [p11_child[2295]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 488s [p11_child[2295]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 488s [p11_child[2295]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 488s [p11_child[2295]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 488s [p11_child[2295]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 488s [p11_child[2295]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 488s [p11_child[2295]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 488s [p11_child[2295]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 488s [p11_child[2295]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 488s [p11_child[2295]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 488s [p11_child[2295]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 488s [p11_child[2295]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 488s [p11_child[2295]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 488s [p11_child[2295]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 488s [p11_child[2295]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 488s [p11_child[2295]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 488s [p11_child[2295]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 488s [p11_child[2295]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 488s [p11_child[2295]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 488s [p11_child[2295]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 488s [p11_child[2295]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 488s [p11_child[2295]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 488s [p11_child[2295]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 488s [p11_child[2295]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 488s [p11_child[2295]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 488s [p11_child[2295]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 488s [p11_child[2295]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 488s [p11_child[2295]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 488s [p11_child[2295]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 488s [p11_child[2295]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 488s [p11_child[2295]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 488s [p11_child[2295]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 488s [p11_child[2295]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 488s [p11_child[2295]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 488s [p11_child[2295]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 488s [p11_child[2295]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 488s [p11_child[2295]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 488s [p11_child[2295]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 488s [p11_child[2295]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 488s [p11_child[2295]] [do_card] (0x4000): Certificate verified and validated. 488s [p11_child[2295]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 488s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-GcvsPX/SSSD-child-8450-auth.output 488s + echo '-----BEGIN CERTIFICATE-----' 488s + tail -n1 /tmp/sssd-softhsm2-GcvsPX/SSSD-child-8450-auth.output 489s + echo '-----END CERTIFICATE-----' 489s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-GcvsPX/SSSD-child-8450-auth.pem 489s Certificate: 489s Data: 489s Version: 3 (0x2) 489s Serial Number: 5 (0x5) 489s Signature Algorithm: sha256WithRSAEncryption 489s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate CA 489s Validity 489s Not Before: Mar 21 04:29:39 2024 GMT 489s Not After : Mar 21 04:29:39 2025 GMT 489s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate Trusted Certificate 0001 489s Subject Public Key Info: 489s Public Key Algorithm: rsaEncryption 489s Public-Key: (1024 bit) 489s Modulus: 489s 00:da:8d:8b:49:cb:20:9a:81:7a:e7:c6:d8:32:bd: 489s 5d:52:85:75:b2:06:77:4b:51:d8:c5:ec:60:c4:d7: 489s 94:91:24:23:9f:82:6c:76:ff:8e:3a:06:b3:a5:35: 489s b6:16:54:03:6a:ae:b9:7b:34:c7:f3:b6:5b:62:91: 489s d3:8d:f6:25:25:f5:a1:15:17:01:df:0b:f3:31:72: 489s 5c:da:aa:99:39:39:2d:89:51:45:50:63:d7:e1:45: 489s 15:04:de:2a:bc:13:f8:22:3e:8b:3d:70:44:87:64: 489s aa:4f:de:c2:5e:ed:fb:aa:b0:26:15:de:a3:cc:06: 489s 5f:d6:3f:0b:40:59:67:93:d5 489s Exponent: 65537 (0x10001) 489s X509v3 extensions: 489s X509v3 Authority Key Identifier: 489s A4:AB:CC:91:E8:43:9F:7A:94:C1:64:41:93:66:F5:7A:17:5E:DF:32 489s X509v3 Basic Constraints: 489s CA:FALSE 489s Netscape Cert Type: 489s SSL Client, S/MIME 489s Netscape Comment: 489s Test Organization Sub Intermediate CA trusted Certificate 489s X509v3 Subject Key Identifier: 489s A1:F4:56:C2:30:56:60:54:98:98:E6:CC:EF:05:80:F9:FD:97:90:DC 489s X509v3 Key Usage: critical 489s Digital Signature, Non Repudiation, Key Encipherment 489s X509v3 Extended Key Usage: 489s TLS Web Client Authentication, E-mail Protection 489s X509v3 Subject Alternative Name: 489s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 489s Signature Algorithm: sha256WithRSAEncryption 489s Signature Value: 489s d5:6d:a6:1c:d9:90:0c:15:d8:19:3d:2b:63:d2:75:fe:f9:b0: 489s 2c:60:26:07:0a:f5:2e:77:e5:6b:68:11:3b:20:0c:00:5a:84: 489s 09:70:dd:48:28:ac:d1:53:fd:f3:77:ca:f1:6a:fe:5f:e4:e5: 489s b8:07:95:5d:f7:ba:ad:eb:8a:a4:de:ac:21:1d:9e:6b:c4:a9: 489s 7c:87:a9:6c:b2:7c:a0:8d:0a:a0:4a:83:60:96:2f:f7:d2:59: 489s 91:e4:d1:16:4e:e6:d8:8e:1e:d1:5a:0f:b1:f8:98:f5:42:bb: 489s e0:6a:b2:1b:f2:4b:36:1a:03:a8:b6:9e:cc:89:6d:f9:84:d6: 489s a7:c8 489s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-GcvsPX/SSSD-child-8450-auth.pem 489s + found_md5=Modulus=DA8D8B49CB209A817AE7C6D832BD5D528575B206774B51D8C5EC60C4D7949124239F826C76FF8E3A06B3A535B61654036AAEB97B34C7F3B65B6291D38DF62525F5A1151701DF0BF331725CDAAA9939392D8951455063D7E1451504DE2ABC13F8223E8B3D70448764AA4FDEC25EEDFBAAB02615DEA3CC065FD63F0B40596793D5 489s + '[' Modulus=DA8D8B49CB209A817AE7C6D832BD5D528575B206774B51D8C5EC60C4D7949124239F826C76FF8E3A06B3A535B61654036AAEB97B34C7F3B65B6291D38DF62525F5A1151701DF0BF331725CDAAA9939392D8951455063D7E1451504DE2ABC13F8223E8B3D70448764AA4FDEC25EEDFBAAB02615DEA3CC065FD63F0B40596793D5 '!=' Modulus=DA8D8B49CB209A817AE7C6D832BD5D528575B206774B51D8C5EC60C4D7949124239F826C76FF8E3A06B3A535B61654036AAEB97B34C7F3B65B6291D38DF62525F5A1151701DF0BF331725CDAAA9939392D8951455063D7E1451504DE2ABC13F8223E8B3D70448764AA4FDEC25EEDFBAAB02615DEA3CC065FD63F0B40596793D5 ']' 489s + invalid_certificate /tmp/sssd-softhsm2-GcvsPX/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-24609 /tmp/sssd-softhsm2-GcvsPX/test-sub-intermediate-CA.pem 489s + check_certificate /tmp/sssd-softhsm2-GcvsPX/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-24609 /tmp/sssd-softhsm2-GcvsPX/test-sub-intermediate-CA.pem 489s + local certificate=/tmp/sssd-softhsm2-GcvsPX/test-sub-intermediate-CA-trusted-certificate-0001.pem 489s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-24609 489s + local key_ring=/tmp/sssd-softhsm2-GcvsPX/test-sub-intermediate-CA.pem 489s + local verify_option= 489s + prepare_softhsm2_card /tmp/sssd-softhsm2-GcvsPX/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-24609 489s + local certificate=/tmp/sssd-softhsm2-GcvsPX/test-sub-intermediate-CA-trusted-certificate-0001.pem 489s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-24609 489s + local key_cn 489s + local key_name 489s + local tokens_dir 489s + local output_cert_file 489s + token_name= 489s ++ basename /tmp/sssd-softhsm2-GcvsPX/test-sub-intermediate-CA-trusted-certificate-0001.pem .pem 489s + key_name=test-sub-intermediate-CA-trusted-certificate-0001 489s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-GcvsPX/test-sub-intermediate-CA-trusted-certificate-0001.pem 489s ++ sed -n 's/ *commonName *= //p' 489s + key_cn='Test Organization Sub Intermediate Trusted Certificate 0001' 489s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 489s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-GcvsPX/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 489s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-GcvsPX/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 489s ++ basename /tmp/sssd-softhsm2-GcvsPX/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf .conf 489s + tokens_dir=/tmp/sssd-softhsm2-GcvsPX/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 489s + token_name='Test Organization Sub Int Token' 489s + '[' '!' -e /tmp/sssd-softhsm2-GcvsPX/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf ']' 489s + '[' '!' -d /tmp/sssd-softhsm2-GcvsPX/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 ']' 489s + echo 'Test Organization Sub Int Token' 489s Test Organization Sub Int Token 489s + '[' -n '' ']' 489s + local output_base_name=SSSD-child-24 489s + local output_file=/tmp/sssd-softhsm2-GcvsPX/SSSD-child-24.output 489s + output_cert_file=/tmp/sssd-softhsm2-GcvsPX/SSSD-child-24.pem 489s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so '' --ca_db=/tmp/sssd-softhsm2-GcvsPX/test-sub-intermediate-CA.pem 489s [p11_child[2305]] [main] (0x0400): p11_child started. 489s [p11_child[2305]] [main] (0x2000): Running in [pre-auth] mode. 489s [p11_child[2305]] [main] (0x2000): Running with effective IDs: [0][0]. 489s [p11_child[2305]] [main] (0x2000): Running with real IDs [0][0]. 489s [p11_child[2305]] [do_card] (0x4000): Module List: 489s [p11_child[2305]] [do_card] (0x4000): common name: [softhsm2]. 489s [p11_child[2305]] [do_card] (0x4000): dll name: [/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 489s [p11_child[2305]] [do_card] (0x4000): Description [SoftHSM slot ID 0x5a2433aa] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 489s [p11_child[2305]] [do_card] (0x4000): Token label [Test Organization Sub Int Token]. 489s [p11_child[2305]] [do_card] (0x4000): Found [Test Organization Sub Int Token] in slot [SoftHSM slot ID 0x5a2433aa][1512321962] of module [0][/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 489s [p11_child[2305]] [do_card] (0x4000): Login NOT required. 489s [p11_child[2305]] [read_certs] (0x4000): found cert[Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] 489s [p11_child[2305]] [do_verification] (0x0040): X509_verify_cert failed [0]. 489s [p11_child[2305]] [do_verification] (0x0040): X509_verify_cert failed [2][unable to get issuer certificate]. 489s [p11_child[2305]] [read_certs] (0x0040): Certificate [Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] not valid, skipping. 489s [p11_child[2305]] [do_card] (0x4000): No certificate found. 489s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-GcvsPX/SSSD-child-24.output 489s + return 2 489s + invalid_certificate /tmp/sssd-softhsm2-GcvsPX/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-24609 /tmp/sssd-softhsm2-GcvsPX/test-root-intermediate-chain-CA.pem partial_chain 489s + check_certificate /tmp/sssd-softhsm2-GcvsPX/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-24609 /tmp/sssd-softhsm2-GcvsPX/test-root-intermediate-chain-CA.pem partial_chain 489s + local certificate=/tmp/sssd-softhsm2-GcvsPX/test-sub-intermediate-CA-trusted-certificate-0001.pem 489s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-24609 489s + local key_ring=/tmp/sssd-softhsm2-GcvsPX/test-root-intermediate-chain-CA.pem 489s + local verify_option=partial_chain 489s + prepare_softhsm2_card /tmp/sssd-softhsm2-GcvsPX/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-24609 489s + local certificate=/tmp/sssd-softhsm2-GcvsPX/test-sub-intermediate-CA-trusted-certificate-0001.pem 489s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-24609 489s + local key_cn 489s + local key_name 489s + local tokens_dir 489s + local output_cert_file 489s + token_name= 489s ++ basename /tmp/sssd-softhsm2-GcvsPX/test-sub-intermediate-CA-trusted-certificate-0001.pem .pem 489s + key_name=test-sub-intermediate-CA-trusted-certificate-0001 489s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-GcvsPX/test-sub-intermediate-CA-trusted-certificate-0001.pem 489s ++ sed -n 's/ *commonName *= //p' 489s + key_cn='Test Organization Sub Intermediate Trusted Certificate 0001' 489s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 489s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-GcvsPX/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 489s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-GcvsPX/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 489s ++ basename /tmp/sssd-softhsm2-GcvsPX/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf .conf 489s + tokens_dir=/tmp/sssd-softhsm2-GcvsPX/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 489s + token_name='Test Organization Sub Int Token' 489s + '[' '!' -e /tmp/sssd-softhsm2-GcvsPX/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf ']' 489s + '[' '!' -d /tmp/sssd-softhsm2-GcvsPX/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 ']' 489s + echo 'Test Organization Sub Int Token' 489s + '[' -n partial_chain ']' 489s + local verify_arg=--verify=partial_chain 489s + local output_base_name=SSSD-child-31557 489s + local output_file=/tmp/sssd-softhsm2-GcvsPX/SSSD-child-31557.output 489s + output_cert_file=/tmp/sssd-softhsm2-GcvsPX/SSSD-child-31557.pem 489s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so --verify=partial_chain --ca_db=/tmp/sssd-softhsm2-GcvsPX/test-root-intermediate-chain-CA.pem 489s [p11_child[2312]] [main] (0x0400): p11_child started. 489s [p11_child[2312]] [main] (0x2000): Running in [pre-auth] mode. 489s [p11_child[2312]] [main] (0x2000): Running with effective IDs: [0][0]. 489s [p11_child[2312]] [main] (0x2000): Running with real IDs [0][0]. 489s Test Organization Sub Int Token 489s [p11_child[2312]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 489s [p11_child[2312]] [do_card] (0x4000): Module List: 489s [p11_child[2312]] [do_card] (0x4000): common name: [softhsm2]. 489s [p11_child[2312]] [do_card] (0x4000): dll name: [/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 489s [p11_child[2312]] [do_card] (0x4000): Description [SoftHSM slot ID 0x5a2433aa] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 489s [p11_child[2312]] [do_card] (0x4000): Token label [Test Organization Sub Int Token]. 489s [p11_child[2312]] [do_card] (0x4000): Found [Test Organization Sub Int Token] in slot [SoftHSM slot ID 0x5a2433aa][1512321962] of module [0][/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 489s [p11_child[2312]] [do_card] (0x4000): Login NOT required. 489s [p11_child[2312]] [read_certs] (0x4000): found cert[Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] 489s [p11_child[2312]] [do_verification] (0x0040): X509_verify_cert failed [0]. 489s [p11_child[2312]] [do_verification] (0x0040): X509_verify_cert failed [20][unable to get local issuer certificate]. 489s [p11_child[2312]] [read_certs] (0x0040): Certificate [Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] not valid, skipping. 489s [p11_child[2312]] [do_card] (0x4000): No certificate found. 