0s autopkgtest [21:42:41]: starting date and time: 2024-03-21 21:42:41+0000 0s autopkgtest [21:42:41]: git checkout: 4a1cd702 l/adt_testbed: don't blame the testbed for unsolvable build deps 0s autopkgtest [21:42:41]: host juju-7f2275-prod-proposed-migration-environment-2; command line: /home/ubuntu/autopkgtest/runner/autopkgtest --output-dir /tmp/autopkgtest-work.tzel5ziu/out --timeout-copy=6000 --setup-commands /home/ubuntu/autopkgtest-cloud/worker-config-production/setup-canonical.sh --setup-commands /home/ubuntu/autopkgtest/setup-commands/setup-testbed --apt-pocket=proposed=src:libselinux,src:ruby-defaults --apt-upgrade sssd --timeout-short=300 --timeout-copy=20000 --timeout-build=20000 '--env=ADT_TEST_TRIGGERS=libselinux/3.5-2ubuntu1 ruby-defaults/1:3.2~ubuntu1' -- ssh -s /home/ubuntu/autopkgtest/ssh-setup/nova -- --flavor autopkgtest --security-groups autopkgtest-juju-7f2275-prod-proposed-migration-environment-2@bos01-s390x-4.secgroup --name adt-noble-s390x-sssd-20240321-214241-juju-7f2275-prod-proposed-migration-environment-2 --image adt/ubuntu-noble-s390x-server --keyname testbed-juju-7f2275-prod-proposed-migration-environment-2 --net-id=net_prod-proposed-migration -e TERM=linux -e ''"'"'http_proxy=http://squid.internal:3128'"'"'' -e ''"'"'https_proxy=http://squid.internal:3128'"'"'' -e ''"'"'no_proxy=127.0.0.1,127.0.1.1,login.ubuntu.com,localhost,localdomain,novalocal,internal,archive.ubuntu.com,ports.ubuntu.com,security.ubuntu.com,ddebs.ubuntu.com,changelogs.ubuntu.com,launchpadlibrarian.net,launchpadcontent.net,launchpad.net,10.24.0.0/24,keystone.ps5.canonical.com,objectstorage.prodstack5.canonical.com'"'"'' --mirror=http://us.ports.ubuntu.com/ubuntu-ports/ 102s autopkgtest [21:44:23]: testbed dpkg architecture: s390x 102s autopkgtest [21:44:23]: testbed apt version: 2.7.12 102s autopkgtest [21:44:23]: @@@@@@@@@@@@@@@@@@@@ test bed setup 102s Get:1 http://ftpmaster.internal/ubuntu noble-proposed InRelease [117 kB] 102s Get:2 http://ftpmaster.internal/ubuntu noble-proposed/universe Sources [3801 kB] 104s Get:3 http://ftpmaster.internal/ubuntu noble-proposed/multiverse Sources [53.9 kB] 104s Get:4 http://ftpmaster.internal/ubuntu noble-proposed/main Sources [496 kB] 104s Get:5 http://ftpmaster.internal/ubuntu noble-proposed/restricted Sources [6540 B] 104s Get:6 http://ftpmaster.internal/ubuntu noble-proposed/main s390x Packages [663 kB] 104s Get:7 http://ftpmaster.internal/ubuntu noble-proposed/main s390x c-n-f Metadata [3032 B] 104s Get:8 http://ftpmaster.internal/ubuntu noble-proposed/restricted s390x Packages [1372 B] 104s Get:9 http://ftpmaster.internal/ubuntu noble-proposed/restricted s390x c-n-f Metadata [116 B] 104s Get:10 http://ftpmaster.internal/ubuntu noble-proposed/universe s390x Packages [3995 kB] 105s Get:11 http://ftpmaster.internal/ubuntu noble-proposed/universe s390x c-n-f Metadata [7292 B] 105s Get:12 http://ftpmaster.internal/ubuntu noble-proposed/multiverse s390x Packages [45.1 kB] 105s Get:13 http://ftpmaster.internal/ubuntu noble-proposed/multiverse s390x c-n-f Metadata [116 B] 107s Fetched 9188 kB in 4s (2219 kB/s) 107s Reading package lists... 111s Reading package lists... 111s Building dependency tree... 111s Reading state information... 111s Calculating upgrade... 111s The following packages will be upgraded: 111s cloud-init debianutils libselinux1 python3-markupsafe 111s 4 upgraded, 0 newly installed, 0 to remove and 0 not upgraded. 111s Need to get 785 kB of archives. 111s After this operation, 11.3 kB disk space will be freed. 111s Get:1 http://ftpmaster.internal/ubuntu noble/main s390x debianutils s390x 5.17 [90.1 kB] 112s Get:2 http://ftpmaster.internal/ubuntu noble-proposed/main s390x libselinux1 s390x 3.5-2ubuntu1 [84.7 kB] 112s Get:3 http://ftpmaster.internal/ubuntu noble/main s390x python3-markupsafe s390x 2.1.5-1build1 [12.8 kB] 112s Get:4 http://ftpmaster.internal/ubuntu noble/main s390x cloud-init all 24.1.2-0ubuntu1 [597 kB] 113s Preconfiguring packages ... 113s Fetched 785 kB in 1s (931 kB/s) 113s (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 51778 files and directories currently installed.) 113s Preparing to unpack .../debianutils_5.17_s390x.deb ... 113s Unpacking debianutils (5.17) over (5.16) ... 113s Setting up debianutils (5.17) ... 113s (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 51778 files and directories currently installed.) 113s Preparing to unpack .../libselinux1_3.5-2ubuntu1_s390x.deb ... 113s Unpacking libselinux1:s390x (3.5-2ubuntu1) over (3.5-2build1) ... 113s Setting up libselinux1:s390x (3.5-2ubuntu1) ... 113s (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 51778 files and directories currently installed.) 113s Preparing to unpack .../python3-markupsafe_2.1.5-1build1_s390x.deb ... 113s Unpacking python3-markupsafe (2.1.5-1build1) over (2.1.5-1) ... 113s Preparing to unpack .../cloud-init_24.1.2-0ubuntu1_all.deb ... 113s Unpacking cloud-init (24.1.2-0ubuntu1) over (24.1.1-0ubuntu1) ... 113s Setting up cloud-init (24.1.2-0ubuntu1) ... 115s Setting up python3-markupsafe (2.1.5-1build1) ... 115s Processing triggers for rsyslog (8.2312.0-3ubuntu3) ... 116s Processing triggers for man-db (2.12.0-3) ... 117s Processing triggers for libc-bin (2.39-0ubuntu2) ... 117s Reading package lists... 117s Building dependency tree... 117s Reading state information... 117s 0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded. 118s Unknown architecture, assuming PC-style ttyS0 118s sh: Attempting to set up Debian/Ubuntu apt sources automatically 118s sh: Distribution appears to be Ubuntu 119s Reading package lists... 119s Building dependency tree... 119s Reading state information... 119s eatmydata is already the newest version (131-1). 119s 0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded. 119s Reading package lists... 119s Building dependency tree... 119s Reading state information... 120s dbus is already the newest version (1.14.10-4ubuntu1). 120s 0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded. 120s Reading package lists... 120s Building dependency tree... 120s Reading state information... 120s rng-tools-debian is already the newest version (2.4). 120s 0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded. 120s Reading package lists... 120s Building dependency tree... 120s Reading state information... 121s The following packages will be REMOVED: 121s cloud-init* python3-configobj* python3-debconf* 121s 0 upgraded, 0 newly installed, 3 to remove and 0 not upgraded. 121s After this operation, 3256 kB disk space will be freed. 121s (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 51777 files and directories currently installed.) 121s Removing cloud-init (24.1.2-0ubuntu1) ... 121s Removing python3-configobj (5.0.8-3) ... 121s Removing python3-debconf (1.5.86) ... 121s Processing triggers for man-db (2.12.0-3) ... 122s (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 51388 files and directories currently installed.) 122s Purging configuration files for cloud-init (24.1.2-0ubuntu1) ... 123s dpkg: warning: while removing cloud-init, directory '/etc/cloud/cloud.cfg.d' not empty so not removed 123s Processing triggers for rsyslog (8.2312.0-3ubuntu3) ... 123s invoke-rc.d: policy-rc.d denied execution of try-restart. 123s Reading package lists... 123s Building dependency tree... 123s Reading state information... 123s linux-generic is already the newest version (6.8.0-11.11+1). 123s 0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded. 124s Hit:1 http://ftpmaster.internal/ubuntu noble InRelease 124s Hit:2 http://ftpmaster.internal/ubuntu noble-updates InRelease 124s Hit:3 http://ftpmaster.internal/ubuntu noble-security InRelease 126s Reading package lists... 126s Reading package lists... 127s Building dependency tree... 127s Reading state information... 127s Calculating upgrade... 127s 0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded. 127s Reading package lists... 128s Building dependency tree... 128s Reading state information... 128s 0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded. 128s autopkgtest [21:44:49]: rebooting testbed after setup commands that affected boot 151s autopkgtest [21:45:12]: testbed running kernel: Linux 6.8.0-11-generic #11-Ubuntu SMP Tue Feb 13 23:45:46 UTC 2024 154s autopkgtest [21:45:15]: @@@@@@@@@@@@@@@@@@@@ apt-source sssd 178s Get:1 http://ftpmaster.internal/ubuntu noble/main sssd 2.9.4-1ubuntu1 (dsc) [5269 B] 178s Get:2 http://ftpmaster.internal/ubuntu noble/main sssd 2.9.4-1ubuntu1 (tar) [7983 kB] 178s Get:3 http://ftpmaster.internal/ubuntu noble/main sssd 2.9.4-1ubuntu1 (asc) [833 B] 178s Get:4 http://ftpmaster.internal/ubuntu noble/main sssd 2.9.4-1ubuntu1 (diff) [48.4 kB] 178s gpgv: Signature made Mon Feb 26 21:56:54 2024 UTC 178s gpgv: using RSA key E92FD0B36B14F1F4D8E0EB2F106DA1C8C3CBBF14 178s gpgv: Can't check signature: No public key 178s dpkg-source: warning: cannot verify inline signature for ./sssd_2.9.4-1ubuntu1.dsc: no acceptable signature found 178s autopkgtest [21:45:39]: testing package sssd version 2.9.4-1ubuntu1 179s autopkgtest [21:45:40]: build not needed 184s autopkgtest [21:45:45]: test ldap-user-group-ldap-auth: preparing testbed 196s Reading package lists... 196s Building dependency tree... 196s Reading state information... 196s Starting pkgProblemResolver with broken count: 0 196s Starting 2 pkgProblemResolver with broken count: 0 196s Done 197s The following additional packages will be installed: 197s expect ldap-utils libavahi-client3 libavahi-common-data libavahi-common3 197s libbasicobjects0 libc-ares2 libcollection4 libcrack2 libdhash1 197s libevent-2.1-7 libini-config5 libipa-hbac-dev libipa-hbac0 libjose0 libkrad0 197s libldb2 libltdl7 libnfsidmap1 libnss-sss libnss-sudo libodbc2 197s libpam-pwquality libpam-sss libpath-utils1 libpwquality-common libpwquality1 197s libref-array1 libsmbclient libsss-certmap-dev libsss-certmap0 197s libsss-idmap-dev libsss-idmap0 libsss-nss-idmap-dev libsss-nss-idmap0 197s libsss-sudo libtalloc2 libtcl8.6 libtdb1 libtevent0 libverto-libevent1 197s libverto1 libwbclient0 python3-libipa-hbac python3-libsss-nss-idmap 197s python3-sss samba-libs slapd sssd sssd-ad sssd-ad-common sssd-common 197s sssd-dbus sssd-idp sssd-ipa sssd-kcm sssd-krb5 sssd-krb5-common sssd-ldap 197s sssd-passkey sssd-proxy sssd-tools tcl-expect tcl8.6 197s Suggested packages: 197s tk8.6 libsasl2-modules-gssapi-mit | libsasl2-modules-gssapi-heimdal 197s odbc-postgresql tdsodbc adcli libsasl2-modules-ldap tcl-tclreadline 197s Recommended packages: 197s cracklib-runtime libsasl2-modules-gssapi-mit 197s | libsasl2-modules-gssapi-heimdal 197s The following NEW packages will be installed: 197s autopkgtest-satdep expect ldap-utils libavahi-client3 libavahi-common-data 197s libavahi-common3 libbasicobjects0 libc-ares2 libcollection4 libcrack2 197s libdhash1 libevent-2.1-7 libini-config5 libipa-hbac-dev libipa-hbac0 197s libjose0 libkrad0 libldb2 libltdl7 libnfsidmap1 libnss-sss libnss-sudo 197s libodbc2 libpam-pwquality libpam-sss libpath-utils1 libpwquality-common 197s libpwquality1 libref-array1 libsmbclient libsss-certmap-dev libsss-certmap0 197s libsss-idmap-dev libsss-idmap0 libsss-nss-idmap-dev libsss-nss-idmap0 197s libsss-sudo libtalloc2 libtcl8.6 libtdb1 libtevent0 libverto-libevent1 197s libverto1 libwbclient0 python3-libipa-hbac python3-libsss-nss-idmap 197s python3-sss samba-libs slapd sssd sssd-ad sssd-ad-common sssd-common 197s sssd-dbus sssd-idp sssd-ipa sssd-kcm sssd-krb5 sssd-krb5-common sssd-ldap 197s sssd-passkey sssd-proxy sssd-tools tcl-expect tcl8.6 197s 0 upgraded, 65 newly installed, 0 to remove and 0 not upgraded. 197s Need to get 12.9 MB/12.9 MB of archives. 197s After this operation, 50.0 MB of additional disk space will be used. 197s Get:1 /tmp/autopkgtest.AyAHeN/1-autopkgtest-satdep.deb autopkgtest-satdep s390x 0 [864 B] 197s Get:2 http://ftpmaster.internal/ubuntu noble/main s390x libltdl7 s390x 2.4.7-7 [41.6 kB] 197s Get:3 http://ftpmaster.internal/ubuntu noble/main s390x libodbc2 s390x 2.3.12-1 [164 kB] 197s Get:4 http://ftpmaster.internal/ubuntu noble/main s390x slapd s390x 2.6.7+dfsg-1~exp1ubuntu1 [1617 kB] 198s Get:5 http://ftpmaster.internal/ubuntu noble/main s390x libtcl8.6 s390x 8.6.13+dfsg-2 [948 kB] 198s Get:6 http://ftpmaster.internal/ubuntu noble/main s390x tcl8.6 s390x 8.6.13+dfsg-2 [14.7 kB] 198s Get:7 http://ftpmaster.internal/ubuntu noble/universe s390x tcl-expect s390x 5.45.4-2build1 [99.7 kB] 199s Get:8 http://ftpmaster.internal/ubuntu noble/universe s390x expect s390x 5.45.4-2build1 [137 kB] 199s Get:9 http://ftpmaster.internal/ubuntu noble/main s390x ldap-utils s390x 2.6.7+dfsg-1~exp1ubuntu1 [165 kB] 199s Get:10 http://ftpmaster.internal/ubuntu noble/main s390x libavahi-common-data s390x 0.8-13ubuntu2 [29.5 kB] 199s Get:11 http://ftpmaster.internal/ubuntu noble/main s390x libavahi-common3 s390x 0.8-13ubuntu2 [23.8 kB] 199s Get:12 http://ftpmaster.internal/ubuntu noble/main s390x libavahi-client3 s390x 0.8-13ubuntu2 [26.7 kB] 199s Get:13 http://ftpmaster.internal/ubuntu noble/main s390x libcrack2 s390x 2.9.6-5.1 [29.6 kB] 199s Get:14 http://ftpmaster.internal/ubuntu noble/main s390x libevent-2.1-7 s390x 2.1.12-stable-9 [144 kB] 199s Get:15 http://ftpmaster.internal/ubuntu noble/universe s390x libjose0 s390x 11-3 [45.2 kB] 199s Get:16 http://ftpmaster.internal/ubuntu noble/main s390x libverto-libevent1 s390x 0.3.1-1ubuntu5 [5810 B] 199s Get:17 http://ftpmaster.internal/ubuntu noble/main s390x libverto1 s390x 0.3.1-1ubuntu5 [10.6 kB] 199s Get:18 http://ftpmaster.internal/ubuntu noble/main s390x libkrad0 s390x 1.20.1-5build1 [22.0 kB] 199s Get:19 http://ftpmaster.internal/ubuntu noble/main s390x libtalloc2 s390x 2.4.2-1 [28.3 kB] 199s Get:20 http://ftpmaster.internal/ubuntu noble/main s390x libtdb1 s390x 1.4.10-1 [49.9 kB] 199s Get:21 http://ftpmaster.internal/ubuntu noble/main s390x libtevent0 s390x 0.16.1-1 [43.1 kB] 199s Get:22 http://ftpmaster.internal/ubuntu noble/main s390x libldb2 s390x 2:2.8.0+samba4.19.5+dfsg-1ubuntu1 [191 kB] 199s Get:23 http://ftpmaster.internal/ubuntu noble/main s390x libnfsidmap1 s390x 1:2.6.3-3ubuntu1 [49.0 kB] 199s Get:24 http://ftpmaster.internal/ubuntu noble/universe s390x libnss-sudo all 1.9.15p5-3ubuntu1 [14.9 kB] 199s Get:25 http://ftpmaster.internal/ubuntu noble/main s390x libpwquality-common all 1.4.5-3 [7658 B] 199s Get:26 http://ftpmaster.internal/ubuntu noble/main s390x libpwquality1 s390x 1.4.5-3 [14.7 kB] 199s Get:27 http://ftpmaster.internal/ubuntu noble/main s390x libpam-pwquality s390x 1.4.5-3 [11.6 kB] 199s Get:28 http://ftpmaster.internal/ubuntu noble/main s390x libwbclient0 s390x 2:4.19.5+dfsg-1ubuntu1 [70.3 kB] 199s Get:29 http://ftpmaster.internal/ubuntu noble/main s390x samba-libs s390x 2:4.19.5+dfsg-1ubuntu1 [6231 kB] 200s Get:30 http://ftpmaster.internal/ubuntu noble/main s390x libnss-sss s390x 2.9.4-1ubuntu1 [32.6 kB] 200s Get:31 http://ftpmaster.internal/ubuntu noble/main s390x libpam-sss s390x 2.9.4-1ubuntu1 [51.9 kB] 200s Get:32 http://ftpmaster.internal/ubuntu noble/main s390x python3-sss s390x 2.9.4-1ubuntu1 [46.6 kB] 200s Get:33 http://ftpmaster.internal/ubuntu noble/main s390x libc-ares2 s390x 1.27.0-1 [79.2 kB] 200s Get:34 http://ftpmaster.internal/ubuntu noble/main s390x libdhash1 s390x 0.6.2-2 [8648 B] 200s Get:35 http://ftpmaster.internal/ubuntu noble/main s390x libbasicobjects0 s390x 0.6.2-2 [5476 B] 200s Get:36 http://ftpmaster.internal/ubuntu noble/main s390x libcollection4 s390x 0.6.2-2 [23.2 kB] 200s Get:37 http://ftpmaster.internal/ubuntu noble/main s390x libpath-utils1 s390x 0.6.2-2 [8994 B] 200s Get:38 http://ftpmaster.internal/ubuntu noble/main s390x libref-array1 s390x 0.6.2-2 [6880 B] 200s Get:39 http://ftpmaster.internal/ubuntu noble/main s390x libini-config5 s390x 0.6.2-2 [45.3 kB] 200s Get:40 http://ftpmaster.internal/ubuntu noble/main s390x libsss-certmap0 s390x 2.9.4-1ubuntu1 [46.7 kB] 200s Get:41 http://ftpmaster.internal/ubuntu noble/main s390x libsss-idmap0 s390x 2.9.4-1ubuntu1 [22.1 kB] 200s Get:42 http://ftpmaster.internal/ubuntu noble/main s390x libsss-nss-idmap0 s390x 2.9.4-1ubuntu1 [31.4 kB] 200s Get:43 http://ftpmaster.internal/ubuntu noble/main s390x sssd-common s390x 2.9.4-1ubuntu1 [1125 kB] 200s Get:44 http://ftpmaster.internal/ubuntu noble/universe s390x sssd-idp s390x 2.9.4-1ubuntu1 [27.3 kB] 200s Get:45 http://ftpmaster.internal/ubuntu noble/universe s390x sssd-passkey s390x 2.9.4-1ubuntu1 [32.3 kB] 200s Get:46 http://ftpmaster.internal/ubuntu noble/main s390x sssd-ad-common s390x 2.9.4-1ubuntu1 [74.8 kB] 200s Get:47 http://ftpmaster.internal/ubuntu noble/main s390x sssd-krb5-common s390x 2.9.4-1ubuntu1 [90.3 kB] 200s Get:48 http://ftpmaster.internal/ubuntu noble/main s390x libsmbclient s390x 2:4.19.5+dfsg-1ubuntu1 [65.1 kB] 200s Get:49 http://ftpmaster.internal/ubuntu noble/main s390x sssd-ad s390x 2.9.4-1ubuntu1 [133 kB] 200s Get:50 http://ftpmaster.internal/ubuntu noble/main s390x libipa-hbac0 s390x 2.9.4-1ubuntu1 [16.8 kB] 200s Get:51 http://ftpmaster.internal/ubuntu noble/main s390x sssd-ipa s390x 2.9.4-1ubuntu1 [215 kB] 200s Get:52 http://ftpmaster.internal/ubuntu noble/main s390x sssd-krb5 s390x 2.9.4-1ubuntu1 [14.4 kB] 200s Get:53 http://ftpmaster.internal/ubuntu noble/main s390x sssd-ldap s390x 2.9.4-1ubuntu1 [31.0 kB] 200s Get:54 http://ftpmaster.internal/ubuntu noble/main s390x sssd-proxy s390x 2.9.4-1ubuntu1 [43.9 kB] 200s Get:55 http://ftpmaster.internal/ubuntu noble/main s390x sssd s390x 2.9.4-1ubuntu1 [4120 B] 200s Get:56 http://ftpmaster.internal/ubuntu noble/main s390x sssd-dbus s390x 2.9.4-1ubuntu1 [101 kB] 200s Get:57 http://ftpmaster.internal/ubuntu noble/universe s390x sssd-kcm s390x 2.9.4-1ubuntu1 [137 kB] 200s Get:58 http://ftpmaster.internal/ubuntu noble/main s390x sssd-tools s390x 2.9.4-1ubuntu1 [97.6 kB] 200s Get:59 http://ftpmaster.internal/ubuntu noble/main s390x libipa-hbac-dev s390x 2.9.4-1ubuntu1 [6660 B] 200s Get:60 http://ftpmaster.internal/ubuntu noble/main s390x libsss-certmap-dev s390x 2.9.4-1ubuntu1 [5734 B] 200s Get:61 http://ftpmaster.internal/ubuntu noble/main s390x libsss-idmap-dev s390x 2.9.4-1ubuntu1 [8376 B] 200s Get:62 http://ftpmaster.internal/ubuntu noble/main s390x libsss-nss-idmap-dev s390x 2.9.4-1ubuntu1 [6708 B] 200s Get:63 http://ftpmaster.internal/ubuntu noble/universe s390x libsss-sudo s390x 2.9.4-1ubuntu1 [21.3 kB] 200s Get:64 http://ftpmaster.internal/ubuntu noble/universe s390x python3-libipa-hbac s390x 2.9.4-1ubuntu1 [16.9 kB] 200s Get:65 http://ftpmaster.internal/ubuntu noble/universe s390x python3-libsss-nss-idmap s390x 2.9.4-1ubuntu1 [9140 B] 201s Preconfiguring packages ... 201s Fetched 12.9 MB in 4s (3694 kB/s) 201s Selecting previously unselected package libltdl7:s390x. 201s (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 51331 files and directories currently installed.) 201s Preparing to unpack .../00-libltdl7_2.4.7-7_s390x.deb ... 201s Unpacking libltdl7:s390x (2.4.7-7) ... 201s Selecting previously unselected package libodbc2:s390x. 201s Preparing to unpack .../01-libodbc2_2.3.12-1_s390x.deb ... 201s Unpacking libodbc2:s390x (2.3.12-1) ... 201s Selecting previously unselected package slapd. 201s Preparing to unpack .../02-slapd_2.6.7+dfsg-1~exp1ubuntu1_s390x.deb ... 202s Unpacking slapd (2.6.7+dfsg-1~exp1ubuntu1) ... 202s Selecting previously unselected package libtcl8.6:s390x. 202s Preparing to unpack .../03-libtcl8.6_8.6.13+dfsg-2_s390x.deb ... 202s Unpacking libtcl8.6:s390x (8.6.13+dfsg-2) ... 202s Selecting previously unselected package tcl8.6. 202s Preparing to unpack .../04-tcl8.6_8.6.13+dfsg-2_s390x.deb ... 202s Unpacking tcl8.6 (8.6.13+dfsg-2) ... 202s Selecting previously unselected package tcl-expect:s390x. 202s Preparing to unpack .../05-tcl-expect_5.45.4-2build1_s390x.deb ... 202s Unpacking tcl-expect:s390x (5.45.4-2build1) ... 202s Selecting previously unselected package expect. 202s Preparing to unpack .../06-expect_5.45.4-2build1_s390x.deb ... 202s Unpacking expect (5.45.4-2build1) ... 202s Selecting previously unselected package ldap-utils. 202s Preparing to unpack .../07-ldap-utils_2.6.7+dfsg-1~exp1ubuntu1_s390x.deb ... 202s Unpacking ldap-utils (2.6.7+dfsg-1~exp1ubuntu1) ... 202s Selecting previously unselected package libavahi-common-data:s390x. 202s Preparing to unpack .../08-libavahi-common-data_0.8-13ubuntu2_s390x.deb ... 202s Unpacking libavahi-common-data:s390x (0.8-13ubuntu2) ... 202s Selecting previously unselected package libavahi-common3:s390x. 202s Preparing to unpack .../09-libavahi-common3_0.8-13ubuntu2_s390x.deb ... 202s Unpacking libavahi-common3:s390x (0.8-13ubuntu2) ... 202s Selecting previously unselected package libavahi-client3:s390x. 202s Preparing to unpack .../10-libavahi-client3_0.8-13ubuntu2_s390x.deb ... 202s Unpacking libavahi-client3:s390x (0.8-13ubuntu2) ... 202s Selecting previously unselected package libcrack2:s390x. 202s Preparing to unpack .../11-libcrack2_2.9.6-5.1_s390x.deb ... 202s Unpacking libcrack2:s390x (2.9.6-5.1) ... 202s Selecting previously unselected package libevent-2.1-7:s390x. 202s Preparing to unpack .../12-libevent-2.1-7_2.1.12-stable-9_s390x.deb ... 202s Unpacking libevent-2.1-7:s390x (2.1.12-stable-9) ... 202s Selecting previously unselected package libjose0:s390x. 202s Preparing to unpack .../13-libjose0_11-3_s390x.deb ... 202s Unpacking libjose0:s390x (11-3) ... 202s Selecting previously unselected package libverto-libevent1:s390x. 202s Preparing to unpack .../14-libverto-libevent1_0.3.1-1ubuntu5_s390x.deb ... 202s Unpacking libverto-libevent1:s390x (0.3.1-1ubuntu5) ... 202s Selecting previously unselected package libverto1:s390x. 202s Preparing to unpack .../15-libverto1_0.3.1-1ubuntu5_s390x.deb ... 202s Unpacking libverto1:s390x (0.3.1-1ubuntu5) ... 202s Selecting previously unselected package libkrad0:s390x. 202s Preparing to unpack .../16-libkrad0_1.20.1-5build1_s390x.deb ... 202s Unpacking libkrad0:s390x (1.20.1-5build1) ... 202s Selecting previously unselected package libtalloc2:s390x. 202s Preparing to unpack .../17-libtalloc2_2.4.2-1_s390x.deb ... 202s Unpacking libtalloc2:s390x (2.4.2-1) ... 202s Selecting previously unselected package libtdb1:s390x. 202s Preparing to unpack .../18-libtdb1_1.4.10-1_s390x.deb ... 202s Unpacking libtdb1:s390x (1.4.10-1) ... 202s Selecting previously unselected package libtevent0:s390x. 202s Preparing to unpack .../19-libtevent0_0.16.1-1_s390x.deb ... 202s Unpacking libtevent0:s390x (0.16.1-1) ... 202s Selecting previously unselected package libldb2:s390x. 202s Preparing to unpack .../20-libldb2_2%3a2.8.0+samba4.19.5+dfsg-1ubuntu1_s390x.deb ... 202s Unpacking libldb2:s390x (2:2.8.0+samba4.19.5+dfsg-1ubuntu1) ... 202s Selecting previously unselected package libnfsidmap1:s390x. 202s Preparing to unpack .../21-libnfsidmap1_1%3a2.6.3-3ubuntu1_s390x.deb ... 202s Unpacking libnfsidmap1:s390x (1:2.6.3-3ubuntu1) ... 202s Selecting previously unselected package libnss-sudo. 202s Preparing to unpack .../22-libnss-sudo_1.9.15p5-3ubuntu1_all.deb ... 202s Unpacking libnss-sudo (1.9.15p5-3ubuntu1) ... 202s Selecting previously unselected package libpwquality-common. 202s Preparing to unpack .../23-libpwquality-common_1.4.5-3_all.deb ... 202s Unpacking libpwquality-common (1.4.5-3) ... 202s Selecting previously unselected package libpwquality1:s390x. 202s Preparing to unpack .../24-libpwquality1_1.4.5-3_s390x.deb ... 202s Unpacking libpwquality1:s390x (1.4.5-3) ... 202s Selecting previously unselected package libpam-pwquality:s390x. 202s Preparing to unpack .../25-libpam-pwquality_1.4.5-3_s390x.deb ... 202s Unpacking libpam-pwquality:s390x (1.4.5-3) ... 202s Selecting previously unselected package libwbclient0:s390x. 202s Preparing to unpack .../26-libwbclient0_2%3a4.19.5+dfsg-1ubuntu1_s390x.deb ... 202s Unpacking libwbclient0:s390x (2:4.19.5+dfsg-1ubuntu1) ... 202s Selecting previously unselected package samba-libs:s390x. 202s Preparing to unpack .../27-samba-libs_2%3a4.19.5+dfsg-1ubuntu1_s390x.deb ... 202s Unpacking samba-libs:s390x (2:4.19.5+dfsg-1ubuntu1) ... 202s Selecting previously unselected package libnss-sss:s390x. 202s Preparing to unpack .../28-libnss-sss_2.9.4-1ubuntu1_s390x.deb ... 202s Unpacking libnss-sss:s390x (2.9.4-1ubuntu1) ... 202s Selecting previously unselected package libpam-sss:s390x. 202s Preparing to unpack .../29-libpam-sss_2.9.4-1ubuntu1_s390x.deb ... 202s Unpacking libpam-sss:s390x (2.9.4-1ubuntu1) ... 202s Selecting previously unselected package python3-sss. 202s Preparing to unpack .../30-python3-sss_2.9.4-1ubuntu1_s390x.deb ... 202s Unpacking python3-sss (2.9.4-1ubuntu1) ... 202s Selecting previously unselected package libc-ares2:s390x. 202s Preparing to unpack .../31-libc-ares2_1.27.0-1_s390x.deb ... 202s Unpacking libc-ares2:s390x (1.27.0-1) ... 203s Selecting previously unselected package libdhash1:s390x. 203s Preparing to unpack .../32-libdhash1_0.6.2-2_s390x.deb ... 203s Unpacking libdhash1:s390x (0.6.2-2) ... 203s Selecting previously unselected package libbasicobjects0:s390x. 203s Preparing to unpack .../33-libbasicobjects0_0.6.2-2_s390x.deb ... 203s Unpacking libbasicobjects0:s390x (0.6.2-2) ... 203s Selecting previously unselected package libcollection4:s390x. 203s Preparing to unpack .../34-libcollection4_0.6.2-2_s390x.deb ... 203s Unpacking libcollection4:s390x (0.6.2-2) ... 203s Selecting previously unselected package libpath-utils1:s390x. 203s Preparing to unpack .../35-libpath-utils1_0.6.2-2_s390x.deb ... 203s Unpacking libpath-utils1:s390x (0.6.2-2) ... 203s Selecting previously unselected package libref-array1:s390x. 203s Preparing to unpack .../36-libref-array1_0.6.2-2_s390x.deb ... 203s Unpacking libref-array1:s390x (0.6.2-2) ... 203s Selecting previously unselected package libini-config5:s390x. 203s Preparing to unpack .../37-libini-config5_0.6.2-2_s390x.deb ... 203s Unpacking libini-config5:s390x (0.6.2-2) ... 203s Selecting previously unselected package libsss-certmap0. 203s Preparing to unpack .../38-libsss-certmap0_2.9.4-1ubuntu1_s390x.deb ... 203s Unpacking libsss-certmap0 (2.9.4-1ubuntu1) ... 203s Selecting previously unselected package libsss-idmap0. 203s Preparing to unpack .../39-libsss-idmap0_2.9.4-1ubuntu1_s390x.deb ... 203s Unpacking libsss-idmap0 (2.9.4-1ubuntu1) ... 203s Selecting previously unselected package libsss-nss-idmap0. 203s Preparing to unpack .../40-libsss-nss-idmap0_2.9.4-1ubuntu1_s390x.deb ... 203s Unpacking libsss-nss-idmap0 (2.9.4-1ubuntu1) ... 203s Selecting previously unselected package sssd-common. 203s Preparing to unpack .../41-sssd-common_2.9.4-1ubuntu1_s390x.deb ... 203s Unpacking sssd-common (2.9.4-1ubuntu1) ... 203s Selecting previously unselected package sssd-idp. 203s Preparing to unpack .../42-sssd-idp_2.9.4-1ubuntu1_s390x.deb ... 203s Unpacking sssd-idp (2.9.4-1ubuntu1) ... 203s Selecting previously unselected package sssd-passkey. 203s Preparing to unpack .../43-sssd-passkey_2.9.4-1ubuntu1_s390x.deb ... 203s Unpacking sssd-passkey (2.9.4-1ubuntu1) ... 203s Selecting previously unselected package sssd-ad-common. 203s Preparing to unpack .../44-sssd-ad-common_2.9.4-1ubuntu1_s390x.deb ... 203s Unpacking sssd-ad-common (2.9.4-1ubuntu1) ... 203s Selecting previously unselected package sssd-krb5-common. 203s Preparing to unpack .../45-sssd-krb5-common_2.9.4-1ubuntu1_s390x.deb ... 203s Unpacking sssd-krb5-common (2.9.4-1ubuntu1) ... 203s Selecting previously unselected package libsmbclient:s390x. 203s Preparing to unpack .../46-libsmbclient_2%3a4.19.5+dfsg-1ubuntu1_s390x.deb ... 203s Unpacking libsmbclient:s390x (2:4.19.5+dfsg-1ubuntu1) ... 203s Selecting previously unselected package sssd-ad. 203s Preparing to unpack .../47-sssd-ad_2.9.4-1ubuntu1_s390x.deb ... 203s Unpacking sssd-ad (2.9.4-1ubuntu1) ... 203s Selecting previously unselected package libipa-hbac0. 203s Preparing to unpack .../48-libipa-hbac0_2.9.4-1ubuntu1_s390x.deb ... 203s Unpacking libipa-hbac0 (2.9.4-1ubuntu1) ... 203s Selecting previously unselected package sssd-ipa. 203s Preparing to unpack .../49-sssd-ipa_2.9.4-1ubuntu1_s390x.deb ... 203s Unpacking sssd-ipa (2.9.4-1ubuntu1) ... 203s Selecting previously unselected package sssd-krb5. 203s Preparing to unpack .../50-sssd-krb5_2.9.4-1ubuntu1_s390x.deb ... 203s Unpacking sssd-krb5 (2.9.4-1ubuntu1) ... 203s Selecting previously unselected package sssd-ldap. 203s Preparing to unpack .../51-sssd-ldap_2.9.4-1ubuntu1_s390x.deb ... 203s Unpacking sssd-ldap (2.9.4-1ubuntu1) ... 203s Selecting previously unselected package sssd-proxy. 203s Preparing to unpack .../52-sssd-proxy_2.9.4-1ubuntu1_s390x.deb ... 203s Unpacking sssd-proxy (2.9.4-1ubuntu1) ... 203s Selecting previously unselected package sssd. 203s Preparing to unpack .../53-sssd_2.9.4-1ubuntu1_s390x.deb ... 203s Unpacking sssd (2.9.4-1ubuntu1) ... 203s Selecting previously unselected package sssd-dbus. 203s Preparing to unpack .../54-sssd-dbus_2.9.4-1ubuntu1_s390x.deb ... 203s Unpacking sssd-dbus (2.9.4-1ubuntu1) ... 203s Selecting previously unselected package sssd-kcm. 203s Preparing to unpack .../55-sssd-kcm_2.9.4-1ubuntu1_s390x.deb ... 203s Unpacking sssd-kcm (2.9.4-1ubuntu1) ... 203s Selecting previously unselected package sssd-tools. 203s Preparing to unpack .../56-sssd-tools_2.9.4-1ubuntu1_s390x.deb ... 203s Unpacking sssd-tools (2.9.4-1ubuntu1) ... 203s Selecting previously unselected package libipa-hbac-dev. 203s Preparing to unpack .../57-libipa-hbac-dev_2.9.4-1ubuntu1_s390x.deb ... 203s Unpacking libipa-hbac-dev (2.9.4-1ubuntu1) ... 203s Selecting previously unselected package libsss-certmap-dev. 203s Preparing to unpack .../58-libsss-certmap-dev_2.9.4-1ubuntu1_s390x.deb ... 203s Unpacking libsss-certmap-dev (2.9.4-1ubuntu1) ... 203s Selecting previously unselected package libsss-idmap-dev. 203s Preparing to unpack .../59-libsss-idmap-dev_2.9.4-1ubuntu1_s390x.deb ... 203s Unpacking libsss-idmap-dev (2.9.4-1ubuntu1) ... 203s Selecting previously unselected package libsss-nss-idmap-dev. 203s Preparing to unpack .../60-libsss-nss-idmap-dev_2.9.4-1ubuntu1_s390x.deb ... 203s Unpacking libsss-nss-idmap-dev (2.9.4-1ubuntu1) ... 203s Selecting previously unselected package libsss-sudo. 203s Preparing to unpack .../61-libsss-sudo_2.9.4-1ubuntu1_s390x.deb ... 203s Unpacking libsss-sudo (2.9.4-1ubuntu1) ... 203s Selecting previously unselected package python3-libipa-hbac. 203s Preparing to unpack .../62-python3-libipa-hbac_2.9.4-1ubuntu1_s390x.deb ... 203s Unpacking python3-libipa-hbac (2.9.4-1ubuntu1) ... 203s Selecting previously unselected package python3-libsss-nss-idmap. 203s Preparing to unpack .../63-python3-libsss-nss-idmap_2.9.4-1ubuntu1_s390x.deb ... 203s Unpacking python3-libsss-nss-idmap (2.9.4-1ubuntu1) ... 203s Selecting previously unselected package autopkgtest-satdep. 203s Preparing to unpack .../64-1-autopkgtest-satdep.deb ... 203s Unpacking autopkgtest-satdep (0) ... 203s Setting up libpwquality-common (1.4.5-3) ... 203s Setting up libpath-utils1:s390x (0.6.2-2) ... 203s Setting up libnfsidmap1:s390x (1:2.6.3-3ubuntu1) ... 203s Setting up libsss-idmap0 (2.9.4-1ubuntu1) ... 203s Setting up libbasicobjects0:s390x (0.6.2-2) ... 203s Setting up libsss-idmap-dev (2.9.4-1ubuntu1) ... 203s Setting up libtdb1:s390x (1.4.10-1) ... 203s Setting up libc-ares2:s390x (1.27.0-1) ... 203s Setting up ldap-utils (2.6.7+dfsg-1~exp1ubuntu1) ... 203s Setting up libjose0:s390x (11-3) ... 203s Setting up libwbclient0:s390x (2:4.19.5+dfsg-1ubuntu1) ... 203s Setting up libtalloc2:s390x (2.4.2-1) ... 203s Setting up libdhash1:s390x (0.6.2-2) ... 203s Setting up libtevent0:s390x (0.16.1-1) ... 203s Setting up libavahi-common-data:s390x (0.8-13ubuntu2) ... 203s Setting up libevent-2.1-7:s390x (2.1.12-stable-9) ... 203s Setting up libtcl8.6:s390x (8.6.13+dfsg-2) ... 203s Setting up libltdl7:s390x (2.4.7-7) ... 203s Setting up libcrack2:s390x (2.9.6-5.1) ... 203s Setting up libcollection4:s390x (0.6.2-2) ... 203s Setting up libodbc2:s390x (2.3.12-1) ... 203s Setting up libipa-hbac0 (2.9.4-1ubuntu1) ... 203s Setting up python3-libipa-hbac (2.9.4-1ubuntu1) ... 203s Setting up libref-array1:s390x (0.6.2-2) ... 203s Setting up libnss-sudo (1.9.15p5-3ubuntu1) ... 203s Setting up libldb2:s390x (2:2.8.0+samba4.19.5+dfsg-1ubuntu1) ... 203s Setting up libsss-nss-idmap0 (2.9.4-1ubuntu1) ... 203s Setting up libnss-sss:s390x (2.9.4-1ubuntu1) ... 203s Setting up slapd (2.6.7+dfsg-1~exp1ubuntu1) ... 204s Creating new user openldap... done. 204s Creating initial configuration... done. 204s Creating LDAP directory... done. 205s Setting up tcl8.6 (8.6.13+dfsg-2) ... 205s Setting up libsss-sudo (2.9.4-1ubuntu1) ... 205s Setting up libsss-nss-idmap-dev (2.9.4-1ubuntu1) ... 205s Setting up libipa-hbac-dev (2.9.4-1ubuntu1) ... 205s Setting up libini-config5:s390x (0.6.2-2) ... 205s Setting up libavahi-common3:s390x (0.8-13ubuntu2) ... 205s Setting up tcl-expect:s390x (5.45.4-2build1) ... 205s Setting up python3-sss (2.9.4-1ubuntu1) ... 205s Setting up libsss-certmap0 (2.9.4-1ubuntu1) ... 205s Setting up libpwquality1:s390x (1.4.5-3) ... 205s Setting up python3-libsss-nss-idmap (2.9.4-1ubuntu1) ... 205s Setting up libavahi-client3:s390x (0.8-13ubuntu2) ... 205s Setting up expect (5.45.4-2build1) ... 205s Setting up libpam-pwquality:s390x (1.4.5-3) ... 205s Setting up samba-libs:s390x (2:4.19.5+dfsg-1ubuntu1) ... 205s Setting up libsss-certmap-dev (2.9.4-1ubuntu1) ... 205s Setting up libsmbclient:s390x (2:4.19.5+dfsg-1ubuntu1) ... 205s Setting up libpam-sss:s390x (2.9.4-1ubuntu1) ... 205s Setting up sssd-common (2.9.4-1ubuntu1) ... 205s Creating SSSD system user & group... 205s warn: The home directory `/var/lib/sss' already exists. Not touching this directory. 205s warn: Warning: The home directory `/var/lib/sss' does not belong to the user you are currently creating. 205s Warning: found usr.sbin.sssd in /etc/apparmor.d/force-complain, forcing complain mode 205s Warning from /etc/apparmor.d/usr.sbin.sssd (/etc/apparmor.d/usr.sbin.sssd line 63): Caching disabled for: 'usr.sbin.sssd' due to force complain 206s Created symlink /etc/systemd/system/sssd.service.wants/sssd-autofs.socket → /usr/lib/systemd/system/sssd-autofs.socket. 206s Created symlink /etc/systemd/system/sssd.service.wants/sssd-nss.socket → /usr/lib/systemd/system/sssd-nss.socket. 206s Created symlink /etc/systemd/system/sssd.service.wants/sssd-pam-priv.socket → /usr/lib/systemd/system/sssd-pam-priv.socket. 206s Created symlink /etc/systemd/system/sssd.service.wants/sssd-pam.socket → /usr/lib/systemd/system/sssd-pam.socket. 207s Created symlink /etc/systemd/system/sssd.service.wants/sssd-ssh.socket → /usr/lib/systemd/system/sssd-ssh.socket. 207s Created symlink /etc/systemd/system/sssd.service.wants/sssd-sudo.socket → /usr/lib/systemd/system/sssd-sudo.socket. 207s Created symlink /etc/systemd/system/multi-user.target.wants/sssd.service → /usr/lib/systemd/system/sssd.service. 208s sssd-autofs.service is a disabled or a static unit, not starting it. 208s sssd-nss.service is a disabled or a static unit, not starting it. 208s sssd-pam.service is a disabled or a static unit, not starting it. 208s sssd-ssh.service is a disabled or a static unit, not starting it. 208s sssd-sudo.service is a disabled or a static unit, not starting it. 208s Could not execute systemctl: at /usr/bin/deb-systemd-invoke line 148. 208s Setting up sssd-proxy (2.9.4-1ubuntu1) ... 208s Setting up sssd-kcm (2.9.4-1ubuntu1) ... 208s Created symlink /etc/systemd/system/sockets.target.wants/sssd-kcm.socket → /usr/lib/systemd/system/sssd-kcm.socket. 209s sssd-kcm.service is a disabled or a static unit, not starting it. 209s Setting up sssd-dbus (2.9.4-1ubuntu1) ... 209s sssd-ifp.service is a disabled or a static unit, not starting it. 209s Setting up sssd-ad-common (2.9.4-1ubuntu1) ... 210s Created symlink /etc/systemd/system/sssd.service.wants/sssd-pac.socket → /usr/lib/systemd/system/sssd-pac.socket. 210s sssd-pac.service is a disabled or a static unit, not starting it. 210s Could not execute systemctl: at /usr/bin/deb-systemd-invoke line 148. 210s Setting up sssd-krb5-common (2.9.4-1ubuntu1) ... 210s Setting up sssd-krb5 (2.9.4-1ubuntu1) ... 210s Setting up sssd-ldap (2.9.4-1ubuntu1) ... 210s Setting up sssd-ad (2.9.4-1ubuntu1) ... 210s Setting up sssd-tools (2.9.4-1ubuntu1) ... 210s Setting up sssd-ipa (2.9.4-1ubuntu1) ... 210s Setting up sssd (2.9.4-1ubuntu1) ... 210s Setting up libverto-libevent1:s390x (0.3.1-1ubuntu5) ... 210s Setting up libverto1:s390x (0.3.1-1ubuntu5) ... 210s Setting up libkrad0:s390x (1.20.1-5build1) ... 210s Setting up sssd-passkey (2.9.4-1ubuntu1) ... 210s Setting up sssd-idp (2.9.4-1ubuntu1) ... 210s Setting up autopkgtest-satdep (0) ... 210s Processing triggers for libc-bin (2.39-0ubuntu2) ... 210s Processing triggers for ufw (0.36.2-5) ... 210s Processing triggers for man-db (2.12.0-3) ... 211s Processing triggers for dbus (1.14.10-4ubuntu1) ... 222s (Reading database ... 52616 files and directories currently installed.) 222s Removing autopkgtest-satdep (0) ... 223s autopkgtest [21:46:24]: test ldap-user-group-ldap-auth: [----------------------- 223s + . debian/tests/util 223s + . debian/tests/common-tests 223s + mydomain=example.com 223s + myhostname=ldap.example.com 223s + mysuffix=dc=example,dc=com 223s + admin_dn=cn=admin,dc=example,dc=com 223s + admin_pw=secret 223s + ldap_user=testuser1 223s + ldap_user_pw=testuser1secret 223s + ldap_group=ldapusers 223s + adjust_hostname ldap.example.com 223s + local myhostname=ldap.example.com 223s + echo ldap.example.com 223s + hostname ldap.example.com 223s + grep -qE ldap.example.com /etc/hosts 223s + echo 127.0.1.10 ldap.example.com 223s + reconfigure_slapd 223s + debconf-set-selections 223s + rm -rf /var/backups/*slapd* /var/backups/unknown*ldapdb 223s + dpkg-reconfigure -fnoninteractive -pcritical slapd 224s Backing up /etc/ldap/slapd.d in /var/backups/slapd-2.6.7+dfsg-1~exp1ubuntu1... done. 224s Moving old database directory to /var/backups: 224s - directory unknown... done. 224s Creating initial configuration... done. 224s Creating LDAP directory... done. 224s + generate_certs ldap.example.com 224s + local cn=ldap.example.com 224s + local cert=/etc/ldap/server.pem 224s + local key=/etc/ldap/server.key 224s + local cnf=/etc/ldap/openssl.cnf 224s + cat 224s + openssl req -new -x509 -nodes -out /etc/ldap/server.pem -keyout /etc/ldap/server.key -config /etc/ldap/openssl.cnf 224s .....+++++++++++++++++++++++++++++++++++++++++++modifying entry "cn=config" 224s 224s +++++++++++++++++++++ 224s ........++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 224s ----- 224s + chmod 0640 /etc/ldap/server.key 224s + chgrp openldap /etc/ldap/server.key 224s + [ ! -f /etc/ldap/server.pem ] 224s + [ ! -f /etc/ldap/server.key ] 224s + enable_ldap_ssl 224s + cat 224s + cat+ 224s ldapmodify -H ldapi:/// -Y EXTERNAL -Q 224s + populate_ldap_rfc2307 224s + cat 224s + ldapadd -x -D cn=admin,dc=example,dc=com -w secret 224s adding new entry "ou=People,dc=example,dc=com" 224s 224s adding new entry "ou=Group,dc=example,dc=com" 224s 224s adding new entry "uid=testuser1,ou=People,dc=example,dc=com" 224s 224s adding new entry "cn=testuser1,ou=Group,dc=example,dc=com" 224s 224s adding new entry "cn=ldapusers,ou=Group,dc=example,dc=com" 224s 224s + configure_sssd_ldap_rfc2307 224s + cat 224s + chmod 0600 /etc/sssd/sssd.conf 224s + systemctl restart sssd 225s + enable_pam_mkhomedir 225s + grep -qE ^session.*pam_mkhomedir\.so /etc/pam.d/common-session 225s + echo session optional pam_mkhomedir.so 225s + run_common_tests 225s + echo Assert local user databases do not have our LDAP test data 225s + check_local_user testuser1 225s + local local_user=testuser1 225s + grep -q ^testuser1 /etc/passwd 225s Assert local user databases do not have our LDAP test data 225s + check_local_group testuser1 225s + local local_group=testuser1 225s + grep -q ^testuser1 /etc/group 225s + check_local_group ldapusers 225s + local local_group=ldapusers 225s + grep -q ^ldapusers /etc/group 225s + echo The LDAP user is known to the system via getent 225s + check_getent_user testuser1 225s + local getent_user=testuser1 225s + local output 225s + getent passwd testuser1 225s + output=testuser1:*:10001:10001:testuser1:/home/testuser1:/bin/bash 225s + [ -z testuser1:*:10001:10001:testuser1:/home/testuser1:/bin/bash ] 225s + echo The LDAP user's private group is known to the system via getent 225s + check_getent_group testuser1 225s + local getent_group=testuser1 225s + local output 225s + getent group testuser1 225s The LDAP user is known to the system via getent 225s The LDAP user's private group is known to the system via getent 225s The LDAP group ldapusers is known to the system via getent 225s + output=testuser1:*:10001:testuser1 225s + [ -z testuser1:*:10001:testuser1 ] 225s + echo The LDAP group ldapusers is known to the system via getent 225s + check_getent_group ldapusers 225s + local getent_group=ldapusers 225s + local output 225s + getent group ldapusers 225s + output=ldapusers:*:10100:testuser1 225s + [ -z ldapusers:*:10100:testuser1 ] 225s + echo The id(1) command can resolve the group membership of the LDAP userThe id(1) command can resolve the group membership of the LDAP user 225s 225s + id -Gn testuser1 225s + output=testuser1 ldapusers 225s + [ testuser1 ldapusers != testuser1 ldapusers ] 225s + The LDAP user can login on a terminal 225s echo The LDAP user can login on a terminal 225s + /usr/bin/expect -f debian/tests/login.exp testuser1 testuser1secret 225s spawn login 225s ldap.example.com login: testuser1 225s Password: 225s Welcome to Ubuntu Noble Numbat (development branch) (GNU/Linux 6.8.0-11-generic s390x) 225s 225s * Documentation: https://help.ubuntu.com 225s * Management: https://landscape.canonical.com 225s * Support: https://ubuntu.com/pro 225s 225s * Strictly confined Kubernetes makes edge and IoT secure. Learn how MicroK8s 225s just raised the bar for easy, resilient and secure K8s cluster deployment. 225s 225s https://ubuntu.com/engage/secure-kubernetes-at-the-edge 225s 225s The programs included with the Ubuntu system are free software; 225s the exact distribution terms for each program are described in the 225s individual files in /usr/share/doc/*/copyright. 225s 225s Ubuntu comes with ABSOLUTELY NO WARRANTY, to the extent permitted by 225s applicable law. 225s 225s 225s The programs included with the Ubuntu system are free software; 225s the exact distribution terms for each program are described in the 225s individual files in /usr/share/doc/*/copyright. 225s 225s Ubuntu comes with ABSOLUTELY NO WARRANTY, to the extent permitted by 225s applicable law. 225s 225s Creating directory '/home/testuser1'. 225s [?2004htestuser1@ldap:~$ id -un 225s [?2004l testuser1 225s [?2004htestuser1@ldap:~$ /tmp/autopkgtest.AyAHeN/wrapper.sh: Killing leaked background processes: 3723 225s PID TTY STAT TIME COMMAND 225s 3723 ? D 0:00 -bash 225s autopkgtest [21:46:26]: test ldap-user-group-ldap-auth: -----------------------] 226s ldap-user-group-ldap-auth PASS 226s autopkgtest [21:46:27]: test ldap-user-group-ldap-auth: - - - - - - - - - - results - - - - - - - - - - 226s autopkgtest [21:46:27]: test ldap-user-group-krb5-auth: preparing testbed 232s Reading package lists... 232s Building dependency tree... 232s Reading state information... 232s Starting pkgProblemResolver with broken count: 0 232s Starting 2 pkgProblemResolver with broken count: 0 232s Done 233s The following additional packages will be installed: 233s krb5-admin-server krb5-config krb5-kdc krb5-user libgssrpc4 233s libkadm5clnt-mit12 libkadm5srv-mit12 libkdb5-10 233s Suggested packages: 233s krb5-kdc-ldap krb5-kpropd krb5-k5tls krb5-doc 233s The following NEW packages will be installed: 233s autopkgtest-satdep krb5-admin-server krb5-config krb5-kdc krb5-user 233s libgssrpc4 libkadm5clnt-mit12 libkadm5srv-mit12 libkdb5-10 233s 0 upgraded, 9 newly installed, 0 to remove and 0 not upgraded. 233s Need to get 612 kB/613 kB of archives. 233s After this operation, 2067 kB of additional disk space will be used. 233s Get:1 /tmp/autopkgtest.AyAHeN/2-autopkgtest-satdep.deb autopkgtest-satdep s390x 0 [884 B] 233s Get:2 http://ftpmaster.internal/ubuntu noble/main s390x krb5-config all 2.7 [22.0 kB] 233s Get:3 http://ftpmaster.internal/ubuntu noble/main s390x libgssrpc4 s390x 1.20.1-5build1 [58.9 kB] 233s Get:4 http://ftpmaster.internal/ubuntu noble/main s390x libkadm5clnt-mit12 s390x 1.20.1-5build1 [40.5 kB] 233s Get:5 http://ftpmaster.internal/ubuntu noble/main s390x libkdb5-10 s390x 1.20.1-5build1 [41.4 kB] 233s Get:6 http://ftpmaster.internal/ubuntu noble/main s390x libkadm5srv-mit12 s390x 1.20.1-5build1 [55.2 kB] 233s Get:7 http://ftpmaster.internal/ubuntu noble/universe s390x krb5-user s390x 1.20.1-5build1 [110 kB] 233s Get:8 http://ftpmaster.internal/ubuntu noble/universe s390x krb5-kdc s390x 1.20.1-5build1 [188 kB] 233s Get:9 http://ftpmaster.internal/ubuntu noble/universe s390x krb5-admin-server s390x 1.20.1-5build1 [95.9 kB] 234s Preconfiguring packages ... 235s Fetched 612 kB in 1s (1087 kB/s) 235s Selecting previously unselected package krb5-config. 235s (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 52616 files and directories currently installed.) 235s Preparing to unpack .../0-krb5-config_2.7_all.deb ... 235s Unpacking krb5-config (2.7) ... 235s Selecting previously unselected package libgssrpc4:s390x. 235s Preparing to unpack .../1-libgssrpc4_1.20.1-5build1_s390x.deb ... 235s Unpacking libgssrpc4:s390x (1.20.1-5build1) ... 235s Selecting previously unselected package libkadm5clnt-mit12:s390x. 235s Preparing to unpack .../2-libkadm5clnt-mit12_1.20.1-5build1_s390x.deb ... 235s Unpacking libkadm5clnt-mit12:s390x (1.20.1-5build1) ... 235s Selecting previously unselected package libkdb5-10:s390x. 235s Preparing to unpack .../3-libkdb5-10_1.20.1-5build1_s390x.deb ... 235s Unpacking libkdb5-10:s390x (1.20.1-5build1) ... 235s Selecting previously unselected package libkadm5srv-mit12:s390x. 235s Preparing to unpack .../4-libkadm5srv-mit12_1.20.1-5build1_s390x.deb ... 235s Unpacking libkadm5srv-mit12:s390x (1.20.1-5build1) ... 235s Selecting previously unselected package krb5-user. 235s Preparing to unpack .../5-krb5-user_1.20.1-5build1_s390x.deb ... 235s Unpacking krb5-user (1.20.1-5build1) ... 235s Selecting previously unselected package krb5-kdc. 235s Preparing to unpack .../6-krb5-kdc_1.20.1-5build1_s390x.deb ... 235s Unpacking krb5-kdc (1.20.1-5build1) ... 235s Selecting previously unselected package krb5-admin-server. 235s Preparing to unpack .../7-krb5-admin-server_1.20.1-5build1_s390x.deb ... 235s Unpacking krb5-admin-server (1.20.1-5build1) ... 235s Selecting previously unselected package autopkgtest-satdep. 235s Preparing to unpack .../8-2-autopkgtest-satdep.deb ... 235s Unpacking autopkgtest-satdep (0) ... 235s Setting up libgssrpc4:s390x (1.20.1-5build1) ... 235s Setting up krb5-config (2.7) ... 235s Setting up libkadm5clnt-mit12:s390x (1.20.1-5build1) ... 235s Setting up libkdb5-10:s390x (1.20.1-5build1) ... 235s Setting up libkadm5srv-mit12:s390x (1.20.1-5build1) ... 235s Setting up krb5-user (1.20.1-5build1) ... 235s update-alternatives: using /usr/bin/kinit.mit to provide /usr/bin/kinit (kinit) in auto mode 235s update-alternatives: using /usr/bin/klist.mit to provide /usr/bin/klist (klist) in auto mode 235s update-alternatives: using /usr/bin/kswitch.mit to provide /usr/bin/kswitch (kswitch) in auto mode 235s update-alternatives: using /usr/bin/ksu.mit to provide /usr/bin/ksu (ksu) in auto mode 235s update-alternatives: using /usr/bin/kpasswd.mit to provide /usr/bin/kpasswd (kpasswd) in auto mode 235s update-alternatives: using /usr/bin/kdestroy.mit to provide /usr/bin/kdestroy (kdestroy) in auto mode 235s update-alternatives: using /usr/bin/kadmin.mit to provide /usr/bin/kadmin (kadmin) in auto mode 235s update-alternatives: using /usr/bin/ktutil.mit to provide /usr/bin/ktutil (ktutil) in auto mode 235s Setting up krb5-kdc (1.20.1-5build1) ... 236s Created symlink /etc/systemd/system/multi-user.target.wants/krb5-kdc.service → /usr/lib/systemd/system/krb5-kdc.service. 236s Could not execute systemctl: at /usr/bin/deb-systemd-invoke line 148. 236s Setting up krb5-admin-server (1.20.1-5build1) ... 237s Created symlink /etc/systemd/system/multi-user.target.wants/krb5-admin-server.service → /usr/lib/systemd/system/krb5-admin-server.service. 237s Setting up autopkgtest-satdep (0) ... 237s Processing triggers for man-db (2.12.0-3) ... 238s Processing triggers for libc-bin (2.39-0ubuntu2) ... 247s (Reading database ... 52709 files and directories currently installed.) 247s Removing autopkgtest-satdep (0) ... 248s autopkgtest [21:46:49]: test ldap-user-group-krb5-auth: [----------------------- 248s + . debian/tests/util 248s + . debian/tests/common-tests 248s + mydomain=example.com 248s + myhostname=ldap.example.com 248s + mysuffix=dc=example,dc=com 248s + myrealm=EXAMPLE.COM 248s + admin_dn=cn=admin,dc=example,dc=com 248s + admin_pw=secret 248s + ldap_user=testuser1 248s + ldap_user_pw=testuser1secret 248s + kerberos_principal_pw=testuser1kerberos 248s + ldap_group=ldapusers 248s + adjust_hostname ldap.example.com 248s + local myhostname=ldap.example.com 248s + echo ldap.example.com 248s + hostname ldap.example.com 248s + grep -qE ldap.example.com /etc/hosts 248s + reconfigure_slapd 248s + debconf-set-selections 248s + rm -rf /var/backups/slapd-2.6.7+dfsg-1~exp1ubuntu1 /var/backups/unknown-2.6.7+dfsg-1~exp1ubuntu1-20240321-214624.ldapdb 248s + dpkg-reconfigure -fnoninteractive -pcritical slapd 248s Backing up /etc/ldap/slapd.d in /var/backups/slapd-2.6.7+dfsg-1~exp1ubuntu1... done. 248s Moving old database directory to /var/backups: 248s - directory unknown... done. 248s Creating initial configuration... done. 248s Creating LDAP directory... done. 249s + generate_certs ldap.example.com 249s + local cn=ldap.example.com 249s + local cert=/etc/ldap/server.pem 249s + local key=/etc/ldap/server.key 249s + local cnf=/etc/ldap/openssl.cnf 249s + cat 249s + openssl req -new -x509 -nodes -out /etc/ldap/server.pem -keyout /etc/ldap/server.key -config /etc/ldap/openssl.cnf 249s ....................................................................................++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 249s ..........++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 249s ----- 249s + chmod 0640 /etc/ldap/server.key 249s + chgrp openldap /etc/ldap/server.key 249s + [ ! -f /etc/ldap/server.pem ] 249s + [ ! -f /etc/ldap/server.key ] 249s + modifying entry "cn=config" 249s 249s adding new entry "ou=People,dc=example,dc=com" 249s 249s adding new entry "ou=Group,dc=example,dc=com" 249s 249s adding new entry "uid=testuser1,ou=People,dc=example,dc=com" 249s 249s adding new entry "cn=testuser1,ou=Group,dc=example,dc=com" 249s 249s adding new entry "cn=ldapusers,ou=Group,dc=example,dc=com" 249s 249s Initializing database '/var/lib/krb5kdc/principal' for realm 'EXAMPLE.COM', 249s master key name 'K/M@EXAMPLE.COM' 249s enable_ldap_ssl 249s + cat 249s + cat+ 249s ldapmodify -H ldapi:/// -Y EXTERNAL -Q 249s + populate_ldap_rfc2307 249s + cat 249s + ldapadd -x -D cn=admin,dc=example,dc=com -w secret 249s + create_realm EXAMPLE.COM ldap.example.com 249s + local realm_name=EXAMPLE.COM 249s + local kerberos_server=ldap.example.com 249s + rm -rf /var/lib/krb5kdc/* 249s + rm -rf /etc/krb5kdc/kdc.conf 249s + rm -f /etc/krb5.keytab 249s + cat 249s + cat 249s + echo # */admin * 249s + kdb5_util create -s -P secretpassword 249s + systemctl restart krb5-kdc.service krb5-admin-server.service 249s + create_krb_principal testuser1 testuser1kerberos 249s + local principal=testuser1 249s + local password=testuser1kerberos 249s + kadmin.local -q addprinc -pw testuser1kerberos testuser1 249s No policy specified for testuser1@EXAMPLE.COM; defaulting to no policy 249s Authenticating as principal root/admin@EXAMPLE.COM with password. 249s Principal "testuser1@EXAMPLE.COM" created. 249s + configure_sssd_ldap_rfc2307_krb5_auth 249s + cat 249s + chmod 0600 /etc/sssd/sssd.conf 249s + systemctl restart sssd 249s + enable_pam_mkhomedir 249s + grep -qE ^session.*pam_mkhomedir\.so /etc/pam.d/common-session 249s Assert local user databases do not have our LDAP test data 249s + run_common_tests 249s + echo Assert local user databases do not have our LDAP test data 249s + check_local_user testuser1 249s + local local_user=testuser1 249s + grep -q ^testuser1 /etc/passwd 249s + check_local_group testuser1 249s + local local_group=testuser1 249s + grep -q ^testuser1 /etc/group 249s + check_local_group ldapusers 249s + local local_group=ldapusers 249s + grep -q ^ldapusers /etc/group 249s The LDAP user is known to the system via getent 249s + echo The LDAP user is known to the system via getent 249s + check_getent_user testuser1 249s + local getent_user=testuser1 249s + local output 249s + getent passwd testuser1 249s + output=testuser1:*:10001:10001:testuser1:/home/testuser1:/bin/bash 249s + [ -z testuser1:*:10001:10001:testuser1:/home/testuser1:/bin/bash ]The LDAP user's private group is known to the system via getent 249s 249s + echo The LDAP user's private group is known to the system via getent 249s + check_getent_group testuser1 249s + local getent_group=testuser1 249s + local output 249s + getent group testuser1 250s The LDAP group ldapusers is known to the system via getent 250s + output=testuser1:*:10001:testuser1 250s + [ -z testuser1:*:10001:testuser1 ] 250s + echo The LDAP group ldapusers is known to the system via getent 250s + check_getent_group ldapusers 250s + local getent_group=ldapusers 250s + local output 250s + getent group ldapusers 250s + output=ldapusers:*:10100:testuser1The id(1) command can resolve the group membership of the LDAP user 250s 250s + [ -z ldapusers:*:10100:testuser1 ] 250s + echo The id(1) command can resolve the group membership of the LDAP user 250s + id -Gn testuser1 250s The Kerberos principal can login on a terminal 250s + output=testuser1 ldapusers 250s + [ testuser1 ldapusers != testuser1 ldapusers ] 250s + echo The Kerberos principal can login on a terminal 250s + kdestroy 250s + /usr/bin/expect -f debian/tests/login.exp testuser1 testuser1kerberos testuser1@EXAMPLE.COM 250s spawn login 250s ldap.example.com login: testuser1 250s Password: 250s Welcome to Ubuntu Noble Numbat (development branch) (GNU/Linux 6.8.0-11-generic s390x) 250s 250s * Documentation: https://help.ubuntu.com 250s * Management: https://landscape.canonical.com 250s * Support: https://ubuntu.com/pro 250s 250s * Strictly confined Kubernetes makes edge and IoT secure. Learn how MicroK8s 250s just raised the bar for easy, resilient and secure K8s cluster deployment. 250s 250s https://ubuntu.com/engage/secure-kubernetes-at-the-edge 250s 250s The programs included with the Ubuntu system are free software; 250s the exact distribution terms for each program are described in the 250s individual files in /usr/share/doc/*/copyright. 250s 250s Ubuntu comes with ABSOLUTELY NO WARRANTY, to the extent permitted by 250s applicable law. 250s 250s Last login: Thu Mar 21 21:46:26 UTC 2024 on pts/0 250s [?2004htestuser1@ldap:~$ id -un 250s [?2004l testuser1 250s [?2004htestuser1@ldap:~$ klist 250s [?2004l Ticket cache: FILE:/tmp/krb5cc_10001_DyjIRM 250s Default principal: testuser1@EXAMPLE.COM 250s autopkgtest [21:46:51]: test ldap-user-group-krb5-auth: -----------------------] 251s autopkgtest [21:46:52]: test ldap-user-group-krb5-auth: - - - - - - - - - - results - - - - - - - - - - 251s ldap-user-group-krb5-auth PASS 251s autopkgtest [21:46:52]: test sssd-softhism2-certificates-tests.sh: preparing testbed 667s autopkgtest [21:53:48]: testbed dpkg architecture: s390x 667s autopkgtest [21:53:48]: testbed apt version: 2.7.12 667s autopkgtest [21:53:48]: @@@@@@@@@@@@@@@@@@@@ test bed setup 667s Get:1 http://ftpmaster.internal/ubuntu noble-proposed InRelease [117 kB] 668s Get:2 http://ftpmaster.internal/ubuntu noble-proposed/main Sources [496 kB] 670s Get:3 http://ftpmaster.internal/ubuntu noble-proposed/restricted Sources [6540 B] 670s Get:4 http://ftpmaster.internal/ubuntu noble-proposed/universe Sources [3801 kB] 675s Get:5 http://ftpmaster.internal/ubuntu noble-proposed/multiverse Sources [53.9 kB] 675s Get:6 http://ftpmaster.internal/ubuntu noble-proposed/main s390x Packages [663 kB] 675s Get:7 http://ftpmaster.internal/ubuntu noble-proposed/main s390x c-n-f Metadata [3032 B] 675s Get:8 http://ftpmaster.internal/ubuntu noble-proposed/restricted s390x Packages [1372 B] 675s Get:9 http://ftpmaster.internal/ubuntu noble-proposed/restricted s390x c-n-f Metadata [116 B] 675s Get:10 http://ftpmaster.internal/ubuntu noble-proposed/universe s390x Packages [3995 kB] 677s Get:11 http://ftpmaster.internal/ubuntu noble-proposed/universe s390x c-n-f Metadata [7292 B] 677s Get:12 http://ftpmaster.internal/ubuntu noble-proposed/multiverse s390x Packages [45.1 kB] 677s Get:13 http://ftpmaster.internal/ubuntu noble-proposed/multiverse s390x c-n-f Metadata [116 B] 679s Fetched 9188 kB in 11s (852 kB/s) 679s Reading package lists... 685s Reading package lists... 685s Building dependency tree... 685s Reading state information... 685s Calculating upgrade... 685s The following packages will be upgraded: 685s libselinux1 685s 1 upgraded, 0 newly installed, 0 to remove and 0 not upgraded. 685s Need to get 84.7 kB of archives. 685s After this operation, 0 B of additional disk space will be used. 685s Get:1 http://ftpmaster.internal/ubuntu noble-proposed/main s390x libselinux1 s390x 3.5-2ubuntu1 [84.7 kB] 685s Fetched 84.7 kB in 0s (244 kB/s) 685s (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 51778 files and directories currently installed.) 685s Preparing to unpack .../libselinux1_3.5-2ubuntu1_s390x.deb ... 685s Unpacking libselinux1:s390x (3.5-2ubuntu1) over (3.5-2build1) ... 685s Setting up libselinux1:s390x (3.5-2ubuntu1) ... 686s Processing triggers for libc-bin (2.39-0ubuntu2) ... 686s Reading package lists... 686s Building dependency tree... 686s Reading state information... 687s 0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded. 687s Unknown architecture, assuming PC-style ttyS0 687s sh: Attempting to set up Debian/Ubuntu apt sources automatically 687s sh: Distribution appears to be Ubuntu 688s Reading package lists... 688s Building dependency tree... 688s Reading state information... 688s eatmydata is already the newest version (131-1). 688s 0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded. 689s Reading package lists... 689s Building dependency tree... 689s Reading state information... 690s dbus is already the newest version (1.14.10-4ubuntu1). 690s 0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded. 690s Reading package lists... 690s Building dependency tree... 690s Reading state information... 690s rng-tools-debian is already the newest version (2.4). 690s 0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded. 690s Reading package lists... 690s Building dependency tree... 690s Reading state information... 691s The following packages will be REMOVED: 691s cloud-init* python3-configobj* python3-debconf* 691s 0 upgraded, 0 newly installed, 3 to remove and 0 not upgraded. 691s After this operation, 3252 kB disk space will be freed. 691s (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 51778 files and directories currently installed.) 691s Removing cloud-init (24.1.1-0ubuntu1) ... 692s Removing python3-configobj (5.0.8-3) ... 692s Removing python3-debconf (1.5.86) ... 692s Processing triggers for man-db (2.12.0-3) ... 692s (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 51389 files and directories currently installed.) 692s Purging configuration files for cloud-init (24.1.1-0ubuntu1) ... 693s dpkg: warning: while removing cloud-init, directory '/etc/cloud/cloud.cfg.d' not empty so not removed 693s Processing triggers for rsyslog (8.2312.0-3ubuntu3) ... 693s invoke-rc.d: policy-rc.d denied execution of try-restart. 694s Reading package lists... 694s Building dependency tree... 694s Reading state information... 695s linux-generic is already the newest version (6.8.0-11.11+1). 695s 0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded. 695s Get:1 http://ftpmaster.internal/ubuntu noble InRelease [255 kB] 695s Hit:2 http://ftpmaster.internal/ubuntu noble-updates InRelease 695s Hit:3 http://ftpmaster.internal/ubuntu noble-security InRelease 696s Get:4 http://ftpmaster.internal/ubuntu noble/main Sources [1372 kB] 696s Get:5 http://ftpmaster.internal/ubuntu noble/universe Sources [19.8 MB] 699s Get:6 http://ftpmaster.internal/ubuntu noble/main s390x Packages [1365 kB] 699s Get:7 http://ftpmaster.internal/ubuntu noble/universe s390x Packages [14.7 MB] 701s Get:8 http://ftpmaster.internal/ubuntu noble/multiverse s390x Packages [167 kB] 709s Fetched 37.7 MB in 12s (3105 kB/s) 710s Reading package lists... 710s Reading package lists... 711s Building dependency tree... 711s Reading state information... 711s Calculating upgrade... 711s The following packages will be upgraded: 711s debianutils python3-markupsafe 711s 2 upgraded, 0 newly installed, 0 to remove and 0 not upgraded. 711s Need to get 103 kB of archives. 711s After this operation, 15.4 kB disk space will be freed. 711s Get:1 http://ftpmaster.internal/ubuntu noble/main s390x debianutils s390x 5.17 [90.1 kB] 712s Get:2 http://ftpmaster.internal/ubuntu noble/main s390x python3-markupsafe s390x 2.1.5-1build1 [12.8 kB] 712s Fetched 103 kB in 0s (289 kB/s) 712s (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 51332 files and directories currently installed.) 712s Preparing to unpack .../debianutils_5.17_s390x.deb ... 712s Unpacking debianutils (5.17) over (5.16) ... 712s Setting up debianutils (5.17) ... 712s (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 51332 files and directories currently installed.) 712s Preparing to unpack .../python3-markupsafe_2.1.5-1build1_s390x.deb ... 712s Unpacking python3-markupsafe (2.1.5-1build1) over (2.1.5-1) ... 712s Setting up python3-markupsafe (2.1.5-1build1) ... 712s Processing triggers for man-db (2.12.0-3) ... 713s Reading package lists... 714s Building dependency tree... 714s Reading state information... 714s 0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded. 714s autopkgtest [21:54:35]: rebooting testbed after setup commands that affected boot 740s Reading package lists... 