0s autopkgtest [00:30:48]: starting date and time: 2024-03-22 00:30:48+0000 0s autopkgtest [00:30:48]: git checkout: 4a1cd702 l/adt_testbed: don't blame the testbed for unsolvable build deps 0s autopkgtest [00:30:48]: host juju-7f2275-prod-proposed-migration-environment-3; command line: /home/ubuntu/autopkgtest/runner/autopkgtest --output-dir /tmp/autopkgtest-work.5o2p0v1f/out --timeout-copy=6000 --setup-commands /home/ubuntu/autopkgtest-cloud/worker-config-production/setup-canonical.sh --setup-commands /home/ubuntu/autopkgtest/setup-commands/setup-testbed --apt-pocket=proposed=src:cyrus-sasl2,src:db5.3,src:heimdal,src:openssl --apt-upgrade sssd --timeout-short=300 --timeout-copy=20000 --timeout-build=20000 '--env=ADT_TEST_TRIGGERS=cyrus-sasl2/2.1.28+dfsg1-5ubuntu1 db5.3/5.3.28+dfsg2-6 heimdal/7.8.git20221117.28daf24+dfsg-5ubuntu2 openssl/3.0.13-0ubuntu2' -- ssh -s /home/ubuntu/autopkgtest/ssh-setup/nova -- --flavor autopkgtest --security-groups autopkgtest-juju-7f2275-prod-proposed-migration-environment-3@bos02-s390x-10.secgroup --name adt-noble-s390x-sssd-20240322-003047-juju-7f2275-prod-proposed-migration-environment-3 --image adt/ubuntu-noble-s390x-server --keyname testbed-juju-7f2275-prod-proposed-migration-environment-3 --net-id=net_prod-proposed-migration -e TERM=linux -e ''"'"'http_proxy=http://squid.internal:3128'"'"'' -e ''"'"'https_proxy=http://squid.internal:3128'"'"'' -e ''"'"'no_proxy=127.0.0.1,127.0.1.1,login.ubuntu.com,localhost,localdomain,novalocal,internal,archive.ubuntu.com,ports.ubuntu.com,security.ubuntu.com,ddebs.ubuntu.com,changelogs.ubuntu.com,launchpadlibrarian.net,launchpadcontent.net,launchpad.net,10.24.0.0/24,keystone.ps5.canonical.com,objectstorage.prodstack5.canonical.com'"'"'' --mirror=http://ftpmaster.internal/ubuntu/ 65s autopkgtest [00:31:53]: testbed dpkg architecture: s390x 65s autopkgtest [00:31:53]: testbed apt version: 2.7.12 65s autopkgtest [00:31:53]: @@@@@@@@@@@@@@@@@@@@ test bed setup 66s Get:1 http://ftpmaster.internal/ubuntu noble-proposed InRelease [117 kB] 67s Get:2 http://ftpmaster.internal/ubuntu noble-proposed/main Sources [494 kB] 67s Get:3 http://ftpmaster.internal/ubuntu noble-proposed/universe Sources [3800 kB] 67s Get:4 http://ftpmaster.internal/ubuntu noble-proposed/multiverse Sources [53.9 kB] 67s Get:5 http://ftpmaster.internal/ubuntu noble-proposed/restricted Sources [6540 B] 67s Get:6 http://ftpmaster.internal/ubuntu noble-proposed/main s390x Packages [670 kB] 67s Get:7 http://ftpmaster.internal/ubuntu noble-proposed/main s390x c-n-f Metadata [3032 B] 67s Get:8 http://ftpmaster.internal/ubuntu noble-proposed/restricted s390x Packages [1372 B] 67s Get:9 http://ftpmaster.internal/ubuntu noble-proposed/restricted s390x c-n-f Metadata [116 B] 67s Get:10 http://ftpmaster.internal/ubuntu noble-proposed/universe s390x Packages [3989 kB] 68s Get:11 http://ftpmaster.internal/ubuntu noble-proposed/universe s390x c-n-f Metadata [7292 B] 68s Get:12 http://ftpmaster.internal/ubuntu noble-proposed/multiverse s390x Packages [45.1 kB] 68s Get:13 http://ftpmaster.internal/ubuntu noble-proposed/multiverse s390x c-n-f Metadata [116 B] 70s Fetched 9188 kB in 3s (3518 kB/s) 70s Reading package lists... 72s Reading package lists... 72s Building dependency tree... 72s Reading state information... 73s Calculating upgrade... 73s The following packages will be REMOVED: 73s libssl3 73s The following NEW packages will be installed: 73s libssl3t64 73s The following packages have been kept back: 73s libsasl2-2 libsasl2-modules-db 73s The following packages will be upgraded: 73s cloud-init debianutils libsasl2-modules openssl python3-markupsafe 73s 5 upgraded, 1 newly installed, 1 to remove and 2 not upgraded. 73s Need to get 3461 kB of archives. 73s After this operation, 244 kB of additional disk space will be used. 73s Get:1 http://ftpmaster.internal/ubuntu noble/main s390x debianutils s390x 5.17 [90.1 kB] 73s Get:2 http://ftpmaster.internal/ubuntu noble-proposed/main s390x openssl s390x 3.0.13-0ubuntu2 [1010 kB] 73s Get:3 http://ftpmaster.internal/ubuntu noble-proposed/main s390x libsasl2-modules s390x 2.1.28+dfsg1-5ubuntu1 [76.6 kB] 73s Get:4 http://ftpmaster.internal/ubuntu noble-proposed/main s390x libssl3t64 s390x 3.0.13-0ubuntu2 [1675 kB] 73s Get:5 http://ftpmaster.internal/ubuntu noble/main s390x python3-markupsafe s390x 2.1.5-1build1 [12.8 kB] 73s Get:6 http://ftpmaster.internal/ubuntu noble/main s390x cloud-init all 24.1.2-0ubuntu1 [597 kB] 74s Preconfiguring packages ... 74s Fetched 3461 kB in 1s (5062 kB/s) 74s (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 52171 files and directories currently installed.) 74s Preparing to unpack .../debianutils_5.17_s390x.deb ... 74s Unpacking debianutils (5.17) over (5.16) ... 74s Setting up debianutils (5.17) ... 74s (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 52171 files and directories currently installed.) 74s Preparing to unpack .../openssl_3.0.13-0ubuntu2_s390x.deb ... 74s Unpacking openssl (3.0.13-0ubuntu2) over (3.0.10-1ubuntu4) ... 74s Preparing to unpack .../libsasl2-modules_2.1.28+dfsg1-5ubuntu1_s390x.deb ... 74s Unpacking libsasl2-modules:s390x (2.1.28+dfsg1-5ubuntu1) over (2.1.28+dfsg1-4) ... 74s dpkg: libssl3:s390x: dependency problems, but removing anyway as you requested: 74s wget depends on libssl3 (>= 3.0.0). 74s tnftp depends on libssl3 (>= 3.0.0). 74s tcpdump depends on libssl3 (>= 3.0.0). 74s systemd-resolved depends on libssl3 (>= 3.0.0). 74s systemd depends on libssl3 (>= 3.0.0). 74s sudo depends on libssl3 (>= 3.0.0). 74s s390-tools depends on libssl3 (>= 3.0.0). 74s rsync depends on libssl3 (>= 3.0.0). 74s python3-cryptography depends on libssl3 (>= 3.0.0). 74s openssh-server depends on libssl3 (>= 3.0.10). 74s openssh-client depends on libssl3 (>= 3.0.10). 74s linux-headers-6.8.0-11-generic depends on libssl3 (>= 3.0.0). 74s libsystemd-shared:s390x depends on libssl3 (>= 3.0.0). 74s libssh-4:s390x depends on libssl3 (>= 3.0.0). 74s libsasl2-2:s390x depends on libssl3 (>= 3.0.0). 74s libpython3.12-minimal:s390x depends on libssl3 (>= 3.0.0). 74s libpython3.11-minimal:s390x depends on libssl3 (>= 3.0.0). 74s libnvme1 depends on libssl3 (>= 3.0.0). 74s libkrb5-3:s390x depends on libssl3 (>= 3.0.0). 74s libkmod2:s390x depends on libssl3 (>= 3.0.0). 74s libfido2-1:s390x depends on libssl3 (>= 3.0.0). 74s libcurl4:s390x depends on libssl3 (>= 3.0.0). 74s libcryptsetup12:s390x depends on libssl3 (>= 3.0.0). 74s kmod depends on libssl3 (>= 3.0.0). 74s dhcpcd-base depends on libssl3 (>= 3.0.0). 74s bind9-libs:s390x depends on libssl3 (>= 3.0.0). 74s 74s (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 52171 files and directories currently installed.) 74s Removing libssl3:s390x (3.0.10-1ubuntu4) ... 74s Selecting previously unselected package libssl3t64:s390x. 74s (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 52160 files and directories currently installed.) 74s Preparing to unpack .../libssl3t64_3.0.13-0ubuntu2_s390x.deb ... 74s Unpacking libssl3t64:s390x (3.0.13-0ubuntu2) ... 74s Preparing to unpack .../python3-markupsafe_2.1.5-1build1_s390x.deb ... 74s Unpacking python3-markupsafe (2.1.5-1build1) over (2.1.5-1) ... 74s Preparing to unpack .../cloud-init_24.1.2-0ubuntu1_all.deb ... 74s Unpacking cloud-init (24.1.2-0ubuntu1) over (24.1.1-0ubuntu1) ... 75s Setting up cloud-init (24.1.2-0ubuntu1) ... 76s Setting up libssl3t64:s390x (3.0.13-0ubuntu2) ... 76s Setting up libsasl2-modules:s390x (2.1.28+dfsg1-5ubuntu1) ... 76s Setting up python3-markupsafe (2.1.5-1build1) ... 76s Setting up openssl (3.0.13-0ubuntu2) ... 76s Processing triggers for rsyslog (8.2312.0-3ubuntu3) ... 76s Processing triggers for man-db (2.12.0-3) ... 77s Processing triggers for libc-bin (2.39-0ubuntu2) ... 77s Reading package lists... 77s Building dependency tree... 77s Reading state information... 78s 0 upgraded, 0 newly installed, 0 to remove and 2 not upgraded. 78s Unknown architecture, assuming PC-style ttyS0 78s sh: Attempting to set up Debian/Ubuntu apt sources automatically 78s sh: Distribution appears to be Ubuntu 79s Reading package lists... 79s Building dependency tree... 79s Reading state information... 79s eatmydata is already the newest version (131-1). 79s 0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded. 79s Reading package lists... 79s Building dependency tree... 79s Reading state information... 80s dbus is already the newest version (1.14.10-4ubuntu1). 80s 0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded. 80s Reading package lists... 80s Building dependency tree... 80s Reading state information... 80s rng-tools-debian is already the newest version (2.4). 80s 0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded. 80s Reading package lists... 80s Building dependency tree... 80s Reading state information... 80s The following packages will be REMOVED: 80s cloud-init* python3-configobj* python3-debconf* 80s 0 upgraded, 0 newly installed, 3 to remove and 0 not upgraded. 80s After this operation, 3256 kB disk space will be freed. 80s (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 52172 files and directories currently installed.) 80s Removing cloud-init (24.1.2-0ubuntu1) ... 81s Removing python3-configobj (5.0.8-3) ... 81s Removing python3-debconf (1.5.86) ... 81s Processing triggers for man-db (2.12.0-3) ... 81s (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 51783 files and directories currently installed.) 81s Purging configuration files for cloud-init (24.1.2-0ubuntu1) ... 82s dpkg: warning: while removing cloud-init, directory '/etc/cloud/cloud.cfg.d' not empty so not removed 82s Processing triggers for rsyslog (8.2312.0-3ubuntu3) ... 82s invoke-rc.d: policy-rc.d denied execution of try-restart. 82s Reading package lists... 82s Building dependency tree... 82s Reading state information... 83s linux-generic is already the newest version (6.8.0-11.11+1). 83s 0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded. 83s Hit:1 http://ftpmaster.internal/ubuntu noble InRelease 83s Hit:2 http://ftpmaster.internal/ubuntu noble-updates InRelease 83s Hit:3 http://ftpmaster.internal/ubuntu noble-security InRelease 85s Reading package lists... 85s Reading package lists... 85s Building dependency tree... 85s Reading state information... 85s Calculating upgrade... 85s 0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded. 85s Reading package lists... 85s Building dependency tree... 85s Reading state information... 86s 0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded. 86s autopkgtest [00:32:14]: rebooting testbed after setup commands that affected boot 104s autopkgtest [00:32:32]: testbed running kernel: Linux 6.8.0-11-generic #11-Ubuntu SMP Tue Feb 13 23:45:46 UTC 2024 107s autopkgtest [00:32:35]: @@@@@@@@@@@@@@@@@@@@ apt-source sssd 125s Get:1 http://ftpmaster.internal/ubuntu noble/main sssd 2.9.4-1ubuntu1 (dsc) [5269 B] 125s Get:2 http://ftpmaster.internal/ubuntu noble/main sssd 2.9.4-1ubuntu1 (tar) [7983 kB] 125s Get:3 http://ftpmaster.internal/ubuntu noble/main sssd 2.9.4-1ubuntu1 (asc) [833 B] 125s Get:4 http://ftpmaster.internal/ubuntu noble/main sssd 2.9.4-1ubuntu1 (diff) [48.4 kB] 125s gpgv: Signature made Mon Feb 26 21:56:54 2024 UTC 125s gpgv: using RSA key E92FD0B36B14F1F4D8E0EB2F106DA1C8C3CBBF14 125s gpgv: Can't check signature: No public key 125s dpkg-source: warning: cannot verify inline signature for ./sssd_2.9.4-1ubuntu1.dsc: no acceptable signature found 125s autopkgtest [00:32:53]: testing package sssd version 2.9.4-1ubuntu1 126s autopkgtest [00:32:54]: build not needed 128s autopkgtest [00:32:56]: test ldap-user-group-ldap-auth: preparing testbed 138s Reading package lists... 138s Building dependency tree... 138s Reading state information... 139s Starting pkgProblemResolver with broken count: 0 139s Starting 2 pkgProblemResolver with broken count: 0 139s Done 139s The following additional packages will be installed: 139s expect ldap-utils libavahi-client3 libavahi-common-data libavahi-common3 139s libbasicobjects0 libc-ares2 libcollection4 libcrack2 libdhash1 139s libevent-2.1-7 libini-config5 libipa-hbac-dev libipa-hbac0 libjose0 libkrad0 139s libldb2 libltdl7 libnfsidmap1 libnss-sss libnss-sudo libodbc2 139s libpam-pwquality libpam-sss libpath-utils1 libpwquality-common libpwquality1 139s libref-array1 libsmbclient libsss-certmap-dev libsss-certmap0 139s libsss-idmap-dev libsss-idmap0 libsss-nss-idmap-dev libsss-nss-idmap0 139s libsss-sudo libtalloc2 libtcl8.6 libtdb1 libtevent0 libverto-libevent1 139s libverto1 libwbclient0 python3-libipa-hbac python3-libsss-nss-idmap 139s python3-sss samba-libs slapd sssd sssd-ad sssd-ad-common sssd-common 139s sssd-dbus sssd-idp sssd-ipa sssd-kcm sssd-krb5 sssd-krb5-common sssd-ldap 139s sssd-passkey sssd-proxy sssd-tools tcl-expect tcl8.6 139s Suggested packages: 139s tk8.6 libsasl2-modules-gssapi-mit | libsasl2-modules-gssapi-heimdal 139s odbc-postgresql tdsodbc adcli libsasl2-modules-ldap tcl-tclreadline 139s Recommended packages: 139s cracklib-runtime libsasl2-modules-gssapi-mit 139s | libsasl2-modules-gssapi-heimdal 139s The following NEW packages will be installed: 139s autopkgtest-satdep expect ldap-utils libavahi-client3 libavahi-common-data 139s libavahi-common3 libbasicobjects0 libc-ares2 libcollection4 libcrack2 139s libdhash1 libevent-2.1-7 libini-config5 libipa-hbac-dev libipa-hbac0 139s libjose0 libkrad0 libldb2 libltdl7 libnfsidmap1 libnss-sss libnss-sudo 139s libodbc2 libpam-pwquality libpam-sss libpath-utils1 libpwquality-common 139s libpwquality1 libref-array1 libsmbclient libsss-certmap-dev libsss-certmap0 139s libsss-idmap-dev libsss-idmap0 libsss-nss-idmap-dev libsss-nss-idmap0 139s libsss-sudo libtalloc2 libtcl8.6 libtdb1 libtevent0 libverto-libevent1 139s libverto1 libwbclient0 python3-libipa-hbac python3-libsss-nss-idmap 139s python3-sss samba-libs slapd sssd sssd-ad sssd-ad-common sssd-common 139s sssd-dbus sssd-idp sssd-ipa sssd-kcm sssd-krb5 sssd-krb5-common sssd-ldap 139s sssd-passkey sssd-proxy sssd-tools tcl-expect tcl8.6 139s 0 upgraded, 65 newly installed, 0 to remove and 0 not upgraded. 139s Need to get 12.9 MB/12.9 MB of archives. 139s After this operation, 50.0 MB of additional disk space will be used. 139s Get:1 /tmp/autopkgtest.A657xW/1-autopkgtest-satdep.deb autopkgtest-satdep s390x 0 [864 B] 139s Get:2 http://ftpmaster.internal/ubuntu noble/main s390x libltdl7 s390x 2.4.7-7 [41.6 kB] 139s Get:3 http://ftpmaster.internal/ubuntu noble/main s390x libodbc2 s390x 2.3.12-1 [164 kB] 139s Get:4 http://ftpmaster.internal/ubuntu noble/main s390x slapd s390x 2.6.7+dfsg-1~exp1ubuntu1 [1617 kB] 140s Get:5 http://ftpmaster.internal/ubuntu noble/main s390x libtcl8.6 s390x 8.6.13+dfsg-2 [948 kB] 140s Get:6 http://ftpmaster.internal/ubuntu noble/main s390x tcl8.6 s390x 8.6.13+dfsg-2 [14.7 kB] 140s Get:7 http://ftpmaster.internal/ubuntu noble/universe s390x tcl-expect s390x 5.45.4-2build1 [99.7 kB] 140s Get:8 http://ftpmaster.internal/ubuntu noble/universe s390x expect s390x 5.45.4-2build1 [137 kB] 140s Get:9 http://ftpmaster.internal/ubuntu noble/main s390x ldap-utils s390x 2.6.7+dfsg-1~exp1ubuntu1 [165 kB] 140s Get:10 http://ftpmaster.internal/ubuntu noble/main s390x libavahi-common-data s390x 0.8-13ubuntu2 [29.5 kB] 140s Get:11 http://ftpmaster.internal/ubuntu noble/main s390x libavahi-common3 s390x 0.8-13ubuntu2 [23.8 kB] 140s Get:12 http://ftpmaster.internal/ubuntu noble/main s390x libavahi-client3 s390x 0.8-13ubuntu2 [26.7 kB] 140s Get:13 http://ftpmaster.internal/ubuntu noble/main s390x libcrack2 s390x 2.9.6-5.1 [29.6 kB] 140s Get:14 http://ftpmaster.internal/ubuntu noble/main s390x libevent-2.1-7 s390x 2.1.12-stable-9 [144 kB] 140s Get:15 http://ftpmaster.internal/ubuntu noble/universe s390x libjose0 s390x 11-3 [45.2 kB] 140s Get:16 http://ftpmaster.internal/ubuntu noble/main s390x libverto-libevent1 s390x 0.3.1-1ubuntu5 [5810 B] 140s Get:17 http://ftpmaster.internal/ubuntu noble/main s390x libverto1 s390x 0.3.1-1ubuntu5 [10.6 kB] 140s Get:18 http://ftpmaster.internal/ubuntu noble/main s390x libkrad0 s390x 1.20.1-5build1 [22.0 kB] 140s Get:19 http://ftpmaster.internal/ubuntu noble/main s390x libtalloc2 s390x 2.4.2-1 [28.3 kB] 140s Get:20 http://ftpmaster.internal/ubuntu noble/main s390x libtdb1 s390x 1.4.10-1 [49.9 kB] 140s Get:21 http://ftpmaster.internal/ubuntu noble/main s390x libtevent0 s390x 0.16.1-1 [43.1 kB] 140s Get:22 http://ftpmaster.internal/ubuntu noble/main s390x libldb2 s390x 2:2.8.0+samba4.19.5+dfsg-1ubuntu1 [191 kB] 140s Get:23 http://ftpmaster.internal/ubuntu noble/main s390x libnfsidmap1 s390x 1:2.6.3-3ubuntu1 [49.0 kB] 140s Get:24 http://ftpmaster.internal/ubuntu noble/universe s390x libnss-sudo all 1.9.15p5-3ubuntu1 [14.9 kB] 140s Get:25 http://ftpmaster.internal/ubuntu noble/main s390x libpwquality-common all 1.4.5-3 [7658 B] 140s Get:26 http://ftpmaster.internal/ubuntu noble/main s390x libpwquality1 s390x 1.4.5-3 [14.7 kB] 140s Get:27 http://ftpmaster.internal/ubuntu noble/main s390x libpam-pwquality s390x 1.4.5-3 [11.6 kB] 140s Get:28 http://ftpmaster.internal/ubuntu noble/main s390x libwbclient0 s390x 2:4.19.5+dfsg-1ubuntu1 [70.3 kB] 140s Get:29 http://ftpmaster.internal/ubuntu noble/main s390x samba-libs s390x 2:4.19.5+dfsg-1ubuntu1 [6231 kB] 141s Get:30 http://ftpmaster.internal/ubuntu noble/main s390x libnss-sss s390x 2.9.4-1ubuntu1 [32.6 kB] 141s Get:31 http://ftpmaster.internal/ubuntu noble/main s390x libpam-sss s390x 2.9.4-1ubuntu1 [51.9 kB] 141s Get:32 http://ftpmaster.internal/ubuntu noble/main s390x python3-sss s390x 2.9.4-1ubuntu1 [46.6 kB] 141s Get:33 http://ftpmaster.internal/ubuntu noble/main s390x libc-ares2 s390x 1.27.0-1 [79.2 kB] 141s Get:34 http://ftpmaster.internal/ubuntu noble/main s390x libdhash1 s390x 0.6.2-2 [8648 B] 141s Get:35 http://ftpmaster.internal/ubuntu noble/main s390x libbasicobjects0 s390x 0.6.2-2 [5476 B] 141s Get:36 http://ftpmaster.internal/ubuntu noble/main s390x libcollection4 s390x 0.6.2-2 [23.2 kB] 141s Get:37 http://ftpmaster.internal/ubuntu noble/main s390x libpath-utils1 s390x 0.6.2-2 [8994 B] 141s Get:38 http://ftpmaster.internal/ubuntu noble/main s390x libref-array1 s390x 0.6.2-2 [6880 B] 141s Get:39 http://ftpmaster.internal/ubuntu noble/main s390x libini-config5 s390x 0.6.2-2 [45.3 kB] 141s Get:40 http://ftpmaster.internal/ubuntu noble/main s390x libsss-certmap0 s390x 2.9.4-1ubuntu1 [46.7 kB] 141s Get:41 http://ftpmaster.internal/ubuntu noble/main s390x libsss-idmap0 s390x 2.9.4-1ubuntu1 [22.1 kB] 141s Get:42 http://ftpmaster.internal/ubuntu noble/main s390x libsss-nss-idmap0 s390x 2.9.4-1ubuntu1 [31.4 kB] 141s Get:43 http://ftpmaster.internal/ubuntu noble/main s390x sssd-common s390x 2.9.4-1ubuntu1 [1125 kB] 141s Get:44 http://ftpmaster.internal/ubuntu noble/universe s390x sssd-idp s390x 2.9.4-1ubuntu1 [27.3 kB] 141s Get:45 http://ftpmaster.internal/ubuntu noble/universe s390x sssd-passkey s390x 2.9.4-1ubuntu1 [32.3 kB] 141s Get:46 http://ftpmaster.internal/ubuntu noble/main s390x sssd-ad-common s390x 2.9.4-1ubuntu1 [74.8 kB] 141s Get:47 http://ftpmaster.internal/ubuntu noble/main s390x sssd-krb5-common s390x 2.9.4-1ubuntu1 [90.3 kB] 141s Get:48 http://ftpmaster.internal/ubuntu noble/main s390x libsmbclient s390x 2:4.19.5+dfsg-1ubuntu1 [65.1 kB] 141s Get:49 http://ftpmaster.internal/ubuntu noble/main s390x sssd-ad s390x 2.9.4-1ubuntu1 [133 kB] 141s Get:50 http://ftpmaster.internal/ubuntu noble/main s390x libipa-hbac0 s390x 2.9.4-1ubuntu1 [16.8 kB] 141s Get:51 http://ftpmaster.internal/ubuntu noble/main s390x sssd-ipa s390x 2.9.4-1ubuntu1 [215 kB] 141s Get:52 http://ftpmaster.internal/ubuntu noble/main s390x sssd-krb5 s390x 2.9.4-1ubuntu1 [14.4 kB] 141s Get:53 http://ftpmaster.internal/ubuntu noble/main s390x sssd-ldap s390x 2.9.4-1ubuntu1 [31.0 kB] 141s Get:54 http://ftpmaster.internal/ubuntu noble/main s390x sssd-proxy s390x 2.9.4-1ubuntu1 [43.9 kB] 141s Get:55 http://ftpmaster.internal/ubuntu noble/main s390x sssd s390x 2.9.4-1ubuntu1 [4120 B] 141s Get:56 http://ftpmaster.internal/ubuntu noble/main s390x sssd-dbus s390x 2.9.4-1ubuntu1 [101 kB] 141s Get:57 http://ftpmaster.internal/ubuntu noble/universe s390x sssd-kcm s390x 2.9.4-1ubuntu1 [137 kB] 141s Get:58 http://ftpmaster.internal/ubuntu noble/main s390x sssd-tools s390x 2.9.4-1ubuntu1 [97.6 kB] 141s Get:59 http://ftpmaster.internal/ubuntu noble/main s390x libipa-hbac-dev s390x 2.9.4-1ubuntu1 [6660 B] 141s Get:60 http://ftpmaster.internal/ubuntu noble/main s390x libsss-certmap-dev s390x 2.9.4-1ubuntu1 [5734 B] 141s Get:61 http://ftpmaster.internal/ubuntu noble/main s390x libsss-idmap-dev s390x 2.9.4-1ubuntu1 [8376 B] 141s Get:62 http://ftpmaster.internal/ubuntu noble/main s390x libsss-nss-idmap-dev s390x 2.9.4-1ubuntu1 [6708 B] 141s Get:63 http://ftpmaster.internal/ubuntu noble/universe s390x libsss-sudo s390x 2.9.4-1ubuntu1 [21.3 kB] 141s Get:64 http://ftpmaster.internal/ubuntu noble/universe s390x python3-libipa-hbac s390x 2.9.4-1ubuntu1 [16.9 kB] 142s Get:65 http://ftpmaster.internal/ubuntu noble/universe s390x python3-libsss-nss-idmap s390x 2.9.4-1ubuntu1 [9140 B] 142s Preconfiguring packages ... 142s Fetched 12.9 MB in 3s (4715 kB/s) 142s Selecting previously unselected package libltdl7:s390x. 142s (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 51728 files and directories currently installed.) 142s Preparing to unpack .../00-libltdl7_2.4.7-7_s390x.deb ... 142s Unpacking libltdl7:s390x (2.4.7-7) ... 142s Selecting previously unselected package libodbc2:s390x. 142s Preparing to unpack .../01-libodbc2_2.3.12-1_s390x.deb ... 142s Unpacking libodbc2:s390x (2.3.12-1) ... 142s Selecting previously unselected package slapd. 142s Preparing to unpack .../02-slapd_2.6.7+dfsg-1~exp1ubuntu1_s390x.deb ... 142s Unpacking slapd (2.6.7+dfsg-1~exp1ubuntu1) ... 142s Selecting previously unselected package libtcl8.6:s390x. 142s Preparing to unpack .../03-libtcl8.6_8.6.13+dfsg-2_s390x.deb ... 142s Unpacking libtcl8.6:s390x (8.6.13+dfsg-2) ... 142s Selecting previously unselected package tcl8.6. 142s Preparing to unpack .../04-tcl8.6_8.6.13+dfsg-2_s390x.deb ... 142s Unpacking tcl8.6 (8.6.13+dfsg-2) ... 142s Selecting previously unselected package tcl-expect:s390x. 142s Preparing to unpack .../05-tcl-expect_5.45.4-2build1_s390x.deb ... 142s Unpacking tcl-expect:s390x (5.45.4-2build1) ... 142s Selecting previously unselected package expect. 142s Preparing to unpack .../06-expect_5.45.4-2build1_s390x.deb ... 142s Unpacking expect (5.45.4-2build1) ... 142s Selecting previously unselected package ldap-utils. 142s Preparing to unpack .../07-ldap-utils_2.6.7+dfsg-1~exp1ubuntu1_s390x.deb ... 142s Unpacking ldap-utils (2.6.7+dfsg-1~exp1ubuntu1) ... 142s Selecting previously unselected package libavahi-common-data:s390x. 142s Preparing to unpack .../08-libavahi-common-data_0.8-13ubuntu2_s390x.deb ... 142s Unpacking libavahi-common-data:s390x (0.8-13ubuntu2) ... 142s Selecting previously unselected package libavahi-common3:s390x. 142s Preparing to unpack .../09-libavahi-common3_0.8-13ubuntu2_s390x.deb ... 142s Unpacking libavahi-common3:s390x (0.8-13ubuntu2) ... 142s Selecting previously unselected package libavahi-client3:s390x. 142s Preparing to unpack .../10-libavahi-client3_0.8-13ubuntu2_s390x.deb ... 142s Unpacking libavahi-client3:s390x (0.8-13ubuntu2) ... 142s Selecting previously unselected package libcrack2:s390x. 142s Preparing to unpack .../11-libcrack2_2.9.6-5.1_s390x.deb ... 142s Unpacking libcrack2:s390x (2.9.6-5.1) ... 142s Selecting previously unselected package libevent-2.1-7:s390x. 143s Preparing to unpack .../12-libevent-2.1-7_2.1.12-stable-9_s390x.deb ... 143s Unpacking libevent-2.1-7:s390x (2.1.12-stable-9) ... 143s Selecting previously unselected package libjose0:s390x. 143s Preparing to unpack .../13-libjose0_11-3_s390x.deb ... 143s Unpacking libjose0:s390x (11-3) ... 143s Selecting previously unselected package libverto-libevent1:s390x. 143s Preparing to unpack .../14-libverto-libevent1_0.3.1-1ubuntu5_s390x.deb ... 143s Unpacking libverto-libevent1:s390x (0.3.1-1ubuntu5) ... 143s Selecting previously unselected package libverto1:s390x. 143s Preparing to unpack .../15-libverto1_0.3.1-1ubuntu5_s390x.deb ... 143s Unpacking libverto1:s390x (0.3.1-1ubuntu5) ... 143s Selecting previously unselected package libkrad0:s390x. 143s Preparing to unpack .../16-libkrad0_1.20.1-5build1_s390x.deb ... 143s Unpacking libkrad0:s390x (1.20.1-5build1) ... 143s Selecting previously unselected package libtalloc2:s390x. 143s Preparing to unpack .../17-libtalloc2_2.4.2-1_s390x.deb ... 143s Unpacking libtalloc2:s390x (2.4.2-1) ... 143s Selecting previously unselected package libtdb1:s390x. 143s Preparing to unpack .../18-libtdb1_1.4.10-1_s390x.deb ... 143s Unpacking libtdb1:s390x (1.4.10-1) ... 143s Selecting previously unselected package libtevent0:s390x. 143s Preparing to unpack .../19-libtevent0_0.16.1-1_s390x.deb ... 143s Unpacking libtevent0:s390x (0.16.1-1) ... 143s Selecting previously unselected package libldb2:s390x. 143s Preparing to unpack .../20-libldb2_2%3a2.8.0+samba4.19.5+dfsg-1ubuntu1_s390x.deb ... 143s Unpacking libldb2:s390x (2:2.8.0+samba4.19.5+dfsg-1ubuntu1) ... 143s Selecting previously unselected package libnfsidmap1:s390x. 143s Preparing to unpack .../21-libnfsidmap1_1%3a2.6.3-3ubuntu1_s390x.deb ... 143s Unpacking libnfsidmap1:s390x (1:2.6.3-3ubuntu1) ... 143s Selecting previously unselected package libnss-sudo. 143s Preparing to unpack .../22-libnss-sudo_1.9.15p5-3ubuntu1_all.deb ... 143s Unpacking libnss-sudo (1.9.15p5-3ubuntu1) ... 143s Selecting previously unselected package libpwquality-common. 143s Preparing to unpack .../23-libpwquality-common_1.4.5-3_all.deb ... 143s Unpacking libpwquality-common (1.4.5-3) ... 143s Selecting previously unselected package libpwquality1:s390x. 143s Preparing to unpack .../24-libpwquality1_1.4.5-3_s390x.deb ... 143s Unpacking libpwquality1:s390x (1.4.5-3) ... 143s Selecting previously unselected package libpam-pwquality:s390x. 143s Preparing to unpack .../25-libpam-pwquality_1.4.5-3_s390x.deb ... 143s Unpacking libpam-pwquality:s390x (1.4.5-3) ... 143s Selecting previously unselected package libwbclient0:s390x. 143s Preparing to unpack .../26-libwbclient0_2%3a4.19.5+dfsg-1ubuntu1_s390x.deb ... 143s Unpacking libwbclient0:s390x (2:4.19.5+dfsg-1ubuntu1) ... 143s Selecting previously unselected package samba-libs:s390x. 143s Preparing to unpack .../27-samba-libs_2%3a4.19.5+dfsg-1ubuntu1_s390x.deb ... 143s Unpacking samba-libs:s390x (2:4.19.5+dfsg-1ubuntu1) ... 143s Selecting previously unselected package libnss-sss:s390x. 143s Preparing to unpack .../28-libnss-sss_2.9.4-1ubuntu1_s390x.deb ... 143s Unpacking libnss-sss:s390x (2.9.4-1ubuntu1) ... 143s Selecting previously unselected package libpam-sss:s390x. 143s Preparing to unpack .../29-libpam-sss_2.9.4-1ubuntu1_s390x.deb ... 143s Unpacking libpam-sss:s390x (2.9.4-1ubuntu1) ... 143s Selecting previously unselected package python3-sss. 143s Preparing to unpack .../30-python3-sss_2.9.4-1ubuntu1_s390x.deb ... 143s Unpacking python3-sss (2.9.4-1ubuntu1) ... 143s Selecting previously unselected package libc-ares2:s390x. 143s Preparing to unpack .../31-libc-ares2_1.27.0-1_s390x.deb ... 143s Unpacking libc-ares2:s390x (1.27.0-1) ... 143s Selecting previously unselected package libdhash1:s390x. 143s Preparing to unpack .../32-libdhash1_0.6.2-2_s390x.deb ... 143s Unpacking libdhash1:s390x (0.6.2-2) ... 143s Selecting previously unselected package libbasicobjects0:s390x. 143s Preparing to unpack .../33-libbasicobjects0_0.6.2-2_s390x.deb ... 143s Unpacking libbasicobjects0:s390x (0.6.2-2) ... 143s Selecting previously unselected package libcollection4:s390x. 143s Preparing to unpack .../34-libcollection4_0.6.2-2_s390x.deb ... 143s Unpacking libcollection4:s390x (0.6.2-2) ... 143s Selecting previously unselected package libpath-utils1:s390x. 143s Preparing to unpack .../35-libpath-utils1_0.6.2-2_s390x.deb ... 143s Unpacking libpath-utils1:s390x (0.6.2-2) ... 143s Selecting previously unselected package libref-array1:s390x. 143s Preparing to unpack .../36-libref-array1_0.6.2-2_s390x.deb ... 143s Unpacking libref-array1:s390x (0.6.2-2) ... 143s Selecting previously unselected package libini-config5:s390x. 143s Preparing to unpack .../37-libini-config5_0.6.2-2_s390x.deb ... 143s Unpacking libini-config5:s390x (0.6.2-2) ... 143s Selecting previously unselected package libsss-certmap0. 143s Preparing to unpack .../38-libsss-certmap0_2.9.4-1ubuntu1_s390x.deb ... 143s Unpacking libsss-certmap0 (2.9.4-1ubuntu1) ... 143s Selecting previously unselected package libsss-idmap0. 143s Preparing to unpack .../39-libsss-idmap0_2.9.4-1ubuntu1_s390x.deb ... 143s Unpacking libsss-idmap0 (2.9.4-1ubuntu1) ... 143s Selecting previously unselected package libsss-nss-idmap0. 143s Preparing to unpack .../40-libsss-nss-idmap0_2.9.4-1ubuntu1_s390x.deb ... 143s Unpacking libsss-nss-idmap0 (2.9.4-1ubuntu1) ... 143s Selecting previously unselected package sssd-common. 143s Preparing to unpack .../41-sssd-common_2.9.4-1ubuntu1_s390x.deb ... 143s Unpacking sssd-common (2.9.4-1ubuntu1) ... 143s Selecting previously unselected package sssd-idp. 143s Preparing to unpack .../42-sssd-idp_2.9.4-1ubuntu1_s390x.deb ... 143s Unpacking sssd-idp (2.9.4-1ubuntu1) ... 143s Selecting previously unselected package sssd-passkey. 143s Preparing to unpack .../43-sssd-passkey_2.9.4-1ubuntu1_s390x.deb ... 143s Unpacking sssd-passkey (2.9.4-1ubuntu1) ... 143s Selecting previously unselected package sssd-ad-common. 143s Preparing to unpack .../44-sssd-ad-common_2.9.4-1ubuntu1_s390x.deb ... 143s Unpacking sssd-ad-common (2.9.4-1ubuntu1) ... 143s Selecting previously unselected package sssd-krb5-common. 143s Preparing to unpack .../45-sssd-krb5-common_2.9.4-1ubuntu1_s390x.deb ... 143s Unpacking sssd-krb5-common (2.9.4-1ubuntu1) ... 143s Selecting previously unselected package libsmbclient:s390x. 143s Preparing to unpack .../46-libsmbclient_2%3a4.19.5+dfsg-1ubuntu1_s390x.deb ... 143s Unpacking libsmbclient:s390x (2:4.19.5+dfsg-1ubuntu1) ... 143s Selecting previously unselected package sssd-ad. 143s Preparing to unpack .../47-sssd-ad_2.9.4-1ubuntu1_s390x.deb ... 143s Unpacking sssd-ad (2.9.4-1ubuntu1) ... 143s Selecting previously unselected package libipa-hbac0. 143s Preparing to unpack .../48-libipa-hbac0_2.9.4-1ubuntu1_s390x.deb ... 143s Unpacking libipa-hbac0 (2.9.4-1ubuntu1) ... 143s Selecting previously unselected package sssd-ipa. 143s Preparing to unpack .../49-sssd-ipa_2.9.4-1ubuntu1_s390x.deb ... 143s Unpacking sssd-ipa (2.9.4-1ubuntu1) ... 143s Selecting previously unselected package sssd-krb5. 143s Preparing to unpack .../50-sssd-krb5_2.9.4-1ubuntu1_s390x.deb ... 143s Unpacking sssd-krb5 (2.9.4-1ubuntu1) ... 143s Selecting previously unselected package sssd-ldap. 143s Preparing to unpack .../51-sssd-ldap_2.9.4-1ubuntu1_s390x.deb ... 143s Unpacking sssd-ldap (2.9.4-1ubuntu1) ... 143s Selecting previously unselected package sssd-proxy. 143s Preparing to unpack .../52-sssd-proxy_2.9.4-1ubuntu1_s390x.deb ... 143s Unpacking sssd-proxy (2.9.4-1ubuntu1) ... 143s Selecting previously unselected package sssd. 143s Preparing to unpack .../53-sssd_2.9.4-1ubuntu1_s390x.deb ... 143s Unpacking sssd (2.9.4-1ubuntu1) ... 143s Selecting previously unselected package sssd-dbus. 143s Preparing to unpack .../54-sssd-dbus_2.9.4-1ubuntu1_s390x.deb ... 143s Unpacking sssd-dbus (2.9.4-1ubuntu1) ... 143s Selecting previously unselected package sssd-kcm. 143s Preparing to unpack .../55-sssd-kcm_2.9.4-1ubuntu1_s390x.deb ... 143s Unpacking sssd-kcm (2.9.4-1ubuntu1) ... 143s Selecting previously unselected package sssd-tools. 143s Preparing to unpack .../56-sssd-tools_2.9.4-1ubuntu1_s390x.deb ... 143s Unpacking sssd-tools (2.9.4-1ubuntu1) ... 143s Selecting previously unselected package libipa-hbac-dev. 143s Preparing to unpack .../57-libipa-hbac-dev_2.9.4-1ubuntu1_s390x.deb ... 143s Unpacking libipa-hbac-dev (2.9.4-1ubuntu1) ... 143s Selecting previously unselected package libsss-certmap-dev. 143s Preparing to unpack .../58-libsss-certmap-dev_2.9.4-1ubuntu1_s390x.deb ... 143s Unpacking libsss-certmap-dev (2.9.4-1ubuntu1) ... 143s Selecting previously unselected package libsss-idmap-dev. 143s Preparing to unpack .../59-libsss-idmap-dev_2.9.4-1ubuntu1_s390x.deb ... 143s Unpacking libsss-idmap-dev (2.9.4-1ubuntu1) ... 143s Selecting previously unselected package libsss-nss-idmap-dev. 143s Preparing to unpack .../60-libsss-nss-idmap-dev_2.9.4-1ubuntu1_s390x.deb ... 143s Unpacking libsss-nss-idmap-dev (2.9.4-1ubuntu1) ... 144s Selecting previously unselected package libsss-sudo. 144s Preparing to unpack .../61-libsss-sudo_2.9.4-1ubuntu1_s390x.deb ... 