489s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-GcvsPX/SSSD-child-31557.output 489s + return 2 489s + valid_certificate /tmp/sssd-softhsm2-GcvsPX/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-24609 /tmp/sssd-softhsm2-GcvsPX/test-sub-intermediate-CA.pem partial_chain 489s + check_certificate /tmp/sssd-softhsm2-GcvsPX/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-24609 /tmp/sssd-softhsm2-GcvsPX/test-sub-intermediate-CA.pem partial_chain 489s + local certificate=/tmp/sssd-softhsm2-GcvsPX/test-sub-intermediate-CA-trusted-certificate-0001.pem 489s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-24609 489s + local key_ring=/tmp/sssd-softhsm2-GcvsPX/test-sub-intermediate-CA.pem 489s + local verify_option=partial_chain 489s + prepare_softhsm2_card /tmp/sssd-softhsm2-GcvsPX/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-24609 489s + local certificate=/tmp/sssd-softhsm2-GcvsPX/test-sub-intermediate-CA-trusted-certificate-0001.pem 489s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-24609 489s + local key_cn 489s + local key_name 489s + local tokens_dir 489s + local output_cert_file 489s + token_name= 489s ++ basename /tmp/sssd-softhsm2-GcvsPX/test-sub-intermediate-CA-trusted-certificate-0001.pem .pem 489s + key_name=test-sub-intermediate-CA-trusted-certificate-0001 489s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-GcvsPX/test-sub-intermediate-CA-trusted-certificate-0001.pem 489s ++ sed -n 's/ *commonName *= //p' 489s + key_cn='Test Organization Sub Intermediate Trusted Certificate 0001' 489s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 489s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-GcvsPX/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 489s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-GcvsPX/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 489s ++ basename /tmp/sssd-softhsm2-GcvsPX/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf .conf 489s + tokens_dir=/tmp/sssd-softhsm2-GcvsPX/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 489s + token_name='Test Organization Sub Int Token' 489s + '[' '!' -e /tmp/sssd-softhsm2-GcvsPX/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf ']' 489s + '[' '!' -d /tmp/sssd-softhsm2-GcvsPX/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 ']' 489s + echo 'Test Organization Sub Int Token' 489s + '[' -n partial_chain ']' 489s + local verify_arg=--verify=partial_chain 489s + local output_base_name=SSSD-child-21547 489s + local output_file=/tmp/sssd-softhsm2-GcvsPX/SSSD-child-21547.output 489s + output_cert_file=/tmp/sssd-softhsm2-GcvsPX/SSSD-child-21547.pem 489s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so --verify=partial_chain --ca_db=/tmp/sssd-softhsm2-GcvsPX/test-sub-intermediate-CA.pem 489s Test Organization Sub Int Token 489s [p11_child[2319]] [main] (0x0400): p11_child started. 489s [p11_child[2319]] [main] (0x2000): Running in [pre-auth] mode. 489s [p11_child[2319]] [main] (0x2000): Running with effective IDs: [0][0]. 489s [p11_child[2319]] [main] (0x2000): Running with real IDs [0][0]. 489s [p11_child[2319]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 489s [p11_child[2319]] [do_card] (0x4000): Module List: 489s [p11_child[2319]] [do_card] (0x4000): common name: [softhsm2]. 489s [p11_child[2319]] [do_card] (0x4000): dll name: [/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 489s [p11_child[2319]] [do_card] (0x4000): Description [SoftHSM slot ID 0x5a2433aa] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 489s [p11_child[2319]] [do_card] (0x4000): Token label [Test Organization Sub Int Token]. 489s [p11_child[2319]] [do_card] (0x4000): Found [Test Organization Sub Int Token] in slot [SoftHSM slot ID 0x5a2433aa][1512321962] of module [0][/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 489s [p11_child[2319]] [do_card] (0x4000): Login NOT required. 489s [p11_child[2319]] [read_certs] (0x4000): found cert[Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] 489s [p11_child[2319]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 489s [p11_child[2319]] [do_card] (0x4000): /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so (null) Test Organization Sub Int Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 489s [p11_child[2319]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x5a2433aa;slot-manufacturer=SoftHSM%20project;slot-id=1512321962;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=1d8268625a2433aa;token=Test%20Organization%20Sub%20Int%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Sub%20Intermediate%20Trusted%20Certificate%200001;type=cert. 489s [p11_child[2319]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 489s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-GcvsPX/SSSD-child-21547.output 489s + echo '-----BEGIN CERTIFICATE-----' 489s + tail -n1 /tmp/sssd-softhsm2-GcvsPX/SSSD-child-21547.output 489s + echo '-----END CERTIFICATE-----' 489s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-GcvsPX/SSSD-child-21547.pem 489s + local found_md5 expected_md5 489s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-GcvsPX/test-sub-intermediate-CA-trusted-certificate-0001.pem 489s Certificate: 489s Data: 489s Version: 3 (0x2) 489s Serial Number: 5 (0x5) 489s Signature Algorithm: sha256WithRSAEncryption 489s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate CA 489s Validity 489s Not Before: Mar 21 04:29:39 2024 GMT 489s Not After : Mar 21 04:29:39 2025 GMT 489s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate Trusted Certificate 0001 489s Subject Public Key Info: 489s Public Key Algorithm: rsaEncryption 489s Public-Key: (1024 bit) 489s Modulus: 489s 00:da:8d:8b:49:cb:20:9a:81:7a:e7:c6:d8:32:bd: 489s 5d:52:85:75:b2:06:77:4b:51:d8:c5:ec:60:c4:d7: 489s 94:91:24:23:9f:82:6c:76:ff:8e:3a:06:b3:a5:35: 489s b6:16:54:03:6a:ae:b9:7b:34:c7:f3:b6:5b:62:91: 489s d3:8d:f6:25:25:f5:a1:15:17:01:df:0b:f3:31:72: 489s 5c:da:aa:99:39:39:2d:89:51:45:50:63:d7:e1:45: 489s 15:04:de:2a:bc:13:f8:22:3e:8b:3d:70:44:87:64: 489s aa:4f:de:c2:5e:ed:fb:aa:b0:26:15:de:a3:cc:06: 489s 5f:d6:3f:0b:40:59:67:93:d5 489s Exponent: 65537 (0x10001) 489s X509v3 extensions: 489s X509v3 Authority Key Identifier: 489s A4:AB:CC:91:E8:43:9F:7A:94:C1:64:41:93:66:F5:7A:17:5E:DF:32 489s X509v3 Basic Constraints: 489s CA:FALSE 489s Netscape Cert Type: 489s SSL Client, S/MIME 489s Netscape Comment: 489s Test Organization Sub Intermediate CA trusted Certificate 489s X509v3 Subject Key Identifier: 489s A1:F4:56:C2:30:56:60:54:98:98:E6:CC:EF:05:80:F9:FD:97:90:DC 489s X509v3 Key Usage: critical 489s Digital Signature, Non Repudiation, Key Encipherment 489s X509v3 Extended Key Usage: 489s TLS Web Client Authentication, E-mail Protection 489s X509v3 Subject Alternative Name: 489s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 489s Signature Algorithm: sha256WithRSAEncryption 489s Signature Value: 489s d5:6d:a6:1c:d9:90:0c:15:d8:19:3d:2b:63:d2:75:fe:f9:b0: 489s 2c:60:26:07:0a:f5:2e:77:e5:6b:68:11:3b:20:0c:00:5a:84: 489s 09:70:dd:48:28:ac:d1:53:fd:f3:77:ca:f1:6a:fe:5f:e4:e5: 489s b8:07:95:5d:f7:ba:ad:eb:8a:a4:de:ac:21:1d:9e:6b:c4:a9: 489s 7c:87:a9:6c:b2:7c:a0:8d:0a:a0:4a:83:60:96:2f:f7:d2:59: 489s 91:e4:d1:16:4e:e6:d8:8e:1e:d1:5a:0f:b1:f8:98:f5:42:bb: 489s e0:6a:b2:1b:f2:4b:36:1a:03:a8:b6:9e:cc:89:6d:f9:84:d6: 489s a7:c8 489s + expected_md5=Modulus=DA8D8B49CB209A817AE7C6D832BD5D528575B206774B51D8C5EC60C4D7949124239F826C76FF8E3A06B3A535B61654036AAEB97B34C7F3B65B6291D38DF62525F5A1151701DF0BF331725CDAAA9939392D8951455063D7E1451504DE2ABC13F8223E8B3D70448764AA4FDEC25EEDFBAAB02615DEA3CC065FD63F0B40596793D5 489s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-GcvsPX/SSSD-child-21547.pem 489s + found_md5=Modulus=DA8D8B49CB209A817AE7C6D832BD5D528575B206774B51D8C5EC60C4D7949124239F826C76FF8E3A06B3A535B61654036AAEB97B34C7F3B65B6291D38DF62525F5A1151701DF0BF331725CDAAA9939392D8951455063D7E1451504DE2ABC13F8223E8B3D70448764AA4FDEC25EEDFBAAB02615DEA3CC065FD63F0B40596793D5 489s + '[' Modulus=DA8D8B49CB209A817AE7C6D832BD5D528575B206774B51D8C5EC60C4D7949124239F826C76FF8E3A06B3A535B61654036AAEB97B34C7F3B65B6291D38DF62525F5A1151701DF0BF331725CDAAA9939392D8951455063D7E1451504DE2ABC13F8223E8B3D70448764AA4FDEC25EEDFBAAB02615DEA3CC065FD63F0B40596793D5 '!=' Modulus=DA8D8B49CB209A817AE7C6D832BD5D528575B206774B51D8C5EC60C4D7949124239F826C76FF8E3A06B3A535B61654036AAEB97B34C7F3B65B6291D38DF62525F5A1151701DF0BF331725CDAAA9939392D8951455063D7E1451504DE2ABC13F8223E8B3D70448764AA4FDEC25EEDFBAAB02615DEA3CC065FD63F0B40596793D5 ']' 489s + output_file=/tmp/sssd-softhsm2-GcvsPX/SSSD-child-21547-auth.output 489s ++ basename /tmp/sssd-softhsm2-GcvsPX/SSSD-child-21547-auth.output .output 489s + output_cert_file=/tmp/sssd-softhsm2-GcvsPX/SSSD-child-21547-auth.pem 489s + echo -n 053350 489s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/tmp/sssd-softhsm2-GcvsPX/test-sub-intermediate-CA.pem --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 --verify=partial_chain --token_name 'Test Organization Sub Int Token' --module_name /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so 489s [p11_child[2327]] [main] (0x0400): p11_child started. 489s [p11_child[2327]] [main] (0x2000): Running in [auth] mode. 489s [p11_child[2327]] [main] (0x2000): Running with effective IDs: [0][0]. 489s [p11_child[2327]] [main] (0x2000): Running with real IDs [0][0]. 489s [p11_child[2327]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 489s [p11_child[2327]] [do_card] (0x4000): Module List: 489s [p11_child[2327]] [do_card] (0x4000): common name: [softhsm2]. 489s [p11_child[2327]] [do_card] (0x4000): dll name: [/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 489s [p11_child[2327]] [do_card] (0x4000): Description [SoftHSM slot ID 0x5a2433aa] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 489s [p11_child[2327]] [do_card] (0x4000): Token label [Test Organization Sub Int Token]. 489s [p11_child[2327]] [do_card] (0x4000): Found [Test Organization Sub Int Token] in slot [SoftHSM slot ID 0x5a2433aa][1512321962] of module [0][/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 489s [p11_child[2327]] [do_card] (0x4000): Login required. 489s [p11_child[2327]] [read_certs] (0x4000): found cert[Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] 489s [p11_child[2327]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 489s [p11_child[2327]] [do_card] (0x4000): /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so Test Organization Sub Int Token Test Organization Sub Int Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 489s [p11_child[2327]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x5a2433aa;slot-manufacturer=SoftHSM%20project;slot-id=1512321962;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=1d8268625a2433aa;token=Test%20Organization%20Sub%20Int%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Sub%20Intermediate%20Trusted%20Certificate%200001;type=cert. 489s [p11_child[2327]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 489s [p11_child[2327]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 489s [p11_child[2327]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 489s [p11_child[2327]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 489s [p11_child[2327]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 489s [p11_child[2327]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 489s [p11_child[2327]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 489s [p11_child[2327]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 489s [p11_child[2327]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 489s [p11_child[2327]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 489s [p11_child[2327]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 489s [p11_child[2327]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 489s [p11_child[2327]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 489s [p11_child[2327]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 489s [p11_child[2327]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 489s [p11_child[2327]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 489s [p11_child[2327]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 489s [p11_child[2327]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 489s [p11_child[2327]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 489s [p11_child[2327]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 489s [p11_child[2327]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 489s [p11_child[2327]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 489s [p11_child[2327]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 489s [p11_child[2327]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 489s [p11_child[2327]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 489s [p11_child[2327]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 489s [p11_child[2327]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 489s [p11_child[2327]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 489s [p11_child[2327]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 489s [p11_child[2327]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 489s [p11_child[2327]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 489s [p11_child[2327]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 489s [p11_child[2327]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 489s [p11_child[2327]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 489s [p11_child[2327]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 489s [p11_child[2327]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 489s [p11_child[2327]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 489s [p11_child[2327]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 489s [p11_child[2327]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 489s [p11_child[2327]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 489s [p11_child[2327]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 489s [p11_child[2327]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 489s [p11_child[2327]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 489s [p11_child[2327]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 489s [p11_child[2327]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 489s [p11_child[2327]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 489s [p11_child[2327]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 489s [p11_child[2327]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 489s [p11_child[2327]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 489s [p11_child[2327]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 489s [p11_child[2327]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 489s [p11_child[2327]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 489s [p11_child[2327]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 489s [p11_child[2327]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 489s [p11_child[2327]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 489s [p11_child[2327]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 489s [p11_child[2327]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 489s [p11_child[2327]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 489s [p11_child[2327]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 489s [p11_child[2327]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 489s [p11_child[2327]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 489s [p11_child[2327]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 489s [p11_child[2327]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 489s [p11_child[2327]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 489s [p11_child[2327]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 489s [p11_child[2327]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 489s [p11_child[2327]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 489s [p11_child[2327]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 489s [p11_child[2327]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 489s [p11_child[2327]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 489s [p11_child[2327]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 489s [p11_child[2327]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 489s [p11_child[2327]] [do_card] (0x4000): Certificate verified and validated. 