740s Building dependency tree... 740s Reading state information... 740s Starting pkgProblemResolver with broken count: 0 740s Starting 2 pkgProblemResolver with broken count: 0 740s Done 741s The following additional packages will be installed: 741s gnutls-bin libavahi-client3 libavahi-common-data libavahi-common3 741s libbasicobjects0 libc-ares2 libcollection4 libcrack2 libdhash1 741s libevent-2.1-7 libgnutls-dane0 libini-config5 libipa-hbac0 libldb2 741s libnfsidmap1 libnss-sss libpam-pwquality libpam-sss libpath-utils1 741s libpwquality-common libpwquality1 libref-array1 libsmbclient libsofthsm2 741s libsss-certmap0 libsss-idmap0 libsss-nss-idmap0 libtalloc2 libtdb1 741s libtevent0 libunbound8 libwbclient0 python3-sss samba-libs softhsm2 741s softhsm2-common sssd sssd-ad sssd-ad-common sssd-common sssd-ipa sssd-krb5 741s sssd-krb5-common sssd-ldap sssd-proxy 741s Suggested packages: 741s dns-root-data adcli libsss-sudo sssd-tools libsasl2-modules-ldap 741s Recommended packages: 741s cracklib-runtime libsasl2-modules-gssapi-mit 741s | libsasl2-modules-gssapi-heimdal ldap-utils 741s The following NEW packages will be installed: 741s autopkgtest-satdep gnutls-bin libavahi-client3 libavahi-common-data 741s libavahi-common3 libbasicobjects0 libc-ares2 libcollection4 libcrack2 741s libdhash1 libevent-2.1-7 libgnutls-dane0 libini-config5 libipa-hbac0 libldb2 741s libnfsidmap1 libnss-sss libpam-pwquality libpam-sss libpath-utils1 741s libpwquality-common libpwquality1 libref-array1 libsmbclient libsofthsm2 741s libsss-certmap0 libsss-idmap0 libsss-nss-idmap0 libtalloc2 libtdb1 741s libtevent0 libunbound8 libwbclient0 python3-sss samba-libs softhsm2 741s softhsm2-common sssd sssd-ad sssd-ad-common sssd-common sssd-ipa sssd-krb5 741s sssd-krb5-common sssd-ldap sssd-proxy 741s 0 upgraded, 46 newly installed, 0 to remove and 0 not upgraded. 741s Need to get 10.4 MB/10.4 MB of archives. 741s After this operation, 40.5 MB of additional disk space will be used. 741s Get:1 /tmp/autopkgtest.AyAHeN/3-autopkgtest-satdep.deb autopkgtest-satdep s390x 0 [748 B] 741s Get:2 http://ftpmaster.internal/ubuntu noble/main s390x libevent-2.1-7 s390x 2.1.12-stable-9 [144 kB] 741s Get:3 http://ftpmaster.internal/ubuntu noble/main s390x libunbound8 s390x 1.19.1-1ubuntu1 [453 kB] 741s Get:4 http://ftpmaster.internal/ubuntu noble/main s390x libgnutls-dane0 s390x 3.8.3-1ubuntu1 [23.6 kB] 742s Get:5 http://ftpmaster.internal/ubuntu noble/universe s390x gnutls-bin s390x 3.8.3-1ubuntu1 [284 kB] 742s Get:6 http://ftpmaster.internal/ubuntu noble/main s390x libavahi-common-data s390x 0.8-13ubuntu2 [29.5 kB] 742s Get:7 http://ftpmaster.internal/ubuntu noble/main s390x libavahi-common3 s390x 0.8-13ubuntu2 [23.8 kB] 742s Get:8 http://ftpmaster.internal/ubuntu noble/main s390x libavahi-client3 s390x 0.8-13ubuntu2 [26.7 kB] 742s Get:9 http://ftpmaster.internal/ubuntu noble/main s390x libcrack2 s390x 2.9.6-5.1 [29.6 kB] 742s Get:10 http://ftpmaster.internal/ubuntu noble/main s390x libtalloc2 s390x 2.4.2-1 [28.3 kB] 742s Get:11 http://ftpmaster.internal/ubuntu noble/main s390x libtdb1 s390x 1.4.10-1 [49.9 kB] 742s Get:12 http://ftpmaster.internal/ubuntu noble/main s390x libtevent0 s390x 0.16.1-1 [43.1 kB] 742s Get:13 http://ftpmaster.internal/ubuntu noble/main s390x libldb2 s390x 2:2.8.0+samba4.19.5+dfsg-1ubuntu1 [191 kB] 742s Get:14 http://ftpmaster.internal/ubuntu noble/main s390x libnfsidmap1 s390x 1:2.6.3-3ubuntu1 [49.0 kB] 742s Get:15 http://ftpmaster.internal/ubuntu noble/main s390x libpwquality-common all 1.4.5-3 [7658 B] 742s Get:16 http://ftpmaster.internal/ubuntu noble/main s390x libpwquality1 s390x 1.4.5-3 [14.7 kB] 742s Get:17 http://ftpmaster.internal/ubuntu noble/main s390x libpam-pwquality s390x 1.4.5-3 [11.6 kB] 742s Get:18 http://ftpmaster.internal/ubuntu noble/main s390x libwbclient0 s390x 2:4.19.5+dfsg-1ubuntu1 [70.3 kB] 742s Get:19 http://ftpmaster.internal/ubuntu noble/main s390x samba-libs s390x 2:4.19.5+dfsg-1ubuntu1 [6231 kB] 743s Get:20 http://ftpmaster.internal/ubuntu noble/universe s390x softhsm2-common s390x 2.6.1-2.2 [5808 B] 743s Get:21 http://ftpmaster.internal/ubuntu noble/universe s390x libsofthsm2 s390x 2.6.1-2.2 [265 kB] 743s Get:22 http://ftpmaster.internal/ubuntu noble/universe s390x softhsm2 s390x 2.6.1-2.2 [174 kB] 743s Get:23 http://ftpmaster.internal/ubuntu noble/main s390x python3-sss s390x 2.9.4-1ubuntu1 [46.6 kB] 743s Get:24 http://ftpmaster.internal/ubuntu noble/main s390x libsss-idmap0 s390x 2.9.4-1ubuntu1 [22.1 kB] 743s Get:25 http://ftpmaster.internal/ubuntu noble/main s390x libnss-sss s390x 2.9.4-1ubuntu1 [32.6 kB] 743s Get:26 http://ftpmaster.internal/ubuntu noble/main s390x libpam-sss s390x 2.9.4-1ubuntu1 [51.9 kB] 743s Get:27 http://ftpmaster.internal/ubuntu noble/main s390x libc-ares2 s390x 1.27.0-1 [79.2 kB] 743s Get:28 http://ftpmaster.internal/ubuntu noble/main s390x libdhash1 s390x 0.6.2-2 [8648 B] 743s Get:29 http://ftpmaster.internal/ubuntu noble/main s390x libbasicobjects0 s390x 0.6.2-2 [5476 B] 743s Get:30 http://ftpmaster.internal/ubuntu noble/main s390x libcollection4 s390x 0.6.2-2 [23.2 kB] 743s Get:31 http://ftpmaster.internal/ubuntu noble/main s390x libpath-utils1 s390x 0.6.2-2 [8994 B] 743s Get:32 http://ftpmaster.internal/ubuntu noble/main s390x libref-array1 s390x 0.6.2-2 [6880 B] 743s Get:33 http://ftpmaster.internal/ubuntu noble/main s390x libini-config5 s390x 0.6.2-2 [45.3 kB] 743s Get:34 http://ftpmaster.internal/ubuntu noble/main s390x libsss-certmap0 s390x 2.9.4-1ubuntu1 [46.7 kB] 743s Get:35 http://ftpmaster.internal/ubuntu noble/main s390x libsss-nss-idmap0 s390x 2.9.4-1ubuntu1 [31.4 kB] 743s Get:36 http://ftpmaster.internal/ubuntu noble/main s390x sssd-common s390x 2.9.4-1ubuntu1 [1125 kB] 743s Get:37 http://ftpmaster.internal/ubuntu noble/main s390x sssd-ad-common s390x 2.9.4-1ubuntu1 [74.8 kB] 743s Get:38 http://ftpmaster.internal/ubuntu noble/main s390x sssd-krb5-common s390x 2.9.4-1ubuntu1 [90.3 kB] 743s Get:39 http://ftpmaster.internal/ubuntu noble/main s390x libsmbclient s390x 2:4.19.5+dfsg-1ubuntu1 [65.1 kB] 743s Get:40 http://ftpmaster.internal/ubuntu noble/main s390x sssd-ad s390x 2.9.4-1ubuntu1 [133 kB] 743s Get:41 http://ftpmaster.internal/ubuntu noble/main s390x libipa-hbac0 s390x 2.9.4-1ubuntu1 [16.8 kB] 743s Get:42 http://ftpmaster.internal/ubuntu noble/main s390x sssd-ipa s390x 2.9.4-1ubuntu1 [215 kB] 743s Get:43 http://ftpmaster.internal/ubuntu noble/main s390x sssd-krb5 s390x 2.9.4-1ubuntu1 [14.4 kB] 743s Get:44 http://ftpmaster.internal/ubuntu noble/main s390x sssd-ldap s390x 2.9.4-1ubuntu1 [31.0 kB] 743s Get:45 http://ftpmaster.internal/ubuntu noble/main s390x sssd-proxy s390x 2.9.4-1ubuntu1 [43.9 kB] 743s Get:46 http://ftpmaster.internal/ubuntu noble/main s390x sssd s390x 2.9.4-1ubuntu1 [4120 B] 744s Fetched 10.4 MB in 2s (4568 kB/s) 744s Selecting previously unselected package libevent-2.1-7:s390x. 744s (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 51331 files and directories currently installed.) 744s Preparing to unpack .../00-libevent-2.1-7_2.1.12-stable-9_s390x.deb ... 744s Unpacking libevent-2.1-7:s390x (2.1.12-stable-9) ... 744s Selecting previously unselected package libunbound8:s390x. 744s Preparing to unpack .../01-libunbound8_1.19.1-1ubuntu1_s390x.deb ... 744s Unpacking libunbound8:s390x (1.19.1-1ubuntu1) ... 744s Selecting previously unselected package libgnutls-dane0:s390x. 744s Preparing to unpack .../02-libgnutls-dane0_3.8.3-1ubuntu1_s390x.deb ... 744s Unpacking libgnutls-dane0:s390x (3.8.3-1ubuntu1) ... 744s Selecting previously unselected package gnutls-bin. 744s Preparing to unpack .../03-gnutls-bin_3.8.3-1ubuntu1_s390x.deb ... 744s Unpacking gnutls-bin (3.8.3-1ubuntu1) ... 744s Selecting previously unselected package libavahi-common-data:s390x. 744s Preparing to unpack .../04-libavahi-common-data_0.8-13ubuntu2_s390x.deb ... 744s Unpacking libavahi-common-data:s390x (0.8-13ubuntu2) ... 744s Selecting previously unselected package libavahi-common3:s390x. 744s Preparing to unpack .../05-libavahi-common3_0.8-13ubuntu2_s390x.deb ... 744s Unpacking libavahi-common3:s390x (0.8-13ubuntu2) ... 744s Selecting previously unselected package libavahi-client3:s390x. 744s Preparing to unpack .../06-libavahi-client3_0.8-13ubuntu2_s390x.deb ... 744s Unpacking libavahi-client3:s390x (0.8-13ubuntu2) ... 744s Selecting previously unselected package libcrack2:s390x. 744s Preparing to unpack .../07-libcrack2_2.9.6-5.1_s390x.deb ... 744s Unpacking libcrack2:s390x (2.9.6-5.1) ... 744s Selecting previously unselected package libtalloc2:s390x. 744s Preparing to unpack .../08-libtalloc2_2.4.2-1_s390x.deb ... 744s Unpacking libtalloc2:s390x (2.4.2-1) ... 744s Selecting previously unselected package libtdb1:s390x. 744s Preparing to unpack .../09-libtdb1_1.4.10-1_s390x.deb ... 744s Unpacking libtdb1:s390x (1.4.10-1) ... 744s Selecting previously unselected package libtevent0:s390x. 744s Preparing to unpack .../10-libtevent0_0.16.1-1_s390x.deb ... 744s Unpacking libtevent0:s390x (0.16.1-1) ... 744s Selecting previously unselected package libldb2:s390x. 744s Preparing to unpack .../11-libldb2_2%3a2.8.0+samba4.19.5+dfsg-1ubuntu1_s390x.deb ... 744s Unpacking libldb2:s390x (2:2.8.0+samba4.19.5+dfsg-1ubuntu1) ... 744s Selecting previously unselected package libnfsidmap1:s390x. 744s Preparing to unpack .../12-libnfsidmap1_1%3a2.6.3-3ubuntu1_s390x.deb ... 744s Unpacking libnfsidmap1:s390x (1:2.6.3-3ubuntu1) ... 744s Selecting previously unselected package libpwquality-common. 744s Preparing to unpack .../13-libpwquality-common_1.4.5-3_all.deb ... 744s Unpacking libpwquality-common (1.4.5-3) ... 744s Selecting previously unselected package libpwquality1:s390x. 744s Preparing to unpack .../14-libpwquality1_1.4.5-3_s390x.deb ... 744s Unpacking libpwquality1:s390x (1.4.5-3) ... 744s Selecting previously unselected package libpam-pwquality:s390x. 744s Preparing to unpack .../15-libpam-pwquality_1.4.5-3_s390x.deb ... 744s Unpacking libpam-pwquality:s390x (1.4.5-3) ... 744s Selecting previously unselected package libwbclient0:s390x. 744s Preparing to unpack .../16-libwbclient0_2%3a4.19.5+dfsg-1ubuntu1_s390x.deb ... 744s Unpacking libwbclient0:s390x (2:4.19.5+dfsg-1ubuntu1) ... 744s Selecting previously unselected package samba-libs:s390x. 744s Preparing to unpack .../17-samba-libs_2%3a4.19.5+dfsg-1ubuntu1_s390x.deb ... 744s Unpacking samba-libs:s390x (2:4.19.5+dfsg-1ubuntu1) ... 744s Selecting previously unselected package softhsm2-common. 744s Preparing to unpack .../18-softhsm2-common_2.6.1-2.2_s390x.deb ... 744s Unpacking softhsm2-common (2.6.1-2.2) ... 744s Selecting previously unselected package libsofthsm2. 744s Preparing to unpack .../19-libsofthsm2_2.6.1-2.2_s390x.deb ... 744s Unpacking libsofthsm2 (2.6.1-2.2) ... 744s Selecting previously unselected package softhsm2. 744s Preparing to unpack .../20-softhsm2_2.6.1-2.2_s390x.deb ... 744s Unpacking softhsm2 (2.6.1-2.2) ... 744s Selecting previously unselected package python3-sss. 744s Preparing to unpack .../21-python3-sss_2.9.4-1ubuntu1_s390x.deb ... 744s Unpacking python3-sss (2.9.4-1ubuntu1) ... 744s Selecting previously unselected package libsss-idmap0. 744s Preparing to unpack .../22-libsss-idmap0_2.9.4-1ubuntu1_s390x.deb ... 744s Unpacking libsss-idmap0 (2.9.4-1ubuntu1) ... 744s Selecting previously unselected package libnss-sss:s390x. 744s Preparing to unpack .../23-libnss-sss_2.9.4-1ubuntu1_s390x.deb ... 744s Unpacking libnss-sss:s390x (2.9.4-1ubuntu1) ... 744s Selecting previously unselected package libpam-sss:s390x. 745s Preparing to unpack .../24-libpam-sss_2.9.4-1ubuntu1_s390x.deb ... 745s Unpacking libpam-sss:s390x (2.9.4-1ubuntu1) ... 745s Selecting previously unselected package libc-ares2:s390x. 745s Preparing to unpack .../25-libc-ares2_1.27.0-1_s390x.deb ... 745s Unpacking libc-ares2:s390x (1.27.0-1) ... 745s Selecting previously unselected package libdhash1:s390x. 745s Preparing to unpack .../26-libdhash1_0.6.2-2_s390x.deb ... 745s Unpacking libdhash1:s390x (0.6.2-2) ... 745s Selecting previously unselected package libbasicobjects0:s390x. 745s Preparing to unpack .../27-libbasicobjects0_0.6.2-2_s390x.deb ... 745s Unpacking libbasicobjects0:s390x (0.6.2-2) ... 745s Selecting previously unselected package libcollection4:s390x. 745s Preparing to unpack .../28-libcollection4_0.6.2-2_s390x.deb ... 745s Unpacking libcollection4:s390x (0.6.2-2) ... 745s Selecting previously unselected package libpath-utils1:s390x. 745s Preparing to unpack .../29-libpath-utils1_0.6.2-2_s390x.deb ... 745s Unpacking libpath-utils1:s390x (0.6.2-2) ... 745s Selecting previously unselected package libref-array1:s390x. 745s Preparing to unpack .../30-libref-array1_0.6.2-2_s390x.deb ... 745s Unpacking libref-array1:s390x (0.6.2-2) ... 745s Selecting previously unselected package libini-config5:s390x. 745s Preparing to unpack .../31-libini-config5_0.6.2-2_s390x.deb ... 745s Unpacking libini-config5:s390x (0.6.2-2) ... 745s Selecting previously unselected package libsss-certmap0. 745s Preparing to unpack .../32-libsss-certmap0_2.9.4-1ubuntu1_s390x.deb ... 745s Unpacking libsss-certmap0 (2.9.4-1ubuntu1) ... 745s Selecting previously unselected package libsss-nss-idmap0. 745s Preparing to unpack .../33-libsss-nss-idmap0_2.9.4-1ubuntu1_s390x.deb ... 745s Unpacking libsss-nss-idmap0 (2.9.4-1ubuntu1) ... 745s Selecting previously unselected package sssd-common. 745s Preparing to unpack .../34-sssd-common_2.9.4-1ubuntu1_s390x.deb ... 745s Unpacking sssd-common (2.9.4-1ubuntu1) ... 745s Selecting previously unselected package sssd-ad-common. 745s Preparing to unpack .../35-sssd-ad-common_2.9.4-1ubuntu1_s390x.deb ... 745s Unpacking sssd-ad-common (2.9.4-1ubuntu1) ... 745s Selecting previously unselected package sssd-krb5-common. 745s Preparing to unpack .../36-sssd-krb5-common_2.9.4-1ubuntu1_s390x.deb ... 745s Unpacking sssd-krb5-common (2.9.4-1ubuntu1) ... 745s Selecting previously unselected package libsmbclient:s390x. 745s Preparing to unpack .../37-libsmbclient_2%3a4.19.5+dfsg-1ubuntu1_s390x.deb ... 745s Unpacking libsmbclient:s390x (2:4.19.5+dfsg-1ubuntu1) ... 745s Selecting previously unselected package sssd-ad. 745s Preparing to unpack .../38-sssd-ad_2.9.4-1ubuntu1_s390x.deb ... 745s Unpacking sssd-ad (2.9.4-1ubuntu1) ... 745s Selecting previously unselected package libipa-hbac0. 745s Preparing to unpack .../39-libipa-hbac0_2.9.4-1ubuntu1_s390x.deb ... 745s Unpacking libipa-hbac0 (2.9.4-1ubuntu1) ... 745s Selecting previously unselected package sssd-ipa. 745s Preparing to unpack .../40-sssd-ipa_2.9.4-1ubuntu1_s390x.deb ... 745s Unpacking sssd-ipa (2.9.4-1ubuntu1) ... 745s Selecting previously unselected package sssd-krb5. 745s Preparing to unpack .../41-sssd-krb5_2.9.4-1ubuntu1_s390x.deb ... 745s Unpacking sssd-krb5 (2.9.4-1ubuntu1) ... 745s Selecting previously unselected package sssd-ldap. 745s Preparing to unpack .../42-sssd-ldap_2.9.4-1ubuntu1_s390x.deb ... 745s Unpacking sssd-ldap (2.9.4-1ubuntu1) ... 745s Selecting previously unselected package sssd-proxy. 745s Preparing to unpack .../43-sssd-proxy_2.9.4-1ubuntu1_s390x.deb ... 745s Unpacking sssd-proxy (2.9.4-1ubuntu1) ... 745s Selecting previously unselected package sssd. 745s Preparing to unpack .../44-sssd_2.9.4-1ubuntu1_s390x.deb ... 745s Unpacking sssd (2.9.4-1ubuntu1) ... 745s Selecting previously unselected package autopkgtest-satdep. 745s Preparing to unpack .../45-3-autopkgtest-satdep.deb ... 745s Unpacking autopkgtest-satdep (0) ... 745s Setting up libpwquality-common (1.4.5-3) ... 745s Setting up libpath-utils1:s390x (0.6.2-2) ... 745s Setting up softhsm2-common (2.6.1-2.2) ... 745s 745s Creating config file /etc/softhsm/softhsm2.conf with new version 745s Setting up libnfsidmap1:s390x (1:2.6.3-3ubuntu1) ... 745s Setting up libsss-idmap0 (2.9.4-1ubuntu1) ... 745s Setting up libbasicobjects0:s390x (0.6.2-2) ... 745s Setting up libtdb1:s390x (1.4.10-1) ... 745s Setting up libc-ares2:s390x (1.27.0-1) ... 745s Setting up libwbclient0:s390x (2:4.19.5+dfsg-1ubuntu1) ... 745s Setting up libtalloc2:s390x (2.4.2-1) ... 745s Setting up libdhash1:s390x (0.6.2-2) ... 745s Setting up libtevent0:s390x (0.16.1-1) ... 745s Setting up libavahi-common-data:s390x (0.8-13ubuntu2) ... 745s Setting up libevent-2.1-7:s390x (2.1.12-stable-9) ... 745s Setting up libcrack2:s390x (2.9.6-5.1) ... 745s Setting up libcollection4:s390x (0.6.2-2) ... 745s Setting up libipa-hbac0 (2.9.4-1ubuntu1) ... 745s Setting up libref-array1:s390x (0.6.2-2) ... 745s Setting up libldb2:s390x (2:2.8.0+samba4.19.5+dfsg-1ubuntu1) ... 745s Setting up libsss-nss-idmap0 (2.9.4-1ubuntu1) ... 745s Setting up libnss-sss:s390x (2.9.4-1ubuntu1) ... 745s Setting up libsofthsm2 (2.6.1-2.2) ... 745s Setting up softhsm2 (2.6.1-2.2) ... 745s Setting up libini-config5:s390x (0.6.2-2) ... 745s Setting up libavahi-common3:s390x (0.8-13ubuntu2) ... 745s Setting up python3-sss (2.9.4-1ubuntu1) ... 745s Setting up libsss-certmap0 (2.9.4-1ubuntu1) ... 745s Setting up libunbound8:s390x (1.19.1-1ubuntu1) ... 745s Setting up libpwquality1:s390x (1.4.5-3) ... 745s Setting up libavahi-client3:s390x (0.8-13ubuntu2) ... 745s Setting up libgnutls-dane0:s390x (3.8.3-1ubuntu1) ... 745s Setting up libpam-pwquality:s390x (1.4.5-3) ... 746s Setting up samba-libs:s390x (2:4.19.5+dfsg-1ubuntu1) ... 746s Setting up libsmbclient:s390x (2:4.19.5+dfsg-1ubuntu1) ... 746s Setting up libpam-sss:s390x (2.9.4-1ubuntu1) ... 746s Setting up gnutls-bin (3.8.3-1ubuntu1) ... 746s Setting up sssd-common (2.9.4-1ubuntu1) ... 746s Creating SSSD system user & group... 746s warn: The home directory `/var/lib/sss' already exists. Not touching this directory. 746s warn: Warning: The home directory `/var/lib/sss' does not belong to the user you are currently creating. 746s Warning: found usr.sbin.sssd in /etc/apparmor.d/force-complain, forcing complain mode 746s Warning from /etc/apparmor.d/usr.sbin.sssd (/etc/apparmor.d/usr.sbin.sssd line 63): Caching disabled for: 'usr.sbin.sssd' due to force complain 746s Created symlink /etc/systemd/system/sssd.service.wants/sssd-autofs.socket → /usr/lib/systemd/system/sssd-autofs.socket. 746s Created symlink /etc/systemd/system/sssd.service.wants/sssd-nss.socket → /usr/lib/systemd/system/sssd-nss.socket. 747s Created symlink /etc/systemd/system/sssd.service.wants/sssd-pam-priv.socket → /usr/lib/systemd/system/sssd-pam-priv.socket. 747s Created symlink /etc/systemd/system/sssd.service.wants/sssd-pam.socket → /usr/lib/systemd/system/sssd-pam.socket. 747s Created symlink /etc/systemd/system/sssd.service.wants/sssd-ssh.socket → /usr/lib/systemd/system/sssd-ssh.socket. 747s Created symlink /etc/systemd/system/sssd.service.wants/sssd-sudo.socket → /usr/lib/systemd/system/sssd-sudo.socket. 748s Created symlink /etc/systemd/system/multi-user.target.wants/sssd.service → /usr/lib/systemd/system/sssd.service. 748s sssd-autofs.service is a disabled or a static unit, not starting it. 748s sssd-nss.service is a disabled or a static unit, not starting it. 748s sssd-pam.service is a disabled or a static unit, not starting it. 748s sssd-ssh.service is a disabled or a static unit, not starting it. 748s sssd-sudo.service is a disabled or a static unit, not starting it. 748s Could not execute systemctl: at /usr/bin/deb-systemd-invoke line 148. 748s Setting up sssd-proxy (2.9.4-1ubuntu1) ... 748s Setting up sssd-ad-common (2.9.4-1ubuntu1) ... 748s Created symlink /etc/systemd/system/sssd.service.wants/sssd-pac.socket → /usr/lib/systemd/system/sssd-pac.socket. 749s sssd-pac.service is a disabled or a static unit, not starting it. 749s Could not execute systemctl: at /usr/bin/deb-systemd-invoke line 148. 749s Setting up sssd-krb5-common (2.9.4-1ubuntu1) ... 749s Setting up sssd-krb5 (2.9.4-1ubuntu1) ... 749s Setting up sssd-ldap (2.9.4-1ubuntu1) ... 749s Setting up sssd-ad (2.9.4-1ubuntu1) ... 749s Setting up sssd-ipa (2.9.4-1ubuntu1) ... 749s Setting up sssd (2.9.4-1ubuntu1) ... 749s Setting up autopkgtest-satdep (0) ... 749s Processing triggers for man-db (2.12.0-3) ... 750s Processing triggers for libc-bin (2.39-0ubuntu2) ... 754s (Reading database ... 51919 files and directories currently installed.) 754s Removing autopkgtest-satdep (0) ... 765s autopkgtest [21:55:26]: test sssd-softhism2-certificates-tests.sh: [----------------------- 765s + '[' -z ubuntu ']' 765s + required_tools=(p11tool openssl softhsm2-util) 765s + for cmd in "${required_tools[@]}" 765s + command -v p11tool 765s + for cmd in "${required_tools[@]}" 765s + command -v openssl 765s + for cmd in "${required_tools[@]}" 765s + command -v softhsm2-util 765s + PIN=053350 765s +++ find /usr/lib/softhsm/libsofthsm2.so 765s +++ head -n 1 765s ++ realpath /usr/lib/softhsm/libsofthsm2.so 765s + SOFTHSM2_MODULE=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so 765s + SSSD_P11_CHILD=/usr/libexec/sssd/p11_child 765s + TOKEN_ID=00112233445566778899FFAABBCCDDEEFF012345 765s + '[' '!' -v NO_SSSD_TESTS ']' 765s + '[' '!' -x /usr/libexec/sssd/p11_child ']' 765s + ca_db_arg=ca_db 765s ++ /usr/libexec/sssd/p11_child --help 765s + p11_child_help='Usage: p11_child [OPTION...] 765s -d, --debug-level=INT Debug level 765s --debug-timestamps=INT Add debug timestamps 765s --debug-microseconds=INT Show timestamps with microseconds 765s --dumpable=INT Allow core dumps 765s --debug-fd=INT An open file descriptor for the debug 765s logs 765s --logger=stderr|files|journald Set logger 765s --auth Run in auth mode 765s --pre Run in pre-auth mode 765s --wait_for_card Wait until card is available 765s --verification Run in verification mode 765s --pin Expect PIN on stdin 765s --keypad Expect PIN on keypad 765s --verify=STRING Tune validation 765s --ca_db=STRING CA DB to use 765s --module_name=STRING Module name for authentication 765s --token_name=STRING Token name for authentication 765s --key_id=STRING Key ID for authentication 765s --label=STRING Label for authentication 765s --certificate=STRING certificate to verify, base64 encoded 765s --uri=STRING PKCS#11 URI to restrict selection 765s --chain-id=LONG Tevent chain ID used for logging 765s purposes 765s 765s Help options: 765s -?, --help Show this help message 765s --usage Display brief usage message' 765s + echo 'Usage: p11_child [OPTION...] 765s -d, --debug-level=INT Debug level 765s + grep nssdb -qs 765s --debug-timestamps=INT Add debug timestamps 765s --debug-microseconds=INT Show timestamps with microseconds 765s --dumpable=INT Allow core dumps 765s --debug-fd=INT An open file descriptor for the debug 765s logs 765s --logger=stderr|files|journald Set logger 765s --auth Run in auth mode 765s --pre Run in pre-auth mode 765s --wait_for_card Wait until card is available 765s --verification Run in verification mode 765s --pin Expect PIN on stdin 765s --keypad Expect PIN on keypad 765s --verify=STRING Tune validation 765s --ca_db=STRING CA DB to use 765s --module_name=STRING Module name for authentication 765s --token_name=STRING Token name for authentication 765s --key_id=STRING Key ID for authentication 765s --label=STRING Label for authentication 765s --certificate=STRING certificate to verify, base64 encoded 765s --uri=STRING PKCS#11 URI to restrict selection 765s --chain-id=LONG Tevent chain ID used for logging 765s purposes 765s 765s Help options: 765s -?, --help Show this help message 765s --usage Display brief usage message' 765s + echo 'Usage: p11_child [OPTION...] 765s -d, --debug-level=INT Debug level 765s + grep -qs -- --ca_db 765s --debug-timestamps=INT Add debug timestamps 765s --debug-microseconds=INT Show timestamps with microseconds 765s --dumpable=INT Allow core dumps 765s --debug-fd=INT An open file descriptor for the debug 765s logs 765s --logger=stderr|files|journald Set logger 765s --auth Run in auth mode 765s --pre Run in pre-auth mode 765s --wait_for_card Wait until card is available 765s --verification Run in verification mode 765s --pin Expect PIN on stdin 765s --keypad Expect PIN on keypad 765s --verify=STRING Tune validation 765s --ca_db=STRING CA DB to use 765s --module_name=STRING Module name for authentication 765s --token_name=STRING Token name for authentication 765s --key_id=STRING Key ID for authentication 765s --label=STRING Label for authentication 765s --certificate=STRING certificate to verify, base64 encoded 765s --uri=STRING PKCS#11 URI to restrict selection 765s --chain-id=LONG Tevent chain ID used for logging 765s purposes 765s 765s Help options: 765s -?, --help Show this help message 765s --usage Display brief usage message' 765s + '[' '!' -e /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so ']' 765s ++ mktemp -d -t sssd-softhsm2-XXXXXX 765s + tmpdir=/tmp/sssd-softhsm2-fyAXsG 765s + keys_size=1024 765s + [[ ! -v KEEP_TEMPORARY_FILES ]] 765s + trap 'rm -rf "$tmpdir"' EXIT 765s + trap 'set +x; echo -e "\nUnexpected failure!!!"' ERR 765s + echo -n 01 765s + touch /tmp/sssd-softhsm2-fyAXsG/index.txt 765s + mkdir -p /tmp/sssd-softhsm2-fyAXsG/new_certs 765s + cat 765s + root_ca_key_pass=pass:random-root-CA-password-12196 765s + openssl genrsa -aes256 -out /tmp/sssd-softhsm2-fyAXsG/test-root-CA-key.pem -passout pass:random-root-CA-password-12196 1024 765s + openssl req -passin pass:random-root-CA-password-12196 -batch -config /tmp/sssd-softhsm2-fyAXsG/test-root-CA.config -x509 -new -nodes -key /tmp/sssd-softhsm2-fyAXsG/test-root-CA-key.pem -sha256 -days 1024 -set_serial 0 -extensions v3_ca -out /tmp/sssd-softhsm2-fyAXsG/test-root-CA.pem 765s + openssl x509 -noout -in /tmp/sssd-softhsm2-fyAXsG/test-root-CA.pem 765s + cat 765s + intermediate_ca_key_pass=pass:random-intermediate-CA-password-10755 765s + openssl genrsa -aes256 -out /tmp/sssd-softhsm2-fyAXsG/test-intermediate-CA-key.pem -passout pass:random-intermediate-CA-password-10755 1024 765s + openssl req -batch -new -nodes -passin pass:random-intermediate-CA-password-10755 -config /tmp/sssd-softhsm2-fyAXsG/test-intermediate-CA.config -key /tmp/sssd-softhsm2-fyAXsG/test-intermediate-CA-key.pem -passout pass:random-root-CA-password-12196 -sha256 -extensions v3_ca -out /tmp/sssd-softhsm2-fyAXsG/test-intermediate-CA-certificate-request.pem 765s + openssl req -text -noout -in /tmp/sssd-softhsm2-fyAXsG/test-intermediate-CA-certificate-request.pem 765s Certificate Request: 765s Data: 765s Version: 1 (0x0) 765s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate CA 765s Subject Public Key Info: 765s Public Key Algorithm: rsaEncryption 765s Public-Key: (1024 bit) 765s Modulus: 765s 00:ad:56:9e:f3:55:0c:53:8c:5b:ba:d8:f1:23:e9: 765s 22:48:05:3d:c8:86:37:d3:d8:51:41:95:cc:d1:36: 765s 96:79:4f:3c:c4:53:e3:65:0e:fe:b8:28:6d:39:86: 765s 8c:ad:44:04:21:46:58:19:4f:73:f1:b2:59:80:3c: 765s c7:a5:c2:2e:10:57:31:62:22:f8:6a:61:69:a6:25: 765s db:70:ea:b3:b0:5a:71:4c:8d:ba:79:94:58:26:bb: 765s b3:6f:9b:38:1a:da:35:f5:68:e9:1a:b5:3b:0b:d5: 765s 73:be:29:d1:68:4b:ca:e3:5a:8c:bc:08:c3:9d:41: 765s 53:79:61:3a:5e:6e:8b:e3:33 765s Exponent: 65537 (0x10001) 765s Attributes: 765s (none) 765s Requested Extensions: 765s Signature Algorithm: sha256WithRSAEncryption 765s Signature Value: 765s 18:e2:f6:5d:09:52:93:06:90:b1:4a:b5:c0:f8:36:4d:7c:96: 765s 5b:06:01:30:90:bf:b3:dd:b6:56:b8:5d:56:8b:9e:95:a1:49: 765s fb:85:0d:95:a8:fa:8e:0f:c3:b0:d3:17:1b:df:56:27:9f:e4: 765s ff:4b:11:d2:e0:cd:d9:f2:e3:1b:d5:da:10:3e:57:97:6f:a1: 765s 6d:9e:c8:23:32:23:b8:2d:0c:c1:9f:f4:cb:81:95:5b:73:df: 765s 8b:a9:28:a9:1d:e7:35:05:a8:11:d4:2f:e8:7a:6d:e9:9d:eb: 765s 7e:a6:d2:1c:9c:1e:91:8f:08:1d:7c:0c:70:02:8e:05:54:82: 765s 3c:c6 765s + openssl ca -batch -notext -config /tmp/sssd-softhsm2-fyAXsG/test-root-CA.config -passin pass:random-root-CA-password-12196 -keyfile /tmp/sssd-softhsm2-fyAXsG/test-root-CA-key.pem -in /tmp/sssd-softhsm2-fyAXsG/test-intermediate-CA-certificate-request.pem -days 365 -extensions v3_intermediate_ca -out /tmp/sssd-softhsm2-fyAXsG/test-intermediate-CA.pem 765s Using configuration from /tmp/sssd-softhsm2-fyAXsG/test-root-CA.config 765s Check that the request matches the signature 765s Signature ok 765s Certificate Details: 765s Serial Number: 1 (0x1) 765s Validity 765s Not Before: Mar 21 21:55:26 2024 GMT 765s Not After : Mar 21 21:55:26 2025 GMT 765s Subject: 765s organizationName = Test Organization 765s organizationalUnitName = Test Organization Unit 765s commonName = Test Organization Intermediate CA 765s X509v3 extensions: 765s X509v3 Subject Key Identifier: 765s 97:F3:B8:6C:25:BD:D3:59:98:5F:85:82:8B:48:C0:97:0F:6C:2F:CC 765s X509v3 Authority Key Identifier: 765s keyid:24:63:69:18:38:08:1F:9F:D2:60:2E:4D:CA:F2:60:E7:77:D4:0A:8F 765s DirName:/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root CA 765s serial:00 765s X509v3 Basic Constraints: 765s CA:TRUE 765s X509v3 Key Usage: critical 765s Digital Signature, Certificate Sign, CRL Sign 765s Certificate is to be certified until Mar 21 21:55:26 2025 GMT (365 days) 765s 765s Write out database with 1 new entries 765s Database updated 765s + openssl x509 -noout -in /tmp/sssd-softhsm2-fyAXsG/test-intermediate-CA.pem 765s + openssl verify -CAfile /tmp/sssd-softhsm2-fyAXsG/test-root-CA.pem /tmp/sssd-softhsm2-fyAXsG/test-intermediate-CA.pem 765s /tmp/sssd-softhsm2-fyAXsG/test-intermediate-CA.pem: OK 765s + cat 765s + sub_intermediate_ca_key_pass=pass:random-sub-intermediate-CA-password-4587 765s + openssl genrsa -aes256 -out /tmp/sssd-softhsm2-fyAXsG/test-sub-intermediate-CA-key.pem -passout pass:random-sub-intermediate-CA-password-4587 1024 765s + openssl req -batch -new -nodes -passin pass:random-sub-intermediate-CA-password-4587 -config /tmp/sssd-softhsm2-fyAXsG/test-sub-intermediate-CA.config -key /tmp/sssd-softhsm2-fyAXsG/test-sub-intermediate-CA-key.pem -passout pass:random-intermediate-CA-password-10755 -sha256 -extensions v3_ca -out /tmp/sssd-softhsm2-fyAXsG/test-sub-intermediate-CA-certificate-request.pem 765s + openssl req -text -noout -in /tmp/sssd-softhsm2-fyAXsG/test-sub-intermediate-CA-certificate-request.pem 765s Certificate Request: 765s Data: 765s Version: 1 (0x0) 765s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate CA 765s Subject Public Key Info: 765s Public Key Algorithm: rsaEncryption 765s Public-Key: (1024 bit) 765s Modulus: 765s 00:e9:d3:59:72:70:74:e1:ab:0b:0f:68:30:b5:89: 765s 39:40:fd:1e:01:76:40:31:a9:03:f2:f4:f3:a2:ef: 765s e2:b2:38:5b:50:9b:63:8c:ad:4b:e8:58:9f:49:13: 765s ef:ab:01:78:34:39:8d:a7:94:8a:52:9b:5c:fa:83: 765s 51:3e:87:66:38:01:35:67:fe:28:5c:00:b1:f6:37: 765s a8:5c:ba:14:82:4e:78:04:f9:6d:b9:54:5b:9d:61: 765s d3:01:ab:dd:4b:17:8d:3b:26:c8:e1:31:74:3d:33: 765s cb:6e:9b:01:f7:6b:f4:36:f0:bf:8e:48:7a:97:34: 765s 97:1a:b7:54:e8:b1:09:54:d1 765s Exponent: 65537 (0x10001) 765s Attributes: 765s (none) 765s Requested Extensions: 765s Signature Algorithm: sha256WithRSAEncryption 765s Signature Value: 765s 23:e8:07:10:0c:49:32:e5:1c:d9:a4:5c:8d:7b:6a:99:77:0f: 765s 17:f8:fe:51:8c:78:da:2c:b6:10:d5:0e:e0:06:35:74:81:58: 765s 2e:d8:70:4c:8c:0d:6b:2e:a4:91:49:96:2b:54:a9:c9:48:74: 765s e4:cd:5b:f5:23:c4:20:ec:dd:98:fa:5d:06:1d:de:6a:c1:12: 765s 1b:66:f3:20:ec:8c:72:d5:b3:fd:eb:12:0e:d6:d2:25:a5:bf: 765s 1d:6d:9a:76:62:d5:7a:3c:68:f8:e4:cd:30:bb:8a:5c:d1:f7: 765s 98:86:a7:13:b9:a1:de:d4:90:72:ea:ad:9c:66:e3:a8:ee:7b: 765s 51:28 765s + openssl ca -batch -notext -config /tmp/sssd-softhsm2-fyAXsG/test-intermediate-CA.config -passin pass:random-intermediate-CA-password-10755 -keyfile /tmp/sssd-softhsm2-fyAXsG/test-intermediate-CA-key.pem -in /tmp/sssd-softhsm2-fyAXsG/test-sub-intermediate-CA-certificate-request.pem -days 365 -extensions v3_intermediate_ca -out /tmp/sssd-softhsm2-fyAXsG/test-sub-intermediate-CA.pem 765s Using configuration from /tmp/sssd-softhsm2-fyAXsG/test-intermediate-CA.config 765s Check that the request matches the signature 765s Signature ok 765s Certificate Details: 765s Serial Number: 2 (0x2) 765s Validity 765s Not Before: Mar 21 21:55:26 2024 GMT 765s Not After : Mar 21 21:55:26 2025 GMT 765s Subject: 765s organizationName = Test Organization 765s organizationalUnitName = Test Organization Unit 765s commonName = Test Organization Sub Intermediate CA 765s X509v3 extensions: 765s X509v3 Subject Key Identifier: 765s 40:95:2D:6B:86:1B:33:36:91:35:7D:E4:07:96:29:44:DD:61:A8:62 765s X509v3 Authority Key Identifier: 765s keyid:97:F3:B8:6C:25:BD:D3:59:98:5F:85:82:8B:48:C0:97:0F:6C:2F:CC 765s DirName:/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root CA 765s serial:01 765s X509v3 Basic Constraints: 765s CA:TRUE 765s X509v3 Key Usage: critical 765s Digital Signature, Certificate Sign, CRL Sign 765s Certificate is to be certified until Mar 21 21:55:26 2025 GMT (365 days) 765s 765s Write out database with 1 new entries 765s Database updated 765s + openssl x509 -noout -in /tmp/sssd-softhsm2-fyAXsG/test-sub-intermediate-CA.pem 765s + openssl verify -partial_chain -CAfile /tmp/sssd-softhsm2-fyAXsG/test-intermediate-CA.pem /tmp/sssd-softhsm2-fyAXsG/test-sub-intermediate-CA.pem 765s /tmp/sssd-softhsm2-fyAXsG/test-sub-intermediate-CA.pem: OK 765s + expect_fail openssl verify -CAfile /tmp/sssd-softhsm2-fyAXsG/test-root-CA.pem /tmp/sssd-softhsm2-fyAXsG/test-sub-intermediate-CA.pem 765s + local cmd=openssl 765s + shift 765s + openssl verify -CAfile /tmp/sssd-softhsm2-fyAXsG/test-root-CA.pem /tmp/sssd-softhsm2-fyAXsG/test-sub-intermediate-CA.pem 765s O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate CA 765s error 20 at 0 depth lookup: unable to get local issuer certificate 765s error /tmp/sssd-softhsm2-fyAXsG/test-sub-intermediate-CA.pem: verification failed 765s + cat 765s + root_ca_trusted_cert_0001_key_pass=pass:random-root-ca-trusted-cert-0001-4662 765s + openssl genrsa -aes256 -out /tmp/sssd-softhsm2-fyAXsG/test-root-CA-trusted-certificate-0001-key.pem -passout pass:random-root-ca-trusted-cert-0001-4662 1024 765s + openssl req -new -nodes -reqexts req_exts -passin pass:random-root-ca-trusted-cert-0001-4662 -key /tmp/sssd-softhsm2-fyAXsG/test-root-CA-trusted-certificate-0001-key.pem -config /tmp/sssd-softhsm2-fyAXsG/test-root-CA-trusted-certificate-0001.config -out /tmp/sssd-softhsm2-fyAXsG/test-root-CA-trusted-certificate-0001-request.pem 765s + openssl req -text -noout -in /tmp/sssd-softhsm2-fyAXsG/test-root-CA-trusted-certificate-0001-request.pem 765s Certificate Request: 765s Data: 765s Version: 1 (0x0) 765s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root Trusted Certificate 0001 765s Subject Public Key Info: 765s Public Key Algorithm: rsaEncryption 765s Public-Key: (1024 bit) 765s Modulus: 765s 00:df:5d:53:82:34:fe:00:14:6b:23:24:d9:fa:54: 765s 3d:92:23:ae:76:ae:3c:4a:d5:e2:6a:d4:3d:67:e7: 765s cd:2e:4e:9e:0a:03:1d:94:89:58:30:40:62:4e:14: 765s 5c:5a:20:15:98:8e:4b:8f:b0:ae:4b:e5:e1:8a:15: 765s 7c:ec:88:7f:25:1a:f4:01:6b:9a:6a:f2:0b:f6:ca: 765s c9:a3:fb:ef:83:29:7a:a7:c6:00:2b:a7:72:cc:72: 765s ad:89:dd:c8:db:ae:35:bc:8c:e0:d4:81:2c:ee:73: 765s 46:68:98:ba:12:b6:65:cf:ba:b4:cb:9d:c0:90:53: 765s 9d:3e:b8:69:32:7f:9b:af:49 765s Exponent: 65537 (0x10001) 765s Attributes: 765s Requested Extensions: 765s X509v3 Basic Constraints: 765s CA:FALSE 765s Netscape Cert Type: 765s SSL Client, S/MIME 765s Netscape Comment: 765s Test Organization Root CA trusted Certificate 765s X509v3 Subject Key Identifier: 765s 1B:03:51:57:DF:42:91:F4:2B:6A:D9:5F:EC:37:F0:88:AA:A7:08:12 765s X509v3 Key Usage: critical 765s Digital Signature, Non Repudiation, Key Encipherment 765s X509v3 Extended Key Usage: 765s TLS Web Client Authentication, E-mail Protection 765s X509v3 Subject Alternative Name: 765s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 765s Signature Algorithm: sha256WithRSAEncryption 765s Signature Value: 765s 8e:f5:dc:60:a3:f8:a7:e1:89:0b:c1:97:34:ea:97:5a:2c:07: 765s d9:dc:c9:20:e3:5a:22:7c:78:6e:c9:e2:1a:d3:87:0a:48:7e: 765s cc:94:d9:df:26:0c:b3:2f:68:fd:53:1f:ac:fa:5e:da:e1:71: 765s f5:41:36:8b:e0:21:3f:d7:08:c1:16:02:b6:2a:4c:cc:50:5e: 765s 3d:b2:2f:86:15:cf:95:ef:5b:03:4c:92:22:dd:1c:20:5f:61: 765s e3:2e:ca:f7:ea:06:5b:b7:36:b3:5a:c1:fb:36:51:8e:b4:90: 765s 44:01:bc:da:0f:84:13:41:68:2f:1b:2e:64:54:24:80:60:02: 765s ec:fe 765s + openssl ca -batch -notext -config /tmp/sssd-softhsm2-fyAXsG/test-root-CA.config -passin pass:random-root-CA-password-12196 -keyfile /tmp/sssd-softhsm2-fyAXsG/test-root-CA-key.pem -in /tmp/sssd-softhsm2-fyAXsG/test-root-CA-trusted-certificate-0001-request.pem -days 365 -extensions usr_cert -out /tmp/sssd-softhsm2-fyAXsG/test-root-CA-trusted-certificate-0001.pem 765s Using configuration from /tmp/sssd-softhsm2-fyAXsG/test-root-CA.config 765s Check that the request matches the signature 765s Signature ok 765s Certificate Details: 765s Serial Number: 3 (0x3) 765s Validity 765s Not Before: Mar 21 21:55:26 2024 GMT 765s Not After : Mar 21 21:55:26 2025 GMT 765s Subject: 765s organizationName = Test Organization 765s organizationalUnitName = Test Organization Unit 765s commonName = Test Organization Root Trusted Certificate 0001 765s X509v3 extensions: 765s X509v3 Authority Key Identifier: 765s 24:63:69:18:38:08:1F:9F:D2:60:2E:4D:CA:F2:60:E7:77:D4:0A:8F 765s X509v3 Basic Constraints: 765s CA:FALSE 765s Netscape Cert Type: 765s SSL Client, S/MIME 765s Netscape Comment: 765s Test Organization Root CA trusted Certificate 765s X509v3 Subject Key Identifier: 765s 1B:03:51:57:DF:42:91:F4:2B:6A:D9:5F:EC:37:F0:88:AA:A7:08:12 765s X509v3 Key Usage: critical 765s Digital Signature, Non Repudiation, Key Encipherment 765s X509v3 Extended Key Usage: 765s TLS Web Client Authentication, E-mail Protection 765s X509v3 Subject Alternative Name: 765s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 765s Certificate is to be certified until Mar 21 21:55:26 2025 GMT (365 days) 765s 765s Write out database with 1 new entries 765s Database updated 765s + openssl x509 -noout -in /tmp/sssd-softhsm2-fyAXsG/test-root-CA-trusted-certificate-0001.pem 765s + openssl verify -CAfile /tmp/sssd-softhsm2-fyAXsG/test-root-CA.pem /tmp/sssd-softhsm2-fyAXsG/test-root-CA-trusted-certificate-0001.pem 765s /tmp/sssd-softhsm2-fyAXsG/test-root-CA-trusted-certificate-0001.pem: OK 765s + expect_fail openssl verify -CAfile /tmp/sssd-softhsm2-fyAXsG/test-intermediate-CA.pem /tmp/sssd-softhsm2-fyAXsG/test-root-CA-trusted-certificate-0001.pem 765s + local cmd=openssl 765s + shift 765s + openssl verify -CAfile /tmp/sssd-softhsm2-fyAXsG/test-intermediate-CA.pem /tmp/sssd-softhsm2-fyAXsG/test-root-CA-trusted-certificate-0001.pem 765s O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root Trusted Certificate 0001 765s error 20 at 0 depth lookup: unable to get local issuer certificate 765s error /tmp/sssd-softhsm2-fyAXsG/test-root-CA-trusted-certificate-0001.pem: verification failed 765s + cat 765s + intermediate_ca_trusted_cert_0001_key_pass=pass:random-intermediate-ca-trusted-cert-0001-23488 765s + openssl genrsa -aes256 -out /tmp/sssd-softhsm2-fyAXsG/test-intermediate-CA-trusted-certificate-0001-key.pem -passout pass:random-intermediate-ca-trusted-cert-0001-23488 1024 765s + openssl req -new -nodes -reqexts req_exts -passin pass:random-intermediate-ca-trusted-cert-0001-23488 -key /tmp/sssd-softhsm2-fyAXsG/test-intermediate-CA-trusted-certificate-0001-key.pem -config /tmp/sssd-softhsm2-fyAXsG/test-intermediate-CA-trusted-certificate-0001.config -out /tmp/sssd-softhsm2-fyAXsG/test-intermediate-CA-trusted-certificate-0001-request.pem 765s + openssl req -text -noout -in /tmp/sssd-softhsm2-fyAXsG/test-intermediate-CA-trusted-certificate-0001-request.pem 765s Certificate Request: 765s Data: 765s Version: 1 (0x0) 765s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate Trusted Certificate 0001 765s Subject Public Key Info: 765s Public Key Algorithm: rsaEncryption 765s Public-Key: (1024 bit) 765s Modulus: 765s 00:c0:c1:b4:d2:3b:b9:a3:e0:8e:e2:c2:77:85:cb: 765s a7:74:89:eb:92:b7:8c:64:6f:25:09:f9:2d:12:27: 765s ee:cb:30:47:86:a0:96:f9:0a:cd:f0:42:a8:b3:2d: 765s b8:25:26:af:99:3c:d5:f6:10:09:16:33:6c:e7:aa: 765s 22:18:25:2e:47:67:b1:66:1f:ca:22:cc:a4:14:ad: 765s b3:f8:c8:50:3f:e6:00:ba:17:fa:85:28:a1:e2:09: 765s 48:6f:cd:28:d2:36:7b:af:c6:8e:a7:b4:89:3d:1f: 765s 33:67:cd:59:dc:54:72:f9:01:ab:de:9e:ee:c5:ec: 765s 85:98:7c:bc:b6:cc:85:be:13 765s Exponent: 65537 (0x10001) 765s Attributes: 765s Requested Extensions: 765s X509v3 Basic Constraints: 765s CA:FALSE 765s Netscape Cert Type: 765s SSL Client, S/MIME 765s Netscape Comment: 765s Test Organization Intermediate CA trusted Certificate 765s X509v3 Subject Key Identifier: 765s E2:78:63:1E:E4:60:11:C6:5F:C8:12:DF:6F:EA:B2:BC:19:28:EF:02 765s X509v3 Key Usage: critical 765s Digital Signature, Non Repudiation, Key Encipherment 765s X509v3 Extended Key Usage: 765s TLS Web Client Authentication, E-mail Protection 765s X509v3 Subject Alternative Name: 765s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 765s Signature Algorithm: sha256WithRSAEncryption 765s Signature Value: 765s 5b:d3:cd:19:47:3a:b8:06:f7:58:af:b5:9b:e5:44:a6:f6:a6: 765s 24:1f:92:51:c8:d2:61:78:dc:9b:c6:27:aa:5a:bb:d5:d5:06: 765s 6a:a6:b0:3a:76:88:06:c9:6b:1a:2a:b3:a9:95:0b:04:cb:ef: 765s 82:50:a0:b6:4b:32:fa:5a:be:5d:f9:13:e7:ec:91:7a:6e:0e: 765s 78:37:b3:a6:4d:15:bf:89:5d:6f:44:e5:2d:ac:46:9d:1d:e1: 765s 3d:01:c6:69:45:fb:0a:d5:1c:c5:44:36:12:ad:12:00:0d:4d: 765s e9:dd:5e:ab:45:2d:92:55:2f:dd:5b:4c:82:f6:ef:bb:3b:5d: 765s 87:4f 765s + openssl ca -passin pass:random-intermediate-CA-password-10755 -config /tmp/sssd-softhsm2-fyAXsG/test-intermediate-CA.config -batch -notext -keyfile /tmp/sssd-softhsm2-fyAXsG/test-intermediate-CA-key.pem -in /tmp/sssd-softhsm2-fyAXsG/test-intermediate-CA-trusted-certificate-0001-request.pem -days 365 -extensions usr_cert -out /tmp/sssd-softhsm2-fyAXsG/test-intermediate-CA-trusted-certificate-0001.pem 765s Using configuration from /tmp/sssd-softhsm2-fyAXsG/test-intermediate-CA.config 765s Check that the request matches the signature 765s Signature ok 765s Certificate Details: 765s Serial Number: 4 (0x4) 765s Validity 765s Not Before: Mar 21 21:55:26 2024 GMT 765s Not After : Mar 21 21:55:26 2025 GMT 765s Subject: 765s organizationName = Test Organization 765s organizationalUnitName = Test Organization Unit 765s commonName = Test Organization Intermediate Trusted Certificate 0001 765s X509v3 extensions: 765s X509v3 Authority Key Identifier: 765s 97:F3:B8:6C:25:BD:D3:59:98:5F:85:82:8B:48:C0:97:0F:6C:2F:CC 765s X509v3 Basic Constraints: 765s CA:FALSE 765s Netscape Cert Type: 765s SSL Client, S/MIME 765s Netscape Comment: 765s Test Organization Intermediate CA trusted Certificate 765s X509v3 Subject Key Identifier: 765s E2:78:63:1E:E4:60:11:C6:5F:C8:12:DF:6F:EA:B2:BC:19:28:EF:02 765s X509v3 Key Usage: critical 765s Digital Signature, Non Repudiation, Key Encipherment 765s X509v3 Extended Key Usage: 765s TLS Web Client Authentication, E-mail Protection 765s X509v3 Subject Alternative Name: 765s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 765s Certificate is to be certified until Mar 21 21:55:26 2025 GMT (365 days) 765s 765s Write out database with 1 new entries 765s Database updated 765s + openssl x509 -noout -in /tmp/sssd-softhsm2-fyAXsG/test-intermediate-CA-trusted-certificate-0001.pem 765s This certificate should not be trusted fully 765s + echo 'This certificate should not be trusted fully' 765s + expect_fail openssl verify -CAfile /tmp/sssd-softhsm2-fyAXsG/test-intermediate-CA.pem /tmp/sssd-softhsm2-fyAXsG/test-intermediate-CA-trusted-certificate-0001.pem 765s + local cmd=openssl 765s + shift 765s + openssl verify -CAfile /tmp/sssd-softhsm2-fyAXsG/test-intermediate-CA.pem /tmp/sssd-softhsm2-fyAXsG/test-intermediate-CA-trusted-certificate-0001.pem 765s O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate CA 765s error 2 at 1 depth lookup: unable to get issuer certificate 765s error /tmp/sssd-softhsm2-fyAXsG/test-intermediate-CA-trusted-certificate-0001.pem: verification failed 765s + openssl verify -partial_chain -CAfile /tmp/sssd-softhsm2-fyAXsG/test-intermediate-CA.pem /tmp/sssd-softhsm2-fyAXsG/test-intermediate-CA-trusted-certificate-0001.pem 765s /tmp/sssd-softhsm2-fyAXsG/test-intermediate-CA-trusted-certificate-0001.pem: OK 765s + cat 765s + sub_intermediate_ca_trusted_cert_0001_key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-8967 765s + openssl genrsa -aes256 -out /tmp/sssd-softhsm2-fyAXsG/test-sub-intermediate-CA-trusted-certificate-0001-key.pem -passout pass:random-sub-intermediate-ca-trusted-cert-0001-8967 1024 766s + openssl req -new -nodes -reqexts req_exts -passin pass:random-sub-intermediate-ca-trusted-cert-0001-8967 -key /tmp/sssd-softhsm2-fyAXsG/test-sub-intermediate-CA-trusted-certificate-0001-key.pem -config /tmp/sssd-softhsm2-fyAXsG/test-sub-intermediate-CA-trusted-certificate-0001.config -out /tmp/sssd-softhsm2-fyAXsG/test-sub-intermediate-CA-trusted-certificate-0001-request.pem 766s + openssl req -text -noout -in /tmp/sssd-softhsm2-fyAXsG/test-sub-intermediate-CA-trusted-certificate-0001-request.pem 766s Certificate Request: 766s Data: 766s Version: 1 (0x0) 766s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate Trusted Certificate 0001 766s Subject Public Key Info: 766s Public Key Algorithm: rsaEncryption 766s Public-Key: (1024 bit) 766s Modulus: 766s 00:a7:47:cd:58:91:23:f2:02:42:b2:cd:c4:0e:f5: 766s 35:08:f1:4c:40:fb:a4:7f:e1:8b:56:f6:69:f0:ae: 766s bf:26:1e:05:89:6f:7f:64:86:e8:e0:fa:3b:85:87: 766s 6a:17:4e:42:08:93:05:3f:fd:a0:49:2c:51:57:f1: 766s f7:65:a7:c4:3e:e1:95:b6:c5:7c:79:bc:5b:74:9a: 766s f0:c9:b7:79:87:88:b5:b8:6f:68:d9:9d:69:75:99: 766s 80:ca:3c:dd:38:6f:da:6f:d6:9a:1b:dd:22:16:da: 766s 73:aa:70:49:6a:d1:8c:2e:37:1a:c9:f3:e3:b9:e2: 766s 02:b9:d0:20:80:67:52:de:b3 766s Exponent: 65537 (0x10001) 766s Attributes: 766s Requested Extensions: 766s X509v3 Basic Constraints: 766s CA:FALSE 766s Netscape Cert Type: 766s SSL Client, S/MIME 766s Netscape Comment: 766s Test Organization Sub Intermediate CA trusted Certificate 766s X509v3 Subject Key Identifier: 766s A1:D5:E8:69:F3:42:B7:0A:20:26:10:15:A3:30:26:95:B1:24:66:AE 766s X509v3 Key Usage: critical 766s Digital Signature, Non Repudiation, Key Encipherment 766s X509v3 Extended Key Usage: 766s TLS Web Client Authentication, E-mail Protection 766s X509v3 Subject Alternative Name: 766s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 766s Signature Algorithm: sha256WithRSAEncryption 766s Signature Value: 766s 6a:41:4e:2c:69:5e:ea:10:3d:88:c1:d9:6f:a5:8c:77:1f:33: 766s a9:5f:b9:11:42:28:9e:90:8f:64:a6:14:1c:10:f8:9d:97:da: 766s 8e:34:11:d3:e8:3b:67:3e:c2:ee:2d:8e:85:33:76:39:55:91: 766s 77:2a:9b:85:38:c8:5b:c3:6f:22:fd:f2:39:0d:8a:f6:a0:02: 766s 93:ab:9f:b4:8f:1d:a3:12:bb:bb:4e:a6:ce:68:c4:b1:e6:66: 766s fd:c2:9b:61:ec:3d:a8:d3:c2:d6:3c:1c:3b:76:30:83:30:7d: 766s ec:d6:15:f3:97:dd:08:79:b4:98:2b:12:7b:ea:80:88:36:2e: 766s f9:f3 766s + openssl ca -passin pass:random-sub-intermediate-CA-password-4587 -config /tmp/sssd-softhsm2-fyAXsG/test-sub-intermediate-CA.config -batch -notext -keyfile /tmp/sssd-softhsm2-fyAXsG/test-sub-intermediate-CA-key.pem -in /tmp/sssd-softhsm2-fyAXsG/test-sub-intermediate-CA-trusted-certificate-0001-request.pem -days 365 -extensions usr_cert -out /tmp/sssd-softhsm2-fyAXsG/test-sub-intermediate-CA-trusted-certificate-0001.pem 766s Using configuration from /tmp/sssd-softhsm2-fyAXsG/test-sub-intermediate-CA.config 766s Check that the request matches the signature 766s Signature ok 766s Certificate Details: 766s Serial Number: 5 (0x5) 766s Validity 766s Not Before: Mar 21 21:55:27 2024 GMT 766s Not After : Mar 21 21:55:27 2025 GMT 766s Subject: 766s organizationName = Test Organization 766s organizationalUnitName = Test Organization Unit 766s commonName = Test Organization Sub Intermediate Trusted Certificate 0001 766s X509v3 extensions: 766s X509v3 Authority Key Identifier: 766s 40:95:2D:6B:86:1B:33:36:91:35:7D:E4:07:96:29:44:DD:61:A8:62 766s X509v3 Basic Constraints: 766s CA:FALSE 766s Netscape Cert Type: 766s SSL Client, S/MIME 766s Netscape Comment: 766s Test Organization Sub Intermediate CA trusted Certificate 766s X509v3 Subject Key Identifier: 766s A1:D5:E8:69:F3:42:B7:0A:20:26:10:15:A3:30:26:95:B1:24:66:AE 766s X509v3 Key Usage: critical 766s Digital Signature, Non Repudiation, Key Encipherment 766s X509v3 Extended Key Usage: 766s TLS Web Client Authentication, E-mail Protection 766s X509v3 Subject Alternative Name: 766s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 766s Certificate is to be certified until Mar 21 21:55:27 2025 GMT (365 days) 766s 766s Write out database with 1 new entries 766s Database updated 766s + openssl x509 -noout -in /tmp/sssd-softhsm2-fyAXsG/test-sub-intermediate-CA-trusted-certificate-0001.pem 766s This certificate should not be trusted fully 766s + echo 'This certificate should not be trusted fully' 766s + expect_fail openssl verify -CAfile /tmp/sssd-softhsm2-fyAXsG/test-sub-intermediate-CA.pem /tmp/sssd-softhsm2-fyAXsG/test-sub-intermediate-CA-trusted-certificate-0001.pem 766s + local cmd=openssl 766s + shift 766s + openssl verify -CAfile /tmp/sssd-softhsm2-fyAXsG/test-sub-intermediate-CA.pem /tmp/sssd-softhsm2-fyAXsG/test-sub-intermediate-CA-trusted-certificate-0001.pem 766s O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate CA 766s error 2 at 1 depth lookup: unable to get issuer certificate 766s error /tmp/sssd-softhsm2-fyAXsG/test-sub-intermediate-CA-trusted-certificate-0001.pem: verification failed 766s + expect_fail openssl verify -CAfile /tmp/sssd-softhsm2-fyAXsG/test-intermediate-CA.pem /tmp/sssd-softhsm2-fyAXsG/test-sub-intermediate-CA-trusted-certificate-0001.pem 766s + local cmd=openssl 766s + shift 766s + openssl verify -CAfile /tmp/sssd-softhsm2-fyAXsG/test-intermediate-CA.pem /tmp/sssd-softhsm2-fyAXsG/test-sub-intermediate-CA-trusted-certificate-0001.pem 766s O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate Trusted Certificate 0001/tmp/sssd-softhsm2-fyAXsG/test-sub-intermediate-CA-trusted-certificate-0001.pem: OK 766s 766s error 20 at 0 depth lookup: unable to get local issuer certificate 766s error /tmp/sssd-softhsm2-fyAXsG/test-sub-intermediate-CA-trusted-certificate-0001.pem: verification failed 766s + openssl verify -partial_chain -CAfile /tmp/sssd-softhsm2-fyAXsG/test-sub-intermediate-CA.pem /tmp/sssd-softhsm2-fyAXsG/test-sub-intermediate-CA-trusted-certificate-0001.pem 766s + expect_fail openssl verify -partial_chain -CAfile /tmp/sssd-softhsm2-fyAXsG/test-intermediate-CA.pem /tmp/sssd-softhsm2-fyAXsG/test-sub-intermediate-CA-trusted-certificate-0001.pem 766s + local cmd=openssl 766s + shift 766s + openssl verify -partial_chain -CAfile /tmp/sssd-softhsm2-fyAXsG/test-intermediate-CA.pem /tmp/sssd-softhsm2-fyAXsG/test-sub-intermediate-CA-trusted-certificate-0001.pem 766s O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate Trusted CertificBuilding a the full-chain CA file... 766s subject=O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root CA 766s issuer=O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root CA 766s 766s subject=O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate CA 766s issuer=O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root CA 766s 766s subject=O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate CA 766s issuer=O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate CA 766s 766s /tmp/sssd-softhsm2-fyAXsG/test-intermediate-CA.pem: OK 766s /tmp/sssd-softhsm2-fyAXsG/test-root-CA-trusted-certificate-0001.pem: OK 766s /tmp/sssd-softhsm2-fyAXsG/test-intermediate-CA-trusted-certificate-0001.pem: OK 766s /tmp/sssd-softhsm2-fyAXsG/test-root-intermediate-chain-CA.pem: OK 766s /tmp/sssd-softhsm2-fyAXsG/test-sub-intermediate-CA-trusted-certificate-0001.pem: OK 766s Certificates generation completed! 766s ate 0001 766s error 20 at 0 depth lookup: unable to get local issuer certificate 766s error /tmp/sssd-softhsm2-fyAXsG/test-sub-intermediate-CA-trusted-certificate-0001.pem: verification failed 766s + echo 'Building a the full-chain CA file...' 766s + cat /tmp/sssd-softhsm2-fyAXsG/test-root-CA.pem /tmp/sssd-softhsm2-fyAXsG/test-intermediate-CA.pem /tmp/sssd-softhsm2-fyAXsG/test-sub-intermediate-CA.pem 766s + cat /tmp/sssd-softhsm2-fyAXsG/test-root-CA.pem /tmp/sssd-softhsm2-fyAXsG/test-intermediate-CA.pem 766s + cat /tmp/sssd-softhsm2-fyAXsG/test-intermediate-CA.pem /tmp/sssd-softhsm2-fyAXsG/test-sub-intermediate-CA.pem 766s + openssl crl2pkcs7 -nocrl -certfile /tmp/sssd-softhsm2-fyAXsG/test-full-chain-CA.pem 766s + openssl pkcs7 -print_certs -noout 766s + openssl verify -CAfile /tmp/sssd-softhsm2-fyAXsG/test-full-chain-CA.pem /tmp/sssd-softhsm2-fyAXsG/test-intermediate-CA.pem 766s + openssl verify -CAfile /tmp/sssd-softhsm2-fyAXsG/test-full-chain-CA.pem /tmp/sssd-softhsm2-fyAXsG/test-root-CA-trusted-certificate-0001.pem 766s + openssl verify -CAfile /tmp/sssd-softhsm2-fyAXsG/test-full-chain-CA.pem /tmp/sssd-softhsm2-fyAXsG/test-intermediate-CA-trusted-certificate-0001.pem 766s + openssl verify -CAfile /tmp/sssd-softhsm2-fyAXsG/test-full-chain-CA.pem /tmp/sssd-softhsm2-fyAXsG/test-root-intermediate-chain-CA.pem 766s + openssl verify -CAfile /tmp/sssd-softhsm2-fyAXsG/test-full-chain-CA.pem /tmp/sssd-softhsm2-fyAXsG/test-sub-intermediate-CA-trusted-certificate-0001.pem 766s + echo 'Certificates generation completed!' 766s + [[ -v NO_SSSD_TESTS ]] 766s + invalid_certificate /tmp/sssd-softhsm2-fyAXsG/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-4662 /dev/null 766s + check_certificate /tmp/sssd-softhsm2-fyAXsG/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-4662 /dev/null 766s + local certificate=/tmp/sssd-softhsm2-fyAXsG/test-root-CA-trusted-certificate-0001.pem 766s + local key_pass=pass:random-root-ca-trusted-cert-0001-4662 766s + local key_ring=/dev/null 766s + local verify_option= 766s + prepare_softhsm2_card /tmp/sssd-softhsm2-fyAXsG/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-4662 766s + local certificate=/tmp/sssd-softhsm2-fyAXsG/test-root-CA-trusted-certificate-0001.pem 766s + local key_pass=pass:random-root-ca-trusted-cert-0001-4662 766s + local key_cn 766s + local key_name 766s + local tokens_dir 766s + local output_cert_file 766s + token_name= 766s ++ basename /tmp/sssd-softhsm2-fyAXsG/test-root-CA-trusted-certificate-0001.pem .pem 766s + key_name=test-root-CA-trusted-certificate-0001 766s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-fyAXsG/test-root-CA-trusted-certificate-0001.pem 766s ++ sed -n 's/ *commonName *= //p' 766s + key_cn='Test Organization Root Trusted Certificate 0001' 766s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 766s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-fyAXsG/softhsm2-test-root-CA-trusted-certificate-0001.conf 766s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-fyAXsG/softhsm2-test-root-CA-trusted-certificate-0001.conf 766s ++ basename /tmp/sssd-softhsm2-fyAXsG/softhsm2-test-root-CA-trusted-certificate-0001.conf .conf 766s + tokens_dir=/tmp/sssd-softhsm2-fyAXsG/softhsm2-test-root-CA-trusted-certificate-0001 766s + token_name='Test Organization Root Tr Token' 766s + '[' '!' -e /tmp/sssd-softhsm2-fyAXsG/softhsm2-test-root-CA-trusted-certificate-0001.conf ']' 766s + local key_file 766s + local decrypted_key 766s + mkdir -p /tmp/sssd-softhsm2-fyAXsG/softhsm2-test-root-CA-trusted-certificate-0001 766s + key_file=/tmp/sssd-softhsm2-fyAXsG/test-root-CA-trusted-certificate-0001-key.pem 766s + decrypted_key=/tmp/sssd-softhsm2-fyAXsG/test-root-CA-trusted-certificate-0001-key-decrypted.pem 766s + cat 766s + softhsm2-util --init-token --label 'Test Organization Root Tr Token' --pin 053350 --so-pin 053350 --free 766s Slot 0 has a free/uninitialized token. 766s The token has been initialized and is reassigned to slot 876492179 766s + softhsm2-util --show-slots 766s Available slots: 766s Slot 876492179 766s Slot info: 766s Description: SoftHSM slot ID 0x343e3593 766s Manufacturer ID: SoftHSM project 766s Hardware version: 2.6 766s Firmware version: 2.6 766s Token present: yes 766s Token info: 766s Manufacturer ID: SoftHSM project 766s Model: SoftHSM v2 766s Hardware version: 2.6 766s Firmware version: 2.6 766s Serial number: 094ae40ab43e3593 766s Initialized: yes 766s User PIN init.: yes 766s Label: Test Organization Root Tr Token 766s Slot 1 766s Slot info: 766s Description: SoftHSM slot ID 0x1 766s Manufacturer ID: SoftHSM project 766s Hardware version: 2.6 766s Firmware version: 2.6 766s Token present: yes 766s Token info: 766s Manufacturer ID: SoftHSM project 766s Model: SoftHSM v2 766s Hardware version: 2.6 766s Firmware version: 2.6 766s Serial number: 766s Initialized: no 766s User PIN init.: no 766s Label: 766s + p11tool --provider=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so --write --no-mark-private --load-certificate=/tmp/sssd-softhsm2-fyAXsG/test-root-CA-trusted-certificate-0001.pem --login --set-pin=053350 --label 'Test Organization Root Trusted Certificate 0001' --id 00112233445566778899FFAABBCCDDEEFF012345 766s + openssl rsa -passin pass:random-root-ca-trusted-cert-0001-4662 -in /tmp/sssd-softhsm2-fyAXsG/test-root-CA-trusted-certificate-0001-key.pem -out /tmp/sssd-softhsm2-fyAXsG/test-root-CA-trusted-certificate-0001-key-decrypted.pem 766s writing RSA key 766s + p11tool --provider=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so --write --load-privkey=/tmp/sssd-softhsm2-fyAXsG/test-root-CA-trusted-certificate-0001-key-decrypted.pem --login --set-pin=053350 --label 'Test Organization Root Trusted Certificate 0001 Key' --id 00112233445566778899FFAABBCCDDEEFF012345 766s + rm /tmp/sssd-softhsm2-fyAXsG/test-root-CA-trusted-certificate-0001-key-decrypted.pem 766s + p11tool --provider=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so --list-all 766s Object 0: 766s URL: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=094ae40ab43e3593;token=Test%20Organization%20Root%20Tr%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Root%20Trusted%20Certificate%200001;type=cert 766s Type: X.509 Certificate (RSA-1024) 766s Expires: Fri Mar 21 21:55:26 2025 766s Label: Test Organization Root Trusted Certificate 0001 766s ID: 00:11:22:33:44:55:66:77:88:99:ff:aa:bb:cc:dd:ee:ff:01:23:45 766s 766s Test Organization Root Tr Token 766s + echo 'Test Organization Root Tr Token' 766s + '[' -n '' ']' 766s + local output_base_name=SSSD-child-3565 766s + local output_file=/tmp/sssd-softhsm2-fyAXsG/SSSD-child-3565.output 766s + output_cert_file=/tmp/sssd-softhsm2-fyAXsG/SSSD-child-3565.pem 766s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so '' --ca_db=/dev/null 766s [p11_child[2182]] [main] (0x0400): p11_child started. 766s [p11_child[2182]] [main] (0x2000): Running in [pre-auth] mode. 766s [p11_child[2182]] [main] (0x2000): Running with effective IDs: [0][0]. 766s [p11_child[2182]] [main] (0x2000): Running with real IDs [0][0]. 766s [p11_child[2182]] [init_verification] (0x0040): X509_LOOKUP_load_file [/dev/null] failed [92274824][error:05800088:x509 certificate routines::no certificate or crl found]. 766s [p11_child[2182]] [do_work] (0x0040): init_verification failed. 766s [p11_child[2182]] [main] (0x0020): p11_child failed (5) 766s + return 2 766s + valid_certificate /tmp/sssd-softhsm2-fyAXsG/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-4662 /dev/null no_verification 766s + check_certificate /tmp/sssd-softhsm2-fyAXsG/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-4662 /dev/null no_verification 766s + local certificate=/tmp/sssd-softhsm2-fyAXsG/test-root-CA-trusted-certificate-0001.pem 766s + local key_pass=pass:random-root-ca-trusted-cert-0001-4662 766s + local key_ring=/dev/null 766s + local verify_option=no_verification 766s + prepare_softhsm2_card /tmp/sssd-softhsm2-fyAXsG/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-4662 766s + local certificate=/tmp/sssd-softhsm2-fyAXsG/test-root-CA-trusted-certificate-0001.pem 766s + local key_pass=pass:random-root-ca-trusted-cert-0001-4662 766s + local key_cn 766s + local key_name 766s + local tokens_dir 766s + local output_cert_file 766s + token_name= 766s ++ basename /tmp/sssd-softhsm2-fyAXsG/test-root-CA-trusted-certificate-0001.pem .pem 766s + key_name=test-root-CA-trusted-certificate-0001 766s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-fyAXsG/test-root-CA-trusted-certificate-0001.pem 766s ++ sed -n 's/ *commonName *= //p' 766s + key_cn='Test Organization Root Trusted Certificate 0001' 766s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 766s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-fyAXsG/softhsm2-test-root-CA-trusted-certificate-0001.conf 766s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-fyAXsG/softhsm2-test-root-CA-trusted-certificate-0001.conf 766s ++ basename /tmp/sssd-softhsm2-fyAXsG/softhsm2-test-root-CA-trusted-certificate-0001.conf .conf 766s + tokens_dir=/tmp/sssd-softhsm2-fyAXsG/softhsm2-test-root-CA-trusted-certificate-0001 766s + token_name='Test Organization Root Tr Token' 766s + '[' '!' -e /tmp/sssd-softhsm2-fyAXsG/softhsm2-test-root-CA-trusted-certificate-0001.conf ']' 766s + '[' '!' -d /tmp/sssd-softhsm2-fyAXsG/softhsm2-test-root-CA-trusted-certificate-0001 ']' 766s + echo 'Test Organization Root Tr Token' 766s Test Organization Root Tr Token 766s + '[' -n no_verification ']' 766s + local verify_arg=--verify=no_verification 766s + local output_base_name=SSSD-child-4856 766s + local output_file=/tmp/sssd-softhsm2-fyAXsG/SSSD-child-4856.output 766s + output_cert_file=/tmp/sssd-softhsm2-fyAXsG/SSSD-child-4856.pem 766s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so --verify=no_verification --ca_db=/dev/null 766s [p11_child[2188]] [main] (0x0400): p11_child started. 766s [p11_child[2188]] [main] (0x2000): Running in [pre-auth] mode. 766s [p11_child[2188]] [main] (0x2000): Running with effective IDs: [0][0]. 766s [p11_child[2188]] [main] (0x2000): Running with real IDs [0][0]. 766s [p11_child[2188]] [parse_cert_verify_opts] (0x0020): Found 'no_verification' option, disabling verification completely. This should not be used in production. 766s [p11_child[2188]] [do_card] (0x4000): Module List: 766s [p11_child[2188]] [do_card] (0x4000): common name: [softhsm2]. 766s [p11_child[2188]] [do_card] (0x4000): dll name: [/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 766s [p11_child[2188]] [do_card] (0x4000): Description [SoftHSM slot ID 0x343e3593] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 766s [p11_child[2188]] [do_card] (0x4000): Token label [Test Organization Root Tr Token]. 766s [p11_child[2188]] [do_card] (0x4000): Found [Test Organization Root Tr Token] in slot [SoftHSM slot ID 0x343e3593][876492179] of module [0][/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 766s [p11_child[2188]] [do_card] (0x4000): Login NOT required. 