144s Unpacking libsss-sudo (2.9.4-1ubuntu1) ... 144s Selecting previously unselected package python3-libipa-hbac. 144s Preparing to unpack .../62-python3-libipa-hbac_2.9.4-1ubuntu1_s390x.deb ... 144s Unpacking python3-libipa-hbac (2.9.4-1ubuntu1) ... 144s Selecting previously unselected package python3-libsss-nss-idmap. 144s Preparing to unpack .../63-python3-libsss-nss-idmap_2.9.4-1ubuntu1_s390x.deb ... 144s Unpacking python3-libsss-nss-idmap (2.9.4-1ubuntu1) ... 144s Selecting previously unselected package autopkgtest-satdep. 144s Preparing to unpack .../64-1-autopkgtest-satdep.deb ... 144s Unpacking autopkgtest-satdep (0) ... 144s Setting up libpwquality-common (1.4.5-3) ... 144s Setting up libpath-utils1:s390x (0.6.2-2) ... 144s Setting up libnfsidmap1:s390x (1:2.6.3-3ubuntu1) ... 144s Setting up libsss-idmap0 (2.9.4-1ubuntu1) ... 144s Setting up libbasicobjects0:s390x (0.6.2-2) ... 144s Setting up libsss-idmap-dev (2.9.4-1ubuntu1) ... 144s Setting up libtdb1:s390x (1.4.10-1) ... 144s Setting up libc-ares2:s390x (1.27.0-1) ... 144s Setting up ldap-utils (2.6.7+dfsg-1~exp1ubuntu1) ... 144s Setting up libjose0:s390x (11-3) ... 144s Setting up libwbclient0:s390x (2:4.19.5+dfsg-1ubuntu1) ... 144s Setting up libtalloc2:s390x (2.4.2-1) ... 144s Setting up libdhash1:s390x (0.6.2-2) ... 144s Setting up libtevent0:s390x (0.16.1-1) ... 144s Setting up libavahi-common-data:s390x (0.8-13ubuntu2) ... 144s Setting up libevent-2.1-7:s390x (2.1.12-stable-9) ... 144s Setting up libtcl8.6:s390x (8.6.13+dfsg-2) ... 144s Setting up libltdl7:s390x (2.4.7-7) ... 144s Setting up libcrack2:s390x (2.9.6-5.1) ... 144s Setting up libcollection4:s390x (0.6.2-2) ... 144s Setting up libodbc2:s390x (2.3.12-1) ... 144s Setting up libipa-hbac0 (2.9.4-1ubuntu1) ... 144s Setting up python3-libipa-hbac (2.9.4-1ubuntu1) ... 144s Setting up libref-array1:s390x (0.6.2-2) ... 144s Setting up libnss-sudo (1.9.15p5-3ubuntu1) ... 144s Setting up libldb2:s390x (2:2.8.0+samba4.19.5+dfsg-1ubuntu1) ... 144s Setting up libsss-nss-idmap0 (2.9.4-1ubuntu1) ... 144s Setting up libnss-sss:s390x (2.9.4-1ubuntu1) ... 144s Setting up slapd (2.6.7+dfsg-1~exp1ubuntu1) ... 144s Creating new user openldap... done. 144s Creating initial configuration... done. 144s Creating LDAP directory... done. 144s Setting up tcl8.6 (8.6.13+dfsg-2) ... 144s Setting up libsss-sudo (2.9.4-1ubuntu1) ... 144s Setting up libsss-nss-idmap-dev (2.9.4-1ubuntu1) ... 144s Setting up libipa-hbac-dev (2.9.4-1ubuntu1) ... 144s Setting up libini-config5:s390x (0.6.2-2) ... 144s Setting up libavahi-common3:s390x (0.8-13ubuntu2) ... 144s Setting up tcl-expect:s390x (5.45.4-2build1) ... 144s Setting up python3-sss (2.9.4-1ubuntu1) ... 145s Setting up libsss-certmap0 (2.9.4-1ubuntu1) ... 145s Setting up libpwquality1:s390x (1.4.5-3) ... 145s Setting up python3-libsss-nss-idmap (2.9.4-1ubuntu1) ... 145s Setting up libavahi-client3:s390x (0.8-13ubuntu2) ... 145s Setting up expect (5.45.4-2build1) ... 145s Setting up libpam-pwquality:s390x (1.4.5-3) ... 145s Setting up samba-libs:s390x (2:4.19.5+dfsg-1ubuntu1) ... 145s Setting up libsss-certmap-dev (2.9.4-1ubuntu1) ... 145s Setting up libsmbclient:s390x (2:4.19.5+dfsg-1ubuntu1) ... 145s Setting up libpam-sss:s390x (2.9.4-1ubuntu1) ... 145s Setting up sssd-common (2.9.4-1ubuntu1) ... 145s Creating SSSD system user & group... 145s warn: The home directory `/var/lib/sss' already exists. Not touching this directory. 145s warn: Warning: The home directory `/var/lib/sss' does not belong to the user you are currently creating. 145s Warning: found usr.sbin.sssd in /etc/apparmor.d/force-complain, forcing complain mode 145s Warning from /etc/apparmor.d/usr.sbin.sssd (/etc/apparmor.d/usr.sbin.sssd line 63): Caching disabled for: 'usr.sbin.sssd' due to force complain 145s Created symlink /etc/systemd/system/sssd.service.wants/sssd-autofs.socket → /usr/lib/systemd/system/sssd-autofs.socket. 146s Created symlink /etc/systemd/system/sssd.service.wants/sssd-nss.socket → /usr/lib/systemd/system/sssd-nss.socket. 146s Created symlink /etc/systemd/system/sssd.service.wants/sssd-pam-priv.socket → /usr/lib/systemd/system/sssd-pam-priv.socket. 146s Created symlink /etc/systemd/system/sssd.service.wants/sssd-pam.socket → /usr/lib/systemd/system/sssd-pam.socket. 146s Created symlink /etc/systemd/system/sssd.service.wants/sssd-ssh.socket → /usr/lib/systemd/system/sssd-ssh.socket. 146s Created symlink /etc/systemd/system/sssd.service.wants/sssd-sudo.socket → /usr/lib/systemd/system/sssd-sudo.socket. 147s Created symlink /etc/systemd/system/multi-user.target.wants/sssd.service → /usr/lib/systemd/system/sssd.service. 147s sssd-autofs.service is a disabled or a static unit, not starting it. 147s sssd-nss.service is a disabled or a static unit, not starting it. 147s sssd-pam.service is a disabled or a static unit, not starting it. 147s sssd-ssh.service is a disabled or a static unit, not starting it. 147s sssd-sudo.service is a disabled or a static unit, not starting it. 147s Could not execute systemctl: at /usr/bin/deb-systemd-invoke line 148. 147s Setting up sssd-proxy (2.9.4-1ubuntu1) ... 147s Setting up sssd-kcm (2.9.4-1ubuntu1) ... 147s Created symlink /etc/systemd/system/sockets.target.wants/sssd-kcm.socket → /usr/lib/systemd/system/sssd-kcm.socket. 148s sssd-kcm.service is a disabled or a static unit, not starting it. 148s Setting up sssd-dbus (2.9.4-1ubuntu1) ... 148s sssd-ifp.service is a disabled or a static unit, not starting it. 148s Setting up sssd-ad-common (2.9.4-1ubuntu1) ... 148s Created symlink /etc/systemd/system/sssd.service.wants/sssd-pac.socket → /usr/lib/systemd/system/sssd-pac.socket. 148s sssd-pac.service is a disabled or a static unit, not starting it. 149s Could not execute systemctl: at /usr/bin/deb-systemd-invoke line 148. 149s Setting up sssd-krb5-common (2.9.4-1ubuntu1) ... 149s Setting up sssd-krb5 (2.9.4-1ubuntu1) ... 149s Setting up sssd-ldap (2.9.4-1ubuntu1) ... 149s Setting up sssd-ad (2.9.4-1ubuntu1) ... 149s Setting up sssd-tools (2.9.4-1ubuntu1) ... 149s Setting up sssd-ipa (2.9.4-1ubuntu1) ... 149s Setting up sssd (2.9.4-1ubuntu1) ... 149s Setting up libverto-libevent1:s390x (0.3.1-1ubuntu5) ... 149s Setting up libverto1:s390x (0.3.1-1ubuntu5) ... 149s Setting up libkrad0:s390x (1.20.1-5build1) ... 149s Setting up sssd-passkey (2.9.4-1ubuntu1) ... 149s Setting up sssd-idp (2.9.4-1ubuntu1) ... 149s Setting up autopkgtest-satdep (0) ... 149s Processing triggers for libc-bin (2.39-0ubuntu2) ... 149s Processing triggers for ufw (0.36.2-5) ... 149s Processing triggers for man-db (2.12.0-3) ... 149s Processing triggers for dbus (1.14.10-4ubuntu1) ... 158s (Reading database ... 53013 files and directories currently installed.) 158s Removing autopkgtest-satdep (0) ... 158s autopkgtest [00:33:26]: test ldap-user-group-ldap-auth: [----------------------- 159s + . debian/tests/util 159s + . debian/tests/common-tests 159s + mydomain=example.com 159s + myhostname=ldap.example.com 159s + mysuffix=dc=example,dc=com 159s + admin_dn=cn=admin,dc=example,dc=com 159s + admin_pw=secret 159s + ldap_user=testuser1 159s + ldap_user_pw=testuser1secret 159s + ldap_group=ldapusers 159s + adjust_hostname ldap.example.com 159s + local myhostname=ldap.example.com 159s + echo ldap.example.com 159s + hostname ldap.example.com 159s + grep -qE ldap.example.com /etc/hosts 159s + echo 127.0.1.10 ldap.example.com 159s + reconfigure_slapd 159s + debconf-set-selections 159s + rm -rf /var/backups/*slapd* /var/backups/unknown*ldapdb 159s + dpkg-reconfigure -fnoninteractive -pcritical slapd 159s Backing up /etc/ldap/slapd.d in /var/backups/slapd-2.6.7+dfsg-1~exp1ubuntu1... done. 159s Moving old database directory to /var/backups: 159s - directory unknown... done. 159s Creating initial configuration... done. 159s Creating LDAP directory... done. 159s + generate_certs ldap.example.com 159s + local cn=ldap.example.com 159s + local cert=/etc/ldap/server.pem 159s + local key=/etc/ldap/server.key 159s + local cnf=/etc/ldap/openssl.cnf 159s + cat 159s + openssl req -new -x509 -nodes -out /etc/ldap/server.pem -keyout /etc/ldap/server.key -config /etc/ldap/openssl.cnf 160s ..................++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 160s ..........................++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 160s ----- 160s + chmod 0640 /etc/ldap/server.key 160s + chgrp openldap /etc/ldap/server.key 160s + [ ! -f /etc/ldap/server.pem ] 160s + [ ! -f /etc/ldap/server.key ] 160s + enable_ldap_ssl 160s + cat 160s + cat 160s + ldapmodify -H ldapi:/// -Y EXTERNAL -Q 160s + populate_ldap_rfc2307 160s + cat 160s + ldapadd -x -D cn=admin,dc=example,dc=com -w secret 160s modifying entry "cn=config" 160s 160s adding new entry "ou=People,dc=example,dc=com" 160s 160s adding new entry "ou=Group,dc=example,dc=com" 160s 160s adding new entry "uid=testuser1,ou=People,dc=example,dc=com" 160s 160s adding new entry "cn=testuser1,ou=Group,dc=example,dc=com" 160s 160s adding new entry "cn=ldapusers,ou=Group,dc=example,dc=com" 160s 160s + configure_sssd_ldap_rfc2307 160s + cat 160s + chmod 0600 /etc/sssd/sssd.conf 160s + systemctl restart sssd 160s + enable_pam_mkhomedir 160s + grep -qE ^session.*pam_mkhomedir\.so /etc/pam.d/common-session 160s + echo session optional pam_mkhomedir.so 160s + run_common_tests 160s + echo Assert local user databases do not have our LDAP test data 160s + Assert local user databases do not have our LDAP test data 160s check_local_user testuser1 160s + local local_user=testuser1 160s + grep -q ^testuser1 /etc/passwd 160s + check_local_group testuser1 160s + local local_group=testuser1 160s + grep -q ^testuser1 /etc/group 160s + check_local_group ldapusers 160s + local local_group=ldapusers 160s + grep -q ^ldapusers /etc/group 160s + echo The LDAP user is known to the system via getent 160s The LDAP user is known to the system via getent 160s + check_getent_user testuser1 160s + local getent_user=testuser1 160s + local output 160s + getent passwd testuser1 160s + The LDAP user's private group is known to the system via getent 160s output=testuser1:*:10001:10001:testuser1:/home/testuser1:/bin/bash 160s + [ -z testuser1:*:10001:10001:testuser1:/home/testuser1:/bin/bash ] 160s + echo The LDAP user's private group is known to the system via getent 160s + check_getent_group testuser1 160s + local getent_group=testuser1 160s + local output 160s + getent group testuser1 160s + output=testuser1:*:10001:testuser1 160s + [ -z testuser1:*:10001:testuser1 ] 160s + echo The LDAP group ldapusers is known to the system via getent 160s The LDAP group ldapusers is known to the system via getent 160s + check_getent_group ldapusers 160s + local getent_group=ldapusers 160s + local output 160s + getent group ldapusers 160s + output=ldapusers:*:10100:testuser1 160s + [ -z ldapusers:*:10100:testuser1 ] 160s + echo The id(1) command can resolve the group membership of the LDAP user 160s + id -Gn testuser1 160s The id(1) command can resolve the group membership of the LDAP user 160s + output=testuser1 ldapusers 160s + [ testuser1 ldapusers != testuser1 ldapusers ] 160s + echo The LDAP user can login on a terminal 160s + /usr/bin/expect -f debian/tests/login.exp testuser1 testuser1secret 160s The LDAP user can login on a terminal 160s spawn login 160s ldap.example.com login: testuser1 160s Password: 160s Welcome to Ubuntu Noble Numbat (development branch) (GNU/Linux 6.8.0-11-generic s390x) 160s 160s * Documentation: https://help.ubuntu.com 160s * Management: https://landscape.canonical.com 160s * Support: https://ubuntu.com/pro 160s 160s 160s The programs included with the Ubuntu system are free software; 160s the exact distribution terms for each program are described in the 160s individual files in /usr/share/doc/*/copyright. 160s 160s Ubuntu comes with ABSOLUTELY NO WARRANTY, to the extent permitted by 160s applicable law. 160s 160s 160s The programs included with the Ubuntu system are free software; 160s the exact distribution terms for each program are described in the 160s individual files in /usr/share/doc/*/copyright. 160s 160s Ubuntu comes with ABSOLUTELY NO WARRANTY, to the extent permitted by 160s applicable law. 160s 160s Creating directory '/home/testuser1'. 160s [?2004htestuser1@ldap:~$ id -un 160s [?2004l testuser1 160s [?2004htestuser1@ldap:~$ autopkgtest [00:33:28]: test ldap-user-group-ldap-auth: -----------------------] 161s ldap-user-group-ldap-auth PASS 161s autopkgtest [00:33:29]: test ldap-user-group-ldap-auth: - - - - - - - - - - results - - - - - - - - - - 161s autopkgtest [00:33:29]: test ldap-user-group-krb5-auth: preparing testbed 167s Reading package lists... 167s Building dependency tree... 167s Reading state information... 167s Starting pkgProblemResolver with broken count: 0 167s Starting 2 pkgProblemResolver with broken count: 0 167s Done 168s The following additional packages will be installed: 168s krb5-admin-server krb5-config krb5-kdc krb5-user libgssrpc4 168s libkadm5clnt-mit12 libkadm5srv-mit12 libkdb5-10 168s Suggested packages: 168s krb5-kdc-ldap krb5-kpropd krb5-k5tls krb5-doc 168s The following NEW packages will be installed: 168s autopkgtest-satdep krb5-admin-server krb5-config krb5-kdc krb5-user 168s libgssrpc4 libkadm5clnt-mit12 libkadm5srv-mit12 libkdb5-10 168s 0 upgraded, 9 newly installed, 0 to remove and 0 not upgraded. 168s Need to get 612 kB/613 kB of archives. 168s After this operation, 2067 kB of additional disk space will be used. 168s Get:1 /tmp/autopkgtest.A657xW/2-autopkgtest-satdep.deb autopkgtest-satdep s390x 0 [888 B] 168s Get:2 http://ftpmaster.internal/ubuntu noble/main s390x krb5-config all 2.7 [22.0 kB] 168s Get:3 http://ftpmaster.internal/ubuntu noble/main s390x libgssrpc4 s390x 1.20.1-5build1 [58.9 kB] 168s Get:4 http://ftpmaster.internal/ubuntu noble/main s390x libkadm5clnt-mit12 s390x 1.20.1-5build1 [40.5 kB] 168s Get:5 http://ftpmaster.internal/ubuntu noble/main s390x libkdb5-10 s390x 1.20.1-5build1 [41.4 kB] 168s Get:6 http://ftpmaster.internal/ubuntu noble/main s390x libkadm5srv-mit12 s390x 1.20.1-5build1 [55.2 kB] 168s Get:7 http://ftpmaster.internal/ubuntu noble/universe s390x krb5-user s390x 1.20.1-5build1 [110 kB] 168s Get:8 http://ftpmaster.internal/ubuntu noble/universe s390x krb5-kdc s390x 1.20.1-5build1 [188 kB] 168s Get:9 http://ftpmaster.internal/ubuntu noble/universe s390x krb5-admin-server s390x 1.20.1-5build1 [95.9 kB] 169s Preconfiguring packages ... 170s Fetched 612 kB in 1s (648 kB/s) 170s Selecting previously unselected package krb5-config. 170s (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 53013 files and directories currently installed.) 170s Preparing to unpack .../0-krb5-config_2.7_all.deb ... 170s Unpacking krb5-config (2.7) ... 170s Selecting previously unselected package libgssrpc4:s390x. 170s Preparing to unpack .../1-libgssrpc4_1.20.1-5build1_s390x.deb ... 170s Unpacking libgssrpc4:s390x (1.20.1-5build1) ... 170s Selecting previously unselected package libkadm5clnt-mit12:s390x. 170s Preparing to unpack .../2-libkadm5clnt-mit12_1.20.1-5build1_s390x.deb ... 170s Unpacking libkadm5clnt-mit12:s390x (1.20.1-5build1) ... 170s Selecting previously unselected package libkdb5-10:s390x. 170s Preparing to unpack .../3-libkdb5-10_1.20.1-5build1_s390x.deb ... 170s Unpacking libkdb5-10:s390x (1.20.1-5build1) ... 170s Selecting previously unselected package libkadm5srv-mit12:s390x. 170s Preparing to unpack .../4-libkadm5srv-mit12_1.20.1-5build1_s390x.deb ... 170s Unpacking libkadm5srv-mit12:s390x (1.20.1-5build1) ... 170s Selecting previously unselected package krb5-user. 170s Preparing to unpack .../5-krb5-user_1.20.1-5build1_s390x.deb ... 170s Unpacking krb5-user (1.20.1-5build1) ... 170s Selecting previously unselected package krb5-kdc. 170s Preparing to unpack .../6-krb5-kdc_1.20.1-5build1_s390x.deb ... 170s Unpacking krb5-kdc (1.20.1-5build1) ... 170s Selecting previously unselected package krb5-admin-server. 170s Preparing to unpack .../7-krb5-admin-server_1.20.1-5build1_s390x.deb ... 170s Unpacking krb5-admin-server (1.20.1-5build1) ... 170s Selecting previously unselected package autopkgtest-satdep. 170s Preparing to unpack .../8-2-autopkgtest-satdep.deb ... 170s Unpacking autopkgtest-satdep (0) ... 170s Setting up libgssrpc4:s390x (1.20.1-5build1) ... 170s Setting up krb5-config (2.7) ... 170s Setting up libkadm5clnt-mit12:s390x (1.20.1-5build1) ... 170s Setting up libkdb5-10:s390x (1.20.1-5build1) ... 170s Setting up libkadm5srv-mit12:s390x (1.20.1-5build1) ... 170s Setting up krb5-user (1.20.1-5build1) ... 170s update-alternatives: using /usr/bin/kinit.mit to provide /usr/bin/kinit (kinit) in auto mode 170s update-alternatives: using /usr/bin/klist.mit to provide /usr/bin/klist (klist) in auto mode 170s update-alternatives: using /usr/bin/kswitch.mit to provide /usr/bin/kswitch (kswitch) in auto mode 170s update-alternatives: using /usr/bin/ksu.mit to provide /usr/bin/ksu (ksu) in auto mode 170s update-alternatives: using /usr/bin/kpasswd.mit to provide /usr/bin/kpasswd (kpasswd) in auto mode 170s update-alternatives: using /usr/bin/kdestroy.mit to provide /usr/bin/kdestroy (kdestroy) in auto mode 170s update-alternatives: using /usr/bin/kadmin.mit to provide /usr/bin/kadmin (kadmin) in auto mode 170s update-alternatives: using /usr/bin/ktutil.mit to provide /usr/bin/ktutil (ktutil) in auto mode 170s Setting up krb5-kdc (1.20.1-5build1) ... 171s Created symlink /etc/systemd/system/multi-user.target.wants/krb5-kdc.service → /usr/lib/systemd/system/krb5-kdc.service. 171s Could not execute systemctl: at /usr/bin/deb-systemd-invoke line 148. 171s Setting up krb5-admin-server (1.20.1-5build1) ... 172s Created symlink /etc/systemd/system/multi-user.target.wants/krb5-admin-server.service → /usr/lib/systemd/system/krb5-admin-server.service. 172s Setting up autopkgtest-satdep (0) ... 172s Processing triggers for man-db (2.12.0-3) ... 173s Processing triggers for libc-bin (2.39-0ubuntu2) ... 180s (Reading database ... 53106 files and directories currently installed.) 180s Removing autopkgtest-satdep (0) ... 181s autopkgtest [00:33:49]: test ldap-user-group-krb5-auth: [----------------------- 181s + . debian/tests/util 181s + . debian/tests/common-tests 181s + mydomain=example.com 181s + myhostname=ldap.example.com 181s + mysuffix=dc=example,dc=com 181s + myrealm=EXAMPLE.COM 181s + admin_dn=cn=admin,dc=example,dc=com 181s + admin_pw=secret 181s + ldap_user=testuser1 181s + ldap_user_pw=testuser1secret 181s + kerberos_principal_pw=testuser1kerberos 181s + ldap_group=ldapusers 181s + adjust_hostname ldap.example.com 181s + local myhostname=ldap.example.com 181s + echo ldap.example.com 181s + hostname ldap.example.com 181s + grep -qE ldap.example.com /etc/hosts 181s + reconfigure_slapd 181s + debconf-set-selections 181s + rm -rf /var/backups/slapd-2.6.7+dfsg-1~exp1ubuntu1 /var/backups/unknown-2.6.7+dfsg-1~exp1ubuntu1-20240322-003327.ldapdb 181s + dpkg-reconfigure -fnoninteractive -pcritical slapd 182s Backing up /etc/ldap/slapd.d in /var/backups/slapd-2.6.7+dfsg-1~exp1ubuntu1... done. 182s Moving old database directory to /var/backups: 182s - directory unknown... done. 182s Creating initial configuration... done. 182s Creating LDAP directory... done. 182s + generate_certs ldap.example.com 182s + local cn=ldap.example.com 182s + local cert=/etc/ldap/server.pem 182s + local key=/etc/ldap/server.key 182s + local cnf=/etc/ldap/openssl.cnf 182s + cat 182s + openssl req -new -x509 -nodes -out /etc/ldap/server.pem -keyout /etc/ldap/server.key -config /etc/ldap/openssl.cnf 182s ...............................++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 182s .....++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 182s ----- 182s + chmod 0640 /etc/ldap/server.key 182s + chgrp openldap /etc/ldap/server.key 182s + [ ! -f /etc/ldap/server.pem ] 182s + [ ! -f /etc/ldap/server.key ] 182s + enable_ldap_ssl 182s + cat 182s + + cat 182s ldapmodify -H ldapi:/// -Y EXTERNAL -Q 182s + populate_ldap_rfc2307 182s + cat 182s + ldapadd -x -D cn=admin,dc=example,dc=com -w secret 182s modifying entry "cn=config" 182s 182s + create_realm EXAMPLE.COM ldap.example.com 182s + local realm_name=EXAMPLE.COM 182s + local kerberos_server=ldap.example.com 182s + rm -rf /var/lib/krb5kdc/* 182s + rm -rf /etc/krb5kdc/kdc.conf 182s + rm -f /etc/krb5.keytab 182s + cat 182s + cat 182s + echo # */admin * 182s + kdb5_util create -s -P secretpassword 182s adding new entry "ou=People,dc=example,dc=com" 182s 182s adding new entry "ou=Group,dc=example,dc=com" 182s 182s adding new entry "uid=testuser1,ou=People,dc=example,dc=com" 182s 182s adding new entry "cn=testuser1,ou=Group,dc=example,dc=com" 182s 182s adding new entry "cn=ldapusers,ou=Group,dc=example,dc=com" 182s 182s Initializing database '/var/lib/krb5kdc/principal' for realm 'EXAMPLE.COM', 182s master key name 'K/M@EXAMPLE.COM' 182s + systemctl restart krb5-kdc.service krb5-admin-server.service 183s + create_krb_principal testuser1 testuser1kerberos 183s + local principal=testuser1 183s + local password=testuser1kerberos 183s + kadmin.local -q addprinc -pw testuser1kerberos testuser1 183s No policy specified for testuser1@EXAMPLE.COM; defaulting to no policy 183s Authenticating as principal root/admin@EXAMPLE.COM with password. 183s Principal "testuser1@EXAMPLE.COM" created. 183s + configure_sssd_ldap_rfc2307_krb5_auth 183s + cat 183s + chmod 0600 /etc/sssd/sssd.conf 183s + systemctl restart sssd 183s + enable_pam_mkhomedir 183s + grep -qE ^session.*pam_mkhomedir\.so /etc/pam.d/common-session 183s Assert local user databases do not have our LDAP test data 183s + run_common_tests 183s + echo Assert local user databases do not have our LDAP test data 183s + check_local_user testuser1 183s + local local_user=testuser1 183s + grep -q ^testuser1 /etc/passwd 183s + check_local_group testuser1 183s + local local_group=testuser1 183s + grep -q ^testuser1 /etc/group 183s + check_local_group ldapusers 183s + local local_group=ldapusers 183s + grepThe LDAP user is known to the system via getent 183s -q ^ldapusers /etc/group 183s + echo The LDAP user is known to the system via getent 183s + check_getent_user testuser1 183s + local getent_user=testuser1 183s + local output 183s + getent passwd testuser1 183s + output=testuser1:*:10001:10001:testuser1:/home/testuser1:/bin/bash 183s + [ -z testuser1:*:10001:10001:testuser1:/home/testuser1:/bin/bash ] 183s + echo The LDAP user's private group is known to the system via getent 183s The LDAP user's private group is known to the system via getent 183s + check_getent_group testuser1 183s + local getent_group=testuser1 183s + local output 183s + getent group testuser1 183s + output=testuser1:*:10001:testuser1 183s + [ -z testuser1:*:10001:testuser1 ] 183s + echo The LDAP group ldapusers is known to the system via getent 183s + check_getent_group ldapusers 183s + local getent_group=ldapusers 183s + local output 183s + getent group ldapusers 183s + output=ldapusers:*:10100:testuser1 183s + [ -z ldapusers:*:10100:testuser1 ] 183s + echo The id(1) command can resolve the group membership of the LDAP user 183s + id -Gn testuser1 183s + output=testuser1 ldapusers 183s + [ testuser1 ldapusers != testuser1 ldapusers ] 183s + echo The Kerberos principal can login on a terminal 183s + kdestroy 183s + /usr/bin/expect -f debian/tests/login.exp testuser1 testuser1kerberos testuser1@EXAMPLE.COM 183s The LDAP group ldapusers is known to the system via getent 183s The id(1) command can resolve the group membership of the LDAP user 183s The Kerberos principal can login on a terminal 183s spawn login 183s ldap.example.com login: testuser1 183s Password: 183s Welcome to Ubuntu Noble Numbat (development branch) (GNU/Linux 6.8.0-11-generic s390x) 183s 183s * Documentation: https://help.ubuntu.com 183s * Management: https://landscape.canonical.com 183s * Support: https://ubuntu.com/pro 183s 183s 183s The programs included with the Ubuntu system are free software; 183s the exact distribution terms for each program are described in the 183s individual files in /usr/share/doc/*/copyright. 183s 183s Ubuntu comes with ABSOLUTELY NO WARRANTY, to the extent permitted by 183s applicable law. 183s 183s Last login: Fri Mar 22 00:33:28 UTC 2024 on pts/0 183s [?2004htestuser1@ldap:~$ id -un 183s [?2004l testuser1 183s [?2004htestuser1@ldap:~$ klist 183s [?2004l Ticket cache: FILE:/tmp/krb5cc_10001_8a88fl 183s Default principal: testuser1@EXAMPLE.COM 183s autopkgtest [00:33:51]: test ldap-user-group-krb5-auth: -----------------------] 184s autopkgtest [00:33:52]: test ldap-user-group-krb5-auth: - - - - - - - - - - results - - - - - - - - - - 184s ldap-user-group-krb5-auth PASS 185s autopkgtest [00:33:53]: test sssd-softhism2-certificates-tests.sh: preparing testbed 299s autopkgtest [00:35:47]: testbed dpkg architecture: s390x 300s autopkgtest [00:35:48]: testbed apt version: 2.7.12 300s autopkgtest [00:35:48]: @@@@@@@@@@@@@@@@@@@@ test bed setup 301s Get:1 http://ftpmaster.internal/ubuntu noble-proposed InRelease [117 kB] 301s Get:2 http://ftpmaster.internal/ubuntu noble-proposed/multiverse Sources [53.9 kB] 301s Get:3 http://ftpmaster.internal/ubuntu noble-proposed/universe Sources [3800 kB] 302s Get:4 http://ftpmaster.internal/ubuntu noble-proposed/restricted Sources [6540 B] 302s Get:5 http://ftpmaster.internal/ubuntu noble-proposed/main Sources [494 kB] 303s Get:6 http://ftpmaster.internal/ubuntu noble-proposed/main s390x Packages [670 kB] 303s Get:7 http://ftpmaster.internal/ubuntu noble-proposed/main s390x c-n-f Metadata [3032 B] 303s Get:8 http://ftpmaster.internal/ubuntu noble-proposed/restricted s390x Packages [1372 B] 303s Get:9 http://ftpmaster.internal/ubuntu noble-proposed/restricted s390x c-n-f Metadata [116 B] 303s Get:10 http://ftpmaster.internal/ubuntu noble-proposed/universe s390x Packages [3989 kB] 303s Get:11 http://ftpmaster.internal/ubuntu noble-proposed/universe s390x c-n-f Metadata [7292 B] 303s Get:12 http://ftpmaster.internal/ubuntu noble-proposed/multiverse s390x Packages [45.1 kB] 303s Get:13 http://ftpmaster.internal/ubuntu noble-proposed/multiverse s390x c-n-f Metadata [116 B] 305s Fetched 9188 kB in 4s (2254 kB/s) 306s Reading package lists... 309s Reading package lists... 309s Building dependency tree... 309s Reading state information... 309s Calculating upgrade... 309s The following packages will be REMOVED: 309s libssl3 309s The following NEW packages will be installed: 309s libssl3t64 309s The following packages have been kept back: 309s libsasl2-2 libsasl2-modules-db 309s The following packages will be upgraded: 309s cloud-init debianutils libsasl2-modules openssl python3-markupsafe 310s 5 upgraded, 1 newly installed, 1 to remove and 2 not upgraded. 310s Need to get 3461 kB of archives. 310s After this operation, 244 kB of additional disk space will be used. 310s Get:1 http://ftpmaster.internal/ubuntu noble/main s390x debianutils s390x 5.17 [90.1 kB] 310s Get:2 http://ftpmaster.internal/ubuntu noble-proposed/main s390x openssl s390x 3.0.13-0ubuntu2 [1010 kB] 310s Get:3 http://ftpmaster.internal/ubuntu noble-proposed/main s390x libsasl2-modules s390x 2.1.28+dfsg1-5ubuntu1 [76.6 kB] 310s Get:4 http://ftpmaster.internal/ubuntu noble-proposed/main s390x libssl3t64 s390x 3.0.13-0ubuntu2 [1675 kB] 310s Get:5 http://ftpmaster.internal/ubuntu noble/main s390x python3-markupsafe s390x 2.1.5-1build1 [12.8 kB] 310s Get:6 http://ftpmaster.internal/ubuntu noble/main s390x cloud-init all 24.1.2-0ubuntu1 [597 kB] 311s Preconfiguring packages ... 311s Fetched 3461 kB in 1s (4345 kB/s) 311s (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 52171 files and directories currently installed.) 311s Preparing to unpack .../debianutils_5.17_s390x.deb ... 311s Unpacking debianutils (5.17) over (5.16) ... 311s Setting up debianutils (5.17) ... 311s (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 52171 files and directories currently installed.) 311s Preparing to unpack .../openssl_3.0.13-0ubuntu2_s390x.deb ... 311s Unpacking openssl (3.0.13-0ubuntu2) over (3.0.10-1ubuntu4) ... 311s Preparing to unpack .../libsasl2-modules_2.1.28+dfsg1-5ubuntu1_s390x.deb ... 311s Unpacking libsasl2-modules:s390x (2.1.28+dfsg1-5ubuntu1) over (2.1.28+dfsg1-4) ... 311s dpkg: libssl3:s390x: dependency problems, but removing anyway as you requested: 311s wget depends on libssl3 (>= 3.0.0). 311s tnftp depends on libssl3 (>= 3.0.0). 311s tcpdump depends on libssl3 (>= 3.0.0). 311s systemd-resolved depends on libssl3 (>= 3.0.0). 311s systemd depends on libssl3 (>= 3.0.0). 311s sudo depends on libssl3 (>= 3.0.0). 311s s390-tools depends on libssl3 (>= 3.0.0). 311s rsync depends on libssl3 (>= 3.0.0). 311s python3-cryptography depends on libssl3 (>= 3.0.0). 311s openssh-server depends on libssl3 (>= 3.0.10). 311s openssh-client depends on libssl3 (>= 3.0.10). 311s linux-headers-6.8.0-11-generic depends on libssl3 (>= 3.0.0). 311s libsystemd-shared:s390x depends on libssl3 (>= 3.0.0). 311s libssh-4:s390x depends on libssl3 (>= 3.0.0). 311s libsasl2-2:s390x depends on libssl3 (>= 3.0.0). 311s libpython3.12-minimal:s390x depends on libssl3 (>= 3.0.0). 311s libpython3.11-minimal:s390x depends on libssl3 (>= 3.0.0). 311s libnvme1 depends on libssl3 (>= 3.0.0). 311s libkrb5-3:s390x depends on libssl3 (>= 3.0.0). 311s libkmod2:s390x depends on libssl3 (>= 3.0.0). 311s libfido2-1:s390x depends on libssl3 (>= 3.0.0). 311s libcurl4:s390x depends on libssl3 (>= 3.0.0). 311s libcryptsetup12:s390x depends on libssl3 (>= 3.0.0). 311s kmod depends on libssl3 (>= 3.0.0). 311s dhcpcd-base depends on libssl3 (>= 3.0.0). 311s bind9-libs:s390x depends on libssl3 (>= 3.0.0). 311s 311s (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 52171 files and directories currently installed.) 311s Removing libssl3:s390x (3.0.10-1ubuntu4) ... 311s Selecting previously unselected package libssl3t64:s390x. 311s (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 52160 files and directories currently installed.) 311s Preparing to unpack .../libssl3t64_3.0.13-0ubuntu2_s390x.deb ... 311s Unpacking libssl3t64:s390x (3.0.13-0ubuntu2) ... 311s Preparing to unpack .../python3-markupsafe_2.1.5-1build1_s390x.deb ... 311s Unpacking python3-markupsafe (2.1.5-1build1) over (2.1.5-1) ... 311s Preparing to unpack .../cloud-init_24.1.2-0ubuntu1_all.deb ... 312s Unpacking cloud-init (24.1.2-0ubuntu1) over (24.1.1-0ubuntu1) ... 312s Setting up cloud-init (24.1.2-0ubuntu1) ... 314s Setting up libssl3t64:s390x (3.0.13-0ubuntu2) ... 314s Setting up libsasl2-modules:s390x (2.1.28+dfsg1-5ubuntu1) ... 314s Setting up python3-markupsafe (2.1.5-1build1) ... 315s Setting up openssl (3.0.13-0ubuntu2) ... 315s Processing triggers for rsyslog (8.2312.0-3ubuntu3) ... 315s Processing triggers for man-db (2.12.0-3) ... 316s Processing triggers for libc-bin (2.39-0ubuntu2) ... 316s Reading package lists... 317s Building dependency tree... 317s Reading state information... 317s 0 upgraded, 0 newly installed, 0 to remove and 2 not upgraded. 317s Unknown architecture, assuming PC-style ttyS0 317s sh: Attempting to set up Debian/Ubuntu apt sources automatically 317s sh: Distribution appears to be Ubuntu 318s Reading package lists... 319s Building dependency tree... 319s Reading state information... 320s eatmydata is already the newest version (131-1). 320s 0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded. 320s Reading package lists... 320s Building dependency tree... 320s Reading state information... 320s dbus is already the newest version (1.14.10-4ubuntu1). 320s 0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded. 320s Reading package lists... 320s Building dependency tree... 320s Reading state information... 320s rng-tools-debian is already the newest version (2.4). 320s 0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded. 320s Reading package lists... 320s Building dependency tree... 320s Reading state information... 321s The following packages will be REMOVED: 321s cloud-init* python3-configobj* python3-debconf* 321s 0 upgraded, 0 newly installed, 3 to remove and 0 not upgraded. 321s After this operation, 3256 kB disk space will be freed. 321s (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 52172 files and directories currently installed.) 321s Removing cloud-init (24.1.2-0ubuntu1) ... 322s Removing python3-configobj (5.0.8-3) ... 322s Removing python3-debconf (1.5.86) ... 322s Processing triggers for man-db (2.12.0-3) ... 323s (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 51783 files and directories currently installed.) 