489s [p11_child[2327]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 489s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-GcvsPX/SSSD-child-21547-auth.output 489s + echo '-----BEGIN CERTIFICATE-----' 489s + tail -n1 /tmp/sssd-softhsm2-GcvsPX/SSSD-child-21547-auth.output 489s + echo '-----END CERTIFICATE-----' 489s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-GcvsPX/SSSD-child-21547-auth.pem 489s Certificate: 489s Data: 489s Version: 3 (0x2) 489s Serial Number: 5 (0x5) 489s Signature Algorithm: sha256WithRSAEncryption 489s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate CA 489s Validity 489s Not Before: Mar 21 04:29:39 2024 GMT 489s Not After : Mar 21 04:29:39 2025 GMT 489s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate Trusted Certificate 0001 489s Subject Public Key Info: 489s Public Key Algorithm: rsaEncryption 489s Public-Key: (1024 bit) 489s Modulus: 489s 00:da:8d:8b:49:cb:20:9a:81:7a:e7:c6:d8:32:bd: 489s 5d:52:85:75:b2:06:77:4b:51:d8:c5:ec:60:c4:d7: 489s 94:91:24:23:9f:82:6c:76:ff:8e:3a:06:b3:a5:35: 489s b6:16:54:03:6a:ae:b9:7b:34:c7:f3:b6:5b:62:91: 489s d3:8d:f6:25:25:f5:a1:15:17:01:df:0b:f3:31:72: 489s 5c:da:aa:99:39:39:2d:89:51:45:50:63:d7:e1:45: 489s 15:04:de:2a:bc:13:f8:22:3e:8b:3d:70:44:87:64: 489s aa:4f:de:c2:5e:ed:fb:aa:b0:26:15:de:a3:cc:06: 489s 5f:d6:3f:0b:40:59:67:93:d5 489s Exponent: 65537 (0x10001) 489s X509v3 extensions: 489s X509v3 Authority Key Identifier: 489s A4:AB:CC:91:E8:43:9F:7A:94:C1:64:41:93:66:F5:7A:17:5E:DF:32 489s X509v3 Basic Constraints: 489s CA:FALSE 489s Netscape Cert Type: 489s SSL Client, S/MIME 489s Netscape Comment: 489s Test Organization Sub Intermediate CA trusted Certificate 489s X509v3 Subject Key Identifier: 489s A1:F4:56:C2:30:56:60:54:98:98:E6:CC:EF:05:80:F9:FD:97:90:DC 489s X509v3 Key Usage: critical 489s Digital Signature, Non Repudiation, Key Encipherment 489s X509v3 Extended Key Usage: 489s TLS Web Client Authentication, E-mail Protection 489s X509v3 Subject Alternative Name: 489s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 489s Signature Algorithm: sha256WithRSAEncryption 489s Signature Value: 489s d5:6d:a6:1c:d9:90:0c:15:d8:19:3d:2b:63:d2:75:fe:f9:b0: 489s 2c:60:26:07:0a:f5:2e:77:e5:6b:68:11:3b:20:0c:00:5a:84: 489s 09:70:dd:48:28:ac:d1:53:fd:f3:77:ca:f1:6a:fe:5f:e4:e5: 489s b8:07:95:5d:f7:ba:ad:eb:8a:a4:de:ac:21:1d:9e:6b:c4:a9: 489s 7c:87:a9:6c:b2:7c:a0:8d:0a:a0:4a:83:60:96:2f:f7:d2:59: 489s 91:e4:d1:16:4e:e6:d8:8e:1e:d1:5a:0f:b1:f8:98:f5:42:bb: 489s e0:6a:b2:1b:f2:4b:36:1a:03:a8:b6:9e:cc:89:6d:f9:84:d6: 489s a7:c8 489s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-GcvsPX/SSSD-child-21547-auth.pem 489s + found_md5=Modulus=DA8D8B49CB209A817AE7C6D832BD5D528575B206774B51D8C5EC60C4D7949124239F826C76FF8E3A06B3A535B61654036AAEB97B34C7F3B65B6291D38DF62525F5A1151701DF0BF331725CDAAA9939392D8951455063D7E1451504DE2ABC13F8223E8B3D70448764AA4FDEC25EEDFBAAB02615DEA3CC065FD63F0B40596793D5 489s + '[' Modulus=DA8D8B49CB209A817AE7C6D832BD5D528575B206774B51D8C5EC60C4D7949124239F826C76FF8E3A06B3A535B61654036AAEB97B34C7F3B65B6291D38DF62525F5A1151701DF0BF331725CDAAA9939392D8951455063D7E1451504DE2ABC13F8223E8B3D70448764AA4FDEC25EEDFBAAB02615DEA3CC065FD63F0B40596793D5 '!=' Modulus=DA8D8B49CB209A817AE7C6D832BD5D528575B206774B51D8C5EC60C4D7949124239F826C76FF8E3A06B3A535B61654036AAEB97B34C7F3B65B6291D38DF62525F5A1151701DF0BF331725CDAAA9939392D8951455063D7E1451504DE2ABC13F8223E8B3D70448764AA4FDEC25EEDFBAAB02615DEA3CC065FD63F0B40596793D5 ']' 489s + valid_certificate /tmp/sssd-softhsm2-GcvsPX/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-24609 /tmp/sssd-softhsm2-GcvsPX/test-intermediate-sub-chain-CA.pem partial_chain 489s + check_certificate /tmp/sssd-softhsm2-GcvsPX/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-24609 /tmp/sssd-softhsm2-GcvsPX/test-intermediate-sub-chain-CA.pem partial_chain 489s + local certificate=/tmp/sssd-softhsm2-GcvsPX/test-sub-intermediate-CA-trusted-certificate-0001.pem 489s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-24609 489s + local key_ring=/tmp/sssd-softhsm2-GcvsPX/test-intermediate-sub-chain-CA.pem 489s + local verify_option=partial_chain 489s + prepare_softhsm2_card /tmp/sssd-softhsm2-GcvsPX/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-24609 489s + local certificate=/tmp/sssd-softhsm2-GcvsPX/test-sub-intermediate-CA-trusted-certificate-0001.pem 489s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-24609 489s + local key_cn 489s + local key_name 489s + local tokens_dir 489s + local output_cert_file 489s + token_name= 489s ++ basename /tmp/sssd-softhsm2-GcvsPX/test-sub-intermediate-CA-trusted-certificate-0001.pem .pem 489s + key_name=test-sub-intermediate-CA-trusted-certificate-0001 489s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-GcvsPX/test-sub-intermediate-CA-trusted-certificate-0001.pem 489s ++ sed -n 's/ *commonName *= //p' 489s + key_cn='Test Organization Sub Intermediate Trusted Certificate 0001' 489s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 489s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-GcvsPX/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 489s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-GcvsPX/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 489s ++ basename /tmp/sssd-softhsm2-GcvsPX/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf .conf 489s + tokens_dir=/tmp/sssd-softhsm2-GcvsPX/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 489s + token_name='Test Organization Sub Int Token' 489s + '[' '!' -e /tmp/sssd-softhsm2-GcvsPX/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf ']' 489s + '[' '!' -d /tmp/sssd-softhsm2-GcvsPX/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 ']' 489s + echo 'Test Organization Sub Int Token' 489s + '[' -n partial_chain ']' 489s + local verify_arg=--verify=partial_chain 489s + local output_base_name=SSSD-child-1274 489s + local output_file=/tmp/sssd-softhsm2-GcvsPX/SSSD-child-1274.output 489s + output_cert_file=/tmp/sssd-softhsm2-GcvsPX/SSSD-child-1274.pem 489s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so --verify=partial_chain --ca_db=/tmp/sssd-softhsm2-GcvsPX/test-intermediate-sub-chain-CA.pem 489s [p11_child[2337]] [main] (0x0400): p11_child started. 489s [p11_child[2337]] [main] (0x2000): Running in [pre-auth] mode. 489s [p11_child[2337]] [main] (0x2000): Running with effective IDs: [0][0]. 489s [p11_child[2337]] [main] (0x2000): Running with real IDs [0][0]. 489s [p11_child[2337]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 489s Test Organization Sub Int Token 489s [p11_child[2337]] [do_card] (0x4000): Module List: 489s [p11_child[2337]] [do_card] (0x4000): common name: [softhsm2]. 489s [p11_child[2337]] [do_card] (0x4000): dll name: [/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 489s [p11_child[2337]] [do_card] (0x4000): Description [SoftHSM slot ID 0x5a2433aa] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 489s [p11_child[2337]] [do_card] (0x4000): Token label [Test Organization Sub Int Token]. 489s [p11_child[2337]] [do_card] (0x4000): Found [Test Organization Sub Int Token] in slot [SoftHSM slot ID 0x5a2433aa][1512321962] of module [0][/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 489s [p11_child[2337]] [do_card] (0x4000): Login NOT required. 489s [p11_child[2337]] [read_certs] (0x4000): found cert[Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] 489s [p11_child[2337]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 489s [p11_child[2337]] [do_card] (0x4000): /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so (null) Test Organization Sub Int Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 489s [p11_child[2337]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x5a2433aa;slot-manufacturer=SoftHSM%20project;slot-id=1512321962;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=1d8268625a2433aa;token=Test%20Organization%20Sub%20Int%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Sub%20Intermediate%20Trusted%20Certificate%200001;type=cert. 489s [p11_child[2337]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 489s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-GcvsPX/SSSD-child-1274.output 489s + echo '-----BEGIN CERTIFICATE-----' 489s + tail -n1 /tmp/sssd-softhsm2-GcvsPX/SSSD-child-1274.output 489s + echo '-----END CERTIFICATE-----' 489s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-GcvsPX/SSSD-child-1274.pem 489s + local found_md5 expected_md5 489s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-GcvsPX/test-sub-intermediate-CA-trusted-certificate-0001.pem 489s Certificate: 489s Data: 489s Version: 3 (0x2) 489s Serial Number: 5 (0x5) 489s Signature Algorithm: sha256WithRSAEncryption 489s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate CA 489s Validity 489s Not Before: Mar 21 04:29:39 2024 GMT 489s Not After : Mar 21 04:29:39 2025 GMT 489s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate Trusted Certificate 0001 489s Subject Public Key Info: 489s Public Key Algorithm: rsaEncryption 489s Public-Key: (1024 bit) 489s Modulus: 489s 00:da:8d:8b:49:cb:20:9a:81:7a:e7:c6:d8:32:bd: 489s 5d:52:85:75:b2:06:77:4b:51:d8:c5:ec:60:c4:d7: 489s 94:91:24:23:9f:82:6c:76:ff:8e:3a:06:b3:a5:35: 489s b6:16:54:03:6a:ae:b9:7b:34:c7:f3:b6:5b:62:91: 489s d3:8d:f6:25:25:f5:a1:15:17:01:df:0b:f3:31:72: 489s 5c:da:aa:99:39:39:2d:89:51:45:50:63:d7:e1:45: 489s 15:04:de:2a:bc:13:f8:22:3e:8b:3d:70:44:87:64: 489s aa:4f:de:c2:5e:ed:fb:aa:b0:26:15:de:a3:cc:06: 489s 5f:d6:3f:0b:40:59:67:93:d5 489s Exponent: 65537 (0x10001) 489s X509v3 extensions: 489s X509v3 Authority Key Identifier: 489s A4:AB:CC:91:E8:43:9F:7A:94:C1:64:41:93:66:F5:7A:17:5E:DF:32 489s X509v3 Basic Constraints: 489s CA:FALSE 489s Netscape Cert Type: 489s SSL Client, S/MIME 489s Netscape Comment: 489s Test Organization Sub Intermediate CA trusted Certificate 489s X509v3 Subject Key Identifier: 489s A1:F4:56:C2:30:56:60:54:98:98:E6:CC:EF:05:80:F9:FD:97:90:DC 489s X509v3 Key Usage: critical 489s Digital Signature, Non Repudiation, Key Encipherment 489s X509v3 Extended Key Usage: 489s TLS Web Client Authentication, E-mail Protection 489s X509v3 Subject Alternative Name: 489s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 489s Signature Algorithm: sha256WithRSAEncryption 489s Signature Value: 489s d5:6d:a6:1c:d9:90:0c:15:d8:19:3d:2b:63:d2:75:fe:f9:b0: 489s 2c:60:26:07:0a:f5:2e:77:e5:6b:68:11:3b:20:0c:00:5a:84: 489s 09:70:dd:48:28:ac:d1:53:fd:f3:77:ca:f1:6a:fe:5f:e4:e5: 489s b8:07:95:5d:f7:ba:ad:eb:8a:a4:de:ac:21:1d:9e:6b:c4:a9: 489s 7c:87:a9:6c:b2:7c:a0:8d:0a:a0:4a:83:60:96:2f:f7:d2:59: 489s 91:e4:d1:16:4e:e6:d8:8e:1e:d1:5a:0f:b1:f8:98:f5:42:bb: 489s e0:6a:b2:1b:f2:4b:36:1a:03:a8:b6:9e:cc:89:6d:f9:84:d6: 489s a7:c8 489s + expected_md5=Modulus=DA8D8B49CB209A817AE7C6D832BD5D528575B206774B51D8C5EC60C4D7949124239F826C76FF8E3A06B3A535B61654036AAEB97B34C7F3B65B6291D38DF62525F5A1151701DF0BF331725CDAAA9939392D8951455063D7E1451504DE2ABC13F8223E8B3D70448764AA4FDEC25EEDFBAAB02615DEA3CC065FD63F0B40596793D5 489s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-GcvsPX/SSSD-child-1274.pem 489s + found_md5=Modulus=DA8D8B49CB209A817AE7C6D832BD5D528575B206774B51D8C5EC60C4D7949124239F826C76FF8E3A06B3A535B61654036AAEB97B34C7F3B65B6291D38DF62525F5A1151701DF0BF331725CDAAA9939392D8951455063D7E1451504DE2ABC13F8223E8B3D70448764AA4FDEC25EEDFBAAB02615DEA3CC065FD63F0B40596793D5 489s + '[' Modulus=DA8D8B49CB209A817AE7C6D832BD5D528575B206774B51D8C5EC60C4D7949124239F826C76FF8E3A06B3A535B61654036AAEB97B34C7F3B65B6291D38DF62525F5A1151701DF0BF331725CDAAA9939392D8951455063D7E1451504DE2ABC13F8223E8B3D70448764AA4FDEC25EEDFBAAB02615DEA3CC065FD63F0B40596793D5 '!=' Modulus=DA8D8B49CB209A817AE7C6D832BD5D528575B206774B51D8C5EC60C4D7949124239F826C76FF8E3A06B3A535B61654036AAEB97B34C7F3B65B6291D38DF62525F5A1151701DF0BF331725CDAAA9939392D8951455063D7E1451504DE2ABC13F8223E8B3D70448764AA4FDEC25EEDFBAAB02615DEA3CC065FD63F0B40596793D5 ']' 489s + output_file=/tmp/sssd-softhsm2-GcvsPX/SSSD-child-1274-auth.output 489s ++ basename /tmp/sssd-softhsm2-GcvsPX/SSSD-child-1274-auth.output .output 489s + output_cert_file=/tmp/sssd-softhsm2-GcvsPX/SSSD-child-1274-auth.pem 489s + echo -n 053350 489s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/tmp/sssd-softhsm2-GcvsPX/test-intermediate-sub-chain-CA.pem --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 --verify=partial_chain --token_name 'Test Organization Sub Int Token' --module_name /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so 489s [p11_child[2345]] [main] (0x0400): p11_child started. 489s [p11_child[2345]] [main] (0x2000): Running in [auth] mode. 489s [p11_child[2345]] [main] (0x2000): Running with effective IDs: [0][0]. 489s [p11_child[2345]] [main] (0x2000): Running with real IDs [0][0]. 489s [p11_child[2345]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 489s [p11_child[2345]] [do_card] (0x4000): Module List: 489s [p11_child[2345]] [do_card] (0x4000): common name: [softhsm2]. 489s [p11_child[2345]] [do_card] (0x4000): dll name: [/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 489s [p11_child[2345]] [do_card] (0x4000): Description [SoftHSM slot ID 0x5a2433aa] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 489s [p11_child[2345]] [do_card] (0x4000): Token label [Test Organization Sub Int Token]. 489s [p11_child[2345]] [do_card] (0x4000): Found [Test Organization Sub Int Token] in slot [SoftHSM slot ID 0x5a2433aa][1512321962] of module [0][/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 489s [p11_child[2345]] [do_card] (0x4000): Login required. 489s [p11_child[2345]] [read_certs] (0x4000): found cert[Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] 489s [p11_child[2345]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 489s [p11_child[2345]] [do_card] (0x4000): /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so Test Organization Sub Int Token Test Organization Sub Int Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 489s [p11_child[2345]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x5a2433aa;slot-manufacturer=SoftHSM%20project;slot-id=1512321962;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=1d8268625a2433aa;token=Test%20Organization%20Sub%20Int%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Sub%20Intermediate%20Trusted%20Certificate%200001;type=cert. 489s [p11_child[2345]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 489s [p11_child[2345]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 489s [p11_child[2345]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 489s [p11_child[2345]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 489s [p11_child[2345]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 489s [p11_child[2345]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 489s [p11_child[2345]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 489s [p11_child[2345]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 489s [p11_child[2345]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 489s [p11_child[2345]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 489s [p11_child[2345]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 489s [p11_child[2345]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 489s [p11_child[2345]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 489s [p11_child[2345]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 489s [p11_child[2345]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 489s [p11_child[2345]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 489s [p11_child[2345]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 489s [p11_child[2345]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 489s [p11_child[2345]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 489s [p11_child[2345]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 489s [p11_child[2345]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 489s [p11_child[2345]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 489s [p11_child[2345]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 489s [p11_child[2345]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 489s [p11_child[2345]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 489s [p11_child[2345]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 489s [p11_child[2345]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 489s [p11_child[2345]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 489s [p11_child[2345]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 489s [p11_child[2345]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 489s [p11_child[2345]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 489s [p11_child[2345]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 489s [p11_child[2345]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 489s [p11_child[2345]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 489s [p11_child[2345]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 489s [p11_child[2345]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 489s [p11_child[2345]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 489s [p11_child[2345]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 489s [p11_child[2345]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 489s [p11_child[2345]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 489s [p11_child[2345]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 489s [p11_child[2345]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 489s [p11_child[2345]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 489s [p11_child[2345]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 489s [p11_child[2345]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 489s [p11_child[2345]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 489s [p11_child[2345]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 489s [p11_child[2345]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 489s [p11_child[2345]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 489s [p11_child[2345]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 489s [p11_child[2345]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 489s [p11_child[2345]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 489s [p11_child[2345]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 489s [p11_child[2345]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 489s [p11_child[2345]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 489s [p11_child[2345]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 489s [p11_child[2345]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 489s [p11_child[2345]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 489s [p11_child[2345]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 489s [p11_child[2345]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 489s [p11_child[2345]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 489s [p11_child[2345]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 489s [p11_child[2345]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 489s [p11_child[2345]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 489s [p11_child[2345]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 489s [p11_child[2345]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 489s [p11_child[2345]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 489s [p11_child[2345]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 489s [p11_child[2345]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 489s [p11_child[2345]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 489s [p11_child[2345]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 489s [p11_child[2345]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 489s [p11_child[2345]] [do_card] (0x4000): Certificate verified and validated. 