766s [p11_child[2188]] [read_certs] (0x4000): found cert[Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] 766s [p11_child[2188]] [do_card] (0x4000): /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so (null) Test Organization Root Tr Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 766s [p11_child[2188]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x343e3593;slot-manufacturer=SoftHSM%20project;slot-id=876492179;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=094ae40ab43e3593;token=Test%20Organization%20Root%20Tr%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Root%20Trusted%20Certificate%200001;type=cert. 766s [p11_child[2188]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 766s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-fyAXsG/SSSD-child-4856.output 766s + echo '-----BEGIN CERTIFICATE-----' 766s + tail -n1 /tmp/sssd-softhsm2-fyAXsG/SSSD-child-4856.output 766s + echo '-----END CERTIFICATE-----' 766s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-fyAXsG/SSSD-child-4856.pem 766s Certificate: 766s Data: 766s Version: 3 (0x2) 766s Serial Number: 3 (0x3) 766s Signature Algorithm: sha256WithRSAEncryption 766s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root CA 766s Validity 766s Not Before: Mar 21 21:55:26 2024 GMT 766s Not After : Mar 21 21:55:26 2025 GMT 766s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root Trusted Certificate 0001 766s Subject Public Key Info: 766s Public Key Algorithm: rsaEncryption 766s Public-Key: (1024 bit) 766s Modulus: 766s 00:df:5d:53:82:34:fe:00:14:6b:23:24:d9:fa:54: 766s 3d:92:23:ae:76:ae:3c:4a:d5:e2:6a:d4:3d:67:e7: 766s cd:2e:4e:9e:0a:03:1d:94:89:58:30:40:62:4e:14: 766s 5c:5a:20:15:98:8e:4b:8f:b0:ae:4b:e5:e1:8a:15: 766s 7c:ec:88:7f:25:1a:f4:01:6b:9a:6a:f2:0b:f6:ca: 766s c9:a3:fb:ef:83:29:7a:a7:c6:00:2b:a7:72:cc:72: 766s ad:89:dd:c8:db:ae:35:bc:8c:e0:d4:81:2c:ee:73: 766s 46:68:98:ba:12:b6:65:cf:ba:b4:cb:9d:c0:90:53: 766s 9d:3e:b8:69:32:7f:9b:af:49 766s Exponent: 65537 (0x10001) 766s X509v3 extensions: 766s X509v3 Authority Key Identifier: 766s 24:63:69:18:38:08:1F:9F:D2:60:2E:4D:CA:F2:60:E7:77:D4:0A:8F 766s X509v3 Basic Constraints: 766s CA:FALSE 766s Netscape Cert Type: 766s SSL Client, S/MIME 766s Netscape Comment: 766s Test Organization Root CA trusted Certificate 766s X509v3 Subject Key Identifier: 766s 1B:03:51:57:DF:42:91:F4:2B:6A:D9:5F:EC:37:F0:88:AA:A7:08:12 766s X509v3 Key Usage: critical 766s Digital Signature, Non Repudiation, Key Encipherment 766s X509v3 Extended Key Usage: 766s TLS Web Client Authentication, E-mail Protection 766s X509v3 Subject Alternative Name: 766s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 766s Signature Algorithm: sha256WithRSAEncryption 766s Signature Value: 766s 52:04:8b:fe:06:ae:11:d8:4e:40:6e:84:8a:95:0c:f5:79:f7: 766s 54:50:89:59:30:e2:6d:5a:c5:79:8c:f3:58:16:7b:c1:b8:95: 766s 7e:da:23:42:da:55:1c:9f:97:9a:bd:8f:e8:09:d3:8e:b5:5f: 766s 69:4d:e4:89:98:28:92:a7:92:32:47:4a:8c:91:23:4a:18:e8: 766s 30:a8:dd:d8:22:9b:ea:6c:43:b1:b5:77:c4:e4:24:62:2d:6d: 766s 6c:b0:97:42:0f:10:84:d6:a7:81:31:80:63:a5:91:be:02:f6: 766s fc:5e:e1:ae:03:9b:43:ed:b2:c4:26:af:17:a9:8c:e3:74:77: 766s 90:fb 766s + local found_md5 expected_md5 766s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-fyAXsG/test-root-CA-trusted-certificate-0001.pem 766s + expected_md5=Modulus=DF5D538234FE00146B2324D9FA543D9223AE76AE3C4AD5E26AD43D67E7CD2E4E9E0A031D9489583040624E145C5A2015988E4B8FB0AE4BE5E18A157CEC887F251AF4016B9A6AF20BF6CAC9A3FBEF83297AA7C6002BA772CC72AD89DDC8DBAE35BC8CE0D4812CEE73466898BA12B665CFBAB4CB9DC090539D3EB869327F9BAF49 766s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-fyAXsG/SSSD-child-4856.pem 766s + found_md5=Modulus=DF5D538234FE00146B2324D9FA543D9223AE76AE3C4AD5E26AD43D67E7CD2E4E9E0A031D9489583040624E145C5A2015988E4B8FB0AE4BE5E18A157CEC887F251AF4016B9A6AF20BF6CAC9A3FBEF83297AA7C6002BA772CC72AD89DDC8DBAE35BC8CE0D4812CEE73466898BA12B665CFBAB4CB9DC090539D3EB869327F9BAF49 766s + '[' Modulus=DF5D538234FE00146B2324D9FA543D9223AE76AE3C4AD5E26AD43D67E7CD2E4E9E0A031D9489583040624E145C5A2015988E4B8FB0AE4BE5E18A157CEC887F251AF4016B9A6AF20BF6CAC9A3FBEF83297AA7C6002BA772CC72AD89DDC8DBAE35BC8CE0D4812CEE73466898BA12B665CFBAB4CB9DC090539D3EB869327F9BAF49 '!=' Modulus=DF5D538234FE00146B2324D9FA543D9223AE76AE3C4AD5E26AD43D67E7CD2E4E9E0A031D9489583040624E145C5A2015988E4B8FB0AE4BE5E18A157CEC887F251AF4016B9A6AF20BF6CAC9A3FBEF83297AA7C6002BA772CC72AD89DDC8DBAE35BC8CE0D4812CEE73466898BA12B665CFBAB4CB9DC090539D3EB869327F9BAF49 ']' 766s + output_file=/tmp/sssd-softhsm2-fyAXsG/SSSD-child-4856-auth.output 766s ++ basename /tmp/sssd-softhsm2-fyAXsG/SSSD-child-4856-auth.output .output 766s + output_cert_file=/tmp/sssd-softhsm2-fyAXsG/SSSD-child-4856-auth.pem 766s + echo -n 053350 766s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/dev/null --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 --verify=no_verification --token_name 'Test Organization Root Tr Token' --module_name /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so 766s [p11_child[2196]] [main] (0x0400): p11_child started. 766s [p11_child[2196]] [main] (0x2000): Running in [auth] mode. 766s [p11_child[2196]] [main] (0x2000): Running with effective IDs: [0][0]. 766s [p11_child[2196]] [main] (0x2000): Running with real IDs [0][0]. 766s [p11_child[2196]] [parse_cert_verify_opts] (0x0020): Found 'no_verification' option, disabling verification completely. This should not be used in production. 766s [p11_child[2196]] [do_card] (0x4000): Module List: 766s [p11_child[2196]] [do_card] (0x4000): common name: [softhsm2]. 766s [p11_child[2196]] [do_card] (0x4000): dll name: [/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 766s [p11_child[2196]] [do_card] (0x4000): Description [SoftHSM slot ID 0x343e3593] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 766s [p11_child[2196]] [do_card] (0x4000): Token label [Test Organization Root Tr Token]. 766s [p11_child[2196]] [do_card] (0x4000): Found [Test Organization Root Tr Token] in slot [SoftHSM slot ID 0x343e3593][876492179] of module [0][/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 766s [p11_child[2196]] [do_card] (0x4000): Login required. 766s [p11_child[2196]] [read_certs] (0x4000): found cert[Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] 766s [p11_child[2196]] [do_card] (0x4000): /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so Test Organization Root Tr Token Test Organization Root Tr Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 766s [p11_child[2196]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x343e3593;slot-manufacturer=SoftHSM%20project;slot-id=876492179;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=094ae40ab43e3593;token=Test%20Organization%20Root%20Tr%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Root%20Trusted%20Certificate%200001;type=cert. 766s [p11_child[2196]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 766s [p11_child[2196]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 766s [p11_child[2196]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 766s [p11_child[2196]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 766s [p11_child[2196]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 766s [p11_child[2196]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 766s [p11_child[2196]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 766s [p11_child[2196]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 766s [p11_child[2196]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 766s [p11_child[2196]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 766s [p11_child[2196]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 766s [p11_child[2196]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 766s [p11_child[2196]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 766s [p11_child[2196]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 766s [p11_child[2196]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 766s [p11_child[2196]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 766s [p11_child[2196]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 766s [p11_child[2196]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 766s [p11_child[2196]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 766s [p11_child[2196]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 766s [p11_child[2196]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 766s [p11_child[2196]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 766s [p11_child[2196]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 766s [p11_child[2196]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 766s [p11_child[2196]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 766s [p11_child[2196]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 766s [p11_child[2196]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 766s [p11_child[2196]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 766s [p11_child[2196]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 766s [p11_child[2196]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 766s [p11_child[2196]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 766s [p11_child[2196]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 766s [p11_child[2196]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 766s [p11_child[2196]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 766s [p11_child[2196]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 766s [p11_child[2196]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 766s [p11_child[2196]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 766s [p11_child[2196]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 766s [p11_child[2196]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 766s [p11_child[2196]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 766s [p11_child[2196]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 766s [p11_child[2196]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 766s [p11_child[2196]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 766s [p11_child[2196]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 766s [p11_child[2196]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 766s [p11_child[2196]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 766s [p11_child[2196]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 766s [p11_child[2196]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 766s [p11_child[2196]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 766s [p11_child[2196]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 766s [p11_child[2196]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 766s [p11_child[2196]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 766s [p11_child[2196]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 766s [p11_child[2196]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 766s [p11_child[2196]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 766s [p11_child[2196]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 766s [p11_child[2196]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 766s [p11_child[2196]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 766s [p11_child[2196]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 766s [p11_child[2196]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 766s [p11_child[2196]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 766s [p11_child[2196]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 766s [p11_child[2196]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 766s [p11_child[2196]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 766s [p11_child[2196]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 766s [p11_child[2196]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 766s [p11_child[2196]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 766s [p11_child[2196]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 766s [p11_child[2196]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 766s [p11_child[2196]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 766s [p11_child[2196]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 766s [p11_child[2196]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 766s [p11_child[2196]] [do_card] (0x4000): Certificate verified and validated. 766s [p11_child[2196]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 766s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-fyAXsG/SSSD-child-4856-auth.output 766s + echo '-----BEGIN CERTIFICATE-----' 766s + tail -n1 /tmp/sssd-softhsm2-fyAXsG/SSSD-child-4856-auth.output 766s + echo '-----END CERTIFICATE-----' 766s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-fyAXsG/SSSD-child-4856-auth.pem 766s Certificate: 766s Data: 766s Version: 3 (0x2) 766s Serial Number: 3 (0x3) 766s Signature Algorithm: sha256WithRSAEncryption 766s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root CA 766s Validity 766s Not Before: Mar 21 21:55:26 2024 GMT 766s Not After : Mar 21 21:55:26 2025 GMT 766s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root Trusted Certificate 0001 766s Subject Public Key Info: 766s Public Key Algorithm: rsaEncryption 766s Public-Key: (1024 bit) 766s Modulus: 766s 00:df:5d:53:82:34:fe:00:14:6b:23:24:d9:fa:54: 766s 3d:92:23:ae:76:ae:3c:4a:d5:e2:6a:d4:3d:67:e7: 766s cd:2e:4e:9e:0a:03:1d:94:89:58:30:40:62:4e:14: 766s 5c:5a:20:15:98:8e:4b:8f:b0:ae:4b:e5:e1:8a:15: 766s 7c:ec:88:7f:25:1a:f4:01:6b:9a:6a:f2:0b:f6:ca: 766s c9:a3:fb:ef:83:29:7a:a7:c6:00:2b:a7:72:cc:72: 766s ad:89:dd:c8:db:ae:35:bc:8c:e0:d4:81:2c:ee:73: 766s 46:68:98:ba:12:b6:65:cf:ba:b4:cb:9d:c0:90:53: 766s 9d:3e:b8:69:32:7f:9b:af:49 766s Exponent: 65537 (0x10001) 766s X509v3 extensions: 766s X509v3 Authority Key Identifier: 766s 24:63:69:18:38:08:1F:9F:D2:60:2E:4D:CA:F2:60:E7:77:D4:0A:8F 766s X509v3 Basic Constraints: 766s CA:FALSE 766s Netscape Cert Type: 766s SSL Client, S/MIME 766s Netscape Comment: 766s Test Organization Root CA trusted Certificate 766s X509v3 Subject Key Identifier: 766s 1B:03:51:57:DF:42:91:F4:2B:6A:D9:5F:EC:37:F0:88:AA:A7:08:12 766s X509v3 Key Usage: critical 766s Digital Signature, Non Repudiation, Key Encipherment 766s X509v3 Extended Key Usage: 766s TLS Web Client Authentication, E-mail Protection 766s X509v3 Subject Alternative Name: 766s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 766s Signature Algorithm: sha256WithRSAEncryption 766s Signature Value: 766s 52:04:8b:fe:06:ae:11:d8:4e:40:6e:84:8a:95:0c:f5:79:f7: 766s 54:50:89:59:30:e2:6d:5a:c5:79:8c:f3:58:16:7b:c1:b8:95: 766s 7e:da:23:42:da:55:1c:9f:97:9a:bd:8f:e8:09:d3:8e:b5:5f: 766s 69:4d:e4:89:98:28:92:a7:92:32:47:4a:8c:91:23:4a:18:e8: 766s 30:a8:dd:d8:22:9b:ea:6c:43:b1:b5:77:c4:e4:24:62:2d:6d: 766s 6c:b0:97:42:0f:10:84:d6:a7:81:31:80:63:a5:91:be:02:f6: 766s fc:5e:e1:ae:03:9b:43:ed:b2:c4:26:af:17:a9:8c:e3:74:77: 766s 90:fb 766s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-fyAXsG/SSSD-child-4856-auth.pem 766s + found_md5=Modulus=DF5D538234FE00146B2324D9FA543D9223AE76AE3C4AD5E26AD43D67E7CD2E4E9E0A031D9489583040624E145C5A2015988E4B8FB0AE4BE5E18A157CEC887F251AF4016B9A6AF20BF6CAC9A3FBEF83297AA7C6002BA772CC72AD89DDC8DBAE35BC8CE0D4812CEE73466898BA12B665CFBAB4CB9DC090539D3EB869327F9BAF49 766s + '[' Modulus=DF5D538234FE00146B2324D9FA543D9223AE76AE3C4AD5E26AD43D67E7CD2E4E9E0A031D9489583040624E145C5A2015988E4B8FB0AE4BE5E18A157CEC887F251AF4016B9A6AF20BF6CAC9A3FBEF83297AA7C6002BA772CC72AD89DDC8DBAE35BC8CE0D4812CEE73466898BA12B665CFBAB4CB9DC090539D3EB869327F9BAF49 '!=' Modulus=DF5D538234FE00146B2324D9FA543D9223AE76AE3C4AD5E26AD43D67E7CD2E4E9E0A031D9489583040624E145C5A2015988E4B8FB0AE4BE5E18A157CEC887F251AF4016B9A6AF20BF6CAC9A3FBEF83297AA7C6002BA772CC72AD89DDC8DBAE35BC8CE0D4812CEE73466898BA12B665CFBAB4CB9DC090539D3EB869327F9BAF49 ']' 766s + valid_certificate /tmp/sssd-softhsm2-fyAXsG/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-4662 /tmp/sssd-softhsm2-fyAXsG/test-root-CA.pem 766s + check_certificate /tmp/sssd-softhsm2-fyAXsG/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-4662 /tmp/sssd-softhsm2-fyAXsG/test-root-CA.pem 766s + local certificate=/tmp/sssd-softhsm2-fyAXsG/test-root-CA-trusted-certificate-0001.pem 766s + local key_pass=pass:random-root-ca-trusted-cert-0001-4662 766s + local key_ring=/tmp/sssd-softhsm2-fyAXsG/test-root-CA.pem 766s + local verify_option= 766s + prepare_softhsm2_card /tmp/sssd-softhsm2-fyAXsG/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-4662 766s + local certificate=/tmp/sssd-softhsm2-fyAXsG/test-root-CA-trusted-certificate-0001.pem 766s + local key_pass=pass:random-root-ca-trusted-cert-0001-4662 766s + local key_cn 766s + local key_name 766s + local tokens_dir 766s + local output_cert_file 766s + token_name= 766s ++ basename /tmp/sssd-softhsm2-fyAXsG/test-root-CA-trusted-certificate-0001.pem .pem 766s + key_name=test-root-CA-trusted-certificate-0001 766s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-fyAXsG/test-root-CA-trusted-certificate-0001.pem 766s ++ sed -n 's/ *commonName *= //p' 766s + key_cn='Test Organization Root Trusted Certificate 0001' 766s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 766s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-fyAXsG/softhsm2-test-root-CA-trusted-certificate-0001.conf 766s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-fyAXsG/softhsm2-test-root-CA-trusted-certificate-0001.conf 766s ++ basename /tmp/sssd-softhsm2-fyAXsG/softhsm2-test-root-CA-trusted-certificate-0001.conf .conf 766s Test Organization Root Tr Token 766s + tokens_dir=/tmp/sssd-softhsm2-fyAXsG/softhsm2-test-root-CA-trusted-certificate-0001 766s + token_name='Test Organization Root Tr Token' 766s + '[' '!' -e /tmp/sssd-softhsm2-fyAXsG/softhsm2-test-root-CA-trusted-certificate-0001.conf ']' 766s + '[' '!' -d /tmp/sssd-softhsm2-fyAXsG/softhsm2-test-root-CA-trusted-certificate-0001 ']' 766s + echo 'Test Organization Root Tr Token' 766s + '[' -n '' ']' 766s + local output_base_name=SSSD-child-12293 766s + local output_file=/tmp/sssd-softhsm2-fyAXsG/SSSD-child-12293.output 766s + output_cert_file=/tmp/sssd-softhsm2-fyAXsG/SSSD-child-12293.pem 766s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so '' --ca_db=/tmp/sssd-softhsm2-fyAXsG/test-root-CA.pem 766s [p11_child[2206]] [main] (0x0400): p11_child started. 766s [p11_child[2206]] [main] (0x2000): Running in [pre-auth] mode. 766s [p11_child[2206]] [main] (0x2000): Running with effective IDs: [0][0]. 766s [p11_child[2206]] [main] (0x2000): Running with real IDs [0][0]. 766s [p11_child[2206]] [do_card] (0x4000): Module List: 766s [p11_child[2206]] [do_card] (0x4000): common name: [softhsm2]. 766s [p11_child[2206]] [do_card] (0x4000): dll name: [/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 766s [p11_child[2206]] [do_card] (0x4000): Description [SoftHSM slot ID 0x343e3593] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 766s [p11_child[2206]] [do_card] (0x4000): Token label [Test Organization Root Tr Token]. 766s [p11_child[2206]] [do_card] (0x4000): Found [Test Organization Root Tr Token] in slot [SoftHSM slot ID 0x343e3593][876492179] of module [0][/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 766s [p11_child[2206]] [do_card] (0x4000): Login NOT required. 766s [p11_child[2206]] [read_certs] (0x4000): found cert[Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] 766s [p11_child[2206]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 766s [p11_child[2206]] [do_card] (0x4000): /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so (null) Test Organization Root Tr Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 766s [p11_child[2206]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x343e3593;slot-manufacturer=SoftHSM%20project;slot-id=876492179;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=094ae40ab43e3593;token=Test%20Organization%20Root%20Tr%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Root%20Trusted%20Certificate%200001;type=cert. 766s [p11_child[2206]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 766s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-fyAXsG/SSSD-child-12293.output 766s + echo '-----BEGIN CERTIFICATE-----' 766s + tail -n1 /tmp/sssd-softhsm2-fyAXsG/SSSD-child-12293.output 766s + echo '-----END CERTIFICATE-----' 766s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-fyAXsG/SSSD-child-12293.pem 766s Certificate: 766s Data: 766s Version: 3 (0x2) 766s Serial Number: 3 (0x3) 766s Signature Algorithm: sha256WithRSAEncryption 766s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root CA 766s Validity 766s Not Before: Mar 21 21:55:26 2024 GMT 766s Not After : Mar 21 21:55:26 2025 GMT 766s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root Trusted Certificate 0001 766s Subject Public Key Info: 766s Public Key Algorithm: rsaEncryption 766s Public-Key: (1024 bit) 766s Modulus: 766s 00:df:5d:53:82:34:fe:00:14:6b:23:24:d9:fa:54: 766s 3d:92:23:ae:76:ae:3c:4a:d5:e2:6a:d4:3d:67:e7: 766s cd:2e:4e:9e:0a:03:1d:94:89:58:30:40:62:4e:14: 766s 5c:5a:20:15:98:8e:4b:8f:b0:ae:4b:e5:e1:8a:15: 766s 7c:ec:88:7f:25:1a:f4:01:6b:9a:6a:f2:0b:f6:ca: 766s c9:a3:fb:ef:83:29:7a:a7:c6:00:2b:a7:72:cc:72: 766s ad:89:dd:c8:db:ae:35:bc:8c:e0:d4:81:2c:ee:73: 766s 46:68:98:ba:12:b6:65:cf:ba:b4:cb:9d:c0:90:53: 766s 9d:3e:b8:69:32:7f:9b:af:49 766s Exponent: 65537 (0x10001) 766s X509v3 extensions: 766s X509v3 Authority Key Identifier: 766s 24:63:69:18:38:08:1F:9F:D2:60:2E:4D:CA:F2:60:E7:77:D4:0A:8F 766s X509v3 Basic Constraints: 766s CA:FALSE 766s Netscape Cert Type: 766s SSL Client, S/MIME 766s Netscape Comment: 766s Test Organization Root CA trusted Certificate 766s X509v3 Subject Key Identifier: 766s 1B:03:51:57:DF:42:91:F4:2B:6A:D9:5F:EC:37:F0:88:AA:A7:08:12 766s X509v3 Key Usage: critical 766s Digital Signature, Non Repudiation, Key Encipherment 766s X509v3 Extended Key Usage: 766s TLS Web Client Authentication, E-mail Protection 766s X509v3 Subject Alternative Name: 766s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 766s Signature Algorithm: sha256WithRSAEncryption 766s Signature Value: 766s 52:04:8b:fe:06:ae:11:d8:4e:40:6e:84:8a:95:0c:f5:79:f7: 766s 54:50:89:59:30:e2:6d:5a:c5:79:8c:f3:58:16:7b:c1:b8:95: 766s 7e:da:23:42:da:55:1c:9f:97:9a:bd:8f:e8:09:d3:8e:b5:5f: 766s 69:4d:e4:89:98:28:92:a7:92:32:47:4a:8c:91:23:4a:18:e8: 766s 30:a8:dd:d8:22:9b:ea:6c:43:b1:b5:77:c4:e4:24:62:2d:6d: 766s 6c:b0:97:42:0f:10:84:d6:a7:81:31:80:63:a5:91:be:02:f6: 766s fc:5e:e1:ae:03:9b:43:ed:b2:c4:26:af:17:a9:8c:e3:74:77: 766s 90:fb 766s + local found_md5 expected_md5 766s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-fyAXsG/test-root-CA-trusted-certificate-0001.pem 766s + expected_md5=Modulus=DF5D538234FE00146B2324D9FA543D9223AE76AE3C4AD5E26AD43D67E7CD2E4E9E0A031D9489583040624E145C5A2015988E4B8FB0AE4BE5E18A157CEC887F251AF4016B9A6AF20BF6CAC9A3FBEF83297AA7C6002BA772CC72AD89DDC8DBAE35BC8CE0D4812CEE73466898BA12B665CFBAB4CB9DC090539D3EB869327F9BAF49 766s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-fyAXsG/SSSD-child-12293.pem 766s + found_md5=Modulus=DF5D538234FE00146B2324D9FA543D9223AE76AE3C4AD5E26AD43D67E7CD2E4E9E0A031D9489583040624E145C5A2015988E4B8FB0AE4BE5E18A157CEC887F251AF4016B9A6AF20BF6CAC9A3FBEF83297AA7C6002BA772CC72AD89DDC8DBAE35BC8CE0D4812CEE73466898BA12B665CFBAB4CB9DC090539D3EB869327F9BAF49 766s + '[' Modulus=DF5D538234FE00146B2324D9FA543D9223AE76AE3C4AD5E26AD43D67E7CD2E4E9E0A031D9489583040624E145C5A2015988E4B8FB0AE4BE5E18A157CEC887F251AF4016B9A6AF20BF6CAC9A3FBEF83297AA7C6002BA772CC72AD89DDC8DBAE35BC8CE0D4812CEE73466898BA12B665CFBAB4CB9DC090539D3EB869327F9BAF49 '!=' Modulus=DF5D538234FE00146B2324D9FA543D9223AE76AE3C4AD5E26AD43D67E7CD2E4E9E0A031D9489583040624E145C5A2015988E4B8FB0AE4BE5E18A157CEC887F251AF4016B9A6AF20BF6CAC9A3FBEF83297AA7C6002BA772CC72AD89DDC8DBAE35BC8CE0D4812CEE73466898BA12B665CFBAB4CB9DC090539D3EB869327F9BAF49 ']' 766s + output_file=/tmp/sssd-softhsm2-fyAXsG/SSSD-child-12293-auth.output 766s ++ basename /tmp/sssd-softhsm2-fyAXsG/SSSD-child-12293-auth.output .output 766s + output_cert_file=/tmp/sssd-softhsm2-fyAXsG/SSSD-child-12293-auth.pem 766s + echo -n 053350 766s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/tmp/sssd-softhsm2-fyAXsG/test-root-CA.pem --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 '' --token_name 'Test Organization Root Tr Token' --module_name /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so 766s [p11_child[2214]] [main] (0x0400): p11_child started. 766s [p11_child[2214]] [main] (0x2000): Running in [auth] mode. 766s [p11_child[2214]] [main] (0x2000): Running with effective IDs: [0][0]. 766s [p11_child[2214]] [main] (0x2000): Running with real IDs [0][0]. 766s [p11_child[2214]] [do_card] (0x4000): Module List: 766s [p11_child[2214]] [do_card] (0x4000): common name: [softhsm2]. 766s [p11_child[2214]] [do_card] (0x4000): dll name: [/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 766s [p11_child[2214]] [do_card] (0x4000): Description [SoftHSM slot ID 0x343e3593] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 766s [p11_child[2214]] [do_card] (0x4000): Token label [Test Organization Root Tr Token]. 766s [p11_child[2214]] [do_card] (0x4000): Found [Test Organization Root Tr Token] in slot [SoftHSM slot ID 0x343e3593][876492179] of module [0][/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 766s [p11_child[2214]] [do_card] (0x4000): Login required. 766s [p11_child[2214]] [read_certs] (0x4000): found cert[Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] 766s [p11_child[2214]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 766s [p11_child[2214]] [do_card] (0x4000): /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so Test Organization Root Tr Token Test Organization Root Tr Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 766s [p11_child[2214]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x343e3593;slot-manufacturer=SoftHSM%20project;slot-id=876492179;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=094ae40ab43e3593;token=Test%20Organization%20Root%20Tr%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Root%20Trusted%20Certificate%200001;type=cert. 766s [p11_child[2214]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 766s [p11_child[2214]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 766s [p11_child[2214]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 766s [p11_child[2214]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 766s [p11_child[2214]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 766s [p11_child[2214]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 766s [p11_child[2214]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 766s [p11_child[2214]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 766s [p11_child[2214]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 766s [p11_child[2214]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 766s [p11_child[2214]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 766s [p11_child[2214]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 766s [p11_child[2214]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 766s [p11_child[2214]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 766s [p11_child[2214]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 766s [p11_child[2214]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 766s [p11_child[2214]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 766s [p11_child[2214]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 766s [p11_child[2214]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 766s [p11_child[2214]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 766s [p11_child[2214]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 766s [p11_child[2214]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 766s [p11_child[2214]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 766s [p11_child[2214]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 766s [p11_child[2214]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 766s [p11_child[2214]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 766s [p11_child[2214]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 766s [p11_child[2214]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 766s [p11_child[2214]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 766s [p11_child[2214]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 766s [p11_child[2214]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 766s [p11_child[2214]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 766s [p11_child[2214]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 766s [p11_child[2214]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 766s [p11_child[2214]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 766s [p11_child[2214]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 766s [p11_child[2214]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 766s [p11_child[2214]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 766s [p11_child[2214]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 766s [p11_child[2214]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 766s [p11_child[2214]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 766s [p11_child[2214]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 766s [p11_child[2214]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 766s [p11_child[2214]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 766s [p11_child[2214]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 766s [p11_child[2214]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 766s [p11_child[2214]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 766s [p11_child[2214]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 766s [p11_child[2214]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 766s [p11_child[2214]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 766s [p11_child[2214]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 766s Certificate: 766s Data: 766s Version: 3 (0x2) 766s Serial Number: 3 (0x3) 766s Signature Algorithm: sha256WithRSAEncryption 766s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root CA 766s Validity 766s Not Before: Mar 21 21:55:26 2024 GMT 766s Not After : Mar 21 21:55:26 2025 GMT 766s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root Trusted Certificate 0001 766s Subject Public Key Info: 766s Public Key Algorithm: rsaEncryption 766s Public-Key: (1024 bit) 766s Modulus: 766s 00:df:5d:53:82:34:fe:00:14:6b:23:24:d9:fa:54: 766s 3d:92:23:ae:76:ae:3c:4a:d5:e2:6a:d4:3d:67:e7: 766s cd:2e:4e:9e:0a:03:1d:94:89:58:30:40:62:4e:14: 766s 5c:5a:20:15:98:8e:4b:8f:b0:ae:4b:e5:e1:8a:15: 766s 7c:ec:88:7f:25:1a:f4:01:6b:9a:6a:f2:0b:f6:ca: 766s c9:a3:fb:ef:83:29:7a:a7:c6:00:2b:a7:72:cc:72: 766s ad:89:dd:c8:db:ae:35:bc:8c:e0:d4:81:2c:ee:73: 766s 46:68:98:ba:12:b6:65:cf:ba:b4:cb:9d:c0:90:53: 766s 9d:3e:b8:69:32:7f:9b:af:49 766s Exponent: 65537 (0x10001) 766s X509v3 extensions: 766s X509v3 Authority Key Identifier: 766s 24:63:69:18:38:08:1F:9F:D2:60:2E:4D:CA:F2:60:E7:77:D4:0A:8F 766s X509v3 Basic Constraints: 766s CA:FALSE 766s Netscape Cert Type: 766s SSL Client, S/MIME 766s Netscape Comment: 766s Test Organization Root CA trusted Certificate 766s X509v3 Subject Key Identifier: 766s 1B:03:51:57:DF:42:91:F4:2B:6A:D9:5F:EC:37:F0:88:AA:A7:08:12 766s X509v3 Key Usage: critical 766s Digital Signature, Non Repudiation, Key Encipherment 766s X509v3 Extended Key Usage: 766s TLS Web Client Authentication, E-mail Protection 766s X509v3 Subject Alternative Name: 766s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 766s Signature Algorithm: sha256WithRSAEncryption 766s Signature Value: 766s 52:04:8b:fe:06:ae:11:d8:4e:40:6e:84:8a:95:0c:f5:79:f7: 766s 54:50:89:59:30:e2:6d:5a:c5:79:8c:f3:58:16:7b:c1:b8:95: 766s 7e:da:23:42:da:55:1c:9f:97:9a:bd:8f:e8:09:d3:8e:b5:5f: 766s 69:4d:e4:89:98:28:92:a7:92:32:47:4a:8c:91:23:4a:18:e8: 766s 30:a8:dd:d8:22:9b:ea:6c:43:b1:b5:77:c4:e4:24:62:2d:6d: 766s 6c:b0:97:42:0f:10:84:d6:a7:81:31:80:63:a5:91:be:02:f6: 766s fc:5e:e1:ae:03:9b:43:ed:b2:c4:26:af:17:a9:8c:e3:74:77: 766s 90:fb 766s [p11_child[2214]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 766s [p11_child[2214]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 766s [p11_child[2214]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 766s [p11_child[2214]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 766s [p11_child[2214]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 766s [p11_child[2214]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 766s [p11_child[2214]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 766s [p11_child[2214]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 766s [p11_child[2214]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 766s [p11_child[2214]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 766s [p11_child[2214]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 766s [p11_child[2214]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 766s [p11_child[2214]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 766s [p11_child[2214]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 766s [p11_child[2214]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 766s [p11_child[2214]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 766s [p11_child[2214]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 766s [p11_child[2214]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 766s [p11_child[2214]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 766s [p11_child[2214]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 766s [p11_child[2214]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 766s [p11_child[2214]] [do_card] (0x4000): Certificate verified and validated. 766s [p11_child[2214]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 766s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-fyAXsG/SSSD-child-12293-auth.output 766s + echo '-----BEGIN CERTIFICATE-----' 766s + tail -n1 /tmp/sssd-softhsm2-fyAXsG/SSSD-child-12293-auth.output 766s + echo '-----END CERTIFICATE-----' 766s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-fyAXsG/SSSD-child-12293-auth.pem 766s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-fyAXsG/SSSD-child-12293-auth.pem 766s + found_md5=Modulus=DF5D538234FE00146B2324D9FA543D9223AE76AE3C4AD5E26AD43D67E7CD2E4E9E0A031D9489583040624E145C5A2015988E4B8FB0AE4BE5E18A157CEC887F251AF4016B9A6AF20BF6CAC9A3FBEF83297AA7C6002BA772CC72AD89DDC8DBAE35BC8CE0D4812CEE73466898BA12B665CFBAB4CB9DC090539D3EB869327F9BAF49 766s + '[' Modulus=DF5D538234FE00146B2324D9FA543D9223AE76AE3C4AD5E26AD43D67E7CD2E4E9E0A031D9489583040624E145C5A2015988E4B8FB0AE4BE5E18A157CEC887F251AF4016B9A6AF20BF6CAC9A3FBEF83297AA7C6002BA772CC72AD89DDC8DBAE35BC8CE0D4812CEE73466898BA12B665CFBAB4CB9DC090539D3EB869327F9BAF49 '!=' Modulus=DF5D538234FE00146B2324D9FA543D9223AE76AE3C4AD5E26AD43D67E7CD2E4E9E0A031D9489583040624E145C5A2015988E4B8FB0AE4BE5E18A157CEC887F251AF4016B9A6AF20BF6CAC9A3FBEF83297AA7C6002BA772CC72AD89DDC8DBAE35BC8CE0D4812CEE73466898BA12B665CFBAB4CB9DC090539D3EB869327F9BAF49 ']' 766s + valid_certificate /tmp/sssd-softhsm2-fyAXsG/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-4662 /tmp/sssd-softhsm2-fyAXsG/test-root-CA.pem partial_chain 766s + check_certificate /tmp/sssd-softhsm2-fyAXsG/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-4662 /tmp/sssd-softhsm2-fyAXsG/test-root-CA.pem partial_chain 766s + local certificate=/tmp/sssd-softhsm2-fyAXsG/test-root-CA-trusted-certificate-0001.pem 766s + local key_pass=pass:random-root-ca-trusted-cert-0001-4662 766s + local key_ring=/tmp/sssd-softhsm2-fyAXsG/test-root-CA.pem 766s + local verify_option=partial_chain 766s + prepare_softhsm2_card /tmp/sssd-softhsm2-fyAXsG/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-4662 766s + local certificate=/tmp/sssd-softhsm2-fyAXsG/test-root-CA-trusted-certificate-0001.pem 766s + local key_pass=pass:random-root-ca-trusted-cert-0001-4662 766s + local key_cn 766s + local key_name 766s + local tokens_dir 766s + local output_cert_file 766s + token_name= 766s ++ basename /tmp/sssd-softhsm2-fyAXsG/test-root-CA-trusted-certificate-0001.pem .pem 766s + key_name=test-root-CA-trusted-certificate-0001 766s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-fyAXsG/test-root-CA-trusted-certificate-0001.pem 766s ++ sed -n 's/ *commonName *= //p' 766s + key_cn='Test Organization Root Trusted Certificate 0001' 766s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 766s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-fyAXsG/softhsm2-test-root-CA-trusted-certificate-0001.conf 766s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-fyAXsG/softhsm2-test-root-CA-trusted-certificate-0001.conf 766s ++ basename /tmp/sssd-softhsm2-fyAXsG/softhsm2-test-root-CA-trusted-certificate-0001.conf .conf 766s + tokens_dir=/tmp/sssd-softhsm2-fyAXsG/softhsm2-test-root-CA-trusted-certificate-0001 766s + token_name='Test Organization Root Tr Token' 766s + '[' '!' -e /tmp/sssd-softhsm2-fyAXsG/softhsm2-test-root-CA-trusted-certificate-0001.conf ']' 766s Test Organization Root Tr Token 766s + '[' '!' -d /tmp/sssd-softhsm2-fyAXsG/softhsm2-test-root-CA-trusted-certificate-0001 ']' 766s + echo 'Test Organization Root Tr Token' 766s + '[' -n partial_chain ']' 766s + local verify_arg=--verify=partial_chain 766s + local output_base_name=SSSD-child-2690 766s + local output_file=/tmp/sssd-softhsm2-fyAXsG/SSSD-child-2690.output 766s + output_cert_file=/tmp/sssd-softhsm2-fyAXsG/SSSD-child-2690.pem 766s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so --verify=partial_chain --ca_db=/tmp/sssd-softhsm2-fyAXsG/test-root-CA.pem 766s [p11_child[2224]] [main] (0x0400): p11_child started. 766s [p11_child[2224]] [main] (0x2000): Running in [pre-auth] mode. 766s [p11_child[2224]] [main] (0x2000): Running with effective IDs: [0][0]. 766s [p11_child[2224]] [main] (0x2000): Running with real IDs [0][0]. 766s [p11_child[2224]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 766s [p11_child[2224]] [do_card] (0x4000): Module List: 766s [p11_child[2224]] [do_card] (0x4000): common name: [softhsm2]. 766s [p11_child[2224]] [do_card] (0x4000): dll name: [/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 766s [p11_child[2224]] [do_card] (0x4000): Description [SoftHSM slot ID 0x343e3593] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 766s [p11_child[2224]] [do_card] (0x4000): Token label [Test Organization Root Tr Token]. 766s [p11_child[2224]] [do_card] (0x4000): Found [Test Organization Root Tr Token] in slot [SoftHSM slot ID 0x343e3593][876492179] of module [0][/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 766s [p11_child[2224]] [do_card] (0x4000): Login NOT required. 766s [p11_child[2224]] [read_certs] (0x4000): found cert[Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] 766s [p11_child[2224]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 766s [p11_child[2224]] [do_card] (0x4000): /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so (null) Test Organization Root Tr Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 766s [p11_child[2224]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x343e3593;slot-manufacturer=SoftHSM%20project;slot-id=876492179;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=094ae40ab43e3593;token=Test%20Organization%20Root%20Tr%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Root%20Trusted%20Certificate%200001;type=cert. 766s [p11_child[2224]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 766s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-fyAXsG/SSSD-child-2690.output 766s + echo '-----BEGIN CERTIFICATE-----' 766s + tail -n1 /tmp/sssd-softhsm2-fyAXsG/SSSD-child-2690.output 766s + echo '-----END CERTIFICATE-----' 766s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-fyAXsG/SSSD-child-2690.pem 767s Certificate: 767s Data: 767s Version: 3 (0x2) 767s Serial Number: 3 (0x3) 767s Signature Algorithm: sha256WithRSAEncryption 767s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root CA 767s Validity 767s Not Before: Mar 21 21:55:26 2024 GMT 767s Not After : Mar 21 21:55:26 2025 GMT 767s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root Trusted Certificate 0001 767s Subject Public Key Info: 767s Public Key Algorithm: rsaEncryption 767s Public-Key: (1024 bit) 767s Modulus: 767s 00:df:5d:53:82:34:fe:00:14:6b:23:24:d9:fa:54: 767s 3d:92:23:ae:76:ae:3c:4a:d5:e2:6a:d4:3d:67:e7: 767s cd:2e:4e:9e:0a:03:1d:94:89:58:30:40:62:4e:14: 767s 5c:5a:20:15:98:8e:4b:8f:b0:ae:4b:e5:e1:8a:15: 767s 7c:ec:88:7f:25:1a:f4:01:6b:9a:6a:f2:0b:f6:ca: 767s c9:a3:fb:ef:83:29:7a:a7:c6:00:2b:a7:72:cc:72: 767s ad:89:dd:c8:db:ae:35:bc:8c:e0:d4:81:2c:ee:73: 767s 46:68:98:ba:12:b6:65:cf:ba:b4:cb:9d:c0:90:53: 767s 9d:3e:b8:69:32:7f:9b:af:49 767s Exponent: 65537 (0x10001) 767s X509v3 extensions: 767s X509v3 Authority Key Identifier: 767s 24:63:69:18:38:08:1F:9F:D2:60:2E:4D:CA:F2:60:E7:77:D4:0A:8F 767s X509v3 Basic Constraints: 767s CA:FALSE 767s Netscape Cert Type: 767s SSL Client, S/MIME 767s Netscape Comment: 767s Test Organization Root CA trusted Certificate 767s X509v3 Subject Key Identifier: 767s 1B:03:51:57:DF:42:91:F4:2B:6A:D9:5F:EC:37:F0:88:AA:A7:08:12 767s X509v3 Key Usage: critical 767s Digital Signature, Non Repudiation, Key Encipherment 767s X509v3 Extended Key Usage: 767s TLS Web Client Authentication, E-mail Protection 767s X509v3 Subject Alternative Name: 767s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 767s Signature Algorithm: sha256WithRSAEncryption 767s Signature Value: 767s 52:04:8b:fe:06:ae:11:d8:4e:40:6e:84:8a:95:0c:f5:79:f7: 767s 54:50:89:59:30:e2:6d:5a:c5:79:8c:f3:58:16:7b:c1:b8:95: 767s 7e:da:23:42:da:55:1c:9f:97:9a:bd:8f:e8:09:d3:8e:b5:5f: 767s 69:4d:e4:89:98:28:92:a7:92:32:47:4a:8c:91:23:4a:18:e8: 767s 30:a8:dd:d8:22:9b:ea:6c:43:b1:b5:77:c4:e4:24:62:2d:6d: 767s 6c:b0:97:42:0f:10:84:d6:a7:81:31:80:63:a5:91:be:02:f6: 767s fc:5e:e1:ae:03:9b:43:ed:b2:c4:26:af:17:a9:8c:e3:74:77: 767s 90:fb 767s + local found_md5 expected_md5 767s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-fyAXsG/test-root-CA-trusted-certificate-0001.pem 767s + expected_md5=Modulus=DF5D538234FE00146B2324D9FA543D9223AE76AE3C4AD5E26AD43D67E7CD2E4E9E0A031D9489583040624E145C5A2015988E4B8FB0AE4BE5E18A157CEC887F251AF4016B9A6AF20BF6CAC9A3FBEF83297AA7C6002BA772CC72AD89DDC8DBAE35BC8CE0D4812CEE73466898BA12B665CFBAB4CB9DC090539D3EB869327F9BAF49 767s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-fyAXsG/SSSD-child-2690.pem 767s + found_md5=Modulus=DF5D538234FE00146B2324D9FA543D9223AE76AE3C4AD5E26AD43D67E7CD2E4E9E0A031D9489583040624E145C5A2015988E4B8FB0AE4BE5E18A157CEC887F251AF4016B9A6AF20BF6CAC9A3FBEF83297AA7C6002BA772CC72AD89DDC8DBAE35BC8CE0D4812CEE73466898BA12B665CFBAB4CB9DC090539D3EB869327F9BAF49 767s + '[' Modulus=DF5D538234FE00146B2324D9FA543D9223AE76AE3C4AD5E26AD43D67E7CD2E4E9E0A031D9489583040624E145C5A2015988E4B8FB0AE4BE5E18A157CEC887F251AF4016B9A6AF20BF6CAC9A3FBEF83297AA7C6002BA772CC72AD89DDC8DBAE35BC8CE0D4812CEE73466898BA12B665CFBAB4CB9DC090539D3EB869327F9BAF49 '!=' Modulus=DF5D538234FE00146B2324D9FA543D9223AE76AE3C4AD5E26AD43D67E7CD2E4E9E0A031D9489583040624E145C5A2015988E4B8FB0AE4BE5E18A157CEC887F251AF4016B9A6AF20BF6CAC9A3FBEF83297AA7C6002BA772CC72AD89DDC8DBAE35BC8CE0D4812CEE73466898BA12B665CFBAB4CB9DC090539D3EB869327F9BAF49 ']' 767s + output_file=/tmp/sssd-softhsm2-fyAXsG/SSSD-child-2690-auth.output 767s ++ basename /tmp/sssd-softhsm2-fyAXsG/SSSD-child-2690-auth.output .output 767s + output_cert_file=/tmp/sssd-softhsm2-fyAXsG/SSSD-child-2690-auth.pem 767s + echo -n 053350 767s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/tmp/sssd-softhsm2-fyAXsG/test-root-CA.pem --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 --verify=partial_chain --token_name 'Test Organization Root Tr Token' --module_name /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so 767s [p11_child[2232]] [main] (0x0400): p11_child started. 767s [p11_child[2232]] [main] (0x2000): Running in [auth] mode. 767s [p11_child[2232]] [main] (0x2000): Running with effective IDs: [0][0]. 767s [p11_child[2232]] [main] (0x2000): Running with real IDs [0][0]. 767s [p11_child[2232]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 767s [p11_child[2232]] [do_card] (0x4000): Module List: 767s [p11_child[2232]] [do_card] (0x4000): common name: [softhsm2]. 767s [p11_child[2232]] [do_card] (0x4000): dll name: [/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 767s [p11_child[2232]] [do_card] (0x4000): Description [SoftHSM slot ID 0x343e3593] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 767s [p11_child[2232]] [do_card] (0x4000): Token label [Test Organization Root Tr Token]. 767s [p11_child[2232]] [do_card] (0x4000): Found [Test Organization Root Tr Token] in slot [SoftHSM slot ID 0x343e3593][876492179] of module [0][/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 767s [p11_child[2232]] [do_card] (0x4000): Login required. 767s [p11_child[2232]] [read_certs] (0x4000): found cert[Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] 767s [p11_child[2232]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 767s [p11_child[2232]] [do_card] (0x4000): /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so Test Organization Root Tr Token Test Organization Root Tr Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 767s [p11_child[2232]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x343e3593;slot-manufacturer=SoftHSM%20project;slot-id=876492179;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=094ae40ab43e3593;token=Test%20Organization%20Root%20Tr%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Root%20Trusted%20Certificate%200001;type=cert. 767s [p11_child[2232]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 767s [p11_child[2232]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 767s [p11_child[2232]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 767s [p11_child[2232]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 767s [p11_child[2232]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 767s [p11_child[2232]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 767s [p11_child[2232]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 767s [p11_child[2232]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 767s [p11_child[2232]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 767s [p11_child[2232]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 767s [p11_child[2232]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 767s [p11_child[2232]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 767s [p11_child[2232]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 767s [p11_child[2232]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 767s [p11_child[2232]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 767s [p11_child[2232]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 767s [p11_child[2232]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 767s [p11_child[2232]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 767s [p11_child[2232]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 767s [p11_child[2232]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 767s [p11_child[2232]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 767s [p11_child[2232]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 767s [p11_child[2232]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 767s [p11_child[2232]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 767s [p11_child[2232]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 767s [p11_child[2232]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 767s [p11_child[2232]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 767s [p11_child[2232]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 767s [p11_child[2232]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 767s [p11_child[2232]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 767s [p11_child[2232]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 767s [p11_child[2232]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 767s [p11_child[2232]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 767s [p11_child[2232]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 767s [p11_child[2232]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 767s [p11_child[2232]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 767s [p11_child[2232]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 767s [p11_child[2232]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 767s [p11_child[2232]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 767s [p11_child[2232]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 767s [p11_child[2232]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 767s [p11_child[2232]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 767s [p11_child[2232]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 767s [p11_child[2232]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 767s [p11_child[2232]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 767s [p11_child[2232]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 767s [p11_child[2232]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 767s [p11_child[2232]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 767s [p11_child[2232]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 767s [p11_child[2232]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 767s [p11_child[2232]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 767s [p11_child[2232]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 767s [p11_child[2232]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 767s [p11_child[2232]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 767s [p11_child[2232]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 767s [p11_child[2232]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 767s [p11_child[2232]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 767s [p11_child[2232]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 767s [p11_child[2232]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 767s [p11_child[2232]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 767s [p11_child[2232]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 767s [p11_child[2232]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 767s [p11_child[2232]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 767s [p11_child[2232]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 767s [p11_child[2232]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 767s [p11_child[2232]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 767s [p11_child[2232]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 767s [p11_child[2232]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 767s [p11_child[2232]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 767s [p11_child[2232]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 767s [p11_child[2232]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 767s [p11_child[2232]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 767s [p11_child[2232]] [do_card] (0x4000): Certificate verified and validated. 767s [p11_child[2232]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 767s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-fyAXsG/SSSD-child-2690-auth.output 767s + echo '-----BEGIN CERTIFICATE-----' 767s + tail -n1 /tmp/sssd-softhsm2-fyAXsG/SSSD-child-2690-auth.output 767s + echo '-----END CERTIFICATE-----' 767s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-fyAXsG/SSSD-child-2690-auth.pem 767s Certificate: 767s Data: 767s Version: 3 (0x2) 767s Serial Number: 3 (0x3) 767s Signature Algorithm: sha256WithRSAEncryption 767s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root CA 767s Validity 767s Not Before: Mar 21 21:55:26 2024 GMT 767s Not After : Mar 21 21:55:26 2025 GMT 767s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root Trusted Certificate 0001 767s Subject Public Key Info: 767s Public Key Algorithm: rsaEncryption 767s Public-Key: (1024 bit) 767s Modulus: 767s 00:df:5d:53:82:34:fe:00:14:6b:23:24:d9:fa:54: 767s 3d:92:23:ae:76:ae:3c:4a:d5:e2:6a:d4:3d:67:e7: 767s cd:2e:4e:9e:0a:03:1d:94:89:58:30:40:62:4e:14: 767s 5c:5a:20:15:98:8e:4b:8f:b0:ae:4b:e5:e1:8a:15: 767s 7c:ec:88:7f:25:1a:f4:01:6b:9a:6a:f2:0b:f6:ca: 767s c9:a3:fb:ef:83:29:7a:a7:c6:00:2b:a7:72:cc:72: 767s ad:89:dd:c8:db:ae:35:bc:8c:e0:d4:81:2c:ee:73: 767s 46:68:98:ba:12:b6:65:cf:ba:b4:cb:9d:c0:90:53: 767s 9d:3e:b8:69:32:7f:9b:af:49 767s Exponent: 65537 (0x10001) 767s X509v3 extensions: 767s X509v3 Authority Key Identifier: 767s 24:63:69:18:38:08:1F:9F:D2:60:2E:4D:CA:F2:60:E7:77:D4:0A:8F 767s X509v3 Basic Constraints: 767s CA:FALSE 767s Netscape Cert Type: 767s SSL Client, S/MIME 767s Netscape Comment: 767s Test Organization Root CA trusted Certificate 767s X509v3 Subject Key Identifier: 767s 1B:03:51:57:DF:42:91:F4:2B:6A:D9:5F:EC:37:F0:88:AA:A7:08:12 767s X509v3 Key Usage: critical 767s Digital Signature, Non Repudiation, Key Encipherment 767s X509v3 Extended Key Usage: 767s TLS Web Client Authentication, E-mail Protection 767s X509v3 Subject Alternative Name: 767s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 767s Signature Algorithm: sha256WithRSAEncryption 767s Signature Value: 767s 52:04:8b:fe:06:ae:11:d8:4e:40:6e:84:8a:95:0c:f5:79:f7: 767s 54:50:89:59:30:e2:6d:5a:c5:79:8c:f3:58:16:7b:c1:b8:95: 767s 7e:da:23:42:da:55:1c:9f:97:9a:bd:8f:e8:09:d3:8e:b5:5f: 767s 69:4d:e4:89:98:28:92:a7:92:32:47:4a:8c:91:23:4a:18:e8: 767s 30:a8:dd:d8:22:9b:ea:6c:43:b1:b5:77:c4:e4:24:62:2d:6d: 767s 6c:b0:97:42:0f:10:84:d6:a7:81:31:80:63:a5:91:be:02:f6: 767s fc:5e:e1:ae:03:9b:43:ed:b2:c4:26:af:17:a9:8c:e3:74:77: 767s 90:fb 767s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-fyAXsG/SSSD-child-2690-auth.pem 767s + found_md5=Modulus=DF5D538234FE00146B2324D9FA543D9223AE76AE3C4AD5E26AD43D67E7CD2E4E9E0A031D9489583040624E145C5A2015988E4B8FB0AE4BE5E18A157CEC887F251AF4016B9A6AF20BF6CAC9A3FBEF83297AA7C6002BA772CC72AD89DDC8DBAE35BC8CE0D4812CEE73466898BA12B665CFBAB4CB9DC090539D3EB869327F9BAF49 767s + '[' Modulus=DF5D538234FE00146B2324D9FA543D9223AE76AE3C4AD5E26AD43D67E7CD2E4E9E0A031D9489583040624E145C5A2015988E4B8FB0AE4BE5E18A157CEC887F251AF4016B9A6AF20BF6CAC9A3FBEF83297AA7C6002BA772CC72AD89DDC8DBAE35BC8CE0D4812CEE73466898BA12B665CFBAB4CB9DC090539D3EB869327F9BAF49 '!=' Modulus=DF5D538234FE00146B2324D9FA543D9223AE76AE3C4AD5E26AD43D67E7CD2E4E9E0A031D9489583040624E145C5A2015988E4B8FB0AE4BE5E18A157CEC887F251AF4016B9A6AF20BF6CAC9A3FBEF83297AA7C6002BA772CC72AD89DDC8DBAE35BC8CE0D4812CEE73466898BA12B665CFBAB4CB9DC090539D3EB869327F9BAF49 ']' 767s + valid_certificate /tmp/sssd-softhsm2-fyAXsG/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-4662 /tmp/sssd-softhsm2-fyAXsG/test-full-chain-CA.pem 767s + check_certificate /tmp/sssd-softhsm2-fyAXsG/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-4662 /tmp/sssd-softhsm2-fyAXsG/test-full-chain-CA.pem 767s + local certificate=/tmp/sssd-softhsm2-fyAXsG/test-root-CA-trusted-certificate-0001.pem 767s + local key_pass=pass:random-root-ca-trusted-cert-0001-4662 767s + local key_ring=/tmp/sssd-softhsm2-fyAXsG/test-full-chain-CA.pem 767s + local verify_option= 767s + prepare_softhsm2_card /tmp/sssd-softhsm2-fyAXsG/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-4662 767s + local certificate=/tmp/sssd-softhsm2-fyAXsG/test-root-CA-trusted-certificate-0001.pem 767s + local key_pass=pass:random-root-ca-trusted-cert-0001-4662 767s + local key_cn 767s + local key_name 767s + local tokens_dir 767s + local output_cert_file 767s + token_name= 767s ++ basename /tmp/sssd-softhsm2-fyAXsG/test-root-CA-trusted-certificate-0001.pem .pem 767s + key_name=test-root-CA-trusted-certificate-0001 767s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-fyAXsG/test-root-CA-trusted-certificate-0001.pem 767s ++ sed -n 's/ *commonName *= //p' 767s + key_cn='Test Organization Root Trusted Certificate 0001' 767s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 767s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-fyAXsG/softhsm2-test-root-CA-trusted-certificate-0001.conf 767s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-fyAXsG/softhsm2-test-root-CA-trusted-certificate-0001.conf 767s ++ basename /tmp/sssd-softhsm2-fyAXsG/softhsm2-test-root-CA-trusted-certificate-0001.conf .conf 767s + tokens_dir=/tmp/sssd-softhsm2-fyAXsG/softhsm2-test-root-CA-trusted-certificate-0001 767s + token_name='Test Organization Root Tr Token' 767s + '[' '!' -e /tmp/sssd-softhsm2-fyAXsG/softhsm2-test-root-CA-trusted-certificate-0001.conf ']' 767s Test Organization Root Tr Token 767s + '[' '!' -d /tmp/sssd-softhsm2-fyAXsG/softhsm2-test-root-CA-trusted-certificate-0001 ']' 767s + echo 'Test Organization Root Tr Token' 767s + '[' -n '' ']' 767s + local output_base_name=SSSD-child-7845 767s + local output_file=/tmp/sssd-softhsm2-fyAXsG/SSSD-child-7845.output 767s + output_cert_file=/tmp/sssd-softhsm2-fyAXsG/SSSD-child-7845.pem 767s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so '' --ca_db=/tmp/sssd-softhsm2-fyAXsG/test-full-chain-CA.pem 767s [p11_child[2242]] [main] (0x0400): p11_child started. 767s [p11_child[2242]] [main] (0x2000): Running in [pre-auth] mode. 767s [p11_child[2242]] [main] (0x2000): Running with effective IDs: [0][0]. 767s [p11_child[2242]] [main] (0x2000): Running with real IDs [0][0]. 767s [p11_child[2242]] [do_card] (0x4000): Module List: 767s [p11_child[2242]] [do_card] (0x4000): common name: [softhsm2]. 767s [p11_child[2242]] [do_card] (0x4000): dll name: [/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 767s [p11_child[2242]] [do_card] (0x4000): Description [SoftHSM slot ID 0x343e3593] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 767s [p11_child[2242]] [do_card] (0x4000): Token label [Test Organization Root Tr Token]. 767s [p11_child[2242]] [do_card] (0x4000): Found [Test Organization Root Tr Token] in slot [SoftHSM slot ID 0x343e3593][876492179] of module [0][/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 767s [p11_child[2242]] [do_card] (0x4000): Login NOT required. 767s [p11_child[2242]] [read_certs] (0x4000): found cert[Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] 767s [p11_child[2242]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 767s [p11_child[2242]] [do_card] (0x4000): /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so (null) Test Organization Root Tr Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 767s [p11_child[2242]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x343e3593;slot-manufacturer=SoftHSM%20project;slot-id=876492179;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=094ae40ab43e3593;token=Test%20Organization%20Root%20Tr%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Root%20Trusted%20Certificate%200001;type=cert. 767s [p11_child[2242]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 767s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-fyAXsG/SSSD-child-7845.output 767s + echo '-----BEGIN CERTIFICATE-----' 767s + tail -n1 /tmp/sssd-softhsm2-fyAXsG/SSSD-child-7845.output 767s + echo '-----END CERTIFICATE-----' 767s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-fyAXsG/SSSD-child-7845.pem 767s Certificate: 767s Data: 767s Version: 3 (0x2) 767s Serial Number: 3 (0x3) 767s Signature Algorithm: sha256WithRSAEncryption 767s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root CA 767s Validity 767s Not Before: Mar 21 21:55:26 2024 GMT 767s Not After : Mar 21 21:55:26 2025 GMT 767s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root Trusted Certificate 0001 767s Subject Public Key Info: 767s Public Key Algorithm: rsaEncryption 767s Public-Key: (1024 bit) 767s Modulus: 767s 00:df:5d:53:82:34:fe:00:14:6b:23:24:d9:fa:54: 767s 3d:92:23:ae:76:ae:3c:4a:d5:e2:6a:d4:3d:67:e7: 767s cd:2e:4e:9e:0a:03:1d:94:89:58:30:40:62:4e:14: 767s 5c:5a:20:15:98:8e:4b:8f:b0:ae:4b:e5:e1:8a:15: 767s 7c:ec:88:7f:25:1a:f4:01:6b:9a:6a:f2:0b:f6:ca: 767s c9:a3:fb:ef:83:29:7a:a7:c6:00:2b:a7:72:cc:72: 767s ad:89:dd:c8:db:ae:35:bc:8c:e0:d4:81:2c:ee:73: 767s 46:68:98:ba:12:b6:65:cf:ba:b4:cb:9d:c0:90:53: 767s 9d:3e:b8:69:32:7f:9b:af:49 767s Exponent: 65537 (0x10001) 767s X509v3 extensions: 767s X509v3 Authority Key Identifier: 767s 24:63:69:18:38:08:1F:9F:D2:60:2E:4D:CA:F2:60:E7:77:D4:0A:8F 767s X509v3 Basic Constraints: 767s CA:FALSE 767s Netscape Cert Type: 767s SSL Client, S/MIME 767s Netscape Comment: 767s Test Organization Root CA trusted Certificate 767s X509v3 Subject Key Identifier: 767s 1B:03:51:57:DF:42:91:F4:2B:6A:D9:5F:EC:37:F0:88:AA:A7:08:12 767s X509v3 Key Usage: critical 767s Digital Signature, Non Repudiation, Key Encipherment 767s X509v3 Extended Key Usage: 767s TLS Web Client Authentication, E-mail Protection 767s X509v3 Subject Alternative Name: 767s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 767s Signature Algorithm: sha256WithRSAEncryption 767s Signature Value: 767s 52:04:8b:fe:06:ae:11:d8:4e:40:6e:84:8a:95:0c:f5:79:f7: 767s 54:50:89:59:30:e2:6d:5a:c5:79:8c:f3:58:16:7b:c1:b8:95: 767s 7e:da:23:42:da:55:1c:9f:97:9a:bd:8f:e8:09:d3:8e:b5:5f: 767s 69:4d:e4:89:98:28:92:a7:92:32:47:4a:8c:91:23:4a:18:e8: 767s 30:a8:dd:d8:22:9b:ea:6c:43:b1:b5:77:c4:e4:24:62:2d:6d: 767s 6c:b0:97:42:0f:10:84:d6:a7:81:31:80:63:a5:91:be:02:f6: 767s fc:5e:e1:ae:03:9b:43:ed:b2:c4:26:af:17:a9:8c:e3:74:77: 767s 90:fb 767s + local found_md5 expected_md5 767s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-fyAXsG/test-root-CA-trusted-certificate-0001.pem 767s + expected_md5=Modulus=DF5D538234FE00146B2324D9FA543D9223AE76AE3C4AD5E26AD43D67E7CD2E4E9E0A031D9489583040624E145C5A2015988E4B8FB0AE4BE5E18A157CEC887F251AF4016B9A6AF20BF6CAC9A3FBEF83297AA7C6002BA772CC72AD89DDC8DBAE35BC8CE0D4812CEE73466898BA12B665CFBAB4CB9DC090539D3EB869327F9BAF49 767s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-fyAXsG/SSSD-child-7845.pem 767s + found_md5=Modulus=DF5D538234FE00146B2324D9FA543D9223AE76AE3C4AD5E26AD43D67E7CD2E4E9E0A031D9489583040624E145C5A2015988E4B8FB0AE4BE5E18A157CEC887F251AF4016B9A6AF20BF6CAC9A3FBEF83297AA7C6002BA772CC72AD89DDC8DBAE35BC8CE0D4812CEE73466898BA12B665CFBAB4CB9DC090539D3EB869327F9BAF49 767s + '[' Modulus=DF5D538234FE00146B2324D9FA543D9223AE76AE3C4AD5E26AD43D67E7CD2E4E9E0A031D9489583040624E145C5A2015988E4B8FB0AE4BE5E18A157CEC887F251AF4016B9A6AF20BF6CAC9A3FBEF83297AA7C6002BA772CC72AD89DDC8DBAE35BC8CE0D4812CEE73466898BA12B665CFBAB4CB9DC090539D3EB869327F9BAF49 '!