323s Purging configuration files for cloud-init (24.1.2-0ubuntu1) ... 324s dpkg: warning: while removing cloud-init, directory '/etc/cloud/cloud.cfg.d' not empty so not removed 324s Processing triggers for rsyslog (8.2312.0-3ubuntu3) ... 324s invoke-rc.d: policy-rc.d denied execution of try-restart. 325s Reading package lists... 325s Building dependency tree... 325s Reading state information... 326s linux-generic is already the newest version (6.8.0-11.11+1). 326s 0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded. 326s Hit:1 http://ftpmaster.internal/ubuntu noble InRelease 326s Hit:2 http://ftpmaster.internal/ubuntu noble-updates InRelease 326s Hit:3 http://ftpmaster.internal/ubuntu noble-security InRelease 329s Reading package lists... 329s Reading package lists... 329s Building dependency tree... 329s Reading state information... 329s Calculating upgrade... 330s 0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded. 330s Reading package lists... 330s Building dependency tree... 330s Reading state information... 330s 0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded. 330s autopkgtest [00:36:18]: rebooting testbed after setup commands that affected boot 360s Reading package lists... 360s Building dependency tree... 360s Reading state information... 360s Starting pkgProblemResolver with broken count: 0 360s Starting 2 pkgProblemResolver with broken count: 0 360s Done 361s The following additional packages will be installed: 361s gnutls-bin libavahi-client3 libavahi-common-data libavahi-common3 361s libbasicobjects0 libc-ares2 libcollection4 libcrack2 libdhash1 361s libevent-2.1-7 libgnutls-dane0 libini-config5 libipa-hbac0 libldb2 361s libnfsidmap1 libnss-sss libpam-pwquality libpam-sss libpath-utils1 361s libpwquality-common libpwquality1 libref-array1 libsmbclient libsofthsm2 361s libsss-certmap0 libsss-idmap0 libsss-nss-idmap0 libtalloc2 libtdb1 361s libtevent0 libunbound8 libwbclient0 python3-sss samba-libs softhsm2 361s softhsm2-common sssd sssd-ad sssd-ad-common sssd-common sssd-ipa sssd-krb5 361s sssd-krb5-common sssd-ldap sssd-proxy 361s Suggested packages: 361s dns-root-data adcli libsss-sudo sssd-tools libsasl2-modules-ldap 361s Recommended packages: 361s cracklib-runtime libsasl2-modules-gssapi-mit 361s | libsasl2-modules-gssapi-heimdal ldap-utils 361s The following NEW packages will be installed: 361s autopkgtest-satdep gnutls-bin libavahi-client3 libavahi-common-data 361s libavahi-common3 libbasicobjects0 libc-ares2 libcollection4 libcrack2 361s libdhash1 libevent-2.1-7 libgnutls-dane0 libini-config5 libipa-hbac0 libldb2 361s libnfsidmap1 libnss-sss libpam-pwquality libpam-sss libpath-utils1 361s libpwquality-common libpwquality1 libref-array1 libsmbclient libsofthsm2 361s libsss-certmap0 libsss-idmap0 libsss-nss-idmap0 libtalloc2 libtdb1 361s libtevent0 libunbound8 libwbclient0 python3-sss samba-libs softhsm2 361s softhsm2-common sssd sssd-ad sssd-ad-common sssd-common sssd-ipa sssd-krb5 361s sssd-krb5-common sssd-ldap sssd-proxy 361s 0 upgraded, 46 newly installed, 0 to remove and 0 not upgraded. 361s Need to get 10.4 MB/10.4 MB of archives. 361s After this operation, 40.5 MB of additional disk space will be used. 361s Get:1 /tmp/autopkgtest.A657xW/3-autopkgtest-satdep.deb autopkgtest-satdep s390x 0 [748 B] 361s Get:2 http://ftpmaster.internal/ubuntu noble/main s390x libevent-2.1-7 s390x 2.1.12-stable-9 [144 kB] 361s Get:3 http://ftpmaster.internal/ubuntu noble/main s390x libunbound8 s390x 1.19.1-1ubuntu1 [453 kB] 361s Get:4 http://ftpmaster.internal/ubuntu noble/main s390x libgnutls-dane0 s390x 3.8.3-1ubuntu1 [23.6 kB] 361s Get:5 http://ftpmaster.internal/ubuntu noble/universe s390x gnutls-bin s390x 3.8.3-1ubuntu1 [284 kB] 361s Get:6 http://ftpmaster.internal/ubuntu noble/main s390x libavahi-common-data s390x 0.8-13ubuntu2 [29.5 kB] 361s Get:7 http://ftpmaster.internal/ubuntu noble/main s390x libavahi-common3 s390x 0.8-13ubuntu2 [23.8 kB] 361s Get:8 http://ftpmaster.internal/ubuntu noble/main s390x libavahi-client3 s390x 0.8-13ubuntu2 [26.7 kB] 361s Get:9 http://ftpmaster.internal/ubuntu noble/main s390x libcrack2 s390x 2.9.6-5.1 [29.6 kB] 361s Get:10 http://ftpmaster.internal/ubuntu noble/main s390x libtalloc2 s390x 2.4.2-1 [28.3 kB] 361s Get:11 http://ftpmaster.internal/ubuntu noble/main s390x libtdb1 s390x 1.4.10-1 [49.9 kB] 361s Get:12 http://ftpmaster.internal/ubuntu noble/main s390x libtevent0 s390x 0.16.1-1 [43.1 kB] 361s Get:13 http://ftpmaster.internal/ubuntu noble/main s390x libldb2 s390x 2:2.8.0+samba4.19.5+dfsg-1ubuntu1 [191 kB] 361s Get:14 http://ftpmaster.internal/ubuntu noble/main s390x libnfsidmap1 s390x 1:2.6.3-3ubuntu1 [49.0 kB] 361s Get:15 http://ftpmaster.internal/ubuntu noble/main s390x libpwquality-common all 1.4.5-3 [7658 B] 361s Get:16 http://ftpmaster.internal/ubuntu noble/main s390x libpwquality1 s390x 1.4.5-3 [14.7 kB] 361s Get:17 http://ftpmaster.internal/ubuntu noble/main s390x libpam-pwquality s390x 1.4.5-3 [11.6 kB] 361s Get:18 http://ftpmaster.internal/ubuntu noble/main s390x libwbclient0 s390x 2:4.19.5+dfsg-1ubuntu1 [70.3 kB] 361s Get:19 http://ftpmaster.internal/ubuntu noble/main s390x samba-libs s390x 2:4.19.5+dfsg-1ubuntu1 [6231 kB] 362s Get:20 http://ftpmaster.internal/ubuntu noble/universe s390x softhsm2-common s390x 2.6.1-2.2 [5808 B] 362s Get:21 http://ftpmaster.internal/ubuntu noble/universe s390x libsofthsm2 s390x 2.6.1-2.2 [265 kB] 362s Get:22 http://ftpmaster.internal/ubuntu noble/universe s390x softhsm2 s390x 2.6.1-2.2 [174 kB] 362s Get:23 http://ftpmaster.internal/ubuntu noble/main s390x python3-sss s390x 2.9.4-1ubuntu1 [46.6 kB] 362s Get:24 http://ftpmaster.internal/ubuntu noble/main s390x libsss-idmap0 s390x 2.9.4-1ubuntu1 [22.1 kB] 362s Get:25 http://ftpmaster.internal/ubuntu noble/main s390x libnss-sss s390x 2.9.4-1ubuntu1 [32.6 kB] 362s Get:26 http://ftpmaster.internal/ubuntu noble/main s390x libpam-sss s390x 2.9.4-1ubuntu1 [51.9 kB] 362s Get:27 http://ftpmaster.internal/ubuntu noble/main s390x libc-ares2 s390x 1.27.0-1 [79.2 kB] 362s Get:28 http://ftpmaster.internal/ubuntu noble/main s390x libdhash1 s390x 0.6.2-2 [8648 B] 362s Get:29 http://ftpmaster.internal/ubuntu noble/main s390x libbasicobjects0 s390x 0.6.2-2 [5476 B] 362s Get:30 http://ftpmaster.internal/ubuntu noble/main s390x libcollection4 s390x 0.6.2-2 [23.2 kB] 362s Get:31 http://ftpmaster.internal/ubuntu noble/main s390x libpath-utils1 s390x 0.6.2-2 [8994 B] 362s Get:32 http://ftpmaster.internal/ubuntu noble/main s390x libref-array1 s390x 0.6.2-2 [6880 B] 362s Get:33 http://ftpmaster.internal/ubuntu noble/main s390x libini-config5 s390x 0.6.2-2 [45.3 kB] 362s Get:34 http://ftpmaster.internal/ubuntu noble/main s390x libsss-certmap0 s390x 2.9.4-1ubuntu1 [46.7 kB] 362s Get:35 http://ftpmaster.internal/ubuntu noble/main s390x libsss-nss-idmap0 s390x 2.9.4-1ubuntu1 [31.4 kB] 362s Get:36 http://ftpmaster.internal/ubuntu noble/main s390x sssd-common s390x 2.9.4-1ubuntu1 [1125 kB] 362s Get:37 http://ftpmaster.internal/ubuntu noble/main s390x sssd-ad-common s390x 2.9.4-1ubuntu1 [74.8 kB] 362s Get:38 http://ftpmaster.internal/ubuntu noble/main s390x sssd-krb5-common s390x 2.9.4-1ubuntu1 [90.3 kB] 362s Get:39 http://ftpmaster.internal/ubuntu noble/main s390x libsmbclient s390x 2:4.19.5+dfsg-1ubuntu1 [65.1 kB] 362s Get:40 http://ftpmaster.internal/ubuntu noble/main s390x sssd-ad s390x 2.9.4-1ubuntu1 [133 kB] 362s Get:41 http://ftpmaster.internal/ubuntu noble/main s390x libipa-hbac0 s390x 2.9.4-1ubuntu1 [16.8 kB] 362s Get:42 http://ftpmaster.internal/ubuntu noble/main s390x sssd-ipa s390x 2.9.4-1ubuntu1 [215 kB] 362s Get:43 http://ftpmaster.internal/ubuntu noble/main s390x sssd-krb5 s390x 2.9.4-1ubuntu1 [14.4 kB] 362s Get:44 http://ftpmaster.internal/ubuntu noble/main s390x sssd-ldap s390x 2.9.4-1ubuntu1 [31.0 kB] 362s Get:45 http://ftpmaster.internal/ubuntu noble/main s390x sssd-proxy s390x 2.9.4-1ubuntu1 [43.9 kB] 362s Get:46 http://ftpmaster.internal/ubuntu noble/main s390x sssd s390x 2.9.4-1ubuntu1 [4120 B] 362s Fetched 10.4 MB in 1s (7520 kB/s) 362s Selecting previously unselected package libevent-2.1-7:s390x. 363s (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 51728 files and directories currently installed.) 363s Preparing to unpack .../00-libevent-2.1-7_2.1.12-stable-9_s390x.deb ... 363s Unpacking libevent-2.1-7:s390x (2.1.12-stable-9) ... 363s Selecting previously unselected package libunbound8:s390x. 363s Preparing to unpack .../01-libunbound8_1.19.1-1ubuntu1_s390x.deb ... 363s Unpacking libunbound8:s390x (1.19.1-1ubuntu1) ... 363s Selecting previously unselected package libgnutls-dane0:s390x. 363s Preparing to unpack .../02-libgnutls-dane0_3.8.3-1ubuntu1_s390x.deb ... 363s Unpacking libgnutls-dane0:s390x (3.8.3-1ubuntu1) ... 363s Selecting previously unselected package gnutls-bin. 363s Preparing to unpack .../03-gnutls-bin_3.8.3-1ubuntu1_s390x.deb ... 363s Unpacking gnutls-bin (3.8.3-1ubuntu1) ... 363s Selecting previously unselected package libavahi-common-data:s390x. 363s Preparing to unpack .../04-libavahi-common-data_0.8-13ubuntu2_s390x.deb ... 363s Unpacking libavahi-common-data:s390x (0.8-13ubuntu2) ... 363s Selecting previously unselected package libavahi-common3:s390x. 363s Preparing to unpack .../05-libavahi-common3_0.8-13ubuntu2_s390x.deb ... 363s Unpacking libavahi-common3:s390x (0.8-13ubuntu2) ... 363s Selecting previously unselected package libavahi-client3:s390x. 363s Preparing to unpack .../06-libavahi-client3_0.8-13ubuntu2_s390x.deb ... 363s Unpacking libavahi-client3:s390x (0.8-13ubuntu2) ... 363s Selecting previously unselected package libcrack2:s390x. 363s Preparing to unpack .../07-libcrack2_2.9.6-5.1_s390x.deb ... 363s Unpacking libcrack2:s390x (2.9.6-5.1) ... 363s Selecting previously unselected package libtalloc2:s390x. 363s Preparing to unpack .../08-libtalloc2_2.4.2-1_s390x.deb ... 363s Unpacking libtalloc2:s390x (2.4.2-1) ... 363s Selecting previously unselected package libtdb1:s390x. 363s Preparing to unpack .../09-libtdb1_1.4.10-1_s390x.deb ... 363s Unpacking libtdb1:s390x (1.4.10-1) ... 363s Selecting previously unselected package libtevent0:s390x. 363s Preparing to unpack .../10-libtevent0_0.16.1-1_s390x.deb ... 363s Unpacking libtevent0:s390x (0.16.1-1) ... 363s Selecting previously unselected package libldb2:s390x. 363s Preparing to unpack .../11-libldb2_2%3a2.8.0+samba4.19.5+dfsg-1ubuntu1_s390x.deb ... 363s Unpacking libldb2:s390x (2:2.8.0+samba4.19.5+dfsg-1ubuntu1) ... 363s Selecting previously unselected package libnfsidmap1:s390x. 363s Preparing to unpack .../12-libnfsidmap1_1%3a2.6.3-3ubuntu1_s390x.deb ... 363s Unpacking libnfsidmap1:s390x (1:2.6.3-3ubuntu1) ... 363s Selecting previously unselected package libpwquality-common. 363s Preparing to unpack .../13-libpwquality-common_1.4.5-3_all.deb ... 363s Unpacking libpwquality-common (1.4.5-3) ... 363s Selecting previously unselected package libpwquality1:s390x. 363s Preparing to unpack .../14-libpwquality1_1.4.5-3_s390x.deb ... 363s Unpacking libpwquality1:s390x (1.4.5-3) ... 363s Selecting previously unselected package libpam-pwquality:s390x. 363s Preparing to unpack .../15-libpam-pwquality_1.4.5-3_s390x.deb ... 363s Unpacking libpam-pwquality:s390x (1.4.5-3) ... 363s Selecting previously unselected package libwbclient0:s390x. 363s Preparing to unpack .../16-libwbclient0_2%3a4.19.5+dfsg-1ubuntu1_s390x.deb ... 363s Unpacking libwbclient0:s390x (2:4.19.5+dfsg-1ubuntu1) ... 363s Selecting previously unselected package samba-libs:s390x. 363s Preparing to unpack .../17-samba-libs_2%3a4.19.5+dfsg-1ubuntu1_s390x.deb ... 363s Unpacking samba-libs:s390x (2:4.19.5+dfsg-1ubuntu1) ... 363s Selecting previously unselected package softhsm2-common. 363s Preparing to unpack .../18-softhsm2-common_2.6.1-2.2_s390x.deb ... 363s Unpacking softhsm2-common (2.6.1-2.2) ... 363s Selecting previously unselected package libsofthsm2. 363s Preparing to unpack .../19-libsofthsm2_2.6.1-2.2_s390x.deb ... 363s Unpacking libsofthsm2 (2.6.1-2.2) ... 363s Selecting previously unselected package softhsm2. 363s Preparing to unpack .../20-softhsm2_2.6.1-2.2_s390x.deb ... 363s Unpacking softhsm2 (2.6.1-2.2) ... 363s Selecting previously unselected package python3-sss. 363s Preparing to unpack .../21-python3-sss_2.9.4-1ubuntu1_s390x.deb ... 363s Unpacking python3-sss (2.9.4-1ubuntu1) ... 363s Selecting previously unselected package libsss-idmap0. 363s Preparing to unpack .../22-libsss-idmap0_2.9.4-1ubuntu1_s390x.deb ... 363s Unpacking libsss-idmap0 (2.9.4-1ubuntu1) ... 363s Selecting previously unselected package libnss-sss:s390x. 363s Preparing to unpack .../23-libnss-sss_2.9.4-1ubuntu1_s390x.deb ... 363s Unpacking libnss-sss:s390x (2.9.4-1ubuntu1) ... 363s Selecting previously unselected package libpam-sss:s390x. 363s Preparing to unpack .../24-libpam-sss_2.9.4-1ubuntu1_s390x.deb ... 363s Unpacking libpam-sss:s390x (2.9.4-1ubuntu1) ... 363s Selecting previously unselected package libc-ares2:s390x. 363s Preparing to unpack .../25-libc-ares2_1.27.0-1_s390x.deb ... 363s Unpacking libc-ares2:s390x (1.27.0-1) ... 363s Selecting previously unselected package libdhash1:s390x. 363s Preparing to unpack .../26-libdhash1_0.6.2-2_s390x.deb ... 363s Unpacking libdhash1:s390x (0.6.2-2) ... 363s Selecting previously unselected package libbasicobjects0:s390x. 363s Preparing to unpack .../27-libbasicobjects0_0.6.2-2_s390x.deb ... 363s Unpacking libbasicobjects0:s390x (0.6.2-2) ... 363s Selecting previously unselected package libcollection4:s390x. 363s Preparing to unpack .../28-libcollection4_0.6.2-2_s390x.deb ... 363s Unpacking libcollection4:s390x (0.6.2-2) ... 363s Selecting previously unselected package libpath-utils1:s390x. 363s Preparing to unpack .../29-libpath-utils1_0.6.2-2_s390x.deb ... 363s Unpacking libpath-utils1:s390x (0.6.2-2) ... 363s Selecting previously unselected package libref-array1:s390x. 363s Preparing to unpack .../30-libref-array1_0.6.2-2_s390x.deb ... 363s Unpacking libref-array1:s390x (0.6.2-2) ... 363s Selecting previously unselected package libini-config5:s390x. 363s Preparing to unpack .../31-libini-config5_0.6.2-2_s390x.deb ... 363s Unpacking libini-config5:s390x (0.6.2-2) ... 363s Selecting previously unselected package libsss-certmap0. 364s Preparing to unpack .../32-libsss-certmap0_2.9.4-1ubuntu1_s390x.deb ... 364s Unpacking libsss-certmap0 (2.9.4-1ubuntu1) ... 364s Selecting previously unselected package libsss-nss-idmap0. 364s Preparing to unpack .../33-libsss-nss-idmap0_2.9.4-1ubuntu1_s390x.deb ... 364s Unpacking libsss-nss-idmap0 (2.9.4-1ubuntu1) ... 364s Selecting previously unselected package sssd-common. 364s Preparing to unpack .../34-sssd-common_2.9.4-1ubuntu1_s390x.deb ... 364s Unpacking sssd-common (2.9.4-1ubuntu1) ... 364s Selecting previously unselected package sssd-ad-common. 364s Preparing to unpack .../35-sssd-ad-common_2.9.4-1ubuntu1_s390x.deb ... 364s Unpacking sssd-ad-common (2.9.4-1ubuntu1) ... 364s Selecting previously unselected package sssd-krb5-common. 364s Preparing to unpack .../36-sssd-krb5-common_2.9.4-1ubuntu1_s390x.deb ... 364s Unpacking sssd-krb5-common (2.9.4-1ubuntu1) ... 364s Selecting previously unselected package libsmbclient:s390x. 364s Preparing to unpack .../37-libsmbclient_2%3a4.19.5+dfsg-1ubuntu1_s390x.deb ... 364s Unpacking libsmbclient:s390x (2:4.19.5+dfsg-1ubuntu1) ... 364s Selecting previously unselected package sssd-ad. 364s Preparing to unpack .../38-sssd-ad_2.9.4-1ubuntu1_s390x.deb ... 364s Unpacking sssd-ad (2.9.4-1ubuntu1) ... 364s Selecting previously unselected package libipa-hbac0. 364s Preparing to unpack .../39-libipa-hbac0_2.9.4-1ubuntu1_s390x.deb ... 364s Unpacking libipa-hbac0 (2.9.4-1ubuntu1) ... 364s Selecting previously unselected package sssd-ipa. 364s Preparing to unpack .../40-sssd-ipa_2.9.4-1ubuntu1_s390x.deb ... 364s Unpacking sssd-ipa (2.9.4-1ubuntu1) ... 364s Selecting previously unselected package sssd-krb5. 364s Preparing to unpack .../41-sssd-krb5_2.9.4-1ubuntu1_s390x.deb ... 364s Unpacking sssd-krb5 (2.9.4-1ubuntu1) ... 364s Selecting previously unselected package sssd-ldap. 364s Preparing to unpack .../42-sssd-ldap_2.9.4-1ubuntu1_s390x.deb ... 364s Unpacking sssd-ldap (2.9.4-1ubuntu1) ... 364s Selecting previously unselected package sssd-proxy. 364s Preparing to unpack .../43-sssd-proxy_2.9.4-1ubuntu1_s390x.deb ... 364s Unpacking sssd-proxy (2.9.4-1ubuntu1) ... 364s Selecting previously unselected package sssd. 364s Preparing to unpack .../44-sssd_2.9.4-1ubuntu1_s390x.deb ... 364s Unpacking sssd (2.9.4-1ubuntu1) ... 364s Selecting previously unselected package autopkgtest-satdep. 364s Preparing to unpack .../45-3-autopkgtest-satdep.deb ... 364s Unpacking autopkgtest-satdep (0) ... 364s Setting up libpwquality-common (1.4.5-3) ... 364s Setting up libpath-utils1:s390x (0.6.2-2) ... 364s Setting up softhsm2-common (2.6.1-2.2) ... 364s 364s Creating config file /etc/softhsm/softhsm2.conf with new version 364s Setting up libnfsidmap1:s390x (1:2.6.3-3ubuntu1) ... 364s Setting up libsss-idmap0 (2.9.4-1ubuntu1) ... 364s Setting up libbasicobjects0:s390x (0.6.2-2) ... 364s Setting up libtdb1:s390x (1.4.10-1) ... 364s Setting up libc-ares2:s390x (1.27.0-1) ... 364s Setting up libwbclient0:s390x (2:4.19.5+dfsg-1ubuntu1) ... 364s Setting up libtalloc2:s390x (2.4.2-1) ... 364s Setting up libdhash1:s390x (0.6.2-2) ... 364s Setting up libtevent0:s390x (0.16.1-1) ... 364s Setting up libavahi-common-data:s390x (0.8-13ubuntu2) ... 364s Setting up libevent-2.1-7:s390x (2.1.12-stable-9) ... 364s Setting up libcrack2:s390x (2.9.6-5.1) ... 364s Setting up libcollection4:s390x (0.6.2-2) ... 364s Setting up libipa-hbac0 (2.9.4-1ubuntu1) ... 364s Setting up libref-array1:s390x (0.6.2-2) ... 364s Setting up libldb2:s390x (2:2.8.0+samba4.19.5+dfsg-1ubuntu1) ... 364s Setting up libsss-nss-idmap0 (2.9.4-1ubuntu1) ... 364s Setting up libnss-sss:s390x (2.9.4-1ubuntu1) ... 364s Setting up libsofthsm2 (2.6.1-2.2) ... 364s Setting up softhsm2 (2.6.1-2.2) ... 364s Setting up libini-config5:s390x (0.6.2-2) ... 364s Setting up libavahi-common3:s390x (0.8-13ubuntu2) ... 364s Setting up python3-sss (2.9.4-1ubuntu1) ... 364s Setting up libsss-certmap0 (2.9.4-1ubuntu1) ... 364s Setting up libunbound8:s390x (1.19.1-1ubuntu1) ... 364s Setting up libpwquality1:s390x (1.4.5-3) ... 364s Setting up libavahi-client3:s390x (0.8-13ubuntu2) ... 364s Setting up libgnutls-dane0:s390x (3.8.3-1ubuntu1) ... 364s Setting up libpam-pwquality:s390x (1.4.5-3) ... 364s Setting up samba-libs:s390x (2:4.19.5+dfsg-1ubuntu1) ... 364s Setting up libsmbclient:s390x (2:4.19.5+dfsg-1ubuntu1) ... 364s Setting up libpam-sss:s390x (2.9.4-1ubuntu1) ... 364s Setting up gnutls-bin (3.8.3-1ubuntu1) ... 364s Setting up sssd-common (2.9.4-1ubuntu1) ... 364s Creating SSSD system user & group... 365s warn: The home directory `/var/lib/sss' already exists. Not touching this directory. 365s warn: Warning: The home directory `/var/lib/sss' does not belong to the user you are currently creating. 365s Warning: found usr.sbin.sssd in /etc/apparmor.d/force-complain, forcing complain mode 365s Warning from /etc/apparmor.d/usr.sbin.sssd (/etc/apparmor.d/usr.sbin.sssd line 63): Caching disabled for: 'usr.sbin.sssd' due to force complain 365s Created symlink /etc/systemd/system/sssd.service.wants/sssd-autofs.socket → /usr/lib/systemd/system/sssd-autofs.socket. 365s Created symlink /etc/systemd/system/sssd.service.wants/sssd-nss.socket → /usr/lib/systemd/system/sssd-nss.socket. 366s Created symlink /etc/systemd/system/sssd.service.wants/sssd-pam-priv.socket → /usr/lib/systemd/system/sssd-pam-priv.socket. 366s Created symlink /etc/systemd/system/sssd.service.wants/sssd-pam.socket → /usr/lib/systemd/system/sssd-pam.socket. 366s Created symlink /etc/systemd/system/sssd.service.wants/sssd-ssh.socket → /usr/lib/systemd/system/sssd-ssh.socket. 366s Created symlink /etc/systemd/system/sssd.service.wants/sssd-sudo.socket → /usr/lib/systemd/system/sssd-sudo.socket. 367s Created symlink /etc/systemd/system/multi-user.target.wants/sssd.service → /usr/lib/systemd/system/sssd.service. 367s sssd-autofs.service is a disabled or a static unit, not starting it. 367s sssd-nss.service is a disabled or a static unit, not starting it. 367s sssd-pam.service is a disabled or a static unit, not starting it. 367s sssd-ssh.service is a disabled or a static unit, not starting it. 367s sssd-sudo.service is a disabled or a static unit, not starting it. 367s Could not execute systemctl: at /usr/bin/deb-systemd-invoke line 148. 367s Setting up sssd-proxy (2.9.4-1ubuntu1) ... 367s Setting up sssd-ad-common (2.9.4-1ubuntu1) ... 367s Created symlink /etc/systemd/system/sssd.service.wants/sssd-pac.socket → /usr/lib/systemd/system/sssd-pac.socket. 368s sssd-pac.service is a disabled or a static unit, not starting it. 368s Could not execute systemctl: at /usr/bin/deb-systemd-invoke line 148. 368s Setting up sssd-krb5-common (2.9.4-1ubuntu1) ... 368s Setting up sssd-krb5 (2.9.4-1ubuntu1) ... 368s Setting up sssd-ldap (2.9.4-1ubuntu1) ... 368s Setting up sssd-ad (2.9.4-1ubuntu1) ... 368s Setting up sssd-ipa (2.9.4-1ubuntu1) ... 368s Setting up sssd (2.9.4-1ubuntu1) ... 368s Setting up autopkgtest-satdep (0) ... 368s Processing triggers for man-db (2.12.0-3) ... 369s Processing triggers for libc-bin (2.39-0ubuntu2) ... 372s (Reading database ... 52316 files and directories currently installed.) 372s Removing autopkgtest-satdep (0) ... 378s autopkgtest [00:37:06]: test sssd-softhism2-certificates-tests.sh: [----------------------- 379s + '[' -z ubuntu ']' 379s + required_tools=(p11tool openssl softhsm2-util) 379s + for cmd in "${required_tools[@]}" 379s + command -v p11tool 379s + for cmd in "${required_tools[@]}" 379s + command -v openssl 379s + for cmd in "${required_tools[@]}" 379s + command -v softhsm2-util 379s + PIN=053350 379s +++ find /usr/lib/softhsm/libsofthsm2.so 379s +++ head -n 1 379s ++ realpath /usr/lib/softhsm/libsofthsm2.so 379s + SOFTHSM2_MODULE=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so 379s + SSSD_P11_CHILD=/usr/libexec/sssd/p11_child 379s + TOKEN_ID=00112233445566778899FFAABBCCDDEEFF012345 379s + '[' '!' -v NO_SSSD_TESTS ']' 379s + '[' '!' -x /usr/libexec/sssd/p11_child ']' 379s + ca_db_arg=ca_db 379s ++ /usr/libexec/sssd/p11_child --help 379s + p11_child_help='Usage: p11_child [OPTION...] 379s -d, --debug-level=INT Debug level 379s --debug-timestamps=INT Add debug timestamps 379s --debug-microseconds=INT Show timestamps with microseconds 379s --dumpable=INT Allow core dumps 379s --debug-fd=INT An open file descriptor for the debug 379s logs 379s --logger=stderr|files|journald Set logger 379s --auth Run in auth mode 379s --pre Run in pre-auth mode 379s --wait_for_card Wait until card is available 379s --verification Run in verification mode 379s --pin Expect PIN on stdin 379s --keypad Expect PIN on keypad 379s --verify=STRING Tune validation 379s --ca_db=STRING CA DB to use 379s --module_name=STRING Module name for authentication 379s --token_name=STRING Token name for authentication 379s --key_id=STRING Key ID for authentication 379s --label=STRING Label for authentication 379s --certificate=STRING certificate to verify, base64 encoded 379s --uri=STRING PKCS#11 URI to restrict selection 379s --chain-id=LONG Tevent chain ID used for logging 379s purposes 379s 379s Help options: 379s -?, --help Show this help message 379s --usage Display brief usage message' 379s + echo 'Usage: p11_child [OPTION...] 379s -d, --debug-level=INT Debug level 379s + grep nssdb -qs 379s --debug-timestamps=INT Add debug timestamps 379s --debug-microseconds=INT Show timestamps with microseconds 379s --dumpable=INT Allow core dumps 379s --debug-fd=INT An open file descriptor for the debug 379s logs 379s --logger=stderr|files|journald Set logger 379s --auth Run in auth mode 379s --pre Run in pre-auth mode 379s --wait_for_card Wait until card is available 379s --verification Run in verification mode 379s --pin Expect PIN on stdin 379s --keypad Expect PIN on keypad 379s --verify=STRING Tune validation 379s --ca_db=STRING CA DB to use 379s --module_name=STRING Module name for authentication 379s --token_name=STRING Token name for authentication 379s --key_id=STRING Key ID for authentication 379s --label=STRING Label for authentication 379s --certificate=STRING certificate to verify, base64 encoded 379s --uri=STRING PKCS#11 URI to restrict selection 379s --chain-id=LONG Tevent chain ID used for logging 379s purposes 379s 379s Help options: 379s -?, --help Show this help message 379s --usage Display brief usage message' 379s + echo 'Usage: p11_child [OPTION...] 379s -d, --debug-level=INT Debug level 379s --debug-timestamps=INT Add debug timestamps 379s --debug-microseconds=INT Show timestamps with microseconds 379s --dumpable=INT Allow core dumps 379s --debug-fd=INT An open file descriptor for the debug 379s logs 379s --logger=stderr|files|journald Set logger 379s --auth Run in auth mode 379s --pre Run in pre-auth mode 379s --wait_for_card Wait until card is available 379s --verification Run in verification mode 379s --pin Expect PIN on stdin 379s --keypad Expect PIN on keypad 379s --verify=STRING Tune validation 379s --ca_db=STRING CA DB to use 379s --module_name=STRING Module name for authentication 379s --token_name=STRING Token name for authentication 379s --key_id=STRING Key ID for authentication 379s --label=STRING Label for authentication 379s --certificate=STRING certificate to verify, base64 encoded 379s --uri=STRING PKCS#11 URI to restrict selection 379s --chain-id=LONG Tevent chain ID used for logging 379s purposes 379s 379s Help options: 379s -?, --help Show this help message 379s --usage Display brief usage message' 379s + grep -qs -- --ca_db 379s + '[' '!' -e /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so ']' 379s ++ mktemp -d -t sssd-softhsm2-XXXXXX 379s + tmpdir=/tmp/sssd-softhsm2-Imo5hn 379s + keys_size=1024 379s + [[ ! -v KEEP_TEMPORARY_FILES ]] 379s + trap 'rm -rf "$tmpdir"' EXIT 379s + trap 'set +x; echo -e "\nUnexpected failure!!!"' ERR 379s + echo -n 01 379s + touch /tmp/sssd-softhsm2-Imo5hn/index.txt 379s + mkdir -p /tmp/sssd-softhsm2-Imo5hn/new_certs 379s + cat 379s + root_ca_key_pass=pass:random-root-CA-password-25276 379s + openssl genrsa -aes256 -out /tmp/sssd-softhsm2-Imo5hn/test-root-CA-key.pem -passout pass:random-root-CA-password-25276 1024 379s + openssl req -passin pass:random-root-CA-password-25276 -batch -config /tmp/sssd-softhsm2-Imo5hn/test-root-CA.config -x509 -new -nodes -key /tmp/sssd-softhsm2-Imo5hn/test-root-CA-key.pem -sha256 -days 1024 -set_serial 0 -extensions v3_ca -out /tmp/sssd-softhsm2-Imo5hn/test-root-CA.pem 379s + openssl x509 -noout -in /tmp/sssd-softhsm2-Imo5hn/test-root-CA.pem 379s + cat 379s + intermediate_ca_key_pass=pass:random-intermediate-CA-password-10307 379s + openssl genrsa -aes256 -out /tmp/sssd-softhsm2-Imo5hn/test-intermediate-CA-key.pem -passout pass:random-intermediate-CA-password-10307 1024 379s + openssl req -batch -new -nodes -passin pass:random-intermediate-CA-password-10307 -config /tmp/sssd-softhsm2-Imo5hn/test-intermediate-CA.config -key /tmp/sssd-softhsm2-Imo5hn/test-intermediate-CA-key.pem -passout pass:random-root-CA-password-25276 -sha256 -extensions v3_ca -out /tmp/sssd-softhsm2-Imo5hn/test-intermediate-CA-certificate-request.pem 379s + openssl req -text -noout -in /tmp/sssd-softhsm2-Imo5hn/test-intermediate-CA-certificate-request.pem 379s Certificate Request: 379s Data: 379s Version: 1 (0x0) 379s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate CA 379s Subject Public Key Info: 379s Public Key Algorithm: rsaEncryption 379s Public-Key: (1024 bit) 379s Modulus: 379s 00:e3:e4:44:1e:ab:bd:07:7c:df:0b:73:9f:f4:75: 379s b3:d9:f3:08:35:9c:35:73:28:c3:a1:6b:5f:00:33: 379s 1b:0c:f7:53:37:77:35:29:ff:4f:cb:90:23:e4:54: 379s fd:54:40:0f:bb:af:29:1b:dd:b6:a4:93:2e:4c:f9: 379s ee:7c:af:b1:e8:a1:cc:d3:1f:c8:0a:04:87:fe:49: 379s fa:fe:b1:36:aa:1f:0d:7d:da:81:41:f5:42:d2:2a: 379s cd:74:e0:ad:72:7c:d6:dd:fa:83:a9:ce:04:f0:44: 379s 57:c1:9e:b9:d3:3c:c0:28:f0:d7:7d:7b:f1:43:4c: 379s c4:cc:94:4d:79:9e:60:14:37 379s Exponent: 65537 (0x10001) 379s Attributes: 379s (none) 379s Requested Extensions: 379s Signature Algorithm: sha256WithRSAEncryption 379s Signature Value: 379s 07:b0:1c:2a:d8:08:e6:8f:36:eb:c1:f1:14:44:cd:77:f1:dd: 379s e2:af:43:b4:e6:99:24:8d:bf:2a:a7:25:40:69:09:dd:39:53: 379s a0:a9:97:1b:8d:75:d4:60:3c:e8:86:97:5d:ab:f0:17:68:0a: 379s 0e:3a:c3:85:f0:e7:48:84:1f:96:18:8b:67:1e:40:d3:76:88: 379s 25:4a:cd:6f:b2:48:f2:2b:1e:b5:78:f8:81:9c:01:4c:73:e4: 379s f2:4b:30:50:b7:7d:92:0c:5b:6e:8b:00:17:64:bd:0e:62:00: 379s 75:a0:83:a3:3e:7b:a6:8c:f9:cc:b3:87:f5:85:54:f5:8b:06: 379s b0:2c 379s + openssl ca -batch -notext -config /tmp/sssd-softhsm2-Imo5hn/test-root-CA.config -passin pass:random-root-CA-password-25276 -keyfile /tmp/sssd-softhsm2-Imo5hn/test-root-CA-key.pem -in /tmp/sssd-softhsm2-Imo5hn/test-intermediate-CA-certificate-request.pem -days 365 -extensions v3_intermediate_ca -out /tmp/sssd-softhsm2-Imo5hn/test-intermediate-CA.pem 379s Using configuration from /tmp/sssd-softhsm2-Imo5hn/test-root-CA.config 379s Check that the request matches the signature 379s Signature ok 379s Certificate Details: 379s Serial Number: 1 (0x1) 379s Validity 379s Not Before: Mar 22 00:37:07 2024 GMT 379s Not After : Mar 22 00:37:07 2025 GMT 379s Subject: 379s organizationName = Test Organization 379s organizationalUnitName = Test Organization Unit 379s commonName = Test Organization Intermediate CA 379s X509v3 extensions: 379s X509v3 Subject Key Identifier: 379s 01:84:CA:D2:23:C6:5A:69:0C:AD:22:5B:D5:67:A9:32:97:6E:24:05 379s X509v3 Authority Key Identifier: 379s keyid:6B:18:49:2C:AF:CE:25:E3:00:8A:C9:D3:21:64:0D:9B:93:DB:62:38 379s DirName:/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root CA 379s serial:00 379s X509v3 Basic Constraints: 379s CA:TRUE 379s X509v3 Key Usage: critical 379s Digital Signature, Certificate Sign, CRL Sign 379s Certificate is to be certified until Mar 22 00:37:07 2025 GMT (365 days) 379s 379s Write out database with 1 new entries 379s Database updated 379s + openssl x509 -noout -in /tmp/sssd-softhsm2-Imo5hn/test-intermediate-CA.pem 379s + openssl verify -CAfile /tmp/sssd-softhsm2-Imo5hn/test-root-CA.pem /tmp/sssd-softhsm2-Imo5hn/test-intermediate-CA.pem 379s /tmp/sssd-softhsm2-Imo5hn/test-intermediate-CA.pem: OK 379s + cat 379s + sub_intermediate_ca_key_pass=pass:random-sub-intermediate-CA-password-8137 379s + openssl genrsa -aes256 -out /tmp/sssd-softhsm2-Imo5hn/test-sub-intermediate-CA-key.pem -passout pass:random-sub-intermediate-CA-password-8137 1024 379s + openssl req -batch -new -nodes -passin pass:random-sub-intermediate-CA-password-8137 -config /tmp/sssd-softhsm2-Imo5hn/test-sub-intermediate-CA.config -key /tmp/sssd-softhsm2-Imo5hn/test-sub-intermediate-CA-key.pem -passout pass:random-intermediate-CA-password-10307 -sha256 -extensions v3_ca -out /tmp/sssd-softhsm2-Imo5hn/test-sub-intermediate-CA-certificate-request.pem 379s + openssl req -text -noout -in /tmp/sssd-softhsm2-Imo5hn/test-sub-intermediate-CA-certificate-request.pem 379s Certificate Request: 379s Data: 379s Version: 1 (0x0) 379s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate CA 379s Subject Public Key Info: 379s Public Key Algorithm: rsaEncryption 379s Public-Key: (1024 bit) 379s Modulus: 379s 00:b7:98:5a:12:24:6d:45:d6:e4:32:85:fe:65:37: 379s a1:41:1d:8d:85:f2:64:5e:b8:fb:13:89:6d:b6:a8: 379s 6b:5b:2c:87:00:18:2d:bb:27:3c:0c:ad:97:d0:d8: 379s dc:20:5b:11:f4:42:74:75:08:1f:80:b0:59:74:7b: 379s 78:04:d2:77:56:5e:82:65:a8:9c:52:6f:9e:4b:dc: 379s 84:04:b2:24:1a:d3:bf:c6:5b:ed:c4:bf:94:1c:ea: 379s 61:6e:e8:03:2a:ba:03:5a:f3:ea:d6:4a:a8:f8:4f: 379s 7f:ee:3e:a4:5b:22:8e:48:99:3b:0d:42:2c:aa:fd: 379s 03:d6:27:60:24:52:8e:1d:61 379s Exponent: 65537 (0x10001) 379s Attributes: 379s (none) 379s Requested Extensions: 379s Signature Algorithm: sha256WithRSAEncryption 379s Signature Value: 379s 50:5c:36:d0:5e:a5:9a:ee:72:d8:27:8d:db:ab:c9:71:67:b2: 379s f4:3f:3c:af:bd:32:cc:63:7f:5c:b0:4e:96:4f:24:8f:d4:84: 379s 29:95:e9:1d:42:96:68:f3:23:17:3b:68:64:11:b5:da:23:8d: 379s 67:97:8d:b6:00:3d:c0:d5:b6:b0:c5:1b:f9:9d:9b:64:7a:1f: 379s bd:cb:a9:16:00:ec:64:14:15:de:30:83:a7:4a:1a:36:67:9d: 379s fe:9a:82:67:97:d7:76:4e:da:67:f6:49:6f:91:de:62:29:22: 379s 57:7e:b0:a8:63:9c:17:b1:1a:63:11:34:38:08:e6:23:3c:c1: 379s a4:1c 379s + openssl ca -batch -notext -config /tmp/sssd-softhsm2-Imo5hn/test-intermediate-CA.config -passin pass:random-intermediate-CA-password-10307 -keyfile /tmp/sssd-softhsm2-Imo5hn/test-intermediate-CA-key.pem -in /tmp/sssd-softhsm2-Imo5hn/test-sub-intermediate-CA-certificate-request.pem -days 365 -extensions v3_intermediate_ca -out /tmp/sssd-softhsm2-Imo5hn/test-sub-intermediate-CA.pem 379s Using configuration from /tmp/sssd-softhsm2-Imo5hn/test-intermediate-CA.config 379s Check that the request matches the signature 379s Signature ok 379s Certificate Details: 379s Serial Number: 2 (0x2) 379s Validity 379s Not Before: Mar 22 00:37:07 2024 GMT 379s Not After : Mar 22 00:37:07 2025 GMT 379s Subject: 379s organizationName = Test Organization 379s organizationalUnitName = Test Organization Unit 379s commonName = Test Organization Sub Intermediate CA 379s X509v3 extensions: 379s X509v3 Subject Key Identifier: 379s 65:2C:9A:4F:FE:90:46:AD:A3:10:B7:0D:3D:8D:C6:EF:50:A2:6F:A4 379s X509v3 Authority Key Identifier: 379s keyid:01:84:CA:D2:23:C6:5A:69:0C:AD:22:5B:D5:67:A9:32:97:6E:24:05 379s DirName:/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root CA 379s serial:01 379s X509v3 Basic Constraints: 379s CA:TRUE 379s X509v3 Key Usage: critical 379s Digital Signature, Certificate Sign, CRL Sign 379s Certificate is to be certified until Mar 22 00:37:07 2025 GMT (365 days) 379s 379s Write out database with 1 new entries 379s Database updated 379s + openssl x509 -noout -in /tmp/sssd-softhsm2-Imo5hn/test-sub-intermediate-CA.pem 379s + openssl verify -partial_chain -CAfile /tmp/sssd-softhsm2-Imo5hn/test-intermediate-CA.pem /tmp/sssd-softhsm2-Imo5hn/test-sub-intermediate-CA.pem 379s /tmp/sssd-softhsm2-Imo5hn/test-sub-intermediate-CA.pem: OK 379s + expect_fail openssl verify -CAfile /tmp/sssd-softhsm2-Imo5hn/test-root-CA.pem /tmp/sssd-softhsm2-Imo5hn/test-sub-intermediate-CA.pem 379s + local cmd=openssl 379s + shift 379s + openssl verify -CAfile /tmp/sssd-softhsm2-Imo5hn/test-root-CA.pem /tmp/sssd-softhsm2-Imo5hn/test-sub-intermediate-CA.pem 379s O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate CA 379s error 20 at 0 depth lookup: unable to get local issuer certificate 379s error /tmp/sssd-softhsm2-Imo5hn/test-sub-intermediate-CA.pem: verification failed 379s + cat 379s + root_ca_trusted_cert_0001_key_pass=pass:random-root-ca-trusted-cert-0001-37 379s + openssl genrsa -aes256 -out /tmp/sssd-softhsm2-Imo5hn/test-root-CA-trusted-certificate-0001-key.pem -passout pass:random-root-ca-trusted-cert-0001-37 1024 379s + openssl req -new -nodes -reqexts req_exts -passin pass:random-root-ca-trusted-cert-0001-37 -key /tmp/sssd-softhsm2-Imo5hn/test-root-CA-trusted-certificate-0001-key.pem -config /tmp/sssd-softhsm2-Imo5hn/test-root-CA-trusted-certificate-0001.config -out /tmp/sssd-softhsm2-Imo5hn/test-root-CA-trusted-certificate-0001-request.pem 379s + openssl req -text -noout -in /tmp/sssd-softhsm2-Imo5hn/test-root-CA-trusted-certificate-0001-request.pem 379s Certificate Request: 379s Data: 379s Version: 1 (0x0) 379s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root Trusted Certificate 0001 379s Subject Public Key Info: 379s Public Key Algorithm: rsaEncryption 379s Public-Key: (1024 bit) 379s Modulus: 379s 00:a3:09:e0:d1:9c:a5:10:68:b0:48:ec:51:e9:1c: 379s 22:f9:cf:18:c3:4e:1d:30:a5:07:61:c2:74:ff:76: 379s 33:fc:9c:e5:ca:a9:b2:9b:8a:84:57:df:c3:fe:7d: 379s 78:cd:ec:a5:c8:4c:63:f1:05:32:17:fb:27:c9:a8: 379s e2:e8:d4:a3:7c:a5:e9:4b:6d:ea:af:12:56:c3:3c: 379s 63:9d:19:6d:69:2c:6c:8a:98:fc:25:9c:c6:bb:fa: 379s 02:5b:29:bd:4f:62:a9:e4:ad:d2:4b:2b:48:83:a9: 379s 91:85:2d:9f:b1:29:74:cf:92:2d:4b:99:6b:00:5f: 379s 49:9c:d1:4d:cf:6a:1f:56:07 379s Exponent: 65537 (0x10001) 379s Attributes: 379s Requested Extensions: 379s X509v3 Basic Constraints: 379s CA:FALSE 379s Netscape Cert Type: 379s SSL Client, S/MIME 379s Netscape Comment: 379s Test Organization Root CA trusted Certificate 379s X509v3 Subject Key Identifier: 379s FD:D7:19:D6:DF:19:15:CC:2F:A0:22:EC:DF:0D:F7:63:A6:D7:9A:0D 379s X509v3 Key Usage: critical 379s Digital Signature, Non Repudiation, Key Encipherment 379s X509v3 Extended Key Usage: 379s TLS Web Client Authentication, E-mail Protection 379s X509v3 Subject Alternative Name: 379s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 379s Signature Algorithm: sha256WithRSAEncryption 379s Signature Value: 379s 7e:0b:78:8b:d3:15:8a:f0:c3:9e:45:70:d7:92:73:16:01:29: 379s 82:31:05:4a:21:29:f6:8d:ba:11:f8:18:2e:65:7c:01:89:91: 379s 80:c6:bf:a1:78:f0:22:30:1c:5d:6e:d2:0e:a5:52:65:38:41: 379s b9:d7:18:a3:96:89:43:1d:7b:c2:a2:92:ef:dd:1a:16:d3:e0: 379s f0:5f:af:a1:03:fe:c4:4f:38:17:7b:bd:59:78:f4:6f:a3:1b: 379s a5:07:12:6f:f5:3e:65:76:28:ce:6e:25:75:6b:9a:e6:24:b5: 379s b9:94:6a:25:27:7e:6e:b0:f2:cc:a1:94:1a:dc:f9:b3:76:ee: 379s ab:36 379s + openssl ca -batch -notext -config /tmp/sssd-softhsm2-Imo5hn/test-root-CA.config -passin pass:random-root-CA-password-25276 -keyfile /tmp/sssd-softhsm2-Imo5hn/test-root-CA-key.pem -in /tmp/sssd-softhsm2-Imo5hn/test-root-CA-trusted-certificate-0001-request.pem -days 365 -extensions usr_cert -out /tmp/sssd-softhsm2-Imo5hn/test-root-CA-trusted-certificate-0001.pem 379s Using configuration from /tmp/sssd-softhsm2-Imo5hn/test-root-CA.config 379s Check that the request matches the signature 379s Signature ok 379s Certificate Details: 379s Serial Number: 3 (0x3) 379s Validity 379s Not Before: Mar 22 00:37:07 2024 GMT 379s Not After : Mar 22 00:37:07 2025 GMT 379s Subject: 379s organizationName = Test Organization 379s organizationalUnitName = Test Organization Unit 379s commonName = Test Organization Root Trusted Certificate 0001 379s X509v3 extensions: 379s X509v3 Authority Key Identifier: 379s 6B:18:49:2C:AF:CE:25:E3:00:8A:C9:D3:21:64:0D:9B:93:DB:62:38 379s X509v3 Basic Constraints: 379s CA:FALSE 379s Netscape Cert Type: 379s SSL Client, S/MIME 379s Netscape Comment: 379s Test Organization Root CA trusted Certificate 379s X509v3 Subject Key Identifier: 379s FD:D7:19:D6:DF:19:15:CC:2F:A0:22:EC:DF:0D:F7:63:A6:D7:9A:0D 379s X509v3 Key Usage: critical 379s Digital Signature, Non Repudiation, Key Encipherment 379s X509v3 Extended Key Usage: 379s TLS Web Client Authentication, E-mail Protection 379s X509v3 Subject Alternative Name: 379s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 379s Certificate is to be certified until Mar 22 00:37:07 2025 GMT (365 days) 379s 379s Write out database with 1 new entries 379s Database updated 379s + openssl x509 -noout -in /tmp/sssd-softhsm2-Imo5hn/test-root-CA-trusted-certificate-0001.pem 379s + openssl verify -CAfile /tmp/sssd-softhsm2-Imo5hn/test-root-CA.pem /tmp/sssd-softhsm2-Imo5hn/test-root-CA-trusted-certificate-0001.pem 379s /tmp/sssd-softhsm2-Imo5hn/test-root-CA-trusted-certificate-0001.pem: OK 379s + expect_fail openssl verify -CAfile /tmp/sssd-softhsm2-Imo5hn/test-intermediate-CA.pem /tmp/sssd-softhsm2-Imo5hn/test-root-CA-trusted-certificate-0001.pem 379s + local cmd=openssl 379s + shift 379s + openssl verify -CAfile /tmp/sssd-softhsm2-Imo5hn/test-intermediate-CA.pem /tmp/sssd-softhsm2-Imo5hn/test-root-CA-trusted-certificate-0001.pem 379s O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root Trusted Certificate 0001 379s error 20 at 0 depth lookup: unable to get local issuer certificate 379s error /tmp/sssd-softhsm2-Imo5hn/test-root-CA-trusted-certificate-0001.pem: verification failed 379s + cat 379s + intermediate_ca_trusted_cert_0001_key_pass=pass:random-intermediate-ca-trusted-cert-0001-31809 379s + openssl genrsa -aes256 -out /tmp/sssd-softhsm2-Imo5hn/test-intermediate-CA-trusted-certificate-0001-key.pem -passout pass:random-intermediate-ca-trusted-cert-0001-31809 1024 379s + openssl req -new -nodes -reqexts req_exts -passin pass:random-intermediate-ca-trusted-cert-0001-31809 -key /tmp/sssd-softhsm2-Imo5hn/test-intermediate-CA-trusted-certificate-0001-key.pem -config /tmp/sssd-softhsm2-Imo5hn/test-intermediate-CA-trusted-certificate-0001.config -out /tmp/sssd-softhsm2-Imo5hn/test-intermediate-CA-trusted-certificate-0001-request.pem 380s + openssl req -text -noout -in /tmp/sssd-softhsm2-Imo5hn/test-intermediate-CA-trusted-certificate-0001-request.pem 380s Certificate Request: 380s Data: 380s Version: 1 (0x0) 380s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate Trusted Certificate 0001 380s Subject Public Key Info: 380s Public Key Algorithm: rsaEncryption 380s Public-Key: (1024 bit) 380s Modulus: 380s 00:eb:32:af:cf:07:3b:e1:2a:af:d4:cd:6d:d9:51: 380s 82:bf:20:2d:f7:5d:17:c8:69:cb:1d:0e:31:89:01: 380s de:3b:8b:87:8a:ff:0d:88:fc:8c:eb:29:97:fe:d6: 380s f7:5b:1b:fc:f9:f7:64:5b:08:af:f3:1f:c3:95:6e: 380s b4:3a:77:b4:0d:ee:39:8d:fd:63:43:f2:38:1c:f6: 380s 27:71:90:e4:7b:da:83:5e:22:da:98:a1:83:d7:de: 380s 47:79:b8:9d:34:9a:c0:41:86:a7:f9:48:ba:e2:7c: 380s a6:d8:21:7b:62:55:05:c2:f3:b3:c0:af:fc:95:28: 380s b6:a7:a8:8e:2d:39:a7:f0:eb 380s Exponent: 65537 (0x10001) 380s Attributes: 380s Requested Extensions: 380s X509v3 Basic Constraints: 380s CA:FALSE 380s Netscape Cert Type: 380s SSL Client, S/MIME 380s Netscape Comment: 380s Test Organization Intermediate CA trusted Certificate 380s X509v3 Subject Key Identifier: 380s BC:34:B4:AB:87:CE:AC:3B:EA:57:3C:2D:23:02:E2:97:6B:31:C1:7D 380s X509v3 Key Usage: critical 380s Digital Signature, Non Repudiation, Key Encipherment 380s X509v3 Extended Key Usage: 380s TLS Web Client Authentication, E-mail Protection 380s X509v3 Subject Alternative Name: 380s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 380s Signature Algorithm: sha256WithRSAEncryption 380s Signature Value: 380s 23:7f:57:92:06:e0:1c:f2:29:db:90:d5:06:7e:c8:80:91:5d: 380s c5:0e:f6:c3:81:40:b6:68:99:7c:53:5c:19:fd:38:3e:6e:0b: 380s 5a:14:86:32:79:ab:21:5d:cc:11:27:67:97:1d:96:d9:fd:d0: 380s 72:9d:91:7f:56:d5:5e:3b:56:4e:5b:e9:1f:c7:42:3a:38:e3: 380s 2b:43:a4:97:a5:2c:b5:9e:d2:d0:f9:5f:e8:c5:aa:12:70:cf: 380s 83:cc:4a:5b:c1:83:85:e1:55:fe:80:2f:b2:36:78:af:f4:ef: 380s 2f:fc:2f:3e:c1:14:61:c0:2b:8a:d5:23:32:e3:9c:40:2b:d8: 380s 77:63 380s + openssl ca -passin pass:random-intermediate-CA-password-10307 -config /tmp/sssd-softhsm2-Imo5hn/test-intermediate-CA.config -batch -notext -keyfile /tmp/sssd-softhsm2-Imo5hn/test-intermediate-CA-key.pem -in /tmp/sssd-softhsm2-Imo5hn/test-intermediate-CA-trusted-certificate-0001-request.pem -days 365 -extensions usr_cert -out /tmp/sssd-softhsm2-Imo5hn/test-intermediate-CA-trusted-certificate-0001.pem 380s Using configuration from /tmp/sssd-softhsm2-Imo5hn/test-intermediate-CA.config 380s Check that the request matches the signature 380s Signature ok 380s Certificate Details: 380s Serial Number: 4 (0x4) 380s Validity 380s Not Before: Mar 22 00:37:07 2024 GMT 380s Not After : Mar 22 00:37:07 2025 GMT 380s Subject: 380s organizationName = Test Organization 380s organizationalUnitName = Test Organization Unit 380s commonName = Test Organization Intermediate Trusted Certificate 0001 380s X509v3 extensions: 380s X509v3 Authority Key Identifier: 380s 01:84:CA:D2:23:C6:5A:69:0C:AD:22:5B:D5:67:A9:32:97:6E:24:05 380s X509v3 Basic Constraints: 380s CA:FALSE 380s Netscape Cert Type: 380s SSL Client, S/MIME 380s Netscape Comment: 380s Test Organization Intermediate CA trusted Certificate 380s X509v3 Subject Key Identifier: 380s BC:34:B4:AB:87:CE:AC:3B:EA:57:3C:2D:23:02:E2:97:6B:31:C1:7D 380s X509v3 Key Usage: critical 380s Digital Signature, Non Repudiation, Key Encipherment 380s X509v3 Extended Key Usage: 380s TLS Web Client Authentication, E-mail Protection 380s X509v3 Subject Alternative Name: 380s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 380s Certificate is to be certified until Mar 22 00:37:07 2025 GMT (365 days) 380s 380s Write out database with 1 new entries 380s Database updated 380s + openssl x509 -noout -in /tmp/sssd-softhsm2-Imo5hn/test-intermediate-CA-trusted-certificate-0001.pem 380s + echo 'This certificate should not be trusted fully' 380s + expect_fail openssl verify -CAfile /tmp/sssd-softhsm2-Imo5hn/test-intermediate-CA.pem /tmp/sssd-softhsm2-Imo5hn/test-intermediate-CA-trusted-certificate-0001.pem 380s + local cmd=openssl 380s This certificate should not be trusted fully 380s + shift 380s + openssl verify -CAfile /tmp/sssd-softhsm2-Imo5hn/test-intermediate-CA.pem /tmp/sssd-softhsm2-Imo5hn/test-intermediate-CA-trusted-certificate-0001.pem 380s O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate CA 380s error 2 at 1 depth lookup: unable to get issuer certificate 380s error /tmp/sssd-softhsm2-Imo5hn/test-intermediate-CA-trusted-certificate-0001.pem: verification failed 380s + openssl verify -partial_chain -CAfile /tmp/sssd-softhsm2-Imo5hn/test-intermediate-CA.pem /tmp/sssd-softhsm2-Imo5hn/test-intermediate-CA-trusted-certificate-0001.pem 380s + cat 380s + sub_intermediate_ca_trusted_cert_0001_key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-39 380s + openssl genrsa -aes256 -out /tmp/sssd-softhsm2-Imo5hn/test-sub-intermediate-CA-trusted-certificate-0001-key.pem -passout pass:random-sub-intermediate-ca-trusted-cert-0001-39 1024 380s /tmp/sssd-softhsm2-Imo5hn/test-intermediate-CA-trusted-certificate-0001.pem: OK 380s + openssl req -new -nodes -reqexts req_exts -passin pass:random-sub-intermediate-ca-trusted-cert-0001-39 -key /tmp/sssd-softhsm2-Imo5hn/test-sub-intermediate-CA-trusted-certificate-0001-key.pem -config /tmp/sssd-softhsm2-Imo5hn/test-sub-intermediate-CA-trusted-certificate-0001.config -out /tmp/sssd-softhsm2-Imo5hn/test-sub-intermediate-CA-trusted-certificate-0001-request.pem 380s + openssl req -text -noout -in /tmp/sssd-softhsm2-Imo5hn/test-sub-intermediate-CA-trusted-certificate-0001-request.pem 380s Certificate Request: 380s Data: 380s Version: 1 (0x0) 380s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate Trusted Certificate 0001 380s Subject Public Key Info: 380s Public Key Algorithm: rsaEncryption 380s Public-Key: (1024 bit) 380s Modulus: 380s 00:b3:11:72:11:3e:dd:5c:17:78:84:53:e8:06:4d: 380s f6:d5:6e:df:8f:1f:ce:6c:78:f1:fb:75:8a:bc:ee: 380s a3:e2:d0:54:6e:7d:a3:cd:f0:06:12:19:59:b2:21: 380s f1:1e:74:a1:4d:9f:80:be:71:d2:97:ff:26:10:b4: 380s 4b:97:b8:9b:5d:43:bd:57:7f:46:d2:07:04:de:b8: 380s 28:71:ad:4e:c8:71:e2:c4:06:31:a5:fb:d4:2b:74: 380s 38:7f:4e:e0:2f:11:a1:e7:28:68:ed:1a:55:c0:9a: 380s 9a:6a:c8:ae:1d:9f:80:9a:7f:8c:cb:cf:15:ce:28: 380s 63:85:c5:81:67:35:15:86:29 380s Exponent: 65537 (0x10001) 380s Attributes: 380s Requested Extensions: 380s X509v3 Basic Constraints: 380s CA:FALSE 380s Netscape Cert Type: 380s SSL Client, S/MIME 380s Netscape Comment: 380s Test Organization Sub Intermediate CA trusted Certificate 380s X509v3 Subject Key Identifier: 380s 1D:4F:2F:E9:23:C4:E1:91:C3:AA:30:6E:D9:F0:F7:6D:44:17:DF:6B 380s X509v3 Key Usage: critical 380s Digital Signature, Non Repudiation, Key Encipherment 380s X509v3 Extended Key Usage: 380s TLS Web Client Authentication, E-mail Protection 380s X509v3 Subject Alternative Name: 380s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 380s Signature Algorithm: sha256WithRSAEncryption 380s Signature Value: 380s 5b:53:e8:28:7a:4e:56:1f:38:5d:1a:39:01:0e:4e:83:83:76: 380s 43:13:0c:27:39:47:d1:ee:10:80:94:44:ad:df:ad:df:5d:6a: 380s 97:14:25:cb:78:33:0c:e9:63:3e:3a:73:5f:28:69:02:7f:32: 380s 8c:1c:09:e8:8c:b4:0b:1c:a1:a4:b8:66:4f:71:46:15:28:da: 380s f2:8e:47:4f:fc:09:11:38:8b:24:5d:4e:91:75:fe:00:78:1d: 380s d1:c7:07:31:3b:0d:91:28:3b:a1:33:a0:7e:c9:04:6a:0a:61: 380s 17:51:a6:9b:0b:ac:c6:0d:80:e3:2d:9c:f1:cf:e6:9b:0e:f5: 380s 2b:8e 380s + openssl ca -passin pass:random-sub-intermediate-CA-password-8137 -config /tmp/sssd-softhsm2-Imo5hn/test-sub-intermediate-CA.config -batch -notext -keyfile /tmp/sssd-softhsm2-Imo5hn/test-sub-intermediate-CA-key.pem -in /tmp/sssd-softhsm2-Imo5hn/test-sub-intermediate-CA-trusted-certificate-0001-request.pem -days 365 -extensions usr_cert -out /tmp/sssd-softhsm2-Imo5hn/test-sub-intermediate-CA-trusted-certificate-0001.pem 380s Using configuration from /tmp/sssd-softhsm2-Imo5hn/test-sub-intermediate-CA.config 380s Check that the request matches the signature 380s Signature ok 380s Certificate Details: 380s Serial Number: 5 (0x5) 380s Validity 380s Not Before: Mar 22 00:37:08 2024 GMT 380s Not After : Mar 22 00:37:08 2025 GMT 380s Subject: 380s organizationName = Test Organization 380s organizationalUnitName = Test Organization Unit 380s commonName = Test Organization Sub Intermediate Trusted Certificate 0001 380s X509v3 extensions: 380s X509v3 Authority Key Identifier: 380s 65:2C:9A:4F:FE:90:46:AD:A3:10:B7:0D:3D:8D:C6:EF:50:A2:6F:A4 380s X509v3 Basic Constraints: 380s CA:FALSE 380s Netscape Cert Type: 380s SSL Client, S/MIME 380s Netscape Comment: 380s Test Organization Sub Intermediate CA trusted Certificate 380s X509v3 Subject Key Identifier: 380s 1D:4F:2F:E9:23:C4:E1:91:C3:AA:30:6E:D9:F0:F7:6D:44:17:DF:6B 380s X509v3 Key Usage: critical 380s Digital Signature, Non Repudiation, Key Encipherment 380s X509v3 Extended Key Usage: 380s TLS Web Client Authentication, E-mail Protection 380s X509v3 Subject Alternative Name: 380s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 380s Certificate is to be certified until Mar 22 00:37:08 2025 GMT (365 days) 380s 380s Write out database with 1 new entries 380s Database updated 380s + openssl x509 -noout -in /tmp/sssd-softhsm2-Imo5hn/test-sub-intermediate-CA-trusted-certificate-0001.pem 380s This certificate should not be trusted fully 380s + echo 'This certificate should not be trusted fully' 380s + expect_fail openssl verify -CAfile /tmp/sssd-softhsm2-Imo5hn/test-sub-intermediate-CA.pem /tmp/sssd-softhsm2-Imo5hn/test-sub-intermediate-CA-trusted-certificate-0001.pem 380s + local cmd=openssl 380s + shift 380s + openssl verify -CAfile /tmp/sssd-softhsm2-Imo5hn/test-sub-intermediate-CA.pem /tmp/sssd-softhsm2-Imo5hn/test-sub-intermediate-CA-trusted-certificate-0001.pem 380s O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate CA 380s error 2 at 1 depth lookup: unable to get issuer certificate 380s error /tmp/sssd-softhsm2-Imo5hn/test-sub-intermediate-CA-trusted-certificate-0001.pem: verification failed 380s + expect_fail openssl verify -CAfile /tmp/sssd-softhsm2-Imo5hn/test-intermediate-CA.pem /tmp/sssd-softhsm2-Imo5hn/test-sub-intermediate-CA-trusted-certificate-0001.pem 380s + local cmd=openssl 380s + shift 380s + openssl verify -CAfile /tmp/sssd-softhsm2-Imo5hn/test-intermediate-CA.pem /tmp/sssd-softhsm2-Imo5hn/test-sub-intermediate-CA-trusted-certificate-0001.pem 380s O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate Trusted Certificate 0001 380s error 20 at 0 depth lookup: unable to get local issuer certificate 380s error /tmp/sssd-softhsm2-Imo5hn/test-sub-intermediate-CA-trusted-certificate-0001.pem: verification failed 380s + openssl verify -partial_chain -CAfile /tmp/sssd-softhsm2-Imo5hn/test-sub-intermediate-CA.pem /tmp/sssd-softhsm2-Imo5hn/test-sub-intermediate-CA-trusted-certificate-0001.pem 380s + expect_fail openssl verify -partial_chain -CAfile /tmp/sssd-softhsm2-Imo5hn/test-intermediate-CA.pem /tmp/sssd-softhsm2-Imo5hn/test-sub-intermediate-CA-trusted-certificate-0001.pem 380s + local cmd=openssl 380s + shift 380s + openssl verify -partial_chain -CAfile /tmp/sssd-softhsm2-Imo5hn/test-intermediate-CA.pem /tmp/sssd-softhsm2-Imo5hn/test-sub-intermediate-CA-trusted-certificate-0001.pem 380s O = Test Organization, OU = Test/tmp/sssd-softhsm2-Imo5hn/test-sub-intermediate-CA-trusted-certificate-0001.pem: OK 380s Organization Unit, CN = Test Organization Sub Intermediate Trusted Certificate 0001 380s error 20 at 0 depth lookup: unable to get local issuer certificate 380s error /tmp/sssd-softhsm2-Imo5hn/test-sub-intermediate-CA-trusted-certificate-0001.pem: verification failed 380s + echo 'Building a the full-chain CA file...' 380s + cat /tmp/sssd-softhsm2-Imo5hn/test-root-CA.pem /tmp/sssd-softhsm2-Imo5hn/test-intermediate-CA.pem /tmp/sssd-softhsm2-Imo5hn/test-sub-intermediate-CA.pem 380s + cat /tmp/sssd-softhsm2-Imo5hn/test-root-CA.pem /tmp/sssd-softhsm2-Imo5hn/test-intermediate-CA.pem 380s + cat /tmp/sssd-softhsm2-Imo5hn/test-intermediate-CA.pem /tmp/sssd-softhsm2-Imo5hn/test-sub-intermediate-CA.pem 380s + openssl crl2pkcs7 -nocrl -certfile /tmp/sssd-softhsm2-Imo5hn/test-full-chain-CA.pem 380s + openssl pkcs7 -print_certs -noout 380s Building a the full-chain CA file... 380s subject=O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root CA 380s issuer=O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root CA 380s 380s subject=O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate CA 380s issuer=O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root CA 380s 380s subject=O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate CA 380s issuer=O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate CA 380s 380s + openssl verify -CAfile /tmp/sssd-softhsm2-Imo5hn/test-full-chain-CA.pem /tmp/sssd-softhsm2-Imo5hn/test-intermediate-CA.pem 380s + openssl verify -CAfile /tmp/sssd-softhsm2-Imo5hn/test-full-chain-CA.pem /tmp/sssd-softhsm2-Imo5hn/test-root-CA-trusted-certificate-0001.pem 380s + openssl verify -CAfile /tmp/sssd-softhsm2-Imo5hn/test-full-chain-CA.pem /tmp/sssd-softhsm2-Imo5hn/test-intermediate-CA-trusted-certificate-0001.pem 380s + openssl verify -CAfile /tmp/sssd-softhsm2-Imo5hn/test-full-chain-CA.pem /tmp/sssd-softhsm2-Imo5hn/test-root-intermediate-chain-CA.pem 380s + openssl verify -CAfile /tmp/sssd-softhsm2-Imo5hn/test-full-chain-CA.pem /tmp/sssd-softhsm2-Imo5hn/test-sub-intermediate-CA-trusted-certificate-0001.pem 380s + echo 'Certificates generation completed!' 380s /tmp/sssd-softhsm2-Imo5hn/test-intermediate-CA.pem: OK 380s /tmp/sssd-softhsm2-Imo5hn/test-root-CA-trusted-certificate-0001.pem: OK 380s /tmp/sssd-softhsm2-Imo5hn/test-intermediate-CA-trusted-certificate-0001.pem: OK 380s /tmp/sssd-softhsm2-Imo5hn/test-root-intermediate-chain-CA.pem: OK 380s /tmp/sssd-softhsm2-Imo5hn/test-sub-intermediate-CA-trusted-certificate-0001.pem: OK 380s + [[ -v NO_SSSD_TESTS ]] 380s + invalid_certificate /tmp/sssd-softhsm2-Imo5hn/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-37 /dev/null 380s + check_certificate /tmp/sssd-softhsm2-Imo5hn/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-37 /dev/null 380s + local certificate=/tmp/sssd-softhsm2-Imo5hn/test-root-CA-trusted-certificate-0001.pem 380s + local key_pass=pass:random-root-ca-trusted-cert-0001-37 380s + local key_ring=/dev/null 380s + local verify_option= 380s + prepare_softhsm2_card /tmp/sssd-softhsm2-Imo5hn/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-37 380s + local certificate=/tmp/sssd-softhsm2-Imo5hn/test-root-CA-trusted-certificate-0001.pem 380s + local key_pass=pass:random-root-ca-trusted-cert-0001-37 380s + local key_cn 380s + local key_name 380s + local tokens_dir 380s + local output_cert_file 380s + token_name= 380s ++ basename /tmp/sssd-softhsm2-Imo5hn/test-root-CA-trusted-certificate-0001.pem .pem 380s + key_name=test-root-CA-trusted-certificate-0001 380s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-Imo5hn/test-root-CA-trusted-certificate-0001.pem 380s ++ sed -n 's/ *commonName *= //p' 380s Certificates generation completed! 380s + key_cn='Test Organization Root Trusted Certificate 0001' 380s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 380s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-Imo5hn/softhsm2-test-root-CA-trusted-certificate-0001.conf 380s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-Imo5hn/softhsm2-test-root-CA-trusted-certificate-0001.conf 380s ++ basename /tmp/sssd-softhsm2-Imo5hn/softhsm2-test-root-CA-trusted-certificate-0001.conf .conf 380s + tokens_dir=/tmp/sssd-softhsm2-Imo5hn/softhsm2-test-root-CA-trusted-certificate-0001 380s + token_name='Test Organization Root Tr Token' 380s + '[' '!' -e /tmp/sssd-softhsm2-Imo5hn/softhsm2-test-root-CA-trusted-certificate-0001.conf ']' 380s + local key_file 380s + local decrypted_key 380s + mkdir -p /tmp/sssd-softhsm2-Imo5hn/softhsm2-test-root-CA-trusted-certificate-0001 380s + key_file=/tmp/sssd-softhsm2-Imo5hn/test-root-CA-trusted-certificate-0001-key.pem 380s + decrypted_key=/tmp/sssd-softhsm2-Imo5hn/test-root-CA-trusted-certificate-0001-key-decrypted.pem 380s + cat 380s + softhsm2-util --init-token --label 'Test Organization Root Tr Token' --pin 053350 --so-pin 053350 --free 380s Slot 0 has a free/uninitialized token. 380s The token has been initialized and is reassigned to slot 1954766942 380s + softhsm2-util --show-slots 380s Available slots: 380s Slot 1954766942 380s Slot info: 380s Description: SoftHSM slot ID 0x7483605e 380s Manufacturer ID: SoftHSM project 380s Hardware version: 2.6 380s Firmware version: 2.6 380s Token present: yes 380s Token info: 380s Manufacturer ID: SoftHSM project 380s Model: SoftHSM v2 380s Hardware version: 2.6 380s Firmware version: 2.6 380s Serial number: db714e667483605e 380s Initialized: yes 380s User PIN init.: yes 380s Label: Test Organization Root Tr Token 380s Slot 1 380s Slot info: 380s Description: SoftHSM slot ID 0x1 380s Manufacturer ID: SoftHSM project 380s Hardware version: 2.6 380s Firmware version: 2.6 380s Token present: yes 380s Token info: 380s Manufacturer ID: SoftHSM project 380s Model: SoftHSM v2 380s Hardware version: 2.6 380s Firmware version: 2.6 380s Serial number: 380s Initialized: no 380s User PIN init.: no 380s Label: 380s + p11tool --provider=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so --write --no-mark-private --load-certificate=/tmp/sssd-softhsm2-Imo5hn/test-root-CA-trusted-certificate-0001.pem --login --set-pin=053350 --label 'Test Organization Root Trusted Certificate 0001' --id 00112233445566778899FFAABBCCDDEEFF012345 380s + openssl rsa -passin pass:random-root-ca-trusted-cert-0001-37 -in /tmp/sssd-softhsm2-Imo5hn/test-root-CA-trusted-certificate-0001-key.pem -out /tmp/sssd-softhsm2-Imo5hn/test-root-CA-trusted-certificate-0001-key-decrypted.pem 380s writing RSA key 380s + p11tool --provider=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so --write --load-privkey=/tmp/sssd-softhsm2-Imo5hn/test-root-CA-trusted-certificate-0001-key-decrypted.pem --login --set-pin=053350 --label 'Test Organization Root Trusted Certificate 0001 Key' --id 00112233445566778899FFAABBCCDDEEFF012345 380s + rm /tmp/sssd-softhsm2-Imo5hn/test-root-CA-trusted-certificate-0001-key-decrypted.pem 380s + p11tool --provider=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so --list-all 380s Object 0: 380s URL: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=db714e667483605e;token=Test%20Organization%20Root%20Tr%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Root%20Trusted%20Certificate%200001;type=cert 380s Type: X.509 Certificate (RSA-1024) 380s Expires: Sat Mar 22 00:37:07 2025 380s Label: Test Organization Root Trusted Certificate 0001 380s ID: 00:11:22:33:44:55:66:77:88:99:ff:aa:bb:cc:dd:ee:ff:01:23:45 380s 380s + echo 'Test Organization Root Tr Token' 380s Test Organization Root Tr Token 380s + '[' -n '' ']' 380s + local output_base_name=SSSD-child-7607 380s + local output_file=/tmp/sssd-softhsm2-Imo5hn/SSSD-child-7607.output 380s + output_cert_file=/tmp/sssd-softhsm2-Imo5hn/SSSD-child-7607.pem 380s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so '' --ca_db=/dev/null 380s [p11_child[2028]] [main] (0x0400): p11_child started. 380s [p11_child[2028]] [main] (0x2000): Running in [pre-auth] mode. 380s [p11_child[2028]] [main] (0x2000): Running with effective IDs: [0][0]. 380s [p11_child[2028]] [main] (0x2000): Running with real IDs [0][0]. 380s [p11_child[2028]] [init_verification] (0x0040): X509_LOOKUP_load_file [/dev/null] failed [92274824][error:05800088:x509 certificate routines::no certificate or crl found]. 380s [p11_child[2028]] [do_work] (0x0040): init_verification failed. 380s [p11_child[2028]] [main] (0x0020): p11_child failed (5) 380s + return 2 380s + valid_certificate /tmp/sssd-softhsm2-Imo5hn/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-37 /dev/null no_verification 380s + check_certificate /tmp/sssd-softhsm2-Imo5hn/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-37 /dev/null no_verification 380s + local certificate=/tmp/sssd-softhsm2-Imo5hn/test-root-CA-trusted-certificate-0001.pem 380s + local key_pass=pass:random-root-ca-trusted-cert-0001-37 380s + local key_ring=/dev/null 380s + local verify_option=no_verification 380s + prepare_softhsm2_card /tmp/sssd-softhsm2-Imo5hn/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-37 380s + local certificate=/tmp/sssd-softhsm2-Imo5hn/test-root-CA-trusted-certificate-0001.pem 380s + local key_pass=pass:random-root-ca-trusted-cert-0001-37 380s + local key_cn 380s + local key_name 380s + local tokens_dir 380s + local output_cert_file 380s + token_name= 380s ++ basename /tmp/sssd-softhsm2-Imo5hn/test-root-CA-trusted-certificate-0001.pem .pem 380s + key_name=test-root-CA-trusted-certificate-0001 380s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-Imo5hn/test-root-CA-trusted-certificate-0001.pem 380s ++ sed -n 's/ *commonName *= //p' 380s + key_cn='Test Organization Root Trusted Certificate 0001' 380s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 380s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-Imo5hn/softhsm2-test-root-CA-trusted-certificate-0001.conf 380s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-Imo5hn/softhsm2-test-root-CA-trusted-certificate-0001.conf 380s ++ basename /tmp/sssd-softhsm2-Imo5hn/softhsm2-test-root-CA-trusted-certificate-0001.conf .conf 380s + tokens_dir=/tmp/sssd-softhsm2-Imo5hn/softhsm2-test-root-CA-trusted-certificate-0001 380s + token_name='Test Organization Root Tr Token' 380s + '[' '!' -e /tmp/sssd-softhsm2-Imo5hn/softhsm2-test-root-CA-trusted-certificate-0001.conf ']' 380s + '[' '!' -d /tmp/sssd-softhsm2-Imo5hn/softhsm2-test-root-CA-trusted-certificate-0001 ']' 380s + echo 'Test Organization Root Tr Token' 380s + '[' -n no_verification ']' 380s Test Organization Root Tr Token 380s + local verify_arg=--verify=no_verification 380s + local output_base_name=SSSD-child-916 380s + local output_file=/tmp/sssd-softhsm2-Imo5hn/SSSD-child-916.output 380s + output_cert_file=/tmp/sssd-softhsm2-Imo5hn/SSSD-child-916.pem 380s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so --verify=no_verification --ca_db=/dev/null 380s [p11_child[2034]] [main] (0x0400): p11_child started. 380s [p11_child[2034]] [main] (0x2000): Running in [pre-auth] mode. 380s [p11_child[2034]] [main] (0x2000): Running with effective IDs: [0][0]. 380s [p11_child[2034]] [main] (0x2000): Running with real IDs [0][0]. 380s [p11_child[2034]] [parse_cert_verify_opts] (0x0020): Found 'no_verification' option, disabling verification completely. This should not be used in production. 380s [p11_child[2034]] [do_card] (0x4000): Module List: 380s [p11_child[2034]] [do_card] (0x4000): common name: [softhsm2]. 380s [p11_child[2034]] [do_card] (0x4000): dll name: [/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 380s [p11_child[2034]] [do_card] (0x4000): Description [SoftHSM slot ID 0x7483605e] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 380s [p11_child[2034]] [do_card] (0x4000): Token label [Test Organization Root Tr Token]. 380s [p11_child[2034]] [do_card] (0x4000): Found [Test Organization Root Tr Token] in slot [SoftHSM slot ID 0x7483605e][1954766942] of module [0][/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 380s [p11_child[2034]] [do_card] (0x4000): Login NOT required. 