489s [p11_child[2345]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 489s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-GcvsPX/SSSD-child-1274-auth.output 489s + echo '-----BEGIN CERTIFICATE-----' 489s + tail -n1 /tmp/sssd-softhsm2-GcvsPX/SSSD-child-1274-auth.output 489s + echo '-----END CERTIFICATE-----' 489s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-GcvsPX/SSSD-child-1274-auth.pem 489s Certificate: 489s Data: 489s Version: 3 (0x2) 489s Serial Number: 5 (0x5) 489s Signature Algorithm: sha256WithRSAEncryption 489s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate CA 489s Validity 489s Not Before: Mar 21 04:29:39 2024 GMT 489s Not After : Mar 21 04:29:39 2025 GMT 489s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate Trusted Certificate 0001 489s Subject Public Key Info: 489s Public Key Algorithm: rsaEncryption 489s Public-Key: (1024 bit) 489s Modulus: 489s 00:da:8d:8b:49:cb:20:9a:81:7a:e7:c6:d8:32:bd: 489s 5d:52:85:75:b2:06:77:4b:51:d8:c5:ec:60:c4:d7: 489s 94:91:24:23:9f:82:6c:76:ff:8e:3a:06:b3:a5:35: 489s b6:16:54:03:6a:ae:b9:7b:34:c7:f3:b6:5b:62:91: 489s d3:8d:f6:25:25:f5:a1:15:17:01:df:0b:f3:31:72: 489s 5c:da:aa:99:39:39:2d:89:51:45:50:63:d7:e1:45: 489s 15:04:de:2a:bc:13:f8:22:3e:8b:3d:70:44:87:64: 489s aa:4f:de:c2:5e:ed:fb:aa:b0:26:15:de:a3:cc:06: 489s 5f:d6:3f:0b:40:59:67:93:d5 489s Exponent: 65537 (0x10001) 489s X509v3 extensions: 489s X509v3 Authority Key Identifier: 489s A4:AB:CC:91:E8:43:9F:7A:94:C1:64:41:93:66:F5:7A:17:5E:DF:32 489s X509v3 Basic Constraints: 489s CA:FALSE 489s Netscape Cert Type: 489s SSL Client, S/MIME 489s Netscape Comment: 489s Test Organization Sub Intermediate CA trusted Certificate 489s X509v3 Subject Key Identifier: 489s A1:F4:56:C2:30:56:60:54:98:98:E6:CC:EF:05:80:F9:FD:97:90:DC 489s X509v3 Key Usage: critical 489s Digital Signature, Non Repudiation, Key Encipherment 489s X509v3 Extended Key Usage: 489s TLS Web Client Authentication, E-mail Protection 489s X509v3 Subject Alternative Name: 489s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 489s Signature Algorithm: sha256WithRSAEncryption 489s Signature Value: 489s d5:6d:a6:1c:d9:90:0c:15:d8:19:3d:2b:63:d2:75:fe:f9:b0: 489s 2c:60:26:07:0a:f5:2e:77:e5:6b:68:11:3b:20:0c:00:5a:84: 489s 09:70:dd:48:28:ac:d1:53:fd:f3:77:ca:f1:6a:fe:5f:e4:e5: 489s b8:07:95:5d:f7:ba:ad:eb:8a:a4:de:ac:21:1d:9e:6b:c4:a9: 489s 7c:87:a9:6c:b2:7c:a0:8d:0a:a0:4a:83:60:96:2f:f7:d2:59: 489s 91:e4:d1:16:4e:e6:d8:8e:1e:d1:5a:0f:b1:f8:98:f5:42:bb: 489s e0:6a:b2:1b:f2:4b:36:1a:03:a8:b6:9e:cc:89:6d:f9:84:d6: 489s a7:c8 489s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-GcvsPX/SSSD-child-1274-auth.pem 489s 489s + found_md5=Modulus=DA8D8B49CB209A817AE7C6D832BD5D528575B206774B51D8C5EC60C4D7949124239F826C76FF8E3A06B3A535B61654036AAEB97B34C7F3B65B6291D38DF62525F5A1151701DF0BF331725CDAAA9939392D8951455063D7E1451504DE2ABC13F8223E8B3D70448764AA4FDEC25EEDFBAAB02615DEA3CC065FD63F0B40596793D5 489s + '[' Modulus=DA8D8B49CB209A817AE7C6D832BD5D528575B206774B51D8C5EC60C4D7949124239F826C76FF8E3A06B3A535B61654036AAEB97B34C7F3B65B6291D38DF62525F5A1151701DF0BF331725CDAAA9939392D8951455063D7E1451504DE2ABC13F8223E8B3D70448764AA4FDEC25EEDFBAAB02615DEA3CC065FD63F0B40596793D5 '!=' Modulus=DA8D8B49CB209A817AE7C6D832BD5D528575B206774B51D8C5EC60C4D7949124239F826C76FF8E3A06B3A535B61654036AAEB97B34C7F3B65B6291D38DF62525F5A1151701DF0BF331725CDAAA9939392D8951455063D7E1451504DE2ABC13F8223E8B3D70448764AA4FDEC25EEDFBAAB02615DEA3CC065FD63F0B40596793D5 ']' 489s + set +x 489s Test completed, Root CA and intermediate issued certificates verified! 490s autopkgtest [04:29:46]: test sssd-softhism2-certificates-tests.sh: -----------------------] 490s autopkgtest [04:29:46]: test sssd-softhism2-certificates-tests.sh: - - - - - - - - - - results - - - - - - - - - - 490s sssd-softhism2-certificates-tests.sh PASS 491s autopkgtest [04:29:47]: test sssd-smart-card-pam-auth-configs: preparing testbed 493s Reading package lists... 493s Building dependency tree... 493s Reading state information... 493s Starting pkgProblemResolver with broken count: 0 493s Starting 2 pkgProblemResolver with broken count: 0 493s Done 494s The following additional packages will be installed: 494s pamtester 494s The following NEW packages will be installed: 494s autopkgtest-satdep pamtester 494s 0 upgraded, 2 newly installed, 0 to remove and 0 not upgraded. 494s Need to get 12.2 kB/13.0 kB of archives. 494s After this operation, 36.9 kB of additional disk space will be used. 494s Get:1 /tmp/autopkgtest.7Qr1lf/4-autopkgtest-satdep.deb autopkgtest-satdep s390x 0 [760 B] 494s Get:2 http://ftpmaster.internal/ubuntu noble/universe s390x pamtester s390x 0.1.2-4 [12.2 kB] 494s Fetched 12.2 kB in 0s (83.5 kB/s) 494s Selecting previously unselected package pamtester. 494s (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 52318 files and directories currently installed.) 494s Preparing to unpack .../pamtester_0.1.2-4_s390x.deb ... 494s Unpacking pamtester (0.1.2-4) ... 494s Selecting previously unselected package autopkgtest-satdep. 494s Preparing to unpack .../4-autopkgtest-satdep.deb ... 494s Unpacking autopkgtest-satdep (0) ... 494s Setting up pamtester (0.1.2-4) ... 494s Setting up autopkgtest-satdep (0) ... 494s Processing triggers for man-db (2.12.0-3) ... 497s (Reading database ... 52324 files and directories currently installed.) 497s Removing autopkgtest-satdep (0) ... 498s autopkgtest [04:29:54]: test sssd-smart-card-pam-auth-configs: env OFFLINE_MODE=1 bash debian/tests/sssd-smart-card-pam-auth-configs-tester.sh 498s autopkgtest [04:29:54]: test sssd-smart-card-pam-auth-configs: [----------------------- 498s + '[' -z ubuntu ']' 498s + export DEBIAN_FRONTEND=noninteractive 498s + DEBIAN_FRONTEND=noninteractive 498s + required_tools=(pamtester softhsm2-util sssd) 498s + [[ ! -v OFFLINE_MODE ]] 498s + for cmd in "${required_tools[@]}" 498s + command -v pamtester 498s + for cmd in "${required_tools[@]}" 498s + command -v softhsm2-util 498s + for cmd in "${required_tools[@]}" 498s + command -v sssd 498s + PIN=123456 498s ++ mktemp -d -t sssd-softhsm2-certs-XXXXXX 498s + tmpdir=/tmp/sssd-softhsm2-certs-uqsmbQ 498s + backupsdir= 498s + alternative_pam_configs=(sss-smart-card-optional sss-smart-card-required) 498s + declare -a restore_paths 498s + declare -a delete_paths 498s + trap handle_exit EXIT 498s ++ dirname debian/tests/sssd-smart-card-pam-auth-configs-tester.sh 498s + tester=debian/tests/sssd-softhism2-certificates-tests.sh 498s + '[' '!' -e debian/tests/sssd-softhism2-certificates-tests.sh ']' 498s + '[' '!' -e debian/tests/sssd-softhism2-certificates-tests.sh ']' 498s + export PIN TEST_TMPDIR=/tmp/sssd-softhsm2-certs-uqsmbQ GENERATE_SMART_CARDS=1 KEEP_TEMPORARY_FILES=1 NO_SSSD_TESTS=1 498s + TEST_TMPDIR=/tmp/sssd-softhsm2-certs-uqsmbQ 498s + GENERATE_SMART_CARDS=1 498s + KEEP_TEMPORARY_FILES=1 498s + NO_SSSD_TESTS=1 498s + bash debian/tests/sssd-softhism2-certificates-tests.sh 498s + '[' -z ubuntu ']' 498s + required_tools=(p11tool openssl softhsm2-util) 498s + for cmd in "${required_tools[@]}" 498s + command -v p11tool 498s + for cmd in "${required_tools[@]}" 498s + command -v openssl 498s + for cmd in "${required_tools[@]}" 498s + command -v softhsm2-util 498s + PIN=123456 498s +++ find /usr/lib/softhsm/libsofthsm2.so 498s +++ head -n 1 498s ++ realpath /usr/lib/softhsm/libsofthsm2.so 498s + SOFTHSM2_MODULE=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so 498s + SSSD_P11_CHILD=/usr/libexec/sssd/p11_child 498s + TOKEN_ID=00112233445566778899FFAABBCCDDEEFF012345 498s + '[' '!' -v NO_SSSD_TESTS ']' 498s + '[' '!' -e /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so ']' 498s + tmpdir=/tmp/sssd-softhsm2-certs-uqsmbQ 498s + keys_size=1024 498s + [[ ! -v KEEP_TEMPORARY_FILES ]] 498s + trap 'set +x; echo -e "\nUnexpected failure!!!"' ERR 498s + echo -n 01 498s + touch /tmp/sssd-softhsm2-certs-uqsmbQ/index.txt 498s + mkdir -p /tmp/sssd-softhsm2-certs-uqsmbQ/new_certs 498s + cat 498s + root_ca_key_pass=pass:random-root-CA-password-15645 498s + openssl genrsa -aes256 -out /tmp/sssd-softhsm2-certs-uqsmbQ/test-root-CA-key.pem -passout pass:random-root-CA-password-15645 1024 498s + openssl req -passin pass:random-root-CA-password-15645 -batch -config /tmp/sssd-softhsm2-certs-uqsmbQ/test-root-CA.config -x509 -new -nodes -key /tmp/sssd-softhsm2-certs-uqsmbQ/test-root-CA-key.pem -sha256 -days 1024 -set_serial 0 -extensions v3_ca -out /tmp/sssd-softhsm2-certs-uqsmbQ/test-root-CA.pem 498s + openssl x509 -noout -in /tmp/sssd-softhsm2-certs-uqsmbQ/test-root-CA.pem 498s + cat 498s + intermediate_ca_key_pass=pass:random-intermediate-CA-password-27422 498s + openssl genrsa -aes256 -out /tmp/sssd-softhsm2-certs-uqsmbQ/test-intermediate-CA-key.pem -passout pass:random-intermediate-CA-password-27422 1024 498s + openssl req -batch -new -nodes -passin pass:random-intermediate-CA-password-27422 -config /tmp/sssd-softhsm2-certs-uqsmbQ/test-intermediate-CA.config -key /tmp/sssd-softhsm2-certs-uqsmbQ/test-intermediate-CA-key.pem -passout pass:random-root-CA-password-15645 -sha256 -extensions v3_ca -out /tmp/sssd-softhsm2-certs-uqsmbQ/test-intermediate-CA-certificate-request.pem 498s + openssl req -text -noout -in /tmp/sssd-softhsm2-certs-uqsmbQ/test-intermediate-CA-certificate-request.pem 498s Certificate Request: 498s Data: 498s Version: 1 (0x0) 498s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate CA 498s Subject Public Key Info: 498s Public Key Algorithm: rsaEncryption 498s Public-Key: (1024 bit) 498s Modulus: 498s 00:b8:33:80:f4:d9:49:e7:56:93:15:1a:56:07:fa: 498s 8c:62:8f:30:22:c6:73:78:fa:ab:b9:4c:f4:6d:b3: 498s f3:cf:66:b3:d3:50:fb:58:2c:cf:98:43:34:f1:4c: 498s 63:f9:8c:3c:72:f4:3c:3b:c5:4e:5c:9e:e7:27:0d: 498s d9:d1:32:8e:57:be:5b:c6:63:fb:56:47:50:c5:14: 498s 6b:cd:6b:fc:09:ee:d1:1c:93:a9:b0:90:97:ed:26: 498s 53:4a:df:ec:f0:2f:4e:34:51:20:f2:29:09:9f:35: 498s fd:96:6c:87:f8:f6:e0:f2:0a:51:1f:4d:33:ff:ae: 498s 2c:09:df:ab:64:29:a7:54:97 498s Exponent: 65537 (0x10001) 498s Attributes: 498s (none) 498s Requested Extensions: 498s Signature Algorithm: sha256WithRSAEncryption 498s Signature Value: 498s 9c:0b:ab:e3:fa:48:b8:f4:07:da:ee:21:bd:bd:d9:fc:e6:6e: 498s 69:21:da:aa:3d:20:a2:4a:11:9e:a0:86:26:2b:88:f1:f1:fc: 498s 0f:86:fa:00:d6:e0:50:e9:97:7f:b1:66:e0:2c:cb:91:c3:fe: 498s ff:54:44:e6:66:a1:19:b6:1e:87:d9:c7:0f:75:7f:b5:53:5d: 498s 3d:fe:a6:ae:5e:a5:de:da:71:a2:b5:c4:95:83:c3:ad:c4:9a: 498s a1:e1:04:28:31:e2:96:07:e1:77:29:1e:b4:10:80:f6:67:d2: 498s f4:42:89:1d:4c:b9:5d:6b:1f:04:8b:47:73:86:b1:85:9b:12: 498s 8f:04 498s + openssl ca -batch -notext -config /tmp/sssd-softhsm2-certs-uqsmbQ/test-root-CA.config -passin pass:random-root-CA-password-15645 -keyfile /tmp/sssd-softhsm2-certs-uqsmbQ/test-root-CA-key.pem -in /tmp/sssd-softhsm2-certs-uqsmbQ/test-intermediate-CA-certificate-request.pem -days 365 -extensions v3_intermediate_ca -out /tmp/sssd-softhsm2-certs-uqsmbQ/test-intermediate-CA.pem 498s Using configuration from /tmp/sssd-softhsm2-certs-uqsmbQ/test-root-CA.config 498s Check that the request matches the signature 498s Signature ok 498s Certificate Details: 498s Serial Number: 1 (0x1) 498s Validity 498s Not Before: Mar 21 04:29:54 2024 GMT 498s Not After : Mar 21 04:29:54 2025 GMT 498s Subject: 498s organizationName = Test Organization 498s organizationalUnitName = Test Organization Unit 498s commonName = Test Organization Intermediate CA 498s X509v3 extensions: 498s X509v3 Subject Key Identifier: 498s 99:B4:18:DB:A9:0D:F2:B6:DE:59:9B:34:42:E0:7A:69:97:17:6A:B4 498s X509v3 Authority Key Identifier: 498s keyid:6C:42:03:D3:0D:FA:8F:60:E3:AA:24:E6:DA:56:9C:2E:18:62:F1:80 498s DirName:/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root CA 498s serial:00 498s X509v3 Basic Constraints: 498s CA:TRUE 498s X509v3 Key Usage: critical 498s Digital Signature, Certificate Sign, CRL Sign 498s Certificate is to be certified until Mar 21 04:29:54 2025 GMT (365 days) 498s 498s Write out database with 1 new entries 498s Database updated 498s + openssl x509 -noout -in /tmp/sssd-softhsm2-certs-uqsmbQ/test-intermediate-CA.pem 498s + openssl verify -CAfile /tmp/sssd-softhsm2-certs-uqsmbQ/test-root-CA.pem /tmp/sssd-softhsm2-certs-uqsmbQ/test-intermediate-CA.pem 498s /tmp/sssd-softhsm2-certs-uqsmbQ/test-intermediate-CA.pem: OK 498s + cat 498s + sub_intermediate_ca_key_pass=pass:random-sub-intermediate-CA-password-4941 498s + openssl genrsa -aes256 -out /tmp/sssd-softhsm2-certs-uqsmbQ/test-sub-intermediate-CA-key.pem -passout pass:random-sub-intermediate-CA-password-4941 1024 498s + openssl req -batch -new -nodes -passin pass:random-sub-intermediate-CA-password-4941 -config /tmp/sssd-softhsm2-certs-uqsmbQ/test-sub-intermediate-CA.config -key /tmp/sssd-softhsm2-certs-uqsmbQ/test-sub-intermediate-CA-key.pem -passout pass:random-intermediate-CA-password-27422 -sha256 -extensions v3_ca -out /tmp/sssd-softhsm2-certs-uqsmbQ/test-sub-intermediate-CA-certificate-request.pem 498s + openssl req -text -noout -in /tmp/sssd-softhsm2-certs-uqsmbQ/test-sub-intermediate-CA-certificate-request.pem 498s Certificate Request: 498s Data: 498s Version: 1 (0x0) 498s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate CA 498s Subject Public Key Info: 498s Public Key Algorithm: rsaEncryption 498s Public-Key: (1024 bit) 498s Modulus: 498s 00:b0:6c:2d:3c:80:02:d0:3e:f8:f0:6c:f3:6c:92: 498s e5:c2:3f:58:52:b9:94:4a:88:7e:c9:c1:c5:76:8b: 498s f9:05:ab:ff:4a:ff:22:c9:82:42:6c:bc:90:02:2d: 498s 08:dc:ca:73:1e:db:f8:31:be:7d:21:43:b5:db:3d: 498s 57:a0:db:df:ae:24:eb:a1:51:ef:9b:35:47:15:bc: 498s da:fa:84:f4:fc:d4:bf:a8:c1:a3:2d:ee:65:05:42: 498s b1:a8:d5:53:84:a6:bf:e7:b1:d9:07:2a:5a:3c:90: 498s 97:43:0d:9f:84:82:21:a8:a2:27:72:7b:1a:8f:27: 498s f3:5c:69:a3:21:2b:42:fc:eb 498s Exponent: 65537 (0x10001) 498s Attributes: 498s (none) 498s Requested Extensions: 498s Signature Algorithm: sha256WithRSAEncryption 498s Signature Value: 498s 70:bd:57:be:e8:e9:da:43:9c:25:24:a3:c7:10:36:10:94:16: 498s 49:62:05:43:f4:6d:57:cc:12:25:93:cd:f1:48:5a:8b:4d:d7: 498s 07:a5:cb:43:f5:e5:df:a3:13:54:b7:a4:a4:96:64:c8:02:c5: 498s 70:17:6b:71:63:70:00:9e:5c:e6:97:48:61:24:5d:44:b4:d6: 498s 84:f8:2f:ba:4a:b3:04:8f:b3:fe:ef:34:83:12:38:2a:a3:49: 498s b3:c9:07:d6:fb:82:f0:b0:59:67:6c:96:bc:16:3d:f5:7d:29: 498s 30:6c:85:d4:ca:17:a4:60:80:8f:1b:44:a2:e2:3b:ae:22:ba: 498s cf:6e 498s + openssl ca -batch -notext -config /tmp/sssd-softhsm2-certs-uqsmbQ/test-intermediate-CA.config -passin pass:random-intermediate-CA-password-27422 -keyfile /tmp/sssd-softhsm2-certs-uqsmbQ/test-intermediate-CA-key.pem -in /tmp/sssd-softhsm2-certs-uqsmbQ/test-sub-intermediate-CA-certificate-request.pem -days 365 -extensions v3_intermediate_ca -out /tmp/sssd-softhsm2-certs-uqsmbQ/test-sub-intermediate-CA.pem 498s Using configuration from /tmp/sssd-softhsm2-certs-uqsmbQ/test-intermediate-CA.config 498s Check that the request matches the signature 498s Signature ok 498s Certificate Details: 498s Serial Number: 2 (0x2) 498s Validity 498s Not Before: Mar 21 04:29:54 2024 GMT 498s Not After : Mar 21 04:29:54 2025 GMT 498s Subject: 498s organizationName = Test Organization 498s organizationalUnitName = Test Organization Unit 498s commonName = Test Organization Sub Intermediate CA 498s X509v3 extensions: 498s X509v3 Subject Key Identifier: 498s E5:71:5A:E9:DB:E9:BA:E6:75:12:85:CC:67:FD:F7:76:F2:BD:1C:9B 498s X509v3 Authority Key Identifier: 498s keyid:99:B4:18:DB:A9:0D:F2:B6:DE:59:9B:34:42:E0:7A:69:97:17:6A:B4 498s DirName:/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root CA 498s serial:01 498s X509v3 Basic Constraints: 498s CA:TRUE 498s X509v3 Key Usage: critical 498s Digital Signature, Certificate Sign, CRL Sign 498s Certificate is to be certified until Mar 21 04:29:54 2025 GMT (365 days) 498s 498s Write out database with 1 new entries 498s Database updated 498s + openssl x509 -noout -in /tmp/sssd-softhsm2-certs-uqsmbQ/test-sub-intermediate-CA.pem 498s + openssl verify -partial_chain -CAfile /tmp/sssd-softhsm2-certs-uqsmbQ/test-intermediate-CA.pem /tmp/sssd-softhsm2-certs-uqsmbQ/test-sub-intermediate-CA.pem 498s + expect_fail openssl verify -CAfile /tmp/sssd-softhsm2-certs-uqsmbQ/test-root-CA.pem /tmp/sssd-softhsm2-certs-uqsmbQ/test-sub-intermediate-CA.pem 498s + local cmd=openssl 498s + shift 498s + openssl verify -CAfile /tmp/sssd-softhsm2-certs-uqsmbQ/test-root-CA.pem /tmp/sssd-softhsm2-certs-uqsmbQ/test-sub-intermediate-CA.pem 498s O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate CA 498s error 20 at 0 depth lookup: unable to get local issuer certificate 498s error /tmp/sssd-softhsm2-certs-uqsmbQ/test-sub-intermediate-CA.pem: verification failed 498s + cat 498s + root_ca_trusted_cert_0001_key_pass=pass:random-root-ca-trusted-cert-0001-15832 498s + openssl genrsa -aes256 -out /tmp/sssd-softhsm2-certs-uqsmbQ/test-root-CA-trusted-certificate-0001-key.pem -passout pass:random-root-ca-trusted-cert-0001-15832 1024 498s /tmp/sssd-softhsm2-certs-uqsmbQ/test-sub-intermediate-CA.pem: OK 498s + openssl req -new -nodes -reqexts req_exts -passin pass:random-root-ca-trusted-cert-0001-15832 -key /tmp/sssd-softhsm2-certs-uqsmbQ/test-root-CA-trusted-certificate-0001-key.pem -config /tmp/sssd-softhsm2-certs-uqsmbQ/test-root-CA-trusted-certificate-0001.config -out /tmp/sssd-softhsm2-certs-uqsmbQ/test-root-CA-trusted-certificate-0001-request.pem 498s Certificate Request: 498s Data: 498s Version: 1 (0x0) 498s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root Trusted Certificate 0001 498s Subject Public Key Info: 498s Public Key Algorithm: rsaEncryption 498s Public-Key: (1024 bit) 498s Modulus: 498s 00:ce:b2:d1:9c:40:ba:cd:e8:90:95:f3:83:16:d6: 498s 2c:f9:97:1c:60:f9:a3:e6:86:a1:94:8f:5a:8c:12: 498s 61:aa:ea:1a:20:67:29:f6:16:b5:25:b1:92:7f:7a: 498s 6a:93:40:52:39:89:98:dd:85:d6:d0:1d:fa:69:a1: 498s 37:79:d7:9b:e7:9e:5d:6e:44:cc:7c:1e:bc:82:43: 498s a0:59:6c:bb:0f:0f:5c:93:ee:a8:ec:b4:5f:bf:5c: 498s e7:dc:cb:f8:95:f5:46:aa:a6:d8:ef:ab:e9:cc:cb: 498s 70:8d:fa:70:bb:75:71:c4:71:da:9c:83:9c:5f:2d: 498s 47:7c:b8:ec:7d:d1:6c:eb:c7 498s Exponent: 65537 (0x10001) 498s Attributes: 498s Requested Extensions: 498s X509v3 Basic Constraints: 498s CA:FALSE 498s Netscape Cert Type: 498s SSL Client, S/MIME 498s Netscape Comment: 498s Test Organization Root CA trusted Certificate 498s X509v3 Subject Key Identifier: 498s 60:5C:70:B5:F8:58:DC:F5:CA:13:1A:3D:7E:1B:AF:69:A2:45:27:B3 498s X509v3 Key Usage: critical 498s Digital Signature, Non Repudiation, Key Encipherment 498s X509v3 Extended Key Usage: 498s TLS Web Client Authentication, E-mail Protection 498s X509v3 Subject Alternative Name: 498s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 498s Signature Algorithm: sha256WithRSAEncryption 498s Signature Value: 498s 62:a4:5f:a0:54:d8:d1:9c:b0:69:2b:4f:5a:c6:0a:3e:9f:b7: 498s 46:69:ee:99:0d:aa:e4:eb:35:b2:c0:6b:70:c3:c6:fd:69:1a: 498s 54:33:a7:52:be:c3:76:d7:49:d9:ad:1f:26:e0:be:3a:05:0b: 498s fd:2e:76:eb:f3:45:49:b9:6b:51:8c:9d:48:da:a7:eb:05:80: 498s 59:4c:65:c4:4f:4a:38:33:5b:a4:58:6b:fd:6f:67:6a:a7:9a: 498s ba:4f:7b:08:05:17:8c:73:2c:d8:8a:e7:e6:98:3c:ad:21:10: 498s b6:fe:70:92:3c:d6:8b:de:01:07:c9:2b:77:01:d9:27:d5:a3: 498s 4c:08 498s + openssl req -text -noout -in /tmp/sssd-softhsm2-certs-uqsmbQ/test-root-CA-trusted-certificate-0001-request.pem 498s + openssl ca -batch -notext -config /tmp/sssd-softhsm2-certs-uqsmbQ/test-root-CA.config -passin pass:random-root-CA-password-15645 -keyfile /tmp/sssd-softhsm2-certs-uqsmbQ/test-root-CA-key.pem -in /tmp/sssd-softhsm2-certs-uqsmbQ/test-root-CA-trusted-certificate-0001-request.pem -days 365 -extensions usr_cert -out /tmp/sssd-softhsm2-certs-uqsmbQ/test-root-CA-trusted-certificate-0001.pem 498s Using configuration from /tmp/sssd-softhsm2-certs-uqsmbQ/test-root-CA.config 498s Check that the request matches the signature 498s Signature ok 498s Certificate Details: 498s Serial Number: 3 (0x3) 498s Validity 498s Not Before: Mar 21 04:29:54 2024 GMT 498s Not After : Mar 21 04:29:54 2025 GMT 498s Subject: 498s organizationName = Test Organization 498s organizationalUnitName = Test Organization Unit 498s commonName = Test Organization Root Trusted Certificate 0001 498s X509v3 extensions: 498s X509v3 Authority Key Identifier: 498s 6C:42:03:D3:0D:FA:8F:60:E3:AA:24:E6:DA:56:9C:2E:18:62:F1:80 498s X509v3 Basic Constraints: 498s CA:FALSE 498s Netscape Cert Type: 498s SSL Client, S/MIME 498s Netscape Comment: 498s Test Organization Root CA trusted Certificate 498s X509v3 Subject Key Identifier: 498s 60:5C:70:B5:F8:58:DC:F5:CA:13:1A:3D:7E:1B:AF:69:A2:45:27:B3 498s X509v3 Key Usage: critical 498s Digital Signature, Non Repudiation, Key Encipherment 498s X509v3 Extended Key Usage: 498s TLS Web Client Authentication, E-mail Protection 498s X509v3 Subject Alternative Name: 498s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 498s Certificate is to be certified until Mar 21 04:29:54 2025 GMT (365 days) 498s 498s Write out database with 1 new entries 498s Database updated 498s + openssl x509 -noout -in /tmp/sssd-softhsm2-certs-uqsmbQ/test-root-CA-trusted-certificate-0001.pem 498s + openssl verify -CAfile /tmp/sssd-softhsm2-certs-uqsmbQ/test-root-CA.pem /tmp/sssd-softhsm2-certs-uqsmbQ/test-root-CA-trusted-certificate-0001.pem 498s /tmp/sssd-softhsm2-certs-uqsmbQ/test-root-CA-trusted-certificate-0001.pem: OK 498s + expect_fail openssl verify -CAfile /tmp/sssd-softhsm2-certs-uqsmbQ/test-intermediate-CA.pem /tmp/sssd-softhsm2-certs-uqsmbQ/test-root-CA-trusted-certificate-0001.pem 498s + local cmd=openssl 498s + shift 498s + openssl verify -CAfile /tmp/sssd-softhsm2-certs-uqsmbQ/test-intermediate-CA.pem /tmp/sssd-softhsm2-certs-uqsmbQ/test-root-CA-trusted-certificate-0001.pem 498s O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root Trusted Certificate 0001 498s error 20 at 0 depth lookup: unable to get local issuer certificate 498s error /tmp/sssd-softhsm2-certs-uqsmbQ/test-root-CA-trusted-certificate-0001.pem: verification failed 498s + cat 498s + intermediate_ca_trusted_cert_0001_key_pass=pass:random-intermediate-ca-trusted-cert-0001-28923 498s + openssl genrsa -aes256 -out /tmp/sssd-softhsm2-certs-uqsmbQ/test-intermediate-CA-trusted-certificate-0001-key.pem -passout pass:random-intermediate-ca-trusted-cert-0001-28923 1024 498s + openssl req -new -nodes -reqexts req_exts -passin pass:random-intermediate-ca-trusted-cert-0001-28923 -key /tmp/sssd-softhsm2-certs-uqsmbQ/test-intermediate-CA-trusted-certificate-0001-key.pem -config /tmp/sssd-softhsm2-certs-uqsmbQ/test-intermediate-CA-trusted-certificate-0001.config -out /tmp/sssd-softhsm2-certs-uqsmbQ/test-intermediate-CA-trusted-certificate-0001-request.pem 498s + openssl req -text -noout -in /tmp/sssd-softhsm2-certs-uqsmbQ/test-intermediate-CA-trusted-certificate-0001-request.pem 498s Certificate Request: 498s Data: 498s Version: 1 (0x0) 498s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate Trusted Certificate 0001 498s Subject Public Key Info: 498s Public Key Algorithm: rsaEncryption 498s Public-Key: (1024 bit) 498s Modulus: 498s 00:d4:91:80:6b:8d:5d:b5:5a:57:6c:00:58:21:30: 498s 6e:5a:b4:47:d5:97:8c:21:da:7c:7f:09:ea:3d:54: 498s 40:93:70:42:57:eb:ba:20:35:05:6c:00:fe:fc:41: 498s c6:d7:86:28:71:28:72:0e:11:e0:bd:1c:6c:ef:5e: 498s e1:9d:24:32:f0:38:9c:51:ea:2f:e6:5f:de:96:d7: 498s 12:72:82:03:b1:e7:6d:ef:8c:0f:c0:9b:6a:d8:57: 498s f0:f5:4e:b4:3d:dc:85:b7:1f:19:57:c8:57:a2:56: 498s 6d:ec:3e:42:4d:3a:8c:00:31:fe:a7:1d:4e:03:27: 498s 08:54:68:24:5f:81:d1:dd:c9 498s Exponent: 65537 (0x10001) 498s Attributes: 498s Requested Extensions: 498s X509v3 Basic Constraints: 498s CA:FALSE 498s Netscape Cert Type: 498s SSL Client, S/MIME 498s Netscape Comment: 498s Test Organization Intermediate CA trusted Certificate 498s X509v3 Subject Key Identifier: 498s 85:68:6B:90:B9:7F:2E:73:6F:7F:32:65:F2:34:1E:E9:04:A4:5E:41 498s X509v3 Key Usage: critical 498s Digital Signature, Non Repudiation, Key Encipherment 498s X509v3 Extended Key Usage: 498s TLS Web Client Authentication, E-mail Protection 498s X509v3 Subject Alternative Name: 498s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 498s Signature Algorithm: sha256WithRSAEncryption 498s Signature Value: 498s 11:cc:08:ec:37:22:ac:fd:02:ef:6e:9e:d8:6e:75:69:0f:74: 498s 5a:eb:6b:cc:a4:ff:f9:81:32:90:9e:0d:c7:30:68:9f:dc:c2: 498s 99:e3:79:f3:5f:d9:99:81:85:b9:67:b7:ec:5d:1d:fe:31:d0: 498s 97:81:97:2d:6f:28:83:9d:16:f1:7b:37:dd:93:66:0f:9a:16: 498s c3:ca:9a:1a:a9:2a:06:a5:7a:af:c7:d8:0c:a6:04:42:8a:15: 498s ed:c6:0f:68:e1:6b:a2:03:d0:77:d8:fa:86:78:41:ac:9e:c2: 498s ae:57:8a:f5:cb:25:2c:6f:6a:b7:74:a5:9d:bd:c8:e2:12:9a: 498s 98:01 498s + openssl ca -passin pass:random-intermediate-CA-password-27422 -config /tmp/sssd-softhsm2-certs-uqsmbQ/test-intermediate-CA.config -batch -notext -keyfile /tmp/sssd-softhsm2-certs-uqsmbQ/test-intermediate-CA-key.pem -in /tmp/sssd-softhsm2-certs-uqsmbQ/test-intermediate-CA-trusted-certificate-0001-request.pem -days 365 -extensions usr_cert -out /tmp/sssd-softhsm2-certs-uqsmbQ/test-intermediate-CA-trusted-certificate-0001.pem 498s Using configuration from /tmp/sssd-softhsm2-certs-uqsmbQ/test-intermediate-CA.config 498s Check that the request matches the signature 498s Signature ok 498s Certificate Details: 498s Serial Number: 4 (0x4) 498s Validity 498s Not Before: Mar 21 04:29:54 2024 GMT 498s Not After : Mar 21 04:29:54 2025 GMT 498s Subject: 498s organizationName = Test Organization 498s organizationalUnitName = Test Organization Unit 498s commonName = Test Organization Intermediate Trusted Certificate 0001 498s X509v3 extensions: 498s X509v3 Authority Key Identifier: 498s 99:B4:18:DB:A9:0D:F2:B6:DE:59:9B:34:42:E0:7A:69:97:17:6A:B4 498s X509v3 Basic Constraints: 498s CA:FALSE 498s Netscape Cert Type: 498s SSL Client, S/MIME 498s Netscape Comment: 498s Test Organization Intermediate CA trusted Certificate 498s X509v3 Subject Key Identifier: 498s 85:68:6B:90:B9:7F:2E:73:6F:7F:32:65:F2:34:1E:E9:04:A4:5E:41 498s X509v3 Key Usage: critical 498s Digital Signature, Non Repudiation, Key Encipherment 498s X509v3 Extended Key Usage: 498s TLS Web Client Authentication, E-mail Protection 498s X509v3 Subject Alternative Name: 498s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 498s Certificate is to be certified until Mar 21 04:29:54 2025 GMT (365 days) 498s 498s Write out database with 1 new entries 498s Database updated 498s + openssl x509 -noout -in /tmp/sssd-softhsm2-certs-uqsmbQ/test-intermediate-CA-trusted-certificate-0001.pem 498s This certificate should not be trusted fully 498s + echo 'This certificate should not be trusted fully' 498s + expect_fail openssl verify -CAfile /tmp/sssd-softhsm2-certs-uqsmbQ/test-intermediate-CA.pem /tmp/sssd-softhsm2-certs-uqsmbQ/test-intermediate-CA-trusted-certificate-0001.pem 498s + local cmd=openssl 498s + shift 498s + openssl verify -CAfile /tmp/sssd-softhsm2-certs-uqsmbQ/test-intermediate-CA.pem /tmp/sssd-softhsm2-certs-uqsmbQ/test-intermediate-CA-trusted-certificate-0001.pem 498s O = Test Organization, OU = Test Orga/tmp/sssd-softhsm2-certs-uqsmbQ/test-intermediate-CA-trusted-certificate-0001.pem: OK 498s nization Unit, CN = Test Organization Intermediate CA 498s error 2 at 1 depth lookup: unable to get issuer certificate 498s error /tmp/sssd-softhsm2-certs-uqsmbQ/test-intermediate-CA-trusted-certificate-0001.pem: verification failed 498s + openssl verify -partial_chain -CAfile /tmp/sssd-softhsm2-certs-uqsmbQ/test-intermediate-CA.pem /tmp/sssd-softhsm2-certs-uqsmbQ/test-intermediate-CA-trusted-certificate-0001.pem 498s + cat 498s + sub_intermediate_ca_trusted_cert_0001_key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-11077 498s + openssl genrsa -aes256 -out /tmp/sssd-softhsm2-certs-uqsmbQ/test-sub-intermediate-CA-trusted-certificate-0001-key.pem -passout pass:random-sub-intermediate-ca-trusted-cert-0001-11077 1024 499s + openssl req -new -nodes -reqexts req_exts -passin pass:random-sub-intermediate-ca-trusted-cert-0001-11077 -key /tmp/sssd-softhsm2-certs-uqsmbQ/test-sub-intermediate-CA-trusted-certificate-0001-key.pem -config /tmp/sssd-softhsm2-certs-uqsmbQ/test-sub-intermediate-CA-trusted-certificate-0001.config -out /tmp/sssd-softhsm2-certs-uqsmbQ/test-sub-intermediate-CA-trusted-certificate-0001-request.pem 499s Certificate Request: 499s Data: 499s Version: 1 (0x0) 499s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate Trusted Certificate 0001 499s Subject Public Key Info: 499s Public Key Algorithm: rsaEncryption 499s Public-Key: (1024 bit) 499s Modulus: 499s 00:d5:37:15:fb:07:b6:e5:b0:ea:2b:86:bc:f8:ef: 499s d5:1d:47:0e:cb:8e:55:e9:90:0c:06:0c:ad:ea:ef: 499s e7:db:96:10:47:e8:46:0c:88:5f:26:c3:b0:21:68: 499s 83:7a:81:dc:0e:d5:6e:99:6c:9f:45:61:9a:bc:55: 499s 31:fd:2b:90:aa:30:7c:b2:13:8b:dd:bb:67:a4:6e: 499s f9:8e:55:01:41:d3:10:03:a9:31:73:10:85:f1:e1: 499s 9d:98:7d:99:27:00:d0:d1:a1:16:3b:aa:a3:e3:37: 499s df:85:58:7b:5f:c9:af:9d:01:58:b1:d9:2f:77:ab: 499s 36:7b:6f:4b:4f:17:72:3c:29 499s Exponent: 65537 (0x10001) 499s Attributes: 499s Requested Extensions: 499s X509v3 Basic Constraints: 499s CA:FALSE 499s Netscape Cert Type: 499s SSL Client, S/MIME 499s Netscape Comment: 499s Test Organization Sub Intermediate CA trusted Certificate 499s X509v3 Subject Key Identifier: 499s 84:5C:2F:2D:7D:8A:6C:8C:99:8A:24:4A:8F:71:E2:30:87:02:FC:26 499s X509v3 Key Usage: critical 499s Digital Signature, Non Repudiation, Key Encipherment 499s X509v3 Extended Key Usage: 499s TLS Web Client Authentication, E-mail Protection 499s X509v3 Subject Alternative Name: 499s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 499s Signature Algorithm: sha256WithRSAEncryption 499s Signature Value: 499s 13:73:6d:91:2a:43:6e:28:79:ec:b5:9a:8f:c2:54:31:d9:10: 499s f8:90:89:e3:b2:e9:94:1a:09:23:88:28:8b:0b:00:23:24:dd: 499s 32:73:77:63:2c:5f:d7:e2:be:b4:da:ac:d0:04:09:f8:13:29: 499s 54:cc:91:ec:40:7b:b8:d8:85:28:70:03:9d:39:e8:e7:d6:3c: 499s 8a:a6:02:ca:66:c5:eb:eb:7d:49:77:72:53:73:1e:1d:4b:c0: 499s 6e:aa:6d:e2:1b:82:58:68:91:20:9c:71:40:1c:b6:66:18:32: 499s 68:f7:a4:62:56:8b:7b:25:f0:ab:74:a1:ad:9c:50:22:5f:d4: 499s d7:b7 499s + openssl req -text -noout -in /tmp/sssd-softhsm2-certs-uqsmbQ/test-sub-intermediate-CA-trusted-certificate-0001-request.pem 499s + openssl ca -passin pass:random-sub-intermediate-CA-password-4941 -config /tmp/sssd-softhsm2-certs-uqsmbQ/test-sub-intermediate-CA.config -batch -notext -keyfile /tmp/sssd-softhsm2-certs-uqsmbQ/test-sub-intermediate-CA-key.pem -in /tmp/sssd-softhsm2-certs-uqsmbQ/test-sub-intermediate-CA-trusted-certificate-0001-request.pem -days 365 -extensions usr_cert -out /tmp/sssd-softhsm2-certs-uqsmbQ/test-sub-intermediate-CA-trusted-certificate-0001.pem 499s Using configuration from /tmp/sssd-softhsm2-certs-uqsmbQ/test-sub-intermediate-CA.config 499s Check that the request matches the signature 499s Signature ok 499s Certificate Details: 499s Serial Number: 5 (0x5) 499s Validity 499s Not Before: Mar 21 04:29:55 2024 GMT 499s Not After : Mar 21 04:29:55 2025 GMT 