=' Modulus=DF5D538234FE00146B2324D9FA543D9223AE76AE3C4AD5E26AD43D67E7CD2E4E9E0A031D9489583040624E145C5A2015988E4B8FB0AE4BE5E18A157CEC887F251AF4016B9A6AF20BF6CAC9A3FBEF83297AA7C6002BA772CC72AD89DDC8DBAE35BC8CE0D4812CEE73466898BA12B665CFBAB4CB9DC090539D3EB869327F9BAF49 ']' 767s + output_file=/tmp/sssd-softhsm2-fyAXsG/SSSD-child-7845-auth.output 767s ++ basename /tmp/sssd-softhsm2-fyAXsG/SSSD-child-7845-auth.output .output 767s + output_cert_file=/tmp/sssd-softhsm2-fyAXsG/SSSD-child-7845-auth.pem 767s + echo -n 053350 767s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/tmp/sssd-softhsm2-fyAXsG/test-full-chain-CA.pem --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 '' --token_name 'Test Organization Root Tr Token' --module_name /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so 767s [p11_child[2250]] [main] (0x0400): p11_child started. 767s [p11_child[2250]] [main] (0x2000): Running in [auth] mode. 767s [p11_child[2250]] [main] (0x2000): Running with effective IDs: [0][0]. 767s [p11_child[2250]] [main] (0x2000): Running with real IDs [0][0]. 767s [p11_child[2250]] [do_card] (0x4000): Module List: 767s [p11_child[2250]] [do_card] (0x4000): common name: [softhsm2]. 767s [p11_child[2250]] [do_card] (0x4000): dll name: [/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 767s [p11_child[2250]] [do_card] (0x4000): Description [SoftHSM slot ID 0x343e3593] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 767s [p11_child[2250]] [do_card] (0x4000): Token label [Test Organization Root Tr Token]. 767s [p11_child[2250]] [do_card] (0x4000): Found [Test Organization Root Tr Token] in slot [SoftHSM slot ID 0x343e3593][876492179] of module [0][/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 767s [p11_child[2250]] [do_card] (0x4000): Login required. 767s [p11_child[2250]] [read_certs] (0x4000): found cert[Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] 767s [p11_child[2250]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 767s [p11_child[2250]] [do_card] (0x4000): /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so Test Organization Root Tr Token Test Organization Root Tr Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 767s [p11_child[2250]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x343e3593;slot-manufacturer=SoftHSM%20project;slot-id=876492179;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=094ae40ab43e3593;token=Test%20Organization%20Root%20Tr%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Root%20Trusted%20Certificate%200001;type=cert. 767s [p11_child[2250]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 767s [p11_child[2250]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 767s [p11_child[2250]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 767s [p11_child[2250]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 767s [p11_child[2250]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 767s [p11_child[2250]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 767s [p11_child[2250]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 767s [p11_child[2250]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 767s [p11_child[2250]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 767s [p11_child[2250]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 767s [p11_child[2250]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 767s [p11_child[2250]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 767s [p11_child[2250]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 767s [p11_child[2250]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 767s [p11_child[2250]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 767s [p11_child[2250]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 767s [p11_child[2250]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 767s [p11_child[2250]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 767s [p11_child[2250]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 767s [p11_child[2250]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 767s [p11_child[2250]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 767s [p11_child[2250]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 767s [p11_child[2250]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 767s [p11_child[2250]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 767s [p11_child[2250]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 767s [p11_child[2250]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 767s [p11_child[2250]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 767s [p11_child[2250]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 767s [p11_child[2250]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 767s [p11_child[2250]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 767s [p11_child[2250]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 767s [p11_child[2250]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 767s [p11_child[2250]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 767s [p11_child[2250]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 767s [p11_child[2250]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 767s [p11_child[2250]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 767s [p11_child[2250]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 767s [p11_child[2250]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 767s [p11_child[2250]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 767s [p11_child[2250]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 767s [p11_child[2250]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 767s [p11_child[2250]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 767s [p11_child[2250]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 767s [p11_child[2250]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 767s [p11_child[2250]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 767s [p11_child[2250]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 767s [p11_child[2250]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 767s [p11_child[2250]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 767s [p11_child[2250]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 767s [p11_child[2250]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 767s [p11_child[2250]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 767s [p11_child[2250]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 767s [p11_child[2250]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 767s [p11_child[2250]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 767s [p11_child[2250]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 767s [p11_child[2250]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 767s [p11_child[2250]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 767s [p11_child[2250]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 767s [p11_child[2250]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 767s [p11_child[2250]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 767s [p11_child[2250]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 767s Certificate: 767s Data: 767s Version: 3 (0x2) 767s Serial Number: 3 (0x3) 767s Signature Algorithm: sha256WithRSAEncryption 767s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root CA 767s Validity 767s Not Before: Mar 21 21:55:26 2024 GMT 767s Not After : Mar 21 21:55:26 2025 GMT 767s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root Trusted Certificate 0001 767s Subject Public Key Info: 767s Public Key Algorithm: rsaEncryption 767s Public-Key: (1024 bit) 767s Modulus: 767s 00:df:5d:53:82:34:fe:00:14:6b:23:24:d9:fa:54: 767s 3d:92:23:ae:76:ae:3c:4a:d5:e2:6a:d4:3d:67:e7: 767s cd:2e:4e:9e:0a:03:1d:94:89:58:30:40:62:4e:14: 767s 5c:5a:20:15:98:8e:4b:8f:b0:ae:4b:e5:e1:8a:15: 767s 7c:ec:88:7f:25:1a:f4:01:6b:9a:6a:f2:0b:f6:ca: 767s c9:a3:fb:ef:83:29:7a:a7:c6:00:2b:a7:72:cc:72: 767s ad:89:dd:c8:db:ae:35:bc:8c:e0:d4:81:2c:ee:73: 767s 46:68:98:ba:12:b6:65:cf:ba:b4:cb:9d:c0:90:53: 767s 9d:3e:b8:69:32:7f:9b:af:49 767s Exponent: 65537 (0x10001) 767s X509v3 extensions: 767s X509v3 Authority Key Identifier: 767s 24:63:69:18:38:08:1F:9F:D2:60:2E:4D:CA:F2:60:E7:77:D4:0A:8F 767s X509v3 Basic Constraints: 767s CA:FALSE 767s Netscape Cert Type: 767s SSL Client, S/MIME 767s Netscape Comment: 767s Test Organization Root CA trusted Certificate 767s X509v3 Subject Key Identifier: 767s 1B:03:51:57:DF:42:91:F4:2B:6A:D9:5F:EC:37:F0:88:AA:A7:08:12 767s X509v3 Key Usage: critical 767s Digital Signature, Non Repudiation, Key Encipherment 767s X509v3 Extended Key Usage: 767s TLS Web Client Authentication, E-mail Protection 767s X509v3 Subject Alternative Name: 767s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 767s Signature Algorithm: sha256WithRSAEncryption 767s Signature Value: 767s 52:04:8b:fe:06:ae:11:d8:4e:40:6e:84:8a:95:0c:f5:79:f7: 767s 54:50:89:59:30:e2:6d:5a:c5:79:8c:f3:58:16:7b:c1:b8:95: 767s 7e:da:23:42:da:55:1c:9f:97:9a:bd:8f:e8:09:d3:8e:b5:5f: 767s 69:4d:e4:89:98:28:92:a7:92:32:47:4a:8c:91:23:4a:18:e8: 767s 30:a8:dd:d8:22:9b:ea:6c:43:b1:b5:77:c4:e4:24:62:2d:6d: 767s 6c:b0:97:42:0f:10:84:d6:a7:81:31:80:63:a5:91:be:02:f6: 767s fc:5e:e1:ae:03:9b:43:ed:b2:c4:26:af:17:a9:8c:e3:74:77: 767s 90:fb 767s [p11_child[2250]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 767s [p11_child[2250]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 767s [p11_child[2250]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 767s [p11_child[2250]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 767s [p11_child[2250]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 767s [p11_child[2250]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 767s [p11_child[2250]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 767s [p11_child[2250]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 767s [p11_child[2250]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 767s [p11_child[2250]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 767s [p11_child[2250]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 767s [p11_child[2250]] [do_card] (0x4000): Certificate verified and validated. 767s [p11_child[2250]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 767s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-fyAXsG/SSSD-child-7845-auth.output 767s + echo '-----BEGIN CERTIFICATE-----' 767s + tail -n1 /tmp/sssd-softhsm2-fyAXsG/SSSD-child-7845-auth.output 767s + echo '-----END CERTIFICATE-----' 767s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-fyAXsG/SSSD-child-7845-auth.pem 767s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-fyAXsG/SSSD-child-7845-auth.pem 767s + found_md5=Modulus=DF5D538234FE00146B2324D9FA543D9223AE76AE3C4AD5E26AD43D67E7CD2E4E9E0A031D9489583040624E145C5A2015988E4B8FB0AE4BE5E18A157CEC887F251AF4016B9A6AF20BF6CAC9A3FBEF83297AA7C6002BA772CC72AD89DDC8DBAE35BC8CE0D4812CEE73466898BA12B665CFBAB4CB9DC090539D3EB869327F9BAF49 767s + '[' Modulus=DF5D538234FE00146B2324D9FA543D9223AE76AE3C4AD5E26AD43D67E7CD2E4E9E0A031D9489583040624E145C5A2015988E4B8FB0AE4BE5E18A157CEC887F251AF4016B9A6AF20BF6CAC9A3FBEF83297AA7C6002BA772CC72AD89DDC8DBAE35BC8CE0D4812CEE73466898BA12B665CFBAB4CB9DC090539D3EB869327F9BAF49 '!=' Modulus=DF5D538234FE00146B2324D9FA543D9223AE76AE3C4AD5E26AD43D67E7CD2E4E9E0A031D9489583040624E145C5A2015988E4B8FB0AE4BE5E18A157CEC887F251AF4016B9A6AF20BF6CAC9A3FBEF83297AA7C6002BA772CC72AD89DDC8DBAE35BC8CE0D4812CEE73466898BA12B665CFBAB4CB9DC090539D3EB869327F9BAF49 ']' 767s + valid_certificate /tmp/sssd-softhsm2-fyAXsG/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-4662 /tmp/sssd-softhsm2-fyAXsG/test-full-chain-CA.pem partial_chain 767s + check_certificate /tmp/sssd-softhsm2-fyAXsG/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-4662 /tmp/sssd-softhsm2-fyAXsG/test-full-chain-CA.pem partial_chain 767s + local certificate=/tmp/sssd-softhsm2-fyAXsG/test-root-CA-trusted-certificate-0001.pem 767s + local key_pass=pass:random-root-ca-trusted-cert-0001-4662 767s + local key_ring=/tmp/sssd-softhsm2-fyAXsG/test-full-chain-CA.pem 767s + local verify_option=partial_chain 767s + prepare_softhsm2_card /tmp/sssd-softhsm2-fyAXsG/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-4662 767s + local certificate=/tmp/sssd-softhsm2-fyAXsG/test-root-CA-trusted-certificate-0001.pem 767s + local key_pass=pass:random-root-ca-trusted-cert-0001-4662 767s + local key_cn 767s + local key_name 767s + local tokens_dir 767s + local output_cert_file 767s + token_name= 767s ++ basename /tmp/sssd-softhsm2-fyAXsG/test-root-CA-trusted-certificate-0001.pem .pem 767s + key_name=test-root-CA-trusted-certificate-0001 767s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-fyAXsG/test-root-CA-trusted-certificate-0001.pem 767s ++ sed -n 's/ *commonName *= //p' 767s + key_cn='Test Organization Root Trusted Certificate 0001' 767s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 767s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-fyAXsG/softhsm2-test-root-CA-trusted-certificate-0001.conf 767s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-fyAXsG/softhsm2-test-root-CA-trusted-certificate-0001.conf 767s ++ basename /tmp/sssd-softhsm2-fyAXsG/softhsm2-test-root-CA-trusted-certificate-0001.conf .conf 767s + tokens_dir=/tmp/sssd-softhsm2-fyAXsG/softhsm2-test-root-CA-trusted-certificate-0001 767s + token_name='Test Organization Root Tr Token' 767s + '[' '!' -e /tmp/sssd-softhsm2-fyAXsG/softhsm2-test-root-CA-trusted-certificate-0001.conf ']' 767s + '[' '!' -d /tmp/sssd-softhsm2-fyAXsG/softhsm2-test-root-CA-trusted-certificate-0001 ']' 767s + echo 'Test Organization Root Tr Token' 767s Test Organization Root Tr Token 767s + '[' -n partial_chain ']' 767s + local verify_arg=--verify=partial_chain 767s + local output_base_name=SSSD-child-8115 767s + local output_file=/tmp/sssd-softhsm2-fyAXsG/SSSD-child-8115.output 767s + output_cert_file=/tmp/sssd-softhsm2-fyAXsG/SSSD-child-8115.pem 767s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so --verify=partial_chain --ca_db=/tmp/sssd-softhsm2-fyAXsG/test-full-chain-CA.pem 767s [p11_child[2260]] [main] (0x0400): p11_child started. 767s [p11_child[2260]] [main] (0x2000): Running in [pre-auth] mode. 767s [p11_child[2260]] [main] (0x2000): Running with effective IDs: [0][0]. 767s [p11_child[2260]] [main] (0x2000): Running with real IDs [0][0]. 767s [p11_child[2260]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 767s [p11_child[2260]] [do_card] (0x4000): Module List: 767s [p11_child[2260]] [do_card] (0x4000): common name: [softhsm2]. 767s [p11_child[2260]] [do_card] (0x4000): dll name: [/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 767s [p11_child[2260]] [do_card] (0x4000): Description [SoftHSM slot ID 0x343e3593] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 767s [p11_child[2260]] [do_card] (0x4000): Token label [Test Organization Root Tr Token]. 767s [p11_child[2260]] [do_card] (0x4000): Found [Test Organization Root Tr Token] in slot [SoftHSM slot ID 0x343e3593][876492179] of module [0][/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 767s [p11_child[2260]] [do_card] (0x4000): Login NOT required. 767s [p11_child[2260]] [read_certs] (0x4000): found cert[Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] 767s [p11_child[2260]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 767s [p11_child[2260]] [do_card] (0x4000): /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so (null) Test Organization Root Tr Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 767s [p11_child[2260]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x343e3593;slot-manufacturer=SoftHSM%20project;slot-id=876492179;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=094ae40ab43e3593;token=Test%20Organization%20Root%20Tr%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Root%20Trusted%20Certificate%200001;type=cert. 767s [p11_child[2260]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 767s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-fyAXsG/SSSD-child-8115.output 767s + echo '-----BEGIN CERTIFICATE-----' 767s + tail -n1 /tmp/sssd-softhsm2-fyAXsG/SSSD-child-8115.output 767s + echo '-----END CERTIFICATE-----' 767s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-fyAXsG/SSSD-child-8115.pem 767s Certificate: 767s Data: 767s Version: 3 (0x2) 767s Serial Number: 3 (0x3) 767s Signature Algorithm: sha256WithRSAEncryption 767s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root CA 767s Validity 767s Not Before: Mar 21 21:55:26 2024 GMT 767s Not After : Mar 21 21:55:26 2025 GMT 767s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root Trusted Certificate 0001 767s Subject Public Key Info: 767s Public Key Algorithm: rsaEncryption 767s Public-Key: (1024 bit) 767s Modulus: 767s 00:df:5d:53:82:34:fe:00:14:6b:23:24:d9:fa:54: 767s 3d:92:23:ae:76:ae:3c:4a:d5:e2:6a:d4:3d:67:e7: 767s cd:2e:4e:9e:0a:03:1d:94:89:58:30:40:62:4e:14: 767s 5c:5a:20:15:98:8e:4b:8f:b0:ae:4b:e5:e1:8a:15: 767s 7c:ec:88:7f:25:1a:f4:01:6b:9a:6a:f2:0b:f6:ca: 767s c9:a3:fb:ef:83:29:7a:a7:c6:00:2b:a7:72:cc:72: 767s ad:89:dd:c8:db:ae:35:bc:8c:e0:d4:81:2c:ee:73: 767s 46:68:98:ba:12:b6:65:cf:ba:b4:cb:9d:c0:90:53: 767s 9d:3e:b8:69:32:7f:9b:af:49 767s Exponent: 65537 (0x10001) 767s X509v3 extensions: 767s X509v3 Authority Key Identifier: 767s 24:63:69:18:38:08:1F:9F:D2:60:2E:4D:CA:F2:60:E7:77:D4:0A:8F 767s X509v3 Basic Constraints: 767s CA:FALSE 767s Netscape Cert Type: 767s SSL Client, S/MIME 767s Netscape Comment: 767s Test Organization Root CA trusted Certificate 767s X509v3 Subject Key Identifier: 767s 1B:03:51:57:DF:42:91:F4:2B:6A:D9:5F:EC:37:F0:88:AA:A7:08:12 767s X509v3 Key Usage: critical 767s Digital Signature, Non Repudiation, Key Encipherment 767s X509v3 Extended Key Usage: 767s TLS Web Client Authentication, E-mail Protection 767s X509v3 Subject Alternative Name: 767s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 767s Signature Algorithm: sha256WithRSAEncryption 767s Signature Value: 767s 52:04:8b:fe:06:ae:11:d8:4e:40:6e:84:8a:95:0c:f5:79:f7: 767s 54:50:89:59:30:e2:6d:5a:c5:79:8c:f3:58:16:7b:c1:b8:95: 767s 7e:da:23:42:da:55:1c:9f:97:9a:bd:8f:e8:09:d3:8e:b5:5f: 767s 69:4d:e4:89:98:28:92:a7:92:32:47:4a:8c:91:23:4a:18:e8: 767s 30:a8:dd:d8:22:9b:ea:6c:43:b1:b5:77:c4:e4:24:62:2d:6d: 767s 6c:b0:97:42:0f:10:84:d6:a7:81:31:80:63:a5:91:be:02:f6: 767s fc:5e:e1:ae:03:9b:43:ed:b2:c4:26:af:17:a9:8c:e3:74:77: 767s 90:fb 767s + local found_md5 expected_md5 767s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-fyAXsG/test-root-CA-trusted-certificate-0001.pem 767s + expected_md5=Modulus=DF5D538234FE00146B2324D9FA543D9223AE76AE3C4AD5E26AD43D67E7CD2E4E9E0A031D9489583040624E145C5A2015988E4B8FB0AE4BE5E18A157CEC887F251AF4016B9A6AF20BF6CAC9A3FBEF83297AA7C6002BA772CC72AD89DDC8DBAE35BC8CE0D4812CEE73466898BA12B665CFBAB4CB9DC090539D3EB869327F9BAF49 767s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-fyAXsG/SSSD-child-8115.pem 767s + found_md5=Modulus=DF5D538234FE00146B2324D9FA543D9223AE76AE3C4AD5E26AD43D67E7CD2E4E9E0A031D9489583040624E145C5A2015988E4B8FB0AE4BE5E18A157CEC887F251AF4016B9A6AF20BF6CAC9A3FBEF83297AA7C6002BA772CC72AD89DDC8DBAE35BC8CE0D4812CEE73466898BA12B665CFBAB4CB9DC090539D3EB869327F9BAF49 767s + '[' Modulus=DF5D538234FE00146B2324D9FA543D9223AE76AE3C4AD5E26AD43D67E7CD2E4E9E0A031D9489583040624E145C5A2015988E4B8FB0AE4BE5E18A157CEC887F251AF4016B9A6AF20BF6CAC9A3FBEF83297AA7C6002BA772CC72AD89DDC8DBAE35BC8CE0D4812CEE73466898BA12B665CFBAB4CB9DC090539D3EB869327F9BAF49 '!=' Modulus=DF5D538234FE00146B2324D9FA543D9223AE76AE3C4AD5E26AD43D67E7CD2E4E9E0A031D9489583040624E145C5A2015988E4B8FB0AE4BE5E18A157CEC887F251AF4016B9A6AF20BF6CAC9A3FBEF83297AA7C6002BA772CC72AD89DDC8DBAE35BC8CE0D4812CEE73466898BA12B665CFBAB4CB9DC090539D3EB869327F9BAF49 ']' 767s + output_file=/tmp/sssd-softhsm2-fyAXsG/SSSD-child-8115-auth.output 767s ++ basename /tmp/sssd-softhsm2-fyAXsG/SSSD-child-8115-auth.output .output 767s + output_cert_file=/tmp/sssd-softhsm2-fyAXsG/SSSD-child-8115-auth.pem 767s + echo -n 053350 767s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/tmp/sssd-softhsm2-fyAXsG/test-full-chain-CA.pem --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 --verify=partial_chain --token_name 'Test Organization Root Tr Token' --module_name /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so 767s [p11_child[2268]] [main] (0x0400): p11_child started. 767s [p11_child[2268]] [main] (0x2000): Running in [auth] mode. 767s [p11_child[2268]] [main] (0x2000): Running with effective IDs: [0][0]. 767s [p11_child[2268]] [main] (0x2000): Running with real IDs [0][0]. 767s [p11_child[2268]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 767s [p11_child[2268]] [do_card] (0x4000): Module List: 767s [p11_child[2268]] [do_card] (0x4000): common name: [softhsm2]. 767s [p11_child[2268]] [do_card] (0x4000): dll name: [/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 767s [p11_child[2268]] [do_card] (0x4000): Description [SoftHSM slot ID 0x343e3593] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 767s [p11_child[2268]] [do_card] (0x4000): Token label [Test Organization Root Tr Token]. 767s [p11_child[2268]] [do_card] (0x4000): Found [Test Organization Root Tr Token] in slot [SoftHSM slot ID 0x343e3593][876492179] of module [0][/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 767s [p11_child[2268]] [do_card] (0x4000): Login required. 767s [p11_child[2268]] [read_certs] (0x4000): found cert[Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] 767s [p11_child[2268]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 767s [p11_child[2268]] [do_card] (0x4000): /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so Test Organization Root Tr Token Test Organization Root Tr Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 767s [p11_child[2268]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x343e3593;slot-manufacturer=SoftHSM%20project;slot-id=876492179;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=094ae40ab43e3593;token=Test%20Organization%20Root%20Tr%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Root%20Trusted%20Certificate%200001;type=cert. 767s [p11_child[2268]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 767s [p11_child[2268]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 767s [p11_child[2268]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 767s [p11_child[2268]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 767s [p11_child[2268]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 767s [p11_child[2268]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 767s [p11_child[2268]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 767s [p11_child[2268]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 767s [p11_child[2268]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 767s [p11_child[2268]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 767s [p11_child[2268]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 767s [p11_child[2268]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 767s [p11_child[2268]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 767s [p11_child[2268]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 767s [p11_child[2268]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 767s [p11_child[2268]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 767s [p11_child[2268]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 767s [p11_child[2268]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 767s [p11_child[2268]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 767s [p11_child[2268]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 767s [p11_child[2268]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 767s [p11_child[2268]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 767s [p11_child[2268]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 767s [p11_child[2268]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 767s [p11_child[2268]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 767s [p11_child[2268]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 767s [p11_child[2268]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 767s [p11_child[2268]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 767s [p11_child[2268]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 767s [p11_child[2268]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 767s [p11_child[2268]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 767s [p11_child[2268]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 767s [p11_child[2268]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 767s [p11_child[2268]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 767s [p11_child[2268]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 767s [p11_child[2268]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 767s [p11_child[2268]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 767s [p11_child[2268]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 767s [p11_child[2268]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 767s [p11_child[2268]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 767s [p11_child[2268]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 767s [p11_child[2268]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 767s [p11_child[2268]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 767s [p11_child[2268]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 767s [p11_child[2268]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 767s [p11_child[2268]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 767s [p11_child[2268]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 767s [p11_child[2268]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 767s [p11_child[2268]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 767s [p11_child[2268]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 767s [p11_child[2268]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 767s [p11_child[2268]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 767s [p11_child[2268]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 767s [p11_child[2268]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 767s [p11_child[2268]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 767s [p11_child[2268]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 767s [p11_child[2268]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 767s [p11_child[2268]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 767s [p11_child[2268]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 767s [p11_child[2268]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 767s [p11_child[2268]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 767s [p11_child[2268]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 767s [p11_child[2268]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 767s [p11_child[2268]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 767s [p11_child[2268]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 767s [p11_child[2268]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 767s [p11_child[2268]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 767s [p11_child[2268]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 767s [p11_child[2268]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 767s [p11_child[2268]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 767s [p11_child[2268]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 767s [p11_child[2268]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 767s [p11_child[2268]] [do_card] (0x4000): Certificate verified and validated. 767s [p11_child[2268]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 767s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-fyAXsG/SSSD-child-8115-auth.output 767s + echo '-----BEGIN CERTIFICATE-----' 767s + tail -n1 /tmp/sssd-softhsm2-fyAXsG/SSSD-child-8115-auth.output 767s + echo '-----END CERTIFICATE-----' 767s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-fyAXsG/SSSD-child-8115-auth.pem 767s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-fyAXsG/SSSD-child-8115-auth.pem 767s Certificate: 767s Data: 767s Version: 3 (0x2) 767s Serial Number: 3 (0x3) 767s Signature Algorithm: sha256WithRSAEncryption 767s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root CA 767s Validity 767s Not Before: Mar 21 21:55:26 2024 GMT 767s Not After : Mar 21 21:55:26 2025 GMT 767s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root Trusted Certificate 0001 767s Subject Public Key Info: 767s Public Key Algorithm: rsaEncryption 767s Public-Key: (1024 bit) 767s Modulus: 767s 00:df:5d:53:82:34:fe:00:14:6b:23:24:d9:fa:54: 767s 3d:92:23:ae:76:ae:3c:4a:d5:e2:6a:d4:3d:67:e7: 767s cd:2e:4e:9e:0a:03:1d:94:89:58:30:40:62:4e:14: 767s 5c:5a:20:15:98:8e:4b:8f:b0:ae:4b:e5:e1:8a:15: 767s 7c:ec:88:7f:25:1a:f4:01:6b:9a:6a:f2:0b:f6:ca: 767s c9:a3:fb:ef:83:29:7a:a7:c6:00:2b:a7:72:cc:72: 767s ad:89:dd:c8:db:ae:35:bc:8c:e0:d4:81:2c:ee:73: 767s 46:68:98:ba:12:b6:65:cf:ba:b4:cb:9d:c0:90:53: 767s 9d:3e:b8:69:32:7f:9b:af:49 767s Exponent: 65537 (0x10001) 767s X509v3 extensions: 767s X509v3 Authority Key Identifier: 767s 24:63:69:18:38:08:1F:9F:D2:60:2E:4D:CA:F2:60:E7:77:D4:0A:8F 767s X509v3 Basic Constraints: 767s CA:FALSE 767s Netscape Cert Type: 767s SSL Client, S/MIME 767s Netscape Comment: 767s Test Organization Root CA trusted Certificate 767s X509v3 Subject Key Identifier: 767s 1B:03:51:57:DF:42:91:F4:2B:6A:D9:5F:EC:37:F0:88:AA:A7:08:12 767s X509v3 Key Usage: critical 767s Digital Signature, Non Repudiation, Key Encipherment 767s X509v3 Extended Key Usage: 767s TLS Web Client Authentication, E-mail Protection 767s X509v3 Subject Alternative Name: 767s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 767s Signature Algorithm: sha256WithRSAEncryption 767s Signature Value: 767s 52:04:8b:fe:06:ae:11:d8:4e:40:6e:84:8a:95:0c:f5:79:f7: 767s 54:50:89:59:30:e2:6d:5a:c5:79:8c:f3:58:16:7b:c1:b8:95: 767s 7e:da:23:42:da:55:1c:9f:97:9a:bd:8f:e8:09:d3:8e:b5:5f: 767s 69:4d:e4:89:98:28:92:a7:92:32:47:4a:8c:91:23:4a:18:e8: 767s 30:a8:dd:d8:22:9b:ea:6c:43:b1:b5:77:c4:e4:24:62:2d:6d: 767s 6c:b0:97:42:0f:10:84:d6:a7:81:31:80:63:a5:91:be:02:f6: 767s fc:5e:e1:ae:03:9b:43:ed:b2:c4:26:af:17:a9:8c:e3:74:77: 767s 90:fb 767s + found_md5=Modulus=DF5D538234FE00146B2324D9FA543D9223AE76AE3C4AD5E26AD43D67E7CD2E4E9E0A031D9489583040624E145C5A2015988E4B8FB0AE4BE5E18A157CEC887F251AF4016B9A6AF20BF6CAC9A3FBEF83297AA7C6002BA772CC72AD89DDC8DBAE35BC8CE0D4812CEE73466898BA12B665CFBAB4CB9DC090539D3EB869327F9BAF49 767s + '[' Modulus=DF5D538234FE00146B2324D9FA543D9223AE76AE3C4AD5E26AD43D67E7CD2E4E9E0A031D9489583040624E145C5A2015988E4B8FB0AE4BE5E18A157CEC887F251AF4016B9A6AF20BF6CAC9A3FBEF83297AA7C6002BA772CC72AD89DDC8DBAE35BC8CE0D4812CEE73466898BA12B665CFBAB4CB9DC090539D3EB869327F9BAF49 '!=' Modulus=DF5D538234FE00146B2324D9FA543D9223AE76AE3C4AD5E26AD43D67E7CD2E4E9E0A031D9489583040624E145C5A2015988E4B8FB0AE4BE5E18A157CEC887F251AF4016B9A6AF20BF6CAC9A3FBEF83297AA7C6002BA772CC72AD89DDC8DBAE35BC8CE0D4812CEE73466898BA12B665CFBAB4CB9DC090539D3EB869327F9BAF49 ']' 767s + invalid_certificate /tmp/sssd-softhsm2-fyAXsG/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-4662 /tmp/sssd-softhsm2-fyAXsG/test-intermediate-CA.pem 767s + check_certificate /tmp/sssd-softhsm2-fyAXsG/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-4662 /tmp/sssd-softhsm2-fyAXsG/test-intermediate-CA.pem 767s + local certificate=/tmp/sssd-softhsm2-fyAXsG/test-root-CA-trusted-certificate-0001.pem 767s + local key_pass=pass:random-root-ca-trusted-cert-0001-4662 767s + local key_ring=/tmp/sssd-softhsm2-fyAXsG/test-intermediate-CA.pem 767s + local verify_option= 767s + prepare_softhsm2_card /tmp/sssd-softhsm2-fyAXsG/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-4662 767s + local certificate=/tmp/sssd-softhsm2-fyAXsG/test-root-CA-trusted-certificate-0001.pem 767s + local key_pass=pass:random-root-ca-trusted-cert-0001-4662 767s + local key_cn 767s + local key_name 767s + local tokens_dir 767s + local output_cert_file 767s + token_name= 767s ++ basename /tmp/sssd-softhsm2-fyAXsG/test-root-CA-trusted-certificate-0001.pem .pem 767s + key_name=test-root-CA-trusted-certificate-0001 767s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-fyAXsG/test-root-CA-trusted-certificate-0001.pem 767s ++ sed -n 's/ *commonName *= //p' 767s + key_cn='Test Organization Root Trusted Certificate 0001' 767s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 767s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-fyAXsG/softhsm2-test-root-CA-trusted-certificate-0001.conf 767s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-fyAXsG/softhsm2-test-root-CA-trusted-certificate-0001.conf 767s ++ basename /tmp/sssd-softhsm2-fyAXsG/softhsm2-test-root-CA-trusted-certificate-0001.conf .conf 767s + tokens_dir=/tmp/sssd-softhsm2-fyAXsG/softhsm2-test-root-CA-trusted-certificate-0001 767s + token_name='Test Organization Root Tr Token' 767s + '[' '!' -e /tmp/sssd-softhsm2-fyAXsG/softhsm2-test-root-CA-trusted-certificate-0001.conf ']' 767s + '[' '!' -d /tmp/sssd-softhsm2-fyAXsG/softhsm2-test-root-CA-trusted-certificate-0001 ']' 767s + echo 'Test Organization Root Tr Token' 767s Test Organization Root Tr Token 767s + '[' -n '' ']' 767s + local output_base_name=SSSD-child-21389 767s + local output_file=/tmp/sssd-softhsm2-fyAXsG/SSSD-child-21389.output 767s + output_cert_file=/tmp/sssd-softhsm2-fyAXsG/SSSD-child-21389.pem 767s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so '' --ca_db=/tmp/sssd-softhsm2-fyAXsG/test-intermediate-CA.pem 767s [p11_child[2279]] [main] (0x0400): p11_child started. 767s [p11_child[2279]] [main] (0x2000): Running in [pre-auth] mode. 767s [p11_child[2279]] [main] (0x2000): Running with effective IDs: [0][0]. 767s [p11_child[2279]] [main] (0x2000): Running with real IDs [0][0]. 767s [p11_child[2279]] [do_card] (0x4000): Module List: 767s [p11_child[2279]] [do_card] (0x4000): common name: [softhsm2]. 767s [p11_child[2279]] [do_card] (0x4000): dll name: [/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 767s [p11_child[2279]] [do_card] (0x4000): Description [SoftHSM slot ID 0x343e3593] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 767s [p11_child[2279]] [do_card] (0x4000): Token label [Test Organization Root Tr Token]. 767s [p11_child[2279]] [do_card] (0x4000): Found [Test Organization Root Tr Token] in slot [SoftHSM slot ID 0x343e3593][876492179] of module [0][/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 767s [p11_child[2279]] [do_card] (0x4000): Login NOT required. 767s [p11_child[2279]] [read_certs] (0x4000): found cert[Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] 767s [p11_child[2279]] [do_verification] (0x0040): X509_verify_cert failed [0]. 767s [p11_child[2279]] [do_verification] (0x0040): X509_verify_cert failed [20][unable to get local issuer certificate]. 767s [p11_child[2279]] [read_certs] (0x0040): Certificate [Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] not valid, skipping. 767s [p11_child[2279]] [do_card] (0x4000): No certificate found. 767s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-fyAXsG/SSSD-child-21389.output 767s + return 2 767s + invalid_certificate /tmp/sssd-softhsm2-fyAXsG/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-4662 /tmp/sssd-softhsm2-fyAXsG/test-intermediate-CA.pem partial_chain 767s + check_certificate /tmp/sssd-softhsm2-fyAXsG/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-4662 /tmp/sssd-softhsm2-fyAXsG/test-intermediate-CA.pem partial_chain 767s + local certificate=/tmp/sssd-softhsm2-fyAXsG/test-root-CA-trusted-certificate-0001.pem 767s + local key_pass=pass:random-root-ca-trusted-cert-0001-4662 767s + local key_ring=/tmp/sssd-softhsm2-fyAXsG/test-intermediate-CA.pem 767s + local verify_option=partial_chain 767s + prepare_softhsm2_card /tmp/sssd-softhsm2-fyAXsG/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-4662 767s + local certificate=/tmp/sssd-softhsm2-fyAXsG/test-root-CA-trusted-certificate-0001.pem 767s + local key_pass=pass:random-root-ca-trusted-cert-0001-4662 767s + local key_cn 767s + local key_name 767s + local tokens_dir 767s + local output_cert_file 767s + token_name= 767s ++ basename /tmp/sssd-softhsm2-fyAXsG/test-root-CA-trusted-certificate-0001.pem .pem 767s + key_name=test-root-CA-trusted-certificate-0001 767s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-fyAXsG/test-root-CA-trusted-certificate-0001.pem 767s ++ sed -n 's/ *commonName *= //p' 767s + key_cn='Test Organization Root Trusted Certificate 0001' 767s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 767s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-fyAXsG/softhsm2-test-root-CA-trusted-certificate-0001.conf 767s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-fyAXsG/softhsm2-test-root-CA-trusted-certificate-0001.conf 767s ++ basename /tmp/sssd-softhsm2-fyAXsG/softhsm2-test-root-CA-trusted-certificate-0001.conf .conf 767s + tokens_dir=/tmp/sssd-softhsm2-fyAXsG/softhsm2-test-root-CA-trusted-certificate-0001 767s + token_name='Test Organization Root Tr Token' 767s + '[' '!' -e /tmp/sssd-softhsm2-fyAXsG/softhsm2-test-root-CA-trusted-certificate-0001.conf ']' 767s + '[' '!' -d /tmp/sssd-softhsm2-fyAXsG/softhsm2-test-root-CA-trusted-certificate-0001 ']' 767s Test Organization Root Tr Token 767s + echo 'Test Organization Root Tr Token' 767s + '[' -n partial_chain ']' 767s + local verify_arg=--verify=partial_chain 767s + local output_base_name=SSSD-child-1295 767s + local output_file=/tmp/sssd-softhsm2-fyAXsG/SSSD-child-1295.output 767s + output_cert_file=/tmp/sssd-softhsm2-fyAXsG/SSSD-child-1295.pem 767s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so --verify=partial_chain --ca_db=/tmp/sssd-softhsm2-fyAXsG/test-intermediate-CA.pem 767s [p11_child[2296]] [main] (0x0400): p11_child started. 767s [p11_child[2296]] [main] (0x2000): Running in [pre-auth] mode. 767s [p11_child[2296]] [main] (0x2000): Running with effective IDs: [0][0]. 767s [p11_child[2296]] [main] (0x2000): Running with real IDs [0][0]. 767s [p11_child[2296]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 767s [p11_child[2296]] [do_card] (0x4000): Module List: 767s [p11_child[2296]] [do_card] (0x4000): common name: [softhsm2]. 767s [p11_child[2296]] [do_card] (0x4000): dll name: [/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 767s [p11_child[2296]] [do_card] (0x4000): Description [SoftHSM slot ID 0x343e3593] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 767s [p11_child[2296]] [do_card] (0x4000): Token label [Test Organization Root Tr Token]. 767s [p11_child[2296]] [do_card] (0x4000): Found [Test Organization Root Tr Token] in slot [SoftHSM slot ID 0x343e3593][876492179] of module [0][/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 767s [p11_child[2296]] [do_card] (0x4000): Login NOT required. 767s [p11_child[2296]] [read_certs] (0x4000): found cert[Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] 767s [p11_child[2296]] [do_verification] (0x0040): X509_verify_cert failed [0]. 767s [p11_child[2296]] [do_verification] (0x0040): X509_verify_cert failed [20][unable to get local issuer certificate]. 767s [p11_child[2296]] [read_certs] (0x0040): Certificate [Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] not valid, skipping. 767s [p11_child[2296]] [do_card] (0x4000): No certificate found. 767s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-fyAXsG/SSSD-child-1295.output 767s + return 2 767s + invalid_certificate /tmp/sssd-softhsm2-fyAXsG/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-23488 /dev/null 767s + check_certificate /tmp/sssd-softhsm2-fyAXsG/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-23488 /dev/null 767s + local certificate=/tmp/sssd-softhsm2-fyAXsG/test-intermediate-CA-trusted-certificate-0001.pem 767s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-23488 767s + local key_ring=/dev/null 767s + local verify_option= 767s + prepare_softhsm2_card /tmp/sssd-softhsm2-fyAXsG/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-23488 767s + local certificate=/tmp/sssd-softhsm2-fyAXsG/test-intermediate-CA-trusted-certificate-0001.pem 767s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-23488 767s + local key_cn 767s + local key_name 767s + local tokens_dir 767s + local output_cert_file 767s + token_name= 767s ++ basename /tmp/sssd-softhsm2-fyAXsG/test-intermediate-CA-trusted-certificate-0001.pem .pem 767s + key_name=test-intermediate-CA-trusted-certificate-0001 767s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-fyAXsG/test-intermediate-CA-trusted-certificate-0001.pem 767s ++ sed -n 's/ *commonName *= //p' 767s + key_cn='Test Organization Intermediate Trusted Certificate 0001' 767s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 767s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-fyAXsG/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 767s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-fyAXsG/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 767s ++ basename /tmp/sssd-softhsm2-fyAXsG/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf .conf 767s + tokens_dir=/tmp/sssd-softhsm2-fyAXsG/softhsm2-test-intermediate-CA-trusted-certificate-0001 767s + token_name='Test Organization Interme Token' 767s + '[' '!' -e /tmp/sssd-softhsm2-fyAXsG/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf ']' 767s + local key_file 767s + local decrypted_key 767s + mkdir -p /tmp/sssd-softhsm2-fyAXsG/softhsm2-test-intermediate-CA-trusted-certificate-0001 767s + key_file=/tmp/sssd-softhsm2-fyAXsG/test-intermediate-CA-trusted-certificate-0001-key.pem 767s + decrypted_key=/tmp/sssd-softhsm2-fyAXsG/test-intermediate-CA-trusted-certificate-0001-key-decrypted.pem 767s + cat 767s + softhsm2-util --init-token --label 'Test Organization Interme Token' --pin 053350 --so-pin 053350 --free 767s Slot 0 has a free/uninitialized token. 767s The token has been initialized and is reassigned to slot 1911229832 767s + softhsm2-util --show-slots 767s Available slots: 767s Slot 1911229832 767s Slot info: 767s Description: SoftHSM slot ID 0x71eb0d88 767s Manufacturer ID: SoftHSM project 767s Hardware version: 2.6 767s Firmware version: 2.6 767s Token present: yes 767s Token info: 767s Manufacturer ID: SoftHSM project 767s Model: SoftHSM v2 767s Hardware version: 2.6 767s Firmware version: 2.6 767s Serial number: 8b2a7ff871eb0d88 767s Initialized: yes 767s User PIN init.: yes 767s Label: Test Organization Interme Token 767s Slot 1 767s Slot info: 767s Description: SoftHSM slot ID 0x1 767s Manufacturer ID: SoftHSM project 767s Hardware version: 2.6 767s Firmware version: 2.6 767s Token present: yes 767s Token info: 767s Manufacturer ID: SoftHSM project 767s Model: SoftHSM v2 767s Hardware version: 2.6 767s Firmware version: 2.6 767s Serial number: 767s Initialized: no 767s User PIN init.: no 767s Label: 767s + p11tool --provider=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so --write --no-mark-private --load-certificate=/tmp/sssd-softhsm2-fyAXsG/test-intermediate-CA-trusted-certificate-0001.pem --login --set-pin=053350 --label 'Test Organization Intermediate Trusted Certificate 0001' --id 00112233445566778899FFAABBCCDDEEFF012345 767s + openssl rsa -passin pass:random-intermediate-ca-trusted-cert-0001-23488 -in /tmp/sssd-softhsm2-fyAXsG/test-intermediate-CA-trusted-certificate-0001-key.pem -out /tmp/sssd-softhsm2-fyAXsG/test-intermediate-CA-trusted-certificate-0001-key-decrypted.pem 767s writing RSA key 767s + p11tool --provider=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so --write --load-privkey=/tmp/sssd-softhsm2-fyAXsG/test-intermediate-CA-trusted-certificate-0001-key-decrypted.pem --login --set-pin=053350 --label 'Test Organization Intermediate Trusted Certificate 0001 Key' --id 00112233445566778899FFAABBCCDDEEFF012345 767s + rm /tmp/sssd-softhsm2-fyAXsG/test-intermediate-CA-trusted-certificate-0001-key-decrypted.pem 767s + p11tool --provider=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so --list-all 767s Object 0: 767s URL: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=8b2a7ff871eb0d88;token=Test%20Organization%20Interme%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Intermediate%20Trusted%20Certificate%200001;type=cert 767s Type: X.509 Certificate (RSA-1024) 767s Expires: Fri Mar 21 21:55:26 2025 767s Label: Test Organization Intermediate Trusted Certificate 0001 767s ID: 00:11:22:33:44:55:66:77:88:99:ff:aa:bb:cc:dd:ee:ff:01:23:45 767s 767s Test Organization Interme Token 767s + echo 'Test Organization Interme Token' 767s + '[' -n '' ']' 767s + local output_base_name=SSSD-child-2374 767s + local output_file=/tmp/sssd-softhsm2-fyAXsG/SSSD-child-2374.output 767s + output_cert_file=/tmp/sssd-softhsm2-fyAXsG/SSSD-child-2374.pem 767s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so '' --ca_db=/dev/null 767s [p11_child[2312]] [main] (0x0400): p11_child started. 767s [p11_child[2312]] [main] (0x2000): Running in [pre-auth] mode. 767s [p11_child[2312]] [main] (0x2000): Running with effective IDs: [0][0]. 767s [p11_child[2312]] [main] (0x2000): Running with real IDs [0][0]. 767s [p11_child[2312]] [init_verification] (0x0040): X509_LOOKUP_load_file [/dev/null] failed [92274824][error:05800088:x509 certificate routines::no certificate or crl found]. 767s [p11_child[2312]] [do_work] (0x0040): init_verification failed. 767s [p11_child[2312]] [main] (0x0020): p11_child failed (5) 767s + return 2 767s + valid_certificate /tmp/sssd-softhsm2-fyAXsG/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-23488 /dev/null no_verification 767s + check_certificate /tmp/sssd-softhsm2-fyAXsG/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-23488 /dev/null no_verification 767s + local certificate=/tmp/sssd-softhsm2-fyAXsG/test-intermediate-CA-trusted-certificate-0001.pem 767s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-23488 767s + local key_ring=/dev/null 767s + local verify_option=no_verification 767s + prepare_softhsm2_card /tmp/sssd-softhsm2-fyAXsG/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-23488 767s + local certificate=/tmp/sssd-softhsm2-fyAXsG/test-intermediate-CA-trusted-certificate-0001.pem 767s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-23488 767s + local key_cn 767s + local key_name 767s + local tokens_dir 767s + local output_cert_file 767s + token_name= 767s ++ basename /tmp/sssd-softhsm2-fyAXsG/test-intermediate-CA-trusted-certificate-0001.pem .pem 767s + key_name=test-intermediate-CA-trusted-certificate-0001 767s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-fyAXsG/test-intermediate-CA-trusted-certificate-0001.pem 767s ++ sed -n 's/ *commonName *= //p' 767s + key_cn='Test Organization Intermediate Trusted Certificate 0001' 767s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 767s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-fyAXsG/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 767s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-fyAXsG/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 767s ++ basename /tmp/sssd-softhsm2-fyAXsG/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf .conf 767s + tokens_dir=/tmp/sssd-softhsm2-fyAXsG/softhsm2-test-intermediate-CA-trusted-certificate-0001 767s + token_name='Test Organization Interme Token' 767s Test Organization Interme Token 767s + '[' '!' -e /tmp/sssd-softhsm2-fyAXsG/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf ']' 767s + '[' '!' -d /tmp/sssd-softhsm2-fyAXsG/softhsm2-test-intermediate-CA-trusted-certificate-0001 ']' 767s + echo 'Test Organization Interme Token' 767s + '[' -n no_verification ']' 767s + local verify_arg=--verify=no_verification 767s + local output_base_name=SSSD-child-24111 767s + local output_file=/tmp/sssd-softhsm2-fyAXsG/SSSD-child-24111.output 767s + output_cert_file=/tmp/sssd-softhsm2-fyAXsG/SSSD-child-24111.pem 767s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so --verify=no_verification --ca_db=/dev/null 767s [p11_child[2318]] [main] (0x0400): p11_child started. 767s [p11_child[2318]] [main] (0x2000): Running in [pre-auth] mode. 767s [p11_child[2318]] [main] (0x2000): Running with effective IDs: [0][0]. 767s [p11_child[2318]] [main] (0x2000): Running with real IDs [0][0]. 767s [p11_child[2318]] [parse_cert_verify_opts] (0x0020): Found 'no_verification' option, disabling verification completely. This should not be used in production. 767s [p11_child[2318]] [do_card] (0x4000): Module List: 767s [p11_child[2318]] [do_card] (0x4000): common name: [softhsm2]. 767s [p11_child[2318]] [do_card] (0x4000): dll name: [/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 767s [p11_child[2318]] [do_card] (0x4000): Description [SoftHSM slot ID 0x71eb0d88] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 767s [p11_child[2318]] [do_card] (0x4000): Token label [Test Organization Interme Token]. 767s [p11_child[2318]] [do_card] (0x4000): Found [Test Organization Interme Token] in slot [SoftHSM slot ID 0x71eb0d88][1911229832] of module [0][/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 767s [p11_child[2318]] [do_card] (0x4000): Login NOT required. 767s [p11_child[2318]] [read_certs] (0x4000): found cert[Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] 767s [p11_child[2318]] [do_card] (0x4000): /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so (null) Test Organization Interme Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 767s [p11_child[2318]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x71eb0d88;slot-manufacturer=SoftHSM%20project;slot-id=1911229832;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=8b2a7ff871eb0d88;token=Test%20Organization%20Interme%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Intermediate%20Trusted%20Certificate%200001;type=cert. 767s [p11_child[2318]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 767s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-fyAXsG/SSSD-child-24111.output 767s + echo '-----BEGIN CERTIFICATE-----' 767s + tail -n1 /tmp/sssd-softhsm2-fyAXsG/SSSD-child-24111.output 767s + echo '-----END CERTIFICATE-----' 767s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-fyAXsG/SSSD-child-24111.pem 768s Certificate: 768s Data: 768s Version: 3 (0x2) 768s Serial Number: 4 (0x4) 768s Signature Algorithm: sha256WithRSAEncryption 768s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate CA 768s Validity 768s Not Before: Mar 21 21:55:26 2024 GMT 768s Not After : Mar 21 21:55:26 2025 GMT 768s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate Trusted Certificate 0001 768s Subject Public Key Info: 768s Public Key Algorithm: rsaEncryption 768s Public-Key: (1024 bit) 768s Modulus: 768s 00:c0:c1:b4:d2:3b:b9:a3:e0:8e:e2:c2:77:85:cb: 768s a7:74:89:eb:92:b7:8c:64:6f:25:09:f9:2d:12:27: 768s ee:cb:30:47:86:a0:96:f9:0a:cd:f0:42:a8:b3:2d: 768s b8:25:26:af:99:3c:d5:f6:10:09:16:33:6c:e7:aa: 768s 22:18:25:2e:47:67:b1:66:1f:ca:22:cc:a4:14:ad: 768s b3:f8:c8:50:3f:e6:00:ba:17:fa:85:28:a1:e2:09: 768s 48:6f:cd:28:d2:36:7b:af:c6:8e:a7:b4:89:3d:1f: 768s 33:67:cd:59:dc:54:72:f9:01:ab:de:9e:ee:c5:ec: 768s 85:98:7c:bc:b6:cc:85:be:13 768s Exponent: 65537 (0x10001) 768s X509v3 extensions: 768s X509v3 Authority Key Identifier: 768s 97:F3:B8:6C:25:BD:D3:59:98:5F:85:82:8B:48:C0:97:0F:6C:2F:CC 768s X509v3 Basic Constraints: 768s CA:FALSE 768s Netscape Cert Type: 768s SSL Client, S/MIME 768s Netscape Comment: 768s Test Organization Intermediate CA trusted Certificate 768s X509v3 Subject Key Identifier: 768s E2:78:63:1E:E4:60:11:C6:5F:C8:12:DF:6F:EA:B2:BC:19:28:EF:02 768s X509v3 Key Usage: critical 768s Digital Signature, Non Repudiation, Key Encipherment 768s X509v3 Extended Key Usage: 768s TLS Web Client Authentication, E-mail Protection 768s X509v3 Subject Alternative Name: 768s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 768s Signature Algorithm: sha256WithRSAEncryption 768s Signature Value: 768s 12:a3:7b:ff:b3:b1:89:98:6b:1c:e3:ae:60:b6:04:e4:0f:5b: 768s 32:9a:82:bf:7d:f4:70:a3:99:b7:df:e3:38:fa:35:40:e2:60: 768s c3:1b:62:03:af:ef:aa:9c:14:92:32:9e:15:7b:6b:07:15:58: 768s f7:d9:77:d2:49:c9:1a:4c:21:da:ca:61:93:8b:ef:d2:6e:0f: 768s 3f:9f:fe:fe:65:ca:76:d1:f3:ab:ec:73:16:b5:82:c6:db:a4: 768s f2:be:a0:0a:1b:cb:43:ff:22:78:b6:55:3a:7d:d0:9e:57:b0: 768s 10:86:b3:6b:1b:47:f6:81:1c:07:5f:af:11:59:b3:b3:df:78: 768s 1e:ec 768s + local found_md5 expected_md5 768s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-fyAXsG/test-intermediate-CA-trusted-certificate-0001.pem 768s + expected_md5=Modulus=C0C1B4D23BB9A3E08EE2C27785CBA77489EB92B78C646F2509F92D1227EECB304786A096F90ACDF042A8B32DB82526AF993CD5F6100916336CE7AA2218252E4767B1661FCA22CCA414ADB3F8C8503FE600BA17FA8528A1E209486FCD28D2367BAFC68EA7B4893D1F3367CD59DC5472F901ABDE9EEEC5EC85987CBCB6CC85BE13 768s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-fyAXsG/SSSD-child-24111.pem 768s + found_md5=Modulus=C0C1B4D23BB9A3E08EE2C27785CBA77489EB92B78C646F2509F92D1227EECB304786A096F90ACDF042A8B32DB82526AF993CD5F6100916336CE7AA2218252E4767B1661FCA22CCA414ADB3F8C8503FE600BA17FA8528A1E209486FCD28D2367BAFC68EA7B4893D1F3367CD59DC5472F901ABDE9EEEC5EC85987CBCB6CC85BE13 768s + '[' Modulus=C0C1B4D23BB9A3E08EE2C27785CBA77489EB92B78C646F2509F92D1227EECB304786A096F90ACDF042A8B32DB82526AF993CD5F6100916336CE7AA2218252E4767B1661FCA22CCA414ADB3F8C8503FE600BA17FA8528A1E209486FCD28D2367BAFC68EA7B4893D1F3367CD59DC5472F901ABDE9EEEC5EC85987CBCB6CC85BE13 '!=' Modulus=C0C1B4D23BB9A3E08EE2C27785CBA77489EB92B78C646F2509F92D1227EECB304786A096F90ACDF042A8B32DB82526AF993CD5F6100916336CE7AA2218252E4767B1661FCA22CCA414ADB3F8C8503FE600BA17FA8528A1E209486FCD28D2367BAFC68EA7B4893D1F3367CD59DC5472F901ABDE9EEEC5EC85987CBCB6CC85BE13 ']' 768s + output_file=/tmp/sssd-softhsm2-fyAXsG/SSSD-child-24111-auth.output 768s ++ basename /tmp/sssd-softhsm2-fyAXsG/SSSD-child-24111-auth.output .output 768s + output_cert_file=/tmp/sssd-softhsm2-fyAXsG/SSSD-child-24111-auth.pem 768s + echo -n 053350 768s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/dev/null --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 --verify=no_verification --token_name 'Test Organization Interme Token' --module_name /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so 768s [p11_child[2326]] [main] (0x0400): p11_child started. 768s [p11_child[2326]] [main] (0x2000): Running in [auth] mode. 768s [p11_child[2326]] [main] (0x2000): Running with effective IDs: [0][0]. 768s [p11_child[2326]] [main] (0x2000): Running with real IDs [0][0]. 768s [p11_child[2326]] [parse_cert_verify_opts] (0x0020): Found 'no_verification' option, disabling verification completely. This should not be used in production. 768s [p11_child[2326]] [do_card] (0x4000): Module List: 768s [p11_child[2326]] [do_card] (0x4000): common name: [softhsm2]. 768s [p11_child[2326]] [do_card] (0x4000): dll name: [/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 768s [p11_child[2326]] [do_card] (0x4000): Description [SoftHSM slot ID 0x71eb0d88] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 768s [p11_child[2326]] [do_card] (0x4000): Token label [Test Organization Interme Token]. 768s [p11_child[2326]] [do_card] (0x4000): Found [Test Organization Interme Token] in slot [SoftHSM slot ID 0x71eb0d88][1911229832] of module [0][/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 768s [p11_child[2326]] [do_card] (0x4000): Login required. 768s [p11_child[2326]] [read_certs] (0x4000): found cert[Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] 768s [p11_child[2326]] [do_card] (0x4000): /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so Test Organization Interme Token Test Organization Interme Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 768s [p11_child[2326]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x71eb0d88;slot-manufacturer=SoftHSM%20project;slot-id=1911229832;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=8b2a7ff871eb0d88;token=Test%20Organization%20Interme%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Intermediate%20Trusted%20Certificate%200001;type=cert. 768s [p11_child[2326]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 768s [p11_child[2326]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 768s [p11_child[2326]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 768s [p11_child[2326]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 768s [p11_child[2326]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 768s [p11_child[2326]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 768s [p11_child[2326]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 768s [p11_child[2326]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 768s [p11_child[2326]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 768s [p11_child[2326]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 768s [p11_child[2326]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 768s [p11_child[2326]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 768s [p11_child[2326]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 768s [p11_child[2326]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 768s [p11_child[2326]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 768s [p11_child[2326]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 768s [p11_child[2326]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 768s [p11_child[2326]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 768s [p11_child[2326]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 768s [p11_child[2326]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 768s [p11_child[2326]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 768s [p11_child[2326]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 768s [p11_child[2326]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 768s [p11_child[2326]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 768s [p11_child[2326]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 768s [p11_child[2326]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 768s [p11_child[2326]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 768s [p11_child[2326]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 768s [p11_child[2326]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 768s [p11_child[2326]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 768s [p11_child[2326]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 768s [p11_child[2326]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 768s [p11_child[2326]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 768s [p11_child[2326]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 768s [p11_child[2326]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 768s [p11_child[2326]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 768s [p11_child[2326]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 768s [p11_child[2326]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 768s [p11_child[2326]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 768s [p11_child[2326]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 768s [p11_child[2326]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 768s [p11_child[2326]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 768s [p11_child[2326]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 768s [p11_child[2326]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 768s [p11_child[2326]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 768s [p11_child[2326]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 768s [p11_child[2326]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 768s [p11_child[2326]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 768s [p11_child[2326]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 768s [p11_child[2326]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 768s [p11_child[2326]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 768s [p11_child[2326]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 768s [p11_child[2326]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 768s [p11_child[2326]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 768s [p11_child[2326]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 768s [p11_child[2326]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 768s [p11_child[2326]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 768s [p11_child[2326]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 768s [p11_child[2326]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 768s [p11_child[2326]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 768s [p11_child[2326]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 768s [p11_child[2326]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 768s [p11_child[2326]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 768s [p11_child[2326]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 768s [p11_child[2326]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 768s [p11_child[2326]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 768s [p11_child[2326]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 768s [p11_child[2326]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 768s [p11_child[2326]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 768s [p11_child[2326]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 768s [p11_child[2326]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 768s [p11_child[2326]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 768s [p11_child[2326]] [do_card] (0x4000): Certificate verified and validated. 