380s [p11_child[2034]] [read_certs] (0x4000): found cert[Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] 380s [p11_child[2034]] [do_card] (0x4000): /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so (null) Test Organization Root Tr Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 380s [p11_child[2034]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x7483605e;slot-manufacturer=SoftHSM%20project;slot-id=1954766942;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=db714e667483605e;token=Test%20Organization%20Root%20Tr%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Root%20Trusted%20Certificate%200001;type=cert. 380s [p11_child[2034]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 380s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-Imo5hn/SSSD-child-916.output 380s + echo '-----BEGIN CERTIFICATE-----' 380s + tail -n1 /tmp/sssd-softhsm2-Imo5hn/SSSD-child-916.output 380s + echo '-----END CERTIFICATE-----' 380s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-Imo5hn/SSSD-child-916.pem 380s Certificate: 380s Data: 380s Version: 3 (0x2) 380s Serial Number: 3 (0x3) 380s Signature Algorithm: sha256WithRSAEncryption 380s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root CA 380s Validity 380s Not Before: Mar 22 00:37:07 2024 GMT 380s Not After : Mar 22 00:37:07 2025 GMT 380s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root Trusted Certificate 0001 380s Subject Public Key Info: 380s Public Key Algorithm: rsaEncryption 380s Public-Key: (1024 bit) 380s Modulus: 380s 00:a3:09:e0:d1:9c:a5:10:68:b0:48:ec:51:e9:1c: 380s 22:f9:cf:18:c3:4e:1d:30:a5:07:61:c2:74:ff:76: 380s 33:fc:9c:e5:ca:a9:b2:9b:8a:84:57:df:c3:fe:7d: 380s 78:cd:ec:a5:c8:4c:63:f1:05:32:17:fb:27:c9:a8: 380s e2:e8:d4:a3:7c:a5:e9:4b:6d:ea:af:12:56:c3:3c: 380s 63:9d:19:6d:69:2c:6c:8a:98:fc:25:9c:c6:bb:fa: 380s 02:5b:29:bd:4f:62:a9:e4:ad:d2:4b:2b:48:83:a9: 380s 91:85:2d:9f:b1:29:74:cf:92:2d:4b:99:6b:00:5f: 380s 49:9c:d1:4d:cf:6a:1f:56:07 380s Exponent: 65537 (0x10001) 380s X509v3 extensions: 380s X509v3 Authority Key Identifier: 380s 6B:18:49:2C:AF:CE:25:E3:00:8A:C9:D3:21:64:0D:9B:93:DB:62:38 380s X509v3 Basic Constraints: 380s CA:FALSE 380s Netscape Cert Type: 380s SSL Client, S/MIME 380s Netscape Comment: 380s Test Organization Root CA trusted Certificate 380s X509v3 Subject Key Identifier: 380s FD:D7:19:D6:DF:19:15:CC:2F:A0:22:EC:DF:0D:F7:63:A6:D7:9A:0D 380s X509v3 Key Usage: critical 380s Digital Signature, Non Repudiation, Key Encipherment 380s X509v3 Extended Key Usage: 380s TLS Web Client Authentication, E-mail Protection 380s X509v3 Subject Alternative Name: 380s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 380s Signature Algorithm: sha256WithRSAEncryption 380s Signature Value: 380s 4a:44:1a:01:36:22:0d:85:1a:a2:3c:78:6e:5e:4d:99:1b:ab: 380s 08:34:19:5f:ee:6a:30:8d:91:96:88:c6:c9:bf:1d:1d:c5:96: 380s 2f:69:b4:3a:50:c0:2e:be:af:53:f8:56:ea:dc:69:e6:c3:1b: 380s 29:87:4d:d8:13:c3:1c:10:ca:26:25:f0:54:cf:65:9e:97:86: 380s 82:4d:98:fe:45:2b:6e:ce:6e:a7:2d:3f:d9:d8:c7:09:68:1c: 380s 7c:02:31:ee:bd:c8:ae:0d:f4:68:52:90:86:ac:b5:c7:1a:88: 380s 3c:94:13:0c:a2:10:ac:06:7c:09:59:b7:75:cb:8a:e2:40:37: 380s 35:e2 380s + local found_md5 expected_md5 380s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-Imo5hn/test-root-CA-trusted-certificate-0001.pem 380s + expected_md5=Modulus=A309E0D19CA51068B048EC51E91C22F9CF18C34E1D30A50761C274FF7633FC9CE5CAA9B29B8A8457DFC3FE7D78CDECA5C84C63F1053217FB27C9A8E2E8D4A37CA5E94B6DEAAF1256C33C639D196D692C6C8A98FC259CC6BBFA025B29BD4F62A9E4ADD24B2B4883A991852D9FB12974CF922D4B996B005F499CD14DCF6A1F5607 380s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-Imo5hn/SSSD-child-916.pem 380s + found_md5=Modulus=A309E0D19CA51068B048EC51E91C22F9CF18C34E1D30A50761C274FF7633FC9CE5CAA9B29B8A8457DFC3FE7D78CDECA5C84C63F1053217FB27C9A8E2E8D4A37CA5E94B6DEAAF1256C33C639D196D692C6C8A98FC259CC6BBFA025B29BD4F62A9E4ADD24B2B4883A991852D9FB12974CF922D4B996B005F499CD14DCF6A1F5607 380s + '[' Modulus=A309E0D19CA51068B048EC51E91C22F9CF18C34E1D30A50761C274FF7633FC9CE5CAA9B29B8A8457DFC3FE7D78CDECA5C84C63F1053217FB27C9A8E2E8D4A37CA5E94B6DEAAF1256C33C639D196D692C6C8A98FC259CC6BBFA025B29BD4F62A9E4ADD24B2B4883A991852D9FB12974CF922D4B996B005F499CD14DCF6A1F5607 '!=' Modulus=A309E0D19CA51068B048EC51E91C22F9CF18C34E1D30A50761C274FF7633FC9CE5CAA9B29B8A8457DFC3FE7D78CDECA5C84C63F1053217FB27C9A8E2E8D4A37CA5E94B6DEAAF1256C33C639D196D692C6C8A98FC259CC6BBFA025B29BD4F62A9E4ADD24B2B4883A991852D9FB12974CF922D4B996B005F499CD14DCF6A1F5607 ']' 380s + output_file=/tmp/sssd-softhsm2-Imo5hn/SSSD-child-916-auth.output 380s ++ basename /tmp/sssd-softhsm2-Imo5hn/SSSD-child-916-auth.output .output 380s + output_cert_file=/tmp/sssd-softhsm2-Imo5hn/SSSD-child-916-auth.pem 380s + echo -n 053350 380s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/dev/null --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 --verify=no_verification --token_name 'Test Organization Root Tr Token' --module_name /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so 380s [p11_child[2042]] [main] (0x0400): p11_child started. 380s [p11_child[2042]] [main] (0x2000): Running in [auth] mode. 380s [p11_child[2042]] [main] (0x2000): Running with effective IDs: [0][0]. 380s [p11_child[2042]] [main] (0x2000): Running with real IDs [0][0]. 380s [p11_child[2042]] [parse_cert_verify_opts] (0x0020): Found 'no_verification' option, disabling verification completely. This should not be used in production. 380s [p11_child[2042]] [do_card] (0x4000): Module List: 380s [p11_child[2042]] [do_card] (0x4000): common name: [softhsm2]. 380s [p11_child[2042]] [do_card] (0x4000): dll name: [/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 380s [p11_child[2042]] [do_card] (0x4000): Description [SoftHSM slot ID 0x7483605e] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 380s [p11_child[2042]] [do_card] (0x4000): Token label [Test Organization Root Tr Token]. 380s [p11_child[2042]] [do_card] (0x4000): Found [Test Organization Root Tr Token] in slot [SoftHSM slot ID 0x7483605e][1954766942] of module [0][/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 380s [p11_child[2042]] [do_card] (0x4000): Login required. 380s [p11_child[2042]] [read_certs] (0x4000): found cert[Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] 380s [p11_child[2042]] [do_card] (0x4000): /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so Test Organization Root Tr Token Test Organization Root Tr Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 380s [p11_child[2042]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x7483605e;slot-manufacturer=SoftHSM%20project;slot-id=1954766942;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=db714e667483605e;token=Test%20Organization%20Root%20Tr%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Root%20Trusted%20Certificate%200001;type=cert. 380s [p11_child[2042]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 380s [p11_child[2042]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 380s [p11_child[2042]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 380s [p11_child[2042]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 380s [p11_child[2042]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 380s [p11_child[2042]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 380s [p11_child[2042]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 380s [p11_child[2042]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 380s [p11_child[2042]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 380s [p11_child[2042]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 380s [p11_child[2042]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 380s [p11_child[2042]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 380s [p11_child[2042]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 380s [p11_child[2042]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 380s [p11_child[2042]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 380s [p11_child[2042]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 380s [p11_child[2042]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 380s [p11_child[2042]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 380s [p11_child[2042]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 380s [p11_child[2042]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 380s [p11_child[2042]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 380s [p11_child[2042]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 380s [p11_child[2042]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 380s [p11_child[2042]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 380s [p11_child[2042]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 380s [p11_child[2042]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 380s [p11_child[2042]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 380s [p11_child[2042]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 380s [p11_child[2042]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 380s [p11_child[2042]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 380s [p11_child[2042]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 380s [p11_child[2042]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 380s [p11_child[2042]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 380s [p11_child[2042]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 380s [p11_child[2042]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 380s [p11_child[2042]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 380s [p11_child[2042]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 380s [p11_child[2042]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 380s [p11_child[2042]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 380s [p11_child[2042]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 380s [p11_child[2042]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 380s [p11_child[2042]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 380s [p11_child[2042]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 380s [p11_child[2042]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 380s [p11_child[2042]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 380s [p11_child[2042]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 380s [p11_child[2042]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 380s [p11_child[2042]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 380s [p11_child[2042]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 380s [p11_child[2042]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 380s [p11_child[2042]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 380s [p11_child[2042]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 380s [p11_child[2042]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 380s [p11_child[2042]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 380s [p11_child[2042]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 380s [p11_child[2042]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 380s [p11_child[2042]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 380s [p11_child[2042]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 380s [p11_child[2042]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 380s [p11_child[2042]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 380s [p11_child[2042]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 380s [p11_child[2042]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 380s [p11_child[2042]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 380s [p11_child[2042]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 380s [p11_child[2042]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 380s [p11_child[2042]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 380s [p11_child[2042]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 380s [p11_child[2042]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 380s [p11_child[2042]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 380s [p11_child[2042]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 380s [p11_child[2042]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 380s [p11_child[2042]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 380s [p11_child[2042]] [do_card] (0x4000): Certificate verified and validated. 380s [p11_child[2042]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 380s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-Imo5hn/SSSD-child-916-auth.output 380s + echo '-----BEGIN CERTIFICATE-----' 380s + tail -n1 /tmp/sssd-softhsm2-Imo5hn/SSSD-child-916-auth.output 380s + echo '-----END CERTIFICATE-----' 380s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-Imo5hn/SSSD-child-916-auth.pem 380s Certificate: 380s Data: 380s Version: 3 (0x2) 380s Serial Number: 3 (0x3) 380s Signature Algorithm: sha256WithRSAEncryption 380s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root CA 380s Validity 380s Not Before: Mar 22 00:37:07 2024 GMT 380s Not After : Mar 22 00:37:07 2025 GMT 380s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root Trusted Certificate 0001 380s Subject Public Key Info: 380s Public Key Algorithm: rsaEncryption 380s Public-Key: (1024 bit) 380s Modulus: 380s 00:a3:09:e0:d1:9c:a5:10:68:b0:48:ec:51:e9:1c: 380s 22:f9:cf:18:c3:4e:1d:30:a5:07:61:c2:74:ff:76: 380s 33:fc:9c:e5:ca:a9:b2:9b:8a:84:57:df:c3:fe:7d: 380s 78:cd:ec:a5:c8:4c:63:f1:05:32:17:fb:27:c9:a8: 380s e2:e8:d4:a3:7c:a5:e9:4b:6d:ea:af:12:56:c3:3c: 380s 63:9d:19:6d:69:2c:6c:8a:98:fc:25:9c:c6:bb:fa: 380s 02:5b:29:bd:4f:62:a9:e4:ad:d2:4b:2b:48:83:a9: 380s 91:85:2d:9f:b1:29:74:cf:92:2d:4b:99:6b:00:5f: 380s 49:9c:d1:4d:cf:6a:1f:56:07 380s Exponent: 65537 (0x10001) 380s X509v3 extensions: 380s X509v3 Authority Key Identifier: 380s 6B:18:49:2C:AF:CE:25:E3:00:8A:C9:D3:21:64:0D:9B:93:DB:62:38 380s X509v3 Basic Constraints: 380s CA:FALSE 380s Netscape Cert Type: 380s SSL Client, S/MIME 380s Netscape Comment: 380s Test Organization Root CA trusted Certificate 380s X509v3 Subject Key Identifier: 380s FD:D7:19:D6:DF:19:15:CC:2F:A0:22:EC:DF:0D:F7:63:A6:D7:9A:0D 380s X509v3 Key Usage: critical 380s Digital Signature, Non Repudiation, Key Encipherment 380s X509v3 Extended Key Usage: 380s TLS Web Client Authentication, E-mail Protection 380s X509v3 Subject Alternative Name: 380s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 380s Signature Algorithm: sha256WithRSAEncryption 380s Signature Value: 380s 4a:44:1a:01:36:22:0d:85:1a:a2:3c:78:6e:5e:4d:99:1b:ab: 380s 08:34:19:5f:ee:6a:30:8d:91:96:88:c6:c9:bf:1d:1d:c5:96: 380s 2f:69:b4:3a:50:c0:2e:be:af:53:f8:56:ea:dc:69:e6:c3:1b: 380s 29:87:4d:d8:13:c3:1c:10:ca:26:25:f0:54:cf:65:9e:97:86: 380s 82:4d:98:fe:45:2b:6e:ce:6e:a7:2d:3f:d9:d8:c7:09:68:1c: 380s 7c:02:31:ee:bd:c8:ae:0d:f4:68:52:90:86:ac:b5:c7:1a:88: 380s 3c:94:13:0c:a2:10:ac:06:7c:09:59:b7:75:cb:8a:e2:40:37: 380s 35:e2 380s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-Imo5hn/SSSD-child-916-auth.pem 380s + found_md5=Modulus=A309E0D19CA51068B048EC51E91C22F9CF18C34E1D30A50761C274FF7633FC9CE5CAA9B29B8A8457DFC3FE7D78CDECA5C84C63F1053217FB27C9A8E2E8D4A37CA5E94B6DEAAF1256C33C639D196D692C6C8A98FC259CC6BBFA025B29BD4F62A9E4ADD24B2B4883A991852D9FB12974CF922D4B996B005F499CD14DCF6A1F5607 380s + '[' Modulus=A309E0D19CA51068B048EC51E91C22F9CF18C34E1D30A50761C274FF7633FC9CE5CAA9B29B8A8457DFC3FE7D78CDECA5C84C63F1053217FB27C9A8E2E8D4A37CA5E94B6DEAAF1256C33C639D196D692C6C8A98FC259CC6BBFA025B29BD4F62A9E4ADD24B2B4883A991852D9FB12974CF922D4B996B005F499CD14DCF6A1F5607 '!=' Modulus=A309E0D19CA51068B048EC51E91C22F9CF18C34E1D30A50761C274FF7633FC9CE5CAA9B29B8A8457DFC3FE7D78CDECA5C84C63F1053217FB27C9A8E2E8D4A37CA5E94B6DEAAF1256C33C639D196D692C6C8A98FC259CC6BBFA025B29BD4F62A9E4ADD24B2B4883A991852D9FB12974CF922D4B996B005F499CD14DCF6A1F5607 ']' 380s + valid_certificate /tmp/sssd-softhsm2-Imo5hn/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-37 /tmp/sssd-softhsm2-Imo5hn/test-root-CA.pem 380s + check_certificate /tmp/sssd-softhsm2-Imo5hn/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-37 /tmp/sssd-softhsm2-Imo5hn/test-root-CA.pem 380s + local certificate=/tmp/sssd-softhsm2-Imo5hn/test-root-CA-trusted-certificate-0001.pem 380s + local key_pass=pass:random-root-ca-trusted-cert-0001-37 380s + local key_ring=/tmp/sssd-softhsm2-Imo5hn/test-root-CA.pem 380s + local verify_option= 380s + prepare_softhsm2_card /tmp/sssd-softhsm2-Imo5hn/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-37 380s + local certificate=/tmp/sssd-softhsm2-Imo5hn/test-root-CA-trusted-certificate-0001.pem 380s + local key_pass=pass:random-root-ca-trusted-cert-0001-37 380s + local key_cn 380s + local key_name 380s + local tokens_dir 380s + local output_cert_file 380s + token_name= 380s ++ basename /tmp/sssd-softhsm2-Imo5hn/test-root-CA-trusted-certificate-0001.pem .pem 380s + key_name=test-root-CA-trusted-certificate-0001 380s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-Imo5hn/test-root-CA-trusted-certificate-0001.pem 380s ++ sed -n 's/ *commonName *= //p' 380s + key_cn='Test Organization Root Trusted Certificate 0001' 380s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 380s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-Imo5hn/softhsm2-test-root-CA-trusted-certificate-0001.conf 380s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-Imo5hn/softhsm2-test-root-CA-trusted-certificate-0001.conf 380s ++ basename /tmp/sssd-softhsm2-Imo5hn/softhsm2-test-root-CA-trusted-certificate-0001.conf .conf 380s + tokens_dir=/tmp/sssd-softhsm2-Imo5hn/softhsm2-test-root-CA-trusted-certificate-0001 380s + token_name='Test Organization Root Tr Token' 380s + '[' '!' -e /tmp/sssd-softhsm2-Imo5hn/softhsm2-test-root-CA-trusted-certificate-0001.conf ']' 380s + '[' '!' -d /tmp/sssd-softhsm2-Imo5hn/softhsm2-test-root-CA-trusted-certificate-0001 ']' 380s + echo 'Test Organization Root Tr Token' 380s Test Organization Root Tr Token 380s + '[' -n '' ']' 380s + local output_base_name=SSSD-child-9672 380s + local output_file=/tmp/sssd-softhsm2-Imo5hn/SSSD-child-9672.output 380s + output_cert_file=/tmp/sssd-softhsm2-Imo5hn/SSSD-child-9672.pem 380s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so '' --ca_db=/tmp/sssd-softhsm2-Imo5hn/test-root-CA.pem 380s [p11_child[2052]] [main] (0x0400): p11_child started. 380s [p11_child[2052]] [main] (0x2000): Running in [pre-auth] mode. 380s [p11_child[2052]] [main] (0x2000): Running with effective IDs: [0][0]. 380s [p11_child[2052]] [main] (0x2000): Running with real IDs [0][0]. 380s [p11_child[2052]] [do_card] (0x4000): Module List: 380s [p11_child[2052]] [do_card] (0x4000): common name: [softhsm2]. 380s [p11_child[2052]] [do_card] (0x4000): dll name: [/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 380s [p11_child[2052]] [do_card] (0x4000): Description [SoftHSM slot ID 0x7483605e] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 380s [p11_child[2052]] [do_card] (0x4000): Token label [Test Organization Root Tr Token]. 380s [p11_child[2052]] [do_card] (0x4000): Found [Test Organization Root Tr Token] in slot [SoftHSM slot ID 0x7483605e][1954766942] of module [0][/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 380s [p11_child[2052]] [do_card] (0x4000): Login NOT required. 380s [p11_child[2052]] [read_certs] (0x4000): found cert[Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] 380s [p11_child[2052]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 380s [p11_child[2052]] [do_card] (0x4000): /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so (null) Test Organization Root Tr Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 380s [p11_child[2052]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x7483605e;slot-manufacturer=SoftHSM%20project;slot-id=1954766942;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=db714e667483605e;token=Test%20Organization%20Root%20Tr%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Root%20Trusted%20Certificate%200001;type=cert. 380s [p11_child[2052]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 380s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-Imo5hn/SSSD-child-9672.output 380s + echo '-----BEGIN CERTIFICATE-----' 380s + tail -n1 /tmp/sssd-softhsm2-Imo5hn/SSSD-child-9672.output 380s + echo '-----END CERTIFICATE-----' 380s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-Imo5hn/SSSD-child-9672.pem 380s Certificate: 380s Data: 380s Version: 3 (0x2) 380s Serial Number: 3 (0x3) 380s Signature Algorithm: sha256WithRSAEncryption 380s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root CA 380s Validity 380s Not Before: Mar 22 00:37:07 2024 GMT 380s Not After : Mar 22 00:37:07 2025 GMT 380s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root Trusted Certificate 0001 380s Subject Public Key Info: 380s Public Key Algorithm: rsaEncryption 380s Public-Key: (1024 bit) 380s Modulus: 380s 00:a3:09:e0:d1:9c:a5:10:68:b0:48:ec:51:e9:1c: 380s 22:f9:cf:18:c3:4e:1d:30:a5:07:61:c2:74:ff:76: 380s 33:fc:9c:e5:ca:a9:b2:9b:8a:84:57:df:c3:fe:7d: 380s 78:cd:ec:a5:c8:4c:63:f1:05:32:17:fb:27:c9:a8: 380s e2:e8:d4:a3:7c:a5:e9:4b:6d:ea:af:12:56:c3:3c: 380s 63:9d:19:6d:69:2c:6c:8a:98:fc:25:9c:c6:bb:fa: 380s 02:5b:29:bd:4f:62:a9:e4:ad:d2:4b:2b:48:83:a9: 380s 91:85:2d:9f:b1:29:74:cf:92:2d:4b:99:6b:00:5f: 380s 49:9c:d1:4d:cf:6a:1f:56:07 380s Exponent: 65537 (0x10001) 380s X509v3 extensions: 380s X509v3 Authority Key Identifier: 380s 6B:18:49:2C:AF:CE:25:E3:00:8A:C9:D3:21:64:0D:9B:93:DB:62:38 380s X509v3 Basic Constraints: 380s CA:FALSE 380s Netscape Cert Type: 380s SSL Client, S/MIME 380s Netscape Comment: 380s Test Organization Root CA trusted Certificate 380s X509v3 Subject Key Identifier: 380s FD:D7:19:D6:DF:19:15:CC:2F:A0:22:EC:DF:0D:F7:63:A6:D7:9A:0D 380s X509v3 Key Usage: critical 380s Digital Signature, Non Repudiation, Key Encipherment 380s X509v3 Extended Key Usage: 380s TLS Web Client Authentication, E-mail Protection 380s X509v3 Subject Alternative Name: 380s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 380s Signature Algorithm: sha256WithRSAEncryption 380s Signature Value: 380s 4a:44:1a:01:36:22:0d:85:1a:a2:3c:78:6e:5e:4d:99:1b:ab: 380s 08:34:19:5f:ee:6a:30:8d:91:96:88:c6:c9:bf:1d:1d:c5:96: 380s 2f:69:b4:3a:50:c0:2e:be:af:53:f8:56:ea:dc:69:e6:c3:1b: 380s 29:87:4d:d8:13:c3:1c:10:ca:26:25:f0:54:cf:65:9e:97:86: 380s 82:4d:98:fe:45:2b:6e:ce:6e:a7:2d:3f:d9:d8:c7:09:68:1c: 380s 7c:02:31:ee:bd:c8:ae:0d:f4:68:52:90:86:ac:b5:c7:1a:88: 380s 3c:94:13:0c:a2:10:ac:06:7c:09:59:b7:75:cb:8a:e2:40:37: 380s 35:e2 380s + local found_md5 expected_md5 380s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-Imo5hn/test-root-CA-trusted-certificate-0001.pem 380s + expected_md5=Modulus=A309E0D19CA51068B048EC51E91C22F9CF18C34E1D30A50761C274FF7633FC9CE5CAA9B29B8A8457DFC3FE7D78CDECA5C84C63F1053217FB27C9A8E2E8D4A37CA5E94B6DEAAF1256C33C639D196D692C6C8A98FC259CC6BBFA025B29BD4F62A9E4ADD24B2B4883A991852D9FB12974CF922D4B996B005F499CD14DCF6A1F5607 380s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-Imo5hn/SSSD-child-9672.pem 380s + found_md5=Modulus=A309E0D19CA51068B048EC51E91C22F9CF18C34E1D30A50761C274FF7633FC9CE5CAA9B29B8A8457DFC3FE7D78CDECA5C84C63F1053217FB27C9A8E2E8D4A37CA5E94B6DEAAF1256C33C639D196D692C6C8A98FC259CC6BBFA025B29BD4F62A9E4ADD24B2B4883A991852D9FB12974CF922D4B996B005F499CD14DCF6A1F5607 380s + '[' Modulus=A309E0D19CA51068B048EC51E91C22F9CF18C34E1D30A50761C274FF7633FC9CE5CAA9B29B8A8457DFC3FE7D78CDECA5C84C63F1053217FB27C9A8E2E8D4A37CA5E94B6DEAAF1256C33C639D196D692C6C8A98FC259CC6BBFA025B29BD4F62A9E4ADD24B2B4883A991852D9FB12974CF922D4B996B005F499CD14DCF6A1F5607 '!=' Modulus=A309E0D19CA51068B048EC51E91C22F9CF18C34E1D30A50761C274FF7633FC9CE5CAA9B29B8A8457DFC3FE7D78CDECA5C84C63F1053217FB27C9A8E2E8D4A37CA5E94B6DEAAF1256C33C639D196D692C6C8A98FC259CC6BBFA025B29BD4F62A9E4ADD24B2B4883A991852D9FB12974CF922D4B996B005F499CD14DCF6A1F5607 ']' 380s + output_file=/tmp/sssd-softhsm2-Imo5hn/SSSD-child-9672-auth.output 380s ++ basename /tmp/sssd-softhsm2-Imo5hn/SSSD-child-9672-auth.output .output 380s + output_cert_file=/tmp/sssd-softhsm2-Imo5hn/SSSD-child-9672-auth.pem 380s + echo -n 053350 380s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/tmp/sssd-softhsm2-Imo5hn/test-root-CA.pem --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 '' --token_name 'Test Organization Root Tr Token' --module_name /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so 380s [p11_child[2060]] [main] (0x0400): p11_child started. 380s [p11_child[2060]] [main] (0x2000): Running in [auth] mode. 380s [p11_child[2060]] [main] (0x2000): Running with effective IDs: [0][0]. 380s [p11_child[2060]] [main] (0x2000): Running with real IDs [0][0]. 380s [p11_child[2060]] [do_card] (0x4000): Module List: 380s [p11_child[2060]] [do_card] (0x4000): common name: [softhsm2]. 380s [p11_child[2060]] [do_card] (0x4000): dll name: [/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 380s [p11_child[2060]] [do_card] (0x4000): Description [SoftHSM slot ID 0x7483605e] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 380s [p11_child[2060]] [do_card] (0x4000): Token label [Test Organization Root Tr Token]. 380s [p11_child[2060]] [do_card] (0x4000): Found [Test Organization Root Tr Token] in slot [SoftHSM slot ID 0x7483605e][1954766942] of module [0][/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 380s [p11_child[2060]] [do_card] (0x4000): Login required. 380s [p11_child[2060]] [read_certs] (0x4000): found cert[Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] 380s [p11_child[2060]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 380s [p11_child[2060]] [do_card] (0x4000): /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so Test Organization Root Tr Token Test Organization Root Tr Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 380s [p11_child[2060]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x7483605e;slot-manufacturer=SoftHSM%20project;slot-id=1954766942;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=db714e667483605e;token=Test%20Organization%20Root%20Tr%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Root%20Trusted%20Certificate%200001;type=cert. 380s [p11_child[2060]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 380s [p11_child[2060]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 380s [p11_child[2060]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 380s [p11_child[2060]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 380s [p11_child[2060]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 380s [p11_child[2060]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 380s [p11_child[2060]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 380s [p11_child[2060]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 380s [p11_child[2060]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 380s [p11_child[2060]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 380s [p11_child[2060]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 380s [p11_child[2060]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 380s [p11_child[2060]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 380s [p11_child[2060]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 380s [p11_child[2060]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 380s [p11_child[2060]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 380s [p11_child[2060]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 380s [p11_child[2060]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 380s [p11_child[2060]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 380s [p11_child[2060]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 380s [p11_child[2060]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 380s [p11_child[2060]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 380s [p11_child[2060]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 380s [p11_child[2060]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 380s [p11_child[2060]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 380s [p11_child[2060]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 380s [p11_child[2060]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 380s [p11_child[2060]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 380s [p11_child[2060]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 380s [p11_child[2060]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 380s [p11_child[2060]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 380s [p11_child[2060]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 380s [p11_child[2060]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 380s [p11_child[2060]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 380s [p11_child[2060]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 380s [p11_child[2060]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 380s [p11_child[2060]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 380s [p11_child[2060]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 380s [p11_child[2060]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 380s [p11_child[2060]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 380s [p11_child[2060]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 380s [p11_child[2060]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 380s [p11_child[2060]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 380s [p11_child[2060]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 380s [p11_child[2060]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 380s [p11_child[2060]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 380s [p11_child[2060]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 380s [p11_child[2060]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 380s [p11_child[2060]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 380s [p11_child[2060]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 380s [p11_child[2060]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 380s [p11_child[2060]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 380s [p11_child[2060]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 380s [p11_child[2060]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 380s [p11_child[2060]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 380s [p11_child[2060]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 380s [p11_child[2060]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 380s [p11_child[2060]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 380s [p11_child[2060]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 380s [p11_child[2060]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 380s [p11_child[2060]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 380s [p11_child[2060]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 380s [p11_child[2060]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 380s [p11_child[2060]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 380s [p11_child[2060]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 380s [p11_child[2060]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 380s [p11_child[2060]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 380s [p11_child[2060]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 380s [p11_child[2060]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 380s [p11_child[2060]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 380s [p11_child[2060]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 380s [p11_child[2060]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 380s [p11_child[2060]] [do_card] (0x4000): Certificate verified and validated. 380s [p11_child[2060]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 380s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-Imo5hn/SSSD-child-9672-auth.output 380s + echo '-----BEGIN CERTIFICATE-----' 380s + tail -n1 /tmp/sssd-softhsm2-Imo5hn/SSSD-child-9672-auth.output 380s + echo '-----END CERTIFICATE-----' 380s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-Imo5hn/SSSD-child-9672-auth.pem 381s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-Imo5hn/SSSD-child-9672-auth.pem 381s Certificate: 381s Data: 381s Version: 3 (0x2) 381s Serial Number: 3 (0x3) 381s Signature Algorithm: sha256WithRSAEncryption 381s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root CA 381s Validity 381s Not Before: Mar 22 00:37:07 2024 GMT 381s Not After : Mar 22 00:37:07 2025 GMT 381s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root Trusted Certificate 0001 381s Subject Public Key Info: 381s Public Key Algorithm: rsaEncryption 381s Public-Key: (1024 bit) 381s Modulus: 381s 00:a3:09:e0:d1:9c:a5:10:68:b0:48:ec:51:e9:1c: 381s 22:f9:cf:18:c3:4e:1d:30:a5:07:61:c2:74:ff:76: 381s 33:fc:9c:e5:ca:a9:b2:9b:8a:84:57:df:c3:fe:7d: 381s 78:cd:ec:a5:c8:4c:63:f1:05:32:17:fb:27:c9:a8: 381s e2:e8:d4:a3:7c:a5:e9:4b:6d:ea:af:12:56:c3:3c: 381s 63:9d:19:6d:69:2c:6c:8a:98:fc:25:9c:c6:bb:fa: 381s 02:5b:29:bd:4f:62:a9:e4:ad:d2:4b:2b:48:83:a9: 381s 91:85:2d:9f:b1:29:74:cf:92:2d:4b:99:6b:00:5f: 381s 49:9c:d1:4d:cf:6a:1f:56:07 381s Exponent: 65537 (0x10001) 381s X509v3 extensions: 381s X509v3 Authority Key Identifier: 381s 6B:18:49:2C:AF:CE:25:E3:00:8A:C9:D3:21:64:0D:9B:93:DB:62:38 381s X509v3 Basic Constraints: 381s CA:FALSE 381s Netscape Cert Type: 381s SSL Client, S/MIME 381s Netscape Comment: 381s Test Organization Root CA trusted Certificate 381s X509v3 Subject Key Identifier: 381s FD:D7:19:D6:DF:19:15:CC:2F:A0:22:EC:DF:0D:F7:63:A6:D7:9A:0D 381s X509v3 Key Usage: critical 381s Digital Signature, Non Repudiation, Key Encipherment 381s X509v3 Extended Key Usage: 381s TLS Web Client Authentication, E-mail Protection 381s X509v3 Subject Alternative Name: 381s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 381s Signature Algorithm: sha256WithRSAEncryption 381s Signature Value: 381s 4a:44:1a:01:36:22:0d:85:1a:a2:3c:78:6e:5e:4d:99:1b:ab: 381s 08:34:19:5f:ee:6a:30:8d:91:96:88:c6:c9:bf:1d:1d:c5:96: 381s 2f:69:b4:3a:50:c0:2e:be:af:53:f8:56:ea:dc:69:e6:c3:1b: 381s 29:87:4d:d8:13:c3:1c:10:ca:26:25:f0:54:cf:65:9e:97:86: 381s 82:4d:98:fe:45:2b:6e:ce:6e:a7:2d:3f:d9:d8:c7:09:68:1c: 381s 7c:02:31:ee:bd:c8:ae:0d:f4:68:52:90:86:ac:b5:c7:1a:88: 381s 3c:94:13:0c:a2:10:ac:06:7c:09:59:b7:75:cb:8a:e2:40:37: 381s 35:e2 381s + found_md5=Modulus=A309E0D19CA51068B048EC51E91C22F9CF18C34E1D30A50761C274FF7633FC9CE5CAA9B29B8A8457DFC3FE7D78CDECA5C84C63F1053217FB27C9A8E2E8D4A37CA5E94B6DEAAF1256C33C639D196D692C6C8A98FC259CC6BBFA025B29BD4F62A9E4ADD24B2B4883A991852D9FB12974CF922D4B996B005F499CD14DCF6A1F5607 381s + '[' Modulus=A309E0D19CA51068B048EC51E91C22F9CF18C34E1D30A50761C274FF7633FC9CE5CAA9B29B8A8457DFC3FE7D78CDECA5C84C63F1053217FB27C9A8E2E8D4A37CA5E94B6DEAAF1256C33C639D196D692C6C8A98FC259CC6BBFA025B29BD4F62A9E4ADD24B2B4883A991852D9FB12974CF922D4B996B005F499CD14DCF6A1F5607 '!