499s Subject: 499s organizationName = Test Organization 499s organizationalUnitName = Test Organization Unit 499s commonName = Test Organization Sub Intermediate Trusted Certificate 0001 499s X509v3 extensions: 499s X509v3 Authority Key Identifier: 499s E5:71:5A:E9:DB:E9:BA:E6:75:12:85:CC:67:FD:F7:76:F2:BD:1C:9B 499s X509v3 Basic Constraints: 499s CA:FALSE 499s Netscape Cert Type: 499s SSL Client, S/MIME 499s Netscape Comment: 499s Test Organization Sub Intermediate CA trusted Certificate 499s X509v3 Subject Key Identifier: 499s 84:5C:2F:2D:7D:8A:6C:8C:99:8A:24:4A:8F:71:E2:30:87:02:FC:26 499s X509v3 Key Usage: critical 499s Digital Signature, Non Repudiation, Key Encipherment 499s X509v3 Extended Key Usage: 499s TLS Web Client Authentication, E-mail Protection 499s X509v3 Subject Alternative Name: 499s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 499s Certificate is to be certified until Mar 21 04:29:55 2025 GMT (365 days) 499s 499s Write out database with 1 new entries 499s Database updated 499s + openssl x509 -noout -in /tmp/sssd-softhsm2-certs-uqsmbQ/test-sub-intermediate-CA-trusted-certificate-0001.pem 499s + echo 'This certificate should not be trusted fully' 499s + expect_fail openssl verify -CAfile /tmp/sssd-softhsm2-certs-uqsmbQ/test-sub-intermediate-CA.pem /tmp/sssd-softhsm2-certs-uqsmbQ/test-sub-intermediate-CA-trusted-certificate-0001.pem 499s + local cmd=openssl 499s + shift 499s + openssl verify -CAfile /tmp/sssd-softhsm2-certs-uqsmbQ/test-sub-intermediate-CA.pem /tmp/sssd-softhsm2-certs-uqsmbQ/test-sub-intermediate-CA-trusted-certificate-0001.pem 499s O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate CA 499s error 2 at 1 depth lookup: unable to get issuer certificate 499s error /tmp/sssd-softhsm2-certs-uqsmbQ/test-sub-intermediate-CA-trusted-certificate-0001.pem: verification failed 499s + expect_fail openssl verify -CAfile /tmp/sssd-softhsm2-certs-uqsmbQ/test-intermediate-CA.pem /tmp/sssd-softhsm2-certs-uqsmbQ/test-sub-intermediate-CA-trusted-certificate-0001.pem 499s + local cmd=openssl 499s + shift 499s + openssl verify -CAfile /tmp/sssd-softhsm2-certs-uqsmbQ/test-intermediate-CA.pem /tmp/sssd-softhsm2-certs-uqsmbQ/test-sub-intermediate-CA-trusted-certificate-0001.pem 499s O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate Trusted Certificate 0001 499s error 20 at 0 depth lookup: unable to get local issuer certificate 499s error /tmp/sssd-softhsm2-certs-uqsmbQ/test-sub-intermediate-CA-trusted-certificate-0001.pem: verification failed 499s + openssl verify -partial_chain -CAfile /tmp/sssd-softhsm2-certs-uqsmbQ/test-sub-intermediate-CA.pem /tmp/sssd-softhsm2-certs-uqsmbQ/test-sub-intermediate-CA-trusted-certificate-0001.pem 499s + expect_fail openssl verify -partial_chain -CAfile /tmp/sssd-softhsm2-certs-uqsmbQ/test-intermediate-CA.pem /tmp/sssd-softhsm2-certs-uqsmbQ/test-sub-intermediate-CA-trusted-certificate-0001.pem 499s + local cmd=openssl 499s + shift 499s + openssl verify -partial_chain -CAfile /tmp/sssd-softhsm2-certs-uqsmbQ/test-intermediate-CA.pem /tmp/sssd-softhsm2-certs-uqsmbQ/test-sub-intermediate-CA-trusted-certificate-0001.pem 499s O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate Trusted Certificate 0001 499s error 20 at 0 depth lookup: unable to get local issuer certificate 499s error /tmp/sssd-softhsm2-certs-uqsmbQ/test-sub-intermediate-CA-trusted-certificate-0001.pem: verification failed 499s + echo 'Building a the full-chain CA file...' 499s + cat /tmp/sssd-softhsm2-certs-uqsmbQ/test-root-CA.pem /tmp/sssd-softhsm2-certs-uqsmbQ/test-intermediate-CA.pem /tmp/sssd-softhsm2-certs-uqsmbQ/test-sub-intermediate-CA.pem 499s + cat /tmp/sssd-softhsm2-certs-uqsmbQ/test-root-CA.pem /tmp/sssd-softhsm2-certs-uqsmbQ/test-intermediate-CA.pem 499s + cat /tmp/sssd-softhsm2-certs-uqsmbQ/test-intermediate-CA.pem /tmp/sssd-softhsm2-certs-uqsmbQ/test-sub-intermediate-CA.pem 499s + openssl crl2pkcs7 -nocrl -certfile /tmp/sssd-softhsm2-certs-uqsmbQ/test-full-chain-CA.pem 499s + openssl pkcs7 -print_certs -noout 499s + openssl verify -CAfile /tmp/sssd-softhsm2-certs-uqsmbQ/test-full-chain-CA.pem /tmp/sssd-softhsm2-certs-uqsmbQ/test-intermediate-CA.pem 499s + openssl verify -CAfile /tmp/sssd-softhsm2-certs-uqsmbQ/test-full-chain-CA.pem /tmp/sssd-softhsm2-certs-uqsmbQ/test-root-CA-trusted-certificate-0001.pem 499s + openssl verify -CAfile /tmp/sssd-softhsm2-certs-uqsmbQ/test-full-chain-CA.pem /tmp/sssd-softhsm2-certs-uqsmbQ/test-intermediate-CA-trusted-certificate-0001.pem 499s + openssl verify -CAfile /tmp/sssd-softhsm2-certs-uqsmbQ/test-full-chain-CA.pem /tmp/sssd-softhsm2-certs-uqsmbQ/test-root-intermediate-chain-CA.pem 499s + openssl verify -CAfile /tmp/sssd-softhsm2-certs-uqsmbQ/test-full-chain-CA.pem /tmp/sssd-softhsm2-certs-uqsmbQ/test-sub-intermediate-CA-trusted-certificate-0001.pem 499s + echo 'Certificates generation completed!' 499s + [[ -v NO_SSSD_TESTS ]] 499s + [[ -v GENERATE_SMART_CARDS ]] 499s + prepare_softhsm2_card /tmp/sssd-softhsm2-certs-uqsmbQ/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-15832 499s + local certificate=/tmp/sssd-softhsm2-certs-uqsmbQ/test-root-CA-trusted-certificate-0001.pem 499s + local key_pass=pass:random-root-ca-trusted-cert-0001-15832 499s + local key_cn 499s + local key_name 499s + local tokens_dir 499s + local output_cert_file 499s + token_name= 499s ++ basename /tmp/sssd-softhsm2-certs-uqsmbQ/test-root-CA-trusted-certificate-0001.pem .pem 499s + key_name=test-root-CA-trusted-certificate-0001 499s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-certs-uqsmbQ/test-root-CA-trusted-certificate-0001.pem 499s ++ sed -n 's/ *commonName *= //p' 499s + key_cn='Test Organization Root Trusted Certificate 0001' 499s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 499s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-certs-uqsmbQ/softhsm2-test-root-CA-trusted-certificate-0001.conf 499s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-certs-uqsmbQ/softhsm2-test-root-CA-trusted-certificate-0001.conf 499s ++ basename /tmp/sssd-softhsm2-certs-uqsmbQ/softhsm2-test-root-CA-trusted-certificate-0001.conf .conf 499s + tokens_dir=/tmp/sssd-softhsm2-certs-uqsmbQ/softhsm2-test-root-CA-trusted-certificate-0001 499s + token_name='Test Organization Root Tr Token' 499s + '[' '!' -e /tmp/sssd-softhsm2-certs-uqsmbQ/softhsm2-test-root-CA-trusted-certificate-0001.conf ']' 499s + local key_file 499s + local decrypted_key 499s + mkdir -p /tmp/sssd-softhsm2-certs-uqsmbQ/softhsm2-test-root-CA-trusted-certificate-0001 499s + key_file=/tmp/sssd-softhsm2-certs-uqsmbQ/test-root-CA-trusted-certificate-0001-key.pem 499s + decrypted_key=/tmp/sssd-softhsm2-certs-uqsmbQ/test-root-CA-trusted-certificate-0001-key-decrypted.pem 499s + cat 499s + softhsm2-util --init-token --label 'Test Organization Root Tr Token' --pin 123456 --so-pin 123456 --free 499s + softhsm2-util --show-slots 499s + p11tool --provider=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so --write --no-mark-private --load-certificate=/tmp/sssd-softhsm2-certs-uqsmbQ/test-root-CA-trusted-certificate-0001.pem --login --set-pin=123456 --label 'Test Organization Root Trusted Certificate 0001' --id 00112233445566778899FFAABBCCDDEEFF012345 499s + openssl rsa -passin pass:random-root-ca-trusted-cert-0001-15832 -in /tmp/sssd-softhsm2-certs-uqsmbQ/test-root-CA-trusted-certificate-0001-key.pem -out /tmp/sssd-softhsm2-certs-uqsmbQ/test-root-CA-trusted-certificate-0001-key-decrypted.pem 499s writing RSA key 499s This certificate should not be trusted fully 499s /tmp/sssd-softhsm2-certs-uqsmbQ/test-sub-intermediate-CA-trusted-certificate-0001.pem: OK 499s Building a the full-chain CA file... 499s subject=O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root CA 499s issuer=O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root CA 499s 499s subject=O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate CA 499s issuer=O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root CA 499s 499s subject=O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate CA 499s issuer=O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate CA 499s 499s /tmp/sssd-softhsm2-certs-uqsmbQ/test-intermediate-CA.pem: OK 499s /tmp/sssd-softhsm2-certs-uqsmbQ/test-root-CA-trusted-certificate-0001.pem: OK 499s /tmp/sssd-softhsm2-certs-uqsmbQ/test-intermediate-CA-trusted-certificate-0001.pem: OK 499s /tmp/sssd-softhsm2-certs-uqsmbQ/test-root-intermediate-chain-CA.pem: OK 499s /tmp/sssd-softhsm2-certs-uqsmbQ/test-sub-intermediate-CA-trusted-certificate-0001.pem: OK 499s Certificates generation completed! 499s Slot 0 has a free/uninitialized token. 499s The token has been initialized and is reassigned to slot 190611875 499s Available slots: 499s Slot 190611875 499s Slot info: 499s Description: SoftHSM slot ID 0xb5c81a3 499s Manufacturer ID: SoftHSM project 499s Hardware version: 2.6 499s Firmware version: 2.6 499s Token present: yes 499s Token info: 499s Manufacturer ID: SoftHSM project 499s Model: SoftHSM v2 499s Hardware version: 2.6 499s Firmware version: 2.6 499s Serial number: b111e4b58b5c81a3 499s Initialized: yes 499s User PIN init.: yes 499s Label: Test Organization Root Tr Token 499s Slot 1 499s Slot info: 499s Description: SoftHSM slot ID 0x1 499s Manufacturer ID: SoftHSM project 499s Hardware version: 2.6 499s Firmware version: 2.6 499s Token present: yes 499s Token info: 499s Manufacturer ID: SoftHSM project 499s Model: SoftHSM v2 499s Hardware version: 2.6 499s Firmware version: 2.6 499s Serial number: 499s Initialized: no 499s User PIN init.: no 499s Label: 499s + p11tool --provider=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so --write --load-privkey=/tmp/sssd-softhsm2-certs-uqsmbQ/test-root-CA-trusted-certificate-0001-key-decrypted.pem --login --set-pin=123456 --label 'Test Organization Root Trusted Certificate 0001 Key' --id 00112233445566778899FFAABBCCDDEEFF012345 499s + rm /tmp/sssd-softhsm2-certs-uqsmbQ/test-root-CA-trusted-certificate-0001-key-decrypted.pem 499s + p11tool --provider=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so --list-all 499s Object 0: 499s URL: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=b111e4b58b5c81a3;token=Test%20Organization%20Root%20Tr%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Root%20Trusted%20Certificate%200001;type=cert 499s Type: X.509 Certificate (RSA-1024) 499s Expires: Fri Mar 21 04:29:54 2025 499s Label: Test Organization Root Trusted Certificate 0001 499s ID: 00:11:22:33:44:55:66:77:88:99:ff:aa:bb:cc:dd:ee:ff:01:23:45 499s 499s + echo 'Test Organization Root Tr Token' 499s + prepare_softhsm2_card /tmp/sssd-softhsm2-certs-uqsmbQ/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-28923 499s + local certificate=/tmp/sssd-softhsm2-certs-uqsmbQ/test-intermediate-CA-trusted-certificate-0001.pem 499s Test Organization Root Tr Token 499s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-28923 499s + local key_cn 499s + local key_name 499s + local tokens_dir 499s + local output_cert_file 499s + token_name= 499s ++ basename /tmp/sssd-softhsm2-certs-uqsmbQ/test-intermediate-CA-trusted-certificate-0001.pem .pem 499s + key_name=test-intermediate-CA-trusted-certificate-0001 499s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-certs-uqsmbQ/test-intermediate-CA-trusted-certificate-0001.pem 499s ++ sed -n 's/ *commonName *= //p' 499s + key_cn='Test Organization Intermediate Trusted Certificate 0001' 499s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 499s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-certs-uqsmbQ/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 499s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-certs-uqsmbQ/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 499s ++ basename /tmp/sssd-softhsm2-certs-uqsmbQ/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf .conf 499s + tokens_dir=/tmp/sssd-softhsm2-certs-uqsmbQ/softhsm2-test-intermediate-CA-trusted-certificate-0001 499s + token_name='Test Organization Interme Token' 499s + '[' '!' -e /tmp/sssd-softhsm2-certs-uqsmbQ/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf ']' 499s + local key_file 499s + local decrypted_key 499s + mkdir -p /tmp/sssd-softhsm2-certs-uqsmbQ/softhsm2-test-intermediate-CA-trusted-certificate-0001 499s + key_file=/tmp/sssd-softhsm2-certs-uqsmbQ/test-intermediate-CA-trusted-certificate-0001-key.pem 499s + decrypted_key=/tmp/sssd-softhsm2-certs-uqsmbQ/test-intermediate-CA-trusted-certificate-0001-key-decrypted.pem 499s + cat 499s + softhsm2-util --init-token --label 'Test Organization Interme Token' --pin 123456 --so-pin 123456 --free 499s Slot 0 has a free/uninitialized token. 499s The token has been initialized and is reassigned to slot 1222985077 499s + softhsm2-util --show-slots 499s Available slots: 499s Slot 1222985077 499s Slot info: 499s Description: SoftHSM slot ID 0x48e54575 499s Manufacturer ID: SoftHSM project 499s Hardware version: 2.6 499s Firmware version: 2.6 499s Token present: yes 499s Token info: 499s Manufacturer ID: SoftHSM project 499s Model: SoftHSM v2 499s Hardware version: 2.6 499s Firmware version: 2.6 499s Serial number: 4482dfcdc8e54575 499s Initialized: yes 499s User PIN init.: yes 499s Label: Test Organization Interme Token 499s Slot 1 499s Slot info: 499s Description: SoftHSM slot ID 0x1 499s Manufacturer ID: SoftHSM project 499s Hardware version: 2.6 499s Firmware version: 2.6 499s Token present: yes 499s Token info: 499s Manufacturer ID: SoftHSM project 499s Model: SoftHSM v2 499s Hardware version: 2.6 499s Firmware version: 2.6 499s Serial number: 499s Initialized: no 499s User PIN init.: no 499s Label: 499s + p11tool --provider=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so --write --no-mark-private --load-certificate=/tmp/sssd-softhsm2-certs-uqsmbQ/test-intermediate-CA-trusted-certificate-0001.pem --login --set-pin=123456 --label 'Test Organization Intermediate Trusted Certificate 0001' --id 00112233445566778899FFAABBCCDDEEFF012345 499s + openssl rsa -passin pass:random-intermediate-ca-trusted-cert-0001-28923 -in /tmp/sssd-softhsm2-certs-uqsmbQ/test-intermediate-CA-trusted-certificate-0001-key.pem -out /tmp/sssd-softhsm2-certs-uqsmbQ/test-intermediate-CA-trusted-certificate-0001-key-decrypted.pem 499s writing RSA key 499s + p11tool --provider=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so --write --load-privkey=/tmp/sssd-softhsm2-certs-uqsmbQ/test-intermediate-CA-trusted-certificate-0001-key-decrypted.pem --login --set-pin=123456 --label 'Test Organization Intermediate Trusted Certificate 0001 Key' --id 00112233445566778899FFAABBCCDDEEFF012345 499s + rm /tmp/sssd-softhsm2-certs-uqsmbQ/test-intermediate-CA-trusted-certificate-0001-key-decrypted.pem 499s + p11tool --provider=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so --list-all 499s Object 0: 499s URL: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=4482dfcdc8e54575;token=Test%20Organization%20Interme%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Intermediate%20Trusted%20Certificate%200001;type=cert 499s Type: X.509 Certificate (RSA-1024) 499s Expires: Fri Mar 21 04:29:54 2025 499s Label: Test Organization Intermediate Trusted Certificate 0001 499s ID: 00:11:22:33:44:55:66:77:88:99:ff:aa:bb:cc:dd:ee:ff:01:23:45 499s 499s + echo 'Test Organization Interme Token' 499s + prepare_softhsm2_card /tmp/sssd-softhsm2-certs-uqsmbQ/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-11077 499s Test Organization Interme Token 499s + local certificate=/tmp/sssd-softhsm2-certs-uqsmbQ/test-sub-intermediate-CA-trusted-certificate-0001.pem 499s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-11077 499s + local key_cn 499s + local key_name 499s + local tokens_dir 499s + local output_cert_file 499s + token_name= 499s ++ basename /tmp/sssd-softhsm2-certs-uqsmbQ/test-sub-intermediate-CA-trusted-certificate-0001.pem .pem 499s + key_name=test-sub-intermediate-CA-trusted-certificate-0001 499s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-certs-uqsmbQ/test-sub-intermediate-CA-trusted-certificate-0001.pem 499s ++ sed -n 's/ *commonName *= //p' 499s + key_cn='Test Organization Sub Intermediate Trusted Certificate 0001' 499s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 499s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-certs-uqsmbQ/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 499s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-certs-uqsmbQ/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 499s ++ basename /tmp/sssd-softhsm2-certs-uqsmbQ/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf .conf 499s + tokens_dir=/tmp/sssd-softhsm2-certs-uqsmbQ/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 499s + token_name='Test Organization Sub Int Token' 499s + '[' '!' -e /tmp/sssd-softhsm2-certs-uqsmbQ/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf ']' 499s + local key_file 499s + local decrypted_key 499s + mkdir -p /tmp/sssd-softhsm2-certs-uqsmbQ/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 499s + key_file=/tmp/sssd-softhsm2-certs-uqsmbQ/test-sub-intermediate-CA-trusted-certificate-0001-key.pem 499s + decrypted_key=/tmp/sssd-softhsm2-certs-uqsmbQ/test-sub-intermediate-CA-trusted-certificate-0001-key-decrypted.pem 499s + cat 499s + softhsm2-util --init-token --label 'Test Organization Sub Int Token' --pin 123456 --so-pin 123456 --free 499s Slot 0 has a free/uninitialized token. 