768s [p11_child[2326]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 768s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-fyAXsG/SSSD-child-24111-auth.output 768s + echo '-----BEGIN CERTIFICATE-----' 768s + tail -n1 /tmp/sssd-softhsm2-fyAXsG/SSSD-child-24111-auth.output 768s + echo '-----END CERTIFICATE-----' 768s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-fyAXsG/SSSD-child-24111-auth.pem 768s Certificate: 768s Data: 768s Version: 3 (0x2) 768s Serial Number: 4 (0x4) 768s Signature Algorithm: sha256WithRSAEncryption 768s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate CA 768s Validity 768s Not Before: Mar 21 21:55:26 2024 GMT 768s Not After : Mar 21 21:55:26 2025 GMT 768s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate Trusted Certificate 0001 768s Subject Public Key Info: 768s Public Key Algorithm: rsaEncryption 768s Public-Key: (1024 bit) 768s Modulus: 768s 00:c0:c1:b4:d2:3b:b9:a3:e0:8e:e2:c2:77:85:cb: 768s a7:74:89:eb:92:b7:8c:64:6f:25:09:f9:2d:12:27: 768s ee:cb:30:47:86:a0:96:f9:0a:cd:f0:42:a8:b3:2d: 768s b8:25:26:af:99:3c:d5:f6:10:09:16:33:6c:e7:aa: 768s 22:18:25:2e:47:67:b1:66:1f:ca:22:cc:a4:14:ad: 768s b3:f8:c8:50:3f:e6:00:ba:17:fa:85:28:a1:e2:09: 768s 48:6f:cd:28:d2:36:7b:af:c6:8e:a7:b4:89:3d:1f: 768s 33:67:cd:59:dc:54:72:f9:01:ab:de:9e:ee:c5:ec: 768s 85:98:7c:bc:b6:cc:85:be:13 768s Exponent: 65537 (0x10001) 768s X509v3 extensions: 768s X509v3 Authority Key Identifier: 768s 97:F3:B8:6C:25:BD:D3:59:98:5F:85:82:8B:48:C0:97:0F:6C:2F:CC 768s X509v3 Basic Constraints: 768s CA:FALSE 768s Netscape Cert Type: 768s SSL Client, S/MIME 768s Netscape Comment: 768s Test Organization Intermediate CA trusted Certificate 768s X509v3 Subject Key Identifier: 768s E2:78:63:1E:E4:60:11:C6:5F:C8:12:DF:6F:EA:B2:BC:19:28:EF:02 768s X509v3 Key Usage: critical 768s Digital Signature, Non Repudiation, Key Encipherment 768s X509v3 Extended Key Usage: 768s TLS Web Client Authentication, E-mail Protection 768s X509v3 Subject Alternative Name: 768s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 768s Signature Algorithm: sha256WithRSAEncryption 768s Signature Value: 768s 12:a3:7b:ff:b3:b1:89:98:6b:1c:e3:ae:60:b6:04:e4:0f:5b: 768s 32:9a:82:bf:7d:f4:70:a3:99:b7:df:e3:38:fa:35:40:e2:60: 768s c3:1b:62:03:af:ef:aa:9c:14:92:32:9e:15:7b:6b:07:15:58: 768s f7:d9:77:d2:49:c9:1a:4c:21:da:ca:61:93:8b:ef:d2:6e:0f: 768s 3f:9f:fe:fe:65:ca:76:d1:f3:ab:ec:73:16:b5:82:c6:db:a4: 768s f2:be:a0:0a:1b:cb:43:ff:22:78:b6:55:3a:7d:d0:9e:57:b0: 768s 10:86:b3:6b:1b:47:f6:81:1c:07:5f:af:11:59:b3:b3:df:78: 768s 1e:ec 768s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-fyAXsG/SSSD-child-24111-auth.pem 768s + found_md5=Modulus=C0C1B4D23BB9A3E08EE2C27785CBA77489EB92B78C646F2509F92D1227EECB304786A096F90ACDF042A8B32DB82526AF993CD5F6100916336CE7AA2218252E4767B1661FCA22CCA414ADB3F8C8503FE600BA17FA8528A1E209486FCD28D2367BAFC68EA7B4893D1F3367CD59DC5472F901ABDE9EEEC5EC85987CBCB6CC85BE13 768s + '[' Modulus=C0C1B4D23BB9A3E08EE2C27785CBA77489EB92B78C646F2509F92D1227EECB304786A096F90ACDF042A8B32DB82526AF993CD5F6100916336CE7AA2218252E4767B1661FCA22CCA414ADB3F8C8503FE600BA17FA8528A1E209486FCD28D2367BAFC68EA7B4893D1F3367CD59DC5472F901ABDE9EEEC5EC85987CBCB6CC85BE13 '!=' Modulus=C0C1B4D23BB9A3E08EE2C27785CBA77489EB92B78C646F2509F92D1227EECB304786A096F90ACDF042A8B32DB82526AF993CD5F6100916336CE7AA2218252E4767B1661FCA22CCA414ADB3F8C8503FE600BA17FA8528A1E209486FCD28D2367BAFC68EA7B4893D1F3367CD59DC5472F901ABDE9EEEC5EC85987CBCB6CC85BE13 ']' 768s + invalid_certificate /tmp/sssd-softhsm2-fyAXsG/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-23488 /tmp/sssd-softhsm2-fyAXsG/test-root-CA.pem 768s + check_certificate /tmp/sssd-softhsm2-fyAXsG/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-23488 /tmp/sssd-softhsm2-fyAXsG/test-root-CA.pem 768s + local certificate=/tmp/sssd-softhsm2-fyAXsG/test-intermediate-CA-trusted-certificate-0001.pem 768s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-23488 768s + local key_ring=/tmp/sssd-softhsm2-fyAXsG/test-root-CA.pem 768s + local verify_option= 768s + prepare_softhsm2_card /tmp/sssd-softhsm2-fyAXsG/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-23488 768s + local certificate=/tmp/sssd-softhsm2-fyAXsG/test-intermediate-CA-trusted-certificate-0001.pem 768s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-23488 768s + local key_cn 768s + local key_name 768s + local tokens_dir 768s + local output_cert_file 768s + token_name= 768s ++ basename /tmp/sssd-softhsm2-fyAXsG/test-intermediate-CA-trusted-certificate-0001.pem .pem 768s + key_name=test-intermediate-CA-trusted-certificate-0001 768s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-fyAXsG/test-intermediate-CA-trusted-certificate-0001.pem 768s ++ sed -n 's/ *commonName *= //p' 768s + key_cn='Test Organization Intermediate Trusted Certificate 0001' 768s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 768s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-fyAXsG/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 768s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-fyAXsG/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 768s ++ basename /tmp/sssd-softhsm2-fyAXsG/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf .conf 768s + tokens_dir=/tmp/sssd-softhsm2-fyAXsG/softhsm2-test-intermediate-CA-trusted-certificate-0001 768s + token_name='Test Organization Interme Token' 768s + '[' '!' -e /tmp/sssd-softhsm2-fyAXsG/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf ']' 768s + '[' '!' -d /tmp/sssd-softhsm2-fyAXsG/softhsm2-test-intermediate-CA-trusted-certificate-0001 ']' 768s Test Organization Interme Token 768s + echo 'Test Organization Interme Token' 768s + '[' -n '' ']' 768s + local output_base_name=SSSD-child-19809 768s + local output_file=/tmp/sssd-softhsm2-fyAXsG/SSSD-child-19809.output 768s + output_cert_file=/tmp/sssd-softhsm2-fyAXsG/SSSD-child-19809.pem 768s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so '' --ca_db=/tmp/sssd-softhsm2-fyAXsG/test-root-CA.pem 768s [p11_child[2336]] [main] (0x0400): p11_child started. 768s [p11_child[2336]] [main] (0x2000): Running in [pre-auth] mode. 768s [p11_child[2336]] [main] (0x2000): Running with effective IDs: [0][0]. 768s [p11_child[2336]] [main] (0x2000): Running with real IDs [0][0]. 768s [p11_child[2336]] [do_card] (0x4000): Module List: 768s [p11_child[2336]] [do_card] (0x4000): common name: [softhsm2]. 768s [p11_child[2336]] [do_card] (0x4000): dll name: [/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 768s [p11_child[2336]] [do_card] (0x4000): Description [SoftHSM slot ID 0x71eb0d88] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 768s [p11_child[2336]] [do_card] (0x4000): Token label [Test Organization Interme Token]. 768s [p11_child[2336]] [do_card] (0x4000): Found [Test Organization Interme Token] in slot [SoftHSM slot ID 0x71eb0d88][1911229832] of module [0][/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 768s [p11_child[2336]] [do_card] (0x4000): Login NOT required. 768s [p11_child[2336]] [read_certs] (0x4000): found cert[Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] 768s [p11_child[2336]] [do_verification] (0x0040): X509_verify_cert failed [0]. 768s [p11_child[2336]] [do_verification] (0x0040): X509_verify_cert failed [20][unable to get local issuer certificate]. 768s [p11_child[2336]] [read_certs] (0x0040): Certificate [Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] not valid, skipping. 768s [p11_child[2336]] [do_card] (0x4000): No certificate found. 768s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-fyAXsG/SSSD-child-19809.output 768s + return 2 768s + invalid_certificate /tmp/sssd-softhsm2-fyAXsG/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-23488 /tmp/sssd-softhsm2-fyAXsG/test-root-CA.pem partial_chain 768s + check_certificate /tmp/sssd-softhsm2-fyAXsG/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-23488 /tmp/sssd-softhsm2-fyAXsG/test-root-CA.pem partial_chain 768s + local certificate=/tmp/sssd-softhsm2-fyAXsG/test-intermediate-CA-trusted-certificate-0001.pem 768s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-23488 768s + local key_ring=/tmp/sssd-softhsm2-fyAXsG/test-root-CA.pem 768s + local verify_option=partial_chain 768s + prepare_softhsm2_card /tmp/sssd-softhsm2-fyAXsG/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-23488 768s + local certificate=/tmp/sssd-softhsm2-fyAXsG/test-intermediate-CA-trusted-certificate-0001.pem 768s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-23488 768s + local key_cn 768s + local key_name 768s + local tokens_dir 768s + local output_cert_file 768s + token_name= 768s ++ basename /tmp/sssd-softhsm2-fyAXsG/test-intermediate-CA-trusted-certificate-0001.pem .pem 768s + key_name=test-intermediate-CA-trusted-certificate-0001 768s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-fyAXsG/test-intermediate-CA-trusted-certificate-0001.pem 768s ++ sed -n 's/ *commonName *= //p' 768s + key_cn='Test Organization Intermediate Trusted Certificate 0001' 768s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 768s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-fyAXsG/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 768s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-fyAXsG/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 768s ++ basename /tmp/sssd-softhsm2-fyAXsG/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf .conf 768s + tokens_dir=/tmp/sssd-softhsm2-fyAXsG/softhsm2-test-intermediate-CA-trusted-certificate-0001 768s + token_name='Test Organization Interme Token' 768s + '[' '!' -e /tmp/sssd-softhsm2-fyAXsG/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf ']' 768s Test Organization Interme Token 768s + '[' '!' -d /tmp/sssd-softhsm2-fyAXsG/softhsm2-test-intermediate-CA-trusted-certificate-0001 ']' 768s + echo 'Test Organization Interme Token' 768s + '[' -n partial_chain ']' 768s + local verify_arg=--verify=partial_chain 768s + local output_base_name=SSSD-child-18178 768s + local output_file=/tmp/sssd-softhsm2-fyAXsG/SSSD-child-18178.output 768s + output_cert_file=/tmp/sssd-softhsm2-fyAXsG/SSSD-child-18178.pem 768s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so --verify=partial_chain --ca_db=/tmp/sssd-softhsm2-fyAXsG/test-root-CA.pem 768s [p11_child[2343]] [main] (0x0400): p11_child started. 768s [p11_child[2343]] [main] (0x2000): Running in [pre-auth] mode. 768s [p11_child[2343]] [main] (0x2000): Running with effective IDs: [0][0]. 768s [p11_child[2343]] [main] (0x2000): Running with real IDs [0][0]. 768s [p11_child[2343]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 768s [p11_child[2343]] [do_card] (0x4000): Module List: 768s [p11_child[2343]] [do_card] (0x4000): common name: [softhsm2]. 768s [p11_child[2343]] [do_card] (0x4000): dll name: [/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 768s [p11_child[2343]] [do_card] (0x4000): Description [SoftHSM slot ID 0x71eb0d88] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 768s [p11_child[2343]] [do_card] (0x4000): Token label [Test Organization Interme Token]. 768s [p11_child[2343]] [do_card] (0x4000): Found [Test Organization Interme Token] in slot [SoftHSM slot ID 0x71eb0d88][1911229832] of module [0][/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 768s [p11_child[2343]] [do_card] (0x4000): Login NOT required. 768s [p11_child[2343]] [read_certs] (0x4000): found cert[Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] 768s [p11_child[2343]] [do_verification] (0x0040): X509_verify_cert failed [0]. 768s [p11_child[2343]] [do_verification] (0x0040): X509_verify_cert failed [20][unable to get local issuer certificate]. 768s [p11_child[2343]] [read_certs] (0x0040): Certificate [Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] not valid, skipping. 768s [p11_child[2343]] [do_card] (0x4000): No certificate found. 768s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-fyAXsG/SSSD-child-18178.output 768s + return 2 768s + valid_certificate /tmp/sssd-softhsm2-fyAXsG/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-23488 /tmp/sssd-softhsm2-fyAXsG/test-full-chain-CA.pem 768s + check_certificate /tmp/sssd-softhsm2-fyAXsG/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-23488 /tmp/sssd-softhsm2-fyAXsG/test-full-chain-CA.pem 768s + local certificate=/tmp/sssd-softhsm2-fyAXsG/test-intermediate-CA-trusted-certificate-0001.pem 768s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-23488 768s + local key_ring=/tmp/sssd-softhsm2-fyAXsG/test-full-chain-CA.pem 768s + local verify_option= 768s + prepare_softhsm2_card /tmp/sssd-softhsm2-fyAXsG/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-23488 768s + local certificate=/tmp/sssd-softhsm2-fyAXsG/test-intermediate-CA-trusted-certificate-0001.pem 768s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-23488 768s + local key_cn 768s + local key_name 768s + local tokens_dir 768s + local output_cert_file 768s + token_name= 768s ++ basename /tmp/sssd-softhsm2-fyAXsG/test-intermediate-CA-trusted-certificate-0001.pem .pem 768s + key_name=test-intermediate-CA-trusted-certificate-0001 768s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-fyAXsG/test-intermediate-CA-trusted-certificate-0001.pem 768s ++ sed -n 's/ *commonName *= //p' 768s + key_cn='Test Organization Intermediate Trusted Certificate 0001' 768s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 768s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-fyAXsG/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 768s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-fyAXsG/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 768s ++ basename /tmp/sssd-softhsm2-fyAXsG/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf .conf 768s + tokens_dir=/tmp/sssd-softhsm2-fyAXsG/softhsm2-test-intermediate-CA-trusted-certificate-0001 768s + token_name='Test Organization Interme Token' 768s + '[' '!' -e /tmp/sssd-softhsm2-fyAXsG/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf ']' 768s + '[' '!' -d /tmp/sssd-softhsm2-fyAXsG/softhsm2-test-intermediate-CA-trusted-certificate-0001 ']' 768s + echo 'Test Organization Interme Token' 768s + '[' -n '' ']' 768s Test Organization Interme Token 768s + local output_base_name=SSSD-child-16258 768s + local output_file=/tmp/sssd-softhsm2-fyAXsG/SSSD-child-16258.output 768s + output_cert_file=/tmp/sssd-softhsm2-fyAXsG/SSSD-child-16258.pem 768s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so '' --ca_db=/tmp/sssd-softhsm2-fyAXsG/test-full-chain-CA.pem 768s [p11_child[2350]] [main] (0x0400): p11_child started. 768s [p11_child[2350]] [main] (0x2000): Running in [pre-auth] mode. 768s [p11_child[2350]] [main] (0x2000): Running with effective IDs: [0][0]. 768s [p11_child[2350]] [main] (0x2000): Running with real IDs [0][0]. 768s [p11_child[2350]] [do_card] (0x4000): Module List: 768s [p11_child[2350]] [do_card] (0x4000): common name: [softhsm2]. 768s [p11_child[2350]] [do_card] (0x4000): dll name: [/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 768s [p11_child[2350]] [do_card] (0x4000): Description [SoftHSM slot ID 0x71eb0d88] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 768s [p11_child[2350]] [do_card] (0x4000): Token label [Test Organization Interme Token]. 768s [p11_child[2350]] [do_card] (0x4000): Found [Test Organization Interme Token] in slot [SoftHSM slot ID 0x71eb0d88][1911229832] of module [0][/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 768s [p11_child[2350]] [do_card] (0x4000): Login NOT required. 768s [p11_child[2350]] [read_certs] (0x4000): found cert[Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] 768s [p11_child[2350]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 768s [p11_child[2350]] [do_card] (0x4000): /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so (null) Test Organization Interme Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 768s [p11_child[2350]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x71eb0d88;slot-manufacturer=SoftHSM%20project;slot-id=1911229832;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=8b2a7ff871eb0d88;token=Test%20Organization%20Interme%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Intermediate%20Trusted%20Certificate%200001;type=cert. 768s [p11_child[2350]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 768s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-fyAXsG/SSSD-child-16258.output 768s + echo '-----BEGIN CERTIFICATE-----' 768s + tail -n1 /tmp/sssd-softhsm2-fyAXsG/SSSD-child-16258.output 768s + echo '-----END CERTIFICATE-----' 768s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-fyAXsG/SSSD-child-16258.pem 768s Certificate: 768s Data: 768s Version: 3 (0x2) 768s Serial Number: 4 (0x4) 768s Signature Algorithm: sha256WithRSAEncryption 768s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate CA 768s Validity 768s Not Before: Mar 21 21:55:26 2024 GMT 768s Not After : Mar 21 21:55:26 2025 GMT 768s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate Trusted Certificate 0001 768s Subject Public Key Info: 768s Public Key Algorithm: rsaEncryption 768s Public-Key: (1024 bit) 768s Modulus: 768s 00:c0:c1:b4:d2:3b:b9:a3:e0:8e:e2:c2:77:85:cb: 768s a7:74:89:eb:92:b7:8c:64:6f:25:09:f9:2d:12:27: 768s ee:cb:30:47:86:a0:96:f9:0a:cd:f0:42:a8:b3:2d: 768s b8:25:26:af:99:3c:d5:f6:10:09:16:33:6c:e7:aa: 768s 22:18:25:2e:47:67:b1:66:1f:ca:22:cc:a4:14:ad: 768s b3:f8:c8:50:3f:e6:00:ba:17:fa:85:28:a1:e2:09: 768s 48:6f:cd:28:d2:36:7b:af:c6:8e:a7:b4:89:3d:1f: 768s 33:67:cd:59:dc:54:72:f9:01:ab:de:9e:ee:c5:ec: 768s 85:98:7c:bc:b6:cc:85:be:13 768s Exponent: 65537 (0x10001) 768s X509v3 extensions: 768s X509v3 Authority Key Identifier: 768s 97:F3:B8:6C:25:BD:D3:59:98:5F:85:82:8B:48:C0:97:0F:6C:2F:CC 768s X509v3 Basic Constraints: 768s CA:FALSE 768s Netscape Cert Type: 768s SSL Client, S/MIME 768s Netscape Comment: 768s Test Organization Intermediate CA trusted Certificate 768s X509v3 Subject Key Identifier: 768s E2:78:63:1E:E4:60:11:C6:5F:C8:12:DF:6F:EA:B2:BC:19:28:EF:02 768s X509v3 Key Usage: critical 768s Digital Signature, Non Repudiation, Key Encipherment 768s X509v3 Extended Key Usage: 768s TLS Web Client Authentication, E-mail Protection 768s X509v3 Subject Alternative Name: 768s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 768s Signature Algorithm: sha256WithRSAEncryption 768s Signature Value: 768s 12:a3:7b:ff:b3:b1:89:98:6b:1c:e3:ae:60:b6:04:e4:0f:5b: 768s 32:9a:82:bf:7d:f4:70:a3:99:b7:df:e3:38:fa:35:40:e2:60: 768s c3:1b:62:03:af:ef:aa:9c:14:92:32:9e:15:7b:6b:07:15:58: 768s f7:d9:77:d2:49:c9:1a:4c:21:da:ca:61:93:8b:ef:d2:6e:0f: 768s 3f:9f:fe:fe:65:ca:76:d1:f3:ab:ec:73:16:b5:82:c6:db:a4: 768s f2:be:a0:0a:1b:cb:43:ff:22:78:b6:55:3a:7d:d0:9e:57:b0: 768s 10:86:b3:6b:1b:47:f6:81:1c:07:5f:af:11:59:b3:b3:df:78: 768s 1e:ec 768s + local found_md5 expected_md5 768s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-fyAXsG/test-intermediate-CA-trusted-certificate-0001.pem 768s + expected_md5=Modulus=C0C1B4D23BB9A3E08EE2C27785CBA77489EB92B78C646F2509F92D1227EECB304786A096F90ACDF042A8B32DB82526AF993CD5F6100916336CE7AA2218252E4767B1661FCA22CCA414ADB3F8C8503FE600BA17FA8528A1E209486FCD28D2367BAFC68EA7B4893D1F3367CD59DC5472F901ABDE9EEEC5EC85987CBCB6CC85BE13 768s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-fyAXsG/SSSD-child-16258.pem 768s + found_md5=Modulus=C0C1B4D23BB9A3E08EE2C27785CBA77489EB92B78C646F2509F92D1227EECB304786A096F90ACDF042A8B32DB82526AF993CD5F6100916336CE7AA2218252E4767B1661FCA22CCA414ADB3F8C8503FE600BA17FA8528A1E209486FCD28D2367BAFC68EA7B4893D1F3367CD59DC5472F901ABDE9EEEC5EC85987CBCB6CC85BE13 768s + '[' Modulus=C0C1B4D23BB9A3E08EE2C27785CBA77489EB92B78C646F2509F92D1227EECB304786A096F90ACDF042A8B32DB82526AF993CD5F6100916336CE7AA2218252E4767B1661FCA22CCA414ADB3F8C8503FE600BA17FA8528A1E209486FCD28D2367BAFC68EA7B4893D1F3367CD59DC5472F901ABDE9EEEC5EC85987CBCB6CC85BE13 '!=' Modulus=C0C1B4D23BB9A3E08EE2C27785CBA77489EB92B78C646F2509F92D1227EECB304786A096F90ACDF042A8B32DB82526AF993CD5F6100916336CE7AA2218252E4767B1661FCA22CCA414ADB3F8C8503FE600BA17FA8528A1E209486FCD28D2367BAFC68EA7B4893D1F3367CD59DC5472F901ABDE9EEEC5EC85987CBCB6CC85BE13 ']' 768s + output_file=/tmp/sssd-softhsm2-fyAXsG/SSSD-child-16258-auth.output 768s ++ basename /tmp/sssd-softhsm2-fyAXsG/SSSD-child-16258-auth.output .output 768s + output_cert_file=/tmp/sssd-softhsm2-fyAXsG/SSSD-child-16258-auth.pem 768s + echo -n 053350 768s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/tmp/sssd-softhsm2-fyAXsG/test-full-chain-CA.pem --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 '' --token_name 'Test Organization Interme Token' --module_name /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so 768s [p11_child[2358]] [main] (0x0400): p11_child started. 768s [p11_child[2358]] [main] (0x2000): Running in [auth] mode. 768s [p11_child[2358]] [main] (0x2000): Running with effective IDs: [0][0]. 768s [p11_child[2358]] [main] (0x2000): Running with real IDs [0][0]. 768s [p11_child[2358]] [do_card] (0x4000): Module List: 768s [p11_child[2358]] [do_card] (0x4000): common name: [softhsm2]. 768s [p11_child[2358]] [do_card] (0x4000): dll name: [/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 768s [p11_child[2358]] [do_card] (0x4000): Description [SoftHSM slot ID 0x71eb0d88] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 768s [p11_child[2358]] [do_card] (0x4000): Token label [Test Organization Interme Token]. 768s [p11_child[2358]] [do_card] (0x4000): Found [Test Organization Interme Token] in slot [SoftHSM slot ID 0x71eb0d88][1911229832] of module [0][/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 768s [p11_child[2358]] [do_card] (0x4000): Login required. 768s [p11_child[2358]] [read_certs] (0x4000): found cert[Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] 768s [p11_child[2358]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 768s [p11_child[2358]] [do_card] (0x4000): /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so Test Organization Interme Token Test Organization Interme Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 768s [p11_child[2358]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x71eb0d88;slot-manufacturer=SoftHSM%20project;slot-id=1911229832;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=8b2a7ff871eb0d88;token=Test%20Organization%20Interme%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Intermediate%20Trusted%20Certificate%200001;type=cert. 768s [p11_child[2358]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 768s [p11_child[2358]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 768s [p11_child[2358]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 768s [p11_child[2358]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 768s [p11_child[2358]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 768s [p11_child[2358]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 768s [p11_child[2358]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 768s [p11_child[2358]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 768s [p11_child[2358]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 768s [p11_child[2358]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 768s [p11_child[2358]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 768s [p11_child[2358]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 768s [p11_child[2358]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 768s [p11_child[2358]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 768s [p11_child[2358]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 768s [p11_child[2358]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 768s [p11_child[2358]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 768s [p11_child[2358]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 768s [p11_child[2358]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 768s [p11_child[2358]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 768s [p11_child[2358]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 768s [p11_child[2358]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 768s [p11_child[2358]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 768s [p11_child[2358]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 768s [p11_child[2358]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 768s [p11_child[2358]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 768s [p11_child[2358]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 768s [p11_child[2358]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 768s [p11_child[2358]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 768s [p11_child[2358]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 768s [p11_child[2358]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 768s [p11_child[2358]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 768s [p11_child[2358]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 768s [p11_child[2358]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 768s [p11_child[2358]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 768s [p11_child[2358]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 768s [p11_child[2358]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 768s [p11_child[2358]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 768s [p11_child[2358]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 768s [p11_child[2358]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 768s [p11_child[2358]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 768s [p11_child[2358]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 768s [p11_child[2358]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 768s [p11_child[2358]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 768s [p11_child[2358]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 768s [p11_child[2358]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 768s [p11_child[2358]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 768s [p11_child[2358]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 768s [p11_child[2358]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 768s [p11_child[2358]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 768s [p11_child[2358]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 768s [p11_child[2358]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 768s [p11_child[2358]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 768s [p11_child[2358]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 768s [p11_child[2358]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 768s [p11_child[2358]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 768s [p11_child[2358]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 768s [p11_child[2358]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 768s [p11_child[2358]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 768s [p11_child[2358]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 768s [p11_child[2358]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 768s [p11_child[2358]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 768s [p11_child[2358]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 768s [p11_child[2358]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 768s [p11_child[2358]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 768s [p11_child[2358]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 768s [p11_child[2358]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 768s [p11_child[2358]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 768s [p11_child[2358]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 768s [p11_child[2358]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 768s [p11_child[2358]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 768s [p11_child[2358]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 768s [p11_child[2358]] [do_card] (0x4000): Certificate verified and validated. 768s [p11_child[2358]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 768s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-fyAXsG/SSSD-child-16258-auth.output 768s + echo '-----BEGIN CERTIFICATE-----' 768s + tail -n1 /tmp/sssd-softhsm2-fyAXsG/SSSD-child-16258-auth.output 768s + echo '-----END CERTIFICATE-----' 768s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-fyAXsG/SSSD-child-16258-auth.pem 768s Certificate: 768s Data: 768s Version: 3 (0x2) 768s Serial Number: 4 (0x4) 768s Signature Algorithm: sha256WithRSAEncryption 768s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate CA 768s Validity 768s Not Before: Mar 21 21:55:26 2024 GMT 768s Not After : Mar 21 21:55:26 2025 GMT 768s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate Trusted Certificate 0001 768s Subject Public Key Info: 768s Public Key Algorithm: rsaEncryption 768s Public-Key: (1024 bit) 768s Modulus: 768s 00:c0:c1:b4:d2:3b:b9:a3:e0:8e:e2:c2:77:85:cb: 768s a7:74:89:eb:92:b7:8c:64:6f:25:09:f9:2d:12:27: 768s ee:cb:30:47:86:a0:96:f9:0a:cd:f0:42:a8:b3:2d: 768s b8:25:26:af:99:3c:d5:f6:10:09:16:33:6c:e7:aa: 768s 22:18:25:2e:47:67:b1:66:1f:ca:22:cc:a4:14:ad: 768s b3:f8:c8:50:3f:e6:00:ba:17:fa:85:28:a1:e2:09: 768s 48:6f:cd:28:d2:36:7b:af:c6:8e:a7:b4:89:3d:1f: 768s 33:67:cd:59:dc:54:72:f9:01:ab:de:9e:ee:c5:ec: 768s 85:98:7c:bc:b6:cc:85:be:13 768s Exponent: 65537 (0x10001) 768s X509v3 extensions: 768s X509v3 Authority Key Identifier: 768s 97:F3:B8:6C:25:BD:D3:59:98:5F:85:82:8B:48:C0:97:0F:6C:2F:CC 768s X509v3 Basic Constraints: 768s CA:FALSE 768s Netscape Cert Type: 768s SSL Client, S/MIME 768s Netscape Comment: 768s Test Organization Intermediate CA trusted Certificate 768s X509v3 Subject Key Identifier: 768s E2:78:63:1E:E4:60:11:C6:5F:C8:12:DF:6F:EA:B2:BC:19:28:EF:02 768s X509v3 Key Usage: critical 768s Digital Signature, Non Repudiation, Key Encipherment 768s X509v3 Extended Key Usage: 768s TLS Web Client Authentication, E-mail Protection 768s X509v3 Subject Alternative Name: 768s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 768s Signature Algorithm: sha256WithRSAEncryption 768s Signature Value: 768s 12:a3:7b:ff:b3:b1:89:98:6b:1c:e3:ae:60:b6:04:e4:0f:5b: 768s 32:9a:82:bf:7d:f4:70:a3:99:b7:df:e3:38:fa:35:40:e2:60: 768s c3:1b:62:03:af:ef:aa:9c:14:92:32:9e:15:7b:6b:07:15:58: 768s f7:d9:77:d2:49:c9:1a:4c:21:da:ca:61:93:8b:ef:d2:6e:0f: 768s 3f:9f:fe:fe:65:ca:76:d1:f3:ab:ec:73:16:b5:82:c6:db:a4: 768s f2:be:a0:0a:1b:cb:43:ff:22:78:b6:55:3a:7d:d0:9e:57:b0: 768s 10:86:b3:6b:1b:47:f6:81:1c:07:5f:af:11:59:b3:b3:df:78: 768s 1e:ec 768s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-fyAXsG/SSSD-child-16258-auth.pem 768s + found_md5=Modulus=C0C1B4D23BB9A3E08EE2C27785CBA77489EB92B78C646F2509F92D1227EECB304786A096F90ACDF042A8B32DB82526AF993CD5F6100916336CE7AA2218252E4767B1661FCA22CCA414ADB3F8C8503FE600BA17FA8528A1E209486FCD28D2367BAFC68EA7B4893D1F3367CD59DC5472F901ABDE9EEEC5EC85987CBCB6CC85BE13 768s + '[' Modulus=C0C1B4D23BB9A3E08EE2C27785CBA77489EB92B78C646F2509F92D1227EECB304786A096F90ACDF042A8B32DB82526AF993CD5F6100916336CE7AA2218252E4767B1661FCA22CCA414ADB3F8C8503FE600BA17FA8528A1E209486FCD28D2367BAFC68EA7B4893D1F3367CD59DC5472F901ABDE9EEEC5EC85987CBCB6CC85BE13 '!=' Modulus=C0C1B4D23BB9A3E08EE2C27785CBA77489EB92B78C646F2509F92D1227EECB304786A096F90ACDF042A8B32DB82526AF993CD5F6100916336CE7AA2218252E4767B1661FCA22CCA414ADB3F8C8503FE600BA17FA8528A1E209486FCD28D2367BAFC68EA7B4893D1F3367CD59DC5472F901ABDE9EEEC5EC85987CBCB6CC85BE13 ']' 768s + valid_certificate /tmp/sssd-softhsm2-fyAXsG/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-23488 /tmp/sssd-softhsm2-fyAXsG/test-full-chain-CA.pem partial_chain 768s + check_certificate /tmp/sssd-softhsm2-fyAXsG/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-23488 /tmp/sssd-softhsm2-fyAXsG/test-full-chain-CA.pem partial_chain 768s + local certificate=/tmp/sssd-softhsm2-fyAXsG/test-intermediate-CA-trusted-certificate-0001.pem 768s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-23488 768s + local key_ring=/tmp/sssd-softhsm2-fyAXsG/test-full-chain-CA.pem 768s + local verify_option=partial_chain 768s + prepare_softhsm2_card /tmp/sssd-softhsm2-fyAXsG/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-23488 768s + local certificate=/tmp/sssd-softhsm2-fyAXsG/test-intermediate-CA-trusted-certificate-0001.pem 768s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-23488 768s + local key_cn 768s + local key_name 768s + local tokens_dir 768s + local output_cert_file 768s + token_name= 768s ++ basename /tmp/sssd-softhsm2-fyAXsG/test-intermediate-CA-trusted-certificate-0001.pem .pem 768s + key_name=test-intermediate-CA-trusted-certificate-0001 768s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-fyAXsG/test-intermediate-CA-trusted-certificate-0001.pem 768s ++ sed -n 's/ *commonName *= //p' 768s + key_cn='Test Organization Intermediate Trusted Certificate 0001' 768s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 768s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-fyAXsG/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 768s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-fyAXsG/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 768s Test Organization Interme Token 768s ++ basename /tmp/sssd-softhsm2-fyAXsG/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf .conf 768s + tokens_dir=/tmp/sssd-softhsm2-fyAXsG/softhsm2-test-intermediate-CA-trusted-certificate-0001 768s + token_name='Test Organization Interme Token' 768s + '[' '!' -e /tmp/sssd-softhsm2-fyAXsG/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf ']' 768s + '[' '!' -d /tmp/sssd-softhsm2-fyAXsG/softhsm2-test-intermediate-CA-trusted-certificate-0001 ']' 768s + echo 'Test Organization Interme Token' 768s + '[' -n partial_chain ']' 768s + local verify_arg=--verify=partial_chain 768s + local output_base_name=SSSD-child-15740 768s + local output_file=/tmp/sssd-softhsm2-fyAXsG/SSSD-child-15740.output 768s + output_cert_file=/tmp/sssd-softhsm2-fyAXsG/SSSD-child-15740.pem 768s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so --verify=partial_chain --ca_db=/tmp/sssd-softhsm2-fyAXsG/test-full-chain-CA.pem 768s [p11_child[2368]] [main] (0x0400): p11_child started. 768s [p11_child[2368]] [main] (0x2000): Running in [pre-auth] mode. 768s [p11_child[2368]] [main] (0x2000): Running with effective IDs: [0][0]. 768s [p11_child[2368]] [main] (0x2000): Running with real IDs [0][0]. 768s [p11_child[2368]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 768s [p11_child[2368]] [do_card] (0x4000): Module List: 768s [p11_child[2368]] [do_card] (0x4000): common name: [softhsm2]. 768s [p11_child[2368]] [do_card] (0x4000): dll name: [/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 768s [p11_child[2368]] [do_card] (0x4000): Description [SoftHSM slot ID 0x71eb0d88] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 768s [p11_child[2368]] [do_card] (0x4000): Token label [Test Organization Interme Token]. 768s [p11_child[2368]] [do_card] (0x4000): Found [Test Organization Interme Token] in slot [SoftHSM slot ID 0x71eb0d88][1911229832] of module [0][/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 768s [p11_child[2368]] [do_card] (0x4000): Login NOT required. 768s [p11_child[2368]] [read_certs] (0x4000): found cert[Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] 768s [p11_child[2368]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 768s [p11_child[2368]] [do_card] (0x4000): /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so (null) Test Organization Interme Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 768s [p11_child[2368]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x71eb0d88;slot-manufacturer=SoftHSM%20project;slot-id=1911229832;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=8b2a7ff871eb0d88;token=Test%20Organization%20Interme%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Intermediate%20Trusted%20Certificate%200001;type=cert. 768s [p11_child[2368]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 768s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-fyAXsG/SSSD-child-15740.output 768s + echo '-----BEGIN CERTIFICATE-----' 768s + tail -n1 /tmp/sssd-softhsm2-fyAXsG/SSSD-child-15740.output 768s + echo '-----END CERTIFICATE-----' 768s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-fyAXsG/SSSD-child-15740.pem 770s Certificate: 770s Data: 770s Version: 3 (0x2) 770s Serial Number: 4 (0x4) 770s Signature Algorithm: sha256WithRSAEncryption 770s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate CA 770s Validity 770s Not Before: Mar 21 21:55:26 2024 GMT 770s Not After : Mar 21 21:55:26 2025 GMT 770s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate Trusted Certificate 0001 770s Subject Public Key Info: 770s Public Key Algorithm: rsaEncryption 770s Public-Key: (1024 bit) 770s Modulus: 770s 00:c0:c1:b4:d2:3b:b9:a3:e0:8e:e2:c2:77:85:cb: 770s a7:74:89:eb:92:b7:8c:64:6f:25:09:f9:2d:12:27: 770s ee:cb:30:47:86:a0:96:f9:0a:cd:f0:42:a8:b3:2d: 770s b8:25:26:af:99:3c:d5:f6:10:09:16:33:6c:e7:aa: 770s 22:18:25:2e:47:67:b1:66:1f:ca:22:cc:a4:14:ad: 770s b3:f8:c8:50:3f:e6:00:ba:17:fa:85:28:a1:e2:09: 770s 48:6f:cd:28:d2:36:7b:af:c6:8e:a7:b4:89:3d:1f: 770s 33:67:cd:59:dc:54:72:f9:01:ab:de:9e:ee:c5:ec: 770s 85:98:7c:bc:b6:cc:85:be:13 770s Exponent: 65537 (0x10001) 770s X509v3 extensions: 770s X509v3 Authority Key Identifier: 770s 97:F3:B8:6C:25:BD:D3:59:98:5F:85:82:8B:48:C0:97:0F:6C:2F:CC 770s X509v3 Basic Constraints: 770s CA:FALSE 770s Netscape Cert Type: 770s SSL Client, S/MIME 770s Netscape Comment: 770s Test Organization Intermediate CA trusted Certificate 770s X509v3 Subject Key Identifier: 770s E2:78:63:1E:E4:60:11:C6:5F:C8:12:DF:6F:EA:B2:BC:19:28:EF:02 770s X509v3 Key Usage: critical 770s Digital Signature, Non Repudiation, Key Encipherment 770s X509v3 Extended Key Usage: 770s TLS Web Client Authentication, E-mail Protection 770s X509v3 Subject Alternative Name: 770s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 770s Signature Algorithm: sha256WithRSAEncryption 770s Signature Value: 770s 12:a3:7b:ff:b3:b1:89:98:6b:1c:e3:ae:60:b6:04:e4:0f:5b: 770s 32:9a:82:bf:7d:f4:70:a3:99:b7:df:e3:38:fa:35:40:e2:60: 770s c3:1b:62:03:af:ef:aa:9c:14:92:32:9e:15:7b:6b:07:15:58: 770s f7:d9:77:d2:49:c9:1a:4c:21:da:ca:61:93:8b:ef:d2:6e:0f: 770s 3f:9f:fe:fe:65:ca:76:d1:f3:ab:ec:73:16:b5:82:c6:db:a4: 770s f2:be:a0:0a:1b:cb:43:ff:22:78:b6:55:3a:7d:d0:9e:57:b0: 770s 10:86:b3:6b:1b:47:f6:81:1c:07:5f:af:11:59:b3:b3:df:78: 770s 1e:ec 770s + local found_md5 expected_md5 770s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-fyAXsG/test-intermediate-CA-trusted-certificate-0001.pem 770s + expected_md5=Modulus=C0C1B4D23BB9A3E08EE2C27785CBA77489EB92B78C646F2509F92D1227EECB304786A096F90ACDF042A8B32DB82526AF993CD5F6100916336CE7AA2218252E4767B1661FCA22CCA414ADB3F8C8503FE600BA17FA8528A1E209486FCD28D2367BAFC68EA7B4893D1F3367CD59DC5472F901ABDE9EEEC5EC85987CBCB6CC85BE13 770s Certificate: 770s Data: 770s Version: 3 (0x2) 770s Serial Number: 4 (0x4) 770s Signature Algorithm: sha256WithRSAEncryption 770s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate CA 770s Validity 770s Not Before: Mar 21 21:55:26 2024 GMT 770s Not After : Mar 21 21:55:26 2025 GMT 770s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate Trusted Certificate 0001 770s Subject Public Key Info: 770s Public Key Algorithm: rsaEncryption 770s Public-Key: (1024 bit) 770s Modulus: 770s 00:c0:c1:b4:d2:3b:b9:a3:e0:8e:e2:c2:77:85:cb: 770s a7:74:89:eb:92:b7:8c:64:6f:25:09:f9:2d:12:27: 770s ee:cb:30:47:86:a0:96:f9:0a:cd:f0:42:a8:b3:2d: 770s b8:25:26:af:99:3c:d5:f6:10:09:16:33:6c:e7:aa: 770s 22:18:25:2e:47:67:b1:66:1f:ca:22:cc:a4:14:ad: 770s b3:f8:c8:50:3f:e6:00:ba:17:fa:85:28:a1:e2:09: 770s 48:6f:cd:28:d2:36:7b:af:c6:8e:a7:b4:89:3d:1f: 770s 33:67:cd:59:dc:54:72:f9:01:ab:de:9e:ee:c5:ec: 770s 85:98:7c:bc:b6:cc:85:be:13 770s Exponent: 65537 (0x10001) 770s X509v3 extensions: 770s X509v3 Authority Key Identifier: 770s 97:F3:B8:6C:25:BD:D3:59:98:5F:85:82:8B:48:C0:97:0F:6C:2F:CC 770s X509v3 Basic Constraints: 770s CA:FALSE 770s Netscape Cert Type: 770s SSL Client, S/MIME 770s Netscape Comment: 770s Test Organization Intermediate CA trusted Certificate 770s X509v3 Subject Key Identifier: 770s E2:78:63:1E:E4:60:11:C6:5F:C8:12:DF:6F:EA:B2:BC:19:28:EF:02 770s X509v3 Key Usage: critical 770s Digital Signature, Non Repudiation, Key Encipherment 770s X509v3 Extended Key Usage: 770s TLS Web Client Authentication, E-mail Protection 770s X509v3 Subject Alternative Name: 770s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 770s Signature Algorithm: sha256WithRSAEncryption 770s Signature Value: 770s 12:a3:7b:ff:b3:b1:89:98:6b:1c:e3:ae:60:b6:04:e4:0f:5b: 770s 32:9a:82:bf:7d:f4:70:a3:99:b7:df:e3:38:fa:35:40:e2:60: 770s c3:1b:62:03:af:ef:aa:9c:14:92:32:9e:15:7b:6b:07:15:58: 770s f7:d9:77:d2:49:c9:1a:4c:21:da:ca:61:93:8b:ef:d2:6e:0f: 770s 3f:9f:fe:fe:65:ca:76:d1:f3:ab:ec:73:16:b5:82:c6:db:a4: 770s f2:be:a0:0a:1b:cb:43:ff:22:78:b6:55:3a:7d:d0:9e:57:b0: 770s 10:86:b3:6b:1b:47:f6:81:1c:07:5f:af:11:59:b3:b3:df:78: 770s 1e:ec 770s Test Organization Interme Token 770s Test Organization Interme Token 770s Certificate: 770s Data: 770s Version: 3 (0x2) 770s Serial Number: 4 (0x4) 770s Signature Algorithm: sha256WithRSAEncryption 770s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate CA 770s Validity 770s Not Before: Mar 21 21:55:26 2024 GMT 770s Not After : Mar 21 21:55:26 2025 GMT 770s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate Trusted Certificate 0001 770s Subject Public Key Info: 770s Public Key Algorithm: rsaEncryption 770s Public-Key: (1024 bit) 770s Modulus: 770s 00:c0:c1:b4:d2:3b:b9:a3:e0:8e:e2:c2:77:85:cb: 770s a7:74:89:eb:92:b7:8c:64:6f:25:09:f9:2d:12:27: 770s ee:cb:30:47:86:a0:96:f9:0a:cd:f0:42:a8:b3:2d: 770s b8:25:26:af:99:3c:d5:f6:10:09:16:33:6c:e7:aa: 770s 22:18:25:2e:47:67:b1:66:1f:ca:22:cc:a4:14:ad: 770s b3:f8:c8:50:3f:e6:00:ba:17:fa:85:28:a1:e2:09: 770s 48:6f:cd:28:d2:36:7b:af:c6:8e:a7:b4:89:3d:1f: 770s 33:67:cd:59:dc:54:72:f9:01:ab:de:9e:ee:c5:ec: 770s 85:98:7c:bc:b6:cc:85:be:13 770s Exponent: 65537 (0x10001) 770s X509v3 extensions: 770s X509v3 Authority Key Identifier: 770s 97:F3:B8:6C:25:BD:D3:59:98:5F:85:82:8B:48:C0:97:0F:6C:2F:CC 770s X509v3 Basic Constraints:++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-fyAXsG/SSSD-child-15740.pem 770s + found_md5=Modulus=C0C1B4D23BB9A3E08EE2C27785CBA77489EB92B78C646F2509F92D1227EECB304786A096F90ACDF042A8B32DB82526AF993CD5F6100916336CE7AA2218252E4767B1661FCA22CCA414ADB3F8C8503FE600BA17FA8528A1E209486FCD28D2367BAFC68EA7B4893D1F3367CD59DC5472F901ABDE9EEEC5EC85987CBCB6CC85BE13 770s + '[' Modulus=C0C1B4D23BB9A3E08EE2C27785CBA77489EB92B78C646F2509F92D1227EECB304786A096F90ACDF042A8B32DB82526AF993CD5F6100916336CE7AA2218252E4767B1661FCA22CCA414ADB3F8C8503FE600BA17FA8528A1E209486FCD28D2367BAFC68EA7B4893D1F3367CD59DC5472F901ABDE9EEEC5EC85987CBCB6CC85BE13 '!=' Modulus=C0C1B4D23BB9A3E08EE2C27785CBA77489EB92B78C646F2509F92D1227EECB304786A096F90ACDF042A8B32DB82526AF993CD5F6100916336CE7AA2218252E4767B1661FCA22CCA414ADB3F8C8503FE600BA17FA8528A1E209486FCD28D2367BAFC68EA7B4893D1F3367CD59DC5472F901ABDE9EEEC5EC85987CBCB6CC85BE13 ']' 770s + output_file=/tmp/sssd-softhsm2-fyAXsG/SSSD-child-15740-auth.output 770s ++ basename /tmp/sssd-softhsm2-fyAXsG/SSSD-child-15740-auth.output .output 770s + output_cert_file=/tmp/sssd-softhsm2-fyAXsG/SSSD-child-15740-auth.pem 770s + echo -n 053350 770s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/tmp/sssd-softhsm2-fyAXsG/test-full-chain-CA.pem --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 --verify=partial_chain --token_name 'Test Organization Interme Token' --module_name /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so 770s [p11_child[2376]] [main] (0x0400): p11_child started. 770s [p11_child[2376]] [main] (0x2000): Running in [auth] mode. 770s [p11_child[2376]] [main] (0x2000): Running with effective IDs: [0][0]. 770s [p11_child[2376]] [main] (0x2000): Running with real IDs [0][0]. 770s [p11_child[2376]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 770s [p11_child[2376]] [do_card] (0x4000): Module List: 770s [p11_child[2376]] [do_card] (0x4000): common name: [softhsm2]. 770s [p11_child[2376]] [do_card] (0x4000): dll name: [/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 770s [p11_child[2376]] [do_card] (0x4000): Description [SoftHSM slot ID 0x71eb0d88] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 770s [p11_child[2376]] [do_card] (0x4000): Token label [Test Organization Interme Token]. 770s [p11_child[2376]] [do_card] (0x4000): Found [Test Organization Interme Token] in slot [SoftHSM slot ID 0x71eb0d88][1911229832] of module [0][/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 770s [p11_child[2376]] [do_card] (0x4000): Login required. 770s [p11_child[2376]] [read_certs] (0x4000): found cert[Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] 770s [p11_child[2376]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 770s [p11_child[2376]] [do_card] (0x4000): /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so Test Organization Interme Token Test Organization Interme Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 770s [p11_child[2376]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x71eb0d88;slot-manufacturer=SoftHSM%20project;slot-id=1911229832;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=8b2a7ff871eb0d88;token=Test%20Organization%20Interme%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Intermediate%20Trusted%20Certificate%200001;type=cert. 770s [p11_child[2376]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 770s [p11_child[2376]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 770s [p11_child[2376]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 770s [p11_child[2376]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 770s [p11_child[2376]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 770s [p11_child[2376]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 770s [p11_child[2376]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 770s [p11_child[2376]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 770s [p11_child[2376]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 770s [p11_child[2376]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 770s [p11_child[2376]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 770s [p11_child[2376]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 770s [p11_child[2376]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 770s [p11_child[2376]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 770s [p11_child[2376]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 770s [p11_child[2376]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 770s [p11_child[2376]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 770s [p11_child[2376]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 770s [p11_child[2376]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 770s [p11_child[2376]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 770s [p11_child[2376]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 770s [p11_child[2376]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 770s [p11_child[2376]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 770s [p11_child[2376]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 770s [p11_child[2376]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 770s [p11_child[2376]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 770s [p11_child[2376]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 770s [p11_child[2376]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 770s [p11_child[2376]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 770s [p11_child[2376]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 770s [p11_child[2376]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 770s [p11_child[2376]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 770s [p11_child[2376]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 770s [p11_child[2376]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 770s [p11_child[2376]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 770s [p11_child[2376]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 770s [p11_child[2376]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 770s [p11_child[2376]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 770s [p11_child[2376]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 770s [p11_child[2376]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 770s [p11_child[2376]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 770s [p11_child[2376]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 770s [p11_child[2376]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 770s [p11_child[2376]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 770s [p11_child[2376]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 770s [p11_child[2376]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 770s [p11_child[2376]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 770s [p11_child[2376]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 770s [p11_child[2376]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 770s [p11_child[2376]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 770s [p11_child[2376]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 770s [p11_child[2376]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 770s [p11_child[2376]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 770s [p11_child[2376]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 770s [p11_child[2376]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 770s [p11_child[2376]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 770s [p11_child[2376]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 770s [p11_child[2376]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 770s [p11_child[2376]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 770s [p11_child[2376]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 770s [p11_child[2376]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 770s [p11_child[2376]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 770s [p11_child[2376]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 770s [p11_child[2376]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 770s [p11_child[2376]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 770s [p11_child[2376]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 770s [p11_child[2376]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 770s [p11_child[2376]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 770s [p11_child[2376]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 770s [p11_child[2376]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 770s [p11_child[2376]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 770s [p11_child[2376]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 770s [p11_child[2376]] [do_card] (0x4000): Certificate verified and validated. 770s [p11_child[2376]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 770s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-fyAXsG/SSSD-child-15740-auth.output 770s + echo '-----BEGIN CERTIFICATE-----' 770s + tail -n1 /tmp/sssd-softhsm2-fyAXsG/SSSD-child-15740-auth.output 770s + echo '-----END CERTIFICATE-----' 770s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-fyAXsG/SSSD-child-15740-auth.pem 770s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-fyAXsG/SSSD-child-15740-auth.pem 770s + found_md5=Modulus=C0C1B4D23BB9A3E08EE2C27785CBA77489EB92B78C646F2509F92D1227EECB304786A096F90ACDF042A8B32DB82526AF993CD5F6100916336CE7AA2218252E4767B1661FCA22CCA414ADB3F8C8503FE600BA17FA8528A1E209486FCD28D2367BAFC68EA7B4893D1F3367CD59DC5472F901ABDE9EEEC5EC85987CBCB6CC85BE13 770s + '[' Modulus=C0C1B4D23BB9A3E08EE2C27785CBA77489EB92B78C646F2509F92D1227EECB304786A096F90ACDF042A8B32DB82526AF993CD5F6100916336CE7AA2218252E4767B1661FCA22CCA414ADB3F8C8503FE600BA17FA8528A1E209486FCD28D2367BAFC68EA7B4893D1F3367CD59DC5472F901ABDE9EEEC5EC85987CBCB6CC85BE13 '!=' Modulus=C0C1B4D23BB9A3E08EE2C27785CBA77489EB92B78C646F2509F92D1227EECB304786A096F90ACDF042A8B32DB82526AF993CD5F6100916336CE7AA2218252E4767B1661FCA22CCA414ADB3F8C8503FE600BA17FA8528A1E209486FCD28D2367BAFC68EA7B4893D1F3367CD59DC5472F901ABDE9EEEC5EC85987CBCB6CC85BE13 ']' 770s + invalid_certificate /tmp/sssd-softhsm2-fyAXsG/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-23488 /tmp/sssd-softhsm2-fyAXsG/test-intermediate-CA.pem 770s + check_certificate /tmp/sssd-softhsm2-fyAXsG/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-23488 /tmp/sssd-softhsm2-fyAXsG/test-intermediate-CA.pem 770s + local certificate=/tmp/sssd-softhsm2-fyAXsG/test-intermediate-CA-trusted-certificate-0001.pem 770s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-23488 770s + local key_ring=/tmp/sssd-softhsm2-fyAXsG/test-intermediate-CA.pem 770s + local verify_option= 770s + prepare_softhsm2_card /tmp/sssd-softhsm2-fyAXsG/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-23488 770s + local certificate=/tmp/sssd-softhsm2-fyAXsG/test-intermediate-CA-trusted-certificate-0001.pem 770s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-23488 770s + local key_cn 770s + local key_name 770s + local tokens_dir 770s + local output_cert_file 770s + token_name= 770s ++ basename /tmp/sssd-softhsm2-fyAXsG/test-intermediate-CA-trusted-certificate-0001.pem .pem 770s + key_name=test-intermediate-CA-trusted-certificate-0001 770s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-fyAXsG/test-intermediate-CA-trusted-certificate-0001.pem 770s ++ sed -n 's/ *commonName *= //p' 770s + key_cn='Test Organization Intermediate Trusted Certificate 0001' 770s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 770s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-fyAXsG/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 770s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-fyAXsG/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 770s ++ basename /tmp/sssd-softhsm2-fyAXsG/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf .conf 770s + tokens_dir=/tmp/sssd-softhsm2-fyAXsG/softhsm2-test-intermediate-CA-trusted-certificate-0001 770s + token_name='Test Organization Interme Token' 770s + '[' '!' -e /tmp/sssd-softhsm2-fyAXsG/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf ']' 770s + '[' '!' -d /tmp/sssd-softhsm2-fyAXsG/softhsm2-test-intermediate-CA-trusted-certificate-0001 ']' 770s + echo 'Test Organization Interme Token' 770s + '[' -n '' ']' 770s + local output_base_name=SSSD-child-178 770s + local output_file=/tmp/sssd-softhsm2-fyAXsG/SSSD-child-178.output 770s + output_cert_file=/tmp/sssd-softhsm2-fyAXsG/SSSD-child-178.pem 770s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so '' --ca_db=/tmp/sssd-softhsm2-fyAXsG/test-intermediate-CA.pem 770s [p11_child[2386]] [main] (0x0400): p11_child started. 770s [p11_child[2386]] [main] (0x2000): Running in [pre-auth] mode. 770s [p11_child[2386]] [main] (0x2000): Running with effective IDs: [0][0]. 770s [p11_child[2386]] [main] (0x2000): Running with real IDs [0][0]. 770s [p11_child[2386]] [do_card] (0x4000): Module List: 770s [p11_child[2386]] [do_card] (0x4000): common name: [softhsm2]. 770s [p11_child[2386]] [do_card] (0x4000): dll name: [/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 770s [p11_child[2386]] [do_card] (0x4000): Description [SoftHSM slot ID 0x71eb0d88] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 770s [p11_child[2386]] [do_card] (0x4000): Token label [Test Organization Interme Token]. 770s [p11_child[2386]] [do_card] (0x4000): Found [Test Organization Interme Token] in slot [SoftHSM slot ID 0x71eb0d88][1911229832] of module [0][/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 770s [p11_child[2386]] [do_card] (0x4000): Login NOT required. 770s [p11_child[2386]] [read_certs] (0x4000): found cert[Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] 770s [p11_child[2386]] [do_verification] (0x0040): X509_verify_cert failed [0]. 770s [p11_child[2386]] [do_verification] (0x0040): X509_verify_cert failed [2][unable to get issuer certificate]. 770s [p11_child[2386]] [read_certs] (0x0040): Certificate [Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] not valid, skipping. 770s [p11_child[2386]] [do_card] (0x4000): No certificate found. 770s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-fyAXsG/SSSD-child-178.output 770s + return 2 770s + valid_certificate /tmp/sssd-softhsm2-fyAXsG/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-23488 /tmp/sssd-softhsm2-fyAXsG/test-intermediate-CA.pem partial_chain 770s + check_certificate /tmp/sssd-softhsm2-fyAXsG/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-23488 /tmp/sssd-softhsm2-fyAXsG/test-intermediate-CA.pem partial_chain 770s + local certificate=/tmp/sssd-softhsm2-fyAXsG/test-intermediate-CA-trusted-certificate-0001.pem 770s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-23488 770s + local key_ring=/tmp/sssd-softhsm2-fyAXsG/test-intermediate-CA.pem 770s + local verify_option=partial_chain 770s + prepare_softhsm2_card /tmp/sssd-softhsm2-fyAXsG/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-23488 770s + local certificate=/tmp/sssd-softhsm2-fyAXsG/test-intermediate-CA-trusted-certificate-0001.pem 770s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-23488 770s + local key_cn 770s + local key_name 770s + local tokens_dir 770s + local output_cert_file 770s + token_name= 770s ++ basename /tmp/sssd-softhsm2-fyAXsG/test-intermediate-CA-trusted-certificate-0001.pem .pem 770s + key_name=test-intermediate-CA-trusted-certificate-0001 770s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-fyAXsG/test-intermediate-CA-trusted-certificate-0001.pem 770s ++ sed -n 's/ *commonName *= //p' 770s + key_cn='Test Organization Intermediate Trusted Certificate 0001' 770s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 770s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-fyAXsG/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 770s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-fyAXsG/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 770s ++ basename /tmp/sssd-softhsm2-fyAXsG/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf .conf 770s + tokens_dir=/tmp/sssd-softhsm2-fyAXsG/softhsm2-test-intermediate-CA-trusted-certificate-0001 770s + token_name='Test Organization Interme Token' 770s + '[' '!' -e /tmp/sssd-softhsm2-fyAXsG/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf ']' 770s + '[' '!' -d /tmp/sssd-softhsm2-fyAXsG/softhsm2-test-intermediate-CA-trusted-certificate-0001 ']' 770s + echo 'Test Organization Interme Token' 770s + '[' -n partial_chain ']' 770s + local verify_arg=--verify=partial_chain 770s + local output_base_name=SSSD-child-28741 770s + local output_file=/tmp/sssd-softhsm2-fyAXsG/SSSD-child-28741.output 770s + output_cert_file=/tmp/sssd-softhsm2-fyAXsG/SSSD-child-28741.pem 770s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so --verify=partial_chain --ca_db=/tmp/sssd-softhsm2-fyAXsG/test-intermediate-CA.pem 770s [p11_child[2393]] [main] (0x0400): p11_child started. 770s [p11_child[2393]] [main] (0x2000): Running in [pre-auth] mode. 770s [p11_child[2393]] [main] (0x2000): Running with effective IDs: [0][0]. 770s [p11_child[2393]] [main] (0x2000): Running with real IDs [0][0]. 770s [p11_child[2393]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 770s [p11_child[2393]] [do_card] (0x4000): Module List: 770s [p11_child[2393]] [do_card] (0x4000): common name: [softhsm2]. 770s [p11_child[2393]] [do_card] (0x4000): dll name: [/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 770s [p11_child[2393]] [do_card] (0x4000): Description [SoftHSM slot ID 0x71eb0d88] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 770s [p11_child[2393]] [do_card] (0x4000): Token label [Test Organization Interme Token]. 770s [p11_child[2393]] [do_card] (0x4000): Found [Test Organization Interme Token] in slot [SoftHSM slot ID 0x71eb0d88][1911229832] of module [0][/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 770s [p11_child[2393]] [do_card] (0x4000): Login NOT required. 770s [p11_child[2393]] [read_certs] (0x4000): found cert[Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] 770s [p11_child[2393]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 770s [p11_child[2393]] [do_card] (0x4000): /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so (null) Test Organization Interme Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 770s [p11_child[2393]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x71eb0d88;slot-manufacturer=SoftHSM%20project;slot-id=1911229832;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=8b2a7ff871eb0d88;token=Test%20Organization%20Interme%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Intermediate%20Trusted%20Certificate%200001;type=cert. 770s [p11_child[2393]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 770s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-fyAXsG/SSSD-child-28741.output 770s + echo '-----BEGIN CERTIFICATE-----' 770s + tail -n1 /tmp/sssd-softhsm2-fyAXsG/SSSD-child-28741.output 770s + echo '-----END CERTIFICATE-----' 770s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-fyAXsG/SSSD-child-28741.pem 770s + local found_md5 expected_md5 770s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-fyAXsG/test-intermediate-CA-trusted-certificate-0001.pem 770s + expected_md5=Modulus=C0C1B4D23BB9A3E08EE2C27785CBA77489EB92B78C646F2509F92D1227EECB304786A096F90ACDF042A8B32DB82526AF993CD5F6100916336CE7AA2218252E4767B1661FCA22CCA414ADB3F8C8503FE600BA17FA8528A1E209486FCD28D2367BAFC68EA7B4893D1F3367CD59DC5472F901ABDE9EEEC5EC85987CBCB6CC85BE13 770s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-fyAXsG/SSSD-child-28741.pem 770s + found_md5=Modulus=C0C1B4D23BB9A3E08EE2C27785CBA77489EB92B78C646F2509F92D1227EECB304786A096F90ACDF042A8B32DB82526AF993CD5F6100916336CE7AA2218252E4767B1661FCA22CCA414ADB3F8C8503FE600BA17FA8528A1E209486FCD28D2367BAFC68EA7B4893D1F3367CD59DC5472F901ABDE9EEEC5EC85987CBCB6CC85BE13 770s + '[' Modulus=C0C1B4D23BB9A3E08EE2C27785CBA77489EB92B78C646F2509F92D1227EECB304786A096F90ACDF042A8B32DB82526AF993CD5F6100916336CE7AA2218252E4767B1661FCA22CCA414ADB3F8C8503FE600BA17FA8528A1E209486FCD28D2367BAFC68EA7B4893D1F3367CD59DC5472F901ABDE9EEEC5EC85987CBCB6CC85BE13 '!=' Modulus=C0C1B4D23BB9A3E08EE2C27785CBA77489EB92B78C646F2509F92D1227EECB304786A096F90ACDF042A8B32DB82526AF993CD5F6100916336CE7AA2218252E4767B1661FCA22CCA414ADB3F8C8503FE600BA17FA8528A1E209486FCD28D2367BAFC68EA7B4893D1F3367CD59DC5472F901ABDE9EEEC5EC85987CBCB6CC85BE13 ']' 770s + output_file=/tmp/sssd-softhsm2-fyAXsG/SSSD-child-28741-auth.output 770s ++ basename /tmp/sssd-softhsm2-fyAXsG/SSSD-child-28741-auth.output .output 770s + output_cert_file=/tmp/sssd-softhsm2-fyAXsG/SSSD-child-28741-auth.pem 770s + echo -n 053350 770s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/tmp/sssd-softhsm2-fyAXsG/test-intermediate-CA.pem --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 --verify=partial_chain --token_name 'Test Organization Interme Token' --module_name /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so 770s [p11_child[2401]] [main] (0x0400): p11_child started. 770s [p11_child[2401]] [main] (0x2000): Running in [auth] mode. 770s [p11_child[2401]] [main] (0x2000): Running with effective IDs: [0][0]. 