=' Modulus=A309E0D19CA51068B048EC51E91C22F9CF18C34E1D30A50761C274FF7633FC9CE5CAA9B29B8A8457DFC3FE7D78CDECA5C84C63F1053217FB27C9A8E2E8D4A37CA5E94B6DEAAF1256C33C639D196D692C6C8A98FC259CC6BBFA025B29BD4F62A9E4ADD24B2B4883A991852D9FB12974CF922D4B996B005F499CD14DCF6A1F5607 ']' 381s + valid_certificate /tmp/sssd-softhsm2-Imo5hn/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-37 /tmp/sssd-softhsm2-Imo5hn/test-root-CA.pem partial_chain 381s + check_certificate /tmp/sssd-softhsm2-Imo5hn/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-37 /tmp/sssd-softhsm2-Imo5hn/test-root-CA.pem partial_chain 381s + local certificate=/tmp/sssd-softhsm2-Imo5hn/test-root-CA-trusted-certificate-0001.pem 381s + local key_pass=pass:random-root-ca-trusted-cert-0001-37 381s + local key_ring=/tmp/sssd-softhsm2-Imo5hn/test-root-CA.pem 381s + local verify_option=partial_chain 381s + prepare_softhsm2_card /tmp/sssd-softhsm2-Imo5hn/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-37 381s + local certificate=/tmp/sssd-softhsm2-Imo5hn/test-root-CA-trusted-certificate-0001.pem 381s + local key_pass=pass:random-root-ca-trusted-cert-0001-37 381s + local key_cn 381s + local key_name 381s + local tokens_dir 381s + local output_cert_file 381s + token_name= 381s ++ basename /tmp/sssd-softhsm2-Imo5hn/test-root-CA-trusted-certificate-0001.pem .pem 381s + key_name=test-root-CA-trusted-certificate-0001 381s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-Imo5hn/test-root-CA-trusted-certificate-0001.pem 381s ++ sed -n 's/ *commonName *= //p' 381s + key_cn='Test Organization Root Trusted Certificate 0001' 381s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 381s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-Imo5hn/softhsm2-test-root-CA-trusted-certificate-0001.conf 381s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-Imo5hn/softhsm2-test-root-CA-trusted-certificate-0001.conf 381s ++ basename /tmp/sssd-softhsm2-Imo5hn/softhsm2-test-root-CA-trusted-certificate-0001.conf .conf 381s + tokens_dir=/tmp/sssd-softhsm2-Imo5hn/softhsm2-test-root-CA-trusted-certificate-0001 381s + token_name='Test Organization Root Tr Token' 381s + '[' '!' -e /tmp/sssd-softhsm2-Imo5hn/softhsm2-test-root-CA-trusted-certificate-0001.conf ']' 381s + '[' '!' -d /tmp/sssd-softhsm2-Imo5hn/softhsm2-test-root-CA-trusted-certificate-0001 ']' 381s + echo 'Test Organization Root Tr Token' 381s Test Organization Root Tr Token 381s + '[' -n partial_chain ']' 381s + local verify_arg=--verify=partial_chain 381s + local output_base_name=SSSD-child-17700 381s + local output_file=/tmp/sssd-softhsm2-Imo5hn/SSSD-child-17700.output 381s + output_cert_file=/tmp/sssd-softhsm2-Imo5hn/SSSD-child-17700.pem 381s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so --verify=partial_chain --ca_db=/tmp/sssd-softhsm2-Imo5hn/test-root-CA.pem 381s [p11_child[2070]] [main] (0x0400): p11_child started. 381s [p11_child[2070]] [main] (0x2000): Running in [pre-auth] mode. 381s [p11_child[2070]] [main] (0x2000): Running with effective IDs: [0][0]. 381s [p11_child[2070]] [main] (0x2000): Running with real IDs [0][0]. 381s [p11_child[2070]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 381s [p11_child[2070]] [do_card] (0x4000): Module List: 381s [p11_child[2070]] [do_card] (0x4000): common name: [softhsm2]. 381s [p11_child[2070]] [do_card] (0x4000): dll name: [/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 381s [p11_child[2070]] [do_card] (0x4000): Description [SoftHSM slot ID 0x7483605e] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 381s [p11_child[2070]] [do_card] (0x4000): Token label [Test Organization Root Tr Token]. 381s [p11_child[2070]] [do_card] (0x4000): Found [Test Organization Root Tr Token] in slot [SoftHSM slot ID 0x7483605e][1954766942] of module [0][/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 381s [p11_child[2070]] [do_card] (0x4000): Login NOT required. 381s [p11_child[2070]] [read_certs] (0x4000): found cert[Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] 381s [p11_child[2070]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 381s [p11_child[2070]] [do_card] (0x4000): /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so (null) Test Organization Root Tr Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 381s [p11_child[2070]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x7483605e;slot-manufacturer=SoftHSM%20project;slot-id=1954766942;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=db714e667483605e;token=Test%20Organization%20Root%20Tr%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Root%20Trusted%20Certificate%200001;type=cert. 381s [p11_child[2070]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 381s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-Imo5hn/SSSD-child-17700.output 381s + echo '-----BEGIN CERTIFICATE-----' 381s + tail -n1 /tmp/sssd-softhsm2-Imo5hn/SSSD-child-17700.output 381s + echo '-----END CERTIFICATE-----' 381s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-Imo5hn/SSSD-child-17700.pem 381s Certificate: 381s Data: 381s Version: 3 (0x2) 381s Serial Number: 3 (0x3) 381s Signature Algorithm: sha256WithRSAEncryption 381s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root CA 381s Validity 381s Not Before: Mar 22 00:37:07 2024 GMT 381s Not After : Mar 22 00:37:07 2025 GMT 381s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root Trusted Certificate 0001 381s Subject Public Key Info: 381s Public Key Algorithm: rsaEncryption 381s Public-Key: (1024 bit) 381s Modulus: 381s 00:a3:09:e0:d1:9c:a5:10:68:b0:48:ec:51:e9:1c: 381s 22:f9:cf:18:c3:4e:1d:30:a5:07:61:c2:74:ff:76: 381s 33:fc:9c:e5:ca:a9:b2:9b:8a:84:57:df:c3:fe:7d: 381s 78:cd:ec:a5:c8:4c:63:f1:05:32:17:fb:27:c9:a8: 381s e2:e8:d4:a3:7c:a5:e9:4b:6d:ea:af:12:56:c3:3c: 381s 63:9d:19:6d:69:2c:6c:8a:98:fc:25:9c:c6:bb:fa: 381s 02:5b:29:bd:4f:62:a9:e4:ad:d2:4b:2b:48:83:a9: 381s 91:85:2d:9f:b1:29:74:cf:92:2d:4b:99:6b:00:5f: 381s 49:9c:d1:4d:cf:6a:1f:56:07 381s Exponent: 65537 (0x10001) 381s X509v3 extensions: 381s X509v3 Authority Key Identifier: 381s 6B:18:49:2C:AF:CE:25:E3:00:8A:C9:D3:21:64:0D:9B:93:DB:62:38 381s X509v3 Basic Constraints: 381s CA:FALSE 381s Netscape Cert Type: 381s SSL Client, S/MIME 381s Netscape Comment: 381s Test Organization Root CA trusted Certificate 381s X509v3 Subject Key Identifier: 381s FD:D7:19:D6:DF:19:15:CC:2F:A0:22:EC:DF:0D:F7:63:A6:D7:9A:0D 381s X509v3 Key Usage: critical 381s Digital Signature, Non Repudiation, Key Encipherment 381s X509v3 Extended Key Usage: 381s TLS Web Client Authentication, E-mail Protection 381s X509v3 Subject Alternative Name: 381s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 381s Signature Algorithm: sha256WithRSAEncryption 381s Signature Value: 381s 4a:44:1a:01:36:22:0d:85:1a:a2:3c:78:6e:5e:4d:99:1b:ab: 381s 08:34:19:5f:ee:6a:30:8d:91:96:88:c6:c9:bf:1d:1d:c5:96: 381s 2f:69:b4:3a:50:c0:2e:be:af:53:f8:56:ea:dc:69:e6:c3:1b: 381s 29:87:4d:d8:13:c3:1c:10:ca:26:25:f0:54:cf:65:9e:97:86: 381s 82:4d:98:fe:45:2b:6e:ce:6e:a7:2d:3f:d9:d8:c7:09:68:1c: 381s 7c:02:31:ee:bd:c8:ae:0d:f4:68:52:90:86:ac:b5:c7:1a:88: 381s 3c:94:13:0c:a2:10:ac:06:7c:09:59:b7:75:cb:8a:e2:40:37: 381s 35:e2 381s + local found_md5 expected_md5 381s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-Imo5hn/test-root-CA-trusted-certificate-0001.pem 381s + expected_md5=Modulus=A309E0D19CA51068B048EC51E91C22F9CF18C34E1D30A50761C274FF7633FC9CE5CAA9B29B8A8457DFC3FE7D78CDECA5C84C63F1053217FB27C9A8E2E8D4A37CA5E94B6DEAAF1256C33C639D196D692C6C8A98FC259CC6BBFA025B29BD4F62A9E4ADD24B2B4883A991852D9FB12974CF922D4B996B005F499CD14DCF6A1F5607 381s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-Imo5hn/SSSD-child-17700.pem 381s + found_md5=Modulus=A309E0D19CA51068B048EC51E91C22F9CF18C34E1D30A50761C274FF7633FC9CE5CAA9B29B8A8457DFC3FE7D78CDECA5C84C63F1053217FB27C9A8E2E8D4A37CA5E94B6DEAAF1256C33C639D196D692C6C8A98FC259CC6BBFA025B29BD4F62A9E4ADD24B2B4883A991852D9FB12974CF922D4B996B005F499CD14DCF6A1F5607 381s + '[' Modulus=A309E0D19CA51068B048EC51E91C22F9CF18C34E1D30A50761C274FF7633FC9CE5CAA9B29B8A8457DFC3FE7D78CDECA5C84C63F1053217FB27C9A8E2E8D4A37CA5E94B6DEAAF1256C33C639D196D692C6C8A98FC259CC6BBFA025B29BD4F62A9E4ADD24B2B4883A991852D9FB12974CF922D4B996B005F499CD14DCF6A1F5607 '!=' Modulus=A309E0D19CA51068B048EC51E91C22F9CF18C34E1D30A50761C274FF7633FC9CE5CAA9B29B8A8457DFC3FE7D78CDECA5C84C63F1053217FB27C9A8E2E8D4A37CA5E94B6DEAAF1256C33C639D196D692C6C8A98FC259CC6BBFA025B29BD4F62A9E4ADD24B2B4883A991852D9FB12974CF922D4B996B005F499CD14DCF6A1F5607 ']' 381s + output_file=/tmp/sssd-softhsm2-Imo5hn/SSSD-child-17700-auth.output 381s ++ basename /tmp/sssd-softhsm2-Imo5hn/SSSD-child-17700-auth.output .output 381s + output_cert_file=/tmp/sssd-softhsm2-Imo5hn/SSSD-child-17700-auth.pem 381s + echo -n 053350 381s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/tmp/sssd-softhsm2-Imo5hn/test-root-CA.pem --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 --verify=partial_chain --token_name 'Test Organization Root Tr Token' --module_name /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so 381s [p11_child[2078]] [main] (0x0400): p11_child started. 381s [p11_child[2078]] [main] (0x2000): Running in [auth] mode. 381s [p11_child[2078]] [main] (0x2000): Running with effective IDs: [0][0]. 381s [p11_child[2078]] [main] (0x2000): Running with real IDs [0][0]. 381s [p11_child[2078]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 381s [p11_child[2078]] [do_card] (0x4000): Module List: 381s [p11_child[2078]] [do_card] (0x4000): common name: [softhsm2]. 381s [p11_child[2078]] [do_card] (0x4000): dll name: [/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 381s [p11_child[2078]] [do_card] (0x4000): Description [SoftHSM slot ID 0x7483605e] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 381s [p11_child[2078]] [do_card] (0x4000): Token label [Test Organization Root Tr Token]. 381s [p11_child[2078]] [do_card] (0x4000): Found [Test Organization Root Tr Token] in slot [SoftHSM slot ID 0x7483605e][1954766942] of module [0][/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 381s [p11_child[2078]] [do_card] (0x4000): Login required. 381s [p11_child[2078]] [read_certs] (0x4000): found cert[Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] 381s [p11_child[2078]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 381s [p11_child[2078]] [do_card] (0x4000): /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so Test Organization Root Tr Token Test Organization Root Tr Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 381s [p11_child[2078]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x7483605e;slot-manufacturer=SoftHSM%20project;slot-id=1954766942;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=db714e667483605e;token=Test%20Organization%20Root%20Tr%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Root%20Trusted%20Certificate%200001;type=cert. 381s [p11_child[2078]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 381s [p11_child[2078]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 381s [p11_child[2078]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 381s [p11_child[2078]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 381s [p11_child[2078]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 381s [p11_child[2078]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 381s [p11_child[2078]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 381s [p11_child[2078]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 381s [p11_child[2078]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 381s [p11_child[2078]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 381s [p11_child[2078]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 381s [p11_child[2078]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 381s [p11_child[2078]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 381s [p11_child[2078]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 381s [p11_child[2078]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 381s [p11_child[2078]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 381s [p11_child[2078]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 381s [p11_child[2078]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 381s [p11_child[2078]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 381s [p11_child[2078]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 381s [p11_child[2078]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 381s [p11_child[2078]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 381s [p11_child[2078]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 381s [p11_child[2078]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 381s [p11_child[2078]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 381s [p11_child[2078]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 381s [p11_child[2078]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 381s [p11_child[2078]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 381s [p11_child[2078]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 381s [p11_child[2078]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 381s [p11_child[2078]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 381s [p11_child[2078]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 381s [p11_child[2078]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 381s [p11_child[2078]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 381s [p11_child[2078]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 381s [p11_child[2078]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 381s [p11_child[2078]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 381s [p11_child[2078]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 381s [p11_child[2078]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 381s [p11_child[2078]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 381s [p11_child[2078]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 381s [p11_child[2078]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 381s [p11_child[2078]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 381s [p11_child[2078]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 381s [p11_child[2078]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 381s [p11_child[2078]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 381s [p11_child[2078]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 381s [p11_child[2078]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 381s [p11_child[2078]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 381s [p11_child[2078]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 381s [p11_child[2078]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 381s [p11_child[2078]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 381s [p11_child[2078]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 381s [p11_child[2078]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 381s [p11_child[2078]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 381s [p11_child[2078]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 381s [p11_child[2078]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 381s [p11_child[2078]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 381s [p11_child[2078]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 381s [p11_child[2078]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 381s [p11_child[2078]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 381s [p11_child[2078]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 381s [p11_child[2078]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 381s [p11_child[2078]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 381s [p11_child[2078]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 381s [p11_child[2078]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 381s [p11_child[2078]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 381s [p11_child[2078]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 381s [p11_child[2078]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 381s [p11_child[2078]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 381s [p11_child[2078]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 381s [p11_child[2078]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 381s [p11_child[2078]] [do_card] (0x4000): Certificate verified and validated. 381s [p11_child[2078]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 381s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-Imo5hn/SSSD-child-17700-auth.output 381s + echo '-----BEGIN CERTIFICATE-----' 381s + tail -n1 /tmp/sssd-softhsm2-Imo5hn/SSSD-child-17700-auth.output 381s + echo '-----END CERTIFICATE-----' 381s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-Imo5hn/SSSD-child-17700-auth.pem 381s Certificate: 381s Data: 381s Version: 3 (0x2) 381s Serial Number: 3 (0x3) 381s Signature Algorithm: sha256WithRSAEncryption 381s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root CA 381s Validity 381s Not Before: Mar 22 00:37:07 2024 GMT 381s Not After : Mar 22 00:37:07 2025 GMT 381s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root Trusted Certificate 0001 381s Subject Public Key Info: 381s Public Key Algorithm: rsaEncryption 381s Public-Key: (1024 bit) 381s Modulus: 381s 00:a3:09:e0:d1:9c:a5:10:68:b0:48:ec:51:e9:1c: 381s 22:f9:cf:18:c3:4e:1d:30:a5:07:61:c2:74:ff:76: 381s 33:fc:9c:e5:ca:a9:b2:9b:8a:84:57:df:c3:fe:7d: 381s 78:cd:ec:a5:c8:4c:63:f1:05:32:17:fb:27:c9:a8: 381s e2:e8:d4:a3:7c:a5:e9:4b:6d:ea:af:12:56:c3:3c: 381s 63:9d:19:6d:69:2c:6c:8a:98:fc:25:9c:c6:bb:fa: 381s 02:5b:29:bd:4f:62:a9:e4:ad:d2:4b:2b:48:83:a9: 381s 91:85:2d:9f:b1:29:74:cf:92:2d:4b:99:6b:00:5f: 381s 49:9c:d1:4d:cf:6a:1f:56:07 381s Exponent: 65537 (0x10001) 381s X509v3 extensions: 381s X509v3 Authority Key Identifier: 381s 6B:18:49:2C:AF:CE:25:E3:00:8A:C9:D3:21:64:0D:9B:93:DB:62:38 381s X509v3 Basic Constraints: 381s CA:FALSE 381s Netscape Cert Type: 381s SSL Client, S/MIME 381s Netscape Comment: 381s Test Organization Root CA trusted Certificate 381s X509v3 Subject Key Identifier: 381s FD:D7:19:D6:DF:19:15:CC:2F:A0:22:EC:DF:0D:F7:63:A6:D7:9A:0D 381s X509v3 Key Usage: critical 381s Digital Signature, Non Repudiation, Key Encipherment 381s X509v3 Extended Key Usage: 381s TLS Web Client Authentication, E-mail Protection 381s X509v3 Subject Alternative Name: 381s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 381s Signature Algorithm: sha256WithRSAEncryption 381s Signature Value: 381s 4a:44:1a:01:36:22:0d:85:1a:a2:3c:78:6e:5e:4d:99:1b:ab: 381s 08:34:19:5f:ee:6a:30:8d:91:96:88:c6:c9:bf:1d:1d:c5:96: 381s 2f:69:b4:3a:50:c0:2e:be:af:53:f8:56:ea:dc:69:e6:c3:1b: 381s 29:87:4d:d8:13:c3:1c:10:ca:26:25:f0:54:cf:65:9e:97:86: 381s 82:4d:98:fe:45:2b:6e:ce:6e:a7:2d:3f:d9:d8:c7:09:68:1c: 381s 7c:02:31:ee:bd:c8:ae:0d:f4:68:52:90:86:ac:b5:c7:1a:88: 381s 3c:94:13:0c:a2:10:ac:06:7c:09:59:b7:75:cb:8a:e2:40:37: 381s 35:e2 381s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-Imo5hn/SSSD-child-17700-auth.pem 381s + found_md5=Modulus=A309E0D19CA51068B048EC51E91C22F9CF18C34E1D30A50761C274FF7633FC9CE5CAA9B29B8A8457DFC3FE7D78CDECA5C84C63F1053217FB27C9A8E2E8D4A37CA5E94B6DEAAF1256C33C639D196D692C6C8A98FC259CC6BBFA025B29BD4F62A9E4ADD24B2B4883A991852D9FB12974CF922D4B996B005F499CD14DCF6A1F5607 381s + '[' Modulus=A309E0D19CA51068B048EC51E91C22F9CF18C34E1D30A50761C274FF7633FC9CE5CAA9B29B8A8457DFC3FE7D78CDECA5C84C63F1053217FB27C9A8E2E8D4A37CA5E94B6DEAAF1256C33C639D196D692C6C8A98FC259CC6BBFA025B29BD4F62A9E4ADD24B2B4883A991852D9FB12974CF922D4B996B005F499CD14DCF6A1F5607 '!=' Modulus=A309E0D19CA51068B048EC51E91C22F9CF18C34E1D30A50761C274FF7633FC9CE5CAA9B29B8A8457DFC3FE7D78CDECA5C84C63F1053217FB27C9A8E2E8D4A37CA5E94B6DEAAF1256C33C639D196D692C6C8A98FC259CC6BBFA025B29BD4F62A9E4ADD24B2B4883A991852D9FB12974CF922D4B996B005F499CD14DCF6A1F5607 ']' 381s + valid_certificate /tmp/sssd-softhsm2-Imo5hn/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-37 /tmp/sssd-softhsm2-Imo5hn/test-full-chain-CA.pem 381s + check_certificate /tmp/sssd-softhsm2-Imo5hn/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-37 /tmp/sssd-softhsm2-Imo5hn/test-full-chain-CA.pem 381s + local certificate=/tmp/sssd-softhsm2-Imo5hn/test-root-CA-trusted-certificate-0001.pem 381s + local key_pass=pass:random-root-ca-trusted-cert-0001-37 381s + local key_ring=/tmp/sssd-softhsm2-Imo5hn/test-full-chain-CA.pem 381s + local verify_option= 381s + prepare_softhsm2_card /tmp/sssd-softhsm2-Imo5hn/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-37 381s + local certificate=/tmp/sssd-softhsm2-Imo5hn/test-root-CA-trusted-certificate-0001.pem 381s + local key_pass=pass:random-root-ca-trusted-cert-0001-37 381s + local key_cn 381s + local key_name 381s + local tokens_dir 381s + local output_cert_file 381s + token_name= 381s ++ basename /tmp/sssd-softhsm2-Imo5hn/test-root-CA-trusted-certificate-0001.pem .pem 381s + key_name=test-root-CA-trusted-certificate-0001 381s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-Imo5hn/test-root-CA-trusted-certificate-0001.pem 381s ++ sed -n 's/ *commonName *= //p' 381s + key_cn='Test Organization Root Trusted Certificate 0001' 381s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 381s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-Imo5hn/softhsm2-test-root-CA-trusted-certificate-0001.conf 381s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-Imo5hn/softhsm2-test-root-CA-trusted-certificate-0001.conf 381s ++ basename /tmp/sssd-softhsm2-Imo5hn/softhsm2-test-root-CA-trusted-certificate-0001.conf .conf 381s + tokens_dir=/tmp/sssd-softhsm2-Imo5hn/softhsm2-test-root-CA-trusted-certificate-0001 381s + token_name='Test Organization Root Tr Token' 381s + '[' '!' -e /tmp/sssd-softhsm2-Imo5hn/softhsm2-test-root-CA-trusted-certificate-0001.conf ']' 381s + '[' '!' -d /tmp/sssd-softhsm2-Imo5hn/softhsm2-test-root-CA-trusted-certificate-0001 ']' 381s + echo 'Test Organization Root Tr Token' 381s + '[' -n '' ']' 381s + local output_base_name=SSSD-child-19524 381s + local output_file=/tmp/sssd-softhsm2-Imo5hn/SSSD-child-19524.output 381s + output_cert_file=/tmp/sssd-softhsm2-Imo5hn/SSSD-child-19524.pem 381s Test Organization Root Tr Token 381s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so '' --ca_db=/tmp/sssd-softhsm2-Imo5hn/test-full-chain-CA.pem 381s [p11_child[2088]] [main] (0x0400): p11_child started. 381s [p11_child[2088]] [main] (0x2000): Running in [pre-auth] mode. 381s [p11_child[2088]] [main] (0x2000): Running with effective IDs: [0][0]. 381s [p11_child[2088]] [main] (0x2000): Running with real IDs [0][0]. 381s [p11_child[2088]] [do_card] (0x4000): Module List: 381s [p11_child[2088]] [do_card] (0x4000): common name: [softhsm2]. 381s [p11_child[2088]] [do_card] (0x4000): dll name: [/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 381s [p11_child[2088]] [do_card] (0x4000): Description [SoftHSM slot ID 0x7483605e] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 381s [p11_child[2088]] [do_card] (0x4000): Token label [Test Organization Root Tr Token]. 381s [p11_child[2088]] [do_card] (0x4000): Found [Test Organization Root Tr Token] in slot [SoftHSM slot ID 0x7483605e][1954766942] of module [0][/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 381s [p11_child[2088]] [do_card] (0x4000): Login NOT required. 381s [p11_child[2088]] [read_certs] (0x4000): found cert[Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] 381s [p11_child[2088]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 381s [p11_child[2088]] [do_card] (0x4000): /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so (null) Test Organization Root Tr Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 381s [p11_child[2088]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x7483605e;slot-manufacturer=SoftHSM%20project;slot-id=1954766942;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=db714e667483605e;token=Test%20Organization%20Root%20Tr%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Root%20Trusted%20Certificate%200001;type=cert. 381s [p11_child[2088]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 381s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-Imo5hn/SSSD-child-19524.output 381s + echo '-----BEGIN CERTIFICATE-----' 381s + tail -n1 /tmp/sssd-softhsm2-Imo5hn/SSSD-child-19524.output 381s + echo '-----END CERTIFICATE-----' 381s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-Imo5hn/SSSD-child-19524.pem 381s Certificate: 381s Data: 381s Version: 3 (0x2) 381s Serial Number: 3 (0x3) 381s Signature Algorithm: sha256WithRSAEncryption 381s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root CA 381s Validity 381s Not Before: Mar 22 00:37:07 2024 GMT 381s Not After : Mar 22 00:37:07 2025 GMT 381s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root Trusted Certificate 0001 381s Subject Public Key Info: 381s Public Key Algorithm: rsaEncryption 381s Public-Key: (1024 bit) 381s Modulus: 381s 00:a3:09:e0:d1:9c:a5:10:68:b0:48:ec:51:e9:1c: 381s 22:f9:cf:18:c3:4e:1d:30:a5:07:61:c2:74:ff:76: 381s 33:fc:9c:e5:ca:a9:b2:9b:8a:84:57:df:c3:fe:7d: 381s 78:cd:ec:a5:c8:4c:63:f1:05:32:17:fb:27:c9:a8: 381s e2:e8:d4:a3:7c:a5:e9:4b:6d:ea:af:12:56:c3:3c: 381s 63:9d:19:6d:69:2c:6c:8a:98:fc:25:9c:c6:bb:fa: 381s 02:5b:29:bd:4f:62:a9:e4:ad:d2:4b:2b:48:83:a9: 381s 91:85:2d:9f:b1:29:74:cf:92:2d:4b:99:6b:00:5f: 381s 49:9c:d1:4d:cf:6a:1f:56:07 381s Exponent: 65537 (0x10001) 381s X509v3 extensions: 381s X509v3 Authority Key Identifier: 381s 6B:18:49:2C:AF:CE:25:E3:00:8A:C9:D3:21:64:0D:9B:93:DB:62:38 381s X509v3 Basic Constraints: 381s CA:FALSE 381s Netscape Cert Type: 381s SSL Client, S/MIME 381s Netscape Comment: 381s Test Organization Root CA trusted Certificate 381s X509v3 Subject Key Identifier: 381s FD:D7:19:D6:DF:19:15:CC:2F:A0:22:EC:DF:0D:F7:63:A6:D7:9A:0D 381s X509v3 Key Usage: critical 381s Digital Signature, Non Repudiation, Key Encipherment 381s X509v3 Extended Key Usage: 381s TLS Web Client Authentication, E-mail Protection 381s X509v3 Subject Alternative Name: 381s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 381s Signature Algorithm: sha256WithRSAEncryption 381s Signature Value: 381s 4a:44:1a:01:36:22:0d:85:1a:a2:3c:78:6e:5e:4d:99:1b:ab: 381s 08:34:19:5f:ee:6a:30:8d:91:96:88:c6:c9:bf:1d:1d:c5:96: 381s 2f:69:b4:3a:50:c0:2e:be:af:53:f8:56:ea:dc:69:e6:c3:1b: 381s 29:87:4d:d8:13:c3:1c:10:ca:26:25:f0:54:cf:65:9e:97:86: 381s 82:4d:98:fe:45:2b:6e:ce:6e:a7:2d:3f:d9:d8:c7:09:68:1c: 381s 7c:02:31:ee:bd:c8:ae:0d:f4:68:52:90:86:ac:b5:c7:1a:88: 381s 3c:94:13:0c:a2:10:ac:06:7c:09:59:b7:75:cb:8a:e2:40:37: 381s 35:e2 381s + local found_md5 expected_md5 381s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-Imo5hn/test-root-CA-trusted-certificate-0001.pem 381s + expected_md5=Modulus=A309E0D19CA51068B048EC51E91C22F9CF18C34E1D30A50761C274FF7633FC9CE5CAA9B29B8A8457DFC3FE7D78CDECA5C84C63F1053217FB27C9A8E2E8D4A37CA5E94B6DEAAF1256C33C639D196D692C6C8A98FC259CC6BBFA025B29BD4F62A9E4ADD24B2B4883A991852D9FB12974CF922D4B996B005F499CD14DCF6A1F5607 381s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-Imo5hn/SSSD-child-19524.pem 381s + found_md5=Modulus=A309E0D19CA51068B048EC51E91C22F9CF18C34E1D30A50761C274FF7633FC9CE5CAA9B29B8A8457DFC3FE7D78CDECA5C84C63F1053217FB27C9A8E2E8D4A37CA5E94B6DEAAF1256C33C639D196D692C6C8A98FC259CC6BBFA025B29BD4F62A9E4ADD24B2B4883A991852D9FB12974CF922D4B996B005F499CD14DCF6A1F5607 381s + '[' Modulus=A309E0D19CA51068B048EC51E91C22F9CF18C34E1D30A50761C274FF7633FC9CE5CAA9B29B8A8457DFC3FE7D78CDECA5C84C63F1053217FB27C9A8E2E8D4A37CA5E94B6DEAAF1256C33C639D196D692C6C8A98FC259CC6BBFA025B29BD4F62A9E4ADD24B2B4883A991852D9FB12974CF922D4B996B005F499CD14DCF6A1F5607 '!=' Modulus=A309E0D19CA51068B048EC51E91C22F9CF18C34E1D30A50761C274FF7633FC9CE5CAA9B29B8A8457DFC3FE7D78CDECA5C84C63F1053217FB27C9A8E2E8D4A37CA5E94B6DEAAF1256C33C639D196D692C6C8A98FC259CC6BBFA025B29BD4F62A9E4ADD24B2B4883A991852D9FB12974CF922D4B996B005F499CD14DCF6A1F5607 ']' 381s + output_file=/tmp/sssd-softhsm2-Imo5hn/SSSD-child-19524-auth.output 381s ++ basename /tmp/sssd-softhsm2-Imo5hn/SSSD-child-19524-auth.output .output 381s + output_cert_file=/tmp/sssd-softhsm2-Imo5hn/SSSD-child-19524-auth.pem 381s + echo -n 053350 381s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/tmp/sssd-softhsm2-Imo5hn/test-full-chain-CA.pem --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 '' --token_name 'Test Organization Root Tr Token' --module_name /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so 381s [p11_child[2096]] [main] (0x0400): p11_child started. 381s [p11_child[2096]] [main] (0x2000): Running in [auth] mode. 381s [p11_child[2096]] [main] (0x2000): Running with effective IDs: [0][0]. 381s [p11_child[2096]] [main] (0x2000): Running with real IDs [0][0]. 381s [p11_child[2096]] [do_card] (0x4000): Module List: 381s [p11_child[2096]] [do_card] (0x4000): common name: [softhsm2]. 381s [p11_child[2096]] [do_card] (0x4000): dll name: [/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 381s [p11_child[2096]] [do_card] (0x4000): Description [SoftHSM slot ID 0x7483605e] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 381s [p11_child[2096]] [do_card] (0x4000): Token label [Test Organization Root Tr Token]. 381s [p11_child[2096]] [do_card] (0x4000): Found [Test Organization Root Tr Token] in slot [SoftHSM slot ID 0x7483605e][1954766942] of module [0][/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 381s [p11_child[2096]] [do_card] (0x4000): Login required. 