499s The token has been initialized and is reassigned to slot 2128212777 499s + softhsm2-util --show-slots 499s + p11tool --provider=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so --write --no-mark-private --load-certificate=/tmp/sssd-softhsm2-certs-uqsmbQ/test-sub-intermediate-CA-trusted-certificate-0001.pem --login --set-pin=123456 --label 'Test Organization Sub Intermediate Trusted Certificate 0001' --id 00112233445566778899FFAABBCCDDEEFF012345 499s Available slots: 499s Slot 2128212777 499s Slot info: 499s Description: SoftHSM slot ID 0x7ed9f329 499s Manufacturer ID: SoftHSM project 499s Hardware version: 2.6 499s Firmware version: 2.6 499s Token present: yes 499s Token info: 499s Manufacturer ID: SoftHSM project 499s Model: SoftHSM v2 499s Hardware version: 2.6 499s Firmware version: 2.6 499s Serial number: 494e6c7b7ed9f329 499s Initialized: yes 499s User PIN init.: yes 499s Label: Test Organization Sub Int Token 499s Slot 1 499s Slot info: 499s Description: SoftHSM slot ID 0x1 499s Manufacturer ID: SoftHSM project 499s Hardware version: 2.6 499s Firmware version: 2.6 499s Token present: yes 499s Token info: 499s Manufacturer ID: SoftHSM project 499s Model: SoftHSM v2 499s Hardware version: 2.6 499s Firmware version: 2.6 499s Serial number: 499s Initialized: no 499s User PIN init.: no 499s Label: 499s + openssl rsa -passin pass:random-sub-intermediate-ca-trusted-cert-0001-11077 -in /tmp/sssd-softhsm2-certs-uqsmbQ/test-sub-intermediate-CA-trusted-certificate-0001-key.pem -out /tmp/sssd-softhsm2-certs-uqsmbQ/test-sub-intermediate-CA-trusted-certificate-0001-key-decrypted.pem 499s writing RSA key 499s + p11tool --provider=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so --write --load-privkey=/tmp/sssd-softhsm2-certs-uqsmbQ/test-sub-intermediate-CA-trusted-certificate-0001-key-decrypted.pem --login --set-pin=123456 --label 'Test Organization Sub Intermediate Trusted Certificate 0001 Key' --id 00112233445566778899FFAABBCCDDEEFF012345 499s + rm /tmp/sssd-softhsm2-certs-uqsmbQ/test-sub-intermediate-CA-trusted-certificate-0001-key-decrypted.pem 499s + p11tool --provider=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so --list-all 499s Object 0: 499s URL: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=494e6c7b7ed9f329;token=Test%20Organization%20Sub%20Int%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Sub%20Intermediate%20Trusted%20Certificate%200001;type=cert 499s Type: X.509 Certificate (RSA-1024) 499s Expires: Fri Mar 21 04:29:55 2025 499s Label: Test Organization Sub Intermediate Trusted Certificate 0001 499s ID: 00:11:22:33:44:55:66:77:88:99:ff:aa:bb:cc:dd:ee:ff:01:23:45 499s 499s Test Organization Sub Int Token 499s Certificates generation completed! 499s + echo 'Test Organization Sub Int Token' 499s + echo 'Certificates generation completed!' 499s + exit 0 499s + find /tmp/sssd-softhsm2-certs-uqsmbQ -type d -exec chmod 777 '{}' ';' 499s + find /tmp/sssd-softhsm2-certs-uqsmbQ -type f -exec chmod 666 '{}' ';' 499s + backup_file /etc/sssd/sssd.conf 499s + '[' -z '' ']' 499s ++ mktemp -d -t sssd-softhsm2-backups-XXXXXX 499s + backupsdir=/tmp/sssd-softhsm2-backups-p9nzWQ 499s + '[' -e /etc/sssd/sssd.conf ']' 499s + delete_paths+=("$1") 499s + rm -f /etc/sssd/sssd.conf 499s ++ runuser -u ubuntu -- sh -c 'echo ~' 499s + user_home=/home/ubuntu 499s + mkdir -p /home/ubuntu 499s + chown ubuntu:ubuntu /home/ubuntu 499s ++ runuser -u ubuntu -- sh -c 'echo ${XDG_CONFIG_HOME:-~/.config}' 499s + user_config=/home/ubuntu/.config 499s + system_config=/etc 499s + softhsm2_conf_paths=("${AUTOPKGTEST_NORMAL_USER}:$user_config/softhsm2/softhsm2.conf" "root:$system_config/softhsm/softhsm2.conf") 499s + for path_pair in "${softhsm2_conf_paths[@]}" 499s + IFS=: 499s + read -r -a path 499s + path=/home/ubuntu/.config/softhsm2/softhsm2.conf 499s + backup_file /home/ubuntu/.config/softhsm2/softhsm2.conf 499s + '[' -z /tmp/sssd-softhsm2-backups-p9nzWQ ']' 499s + '[' -e /home/ubuntu/.config/softhsm2/softhsm2.conf ']' 499s + delete_paths+=("$1") 499s + rm -f /home/ubuntu/.config/softhsm2/softhsm2.conf 499s + for path_pair in "${softhsm2_conf_paths[@]}" 499s + IFS=: 499s + read -r -a path 499s + path=/etc/softhsm/softhsm2.conf 499s + backup_file /etc/softhsm/softhsm2.conf 499s + '[' -z /tmp/sssd-softhsm2-backups-p9nzWQ ']' 499s + '[' -e /etc/softhsm/softhsm2.conf ']' 499s ++ dirname /etc/softhsm/softhsm2.conf 499s + local back_dir=/tmp/sssd-softhsm2-backups-p9nzWQ//etc/softhsm 499s ++ basename /etc/softhsm/softhsm2.conf 499s + local back_path=/tmp/sssd-softhsm2-backups-p9nzWQ//etc/softhsm/softhsm2.conf 499s + '[' '!' -e /tmp/sssd-softhsm2-backups-p9nzWQ//etc/softhsm/softhsm2.conf ']' 499s + mkdir -p /tmp/sssd-softhsm2-backups-p9nzWQ//etc/softhsm 499s + cp -a /etc/softhsm/softhsm2.conf /tmp/sssd-softhsm2-backups-p9nzWQ//etc/softhsm/softhsm2.conf 499s + restore_paths+=("$back_path") 499s + rm -f /etc/softhsm/softhsm2.conf 499s + test_authentication login /tmp/sssd-softhsm2-certs-uqsmbQ/softhsm2-test-root-CA-trusted-certificate-0001.conf /tmp/sssd-softhsm2-certs-uqsmbQ/test-full-chain-CA.pem 499s + pam_service=login 499s + certificate_config=/tmp/sssd-softhsm2-certs-uqsmbQ/softhsm2-test-root-CA-trusted-certificate-0001.conf 499s + ca_db=/tmp/sssd-softhsm2-certs-uqsmbQ/test-full-chain-CA.pem 499s + verification_options= 499s + mkdir -p -m 700 /etc/sssd 499s + echo 'Using CA DB '\''/tmp/sssd-softhsm2-certs-uqsmbQ/test-full-chain-CA.pem'\'' with verification options: '\'''\''' 499s + cat 499s Using CA DB '/tmp/sssd-softhsm2-certs-uqsmbQ/test-full-chain-CA.pem' with verification options: '' 499s + chmod 600 /etc/sssd/sssd.conf 499s + for path_pair in "${softhsm2_conf_paths[@]}" 499s + IFS=: 499s + read -r -a path 499s + user=ubuntu 499s + path=/home/ubuntu/.config/softhsm2/softhsm2.conf 499s ++ dirname /home/ubuntu/.config/softhsm2/softhsm2.conf 499s + runuser -u ubuntu -- mkdir -p /home/ubuntu/.config/softhsm2 499s + runuser -u ubuntu -- ln -sf /tmp/sssd-softhsm2-certs-uqsmbQ/softhsm2-test-root-CA-trusted-certificate-0001.conf /home/ubuntu/.config/softhsm2/softhsm2.conf 499s + runuser -u ubuntu -- softhsm2-util --show-slots 499s + grep 'Test Organization' 499s Label: Test Organization Root Tr Token 499s + for path_pair in "${softhsm2_conf_paths[@]}" 499s + IFS=: 499s + read -r -a path 499s + user=root 499s + path=/etc/softhsm/softhsm2.conf 499s ++ dirname /etc/softhsm/softhsm2.conf 499s + runuser -u root -- mkdir -p /etc/softhsm 499s + runuser -u root -- ln -sf /tmp/sssd-softhsm2-certs-uqsmbQ/softhsm2-test-root-CA-trusted-certificate-0001.conf /etc/softhsm/softhsm2.conf 499s + runuser -u root -- softhsm2-util --show-slots 499s + grep 'Test Organization' 499s Label: Test Organization Root Tr Token 499s + systemctl restart sssd 499s + pam-auth-update --disable sss-smart-card-optional sss-smart-card-required 499s + for alternative in "${alternative_pam_configs[@]}" 499s + pam-auth-update --enable sss-smart-card-optional 500s + cat /etc/pam.d/common-auth 500s # 500s # /etc/pam.d/common-auth - authentication settings common to all services 500s # 500s # This file is included from other service-specific PAM config files, 500s # and should contain a list of the authentication modules that define 500s # the central authentication scheme for use on the system 500s # (e.g., /etc/shadow, LDAP, Kerberos, etc.). The default is to use the 500s # traditional Unix authentication mechanisms. 500s # 500s # As of pam 1.0.1-6, this file is managed by pam-auth-update by default. 500s # To take advantage of this, it is recommended that you configure any 500s # local modules either before or after the default block, and use 500s # pam-auth-update to manage selection of other modules. See 500s # pam-auth-update(8) for details. 500s 500s # here are the per-package modules (the "Primary" block) 500s auth [success=3 default=ignore] pam_sss.so allow_missing_name try_cert_auth 500s auth [success=2 default=ignore] pam_unix.so nullok try_first_pass 500s auth [success=1 default=ignore] pam_sss.so use_first_pass 500s # here's the fallback if no module succeeds 500s auth requisite pam_deny.so 500s # prime the stack with a positive return value if there isn't one already; 500s # this avoids us returning an error just because nothing sets a success code 500s # since the modules above will each just jump around 500s auth required pam_permit.so 500s # and here are more per-package modules (the "Additional" block) 500s auth optional pam_cap.so 500s # end of pam-auth-update config 500s + echo -n -e 123456 500s + runuser -u ubuntu -- pamtester -v login ubuntu authenticate 500s pamtester: invoking pam_start(login, ubuntu, ...) 500s pamtester: performing operation - authenticate 500s PIN for Test Organization Root Tr Token: pamtester: successfully authenticated 500s + echo -n -e 123456 500s + runuser -u ubuntu -- pamtester -v login '' authenticate 500s pamtester: invoking pam_start(login, , ...) 500s pamtester: performing operation - authenticate 500s PIN for Test Organization Root Tr Token: pamtester: successfully authenticated 500s + echo -n -e wrong123456 500s + runuser -u ubuntu -- pamtester -v login ubuntu authenticate 500s pamtester: invoking pam_start(login, ubuntu, ...) 500s pamtester: performing operation - authenticate 502s PIN for Test Organization Root Tr Token: Password: pamtester: Authentication failure 502s + echo -n -e wrong123456 502s + runuser -u ubuntu -- pamtester -v login '' authenticate 502s pamtester: invoking pam_start(login, , ...) 502s pamtester: performing operation - authenticate 505s PIN for Test Organization Root Tr Token: Password: pamtester: Authentication failure 505s + echo -n -e 123456 505s + pamtester -v login root authenticate 505s pamtester: invoking pam_start(login, root, ...) 505s pamtester: performing operation - authenticate 509s Password: pamtester: Authentication failure 509s + for alternative in "${alternative_pam_configs[@]}" 509s + pam-auth-update --enable sss-smart-card-required 509s PAM configuration 509s ----------------- 509s 509s Incompatible PAM profiles selected. 509s 509s The following PAM profiles cannot be used together: 509s 509s SSS required smart card authentication, SSS optional smart card 509s authentication 509s 509s Please select a different set of modules to enable. 509s 509s + cat /etc/pam.d/common-auth 509s # 509s # /etc/pam.d/common-auth - authentication settings common to all services 509s # 509s # This file is included from other service-specific PAM config files, 509s # and should contain a list of the authentication modules that define 509s # the central authentication scheme for use on the system 509s # (e.g., /etc/shadow, LDAP, Kerberos, etc.). The default is to use the 509s # traditional Unix authentication mechanisms. 509s # 509s # As of pam 1.0.1-6, this file is managed by pam-auth-update by default. 509s # To take advantage of this, it is recommended that you configure any 509s # local modules either before or after the default block, and use 509s # pam-auth-update to manage selection of other modules. See 509s # pam-auth-update(8) for details. 509s 509s # here are the per-package modules (the "Primary" block) 509s auth [success=3 ignore=ignore default=die] pam_sss.so allow_missing_name require_cert_auth 509s auth [success=2 default=ignore] pam_unix.so nullok try_first_pass 509s auth [success=1 default=ignore] pam_sss.so use_first_pass 509s # here's the fallback if no module succeeds 509s auth requisite pam_deny.so 509s # prime the stack with a positive return value if there isn't one already; 509s # this avoids us returning an error just because nothing sets a success code 509s # since the modules above will each just jump around 509s auth required pam_permit.so 509s # and here are more per-package modules (the "Additional" block) 509s auth optional pam_cap.so 509s # end of pam-auth-update config 509s + echo -n -e 123456 509s + runuser -u ubuntu -- pamtester -v login ubuntu authenticate 509s pamtester: invoking pam_start(login, ubuntu, ...) 509s pamtester: performing operation - authenticate 509s PIN for Test Organization Root Tr Token: pamtester: successfully authenticated 509s + echo -n -e 123456 509s + runuser -u ubuntu -- pamtester -v login '' authenticate 509s pamtester: invoking pam_start(login, , ...) 509s pamtester: performing operation - authenticate 509s PIN for Test Organization Root Tr Token: pamtester: successfully authenticated 509s + runuser -u ubuntu -- pamtester -v login ubuntu authenticate 509s + echo -n -e wrong123456 509s pamtester: invoking pam_start(login, ubuntu, ...) 509s pamtester: performing operation - authenticate 513s PIN for Test Organization Root Tr Token: pamtester: Authentication failure 513s + echo -n -e wrong123456 513s + runuser -u ubuntu -- pamtester -v login '' authenticate 513s pamtester: invoking pam_start(login, , ...) 513s pamtester: performing operation - authenticate 516s PIN for Test Organization Root Tr Token: pamtester: Authentication failure 516s + echo -n -e 123456 516s + pamtester -v login root authenticate 516s pamtester: invoking pam_start(login, root, ...) 516s pamtester: performing operation - authenticate 519s pamtester: Authentication service cannot retrieve authentication info 519s + test_authentication login /tmp/sssd-softhsm2-certs-uqsmbQ/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf /tmp/sssd-softhsm2-certs-uqsmbQ/test-full-chain-CA.pem 519s + pam_service=login 519s + certificate_config=/tmp/sssd-softhsm2-certs-uqsmbQ/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 519s + ca_db=/tmp/sssd-softhsm2-certs-uqsmbQ/test-full-chain-CA.pem 519s + verification_options= 519s + mkdir -p -m 700 /etc/sssd 519s + echo 'Using CA DB '\''/tmp/sssd-softhsm2-certs-uqsmbQ/test-full-chain-CA.pem'\'' with verification options: '\'''\''' 519s Using CA DB '/tmp/sssd-softhsm2-certs-uqsmbQ/test-full-chain-CA.pem' with verification options: '' 519s + cat 519s + chmod 600 /etc/sssd/sssd.conf 519s + for path_pair in "${softhsm2_conf_paths[@]}" 519s + IFS=: 519s + read -r -a path 519s + user=ubuntu 519s + path=/home/ubuntu/.config/softhsm2/softhsm2.conf 519s ++ dirname /home/ubuntu/.config/softhsm2/softhsm2.conf 519s + runuser -u ubuntu -- mkdir -p /home/ubuntu/.config/softhsm2 519s + runuser -u ubuntu -- ln -sf /tmp/sssd-softhsm2-certs-uqsmbQ/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf /home/ubuntu/.config/softhsm2/softhsm2.conf 519s + runuser -u ubuntu -- softhsm2-util --show-slots 519s + grep 'Test Organization' 519s + for path_pair in "${softhsm2_conf_paths[@]}" 519s + IFS=: 519s + read -r -a path 519s + user=root 519s + path=/etc/softhsm/softhsm2.conf 519s ++ dirname /etc/softhsm/softhsm2.conf 519s + runuser -u root -- mkdir -p /etc/softhsm 519s + runuser -u root -- ln -sf /tmp/sssd-softhsm2-certs-uqsmbQ/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf /etc/softhsm/softhsm2.conf 519s + runuser -u root -- softhsm2-util --show-slots 519s + grep 'Test Organization' 519s Label: Test Organization Sub Int Token 519s + systemctl restart sssd 519s Label: Test Organization Sub Int Token 520s + pam-auth-update --disable sss-smart-card-optional sss-smart-card-required 520s + for alternative in "${alternative_pam_configs[@]}" 520s + pam-auth-update --enable sss-smart-card-optional 520s + cat /etc/pam.d/common-auth 520s # 520s # /etc/pam.d/common-auth - authentication settings common to all services 520s # 520s # This file is included from other service-specific PAM config files, 520s # and should contain a list of the authentication modules that define 520s # the central authentication scheme for use on the system 520s # (e.g., /etc/shadow, LDAP, Kerberos, etc.). The default is to use the 520s # traditional Unix authentication mechanisms. 