770s [p11_child[2401]] [main] (0x2000): Running with real IDs [0][0]. 770s [p11_child[2401]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 770s [p11_child[2401]] [do_card] (0x4000): Module List: 770s [p11_child[2401]] [do_card] (0x4000): common name: [softhsm2]. 770s [p11_child[2401]] [do_card] (0x4000): dll name: [/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 770s [p11_child[2401]] [do_card] (0x4000): Description [SoftHSM slot ID 0x71eb0d88] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 770s [p11_child[2401]] [do_card] (0x4000): Token label [Test Organization Interme Token]. 770s [p11_child[2401]] [do_card] (0x4000): Found [Test Organization Interme Token] in slot [SoftHSM slot ID 0x71eb0d88][1911229832] of module [0][/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 770s [p11_child[2401]] [do_card] (0x4000): Login required. 770s [p11_child[2401]] [read_certs] (0x4000): found cert[Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] 770s [p11_child[2401]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 770s [p11_child[2401]] [do_card] (0x4000): /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so Test Organization Interme Token Test Organization Interme Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 770s [p11_child[2401]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x71eb0d88;slot-manufacturer=SoftHSM%20project;slot-id=1911229832;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=8b2a7ff871eb0d88;token=Test%20Organization%20Interme%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Intermediate%20Trusted%20Certificate%200001;type=cert. 770s [p11_child[2401]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 770s [p11_child[2401]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 770s [p11_child[2401]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 770s [p11_child[2401]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 770s [p11_child[2401]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 770s [p11_child[2401]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 770s [p11_child[2401]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 770s [p11_child[2401]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 770s [p11_child[2401]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 770s [p11_child[2401]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 770s [p11_child[2401]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 770s [p11_child[2401]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 770s [p11_child[2401]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 770s [p11_child[2401]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 770s [p11_child[2401]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 770s [p11_child[2401]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 770s [p11_child[2401]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 770s [p11_child[2401]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 770s [p11_child[2401]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 770s [p11_child[2401]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 770s [p11_child[2401]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 770s [p11_child[2401]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 770s [p11_child[2401]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 770s [p11_child[2401]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 770s [p11_child[2401]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 770s [p11_child[2401]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 770s [p11_child[2401]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 770s [p11_child[2401]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 770s [p11_child[2401]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 770s [p11_child[2401]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 770s [p11_child[2401]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 770s [p11_child[2401]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 770s [p11_child[2401]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 770s [p11_child[2401]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 770s [p11_child[2401]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 770s [p11_child[2401]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 770s [p11_child[2401]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 770s [p11_child[2401]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 770s [p11_child[2401]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 770s [p11_child[2401]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 770s [p11_child[2401]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 770s [p11_child[2401]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 770s [p11_child[2401]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 770s [p11_child[2401]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 770s [p11_child[2401]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 770s [p11_child[2401]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 770s [p11_child[2401]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 770s [p11_child[2401]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 770s [p11_child[2401]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 770s [p11_child[2401]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 770s [p11_child[2401]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 770s [p11_child[2401]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 770s [p11_child[2401]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 770s [p11_child[2401]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 770s [p11_child[2401]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 770s [p11_child[2401]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 770s [p11_child[2401]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 770s [p11_child[2401]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 770s [p11_child[2401]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 770s [p11_child[2401]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 770s [p11_child[2401]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 770s [p11_child[2401]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 770s [p11_child[2401]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 770s [p11_child[2401]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 770s [p11_child[2401]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 770s [p11_child[2401]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 770s [p11_child[2401]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 770s [p11_child[2401]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 770s [p11_child[2401]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 770s [p11_child[2401]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 770s [p11_child[2401]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 770s [p11_child[2401]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 770s [p11_child[2401]] [do_card] (0x4000): Certificate verified and validated. 770s [p11_child[2401]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 770s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-fyAXsG/SSSD-child-28741-auth.output 770s + echo '-----BEGIN CERTIFICATE-----' 770s + tail -n1 /tmp/sssd-softhsm2-fyAXsG/SSSD-child-28741-auth.output 770s + echo '-----END CERTIFICATE-----' 770s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-fyAXsG/SSSD-child-28741-auth.pem 770s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-fyAXsG/SSSD-child-28741-auth.pem 770s + found_md5=Modulus=C0C1B4D23BB9A3E08EE2C27785CBA77489EB92B78C646F2509F92D1227EECB304786A096F90ACDF042A8B32DB82526AF993CD5F6100916336CE7AA2218252E4767B1661FCA22CCA414ADB3F8C8503FE600BA17FA8528A1E209486FCD28D2367BAFC68EA7B4893D1F3367CD59DC5472F901ABDE9EEEC5EC85987CBCB6CC85BE13 770s + '[' Modulus=C0C1B4D23BB9A3E08EE2C27785CBA77489EB92B78C646F2509F92D1227EECB304786A096F90ACDF042A8B32DB82526AF993CD5F6100916336CE7AA2218252E4767B1661FCA22CCA414ADB3F8C8503FE600BA17FA8528A1E209486FCD28D2367BAFC68EA7B4893D1F3367CD59DC5472F901ABDE9EEEC5EC85987CBCB6CC85BE13 '!=' Modulus=C0C1B4D23BB9A3E08EE2C27785CBA77489EB92B78C646F2509F92D1227EECB304786A096F90ACDF042A8B32DB82526AF993CD5F6100916336CE7AA2218252E4767B1661FCA22CCA414ADB3F8C8503FE600BA17FA8528A1E209486FCD28D2367BAFC68EA7B4893D1F3367CD59DC5472F901ABDE9EEEC5EC85987CBCB6CC85BE13 ']' 770s + invalid_certificate /tmp/sssd-softhsm2-fyAXsG/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-8967 /tmp/sssd-softhsm2-fyAXsG/test-root-CA.pem 770s + check_certificate /tmp/sssd-softhsm2-fyAXsG/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-8967 /tmp/sssd-softhsm2-fyAXsG/test-root-CA.pem 770s + local certificate=/tmp/sssd-softhsm2-fyAXsG/test-sub-intermediate-CA-trusted-certificate-0001.pem 770s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-8967 770s + local key_ring=/tmp/sssd-softhsm2-fyAXsG/test-root-CA.pem 770s + local verify_option= 770s + prepare_softhsm2_card /tmp/sssd-softhsm2-fyAXsG/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-8967 770s + local certificate=/tmp/sssd-softhsm2-fyAXsG/test-sub-intermediate-CA-trusted-certificate-0001.pem 770s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-8967 770s + local key_cn 770s + local key_name 770s + local tokens_dir 770s + local output_cert_file 770s + token_name= 770s ++ basename /tmp/sssd-softhsm2-fyAXsG/test-sub-intermediate-CA-trusted-certificate-0001.pem .pem 770s + key_name=test-sub-intermediate-CA-trusted-certificate-0001 770s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-fyAXsG/test-sub-intermediate-CA-trusted-certificate-0001.pem 770s ++ sed -n 's/ *commonName *= //p' 770s + key_cn='Test Organization Sub Intermediate Trusted Certificate 0001' 770s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 770s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-fyAXsG/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 770s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-fyAXsG/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 770s ++ basename /tmp/sssd-softhsm2-fyAXsG/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf .conf 770s + tokens_dir=/tmp/sssd-softhsm2-fyAXsG/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 770s + token_name='Test Organization Sub Int Token' 770s + '[' '!' -e /tmp/sssd-softhsm2-fyAXsG/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf ']' 770s + local key_file 770s + local decrypted_key 770s + mkdir -p /tmp/sssd-softhsm2-fyAXsG/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 770s + key_file=/tmp/sssd-softhsm2-fyAXsG/test-sub-intermediate-CA-trusted-certificate-0001-key.pem 770s + decrypted_key=/tmp/sssd-softhsm2-fyAXsG/test-sub-intermediate-CA-trusted-certificate-0001-key-decrypted.pem 770s + cat 770s + softhsm2-util --init-token --label 'Test Organization Sub Int Token' --pin 053350 --so-pin 053350 --free 770s + softhsm2-util --show-slots 770s + p11tool --provider=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so --write --no-mark-private --load-certificate=/tmp/sssd-softhsm2-fyAXsG/test-sub-intermediate-CA-trusted-certificate-0001.pem --login --set-pin=053350 --label 'Test Organization Sub Intermediate Trusted Certificate 0001' --id 00112233445566778899FFAABBCCDDEEFF012345 770s + openssl rsa -passin pass:random-sub-intermediate-ca-trusted-cert-0001-8967 -in /tmp/sssd-softhsm2-fyAXsG/test-sub-intermediate-CA-trusted-certificate-0001-key.pem -out /tmp/sssd-softhsm2-fyAXsG/test-sub-intermediate-CA-trusted-certificate-0001-key-decrypted.pem 770s writing RSA key 770s + p11tool --provider=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so --write --load-privkey=/tmp/sssd-softhsm2-fyAXsG/test-sub-intermediate-CA-trusted-certificate-0001-key-decrypted.pem --login --set-pin=053350 --label 'Test Organization Sub Intermediate Trusted Certificate 0001 Key' --id 00112233445566778899FFAABBCCDDEEFF012345 770s + rm /tmp/sssd-softhsm2-fyAXsG/test-sub-intermediate-CA-trusted-certificate-0001-key-decrypted.pem 770s + p11tool --provider=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so --list-all 770s + echo 'Test Organization Sub Int Token' 770s + '[' -n '' ']' 770s + local output_base_name=SSSD-child-23157 770s + local output_file=/tmp/sssd-softhsm2-fyAXsG/SSSD-child-23157.output 770s + output_cert_file=/tmp/sssd-softhsm2-fyAXsG/SSSD-child-23157.pem 770s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so '' --ca_db=/tmp/sssd-softhsm2-fyAXsG/test-root-CA.pem 770s [p11_child[2420]] [main] (0x0400): p11_child started. 770s [p11_child[2420]] [main] (0x2000): Running in [pre-auth] mode. 770s [p11_child[2420]] [main] (0x2000): Running with effective IDs: [0][0]. 770s [p11_child[2420]] [main] (0x2000): Running with real IDs [0][0]. 770s [p11_child[2420]] [do_card] (0x4000): Module List: 770s [p11_child[2420]] [do_card] (0x4000): common name: [softhsm2]. 770s [p11_child[2420]] [do_card] (0x4000): dll name: [/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 770s [p11_child[2420]] [do_card] (0x4000): Description [SoftHSM slot ID 0x4b86e153] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 770s [p11_child[2420]] [do_card] (0x4000): Token label [Test Organization Sub Int Token]. 770s [p11_child[2420]] [do_card] (0x4000): Found [Test Organization Sub Int Token] in slot [SoftHSM slot ID 0x4b86e153][1267130707] of module [0][/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 770s [p11_child[2420]] [do_card] (0x4000): Login NOT required. 770s [p11_child[2420]] [read_certs] (0x4000): found cert[Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] 770s [p11_child[2420]] [do_verification] (0x0040): X509_verify_cert failed [0]. 770s [p11_child[2420]] [do_verification] (0x0040): X509_verify_cert failed [20][unable to get local issuer certificate]. 770s [p11_child[2420]] [read_certs] (0x0040): Certificate [Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] not valid, skipping. 770s [p11_child[2420]] [do_card] (0x4000): No certificate found. 770s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-fyAXsG/SSSD-child-23157.output 770s + return 2 770s + invalid_certificate /tmp/sssd-softhsm2-fyAXsG/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-8967 /tmp/sssd-softhsm2-fyAXsG/test-root-CA.pem partial_chain 770s + check_certificate /tmp/sssd-softhsm2-fyAXsG/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-8967 /tmp/sssd-softhsm2-fyAXsG/test-root-CA.pem partial_chain 770s + local certificate=/tmp/sssd-softhsm2-fyAXsG/test-sub-intermediate-CA-trusted-certificate-0001.pem 770s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-8967 770s + local key_ring=/tmp/sssd-softhsm2-fyAXsG/test-root-CA.pem 770s + local verify_option=partial_chain 770s + prepare_softhsm2_card /tmp/sssd-softhsm2-fyAXsG/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-8967 770s + local certificate=/tmp/sssd-softhsm2-fyAXsG/test-sub-intermediate-CA-trusted-certificate-0001.pem 770s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-8967 770s + local key_cn 770s + local key_name 770s + local tokens_dir 770s + local output_cert_file 770s + token_name= 770s ++ basename /tmp/sssd-softhsm2-fyAXsG/test-sub-intermediate-CA-trusted-certificate-0001.pem .pem 770s + key_name=test-sub-intermediate-CA-trusted-certificate-0001 770s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-fyAXsG/test-sub-intermediate-CA-trusted-certificate-0001.pem 770s ++ sed -n 's/ *commonName *= //p' 770s + key_cn='Test Organization Sub Intermediate Trusted Certificate 0001' 770s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 770s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-fyAXsG/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 770s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-fyAXsG/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 770s ++ basename /tmp/sssd-softhsm2-fyAXsG/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf .conf 770s + tokens_dir=/tmp/sssd-softhsm2-fyAXsG/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 770s + token_name='Test Organization Sub Int Token' 770s + '[' '!' -e /tmp/sssd-softhsm2-fyAXsG/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf ']' 770s + '[' '!' -d /tmp/sssd-softhsm2-fyAXsG/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 ']' 770s + echo 'Test Organization Sub Int Token' 770s + '[' -n partial_chain ']' 770s + local verify_arg=--verify=partial_chain 770s + local output_base_name=SSSD-child-23293 770s + local output_file=/tmp/sssd-softhsm2-fyAXsG/SSSD-child-23293.output 770s + output_cert_file=/tmp/sssd-softhsm2-fyAXsG/SSSD-child-23293.pem 770s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so --verify=partial_chain --ca_db=/tmp/sssd-softhsm2-fyAXsG/test-root-CA.pem 770s [p11_child[2427]] [main] (0x0400): p11_child started. 770s [p11_child[2427]] [main] (0x2000): Running in [pre-auth] mode. 770s [p11_child[2427]] [main] (0x2000): Running with effective IDs: [0][0]. 770s [p11_child[2427]] [main] (0x2000): Running with real IDs [0][0]. 770s [p11_child[2427]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 770s [p11_child[2427]] [do_card] (0x4000): Module List: 770s [p11_child[2427]] [do_card] (0x4000): common name: [softhsm2]. 770s [p11_child[2427]] [do_card] (0x4000): dll name: [/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 770s [p11_child[2427]] [do_card] (0x4000): Description [SoftHSM slot ID 0x4b86e153] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 770s [p11_child[2427]] [do_card] (0x4000): Token label [Test Organization Sub Int Token]. 770s [p11_child[2427]] [do_card] (0x4000): Found [Test Organization Sub Int Token] in slot [SoftHSM slot ID 0x4b86e153][1267130707] of module [0][/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 770s [p11_child[2427]] [do_card] (0x4000): Login NOT required. 770s [p11_child[2427]] [read_certs] (0x4000): found cert[Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] 770s [p11_child[2427]] [do_verification] (0x0040): X509_verify_cert failed [0]. 770s [p11_child[2427]] [do_verification] (0x0040): X509_verify_cert failed [20][unable to get local issuer certificate]. 770s [p11_child[2427]] [read_certs] (0x0040): Certificate [Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] not valid, skipping. 770s [p11_child[2427]] [do_card] (0x4000): No certificate found. 770s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-fyAXsG/SSSD-child-23293.output 770s + return 2 770s + valid_certificate /tmp/sssd-softhsm2-fyAXsG/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-8967 /tmp/sssd-softhsm2-fyAXsG/test-full-chain-CA.pem 770s + check_certificate /tmp/sssd-softhsm2-fyAXsG/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-8967 /tmp/sssd-softhsm2-fyAXsG/test-full-chain-CA.pem 770s + local certificate=/tmp/sssd-softhsm2-fyAXsG/test-sub-intermediate-CA-trusted-certificate-0001.pem 770s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-8967 770s + local key_ring=/tmp/sssd-softhsm2-fyAXsG/test-full-chain-CA.pem 770s + local verify_option= 770s + prepare_softhsm2_card /tmp/sssd-softhsm2-fyAXsG/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-8967 770s + local certificate=/tmp/sssd-softhsm2-fyAXsG/test-sub-intermediate-CA-trusted-certificate-0001.pem 770s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-8967 770s + local key_cn 770s + local key_name 770s + local tokens_dir 770s + local output_cert_file 770s + token_name= 770s ++ basename /tmp/sssd-softhsm2-fyAXsG/test-sub-intermediate-CA-trusted-certificate-0001.pem .pem 770s + key_name=test-sub-intermediate-CA-trusted-certificate-0001 770s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-fyAXsG/test-sub-intermediate-CA-trusted-certificate-0001.pem 770s ++ sed -n 's/ *commonName *= //p' 770s + key_cn='Test Organization Sub Intermediate Trusted Certificate 0001' 770s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 770s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-fyAXsG/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 770s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-fyAXsG/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 770s ++ basename /tmp/sssd-softhsm2-fyAXsG/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf .conf 770s + tokens_dir=/tmp/sssd-softhsm2-fyAXsG/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 770s + token_name='Test Organization Sub Int Token' 770s + '[' '!' -e /tmp/sssd-softhsm2-fyAXsG/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf ']' 770s + '[' '!' -d /tmp/sssd-softhsm2-fyAXsG/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 ']' 770s + echo 'Test Organization Sub Int Token' 770s + '[' -n '' ']' 770s + local output_base_name=SSSD-child-4468 770s + local output_file=/tmp/sssd-softhsm2-fyAXsG/SSSD-child-4468.output 770s + output_cert_file=/tmp/sssd-softhsm2-fyAXsG/SSSD-child-4468.pem 770s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so '' --ca_db=/tmp/sssd-softhsm2-fyAXsG/test-full-chain-CA.pem 770s [p11_child[2434]] [main] (0x0400): p11_child started. 770s [p11_child[2434]] [main] (0x2000): Running in [pre-auth] mode. 770s [p11_child[2434]] [main] (0x2000): Running with effective IDs: [0][0]. 770s [p11_child[2434]] [main] (0x2000): Running with real IDs [0][0]. 770s [p11_child[2434]] [do_card] (0x4000): Module List: 770s [p11_child[2434]] [do_card] (0x4000): common name: [softhsm2]. 770s [p11_child[2434]] [do_card] (0x4000): dll name: [/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 770s [p11_child[2434]] [do_card] (0x4000): Description [SoftHSM slot ID 0x4b86e153] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 770s [p11_child[2434]] [do_card] (0x4000): Token label [Test Organization Sub Int Token]. 770s [p11_child[2434]] [do_card] (0x4000): Found [Test Organization Sub Int Token] in slot [SoftHSM slot ID 0x4b86e153][1267130707] of module [0][/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 770s [p11_child[2434]] [do_card] (0x4000): Login NOT required. 770s [p11_child[2434]] [read_certs] (0x4000): found cert[Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] 770s [p11_child[2434]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 770s [p11_child[2434]] [do_card] (0x4000): /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so (null) Test Organization Sub Int Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 770s [p11_child[2434]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x4b86e153;slot-manufacturer=SoftHSM%20project;slot-id=1267130707;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=10702d7bcb86e153;token=Test%20Organization%20Sub%20Int%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Sub%20Intermediate%20Trusted%20Certificate%200001;type=cert. 770s [p11_child[2434]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 770s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-fyAXsG/SSSD-child-4468.output 770s + echo '-----BEGIN CERTIFICATE-----' 770s + tail -n1 /tmp/sssd-softhsm2-fyAXsG/SSSD-child-4468.output 770s + echo '-----END CERTIFICATE-----' 770s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-fyAXsG/SSSD-child-4468.pem 770s + local found_md5 expected_md5 770s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-fyAXsG/test-sub-intermediate-CA-trusted-certificate-0001.pem 770s + expected_md5=Modulus=A747CD589123F20242B2CDC40EF53508F14C40FBA47FE18B56F669F0AEBF261E05896F7F6486E8E0FA3B85876A174E420893053FFDA0492C5157F1F765A7C43EE195B6C57C79BC5B749AF0C9B7798788B5B86F68D99D69759980CA3CDD386FDA6FD69A1BDD2216DA73AA70496AD18C2E371AC9F3E3B9E202B9D020806752DEB3 770s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-fyAXsG/SSSD-child-4468.pem 770s + found_md5=Modulus=A747CD589123F20242B2CDC40EF53508F14C40FBA47FE18B56F669F0AEBF261E05896F7F6486E8E0FA3B85876A174E420893053FFDA0492C5157F1F765A7C43EE195B6C57C79BC5B749AF0C9B7798788B5B86F68D99D69759980CA3CDD386FDA6FD69A1BDD2216DA73AA70496AD18C2E371AC9F3E3B9E202B9D020806752DEB3 770s + '[' Modulus=A747CD589123F20242B2CDC40EF53508F14C40FBA47FE18B56F669F0AEBF261E05896F7F6486E8E0FA3B85876A174E420893053FFDA0492C5157F1F765A7C43EE195B6C57C79BC5B749AF0C9B7798788B5B86F68D99D69759980CA3CDD386FDA6FD69A1BDD2216DA73AA70496AD18C2E371AC9F3E3B9E202B9D020806752DEB3 '!=' Modulus=A747CD589123F20242B2CDC40EF53508F14C40FBA47FE18B56F669F0AEBF261E05896F7F6486E8E0FA3B85876A174E420893053FFDA0492C5157F1F765A7C43EE195B6C57C79BC5B749AF0C9B7798788B5B86F68D99D69759980CA3CDD386FDA6FD69A1BDD2216DA73AA70496AD18C2E371AC9F3E3B9E202B9D020806752DEB3 ']' 770s + output_file=/tmp/sssd-softhsm2-fyAXsG/SSSD-child-4468-auth.output 770s ++ basename /tmp/sssd-softhsm2-fyAXsG/SSSD-child-4468-auth.output .output 770s + output_cert_file=/tmp/sssd-softhsm2-fyAXsG/SSSD-child-4468-auth.pem 770s + echo -n 053350 770s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/tmp/sssd-softhsm2-fyAXsG/test-full-chain-CA.pem --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 '' --token_name 'Test Organization Sub Int Token' --module_name /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so 770s [p11_child[2442]] [main] (0x0400): p11_child started. 770s [p11_child[2442]] [main] (0x2000): Running in [auth] mode. 770s [p11_child[2442]] [main] (0x2000): Running with effective IDs: [0][0]. 770s [p11_child[2442]] [main] (0x2000): Running with real IDs [0][0]. 770s [p11_child[2442]] [do_card] (0x4000): Module List: 770s [p11_child[2442]] [do_card] (0x4000): common name: [softhsm2]. 770s [p11_child[2442]] [do_card] (0x4000): dll name: [/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 770s [p11_child[2442]] [do_card] (0x4000): Description [SoftHSM slot ID 0x4b86e153] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 770s [p11_child[2442]] [do_card] (0x4000): Token label [Test Organization Sub Int Token]. 770s [p11_child[2442]] [do_card] (0x4000): Found [Test Organization Sub Int Token] in slot [SoftHSM slot ID 0x4b86e153][1267130707] of module [0][/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 770s [p11_child[2442]] [do_card] (0x4000): Login required. 770s [p11_child[2442]] [read_certs] (0x4000): found cert[Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] 770s [p11_child[2442]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 770s [p11_child[2442]] [do_card] (0x4000): /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so Test Organization Sub Int Token Test Organization Sub Int Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 770s [p11_child[2442]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x4b86e153;slot-manufacturer=SoftHSM%20project;slot-id=1267130707;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=10702d7bcb86e153;token=Test%20Organization%20Sub%20Int%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Sub%20Intermediate%20Trusted%20Certificate%200001;type=cert. 770s [p11_child[2442]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 770s [p11_child[2442]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 770s [p11_child[2442]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 770s [p11_child[2442]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 770s [p11_child[2442]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 770s [p11_child[2442]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 770s [p11_child[2442]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 770s [p11_child[2442]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 770s [p11_child[2442]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 770s [p11_child[2442]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 770s [p11_child[2442]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 770s [p11_child[2442]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 770s [p11_child[2442]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 770s [p11_child[2442]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 770s [p11_child[2442]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 770s [p11_child[2442]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 770s [p11_child[2442]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 770s [p11_child[2442]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 770s [p11_child[2442]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 770s [p11_child[2442]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 770s [p11_child[2442]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 770s [p11_child[2442]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 770s [p11_child[2442]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 770s [p11_child[2442]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 770s [p11_child[2442]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 770s [p11_child[2442]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 770s [p11_child[2442]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 770s [p11_child[2442]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 770s [p11_child[2442]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 770s [p11_child[2442]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 770s [p11_child[2442]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 770s [p11_child[2442]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 770s [p11_child[2442]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 770s [p11_child[2442]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 770s [p11_child[2442]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 770s [p11_child[2442]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 770s [p11_child[2442]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 770s [p11_child[2442]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 770s [p11_child[2442]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 770s [p11_child[2442]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 770s [p11_child[2442]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 770s [p11_child[2442]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 770s [p11_child[2442]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 770s [p11_child[2442]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 770s [p11_child[2442]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 770s [p11_child[2442]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 770s [p11_child[2442]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 770s [p11_child[2442]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 770s [p11_child[2442]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 770s [p11_child[2442]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 770s [p11_child[2442]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 770s [p11_child[2442]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 770s [p11_child[2442]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 770s [p11_child[2442]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 770s [p11_child[2442]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 770s [p11_child[2442]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 770s [p11_child[2442]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 770s [p11_child[2442]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 770s [p11_child[2442]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 770s [p11_child[2442]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 770s [p11_child[2442]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 770s [p11_child[2442]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 770s [p11_child[2442]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 770s [p11_child[2442]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 770s [p11_child[2442]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 770s [p11_child[2442]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 770s [p11_child[2442]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 770s [p11_child[2442]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 770s [p11_child[2442]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 770s [p11_child[2442]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 770s [p11_child[2442]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 770s [p11_child[2442]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 770s [p11_child[2442]] [do_card] (0x4000): Certificate verified and validated. 770s [p11_child[2442]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 770s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-fyAXsG/SSSD-child-4468-auth.output 770s + echo '-----BEGIN CERTIFICATE-----' 770s + tail -n1 /tmp/sssd-softhsm2-fyAXsG/SSSD-child-4468-auth.output 770s + echo '-----END CERTIFICATE-----' 770s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-fyAXsG/SSSD-child-4468-auth.pem 770s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-fyAXsG/SSSD-child-4468-auth.pem 770s + found_md5=Modulus=A747CD589123F20242B2CDC40EF53508F14C40FBA47FE18B56F669F0AEBF261E05896F7F6486E8E0FA3B85876A174E420893053FFDA0492C5157F1F765A7C43EE195B6C57C79BC5B749AF0C9B7798788B5B86F68D99D69759980CA3CDD386FDA6FD69A1BDD2216DA73AA70496AD18C2E371AC9F3E3B9E202B9D020806752DEB3 770s + '[' Modulus=A747CD589123F20242B2CDC40EF53508F14C40FBA47FE18B56F669F0AEBF261E05896F7F6486E8E0FA3B85876A174E420893053FFDA0492C5157F1F765A7C43EE195B6C57C79BC5B749AF0C9B7798788B5B86F68D99D69759980CA3CDD386FDA6FD69A1BDD2216DA73AA70496AD18C2E371AC9F3E3B9E202B9D020806752DEB3 '!=' Modulus=A747CD589123F20242B2CDC40EF53508F14C40FBA47FE18B56F669F0AEBF261E05896F7F6486E8E0FA3B85876A174E420893053FFDA0492C5157F1F765A7C43EE195B6C57C79BC5B749AF0C9B7798788B5B86F68D99D69759980CA3CDD386FDA6FD69A1BDD2216DA73AA70496AD18C2E371AC9F3E3B9E202B9D020806752DEB3 ']' 770s + valid_certificate /tmp/sssd-softhsm2-fyAXsG/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-8967 /tmp/sssd-softhsm2-fyAXsG/test-full-chain-CA.pem partial_chain 770s + check_certificate /tmp/sssd-softhsm2-fyAXsG/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-8967 /tmp/sssd-softhsm2-fyAXsG/test-full-chain-CA.pem partial_chain 770s + local certificate=/tmp/sssd-softhsm2-fyAXsG/test-sub-intermediate-CA-trusted-certificate-0001.pem 770s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-8967 770s + local key_ring=/tmp/sssd-softhsm2-fyAXsG/test-full-chain-CA.pem 770s + local verify_option=partial_chain 770s + prepare_softhsm2_card /tmp/sssd-softhsm2-fyAXsG/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-8967 770s + local certificate=/tmp/sssd-softhsm2-fyAXsG/test-sub-intermediate-CA-trusted-certificate-0001.pem 770s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-8967 770s + local key_cn 770s + local key_name 770s + local tokens_dir 770s + local output_cert_file 770s + token_name= 770s ++ basename /tmp/sssd-softhsm2-fyAXsG/test-sub-intermediate-CA-trusted-certificate-0001.pem .pem 770s + key_name=test-sub-intermediate-CA-trusted-certificate-0001 770s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-fyAXsG/test-sub-intermediate-CA-trusted-certificate-0001.pem 770s ++ sed -n 's/ *commonName *= //p' 770s + key_cn='Test Organization Sub Intermediate Trusted Certificate 0001' 770s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 770s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-fyAXsG/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 770s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-fyAXsG/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 770s ++ basename /tmp/sssd-softhsm2-fyAXsG/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf .conf 770s + tokens_di 770s CA:FALSE 770s Netscape Cert Type: 770s SSL Client, S/MIME 770s Netscape Comment: 770s Test Organization Intermediate CA trusted Certificate 770s X509v3 Subject Key Identifier: 770s E2:78:63:1E:E4:60:11:C6:5F:C8:12:DF:6F:EA:B2:BC:19:28:EF:02 770s X509v3 Key Usage: critical 770s Digital Signature, Non Repudiation, Key Encipherment 770s X509v3 Extended Key Usage: 770s TLS Web Client Authentication, E-mail Protection 770s X509v3 Subject Alternative Name: 770s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 770s Signature Algorithm: sha256WithRSAEncryption 770s Signature Value: 770s 12:a3:7b:ff:b3:b1:89:98:6b:1c:e3:ae:60:b6:04:e4:0f:5b: 770s 32:9a:82:bf:7d:f4:70:a3:99:b7:df:e3:38:fa:35:40:e2:60: 770s c3:1b:62:03:af:ef:aa:9c:14:92:32:9e:15:7b:6b:07:15:58: 770s f7:d9:77:d2:49:c9:1a:4c:21:da:ca:61:93:8b:ef:d2:6e:0f: 770s 3f:9f:fe:fe:65:ca:76:d1:f3:ab:ec:73:16:b5:82:c6:db:a4: 770s f2:be:a0:0a:1b:cb:43:ff:22:78:b6:55:3a:7d:d0:9e:57:b0: 770s 10:86:b3:6b:1b:47:f6:81:1c:07:5f:af:11:59:b3:b3:df:78: 770s 1e:ec 770s Certificate: 770s Data: 770s Version: 3 (0x2) 770s Serial Number: 4 (0x4) 770s Signature Algorithm: sha256WithRSAEncryption 770s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate CA 770s Validity 770s Not Before: Mar 21 21:55:26 2024 GMT 770s Not After : Mar 21 21:55:26 2025 GMT 770s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate Trusted Certificate 0001 770s Subject Public Key Info: 770s Public Key Algorithm: rsaEncryption 770s Public-Key: (1024 bit) 770s Modulus: 770s 00:c0:c1:b4:d2:3b:b9:a3:e0:8e:e2:c2:77:85:cb: 770s a7:74:89:eb:92:b7:8c:64:6f:25:09:f9:2d:12:27: 770s ee:cb:30:47:86:a0:96:f9:0a:cd:f0:42:a8:b3:2d: 770s b8:25:26:af:99:3c:d5:f6:10:09:16:33:6c:e7:aa: 770s 22:18:25:2e:47:67:b1:66:1f:ca:22:cc:a4:14:ad: 770s b3:f8:c8:50:3f:e6:00:ba:17:fa:85:28:a1:e2:09: 770s 48:6f:cd:28:d2:36:7b:af:c6:8e:a7:b4:89:3d:1f: 770s 33:67:cd:59:dc:54:72:f9:01:ab:de:9e:ee:c5:ec: 770s 85:98:7c:bc:b6:cc:85:be:13 770s Exponent: 65537 (0x10001) 770s X509v3 extensions: 770s X509v3 Authority Key Identifier: 770s 97:F3:B8:6C:25:BD:D3:59:98:5F:85:82:8B:48:C0:97:0F:6C:2F:CC 770s X509v3 Basic Constraints: 770s CA:FALSE 770s Netscape Cert Type: 770s SSL Client, S/MIME 770s Netscape Comment: 770s Test Organization Intermediate CA trusted Certificate 770s X509v3 Subject Key Identifier: 770s E2:78:63:1E:E4:60:11:C6:5F:C8:12:DF:6F:EA:B2:BC:19:28:EF:02 770s X509v3 Key Usage: critical 770s Digital Signature, Non Repudiation, Key Encipherment 770s X509v3 Extended Key Usage: 770s TLS Web Client Authentication, E-mail Protection 770s X509v3 Subject Alternative Name: 770s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 770s Signature Algorithm: sha256WithRSAEncryption 770s Signature Value: 770s 12:a3:7b:ff:b3:b1:89:98:6b:1c:e3:ae:60:b6:04:e4:0f:5b: 770s 32:9a:82:bf:7d:f4:70:a3:99:b7:df:e3:38:fa:35:40:e2:60: 770s c3:1b:62:03:af:ef:aa:9c:14:92:32:9e:15:7b:6b:07:15:58: 770s f7:d9:77:d2:49:c9:1a:4c:21:da:ca:61:93:8b:ef:d2:6e:0f: 770s 3f:9f:fe:fe:65:ca:76:d1:f3:ab:ec:73:16:b5:82:c6:db:a4: 770s f2:be:a0:0a:1b:cb:43:ff:22:78:b6:55:3a:7d:d0:9e:57:b0: 770s 10:86:b3:6b:1b:47:f6:81:1c:07:5f:af:11:59:b3:b3:df:78: 770s 1e:ec 770s Slot 0 has a free/uninitialized token. 770s The token has been initialized and is reassigned to slot 1267130707 770s Available slots: 770s Slot 1267130707 770s Slot info: 770s Description: SoftHSM slot ID 0x4b86e153 770s Manufacturer ID: SoftHSM project 770s Hardware versior=/tmp/sssd-softhsm2-fyAXsG/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 770s + token_name='Test Organization Sub Int Token' 770s + '[' '!' -e /tmp/sssd-softhsm2-fyAXsG/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf ']' 770s + '[' '!' -d /tmp/sssd-softhsm2-fyAXsG/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 ']' 770s + echo 'Test Organization Sub Int Token' 770s + '[' -n partial_chain ']' 770s + local verify_arg=--verify=partial_chain 770s + local output_base_name=SSSD-child-24159 770s + local output_file=/tmp/sssd-softhsm2-fyAXsG/SSSD-child-24159.output 770s + output_cert_file=/tmp/sssd-softhsm2-fyAXsG/SSSD-child-24159.pem 770s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so --verify=partial_chain --ca_db=/tmp/sssd-softhsm2-fyAXsG/test-full-chain-CA.pem 770s [p11_child[2452]] [main] (0x0400): p11_child started. 770s [p11_child[2452]] [main] (0x2000): Running in [pre-auth] mode. 770s [p11_child[2452]] [main] (0x2000): Running with effective IDs: [0][0]. 770s [p11_child[2452]] [main] (0x2000): Running with real IDs [0][0]. 770s [p11_child[2452]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 770s [p11_child[2452]] [do_card] (0x4000): Module List: 770s [p11_child[2452]] [do_card] (0x4000): common name: [softhsm2]. 770s [p11_child[2452]] [do_card] (0x4000): dll name: [/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 770s [p11_child[2452]] [do_card] (0x4000): Description [SoftHSM slot ID 0x4b86e153] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 770s [p11_child[2452]] [do_card] (0x4000): Token label [Test Organization Sub Int Token]. 770s [p11_child[2452]] [do_card] (0x4000): Found [Test Organization Sub Int Token] in slot [SoftHSM slot ID 0x4b86e153][1267130707] of module [0][/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 770s [p11_child[2452]] [do_card] (0x4000): Login NOT required. 770s [p11_child[2452]] [read_certs] (0x4000): found cert[Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] 770s [p11_child[2452]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 770s [p11_child[2452]] [do_card] (0x4000): /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so (null) Test Organization Sub Int Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 770s [p11_child[2452]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x4b86e153;slot-manufacturer=SoftHSM%20project;slot-id=1267130707;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=10702d7bcb86e153;token=Test%20Organization%20Sub%20Int%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Sub%20Intermediate%20Trusted%20Certificate%200001;type=cert. 770s [p11_child[2452]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 770s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-fyAXsG/SSSD-child-24159.output 770s + echo '-----BEGIN CERTIFICATE-----' 770s + tail -n1 /tmp/sssd-softhsm2-fyAXsG/SSSD-child-24159.output 770s + echo '-----END CERTIFICATE-----' 770s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-fyAXsG/SSSD-child-24159.pem 770s + local found_md5 expected_md5 770s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-fyAXsG/test-sub-intermediate-CA-trusted-certificate-0001.pem 770s + expected_md5=Modulus=A747CD589123F20242B2CDC40EF53508F14C40FBA47FE18B56F669F0AEBF261E05896F7F6486E8E0FA3B85876A174E420893053FFDA0492C5157F1F765A7C43EE195B6C57C79BC5B749AF0C9B7798788B5B86F68D99D69759980CA3CDD386FDA6FD69A1BDD2216DA73AA70496AD18C2E371AC9F3E3B9E202B9D020806752DEB3 770s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsn: 2.6 770s Firmware version: 2.6 770s Token present: yes 770s Token info: 770s Manufacturer ID: SoftHSM project 770s Model: SoftHSM v2 770s Hardware version: 2.6 770s Firmware version: 2.6 770s Serial number: 10702d7bcb86e153 770s Initialized: yes 770s User PIN init.: yes 770s Label: Test Organization Sub Int Token 770s Slot 1 770s Slot info: 770s Description: SoftHSM slot ID 0x1 770s Manufacturer ID: SoftHSM project 770s Hardware version: 2.6 770s Firmware version: 2.6 770s Token present: yes 770s Token info: 770s Manufacturer ID: SoftHSM project 770s Model: SoftHSM v2 770s Hardware version: 2.6 770s Firmware version: 2.6 770s Serial number: 770s Initialized: no 770s User PIN init.: no 770s Label: 770s Object 0: 770s URL: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=10702d7bcb86e153;token=Test%20Organization%20Sub%20Int%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Sub%20Intermediate%20Trusted%20Certificate%200001;type=cert 770s Type: X.509 Certificate (RSA-1024) 770s Expires: Fri Mar 21 21:55:27 2025 770s Label: Test Organization Sub Intermediate Trusted Certificate 0001 770s ID: 00:11:22:33:44:55:66:77:88:99:ff:aa:bb:cc:dd:ee:ff:01:23:45 770s 770s Test Organization Sub Int Token 770s Test Organization Sub Int Token 770s Test Organization Sub Int Token 770s Certificate: 770s Data: 770s Version: 3 (0x2) 770s Serial Number: 5 (0x5) 770s Signature Algorithm: sha256WithRSAEncryption 770s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate CA 770s Validity 770s Not Before: Mar 21 21:55:27 2024 GMT 770s Not After : Mar 21 21:55:27 2025 GMT 770s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate Trusted Certificate 0001 770s Subject Public Key Info: 770s Public Key Algorithm: rsaEncryption 770s Public-Key: (1024 bit) 770s Modulus: 770s 00:a7:47:cd:58:91:23:f2:02:42:b2:cd:c4:0e:f5: 770s 35:08:f1:4c:40:fb:a4:7f:e1:8b:56:f6:69:f0:ae: 770s bf:26:1e:05:89:6f:7f:64:86:e8:e0:fa:3b:85:87: 770s 6a:17:4e:42:08:93:05:3f:fd:a0:49:2c:51:57:f1: 770s f7:65:a7:c4:3e:e1:95:b6:c5:7c:79:bc:5b:74:9a: 770s f0:c9:b7:79:87:88:b5:b8:6f:68:d9:9d:69:75:99: 770s 80:ca:3c:dd:38:6f:da:6f:d6:9a:1b:dd:22:16:da: 770s 73:aa:70:49:6a:d1:8c:2e:37:1a:c9:f3:e3:b9:e2: 770s 02:b9:d0:20:80:67:52:de:b3 770s Exponent: 65537 (0x10001) 770s X509v3 extensions: 770s X509v3 Authority Key Identifier: 770s 40:95:2D:6B:86:1B:33:36:91:35:7D:E4:07:96:29:44:DD:61:A8:62 770s X509v3 Basic Constraints: 770s CA:FALSE 770s Netscape Cert Type: 770s SSL Client, S/MIME 770s Netscape Comment: 770s Test Organization Sub Intermediate CA trusted Certificate 770s X509v3 Subject Key Identifier: 770s A1:D5:E8:69:F3:42:B7:0A:20:26:10:15:A3:30:26:95:B1:24:66:AE 770s X509v3 Key Usage: critical 770s Digital Signature, Non Repudiation, Key Encipherment 770s X509v3 Extended Key Usage: 770s TLS Web Client Authentication, E-mail Protection 770s X509v3 Subject Alternative Name: 770s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 770s Signature Algorithm: sha256WithRSAEncryption 770s Signature Value: 770s 12:1e:7a:b9:b9:ba:bb:bc:9c:fd:9d:74:f5:82:ca:29:de:50: 770s 4a:d5:3a:04:41:65:47:68:a6:5e:fe:87:3e:2a:cb:4d:89:66: 770s de:40:ba:4f:ca:3c:9f:17:c2:29:6b:ad:cf:3f:1c:e0:81:24: 770s ee:f1:7f:13:b9:64:6a:fd:d0:a3:41:05:85:8e:de:aa:ca:ed: 770s 5e:da:fd:74:50:a9:c0:bc:a5:91:57:29:74:53:62:e6:98:94: 770s 9a:ee:14:db:m2-fyAXsG/SSSD-child-24159.pem 770s + found_md5=Modulus=A747CD589123F20242B2CDC40EF53508F14C40FBA47FE18B56F669F0AEBF261E05896F7F6486E8E0FA3B85876A174E420893053FFDA0492C5157F1F765A7C43EE195B6C57C79BC5B749AF0C9B7798788B5B86F68D99D69759980CA3CDD386FDA6FD69A1BDD2216DA73AA70496AD18C2E371AC9F3E3B9E202B9D020806752DEB3 770s + '[' Modulus=A747CD589123F20242B2CDC40EF53508F14C40FBA47FE18B56F669F0AEBF261E05896F7F6486E8E0FA3B85876A174E420893053FFDA0492C5157F1F765A7C43EE195B6C57C79BC5B749AF0C9B7798788B5B86F68D99D69759980CA3CDD386FDA6FD69A1BDD2216DA73AA70496AD18C2E371AC9F3E3B9E202B9D020806752DEB3 '!=' Modulus=A747CD589123F20242B2CDC40EF53508F14C40FBA47FE18B56F669F0AEBF261E05896F7F6486E8E0FA3B85876A174E420893053FFDA0492C5157F1F765A7C43EE195B6C57C79BC5B749AF0C9B7798788B5B86F68D99D69759980CA3CDD386FDA6FD69A1BDD2216DA73AA70496AD18C2E371AC9F3E3B9E202B9D020806752DEB3 ']' 770s + output_file=/tmp/sssd-softhsm2-fyAXsG/SSSD-child-24159-auth.output 770s ++ basename /tmp/sssd-softhsm2-fyAXsG/SSSD-child-24159-auth.output .output 770s + output_cert_file=/tmp/sssd-softhsm2-fyAXsG/SSSD-child-24159-auth.pem 770s + echo -n 053350 770s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/tmp/sssd-softhsm2-fyAXsG/test-full-chain-CA.pem --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 --verify=partial_chain --token_name 'Test Organization Sub Int Token' --module_name /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so 770s [p11_child[2460]] [main] (0x0400): p11_child started. 770s [p11_child[2460]] [main] (0x2000): Running in [auth] mode. 770s [p11_child[2460]] [main] (0x2000): Running with effective IDs: [0][0]. 770s [p11_child[2460]] [main] (0x2000): Running with real IDs [0][0]. 770s [p11_child[2460]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 770s [p11_child[2460]] [do_card] (0x4000): Module List: 770s [p11_child[2460]] [do_card] (0x4000): common name: [softhsm2]. 770s [p11_child[2460]] [do_card] (0x4000): dll name: [/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 770s [p11_child[2460]] [do_card] (0x4000): Description [SoftHSM slot ID 0x4b86e153] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 770s [p11_child[2460]] [do_card] (0x4000): Token label [Test Organization Sub Int Token]. 770s [p11_child[2460]] [do_card] (0x4000): Found [Test Organization Sub Int Token] in slot [SoftHSM slot ID 0x4b86e153][1267130707] of module [0][/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 770s [p11_child[2460]] [do_card] (0x4000): Login required. 770s [p11_child[2460]] [read_certs] (0x4000): found cert[Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] 770s [p11_child[2460]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 770s [p11_child[2460]] [do_card] (0x4000): /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so Test Organization Sub Int Token Test Organization Sub Int Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 770s [p11_child[2460]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x4b86e153;slot-manufacturer=SoftHSM%20project;slot-id=1267130707;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=10702d7bcb86e153;token=Test%20Organization%20Sub%20Int%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Sub%20Intermediate%20Trusted%20Certificate%200001;type=cert. 770s [p11_child[2460]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 770s [p11_child[2460]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 770s [p11_child[2460]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 770s [p11_child[2460]] [get_preferred_rsa_mechanism] (0x4000): Found m15:29:f5:6c:19:76:34:a2:19:6e:f2:1b:9a:b2: 770s 08:52:30:53:6e:33:ea:8b:f0:c3:9c:31:31:cf:99:42:8f:44: 770s ba:90 770s Certificate: 770s Data: 770s Version: 3 (0x2) 770s Serial Number: 5 (0x5) 770s Signature Algorithm: sha256WithRSAEncryption 770s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate CA 770s Validity 770s Not Before: Mar 21 21:55:27 2024 GMT 770s Not After : Mar 21 21:55:27 2025 GMT 770s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate Trusted Certificate 0001 770s Subject Public Key Info: 770s Public Key Algorithm: rsaEncryption 770s Public-Key: (1024 bit) 770s Modulus: 770s 00:a7:47:cd:58:91:23:f2:02:42:b2:cd:c4:0e:f5: 770s 35:08:f1:4c:40:fb:a4:7f:e1:8b:56:f6:69:f0:ae: 770s bf:26:1e:05:89:6f:7f:64:86:e8:e0:fa:3b:85:87: 770s 6a:17:4e:42:08:93:05:3f:fd:a0:49:2c:51:57:f1: 770s f7:65:a7:c4:3e:e1:95:b6:c5:7c:79:bc:5b:74:9a: 770s f0:c9:b7:79:87:88:b5:b8:6f:68:d9:9d:69:75:99: 770s 80:ca:3c:dd:38:6f:da:6f:d6:9a:1b:dd:22:16:da: 770s 73:aa:70:49:6a:d1:8c:2e:37:1a:c9:f3:e3:b9:e2: 770s 02:b9:d0:20:80:67:52:de:b3 770s Exponent: 65537 (0x10001) 770s X509v3 extensions: 770s X509v3 Authority Key Identifier: 770s 40:95:2D:6B:86:1B:33:36:91:35:7D:E4:07:96:29:44:DD:61:A8:62 770s X509v3 Basic Constraints: 770s CA:FALSE 770s Netscape Cert Type: 770s SSL Client, S/MIME 770s Netscape Comment: 770s Test Organization Sub Intermediate CA trusted Certificate 770s X509v3 Subject Key Identifier: 770s A1:D5:E8:69:F3:42:B7:0A:20:26:10:15:A3:30:26:95:B1:24:66:AE 770s X509v3 Key Usage: critical 770s Digital Signature, Non Repudiation, Key Encipherment 770s X509v3 Extended Key Usage: 770s TLS Web Client Authentication, E-mail Protection 770s X509v3 Subject Alternative Name: 770s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 770s Signature Algorithm: sha256WithRSAEncryption 770s Signature Value: 770s 12:1e:7a:b9:b9:ba:bb:bc:9c:fd:9d:74:f5:82:ca:29:de:50: 770s 4a:d5:3a:04:41:65:47:68:a6:5e:fe:87:3e:2a:cb:4d:89:66: 770s de:40:ba:4f:ca:3c:9f:17:c2:29:6b:ad:cf:3f:1c:e0:81:24: 770s ee:f1:7f:13:b9:64:6a:fd:d0:a3:41:05:85:8e:de:aa:ca:ed: 770s 5e:da:fd:74:50:a9:c0:bc:a5:91:57:29:74:53:62:e6:98:94: 770s 9a:ee:14:db:15:29:f5:6c:19:76:34:a2:19:6e:f2:1b:9a:b2: 770s 08:52:30:53:6e:33:ea:8b:f0:c3:9c:31:31:cf:99:42:8f:44: 770s ba:90 770s Test Organization Sub Int Token 770s Certificate: 770s Data: 770s Version: 3 (0x2) 770s Serial Number: 5 (0x5) 770s Signature Algorithm: sha256WithRSAEncryption 770s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate CA 770s Validity 770s Not Before: Mar 21 21:55:27 2024 GMT 770s Not After : Mar 21 21:55:27 2025 GMT 770s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate Trusted Certificate 0001 770s Subject Public Key Info: 770s Public Key Algorithm: rsaEncryption 770s Public-Key: (1024 bit) 770s Modulus: 770s 00:a7:47:cd:58:91:23:f2:02:42:b2:cd:c4:0e:f5: 770s 35:08:f1:4c:40:fb:a4:7f:e1:8b:56:f6:69:f0:ae: 770s bf:26:1e:05:89:6f:7f:64:86:e8:e0:fa:3b:85:87: 770s 6a:17:4e:42:08:93:05:3f:fd:a0:49:2c:51:57:f1: 770s f7:65:a7:c4:3e:e1:95:b6:c5:7c:79:bc:5b:74:9a: 770s f0:c9:b7:79:87:88:b5:b8:6f:68:d9:9d:69:75:99: 770s 80:ca:3c:dd:38:6f:da:6f:d6:9a:1b:dd:22:16:da: 770s 73:aa:70:49:6a:d1:8c:2e:37:1a:c9:f3:e3:b9:e2: 770s 02:b9:d0:20:80:67:52:de:b3 770s Exponent: 65537 (0x10001) 770s X509v3 extensions: 770s X509v3 Authority Key Identifier: 770s echanism [4234]. 770s [p11_child[2460]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 770s [p11_child[2460]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 770s [p11_child[2460]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 770s [p11_child[2460]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 770s [p11_child[2460]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 770s [p11_child[2460]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 770s [p11_child[2460]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 770s [p11_child[2460]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 770s [p11_child[2460]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 770s [p11_child[2460]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 770s [p11_child[2460]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 770s [p11_child[2460]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 770s [p11_child[2460]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 770s [p11_child[2460]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 770s [p11_child[2460]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 770s [p11_child[2460]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 770s [p11_child[2460]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 770s [p11_child[2460]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 770s [p11_child[2460]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 770s [p11_child[2460]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 770s [p11_child[2460]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 770s [p11_child[2460]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 770s [p11_child[2460]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 770s [p11_child[2460]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 770s [p11_child[2460]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 770s [p11_child[2460]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 770s [p11_child[2460]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 770s [p11_child[2460]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 770s [p11_child[2460]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 770s [p11_child[2460]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 770s [p11_child[2460]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 770s [p11_child[2460]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 770s [p11_child[2460]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 770s [p11_child[2460]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 770s [p11_child[2460]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 770s [p11_child[2460]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 770s [p11_child[2460]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 770s [p11_child[2460]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 770s [p11_child[2460]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 770s [p11_child[2460]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 770s [p11_child[2460]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 770s [p11_child[2460]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 770s [p11_child[2460]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 770s [p11_child[2460]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 770s [p11_child[2460]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 770s [p11_child[2460]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 770s [p11_child[2460]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 770s [p11_child[2460]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 770s [p11_child[2460]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 770s [p11_child[2460]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 770s [p11_child[2460]] [get_preferred_r 40:95:2D:6B:86:1B:33:36:91:35:7D:E4:07:96:29:44:DD:61:A8:62 770s X509v3 Basic Constraints: 770s CA:FALSE 770s Netscape Cert Type: 770s SSL Client, S/MIME 770s Netscape Comment: 770s Test Organization Sub Intermediate CA trusted Certificate 770s X509v3 Subject Key Identifier: 770s A1:D5:E8:69:F3:42:B7:0A:20:26:10:15:A3:30:26:95:B1:24:66:AE 770s X509v3 Key Usage: critical 770s Digital Signature, Non Repudiation, Key Encipherment 770s X509v3 Extended Key Usage: 770s TLS Web Client Authentication, E-mail Protection 770s X509v3 Subject Alternative Name: 770s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 770s Signature Algorithm: sha256WithRSAEncryption 770s Signature Value: 770s 12:1e:7a:b9:b9:ba:bb:bc:9c:fd:9d:74:f5:82:ca:29:de:50: 770s 4a:d5:3a:04:41:65:47:68:a6:5e:fe:87:3e:2a:cb:4d:89:66: 770s de:40:ba:4f:ca:3c:9f:17:c2:29:6b:ad:cf:3f:1c:e0:81:24: 770s ee:f1:7f:13:b9:64:6a:fd:d0:a3:41:05:85:8e:de:aa:ca:ed: 770s 5e:da:fd:74:50:a9:c0:bc:a5:91:57:29:74:53:62:e6:98:94: 770s 9a:ee:14:db:15:29:f5:6c:19:76:34:a2:19:6e:f2:1b:9a:b2: 770s 08:52:30:53:6e:33:ea:8b:f0:c3:9c:31:31:cf:99:42:8f:44: 770s ba:90 770s Certificate: 770s Data: 770s Version: 3 (0x2) 770s Serial Number: 5 (0x5) 770s Signature Algorithm: sha256WithRSAEncryption 770s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate CA 770s Validity 770s Not Before: Mar 21 21:55:27 2024 GMT 770s Not After : Mar 21 21:55:27 2025 GMT 770s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate Trusted Certificate 0001 770s Subject Public Key Info: 770s Public Key Algorithm: rsaEncryption 770s Public-Key: (1024 bit) 770s Modulus: 770s 00:a7:47:cd:58:91:23:f2:02:42:b2:cd:c4:0e:f5: 770s 35:08:f1:4c:40:fb:a4:7f:e1:8b:56:f6:69:f0:ae: 770s bf:26:1e:05:89:6f:7f:64:86:e8:e0:fa:3b:85:87: 770s 6a:17:4e:42:08:93:05:3f:fd:a0:49:2c:51:57:f1: 770s f7:65:a7:c4:3e:e1:95:b6:c5:7c:79:bc:5b:74:9a: 770s f0:c9:b7:79:87:88:b5:b8:6f:68:d9:9d:69:75:99: 770s 80:ca:3c:dd:38:6f:da:6f:d6:9a:1b:dd:22:16:da: 770s 73:aa:70:49:6a:d1:8c:2e:37:1a:c9:f3:e3:b9:e2: 770s 02:b9:d0:20:80:67:52:de:b3 770s Exponent: 65537 (0x10001) 770s X509v3 extensions: 770s X509v3 Authority Key Identifier: 770s 40:95:2D:6B:86:1B:33:36:91:35:7D:E4:07:96:29:44:DD:61:A8:62 770s X509v3 Basic Constraints: 770s CA:FALSE 770s Netscape Cert Type: 770s SSL Client, S/MIME 770s Netscape Comment: 770s Test Organization Sub Intermediate CA trusted Certificate 770s X509v3 Subject Key Identifier: 770s A1:D5:E8:69:F3:42:B7:0A:20:26:10:15:A3:30:26:95:B1:24:66:AE 770s X509v3 Key Usage: critical 770s Digital Signature, Non Repudiation, Key Encipherment 770s X509v3 Extended Key Usage: 770s TLS Web Client Authentication, E-mail Protection 770s X509v3 Subject Alternative Name: 770s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 770s Signature Algorithm: sha256WithRSAEncryption 770s Signature Value: 770s 12:1e:7a:b9:b9:ba:bb:bc:9c:fd:9d:74:f5:82:ca:29:de:50: 770s 4a:d5:3a:04:41:65:47:68:a6:5e:fe:87:3e:2a:cb:4d:89:66: 770s de:40:ba:4f:ca:3c:9f:17:c2:29:6b:ad:cf:3f:1c:e0:81:24: 770s ee:f1:7f:13:b9:64:6a:fd:d0:a3:41:05:85:8e:de:aa:ca:ed: 770s 5e:da:fd:74:50:a9:c0:bc:a5:91:57:29:74:53:62:e6:98:94: 770s 9a:ee:14:db:15:29:f5:6c:19:76:34:a2:19:6e:f2:1b:9a:b2: 770s 08:52:30:53:6e:33:ea:8b:f0:c3:9c:31:31:cf:99:42:8f:44: 770s ba:90 770s Test Organization Sub Int Token 770s Test Organization Sub Int Token 770s sa_mechanism] (0x4000): Found mechanism [70]. 770s [p11_child[2460]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 770s [p11_child[2460]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 770s [p11_child[2460]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 770s [p11_child[2460]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 770s [p11_child[2460]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 770s [p11_child[2460]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 770s [p11_child[2460]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 770s [p11_child[2460]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 770s [p11_child[2460]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 770s [p11_child[2460]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 770s [p11_child[2460]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 770s [p11_child[2460]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 770s [p11_child[2460]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 770s [p11_child[2460]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 770s [p11_child[2460]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 770s [p11_child[2460]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 770s [p11_child[2460]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 770s [p11_child[2460]] [do_card] (0x4000): Certificate verified and validated. 770s [p11_child[2460]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 770s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-fyAXsG/SSSD-child-24159-auth.output 770s + echo '-----BEGIN CERTIFICATE-----' 770s + tail -n1 /tmp/sssd-softhsm2-fyAXsG/SSSD-child-24159-auth.output 770s + echo '-----END CERTIFICATE-----' 770s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-fyAXsG/SSSD-child-24159-auth.pem 770s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-fyAXsG/SSSD-child-24159-auth.pem 770s + found_md5=Modulus=A747CD589123F20242B2CDC40EF53508F14C40FBA47FE18B56F669F0AEBF261E05896F7F6486E8E0FA3B85876A174E420893053FFDA0492C5157F1F765A7C43EE195B6C57C79BC5B749AF0C9B7798788B5B86F68D99D69759980CA3CDD386FDA6FD69A1BDD2216DA73AA70496AD18C2E371AC9F3E3B9E202B9D020806752DEB3 770s + '[' Modulus=A747CD589123F20242B2CDC40EF53508F14C40FBA47FE18B56F669F0AEBF261E05896F7F6486E8E0FA3B85876A174E420893053FFDA0492C5157F1F765A7C43EE195B6C57C79BC5B749AF0C9B7798788B5B86F68D99D69759980CA3CDD386FDA6FD69A1BDD2216DA73AA70496AD18C2E371AC9F3E3B9E202B9D020806752DEB3 '!