381s [p11_child[2096]] [read_certs] (0x4000): found cert[Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] 381s [p11_child[2096]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 381s [p11_child[2096]] [do_card] (0x4000): /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so Test Organization Root Tr Token Test Organization Root Tr Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 381s [p11_child[2096]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x7483605e;slot-manufacturer=SoftHSM%20project;slot-id=1954766942;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=db714e667483605e;token=Test%20Organization%20Root%20Tr%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Root%20Trusted%20Certificate%200001;type=cert. 381s [p11_child[2096]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 381s [p11_child[2096]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 381s [p11_child[2096]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 381s [p11_child[2096]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 381s [p11_child[2096]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 381s [p11_child[2096]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 381s [p11_child[2096]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 381s [p11_child[2096]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 381s [p11_child[2096]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 381s [p11_child[2096]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 381s [p11_child[2096]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 381s [p11_child[2096]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 381s [p11_child[2096]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 381s [p11_child[2096]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 381s [p11_child[2096]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 381s [p11_child[2096]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 381s [p11_child[2096]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 381s [p11_child[2096]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 381s [p11_child[2096]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 381s [p11_child[2096]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 381s [p11_child[2096]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 381s [p11_child[2096]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 381s [p11_child[2096]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 381s [p11_child[2096]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 381s [p11_child[2096]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 381s [p11_child[2096]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 381s [p11_child[2096]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 381s [p11_child[2096]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 381s [p11_child[2096]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 381s [p11_child[2096]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 381s [p11_child[2096]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 381s [p11_child[2096]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 381s [p11_child[2096]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 381s [p11_child[2096]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 381s [p11_child[2096]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 381s [p11_child[2096]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 381s [p11_child[2096]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 381s [p11_child[2096]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 381s [p11_child[2096]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 381s [p11_child[2096]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 381s [p11_child[2096]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 381s [p11_child[2096]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 381s [p11_child[2096]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 381s [p11_child[2096]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 381s [p11_child[2096]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 381s [p11_child[2096]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 381s [p11_child[2096]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 381s [p11_child[2096]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 381s [p11_child[2096]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 381s [p11_child[2096]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 381s [p11_child[2096]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 381s [p11_child[2096]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 381s [p11_child[2096]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 381s [p11_child[2096]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 381s [p11_child[2096]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 381s [p11_child[2096]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 381s [p11_child[2096]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 381s [p11_child[2096]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 381s [p11_child[2096]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 381s [p11_child[2096]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 381s [p11_child[2096]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 381s [p11_child[2096]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 381s [p11_child[2096]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 381s [p11_child[2096]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 381s [p11_child[2096]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 381s [p11_child[2096]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 381s [p11_child[2096]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 381s [p11_child[2096]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 381s [p11_child[2096]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 381s [p11_child[2096]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 381s [p11_child[2096]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 381s [p11_child[2096]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 381s [p11_child[2096]] [do_card] (0x4000): Certificate verified and validated. 381s [p11_child[2096]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 381s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-Imo5hn/SSSD-child-19524-auth.output 381s + echo '-----BEGIN CERTIFICATE-----' 381s + tail -n1 /tmp/sssd-softhsm2-Imo5hn/SSSD-child-19524-auth.output 381s + echo '-----END CERTIFICATE-----' 381s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-Imo5hn/SSSD-child-19524-auth.pem 381s Certificate: 381s Data: 381s Version: 3 (0x2) 381s Serial Number: 3 (0x3) 381s Signature Algorithm: sha256WithRSAEncryption 381s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root CA 381s Validity 381s Not Before: Mar 22 00:37:07 2024 GMT 381s Not After : Mar 22 00:37:07 2025 GMT 381s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root Trusted Certificate 0001 381s Subject Public Key Info: 381s Public Key Algorithm: rsaEncryption 381s Public-Key: (1024 bit) 381s Modulus: 381s 00:a3:09:e0:d1:9c:a5:10:68:b0:48:ec:51:e9:1c: 381s 22:f9:cf:18:c3:4e:1d:30:a5:07:61:c2:74:ff:76: 381s 33:fc:9c:e5:ca:a9:b2:9b:8a:84:57:df:c3:fe:7d: 381s 78:cd:ec:a5:c8:4c:63:f1:05:32:17:fb:27:c9:a8: 381s e2:e8:d4:a3:7c:a5:e9:4b:6d:ea:af:12:56:c3:3c: 381s 63:9d:19:6d:69:2c:6c:8a:98:fc:25:9c:c6:bb:fa: 381s 02:5b:29:bd:4f:62:a9:e4:ad:d2:4b:2b:48:83:a9: 381s 91:85:2d:9f:b1:29:74:cf:92:2d:4b:99:6b:00:5f: 381s 49:9c:d1:4d:cf:6a:1f:56:07 381s Exponent: 65537 (0x10001) 381s X509v3 extensions: 381s X509v3 Authority Key Identifier: 381s 6B:18:49:2C:AF:CE:25:E3:00:8A:C9:D3:21:64:0D:9B:93:DB:62:38 381s X509v3 Basic Constraints: 381s CA:FALSE 381s Netscape Cert Type: 381s SSL Client, S/MIME 381s Netscape Comment: 381s Test Organization Root CA trusted Certificate 381s X509v3 Subject Key Identifier: 381s FD:D7:19:D6:DF:19:15:CC:2F:A0:22:EC:DF:0D:F7:63:A6:D7:9A:0D 381s X509v3 Key Usage: critical 381s Digital Signature, Non Repudiation, Key Encipherment 381s X509v3 Extended Key Usage: 381s TLS Web Client Authentication, E-mail Protection 381s X509v3 Subject Alternative Name: 381s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 381s Signature Algorithm: sha256WithRSAEncryption 381s Signature Value: 381s 4a:44:1a:01:36:22:0d:85:1a:a2:3c:78:6e:5e:4d:99:1b:ab: 381s 08:34:19:5f:ee:6a:30:8d:91:96:88:c6:c9:bf:1d:1d:c5:96: 381s 2f:69:b4:3a:50:c0:2e:be:af:53:f8:56:ea:dc:69:e6:c3:1b: 381s 29:87:4d:d8:13:c3:1c:10:ca:26:25:f0:54:cf:65:9e:97:86: 381s 82:4d:98:fe:45:2b:6e:ce:6e:a7:2d:3f:d9:d8:c7:09:68:1c: 381s 7c:02:31:ee:bd:c8:ae:0d:f4:68:52:90:86:ac:b5:c7:1a:88: 381s 3c:94:13:0c:a2:10:ac:06:7c:09:59:b7:75:cb:8a:e2:40:37: 381s 35:e2 381s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-Imo5hn/SSSD-child-19524-auth.pem 381s + found_md5=Modulus=A309E0D19CA51068B048EC51E91C22F9CF18C34E1D30A50761C274FF7633FC9CE5CAA9B29B8A8457DFC3FE7D78CDECA5C84C63F1053217FB27C9A8E2E8D4A37CA5E94B6DEAAF1256C33C639D196D692C6C8A98FC259CC6BBFA025B29BD4F62A9E4ADD24B2B4883A991852D9FB12974CF922D4B996B005F499CD14DCF6A1F5607 381s + '[' Modulus=A309E0D19CA51068B048EC51E91C22F9CF18C34E1D30A50761C274FF7633FC9CE5CAA9B29B8A8457DFC3FE7D78CDECA5C84C63F1053217FB27C9A8E2E8D4A37CA5E94B6DEAAF1256C33C639D196D692C6C8A98FC259CC6BBFA025B29BD4F62A9E4ADD24B2B4883A991852D9FB12974CF922D4B996B005F499CD14DCF6A1F5607 '!=' Modulus=A309E0D19CA51068B048EC51E91C22F9CF18C34E1D30A50761C274FF7633FC9CE5CAA9B29B8A8457DFC3FE7D78CDECA5C84C63F1053217FB27C9A8E2E8D4A37CA5E94B6DEAAF1256C33C639D196D692C6C8A98FC259CC6BBFA025B29BD4F62A9E4ADD24B2B4883A991852D9FB12974CF922D4B996B005F499CD14DCF6A1F5607 ']' 381s + valid_certificate /tmp/sssd-softhsm2-Imo5hn/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-37 /tmp/sssd-softhsm2-Imo5hn/test-full-chain-CA.pem partial_chain 381s + check_certificate /tmp/sssd-softhsm2-Imo5hn/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-37 /tmp/sssd-softhsm2-Imo5hn/test-full-chain-CA.pem partial_chain 381s + local certificate=/tmp/sssd-softhsm2-Imo5hn/test-root-CA-trusted-certificate-0001.pem 381s + local key_pass=pass:random-root-ca-trusted-cert-0001-37 381s + local key_ring=/tmp/sssd-softhsm2-Imo5hn/test-full-chain-CA.pem 381s + local verify_option=partial_chain 381s + prepare_softhsm2_card /tmp/sssd-softhsm2-Imo5hn/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-37 381s + local certificate=/tmp/sssd-softhsm2-Imo5hn/test-root-CA-trusted-certificate-0001.pem 381s + local key_pass=pass:random-root-ca-trusted-cert-0001-37 381s + local key_cn 381s + local key_name 381s + local tokens_dir 381s + local output_cert_file 381s + token_name= 381s ++ basename /tmp/sssd-softhsm2-Imo5hn/test-root-CA-trusted-certificate-0001.pem .pem 381s + key_name=test-root-CA-trusted-certificate-0001 381s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-Imo5hn/test-root-CA-trusted-certificate-0001.pem 381s ++ sed -n 's/ *commonName *= //p' 381s + key_cn='Test Organization Root Trusted Certificate 0001' 381s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 381s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-Imo5hn/softhsm2-test-root-CA-trusted-certificate-0001.conf 381s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-Imo5hn/softhsm2-test-root-CA-trusted-certificate-0001.conf 381s ++ basename /tmp/sssd-softhsm2-Imo5hn/softhsm2-test-root-CA-trusted-certificate-0001.conf .conf 381s + tokens_dir=/tmp/sssd-softhsm2-Imo5hn/softhsm2-test-root-CA-trusted-certificate-0001 381s + token_name='Test Organization Root Tr Token' 381s + '[' '!' -e /tmp/sssd-softhsm2-Imo5hn/softhsm2-test-root-CA-trusted-certificate-0001.conf ']' 381s + '[' '!' -d /tmp/sssd-softhsm2-Imo5hn/softhsm2-test-root-CA-trusted-certificate-0001 ']' 381s + echo 'Test Organization Root Tr Token' 381s + '[' -n partial_chain ']' 381s Test Organization Root Tr Token 381s + local verify_arg=--verify=partial_chain 381s + local output_base_name=SSSD-child-18042 381s + local output_file=/tmp/sssd-softhsm2-Imo5hn/SSSD-child-18042.output 381s + output_cert_file=/tmp/sssd-softhsm2-Imo5hn/SSSD-child-18042.pem 381s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so --verify=partial_chain --ca_db=/tmp/sssd-softhsm2-Imo5hn/test-full-chain-CA.pem 381s [p11_child[2106]] [main] (0x0400): p11_child started. 381s [p11_child[2106]] [main] (0x2000): Running in [pre-auth] mode. 381s [p11_child[2106]] [main] (0x2000): Running with effective IDs: [0][0]. 381s [p11_child[2106]] [main] (0x2000): Running with real IDs [0][0]. 381s [p11_child[2106]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 381s [p11_child[2106]] [do_card] (0x4000): Module List: 381s [p11_child[2106]] [do_card] (0x4000): common name: [softhsm2]. 381s [p11_child[2106]] [do_card] (0x4000): dll name: [/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 381s [p11_child[2106]] [do_card] (0x4000): Description [SoftHSM slot ID 0x7483605e] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 381s [p11_child[2106]] [do_card] (0x4000): Token label [Test Organization Root Tr Token]. 381s [p11_child[2106]] [do_card] (0x4000): Found [Test Organization Root Tr Token] in slot [SoftHSM slot ID 0x7483605e][1954766942] of module [0][/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 381s [p11_child[2106]] [do_card] (0x4000): Login NOT required. 381s [p11_child[2106]] [read_certs] (0x4000): found cert[Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] 381s [p11_child[2106]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 381s [p11_child[2106]] [do_card] (0x4000): /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so (null) Test Organization Root Tr Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 381s [p11_child[2106]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x7483605e;slot-manufacturer=SoftHSM%20project;slot-id=1954766942;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=db714e667483605e;token=Test%20Organization%20Root%20Tr%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Root%20Trusted%20Certificate%200001;type=cert. 381s [p11_child[2106]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 381s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-Imo5hn/SSSD-child-18042.output 381s + echo '-----BEGIN CERTIFICATE-----' 381s + tail -n1 /tmp/sssd-softhsm2-Imo5hn/SSSD-child-18042.output 381s + echo '-----END CERTIFICATE-----' 381s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-Imo5hn/SSSD-child-18042.pem 381s Certificate: 381s Data: 381s Version: 3 (0x2) 381s Serial Number: 3 (0x3) 381s Signature Algorithm: sha256WithRSAEncryption 381s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root CA 381s Validity 381s Not Before: Mar 22 00:37:07 2024 GMT 381s Not After : Mar 22 00:37:07 2025 GMT 381s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root Trusted Certificate 0001 381s Subject Public Key Info: 381s Public Key Algorithm: rsaEncryption 381s Public-Key: (1024 bit) 381s Modulus: 381s 00:a3:09:e0:d1:9c:a5:10:68:b0:48:ec:51:e9:1c: 381s 22:f9:cf:18:c3:4e:1d:30:a5:07:61:c2:74:ff:76: 381s 33:fc:9c:e5:ca:a9:b2:9b:8a:84:57:df:c3:fe:7d: 381s 78:cd:ec:a5:c8:4c:63:f1:05:32:17:fb:27:c9:a8: 381s e2:e8:d4:a3:7c:a5:e9:4b:6d:ea:af:12:56:c3:3c: 381s 63:9d:19:6d:69:2c:6c:8a:98:fc:25:9c:c6:bb:fa: 381s 02:5b:29:bd:4f:62:a9:e4:ad:d2:4b:2b:48:83:a9: 381s 91:85:2d:9f:b1:29:74:cf:92:2d:4b:99:6b:00:5f: 381s 49:9c:d1:4d:cf:6a:1f:56:07 381s Exponent: 65537 (0x10001) 381s X509v3 extensions: 381s X509v3 Authority Key Identifier: 381s 6B:18:49:2C:AF:CE:25:E3:00:8A:C9:D3:21:64:0D:9B:93:DB:62:38 381s X509v3 Basic Constraints: 381s CA:FALSE 381s Netscape Cert Type: 381s SSL Client, S/MIME 381s Netscape Comment: 381s Test Organization Root CA trusted Certificate 381s X509v3 Subject Key Identifier: 381s FD:D7:19:D6:DF:19:15:CC:2F:A0:22:EC:DF:0D:F7:63:A6:D7:9A:0D 381s X509v3 Key Usage: critical 381s Digital Signature, Non Repudiation, Key Encipherment 381s X509v3 Extended Key Usage: 381s TLS Web Client Authentication, E-mail Protection 381s X509v3 Subject Alternative Name: 381s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 381s Signature Algorithm: sha256WithRSAEncryption 381s Signature Value: 381s 4a:44:1a:01:36:22:0d:85:1a:a2:3c:78:6e:5e:4d:99:1b:ab: 381s 08:34:19:5f:ee:6a:30:8d:91:96:88:c6:c9:bf:1d:1d:c5:96: 381s 2f:69:b4:3a:50:c0:2e:be:af:53:f8:56:ea:dc:69:e6:c3:1b: 381s 29:87:4d:d8:13:c3:1c:10:ca:26:25:f0:54:cf:65:9e:97:86: 381s 82:4d:98:fe:45:2b:6e:ce:6e:a7:2d:3f:d9:d8:c7:09:68:1c: 381s 7c:02:31:ee:bd:c8:ae:0d:f4:68:52:90:86:ac:b5:c7:1a:88: 381s 3c:94:13:0c:a2:10:ac:06:7c:09:59:b7:75:cb:8a:e2:40:37: 381s 35:e2 381s + local found_md5 expected_md5 381s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-Imo5hn/test-root-CA-trusted-certificate-0001.pem 381s + expected_md5=Modulus=A309E0D19CA51068B048EC51E91C22F9CF18C34E1D30A50761C274FF7633FC9CE5CAA9B29B8A8457DFC3FE7D78CDECA5C84C63F1053217FB27C9A8E2E8D4A37CA5E94B6DEAAF1256C33C639D196D692C6C8A98FC259CC6BBFA025B29BD4F62A9E4ADD24B2B4883A991852D9FB12974CF922D4B996B005F499CD14DCF6A1F5607 381s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-Imo5hn/SSSD-child-18042.pem 381s + found_md5=Modulus=A309E0D19CA51068B048EC51E91C22F9CF18C34E1D30A50761C274FF7633FC9CE5CAA9B29B8A8457DFC3FE7D78CDECA5C84C63F1053217FB27C9A8E2E8D4A37CA5E94B6DEAAF1256C33C639D196D692C6C8A98FC259CC6BBFA025B29BD4F62A9E4ADD24B2B4883A991852D9FB12974CF922D4B996B005F499CD14DCF6A1F5607 381s + '[' Modulus=A309E0D19CA51068B048EC51E91C22F9CF18C34E1D30A50761C274FF7633FC9CE5CAA9B29B8A8457DFC3FE7D78CDECA5C84C63F1053217FB27C9A8E2E8D4A37CA5E94B6DEAAF1256C33C639D196D692C6C8A98FC259CC6BBFA025B29BD4F62A9E4ADD24B2B4883A991852D9FB12974CF922D4B996B005F499CD14DCF6A1F5607 '!=' Modulus=A309E0D19CA51068B048EC51E91C22F9CF18C34E1D30A50761C274FF7633FC9CE5CAA9B29B8A8457DFC3FE7D78CDECA5C84C63F1053217FB27C9A8E2E8D4A37CA5E94B6DEAAF1256C33C639D196D692C6C8A98FC259CC6BBFA025B29BD4F62A9E4ADD24B2B4883A991852D9FB12974CF922D4B996B005F499CD14DCF6A1F5607 ']' 381s + output_file=/tmp/sssd-softhsm2-Imo5hn/SSSD-child-18042-auth.output 381s ++ basename /tmp/sssd-softhsm2-Imo5hn/SSSD-child-18042-auth.output .output 381s + output_cert_file=/tmp/sssd-softhsm2-Imo5hn/SSSD-child-18042-auth.pem 381s + echo -n 053350 381s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/tmp/sssd-softhsm2-Imo5hn/test-full-chain-CA.pem --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 --verify=partial_chain --token_name 'Test Organization Root Tr Token' --module_name /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so 381s [p11_child[2114]] [main] (0x0400): p11_child started. 381s [p11_child[2114]] [main] (0x2000): Running in [auth] mode. 381s [p11_child[2114]] [main] (0x2000): Running with effective IDs: [0][0]. 381s [p11_child[2114]] [main] (0x2000): Running with real IDs [0][0]. 381s [p11_child[2114]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 381s [p11_child[2114]] [do_card] (0x4000): Module List: 381s [p11_child[2114]] [do_card] (0x4000): common name: [softhsm2]. 381s [p11_child[2114]] [do_card] (0x4000): dll name: [/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 381s [p11_child[2114]] [do_card] (0x4000): Description [SoftHSM slot ID 0x7483605e] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 381s [p11_child[2114]] [do_card] (0x4000): Token label [Test Organization Root Tr Token]. 381s [p11_child[2114]] [do_card] (0x4000): Found [Test Organization Root Tr Token] in slot [SoftHSM slot ID 0x7483605e][1954766942] of module [0][/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 381s [p11_child[2114]] [do_card] (0x4000): Login required. 381s [p11_child[2114]] [read_certs] (0x4000): found cert[Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] 381s [p11_child[2114]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 381s [p11_child[2114]] [do_card] (0x4000): /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so Test Organization Root Tr Token Test Organization Root Tr Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 381s [p11_child[2114]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x7483605e;slot-manufacturer=SoftHSM%20project;slot-id=1954766942;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=db714e667483605e;token=Test%20Organization%20Root%20Tr%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Root%20Trusted%20Certificate%200001;type=cert. 381s [p11_child[2114]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 381s [p11_child[2114]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 381s [p11_child[2114]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 381s [p11_child[2114]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 381s [p11_child[2114]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 381s [p11_child[2114]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 381s [p11_child[2114]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 381s [p11_child[2114]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 381s [p11_child[2114]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 381s [p11_child[2114]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 381s [p11_child[2114]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 381s [p11_child[2114]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 381s [p11_child[2114]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 381s [p11_child[2114]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 381s [p11_child[2114]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 381s [p11_child[2114]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 381s [p11_child[2114]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 381s [p11_child[2114]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 381s [p11_child[2114]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 381s [p11_child[2114]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 381s [p11_child[2114]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 381s [p11_child[2114]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 381s [p11_child[2114]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 381s [p11_child[2114]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 381s [p11_child[2114]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 381s [p11_child[2114]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 381s [p11_child[2114]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 381s [p11_child[2114]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 381s [p11_child[2114]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 381s [p11_child[2114]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 381s [p11_child[2114]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 381s [p11_child[2114]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 381s [p11_child[2114]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 381s [p11_child[2114]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 381s [p11_child[2114]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 381s [p11_child[2114]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 381s [p11_child[2114]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 381s [p11_child[2114]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 381s [p11_child[2114]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 381s [p11_child[2114]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 381s [p11_child[2114]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 381s [p11_child[2114]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 381s [p11_child[2114]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 381s [p11_child[2114]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 381s [p11_child[2114]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 381s [p11_child[2114]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 381s [p11_child[2114]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 381s [p11_child[2114]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 381s [p11_child[2114]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 381s [p11_child[2114]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 381s [p11_child[2114]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 381s [p11_child[2114]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 381s [p11_child[2114]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 381s [p11_child[2114]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 381s [p11_child[2114]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 381s [p11_child[2114]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 381s [p11_child[2114]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 381s [p11_child[2114]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 381s [p11_child[2114]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 381s [p11_child[2114]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 381s [p11_child[2114]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 381s [p11_child[2114]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 381s [p11_child[2114]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 381s [p11_child[2114]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 381s [p11_child[2114]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 381s [p11_child[2114]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 381s [p11_child[2114]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 381s [p11_child[2114]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 381s [p11_child[2114]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 381s [p11_child[2114]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 381s [p11_child[2114]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 381s [p11_child[2114]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 381s [p11_child[2114]] [do_card] (0x4000): Certificate verified and validated. 381s [p11_child[2114]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 381s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-Imo5hn/SSSD-child-18042-auth.output 381s + echo '-----BEGIN CERTIFICATE-----' 381s + tail -n1 /tmp/sssd-softhsm2-Imo5hn/SSSD-child-18042-auth.output 381s + echo '-----END CERTIFICATE-----' 381s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-Imo5hn/SSSD-child-18042-auth.pem 381s Certificate: 381s Data: 381s Version: 3 (0x2) 381s Serial Number: 3 (0x3) 381s Signature Algorithm: sha256WithRSAEncryption 381s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root CA 381s Validity 381s Not Before: Mar 22 00:37:07 2024 GMT 381s Not After : Mar 22 00:37:07 2025 GMT 381s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root Trusted Certificate 0001 381s Subject Public Key Info: 381s Public Key Algorithm: rsaEncryption 381s Public-Key: (1024 bit) 381s Modulus: 381s 00:a3:09:e0:d1:9c:a5:10:68:b0:48:ec:51:e9:1c: 381s 22:f9:cf:18:c3:4e:1d:30:a5:07:61:c2:74:ff:76: 381s 33:fc:9c:e5:ca:a9:b2:9b:8a:84:57:df:c3:fe:7d: 381s 78:cd:ec:a5:c8:4c:63:f1:05:32:17:fb:27:c9:a8: 381s e2:e8:d4:a3:7c:a5:e9:4b:6d:ea:af:12:56:c3:3c: 381s 63:9d:19:6d:69:2c:6c:8a:98:fc:25:9c:c6:bb:fa: 381s 02:5b:29:bd:4f:62:a9:e4:ad:d2:4b:2b:48:83:a9: 381s 91:85:2d:9f:b1:29:74:cf:92:2d:4b:99:6b:00:5f: 381s 49:9c:d1:4d:cf:6a:1f:56:07 381s Exponent: 65537 (0x10001) 381s X509v3 extensions: 381s X509v3 Authority Key Identifier: 381s 6B:18:49:2C:AF:CE:25:E3:00:8A:C9:D3:21:64:0D:9B:93:DB:62:38 381s X509v3 Basic Constraints: 381s CA:FALSE 381s Netscape Cert Type: 381s SSL Client, S/MIME 381s Netscape Comment: 381s Test Organization Root CA trusted Certificate 381s X509v3 Subject Key Identifier: 381s FD:D7:19:D6:DF:19:15:CC:2F:A0:22:EC:DF:0D:F7:63:A6:D7:9A:0D 381s X509v3 Key Usage: critical 381s Digital Signature, Non Repudiation, Key Encipherment 381s X509v3 Extended Key Usage: 381s TLS Web Client Authentication, E-mail Protection 381s X509v3 Subject Alternative Name: 381s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 381s Signature Algorithm: sha256WithRSAEncryption 381s Signature Value: 381s 4a:44:1a:01:36:22:0d:85:1a:a2:3c:78:6e:5e:4d:99:1b:ab: 381s 08:34:19:5f:ee:6a:30:8d:91:96:88:c6:c9:bf:1d:1d:c5:96: 381s 2f:69:b4:3a:50:c0:2e:be:af:53:f8:56:ea:dc:69:e6:c3:1b: 381s 29:87:4d:d8:13:c3:1c:10:ca:26:25:f0:54:cf:65:9e:97:86: 381s 82:4d:98:fe:45:2b:6e:ce:6e:a7:2d:3f:d9:d8:c7:09:68:1c: 381s 7c:02:31:ee:bd:c8:ae:0d:f4:68:52:90:86:ac:b5:c7:1a:88: 381s 3c:94:13:0c:a2:10:ac:06:7c:09:59:b7:75:cb:8a:e2:40:37: 381s 35:e2 381s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-Imo5hn/SSSD-child-18042-auth.pem 382s + found_md5=Modulus=A309E0D19CA51068B048EC51E91C22F9CF18C34E1D30A50761C274FF7633FC9CE5CAA9B29B8A8457DFC3FE7D78CDECA5C84C63F1053217FB27C9A8E2E8D4A37CA5E94B6DEAAF1256C33C639D196D692C6C8A98FC259CC6BBFA025B29BD4F62A9E4ADD24B2B4883A991852D9FB12974CF922D4B996B005F499CD14DCF6A1F5607 382s + '[' Modulus=A309E0D19CA51068B048EC51E91C22F9CF18C34E1D30A50761C274FF7633FC9CE5CAA9B29B8A8457DFC3FE7D78CDECA5C84C63F1053217FB27C9A8E2E8D4A37CA5E94B6DEAAF1256C33C639D196D692C6C8A98FC259CC6BBFA025B29BD4F62A9E4ADD24B2B4883A991852D9FB12974CF922D4B996B005F499CD14DCF6A1F5607 '!=' Modulus=A309E0D19CA51068B048EC51E91C22F9CF18C34E1D30A50761C274FF7633FC9CE5CAA9B29B8A8457DFC3FE7D78CDECA5C84C63F1053217FB27C9A8E2E8D4A37CA5E94B6DEAAF1256C33C639D196D692C6C8A98FC259CC6BBFA025B29BD4F62A9E4ADD24B2B4883A991852D9FB12974CF922D4B996B005F499CD14DCF6A1F5607 ']' 382s + invalid_certificate /tmp/sssd-softhsm2-Imo5hn/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-37 /tmp/sssd-softhsm2-Imo5hn/test-intermediate-CA.pem 382s + check_certificate /tmp/sssd-softhsm2-Imo5hn/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-37 /tmp/sssd-softhsm2-Imo5hn/test-intermediate-CA.pem 382s + local certificate=/tmp/sssd-softhsm2-Imo5hn/test-root-CA-trusted-certificate-0001.pem 382s + local key_pass=pass:random-root-ca-trusted-cert-0001-37 382s + local key_ring=/tmp/sssd-softhsm2-Imo5hn/test-intermediate-CA.pem 382s + local verify_option= 382s + prepare_softhsm2_card /tmp/sssd-softhsm2-Imo5hn/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-37 382s + local certificate=/tmp/sssd-softhsm2-Imo5hn/test-root-CA-trusted-certificate-0001.pem 382s + local key_pass=pass:random-root-ca-trusted-cert-0001-37 382s + local key_cn 382s + local key_name 382s + local tokens_dir 382s + local output_cert_file 382s + token_name= 382s ++ basename /tmp/sssd-softhsm2-Imo5hn/test-root-CA-trusted-certificate-0001.pem .pem 382s + key_name=test-root-CA-trusted-certificate-0001 382s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-Imo5hn/test-root-CA-trusted-certificate-0001.pem 382s ++ sed -n 's/ *commonName *= //p' 382s + key_cn='Test Organization Root Trusted Certificate 0001' 382s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 382s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-Imo5hn/softhsm2-test-root-CA-trusted-certificate-0001.conf 382s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-Imo5hn/softhsm2-test-root-CA-trusted-certificate-0001.conf 382s ++ basename /tmp/sssd-softhsm2-Imo5hn/softhsm2-test-root-CA-trusted-certificate-0001.conf .conf 382s + tokens_dir=/tmp/sssd-softhsm2-Imo5hn/softhsm2-test-root-CA-trusted-certificate-0001 382s + token_name='Test Organization Root Tr Token' 382s + '[' '!' -e /tmp/sssd-softhsm2-Imo5hn/softhsm2-test-root-CA-trusted-certificate-0001.conf ']' 382s + '[' '!' -d /tmp/sssd-softhsm2-Imo5hn/softhsm2-test-root-CA-trusted-certificate-0001 ']' 382s + echo 'Test Organization Root Tr Token' 382s + '[' -n '' ']' 382s + local output_base_name=SSSD-child-4774 382s + local output_file=/tmp/sssd-softhsm2-Imo5hn/SSSD-child-4774.output 382s Test Organization Root Tr Token 382s + output_cert_file=/tmp/sssd-softhsm2-Imo5hn/SSSD-child-4774.pem 382s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so '' --ca_db=/tmp/sssd-softhsm2-Imo5hn/test-intermediate-CA.pem 382s [p11_child[2124]] [main] (0x0400): p11_child started. 382s [p11_child[2124]] [main] (0x2000): Running in [pre-auth] mode. 382s [p11_child[2124]] [main] (0x2000): Running with effective IDs: [0][0]. 382s [p11_child[2124]] [main] (0x2000): Running with real IDs [0][0]. 382s [p11_child[2124]] [do_card] (0x4000): Module List: 382s [p11_child[2124]] [do_card] (0x4000): common name: [softhsm2]. 382s [p11_child[2124]] [do_card] (0x4000): dll name: [/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 382s [p11_child[2124]] [do_card] (0x4000): Description [SoftHSM slot ID 0x7483605e] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 382s [p11_child[2124]] [do_card] (0x4000): Token label [Test Organization Root Tr Token]. 382s [p11_child[2124]] [do_card] (0x4000): Found [Test Organization Root Tr Token] in slot [SoftHSM slot ID 0x7483605e][1954766942] of module [0][/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 382s [p11_child[2124]] [do_card] (0x4000): Login NOT required. 382s [p11_child[2124]] [read_certs] (0x4000): found cert[Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] 382s [p11_child[2124]] [do_verification] (0x0040): X509_verify_cert failed [0]. 382s [p11_child[2124]] [do_verification] (0x0040): X509_verify_cert failed [20][unable to get local issuer certificate]. 382s [p11_child[2124]] [read_certs] (0x0040): Certificate [Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] not valid, skipping. 382s [p11_child[2124]] [do_card] (0x4000): No certificate found. 382s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-Imo5hn/SSSD-child-4774.output 382s + return 2 382s + invalid_certificate /tmp/sssd-softhsm2-Imo5hn/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-37 /tmp/sssd-softhsm2-Imo5hn/test-intermediate-CA.pem partial_chain 382s + check_certificate /tmp/sssd-softhsm2-Imo5hn/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-37 /tmp/sssd-softhsm2-Imo5hn/test-intermediate-CA.pem partial_chain 382s + local certificate=/tmp/sssd-softhsm2-Imo5hn/test-root-CA-trusted-certificate-0001.pem 382s + local key_pass=pass:random-root-ca-trusted-cert-0001-37 382s + local key_ring=/tmp/sssd-softhsm2-Imo5hn/test-intermediate-CA.pem 382s + local verify_option=partial_chain 382s + prepare_softhsm2_card /tmp/sssd-softhsm2-Imo5hn/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-37 382s + local certificate=/tmp/sssd-softhsm2-Imo5hn/test-root-CA-trusted-certificate-0001.pem 382s + local key_pass=pass:random-root-ca-trusted-cert-0001-37 382s + local key_cn 382s + local key_name 382s + local tokens_dir 382s + local output_cert_file 382s + token_name= 382s ++ basename /tmp/sssd-softhsm2-Imo5hn/test-root-CA-trusted-certificate-0001.pem .pem 382s + key_name=test-root-CA-trusted-certificate-0001 382s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-Imo5hn/test-root-CA-trusted-certificate-0001.pem 382s ++ sed -n 's/ *commonName *= //p' 382s + key_cn='Test Organization Root Trusted Certificate 0001' 382s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 382s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-Imo5hn/softhsm2-test-root-CA-trusted-certificate-0001.conf 382s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-Imo5hn/softhsm2-test-root-CA-trusted-certificate-0001.conf 382s ++ basename /tmp/sssd-softhsm2-Imo5hn/softhsm2-test-root-CA-trusted-certificate-0001.conf .conf 382s + tokens_dir=/tmp/sssd-softhsm2-Imo5hn/softhsm2-test-root-CA-trusted-certificate-0001 382s + token_name='Test Organization Root Tr Token' 382s + '[' '!' -e /tmp/sssd-softhsm2-Imo5hn/softhsm2-test-root-CA-trusted-certificate-0001.conf ']' 382s + '[' '!' -d /tmp/sssd-softhsm2-Imo5hn/softhsm2-test-root-CA-trusted-certificate-0001 ']' 382s + echo 'Test Organization Root Tr Token' 382s + '[' -n partial_chain ']' 382s Test Organization Root Tr Token 382s + local verify_arg=--verify=partial_chain 382s + local output_base_name=SSSD-child-31446 382s + local output_file=/tmp/sssd-softhsm2-Imo5hn/SSSD-child-31446.output 382s + output_cert_file=/tmp/sssd-softhsm2-Imo5hn/SSSD-child-31446.pem 382s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so --verify=partial_chain --ca_db=/tmp/sssd-softhsm2-Imo5hn/test-intermediate-CA.pem 382s [p11_child[2131]] [main] (0x0400): p11_child started. 