520s # 520s # As of pam 1.0.1-6, this file is managed by pam-auth-update by default. 520s # To take advantage of this, it is recommended that you configure any 520s # local modules either before or after the default block, and use 520s # pam-auth-update to manage selection of other modules. See 520s # pam-auth-update(8) for details. 520s 520s # here are the per-package modules (the "Primary" block) 520s auth [success=3 default=ignore] pam_sss.so allow_missing_name try_cert_auth 520s auth [success=2 default=ignore] pam_unix.so nullok try_first_pass 520s auth [success=1 default=ignore] pam_sss.so use_first_pass 520s # here's the fallback if no module succeeds 520s auth requisite pam_deny.so 520s # prime the stack with a positive return value if there isn't one already; 520s # this avoids us returning an error just because nothing sets a success code 520s # since the modules above will each just jump around 520s auth required pam_permit.so 520s # and here are more per-package modules (the "Additional" block) 520s auth optional pam_cap.so 520s # end of pam-auth-update config 520s + echo -n -e 123456 520s + runuser -u ubuntu -- pamtester -v login ubuntu authenticate 520s pamtester: invoking pam_start(login, ubuntu, ...) 520s pamtester: performing operation - authenticate 520s PIN for Test Organization Sub Int Token: pamtester: successfully authenticated 520s + echo -n -e 123456 520s + runuser -u ubuntu -- pamtester -v login '' authenticate 520s pamtester: invoking pam_start(login, , ...) 520s pamtester: performing operation - authenticate 520s PIN for Test Organization Sub Int Token: pamtester: successfully authenticated 520s + echo -n -e wrong123456 520s + runuser -u ubuntu -- pamtester -v login ubuntu authenticate 520s pamtester: invoking pam_start(login, ubuntu, ...) 520s pamtester: performing operation - authenticate 524s PIN for Test Organization Sub Int Token: Password: pamtester: Authentication failure 524s + echo -n -e wrong123456 524s + runuser -u ubuntu -- pamtester -v login '' authenticate 524s pamtester: invoking pam_start(login, , ...) 524s pamtester: performing operation - authenticate 526s PIN for Test Organization Sub Int Token: Password: pamtester: Authentication failure 526s + echo -n -e 123456 526s + pamtester -v login root authenticate 526s pamtester: invoking pam_start(login, root, ...) 526s pamtester: performing operation - authenticate 528s Password: pamtester: Authentication failure 528s + for alternative in "${alternative_pam_configs[@]}" 528s + pam-auth-update --enable sss-smart-card-required 528s PAM configuration 528s ----------------- 528s 528s Incompatible PAM profiles selected. 528s 528s The following PAM profiles cannot be used together: 528s 528s SSS required smart card authentication, SSS optional smart card 528s authentication 528s 528s Please select a different set of modules to enable. 528s 528s + cat /etc/pam.d/common-auth 528s # 528s # /etc/pam.d/common-auth - authentication settings common to all services 528s # 528s # This file is included from other service-specific PAM config files, 528s # and should contain a list of the authentication modules that define 528s # the central authentication scheme for use on the system 528s # (e.g., /etc/shadow, LDAP, Kerberos, etc.). The default is to use the 528s # traditional Unix authentication mechanisms. 528s # 528s # As of pam 1.0.1-6, this file is managed by pam-auth-update by default. 528s # To take advantage of this, it is recommended that you configure any 528s # local modules either before or after the default block, and use 528s # pam-auth-update to manage selection of other modules. See 528s # pam-auth-update(8) for details. 528s 528s # here are the per-package modules (the "Primary" block) 528s auth [success=3 ignore=ignore default=die] pam_sss.so allow_missing_name require_cert_auth 528s auth [success=2 default=ignore] pam_unix.so nullok try_first_pass 528s auth [success=1 default=ignore] pam_sss.so use_first_pass 528s # here's the fallback if no module succeeds 528s auth requisite pam_deny.so 528s # prime the stack with a positive return value if there isn't one already; 528s # this avoids us returning an error just because nothing sets a success code 528s # since the modules above will each just jump around 528s auth required pam_permit.so 528s # and here are more per-package modules (the "Additional" block) 528s auth optional pam_cap.so 528s # end of pam-auth-update config 528s + echo -n -e 123456 528s + runuser -u ubuntu -- pamtester -v login ubuntu authenticate 528s pamtester: invoking pam_start(login, ubuntu, ...) 528s pamtester: performing operation - authenticate 528s PIN for Test Organization Sub Int Token: pamtester: successfully authenticated 528s + echo -n -e 123456 528s + runuser -u ubuntu -- pamtester -v login '' authenticate 528s pamtester: invoking pam_start(login, , ...) 528s pamtester: performing operation - authenticate 528s PIN for Test Organization Sub Int Token: pamtester: successfully authenticated 528s + echo -n -e wrong123456 528s + runuser -u ubuntu -- pamtester -v login ubuntu authenticate 528s pamtester: invoking pam_start(login, ubuntu, ...) 528s pamtester: performing operation - authenticate 532s PIN for Test Organization Sub Int Token: pamtester: Authentication failure 532s + echo -n -e wrong123456 532s + runuser -u ubuntu -- pamtester -v login '' authenticate 532s pamtester: invoking pam_start(login, , ...) 532s pamtester: performing operation - authenticate 535s PIN for Test Organization Sub Int Token: pamtester: Authentication failure 535s + echo -n -e 123456 535s + pamtester -v login root authenticate 535s pamtester: invoking pam_start(login, root, ...) 535s pamtester: performing operation - authenticate 539s pamtester: Authentication service cannot retrieve authentication info 539s + test_authentication login /tmp/sssd-softhsm2-certs-uqsmbQ/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf /tmp/sssd-softhsm2-certs-uqsmbQ/test-sub-intermediate-CA.pem partial_chain 539s + pam_service=login 539s + certificate_config=/tmp/sssd-softhsm2-certs-uqsmbQ/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 539s + ca_db=/tmp/sssd-softhsm2-certs-uqsmbQ/test-sub-intermediate-CA.pem 539s + verification_options=partial_chain 539s + mkdir -p -m 700 /etc/sssd 539s + echo 'Using CA DB '\''/tmp/sssd-softhsm2-certs-uqsmbQ/test-sub-intermediate-CA.pem'\'' with verification options: '\''partial_chain'\''' 539s Using CA DB '/tmp/sssd-softhsm2-certs-uqsmbQ/test-sub-intermediate-CA.pem' with verification options: 'partial_chain' 539s + cat 539s + chmod 600 /etc/sssd/sssd.conf 539s Label: Test Organization Sub Int Token 539s Label: Test Organization Sub Int Token 539s + for path_pair in "${softhsm2_conf_paths[@]}" 539s + IFS=: 539s + read -r -a path 539s + user=ubuntu 539s + path=/home/ubuntu/.config/softhsm2/softhsm2.conf 539s ++ dirname /home/ubuntu/.config/softhsm2/softhsm2.conf 539s + runuser -u ubuntu -- mkdir -p /home/ubuntu/.config/softhsm2 539s + runuser -u ubuntu -- ln -sf /tmp/sssd-softhsm2-certs-uqsmbQ/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf /home/ubuntu/.config/softhsm2/softhsm2.conf 539s + runuser -u ubuntu -- softhsm2-util --show-slots 539s + grep 'Test Organization' 539s + for path_pair in "${softhsm2_conf_paths[@]}" 539s + IFS=: 539s + read -r -a path 539s + user=root 539s + path=/etc/softhsm/softhsm2.conf 539s ++ dirname /etc/softhsm/softhsm2.conf 539s + runuser -u root -- mkdir -p /etc/softhsm 539s + runuser -u root -- ln -sf /tmp/sssd-softhsm2-certs-uqsmbQ/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf /etc/softhsm/softhsm2.conf 539s + runuser -u root -- softhsm2-util --show-slots 539s + grep 'Test Organization' 539s + systemctl restart sssd 540s + pam-auth-update --disable sss-smart-card-optional sss-smart-card-required 540s + for alternative in "${alternative_pam_configs[@]}" 540s + pam-auth-update --enable sss-smart-card-optional 540s + cat /etc/pam.d/common-auth 540s # 540s # /etc/pam.d/common-auth - authentication settings common to all services 540s # 540s # This file is included from other service-specific PAM config files, 540s # and should contain a list of the authentication modules that define 540s # the central authentication scheme for use on the system 540s # (e.g., /etc/shadow, LDAP, Kerberos, etc.). The default is to use the 540s # traditional Unix authentication mechanisms. 540s # 540s # As of pam 1.0.1-6, this file is managed by pam-auth-update by default. 540s # To take advantage of this, it is recommended that you configure any 540s # local modules either before or after the default block, and use 540s # pam-auth-update to manage selection of other modules. See 540s # pam-auth-update(8) for details. 540s 540s # here are the per-package modules (the "Primary" block) 540s auth [success=3 default=ignore] pam_sss.so allow_missing_name try_cert_auth 540s auth [success=2 default=ignore] pam_unix.so nullok try_first_pass 540s auth [success=1 default=ignore] pam_sss.so use_first_pass 540s # here's the fallback if no module succeeds 540s auth requisite pam_deny.so 540s # prime the stack with a positive return value if there isn't one already; 540s # this avoids us returning an error just because nothing sets a success code 540s # since the modules above will each just jump around 540s auth required pam_permit.so 540s # and here are more per-package modules (the "Additional" block) 540s auth optional pam_cap.so 540s # end of pam-auth-update config 540s + echo -n -e 123456 540s + runuser -u ubuntu -- pamtester -v login ubuntu authenticate 540s pamtester: invoking pam_start(login, ubuntu, ...) 540s pamtester: performing operation - authenticate 540s PIN for Test Organization Sub Int Token: pamtester: successfully authenticated 540s + echo -n -e 123456 540s + runuser -u ubuntu -- pamtester -v login '' authenticate 540s pamtester: invoking pam_start(login, , ...) 540s pamtester: performing operation - authenticate 540s PIN for Test Organization Sub Int Token: pamtester: successfully authenticated 540s + echo -n -e wrong123456 540s + runuser -u ubuntu -- pamtester -v login ubuntu authenticate 540s pamtester: invoking pam_start(login, ubuntu, ...) 540s pamtester: performing operation - authenticate 543s PIN for Test Organization Sub Int Token: Password: pamtester: Authentication failure 543s + echo -n -e wrong123456 543s + runuser -u ubuntu -- pamtester -v login '' authenticate 543s pamtester: invoking pam_start(login, , ...) 543s pamtester: performing operation - authenticate 547s PIN for Test Organization Sub Int Token: Password: pamtester: Authentication failure 547s + echo -n -e 123456 547s + pamtester -v login root authenticate 547s pamtester: invoking pam_start(login, root, ...) 547s pamtester: performing operation - authenticate 549s Password: pamtester: Authentication failure 549s + for alternative in "${alternative_pam_configs[@]}" 549s + pam-auth-update --enable sss-smart-card-required 549s PAM configuration 549s ----------------- 549s 549s Incompatible PAM profiles selected. 549s 549s The following PAM profiles cannot be used together: 549s 549s SSS required smart card authentication, SSS optional smart card 549s authentication 549s 549s Please select a different set of modules to enable. 549s 549s + cat /etc/pam.d/common-auth 549s # 549s # /etc/pam.d/common-auth - authentication settings common to all services 549s # 549s # This file is included from other service-specific PAM config files, 549s # and should contain a list of the authentication modules that define 549s # the central authentication scheme for use on the system 549s # (e.g., /etc/shadow, LDAP, Kerberos, etc.). The default is to use the 549s # traditional Unix authentication mechanisms. 549s # 549s # As of pam 1.0.1-6, this file is managed by pam-auth-update by default. 549s # To take advantage of this, it is recommended that you configure any 549s # local modules either before or after the default block, and use 549s # pam-auth-update to manage selection of other modules. See 549s # pam-auth-update(8) for details. 549s 549s # here are the per-package modules (the "Primary" block) 549s auth [success=3 ignore=ignore default=die] pam_sss.so allow_missing_name require_cert_auth 549s auth [success=2 default=ignore] pam_unix.so nullok try_first_pass 549s auth [success=1 default=ignore] pam_sss.so use_first_pass 549s # here's the fallback if no module succeeds 549s auth requisite pam_deny.so 549s # prime the stack with a positive return value if there isn't one already; 549s # this avoids us returning an error just because nothing sets a success code 549s # since the modules above will each just jump around 549s auth required pam_permit.so 549s # and here are more per-package modules (the "Additional" block) 549s auth optional pam_cap.so 549s # end of pam-auth-update config 549s + echo -n -e 123456 549s + runuser -u ubuntu -- pamtester -v login ubuntu authenticate 549s pamtester: invoking pam_start(login, ubuntu, ...) 549s pamtester: performing operation - authenticate 550s PIN for Test Organization Sub Int Token: pamtester: successfully authenticated 550s + echo -n -e 123456 550s + runuser -u ubuntu -- pamtester -v login '' authenticate 550s pamtester: invoking pam_start(login, , ...) 550s pamtester: performing operation - authenticate 550s PIN for Test Organization Sub Int Token: pamtester: successfully authenticated 550s + echo -n -e wrong123456 550s + runuser -u ubuntu -- pamtester -v login ubuntu authenticate 550s pamtester: invoking pam_start(login, ubuntu, ...) 550s pamtester: performing operation - authenticate 552s PIN for Test Organization Sub Int Token: pamtester: Authentication failure 552s + echo -n -e wrong123456 552s + runuser -u ubuntu -- pamtester -v login '' authenticate 552s pamtester: invoking pam_start(login, , ...) 552s pamtester: performing operation - authenticate 555s PIN for Test Organization Sub Int Token: pamtester: Authentication failure 555s + echo -n -e 123456 555s + pamtester -v login root authenticate 555s pamtester: invoking pam_start(login, root, ...) 555s pamtester: performing operation - authenticate 558s pamtester: Authentication service cannot retrieve authentication info 558s + handle_exit 558s + exit_code=0 558s + restore_changes 558s + for path in "${restore_paths[@]}" 558s + local original_path 558s ++ realpath --strip --relative-base=/tmp/sssd-softhsm2-backups-p9nzWQ /tmp/sssd-softhsm2-backups-p9nzWQ//etc/softhsm/softhsm2.conf 558s + original_path=/etc/softhsm/softhsm2.conf 558s + rm /etc/softhsm/softhsm2.conf 558s + mv /tmp/sssd-softhsm2-backups-p9nzWQ//etc/softhsm/softhsm2.conf /etc/softhsm/softhsm2.conf 558s + for path in "${delete_paths[@]}" 558s + rm -f /etc/sssd/sssd.conf 558s + for path in "${delete_paths[@]}" 558s + rm -f /home/ubuntu/.config/softhsm2/softhsm2.conf 558s + pam-auth-update --disable sss-smart-card-optional sss-smart-card-required 558s + '[' -e /etc/sssd/sssd.conf ']' 558s + systemctl stop sssd 558s + '[' -e /etc/softhsm/softhsm2.conf ']' 558s + chmod 600 /etc/softhsm/softhsm2.conf 558s + rm -rf /tmp/sssd-softhsm2-certs-uqsmbQ 558s + '[' 0 = 0 ']' 558s + rm -rf /tmp/sssd-softhsm2-backups-p9nzWQ 558s + set +x 558s Script completed successfully! 559s autopkgtest [04:30:55]: test sssd-smart-card-pam-auth-configs: -----------------------] 561s sssd-smart-card-pam-auth-configs PASS 561s autopkgtest [04:30:57]: test sssd-smart-card-pam-auth-configs: - - - - - - - - - - results - - - - - - - - - - 561s autopkgtest [04:30:57]: @@@@@@@@@@@@@@@@@@@@ summary 561s ldap-user-group-ldap-auth PASS 561s ldap-user-group-krb5-auth PASS 561s sssd-softhism2-certificates-tests.sh PASS 561s sssd-smart-card-pam-auth-configs PASS 573s Creating nova instance adt-noble-s390x-sssd-20240321-042136-juju-7f2275-prod-proposed-migration-environment-2 from image adt/ubuntu-noble-s390x-server-20240321.img (UUID f7ee8f0f-480f-4014-94f0-3be2a19e259d)... 573s Creating nova instance adt-noble-s390x-sssd-20240321-042136-juju-7f2275-prod-proposed-migration-environment-2 from image adt/ubuntu-noble-s390x-server-20240321.img (UUID f7ee8f0f-480f-4014-94f0-3be2a19e259d)...