=' Modulus=A747CD589123F20242B2CDC40EF53508F14C40FBA47FE18B56F669F0AEBF261E05896F7F6486E8E0FA3B85876A174E420893053FFDA0492C5157F1F765A7C43EE195B6C57C79BC5B749AF0C9B7798788B5B86F68D99D69759980CA3CDD386FDA6FD69A1BDD2216DA73AA70496AD18C2E371AC9F3E3B9E202B9D020806752DEB3 ']' 770s + invalid_certificate /tmp/sssd-softhsm2-fyAXsG/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-8967 /tmp/sssd-softhsm2-fyAXsG/test-sub-intermediate-CA.pem 770s + check_certificate /tmp/sssd-softhsm2-fyAXsG/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-8967 /tmp/sssd-softhsm2-fyAXsG/test-sub-intermediate-CA.pem 770s + local certificate=/tmp/sssd-softhsm2-fyAXsG/test-sub-intermediate-CA-trusted-certificate-0001.pem 770s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-8967 770s + local key_ring=/tmp/sssd-softhsm2-fyAXsG/test-sub-intermediate-CA.pem 770s + local verify_option= 770s + prepare_softhsm2_card /tmp/sssd-softhsm2-fyAXsG/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-8967 770s + local certificate=/tmp/sssd-softhsm2-fyAXsG/test-sub-intermediate-CA-trusted-certificate-0001.pem 770s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-8967 770s + local key_cn 770s + local key_name 770s + local tokens_dir 770s + local output_cert_file 770s + token_name= 770s ++ basename /tmp/sssd-softhsm2-fyAXsG/test-sub-intermediate-CA-trusted-certificate-0001.pem .pem 770s + key_name=test-sub-intermediate-CA-trusted-certificate-0001 770s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-fyAXsG/test-sub-intermediate-CA-trusted-certificate-0001.pem 770s ++ sed -n 's/ *commonName *= //p' 770s + key_cn='Test Organization Sub Intermediate Trusted Certificate 0001' 770s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 770s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-fyAXsG/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 770s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-fyAXsG/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 770s ++ basename /tmp/sssd-softhsm2-fyAXsG/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf .conf 770s + tokens_dir=/tmp/sssd-softhsm2-fyAXsG/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 770s + token_name='Test Organization Sub Int Token' 770s + '[' '!' -e /tmp/sssd-softhsm2-fyAXsG/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf ']' 770s + '[' '!' -d /tmp/sssd-softhsm2-fyAXsG/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 ']' 770s + echo 'Test Organization Sub Int Token' 770s + '[' -n '' ']' 770s + local output_base_name=SSSD-child-3462 770s + local output_file=/tmp/sssd-softhsm2-fyAXsG/SSSD-child-3462.output 770s + output_cert_file=/tmp/sssd-softhsm2-fyAXsG/SSSD-child-3462.pem 770s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so '' --ca_db=/tmp/sssd-softhsm2-fyAXsG/test-sub-intermediate-CA.pem 770s [p11_child[2470]] [main] (0x0400): p11_child started. 770s [p11_child[2470]] [main] (0x2000): Running in [pre-auth] mode. 770s [p11_child[2470]] [main] (0x2000): Running with effective IDs: [0][0]. 770s [p11_child[2470]] [main] (0x2000): Running with real IDs [0][0]. 770s [p11_child[2470]] [do_card] (0x4000): Module List: 770s [p11_child[2470]] [do_card] (0x4000): common name: [softhsm2]. 770s [p11_child[2470]] [do_card] (0x4000): dll name: [/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 770s [p11_child[2470]] [do_card] (0x4000): Description [SoftHSM slot ID 0x4b86e153] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 770s [p11_child[2470]] [do_card] (0x4000): Token label [Test Organization Sub Int Token]. 770s [p11_child[2470]] [do_card] (0x4000): Found [Test Organization Sub Int Token] in slot [SoftHSM slot ID 0x4b86e153][1267130707] of module [0][/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 770s [p11_child[2470]] [do_card] (0x4000): Login NOT required. 770s [p11_child[2470]] [read_certs] (0x4000): found cert[Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] 770s [p11_child[2470]] [do_verification] (0x0040): X509_verify_cert failed [0]. 770s [p11_child[2470]] [do_verification] (0x0040): X509_verify_cert failed [2][unable to get issuer certificate]. 770s [p11_child[2470]] [read_certs] (0x0040): Certificate [Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] not valid, skipping. 770s [p11_child[2470]] [do_card] (0x4000): No certificate found. 770s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-fyAXsG/SSSD-child-3462.output 770s + return 2 770s + invalid_certificate /tmp/sssd-softhsm2-fyAXsG/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-8967 /tmp/sssd-softhsm2-fyAXsG/test-root-intermediate-chain-CA.pem partial_chain 770s + check_certificate /tmp/sssd-softhsm2-fyAXsG/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-8967 /tmp/sssd-softhsm2-fyAXsG/test-root-intermediate-chain-CA.pem partial_chain 770s + local certificate=/tmp/sssd-softhsm2-fyAXsG/test-sub-intermediate-CA-trusted-certificate-0001.pem 770s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-8967 770s + local key_ring=/tmp/sssd-softhsm2-fyAXsG/test-root-intermediate-chain-CA.pem 770s + local verify_option=partial_chain 770s + prepare_softhsm2_card /tmp/sssd-softhsm2-fyAXsG/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-8967 770s + local certificate=/tmp/sssd-softhsm2-fyAXsG/test-sub-intermediate-CA-trusted-certificate-0001.pem 770s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-8967 770s + local key_cn 770s + local key_name 770s + local tokens_dir 770s + local output_cert_file 770s + token_name= 770s ++ basename /tmp/sssd-softhsm2-fyAXsG/test-sub-intermediate-CA-trusted-certificate-0001.pem .pem 770s + key_name=test-sub-intermediate-CA-trusted-certificate-0001 770s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-fyAXsG/test-sub-intermediate-CA-trusted-certificate-0001.pem 770s ++ sed -n 's/ *commonName *= //p' 770s + key_cn='Test Organization Sub Intermediate Trusted Certificate 0001' 770s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 770s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-fyAXsG/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 770s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-fyAXsG/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 770s ++ basename /tmp/sssd-softhsm2-fyAXsG/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf .conf 770s + tokens_dir=/tmp/sssd-softhsm2-fyAXsG/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 770s + token_name='Test Organization Sub Int Token' 770s + '[' '!' -e /tmp/sssd-softhsm2-fyAXsG/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf ']' 770s + '[' '!' -d /tmp/sssd-softhsm2-fyAXsG/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 ']' 770s + echo 'Test Organization Sub Int Token' 770s + '[' -n partial_chain ']' 770s + local verify_arg=--verify=partial_chain 770s + local output_base_name=SSSD-child-17389 770s + local output_file=/tmp/sssd-softhsm2-fyAXsG/SSSD-child-17389.output 770s + output_cert_file=/tmp/sssd-softhsm2-fyAXsG/SSSD-child-17389.pem 770s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so --verify=partial_chain --ca_db=/tmp/sssd-softhsm2-fyAXsG/test-root-intermediate-chain-CA.pem 770s [p11_child[2477]] [main] (0x0400): p11_child started. 770s [p11_child[2477]] [main] (0x2000): Running in [pre-auth] mode. 770s [p11_child[2477]] [main] (0x2000): Running with effective IDs: [0][0]. 770s [p11_child[2477]] [main] (0x2000): Running with real IDs [0][0]. 770s [p11_child[2477]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 770s [p11_child[2477]] [do_card] (0x4000): Module List: 770s [p11_child[2477]] [do_card] (0x4000): common name: [softhsm2]. 770s [p11_child[2477]] [do_card] (0x4000): dll name: [/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 770s [p11_child[2477]] [do_card] (0x4000): Description [SoftHSM slot ID 0x4b86e153] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 770s [p11_child[2477]] [do_card] (0x4000): Token label [Test Organization Sub Int Token]. 770s [p11_child[2477]] [do_card] (0x4000): Found [Test Organization Sub Int Token] in slot [SoftHSM slot ID 0x4b86e153][1267130707] of module [0][/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 770s [p11_child[2477]] [do_card] (0x4000): Login NOT required. 770s [p11_child[2477]] [read_certs] (0x4000): found cert[Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] 770s [p11_child[2477]] [do_verification] (0x0040): X509_verify_cert failed [0]. 770s [p11_child[2477]] [do_verification] (0x0040): X509_verify_cert failed [20][unable to get local issuer certificate]. 770s [p11_child[2477]] [read_certs] (0x0040): Certificate [Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] not valid, skipping. 770s [p11_child[2477]] [do_card] (0x4000): No certificate found. 770s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-fyAXsG/SSSD-child-17389.output 770s + return 2 770s + valid_certificate /tmp/sssd-softhsm2-fyAXsG/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-8967 /tmp/sssd-softhsm2-fyAXsG/test-sub-intermediate-CA.pem partial_chain 770s + check_certificate /tmp/sssd-softhsm2-fyAXsG/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-8967 /tmp/sssd-softhsm2-fyAXsG/test-sub-intermediate-CA.pem partial_chain 770s + local certificate=/tmp/sssd-softhsm2-fyAXsG/test-sub-intermediate-CA-trusted-certificate-0001.pem 770s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-8967 770s + local key_ring=/tmp/sssd-softhsm2-fyAXsG/test-sub-intermediate-CA.pem 770s + local verify_option=partial_chain 770s + prepare_softhsm2_card /tmp/sssd-softhsm2-fyAXsG/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-8967 770s + local certificate=/tmp/sssd-softhsm2-fyAXsG/test-sub-intermediate-CA-trusted-certificate-0001.pem 770s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-8967 770s + local key_cn 770s + local key_name 770s + local tokens_dir 770s + local output_cert_file 770s + token_name= 770s ++ basename /tmp/sssd-softhsm2-fyAXsG/test-sub-intermediate-CA-trusted-certificate-0001.pem .pem 770s + key_name=test-sub-intermediate-CA-trusted-certificate-0001 770s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-fyAXsG/test-sub-intermediate-CA-trusted-certificate-0001.pem 770s ++ sed -n 's/ *commonName *= //p' 770s + key_cn='Test Organization Sub Intermediate Trusted Certificate 0001' 770s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 770s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-fyAXsG/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 770s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-fyAXsG/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 770s ++ basename /tmp/sssd-softhsm2-fyAXsG/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf .conf 770s + tokens_dir=/tmp/sssd-softhsm2-fyAXsG/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 770s + token_name='Test Organization Sub Int Token' 770s + '[' '!' -e /tmp/sssd-softhsm2-fyAXsG/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf ']' 770s Test Organization Sub Int Token 770s + '[' '!' -d /tmp/sssd-softhsm2-fyAXsG/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 ']' 770s + echo 'Test Organization Sub Int Token' 770s + '[' -n partial_chain ']' 770s + local verify_arg=--verify=partial_chain 770s + local output_base_name=SSSD-child-27321 770s + local output_file=/tmp/sssd-softhsm2-fyAXsG/SSSD-child-27321.output 770s + output_cert_file=/tmp/sssd-softhsm2-fyAXsG/SSSD-child-27321.pem 770s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so --verify=partial_chain --ca_db=/tmp/sssd-softhsm2-fyAXsG/test-sub-intermediate-CA.pem 770s [p11_child[2484]] [main] (0x0400): p11_child started. 770s [p11_child[2484]] [main] (0x2000): Running in [pre-auth] mode. 770s [p11_child[2484]] [main] (0x2000): Running with effective IDs: [0][0]. 770s [p11_child[2484]] [main] (0x2000): Running with real IDs [0][0]. 770s [p11_child[2484]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 770s [p11_child[2484]] [do_card] (0x4000): Module List: 770s [p11_child[2484]] [do_card] (0x4000): common name: [softhsm2]. 770s [p11_child[2484]] [do_card] (0x4000): dll name: [/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 770s [p11_child[2484]] [do_card] (0x4000): Description [SoftHSM slot ID 0x4b86e153] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 770s [p11_child[2484]] [do_card] (0x4000): Token label [Test Organization Sub Int Token]. 770s [p11_child[2484]] [do_card] (0x4000): Found [Test Organization Sub Int Token] in slot [SoftHSM slot ID 0x4b86e153][1267130707] of module [0][/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 770s [p11_child[2484]] [do_card] (0x4000): Login NOT required. 770s [p11_child[2484]] [read_certs] (0x4000): found cert[Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] 770s [p11_child[2484]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 770s [p11_child[2484]] [do_card] (0x4000): /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so (null) Test Organization Sub Int Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 770s [p11_child[2484]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x4b86e153;slot-manufacturer=SoftHSM%20project;slot-id=1267130707;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=10702d7bcb86e153;token=Test%20Organization%20Sub%20Int%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Sub%20Intermediate%20Trusted%20Certificate%200001;type=cert. 770s [p11_child[2484]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 770s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-fyAXsG/SSSD-child-27321.output 770s + echo '-----BEGIN CERTIFICATE-----' 770s + tail -n1 /tmp/sssd-softhsm2-fyAXsG/SSSD-child-27321.output 770s + echo '-----END CERTIFICATE-----' 770s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-fyAXsG/SSSD-child-27321.pem 770s Certificate: 770s Data: 770s Version: 3 (0x2) 770s Serial Number: 5 (0x5) 770s Signature Algorithm: sha256WithRSAEncryption 770s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate CA 770s Validity 770s Not Before: Mar 21 21:55:27 2024 GMT 770s Not After : Mar 21 21:55:27 2025 GMT 770s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate Trusted Certificate 0001 770s Subject Public Key Info: 770s Public Key Algorithm: rsaEncryption 770s Public-Key: (1024 bit) 770s Modulus: 770s 00:a7:47:cd:58:91:23:f2:02:42:b2:cd:c4:0e:f5: 770s 35:08:f1:4c:40:fb:a4:7f:e1:8b:56:f6:69:f0:ae: 770s bf:26:1e:05:89:6f:7f:64:86:e8:e0:fa:3b:85:87: 770s 6a:17:4e:42:08:93:05:3f:fd:a0:49:2c:51:57:f1: 770s f7:65:a7:c4:3e:e1:95:b6:c5:7c:79:bc:5b:74:9a: 770s f0:c9:b7:79:87:88:b5:b8:6f:68:d9:9d:69:75:99: 770s 80:ca:3c:dd:38:6f:da:6f:d6:9a:1b:dd:22:16:da: 770s 73:aa:70:49:6a:d1:8c:2e:37:1a:c9:f3:e3:b9:e2: 770s 02:b9:d0:20:80:67:52:de:b3 770s Exponent: 65537 (0x10001) 770s X509v3 extensions: 770s X509v3 Authority Key Identifier: 770s 40:95:2D:6B:86:1B:33:36:91:35:7D:E4:07:96:29:44:DD:61:A8:62 770s X509v3 Basic Constraints: 770s CA:FALSE 770s Netscape Cert Type: 770s SSL Client, S/MIME 770s Netscape Comment: 770s Test Organization Sub Intermediate CA trusted Certificate 770s X509v3 Subject Key Identifier: 770s A1:D5:E8:69:F3:42:B7:0A:20:26:10:15:A3:30:26:95:B1:24:66:AE 770s X509v3 Key Usage: critical 770s Digital Signature, Non Repudiation, Key Encipherment 770s X509v3 Extended Key Usage: 770s TLS Web Client Authentication, E-mail Protection 770s X509v3 Subject Alternative Name: 770s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 770s Signature Algorithm: sha256WithRSAEncryption 770s Signature Value: 770s 12:1e:7a:b9:b9:ba:bb:bc:9c:fd:9d:74:f5:82:ca:29:de:50: 770s 4a:d5:3a:04:41:65:47:68:a6:5e:fe:87:3e:2a:cb:4d:89:66: 770s de:40:ba:4f:ca:3c:9f:17:c2:29:6b:ad:cf:3f:1c:e0:81:24: 770s ee:f1:7f:13:b9:64:6a:fd:d0:a3:41:05:85:8e:de:aa:ca:ed: 770s 5e:da:fd:74:50:a9:c0:bc:a5:91:57:29:74:53:62:e6:98:94: 770s 9a:ee:14:db:15:29:f5:6c:19:76:34:a2:19:6e:f2:1b:9a:b2: 770s 08:52:30:53:6e:33:ea:8b:f0:c3:9c:31:31:cf:99:42:8f:44: 770s ba:90 770s + local found_md5 expected_md5 770s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-fyAXsG/test-sub-intermediate-CA-trusted-certificate-0001.pem 770s + expected_md5=Modulus=A747CD589123F20242B2CDC40EF53508F14C40FBA47FE18B56F669F0AEBF261E05896F7F6486E8E0FA3B85876A174E420893053FFDA0492C5157F1F765A7C43EE195B6C57C79BC5B749AF0C9B7798788B5B86F68D99D69759980CA3CDD386FDA6FD69A1BDD2216DA73AA70496AD18C2E371AC9F3E3B9E202B9D020806752DEB3 770s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-fyAXsG/SSSD-child-27321.pem 770s + found_md5=Modulus=A747CD589123F20242B2CDC40EF53508F14C40FBA47FE18B56F669F0AEBF261E05896F7F6486E8E0FA3B85876A174E420893053FFDA0492C5157F1F765A7C43EE195B6C57C79BC5B749AF0C9B7798788B5B86F68D99D69759980CA3CDD386FDA6FD69A1BDD2216DA73AA70496AD18C2E371AC9F3E3B9E202B9D020806752DEB3 770s + '[' Modulus=A747CD589123F20242B2CDC40EF53508F14C40FBA47FE18B56F669F0AEBF261E05896F7F6486E8E0FA3B85876A174E420893053FFDA0492C5157F1F765A7C43EE195B6C57C79BC5B749AF0C9B7798788B5B86F68D99D69759980CA3CDD386FDA6FD69A1BDD2216DA73AA70496AD18C2E371AC9F3E3B9E202B9D020806752DEB3 '!=' Modulus=A747CD589123F20242B2CDC40EF53508F14C40FBA47FE18B56F669F0AEBF261E05896F7F6486E8E0FA3B85876A174E420893053FFDA0492C5157F1F765A7C43EE195B6C57C79BC5B749AF0C9B7798788B5B86F68D99D69759980CA3CDD386FDA6FD69A1BDD2216DA73AA70496AD18C2E371AC9F3E3B9E202B9D020806752DEB3 ']' 770s + output_file=/tmp/sssd-softhsm2-fyAXsG/SSSD-child-27321-auth.output 770s ++ basename /tmp/sssd-softhsm2-fyAXsG/SSSD-child-27321-auth.output .output 770s + output_cert_file=/tmp/sssd-softhsm2-fyAXsG/SSSD-child-27321-auth.pem 770s + echo -n 053350 770s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/tmp/sssd-softhsm2-fyAXsG/test-sub-intermediate-CA.pem --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 --verify=partial_chain --token_name 'Test Organization Sub Int Token' --module_name /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so 770s [p11_child[2492]] [main] (0x0400): p11_child started. 770s [p11_child[2492]] [main] (0x2000): Running in [auth] mode. 770s [p11_child[2492]] [main] (0x2000): Running with effective IDs: [0][0]. 770s [p11_child[2492]] [main] (0x2000): Running with real IDs [0][0]. 770s [p11_child[2492]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 770s [p11_child[2492]] [do_card] (0x4000): Module List: 770s [p11_child[2492]] [do_card] (0x4000): common name: [softhsm2]. 770s [p11_child[2492]] [do_card] (0x4000): dll name: [/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 770s [p11_child[2492]] [do_card] (0x4000): Description [SoftHSM slot ID 0x4b86e153] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 770s [p11_child[2492]] [do_card] (0x4000): Token label [Test Organization Sub Int Token]. 770s [p11_child[2492]] [do_card] (0x4000): Found [Test Organization Sub Int Token] in slot [SoftHSM slot ID 0x4b86e153][1267130707] of module [0][/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 770s [p11_child[2492]] [do_card] (0x4000): Login required. 770s [p11_child[2492]] [read_certs] (0x4000): found cert[Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] 770s [p11_child[2492]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 770s [p11_child[2492]] [do_card] (0x4000): /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so Test Organization Sub Int Token Test Organization Sub Int Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 770s [p11_child[2492]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x4b86e153;slot-manufacturer=SoftHSM%20project;slot-id=1267130707;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=10702d7bcb86e153;token=Test%20Organization%20Sub%20Int%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Sub%20Intermediate%20Trusted%20Certificate%200001;type=cert. 770s [p11_child[2492]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 770s [p11_child[2492]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 770s [p11_child[2492]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 770s [p11_child[2492]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 770s [p11_child[2492]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 770s [p11_child[2492]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 770s [p11_child[2492]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 770s [p11_child[2492]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 770s [p11_child[2492]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 770s [p11_child[2492]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 770s [p11_child[2492]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 770s [p11_child[2492]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 770s [p11_child[2492]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 770s [p11_child[2492]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 770s [p11_child[2492]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 770s [p11_child[2492]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 770s [p11_child[2492]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 770s [p11_child[2492]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 770s [p11_child[2492]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 770s [p11_child[2492]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 770s [p11_child[2492]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 770s [p11_child[2492]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 770s [p11_child[2492]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 770s [p11_child[2492]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 770s [p11_child[2492]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 770s [p11_child[2492]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 770s [p11_child[2492]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 770s [p11_child[2492]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 770s [p11_child[2492]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 770s [p11_child[2492]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 770s [p11_child[2492]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 770s [p11_child[2492]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 770s [p11_child[2492]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 770s [p11_child[2492]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 770s [p11_child[2492]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 770s [p11_child[2492]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 770s [p11_child[2492]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 770s [p11_child[2492]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 770s [p11_child[2492]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 770s [p11_child[2492]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 770s [p11_child[2492]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 770s [p11_child[2492]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 770s [p11_child[2492]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 770s [p11_child[2492]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 770s [p11_child[2492]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 770s [p11_child[2492]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 770s [p11_child[2492]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 770s [p11_child[2492]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 770s [p11_child[2492]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 770s [p11_child[2492]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 770s [p11_child[2492]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 770s [p11_child[2492]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 770s [p11_child[2492]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 770s [p11_child[2492]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 770s [p11_child[2492]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 770s [p11_child[2492]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 770s [p11_child[2492]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 770s [p11_child[2492]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 770s [p11_child[2492]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 770s [p11_child[2492]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 770s [p11_child[2492]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 770s [p11_child[2492]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 770s [p11_child[2492]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 770s [p11_child[2492]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 770s [p11_child[2492]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 770s [p11_child[2492]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 770s [p11_child[2492]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 770s [p11_child[2492]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 770s [p11_child[2492]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 770s [p11_child[2492]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 770s [p11_child[2492]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 770s [p11_child[2492]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 770s [p11_child[2492]] [do_card] (0x4000): Certificate verified and validated. 770s [p11_child[2492]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 770s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-fyAXsG/SSSD-child-27321-auth.output 770s + echo '-----BEGIN CERTIFICATE-----' 770s + tail -n1 /tmp/sssd-softhsm2-fyAXsG/SSSD-child-27321-auth.output 770s + echo '-----END CERTIFICATE-----' 770s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-fyAXsG/SSSD-child-27321-auth.pem 770s Certificate: 770s Data: 770s Version: 3 (0x2) 770s Serial Number: 5 (0x5) 770s Signature Algorithm: sha256WithRSAEncryption 770s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate CA 770s Validity 770s Not Before: Mar 21 21:55:27 2024 GMT 770s Not After : Mar 21 21:55:27 2025 GMT 770s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate Trusted Certificate 0001 770s Subject Public Key Info: 770s Public Key Algorithm: rsaEncryption 770s Public-Key: (1024 bit) 770s Modulus: 770s 00:a7:47:cd:58:91:23:f2:02:42:b2:cd:c4:0e:f5: 770s 35:08:f1:4c:40:fb:a4:7f:e1:8b:56:f6:69:f0:ae: 770s bf:26:1e:05:89:6f:7f:64:86:e8:e0:fa:3b:85:87: 770s 6a:17:4e:42:08:93:05:3f:fd:a0:49:2c:51:57:f1: 770s f7:65:a7:c4:3e:e1:95:b6:c5:7c:79:bc:5b:74:9a: 770s f0:c9:b7:79:87:88:b5:b8:6f:68:d9:9d:69:75:99: 770s 80:ca:3c:dd:38:6f:da:6f:d6:9a:1b:dd:22:16:da: 770s 73:aa:70:49:6a:d1:8c:2e:37:1a:c9:f3:e3:b9:e2: 770s 02:b9:d0:20:80:67:52:de:b3 770s Exponent: 65537 (0x10001) 770s X509v3 extensions: 770s X509v3 Authority Key Identifier: 770s 40:95:2D:6B:86:1B:33:36:91:35:7D:E4:07:96:29:44:DD:61:A8:62 770s X509v3 Basic Constraints: 770s CA:FALSE 770s Netscape Cert Type: 770s SSL Client, S/MIME 770s Netscape Comment: 770s Test Organization Sub Intermediate CA trusted Certificate 770s X509v3 Subject Key Identifier: 770s A1:D5:E8:69:F3:42:B7:0A:20:26:10:15:A3:30:26:95:B1:24:66:AE 770s X509v3 Key Usage: critical 770s Digital Signature, Non Repudiation, Key Encipherment 770s X509v3 Extended Key Usage: 770s TLS Web Client Authentication, E-mail Protection 770s X509v3 Subject Alternative Name: 770s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 770s Signature Algorithm: sha256WithRSAEncryption 770s Signature Value: 770s 12:1e:7a:b9:b9:ba:bb:bc:9c:fd:9d:74:f5:82:ca:29:de:50: 770s 4a:d5:3a:04:41:65:47:68:a6:5e:fe:87:3e:2a:cb:4d:89:66: 770s de:40:ba:4f:ca:3c:9f:17:c2:29:6b:ad:cf:3f:1c:e0:81:24: 770s ee:f1:7f:13:b9:64:6a:fd:d0:a3:41:05:85:8e:de:aa:ca:ed: 770s 5e:da:fd:74:50:a9:c0:bc:a5:91:57:29:74:53:62:e6:98:94: 770s 9a:ee:14:db:15:29:f5:6c:19:76:34:a2:19:6e:f2:1b:9a:b2: 770s 08:52:30:53:6e:33:ea:8b:f0:c3:9c:31:31:cf:99:42:8f:44: 770s ba:90 770s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-fyAXsG/SSSD-child-27321-auth.pem 770s + found_md5=Modulus=A747CD589123F20242B2CDC40EF53508F14C40FBA47FE18B56F669F0AEBF261E05896F7F6486E8E0FA3B85876A174E420893053FFDA0492C5157F1F765A7C43EE195B6C57C79BC5B749AF0C9B7798788B5B86F68D99D69759980CA3CDD386FDA6FD69A1BDD2216DA73AA70496AD18C2E371AC9F3E3B9E202B9D020806752DEB3 770s + '[' Modulus=A747CD589123F20242B2CDC40EF53508F14C40FBA47FE18B56F669F0AEBF261E05896F7F6486E8E0FA3B85876A174E420893053FFDA0492C5157F1F765A7C43EE195B6C57C79BC5B749AF0C9B7798788B5B86F68D99D69759980CA3CDD386FDA6FD69A1BDD2216DA73AA70496AD18C2E371AC9F3E3B9E202B9D020806752DEB3 '!=' Modulus=A747CD589123F20242B2CDC40EF53508F14C40FBA47FE18B56F669F0AEBF261E05896F7F6486E8E0FA3B85876A174E420893053FFDA0492C5157F1F765A7C43EE195B6C57C79BC5B749AF0C9B7798788B5B86F68D99D69759980CA3CDD386FDA6FD69A1BDD2216DA73AA70496AD18C2E371AC9F3E3B9E202B9D020806752DEB3 ']' 770s + valid_certificate /tmp/sssd-softhsm2-fyAXsG/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-8967 /tmp/sssd-softhsm2-fyAXsG/test-intermediate-sub-chain-CA.pem partial_chain 770s + check_certificate /tmp/sssd-softhsm2-fyAXsG/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-8967 /tmp/sssd-softhsm2-fyAXsG/test-intermediate-sub-chain-CA.pem partial_chain 770s + local certificate=/tmp/sssd-softhsm2-fyAXsG/test-sub-intermediate-CA-trusted-certificate-0001.pem 770s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-8967 770s + local key_ring=/tmp/sssd-softhsm2-fyAXsG/test-intermediate-sub-chain-CA.pem 770s + local verify_option=partial_chain 770s + prepare_softhsm2_card /tmp/sssd-softhsm2-fyAXsG/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-8967 770s + local certificate=/tmp/sssd-softhsm2-fyAXsG/test-sub-intermediate-CA-trusted-certificate-0001.pem 770s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-8967 770s + local key_cn 770s + local key_name 770s + local tokens_dir 770s + local output_cert_file 770s + token_name= 770s ++ basename /tmp/sssd-softhsm2-fyAXsG/test-sub-intermediate-CA-trusted-certificate-0001.pem .pem 770s + key_name=test-sub-intermediate-CA-trusted-certificate-0001 770s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-fyAXsG/test-sub-intermediate-CA-trusted-certificate-0001.pem 770s ++ sed -n 's/ *commonName *= //p' 770s + key_cn='Test Organization Sub Intermediate Trusted Certificate 0001' 770s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 770s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-fyAXsG/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 770s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-fyAXsG/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 770s Test Organization Sub Int Token 770s ++ basename /tmp/sssd-softhsm2-fyAXsG/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf .conf 770s + tokens_dir=/tmp/sssd-softhsm2-fyAXsG/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 770s + token_name='Test Organization Sub Int Token' 770s + '[' '!' -e /tmp/sssd-softhsm2-fyAXsG/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf ']' 770s + '[' '!' -d /tmp/sssd-softhsm2-fyAXsG/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 ']' 770s + echo 'Test Organization Sub Int Token' 770s + '[' -n partial_chain ']' 770s + local verify_arg=--verify=partial_chain 770s + local output_base_name=SSSD-child-13657 770s + local output_file=/tmp/sssd-softhsm2-fyAXsG/SSSD-child-13657.output 770s + output_cert_file=/tmp/sssd-softhsm2-fyAXsG/SSSD-child-13657.pem 770s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so --verify=partial_chain --ca_db=/tmp/sssd-softhsm2-fyAXsG/test-intermediate-sub-chain-CA.pem 770s [p11_child[2502]] [main] (0x0400): p11_child started. 770s [p11_child[2502]] [main] (0x2000): Running in [pre-auth] mode. 770s [p11_child[2502]] [main] (0x2000): Running with effective IDs: [0][0]. 770s [p11_child[2502]] [main] (0x2000): Running with real IDs [0][0]. 770s [p11_child[2502]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 770s [p11_child[2502]] [do_card] (0x4000): Module List: 770s [p11_child[2502]] [do_card] (0x4000): common name: [softhsm2]. 770s [p11_child[2502]] [do_card] (0x4000): dll name: [/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 770s [p11_child[2502]] [do_card] (0x4000): Description [SoftHSM slot ID 0x4b86e153] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 770s [p11_child[2502]] [do_card] (0x4000): Token label [Test Organization Sub Int Token]. 770s [p11_child[2502]] [do_card] (0x4000): Found [Test Organization Sub Int Token] in slot [SoftHSM slot ID 0x4b86e153][1267130707] of module [0][/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 770s [p11_child[2502]] [do_card] (0x4000): Login NOT required. 770s [p11_child[2502]] [read_certs] (0x4000): found cert[Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] 770s [p11_child[2502]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 770s [p11_child[2502]] [do_card] (0x4000): /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so (null) Test Organization Sub Int Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 770s [p11_child[2502]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x4b86e153;slot-manufacturer=SoftHSM%20project;slot-id=1267130707;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=10702d7bcb86e153;token=Test%20Organization%20Sub%20Int%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Sub%20Intermediate%20Trusted%20Certificate%200001;type=cert. 770s [p11_child[2502]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 770s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-fyAXsG/SSSD-child-13657.output 770s + echo '-----BEGIN CERTIFICATE-----' 770s + tail -n1 /tmp/sssd-softhsm2-fyAXsG/SSSD-child-13657.output 770s + echo '-----END CERTIFICATE-----' 770s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-fyAXsG/SSSD-child-13657.pem 770s + local found_md5 expected_md5 770s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-fyAXsG/test-sub-intermediate-CA-trusted-certificate-0001.pem 770s Certificate: 770s Data: 770s Version: 3 (0x2) 770s Serial Number: 5 (0x5) 770s Signature Algorithm: sha256WithRSAEncryption 770s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate CA 770s Validity 770s Not Before: Mar 21 21:55:27 2024 GMT 770s Not After : Mar 21 21:55:27 2025 GMT 770s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate Trusted Certificate 0001 770s Subject Public Key Info: 770s Public Key Algorithm: rsaEncryption 770s Public-Key: (1024 bit) 770s Modulus: 770s 00:a7:47:cd:58:91:23:f2:02:42:b2:cd:c4:0e:f5: 770s 35:08:f1:4c:40:fb:a4:7f:e1:8b:56:f6:69:f0:ae: 770s bf:26:1e:05:89:6f:7f:64:86:e8:e0:fa:3b:85:87: 770s 6a:17:4e:42:08:93:05:3f:fd:a0:49:2c:51:57:f1: 770s f7:65:a7:c4:3e:e1:95:b6:c5:7c:79:bc:5b:74:9a: 770s f0:c9:b7:79:87:88:b5:b8:6f:68:d9:9d:69:75:99: 770s 80:ca:3c:dd:38:6f:da:6f:d6:9a:1b:dd:22:16:da: 770s 73:aa:70:49:6a:d1:8c:2e:37:1a:c9:f3:e3:b9:e2: 770s 02:b9:d0:20:80:67:52:de:b3 770s Exponent: 65537 (0x10001) 770s X509v3 extensions: 770s X509v3 Authority Key Identifier: 770s 40:95:2D:6B:86:1B:33:36:91:35:7D:E4:07:96:29:44:DD:61:A8:62 770s X509v3 Basic Constraints: 770s CA:FALSE 770s Netscape Cert Type: 770s SSL Client, S/MIME 770s Netscape Comment: 770s Test Organization Sub Intermediate CA trusted Certificate 770s X509v3 Subject Key Identifier: 770s A1:D5:E8:69:F3:42:B7:0A:20:26:10:15:A3:30:26:95:B1:24:66:AE 770s X509v3 Key Usage: critical 770s Digital Signature, Non Repudiation, Key Encipherment 770s X509v3 Extended Key Usage: 770s TLS Web Client Authentication, E-mail Protection 770s X509v3 Subject Alternative Name: 770s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 770s Signature Algorithm: sha256WithRSAEncryption 770s Signature Value: 770s 12:1e:7a:b9:b9:ba:bb:bc:9c:fd:9d:74:f5:82:ca:29:de:50: 770s 4a:d5:3a:04:41:65:47:68:a6:5e:fe:87:3e:2a:cb:4d:89:66: 770s de:40:ba:4f:ca:3c:9f:17:c2:29:6b:ad:cf:3f:1c:e0:81:24: 770s ee:f1:7f:13:b9:64:6a:fd:d0:a3:41:05:85:8e:de:aa:ca:ed: 770s 5e:da:fd:74:50:a9:c0:bc:a5:91:57:29:74:53:62:e6:98:94: 770s 9a:ee:14:db:15:29:f5:6c:19:76:34:a2:19:6e:f2:1b:9a:b2: 770s 08:52:30:53:6e:33:ea:8b:f0:c3:9c:31:31:cf:99:42:8f:44: 770s ba:90 770s + expected_md5=Modulus=A747CD589123F20242B2CDC40EF53508F14C40FBA47FE18B56F669F0AEBF261E05896F7F6486E8E0FA3B85876A174E420893053FFDA0492C5157F1F765A7C43EE195B6C57C79BC5B749AF0C9B7798788B5B86F68D99D69759980CA3CDD386FDA6FD69A1BDD2216DA73AA70496AD18C2E371AC9F3E3B9E202B9D020806752DEB3 770s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-fyAXsG/SSSD-child-13657.pem 770s + found_md5=Modulus=A747CD589123F20242B2CDC40EF53508F14C40FBA47FE18B56F669F0AEBF261E05896F7F6486E8E0FA3B85876A174E420893053FFDA0492C5157F1F765A7C43EE195B6C57C79BC5B749AF0C9B7798788B5B86F68D99D69759980CA3CDD386FDA6FD69A1BDD2216DA73AA70496AD18C2E371AC9F3E3B9E202B9D020806752DEB3 770s + '[' Modulus=A747CD589123F20242B2CDC40EF53508F14C40FBA47FE18B56F669F0AEBF261E05896F7F6486E8E0FA3B85876A174E420893053FFDA0492C5157F1F765A7C43EE195B6C57C79BC5B749AF0C9B7798788B5B86F68D99D69759980CA3CDD386FDA6FD69A1BDD2216DA73AA70496AD18C2E371AC9F3E3B9E202B9D020806752DEB3 '!=' Modulus=A747CD589123F20242B2CDC40EF53508F14C40FBA47FE18B56F669F0AEBF261E05896F7F6486E8E0FA3B85876A174E420893053FFDA0492C5157F1F765A7C43EE195B6C57C79BC5B749AF0C9B7798788B5B86F68D99D69759980CA3CDD386FDA6FD69A1BDD2216DA73AA70496AD18C2E371AC9F3E3B9E202B9D020806752DEB3 ']' 770s + output_file=/tmp/sssd-softhsm2-fyAXsG/SSSD-child-13657-auth.output 770s ++ basename /tmp/sssd-softhsm2-fyAXsG/SSSD-child-13657-auth.output .output 770s + output_cert_file=/tmp/sssd-softhsm2-fyAXsG/SSSD-child-13657-auth.pem 770s + echo -n 053350 770s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/tmp/sssd-softhsm2-fyAXsG/test-intermediate-sub-chain-CA.pem --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 --verify=partial_chain --token_name 'Test Organization Sub Int Token' --module_name /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so 770s [p11_child[2510]] [main] (0x0400): p11_child started. 770s [p11_child[2510]] [main] (0x2000): Running in [auth] mode. 770s [p11_child[2510]] [main] (0x2000): Running with effective IDs: [0][0]. 770s [p11_child[2510]] [main] (0x2000): Running with real IDs [0][0]. 770s [p11_child[2510]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 770s [p11_child[2510]] [do_card] (0x4000): Module List: 770s [p11_child[2510]] [do_card] (0x4000): common name: [softhsm2]. 770s [p11_child[2510]] [do_card] (0x4000): dll name: [/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 770s [p11_child[2510]] [do_card] (0x4000): Description [SoftHSM slot ID 0x4b86e153] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 770s [p11_child[2510]] [do_card] (0x4000): Token label [Test Organization Sub Int Token]. 770s [p11_child[2510]] [do_card] (0x4000): Found [Test Organization Sub Int Token] in slot [SoftHSM slot ID 0x4b86e153][1267130707] of module [0][/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 770s [p11_child[2510]] [do_card] (0x4000): Login required. 770s [p11_child[2510]] [read_certs] (0x4000): found cert[Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] 770s [p11_child[2510]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 770s [p11_child[2510]] [do_card] (0x4000): /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so Test Organization Sub Int Token Test Organization Sub Int Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 770s [p11_child[2510]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x4b86e153;slot-manufacturer=SoftHSM%20project;slot-id=1267130707;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=10702d7bcb86e153;token=Test%20Organization%20Sub%20Int%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Sub%20Intermediate%20Trusted%20Certificate%200001;type=cert. 770s [p11_child[2510]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 770s [p11_child[2510]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 770s [p11_child[2510]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 770s [p11_child[2510]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 770s [p11_child[2510]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 770s [p11_child[2510]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 770s [p11_child[2510]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 770s [p11_child[2510]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 770s [p11_child[2510]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 770s [p11_child[2510]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 770s [p11_child[2510]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 770s [p11_child[2510]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 770s [p11_child[2510]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 770s [p11_child[2510]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 770s [p11_child[2510]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 770s [p11_child[2510]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 770s [p11_child[2510]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 770s [p11_child[2510]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 770s [p11_child[2510]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 770s [p11_child[2510]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 770s [p11_child[2510]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 770s [p11_child[2510]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 770s [p11_child[2510]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 770s [p11_child[2510]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 770s [p11_child[2510]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 770s [p11_child[2510]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 770s [p11_child[2510]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 770s [p11_child[2510]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 770s [p11_child[2510]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 770s [p11_child[2510]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 770s [p11_child[2510]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 770s [p11_child[2510]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 770s [p11_child[2510]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 770s [p11_child[2510]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 770s [p11_child[2510]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 770s [p11_child[2510]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 770s [p11_child[2510]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 770s [p11_child[2510]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 770s [p11_child[2510]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 770s [p11_child[2510]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 770s [p11_child[2510]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 770s [p11_child[2510]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 770s [p11_child[2510]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 770s [p11_child[2510]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 770s [p11_child[2510]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 770s [p11_child[2510]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 770s [p11_child[2510]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 770s [p11_child[2510]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 770s [p11_child[2510]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 770s [p11_child[2510]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 770s [p11_child[2510]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 770s [p11_child[2510]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 770s [p11_child[2510]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 770s [p11_child[2510]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 770s [p11_child[2510]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 770s [p11_child[2510]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 770s [p11_child[2510]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 770s [p11_child[2510]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 770s [p11_child[2510]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 770s [p11_child[2510]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 770s [p11_child[2510]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 770s [p11_child[2510]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 770s [p11_child[2510]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 770s [p11_child[2510]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 770s [p11_child[2510]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 770s [p11_child[2510]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 770s [p11_child[2510]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 770s [p11_child[2510]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 770s [p11_child[2510]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 770s [p11_child[2510]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 770s [p11_child[2510]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 770s [p11_child[2510]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 770s [p11_child[2510]] [do_card] (0x4000): Certificate verified and validated. 770s [p11_child[2510]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 770s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-fyAXsG/SSSD-child-13657-auth.output 770s + echo '-----BEGIN CERTIFICATE-----' 770s + tail -n1 /tmp/sssd-softhsm2-fyAXsG/SSSD-child-13657-auth.output 770s + echo '-----END CERTIFICATE-----' 770s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-fyAXsG/SSSD-child-13657-auth.pem 770s Certificate: 770s Data: 770s Version: 3 (0x2) 770s Serial Number: 5 (0x5) 770s Signature Algorithm: sha256WithRSAEncryption 770s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate CA 770s Validity 770s Not Before: Mar 21 21:55:27 2024 GMT 770s Not After : Mar 21 21:55:27 2025 GMT 770s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate Trusted Certificate 0001 770s Subject Public Key Info: 770s Public Key Algorithm: rsaEncryption 770s Public-Key: (1024 bit) 770s Modulus: 770s 00:a7:47:cd:58:91:23:f2:02:42:b2:cd:c4:0e:f5: 770s 35:08:f1:4c:40:fb:a4:7f:e1:8b:56:f6:69:f0:ae: 770s bf:26:1e:05:89:6f:7f:64:86:e8:e0:fa:3b:85:87: 770s 6a:17:4e:42:08:93:05:3f:fd:a0:49:2c:51:57:f1: 770s f7:65:a7:c4:3e:e1:95:b6:c5:7c:79:bc:5b:74:9a: 770s f0:c9:b7:79:87:88:b5:b8:6f:68:d9:9d:69:75:99: 770s 80:ca:3c:dd:38:6f:da:6f:d6:9a:1b:dd:22:16:da: 770s 73:aa:70:49:6a:d1:8c:2e:37:1a:c9:f3:e3:b9:e2: 770s 02:b9:d0:20:80:67:52:de:b3 770s Exponent: 65537 (0x10001) 770s X509v3 extensions: 770s X509v3 Authority Key Identifier: 770s 40:95:2D:6B:86:1B:33:36:91:35:7D:E4:07:96:29:44:DD:61:A8:62 770s X509v3 Basic Constraints: 770s CA:FALSE 770s Netscape Cert Type: 770s SSL Client, S/MIME 770s Netscape Comment: 770s Test Organization Sub Intermediate CA trusted Certificate 770s X509v3 Subject Key Identifier: 770s A1:D5:E8:69:F3:42:B7:0A:20:26:10:15:A3:30:26:95:B1:24:66:AE 770s X509v3 Key Usage: critical 770s Digital Signature, Non Repudiation, Key Encipherment 770s X509v3 Extended Key Usage: 770s TLS Web Client Authentication, E-mail Protection 770s X509v3 Subject Alternative Name: 770s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 770s Signature Algorithm: sha256WithRSAEncryption 770s Signature Value: 770s 12:1e:7a:b9:b9:ba:bb:bc:9c:fd:9d:74:f5:82:ca:29:de:50: 770s 4a:d5:3a:04:41:65:47:68:a6:5e:fe:87:3e:2a:cb:4d:89:66: 770s de:40:ba:4f:ca:3c:9f:17:c2:29:6b:ad:cf:3f:1c:e0:81:24: 770s ee:f1:7f:13:b9:64:6a:fd:d0:a3:41:05:85:8e:de:aa:ca:ed: 770s 5e:da:fd:74:50:a9:c0:bc:a5:91:57:29:74:53:62:e6:98:94: 770s 9a:ee:14:db:15:29:f5:6c:19:76:34:a2:19:6e:f2:1b:9a:b2: 770s 08:52:30:53:6e:33:ea:8b:f0:c3:9c:31:31:cf:99:42:8f:44: 770s ba:90 770s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-fyAXsG/SSSD-child-13657-auth.pem 770s + found_md5=Modulus=A747CD589123F20242B2CDC40EF53508F14C40FBA47FE18B56F669F0AEBF261E05896F7F6486E8E0FA3B85876A174E420893053FFDA0492C5157F1F765A7C43EE195B6C57C79BC5B749AF0C9B7798788B5B86F68D99D69759980CA3CDD386FDA6FD69A1BDD2216DA73AA70496AD18C2E371AC9F3E3B9E202B9D020806752DEB3 770s + '[' Modulus=A747CD589123F20242B2CDC40EF53508F14C40FBA47FE18B56F669F0AEBF261E05896F7F6486E8E0FA3B85876A174E420893053FFDA0492C5157F1F765A7C43EE195B6C57C79BC5B749AF0C9B7798788B5B86F68D99D69759980CA3CDD386FDA6FD69A1BDD2216DA73AA70496AD18C2E371AC9F3E3B9E202B9D020806752DEB3 '!=' Modulus=A747CD589123F20242B2CDC40EF53508F14C40FBA47FE18B56F669F0AEBF261E05896F7F6486E8E0FA3B85876A174E420893053FFDA0492C5157F1F765A7C43EE195B6C57C79BC5B749AF0C9B7798788B5B86F68D99D69759980CA3CDD386FDA6FD69A1BDD2216DA73AA70496AD18C2E371AC9F3E3B9E202B9D020806752DEB3 ']' 770s + set +x 770s 770s Test completed, Root CA and intermediate issued certificates verified! 771s autopkgtest [21:55:32]: test sssd-softhism2-certificates-tests.sh: -----------------------] 771s autopkgtest [21:55:32]: test sssd-softhism2-certificates-tests.sh: - - - - - - - - - - results - - - - - - - - - - 771s sssd-softhism2-certificates-tests.sh PASS 772s autopkgtest [21:55:33]: test sssd-smart-card-pam-auth-configs: preparing testbed 774s Reading package lists... 774s Building dependency tree... 774s Reading state information... 774s Starting pkgProblemResolver with broken count: 0 774s Starting 2 pkgProblemResolver with broken count: 0 774s Done 775s The following additional packages will be installed: 775s pamtester 775s The following NEW packages will be installed: 775s autopkgtest-satdep pamtester 775s 0 upgraded, 2 newly installed, 0 to remove and 0 not upgraded. 775s Need to get 12.2 kB/13.0 kB of archives. 775s After this operation, 36.9 kB of additional disk space will be used. 775s Get:1 /tmp/autopkgtest.AyAHeN/4-autopkgtest-satdep.deb autopkgtest-satdep s390x 0 [760 B] 775s Get:2 http://ftpmaster.internal/ubuntu noble/universe s390x pamtester s390x 0.1.2-4 [12.2 kB] 775s Fetched 12.2 kB in 0s (75.5 kB/s) 776s Selecting previously unselected package pamtester. 776s (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 51920 files and directories currently installed.) 776s Preparing to unpack .../pamtester_0.1.2-4_s390x.deb ... 776s Unpacking pamtester (0.1.2-4) ... 776s Selecting previously unselected package autopkgtest-satdep. 776s Preparing to unpack .../4-autopkgtest-satdep.deb ... 776s Unpacking autopkgtest-satdep (0) ... 776s Setting up pamtester (0.1.2-4) ... 776s Setting up autopkgtest-satdep (0) ... 776s Processing triggers for man-db (2.12.0-3) ... 779s (Reading database ... 51926 files and directories currently installed.) 779s Removing autopkgtest-satdep (0) ... 779s autopkgtest [21:55:40]: test sssd-smart-card-pam-auth-configs: env OFFLINE_MODE=1 bash debian/tests/sssd-smart-card-pam-auth-configs-tester.sh 779s autopkgtest [21:55:40]: test sssd-smart-card-pam-auth-configs: [----------------------- 780s + '[' -z ubuntu ']' 780s + export DEBIAN_FRONTEND=noninteractive 780s + DEBIAN_FRONTEND=noninteractive 780s + required_tools=(pamtester softhsm2-util sssd) 780s + [[ ! -v OFFLINE_MODE ]] 780s + for cmd in "${required_tools[@]}" 780s + command -v pamtester 780s + for cmd in "${required_tools[@]}" 780s + command -v softhsm2-util 780s + for cmd in "${required_tools[@]}" 780s + command -v sssd 780s + PIN=123456 780s ++ mktemp -d -t sssd-softhsm2-certs-XXXXXX 780s + tmpdir=/tmp/sssd-softhsm2-certs-5ZZDTI 780s + backupsdir= 780s + alternative_pam_configs=(sss-smart-card-optional sss-smart-card-required) 780s + declare -a restore_paths 780s + declare -a delete_paths 780s + trap handle_exit EXIT 780s ++ dirname debian/tests/sssd-smart-card-pam-auth-configs-tester.sh 780s + tester=debian/tests/sssd-softhism2-certificates-tests.sh 780s + '[' '!' -e debian/tests/sssd-softhism2-certificates-tests.sh ']' 780s + '[' '!' -e debian/tests/sssd-softhism2-certificates-tests.sh ']' 780s + export PIN TEST_TMPDIR=/tmp/sssd-softhsm2-certs-5ZZDTI GENERATE_SMART_CARDS=1 KEEP_TEMPORARY_FILES=1 NO_SSSD_TESTS=1 780s + TEST_TMPDIR=/tmp/sssd-softhsm2-certs-5ZZDTI 780s + GENERATE_SMART_CARDS=1 780s + KEEP_TEMPORARY_FILES=1 780s + NO_SSSD_TESTS=1 780s + bash debian/tests/sssd-softhism2-certificates-tests.sh 780s + '[' -z ubuntu ']' 780s + required_tools=(p11tool openssl softhsm2-util) 780s + for cmd in "${required_tools[@]}" 780s + command -v p11tool 780s + for cmd in "${required_tools[@]}" 780s + command -v openssl 780s + for cmd in "${required_tools[@]}" 780s + command -v softhsm2-util 780s + PIN=123456 780s +++ find /usr/lib/softhsm/libsofthsm2.so 780s +++ head -n 1 780s ++ realpath /usr/lib/softhsm/libsofthsm2.so 780s + SOFTHSM2_MODULE=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so 780s + SSSD_P11_CHILD=/usr/libexec/sssd/p11_child 780s + TOKEN_ID=00112233445566778899FFAABBCCDDEEFF012345 780s + '[' '!' -v NO_SSSD_TESTS ']' 780s + '[' '!' -e /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so ']' 780s + tmpdir=/tmp/sssd-softhsm2-certs-5ZZDTI 780s + keys_size=1024 780s + [[ ! -v KEEP_TEMPORARY_FILES ]] 780s + trap 'set +x; echo -e "\nUnexpected failure!!!"' ERR 780s + echo -n 01 780s + touch /tmp/sssd-softhsm2-certs-5ZZDTI/index.txt 780s + mkdir -p /tmp/sssd-softhsm2-certs-5ZZDTI/new_certs 780s + cat 780s + root_ca_key_pass=pass:random-root-CA-password-15960 780s + openssl genrsa -aes256 -out /tmp/sssd-softhsm2-certs-5ZZDTI/test-root-CA-key.pem -passout pass:random-root-CA-password-15960 1024 780s + openssl req -passin pass:random-root-CA-password-15960 -batch -config /tmp/sssd-softhsm2-certs-5ZZDTI/test-root-CA.config -x509 -new -nodes -key /tmp/sssd-softhsm2-certs-5ZZDTI/test-root-CA-key.pem -sha256 -days 1024 -set_serial 0 -extensions v3_ca -out /tmp/sssd-softhsm2-certs-5ZZDTI/test-root-CA.pem 780s + openssl x509 -noout -in /tmp/sssd-softhsm2-certs-5ZZDTI/test-root-CA.pem 780s + cat 780s + intermediate_ca_key_pass=pass:random-intermediate-CA-password-29762 780s + openssl genrsa -aes256 -out /tmp/sssd-softhsm2-certs-5ZZDTI/test-intermediate-CA-key.pem -passout pass:random-intermediate-CA-password-29762 1024 780s + openssl req -batch -new -nodes -passin pass:random-intermediate-CA-password-29762 -config /tmp/sssd-softhsm2-certs-5ZZDTI/test-intermediate-CA.config -key /tmp/sssd-softhsm2-certs-5ZZDTI/test-intermediate-CA-key.pem -passout pass:random-root-CA-password-15960 -sha256 -extensions v3_ca -out /tmp/sssd-softhsm2-certs-5ZZDTI/test-intermediate-CA-certificate-request.pem 780s + openssl req -text -noout -in /tmp/sssd-softhsm2-certs-5ZZDTI/test-intermediate-CA-certificate-request.pem 780s Certificate Request: 780s Data: 780s Version: 1 (0x0) 780s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate CA 780s Subject Public Key Info: 780s Public Key Algorithm: rsaEncryption 780s Public-Key: (1024 bit) 780s Modulus: 780s 00:e8:e1:e6:b7:3a:ce:d1:81:f3:0a:f6:43:6e:fe: 780s be:cf:e5:99:b6:08:a2:61:5b:b4:4f:77:95:c2:4e: 780s 0b:7d:c1:27:02:97:28:e7:86:1e:a2:4a:cc:8c:43: 780s 89:63:4f:18:dc:c5:08:40:c0:17:80:79:bc:b1:8e: 780s 16:04:31:93:0f:9b:cd:c9:59:14:74:7d:c6:f4:13: 780s 67:6f:2b:1e:94:3b:6e:cb:60:f8:68:30:bc:48:ed: 780s 6c:3d:a2:d9:2c:55:34:28:9a:db:59:71:49:6b:3c: 780s 21:4e:6d:6e:65:50:55:53:17:a0:8c:48:08:0a:07: 780s e7:2f:3d:e9:fc:99:55:a7:49 780s Exponent: 65537 (0x10001) 780s Attributes: 780s (none) 780s Requested Extensions: 780s Signature Algorithm: sha256WithRSAEncryption 780s Signature Value: 780s 1b:0c:2a:6a:76:c5:75:85:fa:18:26:e9:a6:f8:1f:de:b5:6b: 780s 38:f2:7d:75:80:a4:47:6c:ef:df:7e:c6:54:64:fd:81:5b:48: 780s ae:63:b6:ca:68:e8:1d:1e:47:3f:c9:0e:f2:96:55:79:0d:d7: 780s ed:0d:ab:8f:92:70:01:3e:5e:bf:e1:8d:00:d7:95:78:a0:f5: 780s f1:f7:1b:cf:06:58:d5:2a:74:77:23:b2:80:e7:c1:73:72:06: 780s 98:80:03:e0:4e:2c:48:bd:d7:ed:d1:76:c7:33:c1:ff:14:14: 780s e0:2e:84:75:ae:47:f0:37:a9:df:27:bb:89:e5:f7:53:ba:10: 780s 01:f9 780s + openssl ca -batch -notext -config /tmp/sssd-softhsm2-certs-5ZZDTI/test-root-CA.config -passin pass:random-root-CA-password-15960 -keyfile /tmp/sssd-softhsm2-certs-5ZZDTI/test-root-CA-key.pem -in /tmp/sssd-softhsm2-certs-5ZZDTI/test-intermediate-CA-certificate-request.pem -days 365 -extensions v3_intermediate_ca -out /tmp/sssd-softhsm2-certs-5ZZDTI/test-intermediate-CA.pem 780s Using configuration from /tmp/sssd-softhsm2-certs-5ZZDTI/test-root-CA.config 780s Check that the request matches the signature 780s Signature ok 780s Certificate Details: 780s Serial Number: 1 (0x1) 780s Validity 780s Not Before: Mar 21 21:55:41 2024 GMT 780s Not After : Mar 21 21:55:41 2025 GMT 780s Subject: 780s organizationName = Test Organization 780s organizationalUnitName = Test Organization Unit 780s commonName = Test Organization Intermediate CA 780s X509v3 extensions: 780s X509v3 Subject Key Identifier: 780s DA:2C:FE:2D:EB:25:15:93:85:24:1D:02:EA:5B:15:B8:B6:B6:5E:CB 780s X509v3 Authority Key Identifier: 780s keyid:50:7C:26:E7:AD:53:AC:59:00:0B:A8:A8:6C:79:AE:C5:83:0D:08:DB 780s DirName:/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root CA 780s serial:00 780s X509v3 Basic Constraints: 780s CA:TRUE 780s X509v3 Key Usage: critical 780s Digital Signature, Certificate Sign, CRL Sign 780s Certificate is to be certified until Mar 21 21:55:41 2025 GMT (365 days) 780s 780s Write out database with 1 new entries 780s Database updated 780s + openssl x509 -noout -in /tmp/sssd-softhsm2-certs-5ZZDTI/test-intermediate-CA.pem 780s + openssl verify -CAfile /tmp/sssd-softhsm2-certs-5ZZDTI/test-root-CA.pem /tmp/sssd-softhsm2-certs-5ZZDTI/test-intermediate-CA.pem 780s /tmp/sssd-softhsm2-certs-5ZZDTI/test-intermediate-CA.pem: OK 780s + cat 780s + sub_intermediate_ca_key_pass=pass:random-sub-intermediate-CA-password-1633 780s + openssl genrsa -aes256 -out /tmp/sssd-softhsm2-certs-5ZZDTI/test-sub-intermediate-CA-key.pem -passout pass:random-sub-intermediate-CA-password-1633 1024 780s + openssl req -batch -new -nodes -passin pass:random-sub-intermediate-CA-password-1633 -config /tmp/sssd-softhsm2-certs-5ZZDTI/test-sub-intermediate-CA.config -key /tmp/sssd-softhsm2-certs-5ZZDTI/test-sub-intermediate-CA-key.pem -passout pass:random-intermediate-CA-password-29762 -sha256 -extensions v3_ca -out /tmp/sssd-softhsm2-certs-5ZZDTI/test-sub-intermediate-CA-certificate-request.pem 780s + openssl req -text -noout -in /tmp/sssd-softhsm2-certs-5ZZDTI/test-sub-intermediate-CA-certificate-request.pem 780s + openssl ca -batch -notext -config /tmp/sssd-softhsm2-certs-5ZZDTI/test-intermediate-CA.config -passin pass:random-intermediate-CA-password-29762 -keyfile /tmp/sssd-softhsm2-certs-5ZZDTI/test-intermediate-CA-key.pem -in /tmp/sssd-softhsm2-certs-5ZZDTI/test-sub-intermediate-CA-certificate-request.pem -days 365 -extensions v3_intermediate_ca -out /tmp/sssd-softhsm2-certs-5ZZDTI/test-sub-intermediate-CA.pem 780s Certificate Request: 780s Data: 780s Version: 1 (0x0) 780s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate CA 780s Subject Public Key Info: 780s Public Key Algorithm: rsaEncryption 780s Public-Key: (1024 bit) 780s Modulus: 780s 00:c2:28:6b:ab:c0:c6:39:9c:d9:01:a8:51:da:11: 780s 8f:f6:13:07:d4:b2:ee:ba:43:ff:89:0a:af:78:1e: 780s dd:63:0b:d9:3f:00:57:7f:11:84:64:28:c0:ab:b5: 780s 4c:93:5d:c8:ee:94:5b:ab:16:a7:d8:23:70:c6:fd: 780s 8b:17:69:2b:2d:53:16:35:ea:3d:1c:ce:a0:27:3a: 780s 82:09:53:37:b8:f8:47:b3:a2:c2:e4:0e:5d:67:bf: 780s df:47:37:d7:b2:75:eb:99:b4:e9:da:d1:dd:1e:94: 780s ea:99:da:c5:6c:b5:f0:9b:05:8a:ca:a4:86:09:d7: 780s 94:53:af:66:fc:6b:03:ca:b1 780s Exponent: 65537 (0x10001) 780s Attributes: 780s (none) 780s Requested Extensions: 780s Signature Algorithm: sha256WithRSAEncryption 780s Signature Value: 780s 52:b8:2a:cc:42:26:d6:fd:34:c2:c2:cd:39:ba:0a:2e:22:2b: 780s 93:3d:81:1d:4c:d1:d7:cd:ed:c0:28:46:05:2c:3f:56:33:56: 780s af:27:ef:2a:77:fa:a4:4e:4b:ab:e5:58:b4:bd:80:1b:87:d0: 780s 0a:bc:ca:c4:7c:f3:c0:96:f9:08:b0:0a:41:2e:eb:4f:a8:50: 780s 43:bb:d9:73:60:17:b5:f1:80:c8:33:b3:ce:7a:14:14:ac:05: 780s 6d:42:a8:40:cd:a3:d1:b8:fc:6c:ee:b8:90:62:c3:a4:a7:13: 780s 7b:b7:f0:df:c1:78:5d:73:45:ef:26:e6:2b:d6:a7:e8:91:0d: 780s 9a:39 780s Using configuration from /tmp/sssd-softhsm2-certs-5ZZDTI/test-intermediate-CA.config 780s Check that the request matches the signature 780s Signature ok 780s Certificate Details: 780s Serial Number: 2 (0x2) 780s Validity 780s Not Before: Mar 21 21:55:41 2024 GMT 780s Not After : Mar 21 21:55:41 2025 GMT 780s Subject: 780s organizationName = Test Organization 780s organizationalUnitName = Test Organization Unit 780s commonName = Test Organization Sub Intermediate CA 780s X509v3 extensions: 780s X509v3 Subject Key Identifier: 780s E7:D8:20:0B:E0:B9:69:6D:87:88:CD:21:B9:30:60:5C:C4:A6:B8:3A 780s X509v3 Authority Key Identifier: 780s keyid:DA:2C:FE:2D:EB:25:15:93:85:24:1D:02:EA:5B:15:B8:B6:B6:5E:CB 780s DirName:/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root CA 780s serial:01 780s X509v3 Basic Constraints: 780s CA:TRUE 780s X509v3 Key Usage: critical 780s Digital Signature, Certificate Sign, CRL Sign 780s Certificate is to be certified until Mar 21 21:55:41 2025 GMT (365 days) 780s 780s Write out database with 1 new entries 780s Database updated 780s + openssl x509 -noout -in /tmp/sssd-softhsm2-certs-5ZZDTI/test-sub-intermediate-CA.pem 780s + openssl verify -partial_chain -CAfile /tmp/sssd-softhsm2-certs-5ZZDTI/test-intermediate-CA.pem /tmp/sssd-softhsm2-certs-5ZZDTI/test-sub-intermediate-CA.pem 780s /tmp/sssd-softhsm2-certs-5ZZDTI/test-sub-intermediate-CA.pem: OK 780s + expect_fail openssl verify -CAfile /tmp/sssd-softhsm2-certs-5ZZDTI/test-root-CA.pem /tmp/sssd-softhsm2-certs-5ZZDTI/test-sub-intermediate-CA.pem 780s + local cmd=openssl 780s + shift 780s + openssl verify -CAfile /tmp/sssd-softhsm2-certs-5ZZDTI/test-root-CA.pem /tmp/sssd-softhsm2-certs-5ZZDTI/test-sub-intermediate-CA.pem 780s O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate CA 780s error 20 at 0 depth lookup: unable to get local issuer certificate 780s error /tmp/sssd-softhsm2-certs-5ZZDTI/test-sub-intermediate-CA.pem: verification failed 780s + cat 780s + root_ca_trusted_cert_0001_key_pass=pass:random-root-ca-trusted-cert-0001-14454 780s + openssl genrsa -aes256 -out /tmp/sssd-softhsm2-certs-5ZZDTI/test-root-CA-trusted-certificate-0001-key.pem -passout pass:random-root-ca-trusted-cert-0001-14454 1024 780s + openssl req -new -nodes -reqexts req_exts -passin pass:random-root-ca-trusted-cert-0001-14454 -key /tmp/sssd-softhsm2-certs-5ZZDTI/test-root-CA-trusted-certificate-0001-key.pem -config /tmp/sssd-softhsm2-certs-5ZZDTI/test-root-CA-trusted-certificate-0001.config -out /tmp/sssd-softhsm2-certs-5ZZDTI/test-root-CA-trusted-certificate-0001-request.pem 780s + openssl req -text -noout -in /tmp/sssd-softhsm2-certs-5ZZDTI/test-root-CA-trusted-certificate-0001-request.pem 780s Certificate Request: 780s Data: 780s Version: 1 (0x0) 780s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root Trusted Certificate 0001 780s Subject Public Key Info: 780s Public Key Algorithm: rsaEncryption 780s Public-Key: (1024 bit) 780s Modulus: 780s 00:b1:2b:aa:15:a5:dc:7f:35:9c:c5:b8:54:c5:ab: 780s 1b:df:10:e1:7f:9f:8b:d3:a2:eb:ec:6b:2f:0c:0c: 780s c0:38:10:93:86:6c:9d:47:bb:ec:d0:fd:09:a2:e9: 780s 20:f6:60:78:19:37:f0:9e:af:44:36:2f:1e:c2:6f: 780s 06:18:bb:76:7d:de:f2:ca:05:52:d3:f1:8d:39:9a: 780s 84:af:1f:12:5e:ea:94:8a:05:b1:02:3e:18:3b:f4: 780s 84:30:c6:38:0e:92:99:c3:88:ca:e1:07:a1:a6:18: 780s 02:52:c9:bb:fc:58:88:90:81:91:55:b1:4a:a5:bb: 780s 08:49:6f:d0:1f:35:7a:b1:ad 780s Exponent: 65537 (0x10001) 780s Attributes: 780s Requested Extensions: 780s X509v3 Basic Constraints: 780s CA:FALSE 780s Netscape Cert Type: 780s SSL Client, S/MIME 780s Netscape Comment: 780s Test Organization Root CA trusted Certificate 780s X509v3 Subject Key Identifier: 780s D9:09:BE:B2:97:DA:00:4B:58:C5:20:27:96:B9:0E:6B:E1:AE:63:28 780s X509v3 Key Usage: critical 780s Digital Signature, Non Repudiation, Key Encipherment 780s X509v3 Extended Key Usage: 780s TLS Web Client Authentication, E-mail Protection 780s X509v3 Subject Alternative Name: 780s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 780s Signature Algorithm: sha256WithRSAEncryption 780s Signature Value: 780s 50:cd:59:95:e0:00:03:e7:fc:c8:67:b5:18:fc:81:d7:b7:26: 780s 0d:0e:a7:d4:5b:1b:7c:aa:c6:3f:82:59:b6:83:07:07:61:cf: 780s 0b:ce:88:64:d4:8f:91:d7:8d:b1:52:7d:ec:93:45:b9:3a:92: 780s c8:e9:85:c0:73:68:2d:f3:3e:6e:3f:c7:c7:45:62:74:87:8c: 780s 64:2d:51:98:da:36:80:05:b4:9c:72:11:05:3e:87:d5:6d:db: 780s cd:5f:14:fa:4b:93:78:41:f8:aa:96:48:f3:70:cb:98:d1:26: 780s e8:ef:1f:a9:d6:9b:07:8c:3b:6f:c6:74:eb:1f:78:94:17:f7: 780s b5:33 780s + openssl ca -batch -notext -config /tmp/sssd-softhsm2-certs-5ZZDTI/test-root-CA.config -passin pass:random-root-CA-password-15960 -keyfile /tmp/sssd-softhsm2-certs-5ZZDTI/test-root-CA-key.pem -in /tmp/sssd-softhsm2-certs-5ZZDTI/test-root-CA-trusted-certificate-0001-request.pem -days 365 -extensions usr_cert -out /tmp/sssd-softhsm2-certs-5ZZDTI/test-root-CA-trusted-certificate-0001.pem 780s Using configuration from /tmp/sssd-softhsm2-certs-5ZZDTI/test-root-CA.config 780s Check that the request matches the signature 780s Signature ok 780s Certificate Details: 780s Serial Number: 3 (0x3) 780s Validity 780s Not Before: Mar 21 21:55:41 2024 GMT 780s Not After : Mar 21 21:55:41 2025 GMT 780s Subject: 780s organizationName = Test Organization 780s organizationalUnitName = Test Organization Unit 780s commonName = Test Organization Root Trusted Certificate 0001 780s X509v3 extensions: 780s X509v3 Authority Key Identifier: 780s 50:7C:26:E7:AD:53:AC:59:00:0B:A8:A8:6C:79:AE:C5:83:0D:08:DB 780s X509v3 Basic Constraints: 780s CA:FALSE 780s Netscape Cert Type: 780s SSL Client, S/MIME 780s Netscape Comment: 780s Test Organization Root CA trusted Certificate 780s X509v3 Subject Key Identifier: 780s D9:09:BE:B2:97:DA:00:4B:58:C5:20:27:96:B9:0E:6B:E1:AE:63:28 780s X509v3 Key Usage: critical 780s Digital Signature, Non Repudiation, Key Encipherment 780s X509v3 Extended Key Usage: 780s TLS Web Client Authentication, E-mail Protection 780s X509v3 Subject Alternative Name: 780s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 780s Certificate is to be certified until Mar 21 21:55:41 2025 GMT (365 days) 780s 780s Write out database with 1 new entries 780s Database updated 780s + openssl x509 -noout -in /tmp/sssd-softhsm2-certs-5ZZDTI/test-root-CA-trusted-certificate-0001.pem 780s + openssl verify -CAfile /tmp/sssd-softhsm2-certs-5ZZDTI/test-root-CA.pem /tmp/sssd-softhsm2-certs-5ZZDTI/test-root-CA-trusted-certificate-0001.pem 780s /tmp/sssd-softhsm2-certs-5ZZDTI/test-root-CA-trusted-certificate-0001.pem: OK 780s + expect_fail openssl verify -CAfile /tmp/sssd-softhsm2-certs-5ZZDTI/test-intermediate-CA.pem /tmp/sssd-softhsm2-certs-5ZZDTI/test-root-CA-trusted-certificate-0001.pem 780s + local cmd=openssl 780s + shift 780s + openssl verify -CAfile /tmp/sssd-softhsm2-certs-5ZZDTI/test-intermediate-CA.pem /tmp/sssd-softhsm2-certs-5ZZDTI/test-root-CA-trusted-certificate-0001.pem 780s O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root Trusted Certificate 0001 780s error 20 at 0 depth lookup: unable to get local issuer certificate 780s error /tmp/sssd-softhsm2-certs-5ZZDTI/test-root-CA-trusted-certificate-0001.pem: verification failed 780s + cat 780s + intermediate_ca_trusted_cert_0001_key_pass=pass:random-intermediate-ca-trusted-cert-0001-22958 780s + openssl genrsa -aes256 -out /tmp/sssd-softhsm2-certs-5ZZDTI/test-intermediate-CA-trusted-certificate-0001-key.pem -passout pass:random-intermediate-ca-trusted-cert-0001-22958 1024 780s + openssl req -new -nodes -reqexts req_exts -passin pass:random-intermediate-ca-trusted-cert-0001-22958 -key /tmp/sssd-softhsm2-certs-5ZZDTI/test-intermediate-CA-trusted-certificate-0001-key.pem -config /tmp/sssd-softhsm2-certs-5ZZDTI/test-intermediate-CA-trusted-certificate-0001.config -out /tmp/sssd-softhsm2-certs-5ZZDTI/test-intermediate-CA-trusted-certificate-0001-request.pem 780s + openssl req -text -noout -in /tmp/sssd-softhsm2-certs-5ZZDTI/test-intermediate-CA-trusted-certificate-0001-request.pem 780s Certificate Request: 780s Data: 780s Version: 1 (0x0) 780s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate Trusted Certificate 0001 780s Subject Public Key Info: 780s Public Key Algorithm: rsaEncryption 780s Public-Key: (1024 bit) 780s Modulus: 780s 00:b9:31:11:69:52:2e:16:de:ba:0d:98:c0:01:1c: 780s 86:d1:e4:7d:e7:d3:de:8a:12:09:e7:c8:38:a0:6e: 780s 40:1b:02:60:f2:ff:b2:8f:db:4f:07:a7:11:f4:67: 780s e1:dc:bb:6f:03:60:91:1f:0f:a6:db:7b:e0:6f:4d: 780s f8:6b:5f:f1:68:90:66:e9:37:63:8b:1f:30:a4:60: 780s 10:77:1b:69:ff:bd:e0:17:5f:00:d9:e6:8b:2d:01: 780s 6d:a2:d8:79:f9:ab:1b:cc:39:65:a5:19:51:1f:61: 780s c6:a3:a3:34:cd:af:f2:de:27:77:d3:b1:0b:51:38: 780s f7:6a:64:ad:3b:cb:13:7e:0f 780s Exponent: 65537 (0x10001) 780s Attributes: 780s Requested Extensions: 780s X509v3 Basic Constraints: 780s CA:FALSE 780s Netscape Cert Type: 780s SSL Client, S/MIME 780s Netscape Comment: 780s Test Organization Intermediate CA trusted Certificate 780s X509v3 Subject Key Identifier: 780s 6D:F4:52:85:B3:83:18:06:A8:F0:50:C2:23:7D:B0:80:26:96:76:70 780s X509v3 Key Usage: critical 780s Digital Signature, Non Repudiation, Key Encipherment 780s X509v3 Extended Key Usage: 780s TLS Web Client Authentication, E-mail Protection 780s X509v3 Subject Alternative Name: 780s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 780s Signature Algorithm: sha256WithRSAEncryption 780s Signature Value: 780s 6a:6d:32:23:a5:9e:0a:87:05:44:7e:50:3a:8c:ed:d6:c3:cc: 780s 3f:3b:b2:6a:09:52:c8:c6:0c:01:7d:a5:e1:60:4e:33:67:22: 780s 3f:c6:49:2a:f5:5b:4d:57:65:24:d4:40:7a:b0:62:2a:00:27: 780s 10:96:99:8d:ea:96:07:24:77:6f:a8:9b:70:c4:b3:5e:76:23: 780s df:57:66:5a:7e:73:8d:d4:31:58:33:01:0b:36:ca:6f:b9:e3: 780s 62:c3:f2:4c:6c:28:0a:4d:28:98:72:60:2b:89:b6:e5:0a:3b: 780s b1:47:70:cc:29:d5:1c:80:2a:4f:fb:eb:90:3d:de:f3:7b:81: 780s b2:58 780s + openssl ca -passin pass:random-intermediate-CA-password-29762 -config /tmp/sssd-softhsm2-certs-5ZZDTI/test-intermediate-CA.config -batch -notext -keyfile /tmp/sssd-softhsm2-certs-5ZZDTI/test-intermediate-CA-key.pem -in /tmp/sssd-softhsm2-certs-5ZZDTI/test-intermediate-CA-trusted-certificate-0001-request.pem -days 365 -extensions usr_cert -out /tmp/sssd-softhsm2-certs-5ZZDTI/test-intermediate-CA-trusted-certificate-0001.pem 780s Using configuration from /tmp/sssd-softhsm2-certs-5ZZDTI/test-intermediate-CA.config 780s Check that the request matches the signature 780s Signature ok 780s Certificate Details: 780s Serial Number: 4 (0x4) 780s Validity 780s Not Before: Mar 21 21:55:41 2024 GMT 780s Not After : Mar 21 21:55:41 2025 GMT 780s Subject: 780s organizationName = Test Organization 780s organizationalUnitName = Test Organization Unit 780s commonName = Test Organization Intermediate Trusted Certificate 0001 780s X509v3 extensions: 780s X509v3 Authority Key Identifier: 780s DA:2C:FE:2D:EB:25:15:93:85:24:1D:02:EA:5B:15:B8:B6:B6:5E:CB 780s X509v3 Basic Constraints: 780s CA:FALSE 780s Netscape Cert Type: 780s SSL Client, S/MIME 780s Netscape Comment: 780s Test Organization Intermediate CA trusted Certificate 780s X509v3 Subject Key Identifier: 780s 6D:F4:52:85:B3:83:18:06:A8:F0:50:C2:23:7D:B0:80:26:96:76:70 780s X509v3 Key Usage: critical 780s Digital Signature, Non Repudiation, Key Encipherment 780s X509v3 Extended Key Usage: 780s TLS Web Client Authentication, E-mail Protection 780s X509v3 Subject Alternative Name: 780s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 780s Certificate is to be certified until Mar 21 21:55:41 2025 GMT (365 days) 780s 780s Write out database with 1 new entries 780s Database updated 780s + openssl x509 -noout -in /tmp/sssd-softhsm2-certs-5ZZDTI/test-intermediate-CA-trusted-certificate-0001.pem 780s + echo 'This certificate should not be trusted fully' 780s This certificate should not be trusted fully 780s + expect_fail openssl verify -CAfile /tmp/sssd-softhsm2-certs-5ZZDTI/test-intermediate-CA.pem /tmp/sssd-softhsm2-certs-5ZZDTI/test-intermediate-CA-trusted-certificate-0001.pem 780s + local cmd=openssl 780s + shift 780s + openssl verify -CAfile /tmp/sssd-softhsm2-certs-5ZZDTI/test-intermediate-CA.pem /tmp/sssd-softhsm2-certs-5ZZDTI/test-intermediate-CA-trusted-certificate-0001.pem 780s /tmp/sssd-softhsm2-certs-5ZZDTI/test-intermediate-CA-trusted-certificate-0001.pem: OK 780s O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate CA 780s error 2 at 1 depth lookup: unable to get issuer certificate 780s error /tmp/sssd-softhsm2-certs-5ZZDTI/test-intermediate-CA-trusted-certificate-0001.pem: verification failed 780s + openssl verify -partial_chain -CAfile /tmp/sssd-softhsm2-certs-5ZZDTI/test-intermediate-CA.pem /tmp/sssd-softhsm2-certs-5ZZDTI/test-intermediate-CA-trusted-certificate-0001.pem 780s + cat 780s + sub_intermediate_ca_trusted_cert_0001_key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-23385 780s + openssl genrsa -aes256 -out /tmp/sssd-softhsm2-certs-5ZZDTI/test-sub-intermediate-CA-trusted-certificate-0001-key.pem -passout pass:random-sub-intermediate-ca-trusted-cert-0001-23385 1024 780s + openssl req -new -nodes -reqexts req_exts -passin pass:random-sub-intermediate-ca-trusted-cert-0001-23385 -key /tmp/sssd-softhsm2-certs-5ZZDTI/test-sub-intermediate-CA-trusted-certificate-0001-key.pem -config /tmp/sssd-softhsm2-certs-5ZZDTI/test-sub-intermediate-CA-trusted-certificate-0001.config -out /tmp/sssd-softhsm2-certs-5ZZDTI/test-sub-intermediate-CA-trusted-certificate-0001-request.pem 780s + openssl req -text -noout -in /tmp/sssd-softhsm2-certs-5ZZDTI/test-sub-intermediate-CA-trusted-certificate-0001-request.pem 780s Certificate Request: 780s Data: 780s Version: 1 (0x0) 780s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate Trusted Certificate 0001 780s Subject Public Key Info: 780s Public Key Algorithm: rsaEncryption 780s Public-Key: (1024 bit) 780s Modulus: 780s 00:d2:ce:12:32:7c:3a:a1:fe:72:5a:40:29:8e:1c: 780s ff:21:e5:e1:9c:06:a7:26:b2:34:12:f6:fe:cc:67: 780s 05:b2:c4:48:56:99:68:1c:ca:47:78:4b:55:f9:28: 780s 36:ed:dc:73:99:33:92:b3:c4:00:e7:d6:c2:d3:78: 780s 67:ce:a2:94:60:8c:0b:04:08:f6:b7:eb:2a:7a:af: 780s 57:9b:33:d8:95:19:30:17:b3:8c:95:6c:39:f5:15: 780s 72:51:b6:43:01:39:5f:51:4f:64:09:cb:8a:9c:0d: 780s 70:9c:e8:02:47:b9:76:77:36:43:85:eb:5b:80:3f: 780s 09:59:0e:95:89:e5:14:36:dd 780s Exponent: 65537 (0x10001) 780s Attributes: 780s Requested Extensions: 780s X509v3 Basic Constraints: 780s CA:FALSE 780s Netscape Cert Type: 780s SSL Client, S/MIME 780s Netscape Comment: 780s Test Organization Sub Intermediate CA trusted Certificate 780s X509v3 Subject Key Identifier: 780s 81:3F:B6:52:A7:2C:8C:C9:6F:D1:FE:9B:DA:88:7F:0B:B2:49:2B:91 780s X509v3 Key Usage: critical 780s Digital Signature, Non Repudiation, Key Encipherment 780s X509v3 Extended Key Usage: 780s TLS Web Client Authentication, E-mail Protection 780s X509v3 Subject Alternative Name: 780s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 780s Signature Algorithm: sha256WithRSAEncryption 780s Signature Value: 780s 80:60:30:b6:f1:00:a1:29:7f:60:12:2b:99:a9:16:f1:e4:d7: 780s ef:8c:ed:30:0a:29:28:fe:dc:0e:1f:49:62:04:a9:6c:0b:d3: 780s 73:bf:f8:4e:c2:88:25:90:fe:0c:5c:c9:5a:d9:6a:34:78:ae: 780s 2f:dc:b4:04:27:42:00:8f:7f:d0:35:3b:c0:78:11:49:75:80: 780s 3d:84:aa:51:e1:b2:89:0d:b9:95:b7:b2:c7:6c:33:df:cb:f5: 780s 78:8c:db:f9:01:49:fc:e2:9d:bb:04:01:c8:17:7b:4d:89:d6: 780s 14:0b:93:a3:15:89:4c:73:e2:4d:3b:42:e0:d0:d8:75:b2:5c: 780s 70:f8 780s + openssl ca -passin pass:random-sub-intermediate-CA-password-1633 -config /tmp/sssd-softhsm2-certs-5ZZDTI/test-sub-intermediate-CA.config -batch -notext -keyfile /tmp/sssd-softhsm2-certs-5ZZDTI/test-sub-intermediate-CA-key.pem -in /tmp/sssd-softhsm2-certs-5ZZDTI/test-sub-intermediate-CA-trusted-certificate-0001-request.pem -days 365 -extensions usr_cert -out /tmp/sssd-softhsm2-certs-5ZZDTI/test-sub-intermediate-CA-trusted-certificate-0001.pem 780s Using configuration from /tmp/sssd-softhsm2-certs-5ZZDTI/test-sub-intermediate-CA.config 780s Check that the request matches the signature 780s Signature ok 780s Certificate Details: 780s Serial Number: 5 (0x5) 780s Validity 780s Not Before: Mar 21 21:55:41 2024 GMT 780s Not After : Mar 21 21:55:41 2025 GMT 780s Subject: 780s organizationName = Test Organization 780s organizationalUnitName = Test Organization Unit 780s commonName = Test Organization Sub Intermediate Trusted Certificate 0001 780s X509v3 extensions: 780s X509v3 Authority Key Identifier: 780s E7:D8:20:0B:E0:B9:69:6D:87:88:CD:21:B9:30:60:5C:C4:A6:B8:3A 780s X509v3 Basic Constraints: 780s CA:FALSE 780s Netscape Cert Type: 780s SSL Client, S/MIME 780s Netscape Comment: 780s Test Organization Sub Intermediate CA trusted Certificate 780s X509v3 Subject Key Identifier: 780s 81:3F:B6:52:A7:2C:8C:C9:6F:D1:FE:9B:DA:88:7F:0B:B2:49:2B:91 780s X509v3 Key Usage: critical 780s Digital Signature, Non Repudiation, Key Encipherment 780s X509v3 Extended Key Usage: 780s TLS Web Client Authentication, E-mail Protection 780s X509v3 Subject Alternative Name: 780s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 780s Certificate is to be certified until Mar 21 21:55:41 2025 GMT (365 days) 780s 780s Write out database with 1 new entries 780s Database updated 780s + openssl x509 -noout -in /tmp/sssd-softhsm2-certs-5ZZDTI/test-sub-intermediate-CA-trusted-certificate-0001.pem 780s + echo 'This certificate should not be trusted fully' 780s This certificate should not be trusted fully 780s + expect_fail openssl verify -CAfile /tmp/sssd-softhsm2-certs-5ZZDTI/test-sub-intermediate-CA.pem /tmp/sssd-softhsm2-certs-5ZZDTI/test-sub-intermediate-CA-trusted-certificate-0001.pem 780s + local cmd=openssl 780s + shift 780s + openssl verify -CAfile /tmp/sssd-softhsm2-certs-5ZZDTI/test-sub-intermediate-CA.pem /tmp/sssd-softhsm2-certs-5ZZDTI/test-sub-intermediate-CA-trusted-certificate-0001.pem 780s O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate CA 780s error 2 at 1 depth lookup: unable to get issuer certificate 780s error /tmp/sssd-softhsm2-certs-5ZZDTI/test-sub-intermediate-CA-trusted-certificate-0001.pem: verification failed 780s + expect_fail openssl verify -CAfile /tmp/sssd-softhsm2-certs-5ZZDTI/test-intermediate-CA.pem /tmp/sssd-softhsm2-certs-5ZZDTI/test-sub-intermediate-CA-trusted-certificate-0001.pem 780s + local cmd=openssl 780s + shift 780s + openssl verify -CAfile /tmp/sssd-softhsm2-certs-5ZZDTI/test-intermediate-CA.pem /tmp/sssd-softhsm2-certs-5ZZDTI/test-sub-intermediate-CA-trusted-certificate-0001.pem 780s O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate Trusted Certificate 0001 780s error 20 at 0 depth lookup: unable to get local issuer certificate 780s error /tmp/sssd-softhsm2-certs-5ZZDTI/test-sub-intermediate-CA-trusted-certificate-0001.pem: verification failed 780s + openssl verify -partial_chain -CAfile /tmp/sssd-softhsm2-certs-5ZZDTI/test-sub-intermediate-CA.pem /tmp/sssd-softhsm2-certs-5ZZDTI/test-sub-intermediate-CA-trusted-certificate-0001.pem 780s /tmp/sssd-softhsm2-certs-5ZZDTI/test-sub-intermediate-CA-trusted-certificate-0001.pem: OK 780s + expect_fail openssl verify -partial_chain -CAfile /tmp/sssd-softhsm2-certs-5ZZDTI/test-intermediate-CA.pem /tmp/sssd-softhsm2-certs-5ZZDTI/test-sub-intermediate-CA-trusted-certificate-0001.pem 780s + local cmd=openssl 780s + shift 780s + openssl verify -partial_chain -CAfile /tmp/sssd-softhsm2-certs-5ZZDTI/test-intermediate-CA.pem /tmp/sssd-softhsm2-certs-5ZZDTI/test-sub-intermediate-CA-trusted-certificate-0001.pem 780s O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate Trusted Certificate 0001 780s error 20 at 0 depth lookup: unable to get local issuer certificate 780s error /tmp/sssd-softhsm2-certs-5ZZDTI/test-sub-intermediate-CA-trusted-certificate-0001.pem: verification failed 780s + echo 'Building a the full-chain CA file...' 780s + cat /tmp/sssd-softhsm2-certs-5ZZDTI/test-root-CA.pem /tmp/sssd-softhsm2-certs-5ZZDTI/test-intermediate-CA.pem /tmp/sssd-softhsm2-certs-5ZZDTI/test-sub-intermediate-CA.pem 780s Building a the full-chain CA file... 780s + cat /tmp/sssd-softhsm2-certs-5ZZDTI/test-root-CA.pem /tmp/sssd-softhsm2-certs-5ZZDTI/test-intermediate-CA.pem 780s + cat /tmp/sssd-softhsm2-certs-5ZZDTI/test-intermediate-CA.pem /tmp/sssd-softhsm2-certs-5ZZDTI/test-sub-intermediate-CA.pem 780s + openssl crl2pkcs7 -nocrl -certfile /tmp/sssd-softhsm2-certs-5ZZDTI/test-full-chain-CA.pem 780s + openssl pkcs7 -print_certs -noout 780s subject=O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root CA 780s issuer=O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root CA 780s 780s subject=O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate CA 780s issuer=O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root CA 780s 780s subject=O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate CA 780s issuer=O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate CA 780s 780s + openssl verify -CAfile /tmp/sssd-softhsm2-certs-5ZZDTI/test-full-chain-CA.pem /tmp/sssd-softhsm2-certs-5ZZDTI/test-intermediate-CA.pem 780s /tmp/sssd-softhsm2-certs-5ZZDTI/test-intermediate-CA.pem: OK 780s + openssl verify -CAfile /tmp/sssd-softhsm2-certs-5ZZDTI/test-full-chain-CA.pem /tmp/sssd-softhsm2-certs-5ZZDTI/test-root-CA-trusted-certificate-0001.pem 780s /tmp/sssd-softhsm2-certs-5ZZDTI/test-root-CA-trusted-certificate-0001.pem: OK 780s + openssl verify -CAfile /tmp/sssd-softhsm2-certs-5ZZDTI/test-full-chain-CA.pem /tmp/sssd-softhsm2-certs-5ZZDTI/test-intermediate-CA-trusted-certificate-0001.pem 780s /tmp/sssd-softhsm2-certs-5ZZDTI/test-intermediate-CA-trusted-certificate-0001.pem: OK 780s + openssl verify -CAfile /tmp/sssd-softhsm2-certs-5ZZDTI/test-full-chain-CA.pem /tmp/sssd-softhsm2-certs-5ZZDTI/test-root-intermediate-chain-CA.pem 780s /tmp/sssd-softhsm2-certs-5ZZDTI/test-root-intermediate-chain-CA.pem: OK 780s + openssl verify -CAfile /tmp/sssd-softhsm2-certs-5ZZDTI/test-full-chain-CA.pem /tmp/sssd-softhsm2-certs-5ZZDTI/test-sub-intermediate-CA-trusted-certificate-0001.pem 780s /tmp/sssd-softhsm2-certs-5ZZDTI/test-sub-intermediate-CA-trusted-certificate-0001.pem: OK 780s + echo 'Certificates generation completed!' 780s Certificates generation completed! 780s + [[ -v NO_SSSD_TESTS ]] 780s + [[ -v GENERATE_SMART_CARDS ]] 780s + prepare_softhsm2_card /tmp/sssd-softhsm2-certs-5ZZDTI/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-14454 780s + local certificate=/tmp/sssd-softhsm2-certs-5ZZDTI/test-root-CA-trusted-certificate-0001.pem 780s + local key_pass=pass:random-root-ca-trusted-cert-0001-14454 780s + local key_cn 780s + local key_name 780s + local tokens_dir 780s + local output_cert_file 780s + token_name= 780s ++ basename /tmp/sssd-softhsm2-certs-5ZZDTI/test-root-CA-trusted-certificate-0001.pem .pem 780s + key_name=test-root-CA-trusted-certificate-0001 780s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-certs-5ZZDTI/test-root-CA-trusted-certificate-0001.pem 780s ++ sed -n 's/ *commonName *= //p' 780s + key_cn='Test Organization Root Trusted Certificate 0001' 780s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 780s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-certs-5ZZDTI/softhsm2-test-root-CA-trusted-certificate-0001.conf 780s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-certs-5ZZDTI/softhsm2-test-root-CA-trusted-certificate-0001.conf 780s ++ basename /tmp/sssd-softhsm2-certs-5ZZDTI/softhsm2-test-root-CA-trusted-certificate-0001.conf .conf 780s + tokens_dir=/tmp/sssd-softhsm2-certs-5ZZDTI/softhsm2-test-root-CA-trusted-certificate-0001 780s + token_name='Test Organization Root Tr Token' 780s + '[' '!' -e /tmp/sssd-softhsm2-certs-5ZZDTI/softhsm2-test-root-CA-trusted-certificate-0001.conf ']' 780s + local key_file 780s + local decrypted_key 780s + mkdir -p /tmp/sssd-softhsm2-certs-5ZZDTI/softhsm2-test-root-CA-trusted-certificate-0001 780s + key_file=/tmp/sssd-softhsm2-certs-5ZZDTI/test-root-CA-trusted-certificate-0001-key.pem 780s + decrypted_key=/tmp/sssd-softhsm2-certs-5ZZDTI/test-root-CA-trusted-certificate-0001-key-decrypted.pem 780s + cat 780s + softhsm2-util --init-token --label 'Test Organization Root Tr Token' --pin 123456 --so-pin 123456 --free 781s Slot 0 has a free/uninitialized token. 781s The token has been initialized and is reassigned to slot 437802080 781s + softhsm2-util --show-slots 781s Available slots: 781s Slot 437802080 781s Slot info: 781s Description: SoftHSM slot ID 0x1a185460 781s Manufacturer ID: SoftHSM project 781s Hardware version: 2.6 781s Firmware version: 2.6 781s Token present: yes 781s Token info: 781s Manufacturer ID: SoftHSM project 781s Model: SoftHSM v2 781s Hardware version: 2.6 781s Firmware version: 2.6 781s Serial number: 385748181a185460 781s Initialized: yes 781s User PIN init.: yes 781s Label: Test Organization Root Tr Token 781s Slot 1 781s Slot info: 781s Description: SoftHSM slot ID 0x1 781s Manufacturer ID: SoftHSM project 781s Hardware version: 2.6 781s Firmware version: 2.6 781s Token present: yes 781s Token info: 781s Manufacturer ID: SoftHSM project 781s Model: SoftHSM v2 781s Hardware version: 2.6 781s Firmware version: 2.6 781s Serial number: 781s Initialized: no 781s User PIN init.: no 781s Label: 781s + p11tool --provider=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so --write --no-mark-private --load-certificate=/tmp/sssd-softhsm2-certs-5ZZDTI/test-root-CA-trusted-certificate-0001.pem --login --set-pin=123456 --label 'Test Organization Root Trusted Certificate 0001' --id 00112233445566778899FFAABBCCDDEEFF012345 781s + openssl rsa -passin pass:random-root-ca-trusted-cert-0001-14454 -in /tmp/sssd-softhsm2-certs-5ZZDTI/test-root-CA-trusted-certificate-0001-key.pem -out /tmp/sssd-softhsm2-certs-5ZZDTI/test-root-CA-trusted-certificate-0001-key-decrypted.pem 781s Object 0: 781s URL: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=385748181a185460;token=Test%20Organization%20Root%20Tr%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Root%20Trusted%20Certificate%200001;type=cert 781s Type: X.509 Certificate (RSA-1024) 781s Expires: Fri Mar 21 21:55:41 2025 781s Label: Test Organization Root Trusted Certificate 0001 781s ID: 00:11:22:33:44:55:66:77:88:99:ff:aa:bb:cc:dd:ee:ff:01:23:45 781s 781s writing RSA key 781s + p11tool --provider=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so --write --load-privkey=/tmp/sssd-softhsm2-certs-5ZZDTI/test-root-CA-trusted-certificate-0001-key-decrypted.pem --login --set-pin=123456 --label 'Test Organization Root Trusted Certificate 0001 Key' --id 00112233445566778899FFAABBCCDDEEFF012345 781s + rm /tmp/sssd-softhsm2-certs-5ZZDTI/test-root-CA-trusted-certificate-0001-key-decrypted.pem 781s + p11tool --provider=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so --list-all 781s + echo 'Test Organization Root Tr Token' 781s + prepare_softhsm2_card /tmp/sssd-softhsm2-certs-5ZZDTI/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-22958 781s + local certificate=/tmp/sssd-softhsm2-certs-5ZZDTI/test-intermediate-CA-trusted-certificate-0001.pem 781s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-22958 781s + local key_cn 781s + local key_name 781s + local tokens_dir 781s + local output_cert_file 781s + token_name= 781s ++ basename /tmp/sssd-softhsm2-certs-5ZZDTI/test-intermediate-CA-trusted-certificate-0001.pem .pem 781s + key_name=test-intermediate-CA-trusted-certificate-0001 781s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-certs-5ZZDTI/test-intermediate-CA-trusted-certificate-0001.pem 781s ++ sed -n 's/ *commonName *= //p' 781s + key_cn='Test Organization Intermediate Trusted Certificate 0001' 781s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 781s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-certs-5ZZDTI/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 781s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-certs-5ZZDTI/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 781s ++ basename /tmp/sssd-softhsm2-certs-5ZZDTI/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf .conf 781s + tokens_dir=/tmp/sssd-softhsm2-certs-5ZZDTI/softhsm2-test-intermediate-CA-trusted-certificate-0001 781s + token_name='Test Organization Interme Token' 781s + '[' '!' -e /tmp/sssd-softhsm2-certs-5ZZDTI/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf ']' 781s + local key_file 781s + local decrypted_key 781s + mkdir -p /tmp/sssd-softhsm2-certs-5ZZDTI/softhsm2-test-intermediate-CA-trusted-certificate-0001 781s + key_file=/tmp/sssd-softhsm2-certs-5ZZDTI/test-intermediate-CA-trusted-certificate-0001-key.pem 781s + decrypted_key=/tmp/sssd-softhsm2-certs-5ZZDTI/test-intermediate-CA-trusted-certificate-0001-key-decrypted.pem 781s + cat 781s + softhsm2-util --init-token --label 'Test Organization Interme Token' --pin 123456 --so-pin 123456 --free 781s + softhsm2-util --show-slots 781s + p11tool --provider=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so --write --no-mark-private --load-certificate=/tmp/sssd-softhsm2-certs-5ZZDTI/test-intermediate-CA-trusted-certificate-0001.pem --login --set-pin=123456 --label 'Test Organization Intermediate Trusted Certificate 0001' --id 00112233445566778899FFAABBCCDDEEFF012345 781s + openssl rsa -passin pass:random-intermediate-ca-trusted-cert-0001-22958 -in /tmp/sssd-softhsm2-certs-5ZZDTI/test-intermediate-CA-trusted-certificate-0001-key.pem -out /tmp/sssd-softhsm2-certs-5ZZDTI/test-intermediate-CA-trusted-certificate-0001-key-decrypted.pem 781s writing RSA key 781s + p11tool --provider=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so --write --load-privkey=/tmp/sssd-softhsm2-certs-5ZZDTI/test-intermediate-CA-trusted-certificate-0001-key-decrypted.pem --login --set-pin=123456 --label 'Test Organization Intermediate Trusted Certificate 0001 Key' --id 00112233445566778899FFAABBCCDDEEFF012345 781s + rm /tmp/sssd-softhsm2-certs-5ZZDTI/test-intermediate-CA-trusted-certificate-0001-key-decrypted.pem 781s + p11tool --provider=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so --list-all 781s + echo 'Test Organization Interme Token' 781s + prepare_softhsm2_card /tmp/sssd-softhsm2-certs-5ZZDTI/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-23385 781s + local certificate=/tmp/sssd-softhsm2-certs-5ZZDTI/test-sub-intermediate-CA-trusted-certificate-0001.pem 781s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-23385 781s + local key_cn 781s + local key_name 781s + local tokens_dir 781s + local output_cert_file 781s + token_name= 781s ++ basename /tmp/sssd-soTest Organization Root Tr Token 781s Slot 0 has a free/uninitialized token. 781s The token has been initialized and is reassigned to slot 1550830551 781s Available slots: 781s Slot 1550830551 781s Slot info: 781s Description: SoftHSM slot ID 0x5c6fcbd7 781s Manufacturer ID: SoftHSM project 781s Hardware version: 2.6 781s Firmware version: 2.6 781s Token present: yes 781s Token info: 781s Manufacturer ID: SoftHSM project 781s Model: SoftHSM v2 781s Hardware version: 2.6 781s Firmware version: 2.6 781s Serial number: dea8c9d25c6fcbd7 781s Initialized: yes 781s User PIN init.: yes 781s Label: Test Organization Interme Token 781s Slot 1 781s Slot info: 781s Description: SoftHSM slot ID 0x1 781s Manufacturer ID: SoftHSM project 781s Hardware version: 2.6 781s Firmware version: 2.6 781s Token present: yes 781s Token info: 781s Manufacturer ID: SoftHSM project 781s Model: SoftHSM v2 781s Hardware version: 2.6 781s Firmware version: 2.6 781s Serial number: 781s Initialized: no 781s User PIN init.: no 781s Label: 781s Object 0: 781s URL: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=dea8c9d25c6fcbd7;token=Test%20Organization%20Interme%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Intermediate%20Trusted%20Certificate%200001;type=cert 781s Type: X.509 Certificate (RSA-1024) 781s Expires: Fri Mar 21 21:55:41 2025 781s Label: Test Organization Intermediate Trusted Certificate 0001 781s ID: 00:11:22:33:44:55:66:77:88:99:ff:aa:bb:cc:dd:ee:ff:01:23:45 781s 781s Test Organization Interme Token 781s Slot 0 has a free/uninitialized token. 781s The token has been initialized and is reassigned to slot 1868658176 781s Available slots: 781s Slot 1868658176 781s Slot info: 781s Description: SoftHSM slot ID 0x6f617600 781s Manufacturer ID: SoftHSM project 781s Hardware version: 2.6 781s Firmware version: 2.6 781s Token present: yes 781s Token info: 781s Manufacturer ID: SoftHSM project 781s Model: SoftHSM v2 781s Hardware version: 2.6 781s Firmware version: 2.6 781s Serial number: 8020b62b6f617600 781s Initialized: yes 781s User PIN init.: yes 781s Label: Test Organization Sub Int Token 781s Slot 1 781s Slot info: 781s Description: SoftHSM slot ID 0x1 781s Manufacturer ID: SoftHSM project 781s Hardware version: 2.6 781s Firmware version: 2.6 781s Token present: yes 781s Token info: 781s Manufacturer ID: SoftHSM project 781s Model: SoftHSM v2 781s Hardware version: 2.6 781s Firmware version: 2.6 781s Serial number: 781s Initialized: no 781s User PIN init.: no 781s Label: 781s Object 0: 781s URL: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=8020b62b6f617600;token=Test%20Organization%20Sub%20Int%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Sub%20Intermediate%20Trusted%20Certificate%200001;type=cert 781s Type: X.509 Certificate (RSA-1024) 781s Expires: Fri Mar 21 21:55:41 2025 781s Label: Test Organization Sub Intermediate Trusted Certificate 0001 781s ID: 00:11:22:33:44:55:66:77:88:99:ff:aa:bb:cc:dd:ee:ff:01:23:45 781s 781s Test Organization Sub Int Token 781s Certificates generation completed! 781s Using CA DB '/tmp/sssd-softhsm2-certs-5ZZDTI/test-full-chain-CA.pem' with verification options: '' 781s Label: Test Organization Root Tr Token 781s Label: Test Organization Root Tr Token 781s fthsm2-certs-5ZZDTI/test-sub-intermediate-CA-trusted-certificate-0001.pem .pem 781s + key_name=test-sub-intermediate-CA-trusted-certificate-0001 781s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-certs-5ZZDTI/test-sub-intermediate-CA-trusted-certificate-0001.pem 781s ++ sed -n 's/ *commonName *= //p' 781s + key_cn='Test Organization Sub Intermediate Trusted Certificate 0001' 781s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 781s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-certs-5ZZDTI/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 781s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-certs-5ZZDTI/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 781s ++ basename /tmp/sssd-softhsm2-certs-5ZZDTI/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf .conf 781s + tokens_dir=/tmp/sssd-softhsm2-certs-5ZZDTI/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 781s + token_name='Test Organization Sub Int Token' 781s + '[' '!' -e /tmp/sssd-softhsm2-certs-5ZZDTI/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf ']' 781s + local key_file 781s + local decrypted_key 781s + mkdir -p /tmp/sssd-softhsm2-certs-5ZZDTI/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 781s + key_file=/tmp/sssd-softhsm2-certs-5ZZDTI/test-sub-intermediate-CA-trusted-certificate-0001-key.pem 781s + decrypted_key=/tmp/sssd-softhsm2-certs-5ZZDTI/test-sub-intermediate-CA-trusted-certificate-0001-key-decrypted.pem 781s + cat 781s + softhsm2-util --init-token --label 'Test Organization Sub Int Token' --pin 123456 --so-pin 123456 --free 781s + softhsm2-util --show-slots 781s + p11tool --provider=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so --write --no-mark-private --load-certificate=/tmp/sssd-softhsm2-certs-5ZZDTI/test-sub-intermediate-CA-trusted-certificate-0001.pem --login --set-pin=123456 --label 'Test Organization Sub Intermediate Trusted Certificate 0001' --id 00112233445566778899FFAABBCCDDEEFF012345 781s + openssl rsa -passin pass:random-sub-intermediate-ca-trusted-cert-0001-23385 -in /tmp/sssd-softhsm2-certs-5ZZDTI/test-sub-intermediate-CA-trusted-certificate-0001-key.pem -out /tmp/sssd-softhsm2-certs-5ZZDTI/test-sub-intermediate-CA-trusted-certificate-0001-key-decrypted.pem 781s writing RSA key 781s + p11tool --provider=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so --write --load-privkey=/tmp/sssd-softhsm2-certs-5ZZDTI/test-sub-intermediate-CA-trusted-certificate-0001-key-decrypted.pem --login --set-pin=123456 --label 'Test Organization Sub Intermediate Trusted Certificate 0001 Key' --id 00112233445566778899FFAABBCCDDEEFF012345 781s + rm /tmp/sssd-softhsm2-certs-5ZZDTI/test-sub-intermediate-CA-trusted-certificate-0001-key-decrypted.pem 781s + p11tool --provider=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so --list-all 781s + echo 'Test Organization Sub Int Token' 781s + echo 'Certificates generation completed!' 781s + exit 0 781s + find /tmp/sssd-softhsm2-certs-5ZZDTI -type d -exec chmod 777 '{}' ';' 781s + find /tmp/sssd-softhsm2-certs-5ZZDTI -type f -exec chmod 666 '{}' ';' 781s + backup_file /etc/sssd/sssd.conf 781s + '[' -z '' ']' 781s ++ mktemp -d -t sssd-softhsm2-backups-XXXXXX 781s + backupsdir=/tmp/sssd-softhsm2-backups-dYjCoj 781s + '[' -e /etc/sssd/sssd.conf ']' 781s + delete_paths+=("$1") 781s + rm -f /etc/sssd/sssd.conf 781s ++ runuser -u ubuntu -- sh -c 'echo ~' 781s + user_home=/home/ubuntu 781s + mkdir -p /home/ubuntu 781s + chown ubuntu:ubuntu /home/ubuntu 781s ++ runuser -u ubuntu -- sh -c 'echo ${XDG_CONFIG_HOME:-~/.config}' 781s + user_config=/home/ubuntu/.config 781s + system_config=/etc 781s + softhsm2_conf_paths=("${AUTOPKGTEST_NORMAL_USER}:$user_config/softhsm2/softhsm2.conf" "root:$system_config/softhsm/softhsm2.conf") 781s + for path_pair in "${softhsm2_conf_paths[@]}" 781s + IFS=: 781s + read -r -a path 781s + path=/home/ubuntu/.config/softhsm2/softhsm2.conf 781s + backup_file /home/ubuntu/.config/softhsm2/softhsm2.conf 781s + '[' -z /tmp/sssd-softhsm2-backups-dYjCoj ']' 781s + '[' -e /home/ubuntu/.config/softhsm2/softhsm2.conf ']' 781s + delete_paths+=("$1") 781s + rm -f /home/ubuntu/.config/softhsm2/softhsm2.conf 781s + for path_pair in "${softhsm2_conf_paths[@]}" 781s + IFS=: 781s + read -r -a path 781s + path=/etc/softhsm/softhsm2.conf 781s + backup_file /etc/softhsm/softhsm2.conf 781s + '[' -z /tmp/sssd-softhsm2-backups-dYjCoj ']' 781s + '[' -e /etc/softhsm/softhsm2.conf ']' 781s ++ dirname /etc/softhsm/softhsm2.conf 781s + local back_dir=/tmp/sssd-softhsm2-backups-dYjCoj//etc/softhsm 781s ++ basename /etc/softhsm/softhsm2.conf 781s + local back_path=/tmp/sssd-softhsm2-backups-dYjCoj//etc/softhsm/softhsm2.conf 781s + '[' '!' -e /tmp/sssd-softhsm2-backups-dYjCoj//etc/softhsm/softhsm2.conf ']' 781s + mkdir -p /tmp/sssd-softhsm2-backups-dYjCoj//etc/softhsm 781s + cp -a /etc/softhsm/softhsm2.conf /tmp/sssd-softhsm2-backups-dYjCoj//etc/softhsm/softhsm2.conf 781s + restore_paths+=("$back_path") 781s + rm -f /etc/softhsm/softhsm2.conf 781s + test_authentication login /tmp/sssd-softhsm2-certs-5ZZDTI/softhsm2-test-root-CA-trusted-certificate-0001.conf /tmp/sssd-softhsm2-certs-5ZZDTI/test-full-chain-CA.pem 781s + pam_service=login 781s + certificate_config=/tmp/sssd-softhsm2-certs-5ZZDTI/softhsm2-test-root-CA-trusted-certificate-0001.conf 781s + ca_db=/tmp/sssd-softhsm2-certs-5ZZDTI/test-full-chain-CA.pem 781s + verification_options= 781s + mkdir -p -m 700 /etc/sssd 781s + echo 'Using CA DB '\''/tmp/sssd-softhsm2-certs-5ZZDTI/test-full-chain-CA.pem'\'' with verification options: '\'''\''' 781s + cat 781s + chmod 600 /etc/sssd/sssd.conf 781s + for path_pair in "${softhsm2_conf_paths[@]}" 781s + IFS=: 781s + read -r -a path 781s + user=ubuntu 781s + path=/home/ubuntu/.config/softhsm2/softhsm2.conf 781s ++ dirname /home/ubuntu/.config/softhsm2/softhsm2.conf 781s + runuser -u ubuntu -- mkdir -p /home/ubuntu/.config/softhsm2 781s + runuser -u ubuntu -- ln -sf /tmp/sssd-softhsm2-certs-5ZZDTI/softhsm2-test-root-CA-trusted-certificate-0001.conf /home/ubuntu/.config/softhsm2/softhsm2.conf 781s + runuser -u ubuntu -- softhsm2-util --show-slots 781s + grep 'Test Organization' 781s + for path_pair in "${softhsm2_conf_paths[@]}" 781s + IFS=: 781s + read -r -a path 781s + user=root 781s + path=/etc/softhsm/softhsm2.conf 781s ++ dirname /etc/softhsm/softhsm2.conf 781s + runuser -u root -- mkdir -p /etc/softhsm 781s + runuser -u root -- ln -sf /tmp/sssd-softhsm2-certs-5ZZDTI/softhsm2-test-root-CA-trusted-certificate-0001.conf /etc/softhsm/softhsm2.conf 781s + runuser -u root -- softhsm2-util --show-slots 781s + grep 'Test Organization' 781s + systemctl restart sssd 781s + pam-auth-update --disable sss-smart-card-optional sss-smart-card-required 781s + for alternative in "${alternative_pam_configs[@]}" 781s + pam-auth-update --enable sss-smart-card-optional 782s + cat /etc/pam.d/common-auth 782s # 782s # /etc/pam.d/common-auth - authentication settings common to all services 782s # 782s # This file is included from other service-specific PAM config files, 782s # and should contain a list of the authentication modules that define 782s # the central authentication scheme for use on the system 782s # (e.g., /etc/shadow, LDAP, Kerberos, etc.). The default is to use the 782s # traditional Unix authentication mechanisms. 782s # 782s # As of pam 1.0.1-6, this file is managed by pam-auth-update by default. 782s # To take advantage of this, it is recommended that you configure any 782s # local modules either before or after the default block, and use 782s # pam-auth-update to manage selection of other modules. See 782s # pam-auth-update(8) for details. 782s 782s # here are the per-package modules (the "Primary" block) 782s auth [success=3 default=ignore] pam_sss.so allow_missing_name try_cert_auth 782s auth [success=2 default=ignore] pam_unix.so nullok try_first_pass 782s auth [success=1 default=ignore] pam_sss.so use_first_pass 782s # here's the fallback if no module succeeds 782s auth requisite pam_deny.so 782s # prime the stack with a positive return value if there isn't one already; 782s # this avoids us returning an error just because nothing sets a success code 782s # since the modules above will each just jump around 782s auth required pam_permit.so 782s # and here are more per-package modules (the "Additional" block) 782s auth optional pam_cap.so 782s # end of pam-auth-update config 782s + echo -n -e 123456 782s + runuser -u ubuntu -- pamtester -v login ubuntu authenticate 782s pamtester: invoking pam_start(login, ubuntu, ...) 782s pamtester: performing operation - authenticate 782s PIN for Test Organization Root Tr Token: pamtester: successfully authenticated 782s + echo -n -e 123456 782s + runuser -u ubuntu -- pamtester -v login '' authenticate 782s pamtester: invoking pam_start(login, , ...) 782s pamtester: performing operation - authenticate 782s PIN for Test Organization Root Tr Token: pamtester: successfully authenticated 782s + echo -n -e wrong123456 782s + runuser -u ubuntu -- pamtester -v login ubuntu authenticate 782s pamtester: invoking pam_start(login, ubuntu, ...) 782s pamtester: performing operation - authenticate 785s PIN for Test Organization Root Tr Token: Password: pamtester: Authentication failure 785s + echo -n -e wrong123456 785s + runuser -u ubuntu -- pamtester -v login '' authenticate 785s pamtester: invoking pam_start(login, , ...) 785s pamtester: performing operation - authenticate 788s PIN for Test Organization Root Tr Token: Password: pamtester: Authentication failure 788s + echo -n -e 123456 788s + pamtester -v login root authenticate 788s pamtester: invoking pam_start(login, root, ...) 788s pamtester: performing operation - authenticate 790s Password: pamtester: Authentication failure 790s + for alternative in "${alternative_pam_configs[@]}" 790s + pam-auth-update --enable sss-smart-card-required 790s PAM configuration 790s ----------------- 790s 790s Incompatible PAM profiles selected. 790s 790s The following PAM profiles cannot be used together: 790s 790s SSS required smart card authentication, SSS optional smart card 790s authentication 790s 790s Please select a different set of modules to enable. 790s 790s + cat /etc/pam.d/common-auth 790s # 790s # /etc/pam.d/common-auth - authentication settings common to all services 790s # 790s # This file is included from other service-specific PAM config files, 790s # and should contain a list of the authentication modules that define 790s # the central authentication scheme for use on the system 790s # (e.g., /etc/shadow, LDAP, Kerberos, etc.). The default is to use the 790s # traditional Unix authentication mechanisms. 790s # 790s # As of pam 1.0.1-6, this file is managed by pam-auth-update by default. 790s # To take advantage of this, it is recommended that you configure any 790s # local modules either before or after the default block, and use 790s # pam-auth-update to manage selection of other modules. See 790s # pam-auth-update(8) for details. 790s 790s # here are the per-package modules (the "Primary" block) 790s auth [success=3 ignore=ignore default=die] pam_sss.so allow_missing_name require_cert_auth 790s auth [success=2 default=ignore] pam_unix.so nullok try_first_pass 790s auth [success=1 default=ignore] pam_sss.so use_first_pass 790s # here's the fallback if no module succeeds 790s auth requisite pam_deny.so 790s # prime the stack with a positive return value if there isn't one already; 790s # this avoids us returning an error just because nothing sets a success code 790s # since the modules above will each just jump around 790s auth required pam_permit.so 790s # and here are more per-package modules (the "Additional" block) 790s auth optional pam_cap.so 790s # end of pam-auth-update config 790s + echo -n -e 123456 790s + runuser -u ubuntu -- pamtester -v login ubuntu authenticate 790s pamtester: invoking pam_start(login, ubuntu, ...) 790s pamtester: performing operation - authenticate 790s PIN for Test Organization Root Tr Token: pamtester: successfully authenticated 790s + echo -n -e 123456 790s pamtester: successfully authenticated 790s + runuser -u ubuntu -- pamtester -v login '' authenticate 790s pamtester: invoking pam_start(login, , ...) 790s pamtester: performing operation - authenticate 790s PIN for Test Organization Root Tr Token: + echo -n -e wrong123456 790s + runuser -u ubuntu -- pamtester -v login ubuntu authenticate 790s pamtester: invoking pam_start(login, ubuntu, ...) 790s pamtester: performing operation - authenticate 793s PIN for Test Organization Root Tr Token: pamtester: Authentication failure 793s + echo -n -e wrong123456 793s + runuser -u ubuntu -- pamtester -v login '' authenticate 793s pamtester: invoking pam_start(login, , ...) 793s pamtester: performing operation - authenticate 796s PIN for Test Organization Root Tr Token: pamtester: Authentication failure 796s + echo -n -e 123456 796s + pamtester -v login root authenticate 796s pamtester: invoking pam_start(login, root, ...) 796s pamtester: performing operation - authenticate 800s pamtester: Authentication service cannot retrieve authentication info 800s + test_authentication login /tmp/sssd-softhsm2-certs-5ZZDTI/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf /tmp/sssd-softhsm2-certs-5ZZDTI/test-full-chain-CA.pem 800s + pam_service=login 800s + certificate_config=/tmp/sssd-softhsm2-certs-5ZZDTI/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 800s + ca_db=/tmp/sssd-softhsm2-certs-5ZZDTI/test-full-chain-CA.pem 800s + verification_options= 800s + mkdir -p -m 700 /etc/sssd 800s Using CA DB '/tmp/sssd-softhsm2-certs-5ZZDTI/test-full-chain-CA.pem' with verification options: '' 800s + echo 'Using CA DB '\''/tmp/sssd-softhsm2-certs-5ZZDTI/test-full-chain-CA.pem'\'' with verification options: '\'''\''' 800s + cat 800s Label: Test Organization Sub Int Token 800s Label: Test Organization Sub Int Token 800s + chmod 600 /etc/sssd/sssd.conf 800s + for path_pair in "${softhsm2_conf_paths[@]}" 800s + IFS=: 800s + read -r -a path 800s + user=ubuntu 800s + path=/home/ubuntu/.config/softhsm2/softhsm2.conf 800s ++ dirname /home/ubuntu/.config/softhsm2/softhsm2.conf 800s + runuser -u ubuntu -- mkdir -p /home/ubuntu/.config/softhsm2 800s + runuser -u ubuntu -- ln -sf /tmp/sssd-softhsm2-certs-5ZZDTI/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf /home/ubuntu/.config/softhsm2/softhsm2.conf 800s + runuser -u ubuntu -- softhsm2-util --show-slots 800s + grep 'Test Organization' 800s + for path_pair in "${softhsm2_conf_paths[@]}" 800s + IFS=: 800s + read -r -a path 800s + user=root 800s + path=/etc/softhsm/softhsm2.conf 800s ++ dirname /etc/softhsm/softhsm2.conf 800s + runuser -u root -- mkdir -p /etc/softhsm 800s + runuser -u root -- ln -sf /tmp/sssd-softhsm2-certs-5ZZDTI/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf /etc/softhsm/softhsm2.conf 800s + runuser -u root -- softhsm2-util --show-slots 800s + grep 'Test Organization' 800s + systemctl restart sssd 800s + pam-auth-update --disable sss-smart-card-optional sss-smart-card-required 801s + for alternative in "${alternative_pam_configs[@]}" 801s + pam-auth-update --enable sss-smart-card-optional 801s + cat /etc/pam.d/common-auth 801s # 801s # /etc/pam.d/common-auth - authentication settings common to all services 801s # 801s # This file is included from other service-specific PAM config files, 801s # and should contain a list of the authentication modules that define 801s # the central authentication scheme for use on the system 801s # (e.g., /etc/shadow, LDAP, Kerberos, etc.). The default is to use the 801s # traditional Unix authentication mechanisms. 801s # 801s # As of pam 1.0.1-6, this file is managed by pam-auth-update by default. 801s # To take advantage of this, it is recommended that you configure any 801s # local modules either before or after the default block, and use 801s # pam-auth-update to manage selection of other modules. See 801s # pam-auth-update(8) for details. 801s 801s # here are the per-package modules (the "Primary" block) 801s auth [success=3 default=ignore] pam_sss.so allow_missing_name try_cert_auth 801s auth [success=2 default=ignore] pam_unix.so nullok try_first_pass 801s auth [success=1 default=ignore] pam_sss.so use_first_pass 801s # here's the fallback if no module succeeds 801s auth requisite pam_deny.so 801s # prime the stack with a positive return value if there isn't one already; 801s # this avoids us returning an error just because nothing sets a success code 801s # since the modules above will each just jump around 801s auth required pam_permit.so 801s # and here are more per-package modules (the "Additional" block) 801s auth optional pam_cap.so 801s # end of pam-auth-update config 801s + echo -n -e 123456 801s + runuser -u ubuntu -- pamtester -v login ubuntu authenticate 801s pamtester: invoking pam_start(login, ubuntu, ...) 801s pamtester: performing operation - authenticate 801s PIN for Test Organization Sub Int Token: pamtester: successfully authenticated 801s + echo -n -e 123456 801s + runuser -u ubuntu -- pamtester -v login '' authenticate 801s pamtester: invoking pam_start(login, , ...) 801s pamtester: performing operation - authenticate 801s PIN for Test Organization Sub Int Token: pamtester: successfully authenticated 801s + echo -n -e wrong123456 801s + runuser -u ubuntu -- pamtester -v login ubuntu authenticate 801s pamtester: invoking pam_start(login, ubuntu, ...) 801s pamtester: performing operation - authenticate 804s PIN for Test Organization Sub Int Token: Password: pamtester: Authentication failure 804s + echo -n -e wrong123456 804s + runuser -u ubuntu -- pamtester -v login '' authenticate 804s pamtester: invoking pam_start(login, , ...) 804s pamtester: performing operation - authenticate 807s PIN for Test Organization Sub Int Token: Password: pamtester: Authentication failure 807s + echo -n -e 123456 807s + pamtester -v login root authenticate 807s pamtester: invoking pam_start(login, root, ...) 807s pamtester: performing operation - authenticate 810s Password: pamtester: Authentication failure 810s + for alternative in "${alternative_pam_configs[@]}" 810s + pam-auth-update --enable sss-smart-card-required 810s PAM configuration 810s ----------------- 810s 810s Incompatible PAM profiles selected. 810s 810s The following PAM profiles cannot be used together: 810s 810s SSS required smart card authentication, SSS optional smart card 810s authentication 810s 810s Please select a different set of modules to enable. 810s 810s # 810s # /etc/pam.d/common-auth - authentication settings common to all services 810s # 810s # This file is included from other service-specific PAM config files, 810s # and should contain a list of the authentication modules that define 810s # the central authentication scheme for use on the system 810s # (e.g., /etc/shadow, LDAP, Kerberos, etc.). The default is to use the 810s # traditional Unix authentication mechanisms. 810s # 810s # As of pam 1.0.1-6, this file is managed by pam-auth-update by default. 810s # To take advantage of this, it is recommended that you configure any 810s # local modules either before or after the default block, and use 810s # pam-auth-update to manage selection of other modules. See 810s # pam-auth-update(8) for details. 810s 810s # here are the per-package modules (the "Primary" block) 810s auth [success=3 ignore=ignore default=die] pam_sss.so allow_missing_name require_cert_auth 810s auth [success=2 default=ignore] pam_unix.so nullok try_first_pass 810s auth [success=1 default=ignore] pam_sss.so use_first_pass 810s # here's the fallback if no module succeeds 810s auth requisite pam_deny.so 810s # prime the stack with a positive return value if there isn't one already; 810s # this avoids us returning an error just because nothing sets a success code 810s # since the modules above will each just jump around 810s auth required pam_permit.so 810s # and here are more per-package modules (the "Additional" block) 810s auth optional pam_cap.so 810s # end of pam-auth-update config 810s + cat /etc/pam.d/common-auth 810s + echo -n -e 123456 810s + runuser -u ubuntu -- pamtester -v login ubuntu authenticate 810s pamtester: invoking pam_start(login, ubuntu, ...) 810s pamtester: performing operation - authenticate 810s PIN for Test Organization Sub Int Token: pamtester: successfully authenticated 810s + echo -n -e 123456 810s + runuser -u ubuntu -- pamtester -v login '' authenticate 810s pamtester: invoking pam_start(login, , ...) 810s pamtester: performing operation - authenticate 810s PIN for Test Organization Sub Int Token: pamtester: successfully authenticated 810s + echo -n -e wrong123456 810s + runuser -u ubuntu -- pamtester -v login ubuntu authenticate 810s pamtester: invoking pam_start(login, ubuntu, ...) 810s pamtester: performing operation - authenticate 813s PIN for Test Organization Sub Int Token: pamtester: Authentication failure 813s + echo -n -e wrong123456 813s + runuser -u ubuntu -- pamtester -v login '' authenticate 813s pamtester: invoking pam_start(login, , ...) 813s pamtester: performing operation - authenticate 816s PIN for Test Organization Sub Int Token: pamtester: Authentication failure 816s + echo -n -e 123456 816s + pamtester -v login root authenticate 816s pamtester: invoking pam_start(login, root, ...) 816s pamtester: performing operation - authenticate 818s pamtester: Authentication service cannot retrieve authentication info 818s + test_authentication login /tmp/sssd-softhsm2-certs-5ZZDTI/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf /tmp/sssd-softhsm2-certs-5ZZDTI/test-sub-intermediate-CA.pem partial_chain 818s + pam_service=login 818s + certificate_config=/tmp/sssd-softhsm2-certs-5ZZDTI/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 818s + ca_db=/tmp/sssd-softhsm2-certs-5ZZDTI/test-sub-intermediate-CA.pem 818s + verification_options=partial_chain 818s + mkdir -p -m 700 /etc/sssd 818s + echo 'Using CA DB '\''/tmp/sssd-softhsm2-certs-5ZZDTI/test-sub-intermediate-CA.pem'\'' with verification options: '\''partial_chain'\''' 818s Using CA DB '/tmp/sssd-softhsm2-certs-5ZZDTI/test-sub-intermediate-CA.pem' with verification options: 'partial_chain' 818s + cat 818s Label: Test Organization Sub Int Token 818s Label: Test Organization Sub Int Token 818s + chmod 600 /etc/sssd/sssd.conf 818s + for path_pair in "${softhsm2_conf_paths[@]}" 818s + IFS=: 818s + read -r -a path 818s + user=ubuntu 818s + path=/home/ubuntu/.config/softhsm2/softhsm2.conf 818s ++ dirname /home/ubuntu/.config/softhsm2/softhsm2.conf 818s + runuser -u ubuntu -- mkdir -p /home/ubuntu/.config/softhsm2 818s + runuser -u ubuntu -- ln -sf /tmp/sssd-softhsm2-certs-5ZZDTI/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf /home/ubuntu/.config/softhsm2/softhsm2.conf 818s + runuser -u ubuntu -- softhsm2-util --show-slots 818s + grep 'Test Organization' 818s + for path_pair in "${softhsm2_conf_paths[@]}" 818s + IFS=: 818s + read -r -a path 818s + user=root 818s + path=/etc/softhsm/softhsm2.conf 818s ++ dirname /etc/softhsm/softhsm2.conf 818s + runuser -u root -- mkdir -p /etc/softhsm 818s + runuser -u root -- ln -sf /tmp/sssd-softhsm2-certs-5ZZDTI/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf /etc/softhsm/softhsm2.conf 818s + runuser -u root -- softhsm2-util --show-slots 818s + grep 'Test Organization' 818s + systemctl restart sssd 819s + pam-auth-update --disable sss-smart-card-optional sss-smart-card-required 819s + for alternative in "${alternative_pam_configs[@]}" 819s + pam-auth-update --enable sss-smart-card-optional 819s + cat /etc/pam.d/common-auth 819s # 819s # /etc/pam.d/common-auth - authentication settings common to all services 819s # 819s # This file is included from other service-specific PAM config files, 819s # and should contain a list of the authentication modules that define 819s # the central authentication scheme for use on the system 819s # (e.g., /etc/shadow, LDAP, Kerberos, etc.). The default is to use the 819s # traditional Unix authentication mechanisms. 819s # 819s # As of pam 1.0.1-6, this file is managed by pam-auth-update by default. 819s # To take advantage of this, it is recommended that you configure any 819s # local modules either before or after the default block, and use 819s # pam-auth-update to manage selection of other modules. See 819s # pam-auth-update(8) for details. 819s 819s # here are the per-package modules (the "Primary" block) 819s auth [success=3 default=ignore] pam_sss.so allow_missing_name try_cert_auth 819s auth [success=2 default=ignore] pam_unix.so nullok try_first_pass 819s auth [success=1 default=ignore] pam_sss.so use_first_pass 819s # here's the fallback if no module succeeds 819s auth requisite pam_deny.so 819s # prime the stack with a positive return value if there isn't one already; 819s # this avoids us returning an error just because nothing sets a success code 819s # since the modules above will each just jump around 819s auth required pam_permit.so 819s # and here are more per-package modules (the "Additional" block) 819s auth optional pam_cap.so 819s # end of pam-auth-update config 819s + echo -n -e 123456 819s + runuser -u ubuntu -- pamtester -v login ubuntu authenticate 819s pamtester: invoking pam_start(login, ubuntu, ...) 819s pamtester: performing operation - authenticate 819s PIN for Test Organization Sub Int Token: pamtester: successfully authenticated 819s + echo -n -e 123456 819s + runuser -u ubuntu -- pamtester -v login '' authenticate 819s pamtester: invoking pam_start(login, , ...) 819s pamtester: performing operation - authenticate 819s PIN for Test Organization Sub Int Token: pamtester: successfully authenticated 819s + echo -n -e wrong123456 819s + runuser -u ubuntu -- pamtester -v login ubuntu authenticate 819s pamtester: invoking pam_start(login, ubuntu, ...) 819s pamtester: performing operation - authenticate 823s PIN for Test Organization Sub Int Token: Password: pamtester: Authentication failure 823s + echo -n -e wrong123456 823s + runuser -u ubuntu -- pamtester -v login '' authenticate 823s pamtester: invoking pam_start(login, , ...) 823s pamtester: performing operation - authenticate 826s PIN for Test Organization Sub Int Token: Password: pamtester: Authentication failure 826s + echo -n -e 123456 826s + pamtester -v login root authenticate 826s pamtester: invoking pam_start(login, root, ...) 826s pamtester: performing operation - authenticate 829s Password: pamtester: Authentication failure 829s + for alternative in "${alternative_pam_configs[@]}" 829s + pam-auth-update --enable sss-smart-card-required 829s PAM configuration 829s ----------------- 829s 829s Incompatible PAM profiles selected. 829s 829s The following PAM profiles cannot be used together: 829s 829s SSS required smart card authentication, SSS optional smart card 829s authentication 829s 829s Please select a different set of modules to enable. 829s 829s + cat /etc/pam.d/common-auth 829s # 829s # /etc/pam.d/common-auth - authentication settings common to all services 829s # 829s # This file is included from other service-specific PAM config files, 829s # and should contain a list of the authentication modules that define 829s # the central authentication scheme for use on the system 829s # (e.g., /etc/shadow, LDAP, Kerberos, etc.). The default is to use the 829s # traditional Unix authentication mechanisms. 829s # 829s # As of pam 1.0.1-6, this file is managed by pam-auth-update by default. 829s # To take advantage of this, it is recommended that you configure any 829s # local modules either before or after the default block, and use 829s # pam-auth-update to manage selection of other modules. See 829s # pam-auth-update(8) for details. 829s 829s # here are the per-package modules (the "Primary" block) 829s auth [success=3 ignore=ignore default=die] pam_sss.so allow_missing_name require_cert_auth 829s auth [success=2 default=ignore] pam_unix.so nullok try_first_pass 829s auth [success=1 default=ignore] pam_sss.so use_first_pass 829s # here's the fallback if no module succeeds 829s auth requisite pam_deny.so 829s # prime the stack with a positive return value if there isn't one already; 829s # this avoids us returning an error just because nothing sets a success code 829s # since the modules above will each just jump around 829s auth required pam_permit.so 829s # and here are more per-package modules (the "Additional" block) 829s auth optional pam_cap.so 829s # end of pam-auth-update config 829s + echo -n -e 123456 829s + runuser -u ubuntu -- pamtester -v login ubuntu authenticate 829s pamtester: invoking pam_start(login, ubuntu, ...) 829s pamtester: performing operation - authenticate 829s PIN for Test Organization Sub Int Token: pamtester: successfully authenticated 829s + echo -n -e 123456 829s + runuser -u ubuntu -- pamtester -v login '' authenticate 829s pamtester: invoking pam_start(login, , ...) 829s pamtester: performing operation - authenticate 829s PIN for Test Organization Sub Int Token: pamtester: successfully authenticated 829s + echo -n -e wrong123456 829s + runuser -u ubuntu -- pamtester -v login ubuntu authenticate 829s pamtester: invoking pam_start(login, ubuntu, ...) 829s pamtester: performing operation - authenticate 832s PIN for Test Organization Sub Int Token: pamtester: Authentication failure 832s + echo -n -e wrong123456 832s + runuser -u ubuntu -- pamtester -v login '' authenticate 832s pamtester: invoking pam_start(login, , ...) 832s pamtester: performing operation - authenticate 835s PIN for Test Organization Sub Int Token: pamtester: Authentication failure 835s + echo -n -e 123456 835s + pamtester -v login root authenticate 835s pamtester: invoking pam_start(login, root, ...) 835s pamtester: performing operation - authenticate 838s pamtester: Authentication service cannot retrieve authentication info 838s + handle_exit 838s + exit_code=0 838s + restore_changes 838s + for path in "${restore_paths[@]}" 838s + local original_path 838s ++ realpath --strip --relative-base=/tmp/sssd-softhsm2-backups-dYjCoj /tmp/sssd-softhsm2-backups-dYjCoj//etc/softhsm/softhsm2.conf 838s + original_path=/etc/softhsm/softhsm2.conf 838s + rm /etc/softhsm/softhsm2.conf 838s + mv /tmp/sssd-softhsm2-backups-dYjCoj//etc/softhsm/softhsm2.conf /etc/softhsm/softhsm2.conf 838s + for path in "${delete_paths[@]}" 838s + rm -f /etc/sssd/sssd.conf 838s + for path in "${delete_paths[@]}" 838s + rm -f /home/ubuntu/.config/softhsm2/softhsm2.conf 838s + pam-auth-update --disable sss-smart-card-optional sss-smart-card-required 838s + '[' -e /etc/sssd/sssd.conf ']' 838s + systemctl stop sssd 839s + '[' -e /etc/softhsm/softhsm2.conf ']' 839s + chmod 600 /etc/softhsm/softhsm2.conf 839s + rm -rf /tmp/sssd-softhsm2-certs-5ZZDTI 839s + '[' 0 = 0 ']' 839s + rm -rf /tmp/sssd-softhsm2-backups-dYjCoj 839s Script completed successfully! 839s + set +x 839s autopkgtest [21:56:40]: test sssd-smart-card-pam-auth-configs: -----------------------] 839s autopkgtest [21:56:40]: test sssd-smart-card-pam-auth-configs: - - - - - - - - - - results - - - - - - - - - - 839s sssd-smart-card-pam-auth-configs PASS 840s autopkgtest [21:56:41]: @@@@@@@@@@@@@@@@@@@@ summary 840s ldap-user-group-ldap-auth PASS 840s ldap-user-group-krb5-auth PASS 840s sssd-softhism2-certificates-tests.sh PASS 840s sssd-smart-card-pam-auth-configs PASS 858s Creating nova instance adt-noble-s390x-sssd-20240321-214241-juju-7f2275-prod-proposed-migration-environment-2 from image adt/ubuntu-noble-s390x-server-20240321.img (UUID a4b1c77c-a35e-4d28-a8d9-902a1febb465)... 858s Creating nova instance adt-noble-s390x-sssd-20240321-214241-juju-7f2275-prod-proposed-migration-environment-2 from image adt/ubuntu-noble-s390x-server-20240321.img (UUID a4b1c77c-a35e-4d28-a8d9-902a1febb465)...