382s [p11_child[2131]] [main] (0x2000): Running in [pre-auth] mode. 382s [p11_child[2131]] [main] (0x2000): Running with effective IDs: [0][0]. 382s [p11_child[2131]] [main] (0x2000): Running with real IDs [0][0]. 382s [p11_child[2131]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 382s [p11_child[2131]] [do_card] (0x4000): Module List: 382s [p11_child[2131]] [do_card] (0x4000): common name: [softhsm2]. 382s [p11_child[2131]] [do_card] (0x4000): dll name: [/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 382s [p11_child[2131]] [do_card] (0x4000): Description [SoftHSM slot ID 0x7483605e] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 382s [p11_child[2131]] [do_card] (0x4000): Token label [Test Organization Root Tr Token]. 382s [p11_child[2131]] [do_card] (0x4000): Found [Test Organization Root Tr Token] in slot [SoftHSM slot ID 0x7483605e][1954766942] of module [0][/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 382s [p11_child[2131]] [do_card] (0x4000): Login NOT required. 382s [p11_child[2131]] [read_certs] (0x4000): found cert[Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] 382s [p11_child[2131]] [do_verification] (0x0040): X509_verify_cert failed [0]. 382s [p11_child[2131]] [do_verification] (0x0040): X509_verify_cert failed [20][unable to get local issuer certificate]. 382s [p11_child[2131]] [read_certs] (0x0040): Certificate [Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] not valid, skipping. 382s [p11_child[2131]] [do_card] (0x4000): No certificate found. 382s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-Imo5hn/SSSD-child-31446.output 382s + return 2 382s + invalid_certificate /tmp/sssd-softhsm2-Imo5hn/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-31809 /dev/null 382s + check_certificate /tmp/sssd-softhsm2-Imo5hn/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-31809 /dev/null 382s + local certificate=/tmp/sssd-softhsm2-Imo5hn/test-intermediate-CA-trusted-certificate-0001.pem 382s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-31809 382s + local key_ring=/dev/null 382s + local verify_option= 382s + prepare_softhsm2_card /tmp/sssd-softhsm2-Imo5hn/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-31809 382s + local certificate=/tmp/sssd-softhsm2-Imo5hn/test-intermediate-CA-trusted-certificate-0001.pem 382s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-31809 382s + local key_cn 382s + local key_name 382s + local tokens_dir 382s + local output_cert_file 382s + token_name= 382s ++ basename /tmp/sssd-softhsm2-Imo5hn/test-intermediate-CA-trusted-certificate-0001.pem .pem 382s + key_name=test-intermediate-CA-trusted-certificate-0001 382s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-Imo5hn/test-intermediate-CA-trusted-certificate-0001.pem 382s ++ sed -n 's/ *commonName *= //p' 382s + key_cn='Test Organization Intermediate Trusted Certificate 0001' 382s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 382s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-Imo5hn/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 382s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-Imo5hn/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 382s ++ basename /tmp/sssd-softhsm2-Imo5hn/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf .conf 382s + tokens_dir=/tmp/sssd-softhsm2-Imo5hn/softhsm2-test-intermediate-CA-trusted-certificate-0001 382s + token_name='Test Organization Interme Token' 382s + '[' '!' -e /tmp/sssd-softhsm2-Imo5hn/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf ']' 382s + local key_file 382s + local decrypted_key 382s + mkdir -p /tmp/sssd-softhsm2-Imo5hn/softhsm2-test-intermediate-CA-trusted-certificate-0001 382s + key_file=/tmp/sssd-softhsm2-Imo5hn/test-intermediate-CA-trusted-certificate-0001-key.pem 382s + decrypted_key=/tmp/sssd-softhsm2-Imo5hn/test-intermediate-CA-trusted-certificate-0001-key-decrypted.pem 382s + cat 382s + softhsm2-util --init-token --label 'Test Organization Interme Token' --pin 053350 --so-pin 053350 --free 382s Slot 0 has a free/uninitialized token. 382s The token has been initialized and is reassigned to slot 724886217 382s + softhsm2-util --show-slots 382s Available slots: 382s Slot 724886217 382s Slot info: 382s Description: SoftHSM slot ID 0x2b34e2c9 382s Manufacturer ID: SoftHSM project 382s Hardware version: 2.6 382s Firmware version: 2.6 382s Token present: yes 382s Token info: 382s Manufacturer ID: SoftHSM project 382s Model: SoftHSM v2 382s Hardware version: 2.6 382s Firmware version: 2.6 382s Serial number: 0e9ce75a2b34e2c9 382s Initialized: yes 382s User PIN init.: yes 382s Label: Test Organization Interme Token 382s Slot 1 382s Slot info: 382s Description: SoftHSM slot ID 0x1 382s Manufacturer ID: SoftHSM project 382s Hardware version: 2.6 382s Firmware version: 2.6 382s Token present: yes 382s Token info: 382s Manufacturer ID: SoftHSM project 382s Model: SoftHSM v2 382s Hardware version: 2.6 382s Firmware version: 2.6 382s Serial number: 382s Initialized: no 382s User PIN init.: no 382s Label: 382s + p11tool --provider=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so --write --no-mark-private --load-certificate=/tmp/sssd-softhsm2-Imo5hn/test-intermediate-CA-trusted-certificate-0001.pem --login --set-pin=053350 --label 'Test Organization Intermediate Trusted Certificate 0001' --id 00112233445566778899FFAABBCCDDEEFF012345 382s + openssl rsa -passin pass:random-intermediate-ca-trusted-cert-0001-31809 -in /tmp/sssd-softhsm2-Imo5hn/test-intermediate-CA-trusted-certificate-0001-key.pem -out /tmp/sssd-softhsm2-Imo5hn/test-intermediate-CA-trusted-certificate-0001-key-decrypted.pem 382s writing RSA key 382s + p11tool --provider=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so --write --load-privkey=/tmp/sssd-softhsm2-Imo5hn/test-intermediate-CA-trusted-certificate-0001-key-decrypted.pem --login --set-pin=053350 --label 'Test Organization Intermediate Trusted Certificate 0001 Key' --id 00112233445566778899FFAABBCCDDEEFF012345 382s + rm /tmp/sssd-softhsm2-Imo5hn/test-intermediate-CA-trusted-certificate-0001-key-decrypted.pem 382s + p11tool --provider=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so --list-all 382s + echo 'Test Organization Interme Token' 382s + '[' -n '' ']' 382s + local output_base_name=SSSD-child-20020 382s + local output_file=/tmp/sssd-softhsm2-Imo5hn/SSSD-child-20020.output 382s + output_cert_file=/tmp/sssd-softhsm2-Imo5hn/SSSD-child-20020.pem 382s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so '' --ca_db=/dev/null 382s Object 0: 382s URL: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=0e9ce75a2b34e2c9;token=Test%20Organization%20Interme%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Intermediate%20Trusted%20Certificate%200001;type=cert 382s Type: X.509 Certificate (RSA-1024) 382s Expires: Sat Mar 22 00:37:07 2025 382s Label: Test Organization Intermediate Trusted Certificate 0001 382s ID: 00:11:22:33:44:55:66:77:88:99:ff:aa:bb:cc:dd:ee:ff:01:23:45 382s 382s Test Organization Interme Token 382s [p11_child[2147]] [main] (0x0400): p11_child started. 382s [p11_child[2147]] [main] (0x2000): Running in [pre-auth] mode. 382s [p11_child[2147]] [main] (0x2000): Running with effective IDs: [0][0]. 382s [p11_child[2147]] [main] (0x2000): Running with real IDs [0][0]. 382s [p11_child[2147]] [init_verification] (0x0040): X509_LOOKUP_load_file [/dev/null] failed [92274824][error:05800088:x509 certificate routines::no certificate or crl found]. 382s [p11_child[2147]] [do_work] (0x0040): init_verification failed. 382s [p11_child[2147]] [main] (0x0020): p11_child failed (5) 382s + return 2 382s + valid_certificate /tmp/sssd-softhsm2-Imo5hn/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-31809 /dev/null no_verification 382s + check_certificate /tmp/sssd-softhsm2-Imo5hn/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-31809 /dev/null no_verification 382s + local certificate=/tmp/sssd-softhsm2-Imo5hn/test-intermediate-CA-trusted-certificate-0001.pem 382s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-31809 382s + local key_ring=/dev/null 382s + local verify_option=no_verification 382s + prepare_softhsm2_card /tmp/sssd-softhsm2-Imo5hn/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-31809 382s + local certificate=/tmp/sssd-softhsm2-Imo5hn/test-intermediate-CA-trusted-certificate-0001.pem 382s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-31809 382s + local key_cn 382s + local key_name 382s + local tokens_dir 382s + local output_cert_file 382s + token_name= 382s ++ basename /tmp/sssd-softhsm2-Imo5hn/test-intermediate-CA-trusted-certificate-0001.pem .pem 382s + key_name=test-intermediate-CA-trusted-certificate-0001 382s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-Imo5hn/test-intermediate-CA-trusted-certificate-0001.pem 382s ++ sed -n 's/ *commonName *= //p' 382s + key_cn='Test Organization Intermediate Trusted Certificate 0001' 382s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 382s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-Imo5hn/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 382s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-Imo5hn/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 382s ++ basename /tmp/sssd-softhsm2-Imo5hn/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf .conf 382s + tokens_dir=/tmp/sssd-softhsm2-Imo5hn/softhsm2-test-intermediate-CA-trusted-certificate-0001 382s + token_name='Test Organization Interme Token' 382s + '[' '!' -e /tmp/sssd-softhsm2-Imo5hn/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf ']' 382s + '[' '!' -d /tmp/sssd-softhsm2-Imo5hn/softhsm2-test-intermediate-CA-trusted-certificate-0001 ']' 382s Test Organization Interme Token 382s + echo 'Test Organization Interme Token' 382s + '[' -n no_verification ']' 382s + local verify_arg=--verify=no_verification 382s + local output_base_name=SSSD-child-13172 382s + local output_file=/tmp/sssd-softhsm2-Imo5hn/SSSD-child-13172.output 382s + output_cert_file=/tmp/sssd-softhsm2-Imo5hn/SSSD-child-13172.pem 382s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so --verify=no_verification --ca_db=/dev/null 382s [p11_child[2153]] [main] (0x0400): p11_child started. 382s [p11_child[2153]] [main] (0x2000): Running in [pre-auth] mode. 382s [p11_child[2153]] [main] (0x2000): Running with effective IDs: [0][0]. 382s [p11_child[2153]] [main] (0x2000): Running with real IDs [0][0]. 382s [p11_child[2153]] [parse_cert_verify_opts] (0x0020): Found 'no_verification' option, disabling verification completely. This should not be used in production. 382s [p11_child[2153]] [do_card] (0x4000): Module List: 382s [p11_child[2153]] [do_card] (0x4000): common name: [softhsm2]. 382s [p11_child[2153]] [do_card] (0x4000): dll name: [/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 382s [p11_child[2153]] [do_card] (0x4000): Description [SoftHSM slot ID 0x2b34e2c9] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 382s [p11_child[2153]] [do_card] (0x4000): Token label [Test Organization Interme Token]. 382s [p11_child[2153]] [do_card] (0x4000): Found [Test Organization Interme Token] in slot [SoftHSM slot ID 0x2b34e2c9][724886217] of module [0][/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 382s [p11_child[2153]] [do_card] (0x4000): Login NOT required. 382s [p11_child[2153]] [read_certs] (0x4000): found cert[Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] 382s [p11_child[2153]] [do_card] (0x4000): /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so (null) Test Organization Interme Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 382s [p11_child[2153]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x2b34e2c9;slot-manufacturer=SoftHSM%20project;slot-id=724886217;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=0e9ce75a2b34e2c9;token=Test%20Organization%20Interme%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Intermediate%20Trusted%20Certificate%200001;type=cert. 382s [p11_child[2153]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 382s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-Imo5hn/SSSD-child-13172.output 382s + echo '-----BEGIN CERTIFICATE-----' 382s + tail -n1 /tmp/sssd-softhsm2-Imo5hn/SSSD-child-13172.output 382s + echo '-----END CERTIFICATE-----' 382s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-Imo5hn/SSSD-child-13172.pem 382s Certificate: 382s Data: 382s Version: 3 (0x2) 382s Serial Number: 4 (0x4) 382s Signature Algorithm: sha256WithRSAEncryption 382s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate CA 382s Validity 382s Not Before: Mar 22 00:37:07 2024 GMT 382s Not After : Mar 22 00:37:07 2025 GMT 382s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate Trusted Certificate 0001 382s Subject Public Key Info: 382s Public Key Algorithm: rsaEncryption 382s Public-Key: (1024 bit) 382s Modulus: 382s 00:eb:32:af:cf:07:3b:e1:2a:af:d4:cd:6d:d9:51: 382s 82:bf:20:2d:f7:5d:17:c8:69:cb:1d:0e:31:89:01: 382s de:3b:8b:87:8a:ff:0d:88:fc:8c:eb:29:97:fe:d6: 382s f7:5b:1b:fc:f9:f7:64:5b:08:af:f3:1f:c3:95:6e: 382s b4:3a:77:b4:0d:ee:39:8d:fd:63:43:f2:38:1c:f6: 382s 27:71:90:e4:7b:da:83:5e:22:da:98:a1:83:d7:de: 382s 47:79:b8:9d:34:9a:c0:41:86:a7:f9:48:ba:e2:7c: 382s a6:d8:21:7b:62:55:05:c2:f3:b3:c0:af:fc:95:28: 382s b6:a7:a8:8e:2d:39:a7:f0:eb 382s Exponent: 65537 (0x10001) 382s X509v3 extensions: 382s X509v3 Authority Key Identifier: 382s 01:84:CA:D2:23:C6:5A:69:0C:AD:22:5B:D5:67:A9:32:97:6E:24:05 382s X509v3 Basic Constraints: 382s CA:FALSE 382s Netscape Cert Type: 382s SSL Client, S/MIME 382s Netscape Comment: 382s Test Organization Intermediate CA trusted Certificate 382s X509v3 Subject Key Identifier: 382s BC:34:B4:AB:87:CE:AC:3B:EA:57:3C:2D:23:02:E2:97:6B:31:C1:7D 382s X509v3 Key Usage: critical 382s Digital Signature, Non Repudiation, Key Encipherment 382s X509v3 Extended Key Usage: 382s TLS Web Client Authentication, E-mail Protection 382s X509v3 Subject Alternative Name: 382s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 382s Signature Algorithm: sha256WithRSAEncryption 382s Signature Value: 382s 48:35:4f:93:86:e6:53:d3:f4:61:52:2d:88:75:a9:c2:cf:c4: 382s 3f:96:97:99:60:f1:e8:cc:ba:85:2e:44:73:3d:fb:d8:6b:05: 382s ba:90:ec:fb:ee:78:32:1c:e7:80:d8:e8:a2:81:24:22:00:69: 382s ed:87:be:89:6f:3f:70:5d:1d:94:03:ef:ce:37:22:4d:72:80: 382s 91:20:a7:af:b5:7a:ba:dc:61:ea:ca:1a:2f:33:ac:d8:38:17: 382s 76:26:9c:27:ec:aa:ee:9b:2c:90:c8:9c:02:20:af:ad:17:57: 382s aa:23:2f:16:c5:1a:8b:e8:a1:d1:5b:44:a1:a7:7e:7b:eb:d1: 382s 19:1c 382s + local found_md5 expected_md5 382s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-Imo5hn/test-intermediate-CA-trusted-certificate-0001.pem 382s + expected_md5=Modulus=EB32AFCF073BE12AAFD4CD6DD95182BF202DF75D17C869CB1D0E318901DE3B8B878AFF0D88FC8CEB2997FED6F75B1BFCF9F7645B08AFF31FC3956EB43A77B40DEE398DFD6343F2381CF6277190E47BDA835E22DA98A183D7DE4779B89D349AC04186A7F948BAE27CA6D8217B625505C2F3B3C0AFFC9528B6A7A88E2D39A7F0EB 382s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-Imo5hn/SSSD-child-13172.pem 382s + found_md5=Modulus=EB32AFCF073BE12AAFD4CD6DD95182BF202DF75D17C869CB1D0E318901DE3B8B878AFF0D88FC8CEB2997FED6F75B1BFCF9F7645B08AFF31FC3956EB43A77B40DEE398DFD6343F2381CF6277190E47BDA835E22DA98A183D7DE4779B89D349AC04186A7F948BAE27CA6D8217B625505C2F3B3C0AFFC9528B6A7A88E2D39A7F0EB 382s + '[' Modulus=EB32AFCF073BE12AAFD4CD6DD95182BF202DF75D17C869CB1D0E318901DE3B8B878AFF0D88FC8CEB2997FED6F75B1BFCF9F7645B08AFF31FC3956EB43A77B40DEE398DFD6343F2381CF6277190E47BDA835E22DA98A183D7DE4779B89D349AC04186A7F948BAE27CA6D8217B625505C2F3B3C0AFFC9528B6A7A88E2D39A7F0EB '!=' Modulus=EB32AFCF073BE12AAFD4CD6DD95182BF202DF75D17C869CB1D0E318901DE3B8B878AFF0D88FC8CEB2997FED6F75B1BFCF9F7645B08AFF31FC3956EB43A77B40DEE398DFD6343F2381CF6277190E47BDA835E22DA98A183D7DE4779B89D349AC04186A7F948BAE27CA6D8217B625505C2F3B3C0AFFC9528B6A7A88E2D39A7F0EB ']' 382s + output_file=/tmp/sssd-softhsm2-Imo5hn/SSSD-child-13172-auth.output 382s ++ basename /tmp/sssd-softhsm2-Imo5hn/SSSD-child-13172-auth.output .output 382s + output_cert_file=/tmp/sssd-softhsm2-Imo5hn/SSSD-child-13172-auth.pem 382s + echo -n 053350 382s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/dev/null --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 --verify=no_verification --token_name 'Test Organization Interme Token' --module_name /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so 382s [p11_child[2161]] [main] (0x0400): p11_child started. 382s [p11_child[2161]] [main] (0x2000): Running in [auth] mode. 382s [p11_child[2161]] [main] (0x2000): Running with effective IDs: [0][0]. 382s [p11_child[2161]] [main] (0x2000): Running with real IDs [0][0]. 382s [p11_child[2161]] [parse_cert_verify_opts] (0x0020): Found 'no_verification' option, disabling verification completely. This should not be used in production. 382s [p11_child[2161]] [do_card] (0x4000): Module List: 382s [p11_child[2161]] [do_card] (0x4000): common name: [softhsm2]. 382s [p11_child[2161]] [do_card] (0x4000): dll name: [/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 382s [p11_child[2161]] [do_card] (0x4000): Description [SoftHSM slot ID 0x2b34e2c9] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 382s [p11_child[2161]] [do_card] (0x4000): Token label [Test Organization Interme Token]. 382s [p11_child[2161]] [do_card] (0x4000): Found [Test Organization Interme Token] in slot [SoftHSM slot ID 0x2b34e2c9][724886217] of module [0][/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 382s [p11_child[2161]] [do_card] (0x4000): Login required. 382s [p11_child[2161]] [read_certs] (0x4000): found cert[Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] 382s [p11_child[2161]] [do_card] (0x4000): /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so Test Organization Interme Token Test Organization Interme Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 382s [p11_child[2161]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x2b34e2c9;slot-manufacturer=SoftHSM%20project;slot-id=724886217;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=0e9ce75a2b34e2c9;token=Test%20Organization%20Interme%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Intermediate%20Trusted%20Certificate%200001;type=cert. 382s [p11_child[2161]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 382s [p11_child[2161]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 382s [p11_child[2161]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 382s [p11_child[2161]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 382s [p11_child[2161]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 382s [p11_child[2161]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 382s [p11_child[2161]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 382s [p11_child[2161]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 382s [p11_child[2161]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 382s [p11_child[2161]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 382s [p11_child[2161]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 382s [p11_child[2161]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 382s [p11_child[2161]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 382s [p11_child[2161]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 382s [p11_child[2161]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 382s [p11_child[2161]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 382s [p11_child[2161]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 382s [p11_child[2161]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 382s [p11_child[2161]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 382s [p11_child[2161]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 382s [p11_child[2161]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 382s [p11_child[2161]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 382s [p11_child[2161]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 382s [p11_child[2161]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 382s [p11_child[2161]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 382s [p11_child[2161]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 382s [p11_child[2161]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 382s [p11_child[2161]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 382s [p11_child[2161]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 382s [p11_child[2161]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 382s [p11_child[2161]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 382s [p11_child[2161]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 382s [p11_child[2161]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 382s [p11_child[2161]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 382s [p11_child[2161]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 382s [p11_child[2161]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 382s [p11_child[2161]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 382s [p11_child[2161]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 382s [p11_child[2161]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 382s [p11_child[2161]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 382s [p11_child[2161]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 382s [p11_child[2161]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 382s [p11_child[2161]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 382s [p11_child[2161]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 382s [p11_child[2161]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 382s [p11_child[2161]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 382s [p11_child[2161]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 382s [p11_child[2161]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 382s [p11_child[2161]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 382s [p11_child[2161]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 382s [p11_child[2161]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 382s [p11_child[2161]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 382s [p11_child[2161]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 382s [p11_child[2161]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 382s [p11_child[2161]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 382s [p11_child[2161]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 382s [p11_child[2161]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 382s [p11_child[2161]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 382s [p11_child[2161]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 382s [p11_child[2161]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 382s [p11_child[2161]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 382s [p11_child[2161]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 382s [p11_child[2161]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 382s [p11_child[2161]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 382s [p11_child[2161]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 382s [p11_child[2161]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 382s [p11_child[2161]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 382s [p11_child[2161]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 382s [p11_child[2161]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 382s [p11_child[2161]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 382s [p11_child[2161]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 382s [p11_child[2161]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 382s [p11_child[2161]] [do_card] (0x4000): Certificate verified and validated. 382s [p11_child[2161]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 382s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-Imo5hn/SSSD-child-13172-auth.output 382s + echo '-----BEGIN CERTIFICATE-----' 382s + tail -n1 /tmp/sssd-softhsm2-Imo5hn/SSSD-child-13172-auth.output 382s + echo '-----END CERTIFICATE-----' 382s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-Imo5hn/SSSD-child-13172-auth.pem 382s Certificate: 382s Data: 382s Version: 3 (0x2) 382s Serial Number: 4 (0x4) 382s Signature Algorithm: sha256WithRSAEncryption 382s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate CA 382s Validity 382s Not Before: Mar 22 00:37:07 2024 GMT 382s Not After : Mar 22 00:37:07 2025 GMT 382s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate Trusted Certificate 0001 382s Subject Public Key Info: 382s Public Key Algorithm: rsaEncryption 382s Public-Key: (1024 bit) 382s Modulus: 382s 00:eb:32:af:cf:07:3b:e1:2a:af:d4:cd:6d:d9:51: 382s 82:bf:20:2d:f7:5d:17:c8:69:cb:1d:0e:31:89:01: 382s de:3b:8b:87:8a:ff:0d:88:fc:8c:eb:29:97:fe:d6: 382s f7:5b:1b:fc:f9:f7:64:5b:08:af:f3:1f:c3:95:6e: 382s b4:3a:77:b4:0d:ee:39:8d:fd:63:43:f2:38:1c:f6: 382s 27:71:90:e4:7b:da:83:5e:22:da:98:a1:83:d7:de: 382s 47:79:b8:9d:34:9a:c0:41:86:a7:f9:48:ba:e2:7c: 382s a6:d8:21:7b:62:55:05:c2:f3:b3:c0:af:fc:95:28: 382s b6:a7:a8:8e:2d:39:a7:f0:eb 382s Exponent: 65537 (0x10001) 382s X509v3 extensions: 382s X509v3 Authority Key Identifier: 382s 01:84:CA:D2:23:C6:5A:69:0C:AD:22:5B:D5:67:A9:32:97:6E:24:05 382s X509v3 Basic Constraints: 382s CA:FALSE 382s Netscape Cert Type: 382s SSL Client, S/MIME 382s Netscape Comment: 382s Test Organization Intermediate CA trusted Certificate 382s X509v3 Subject Key Identifier: 382s BC:34:B4:AB:87:CE:AC:3B:EA:57:3C:2D:23:02:E2:97:6B:31:C1:7D 382s X509v3 Key Usage: critical 382s Digital Signature, Non Repudiation, Key Encipherment 382s X509v3 Extended Key Usage: 382s TLS Web Client Authentication, E-mail Protection 382s X509v3 Subject Alternative Name: 382s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 382s Signature Algorithm: sha256WithRSAEncryption 382s Signature Value: 382s 48:35:4f:93:86:e6:53:d3:f4:61:52:2d:88:75:a9:c2:cf:c4: 382s 3f:96:97:99:60:f1:e8:cc:ba:85:2e:44:73:3d:fb:d8:6b:05: 382s ba:90:ec:fb:ee:78:32:1c:e7:80:d8:e8:a2:81:24:22:00:69: 382s ed:87:be:89:6f:3f:70:5d:1d:94:03:ef:ce:37:22:4d:72:80: 382s 91:20:a7:af:b5:7a:ba:dc:61:ea:ca:1a:2f:33:ac:d8:38:17: 382s 76:26:9c:27:ec:aa:ee:9b:2c:90:c8:9c:02:20:af:ad:17:57: 382s aa:23:2f:16:c5:1a:8b:e8:a1:d1:5b:44:a1:a7:7e:7b:eb:d1: 382s 19:1c 382s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-Imo5hn/SSSD-child-13172-auth.pem 382s + found_md5=Modulus=EB32AFCF073BE12AAFD4CD6DD95182BF202DF75D17C869CB1D0E318901DE3B8B878AFF0D88FC8CEB2997FED6F75B1BFCF9F7645B08AFF31FC3956EB43A77B40DEE398DFD6343F2381CF6277190E47BDA835E22DA98A183D7DE4779B89D349AC04186A7F948BAE27CA6D8217B625505C2F3B3C0AFFC9528B6A7A88E2D39A7F0EB 382s + '[' Modulus=EB32AFCF073BE12AAFD4CD6DD95182BF202DF75D17C869CB1D0E318901DE3B8B878AFF0D88FC8CEB2997FED6F75B1BFCF9F7645B08AFF31FC3956EB43A77B40DEE398DFD6343F2381CF6277190E47BDA835E22DA98A183D7DE4779B89D349AC04186A7F948BAE27CA6D8217B625505C2F3B3C0AFFC9528B6A7A88E2D39A7F0EB '!=' Modulus=EB32AFCF073BE12AAFD4CD6DD95182BF202DF75D17C869CB1D0E318901DE3B8B878AFF0D88FC8CEB2997FED6F75B1BFCF9F7645B08AFF31FC3956EB43A77B40DEE398DFD6343F2381CF6277190E47BDA835E22DA98A183D7DE4779B89D349AC04186A7F948BAE27CA6D8217B625505C2F3B3C0AFFC9528B6A7A88E2D39A7F0EB ']' 382s + invalid_certificate /tmp/sssd-softhsm2-Imo5hn/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-31809 /tmp/sssd-softhsm2-Imo5hn/test-root-CA.pem 382s + check_certificate /tmp/sssd-softhsm2-Imo5hn/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-31809 /tmp/sssd-softhsm2-Imo5hn/test-root-CA.pem 382s + local certificate=/tmp/sssd-softhsm2-Imo5hn/test-intermediate-CA-trusted-certificate-0001.pem 382s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-31809 382s + local key_ring=/tmp/sssd-softhsm2-Imo5hn/test-root-CA.pem 382s + local verify_option= 382s + prepare_softhsm2_card /tmp/sssd-softhsm2-Imo5hn/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-31809 382s + local certificate=/tmp/sssd-softhsm2-Imo5hn/test-intermediate-CA-trusted-certificate-0001.pem 382s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-31809 382s + local key_cn 382s + local key_name 382s + local tokens_dir 382s + local output_cert_file 382s + token_name= 382s ++ basename /tmp/sssd-softhsm2-Imo5hn/test-intermediate-CA-trusted-certificate-0001.pem .pem 382s + key_name=test-intermediate-CA-trusted-certificate-0001 382s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-Imo5hn/test-intermediate-CA-trusted-certificate-0001.pem 382s ++ sed -n 's/ *commonName *= //p' 382s + key_cn='Test Organization Intermediate Trusted Certificate 0001' 382s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 382s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-Imo5hn/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 382s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-Imo5hn/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 382s ++ basename /tmp/sssd-softhsm2-Imo5hn/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf .conf 382s + tokens_dir=/tmp/sssd-softhsm2-Imo5hn/softhsm2-test-intermediate-CA-trusted-certificate-0001 382s + token_name='Test Organization Interme Token' 382s + '[' '!' -e /tmp/sssd-softhsm2-Imo5hn/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf ']' 382s + '[' '!' -d /tmp/sssd-softhsm2-Imo5hn/softhsm2-test-intermediate-CA-trusted-certificate-0001 ']' 382s + echo 'Test Organization Interme Token' 382s Test Organization Interme Token 382s + '[' -n '' ']' 382s + local output_base_name=SSSD-child-2354 382s + local output_file=/tmp/sssd-softhsm2-Imo5hn/SSSD-child-2354.output 382s + output_cert_file=/tmp/sssd-softhsm2-Imo5hn/SSSD-child-2354.pem 382s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so '' --ca_db=/tmp/sssd-softhsm2-Imo5hn/test-root-CA.pem 382s [p11_child[2171]] [main] (0x0400): p11_child started. 382s [p11_child[2171]] [main] (0x2000): Running in [pre-auth] mode. 382s [p11_child[2171]] [main] (0x2000): Running with effective IDs: [0][0]. 382s [p11_child[2171]] [main] (0x2000): Running with real IDs [0][0]. 382s [p11_child[2171]] [do_card] (0x4000): Module List: 382s [p11_child[2171]] [do_card] (0x4000): common name: [softhsm2]. 382s [p11_child[2171]] [do_card] (0x4000): dll name: [/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 382s [p11_child[2171]] [do_card] (0x4000): Description [SoftHSM slot ID 0x2b34e2c9] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 382s [p11_child[2171]] [do_card] (0x4000): Token label [Test Organization Interme Token]. 382s [p11_child[2171]] [do_card] (0x4000): Found [Test Organization Interme Token] in slot [SoftHSM slot ID 0x2b34e2c9][724886217] of module [0][/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 382s [p11_child[2171]] [do_card] (0x4000): Login NOT required. 382s [p11_child[2171]] [read_certs] (0x4000): found cert[Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] 382s [p11_child[2171]] [do_verification] (0x0040): X509_verify_cert failed [0]. 382s [p11_child[2171]] [do_verification] (0x0040): X509_verify_cert failed [20][unable to get local issuer certificate]. 382s [p11_child[2171]] [read_certs] (0x0040): Certificate [Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] not valid, skipping. 382s [p11_child[2171]] [do_card] (0x4000): No certificate found. 382s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-Imo5hn/SSSD-child-2354.output 382s + return 2 382s + invalid_certificate /tmp/sssd-softhsm2-Imo5hn/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-31809 /tmp/sssd-softhsm2-Imo5hn/test-root-CA.pem partial_chain 382s + check_certificate /tmp/sssd-softhsm2-Imo5hn/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-31809 /tmp/sssd-softhsm2-Imo5hn/test-root-CA.pem partial_chain 382s + local certificate=/tmp/sssd-softhsm2-Imo5hn/test-intermediate-CA-trusted-certificate-0001.pem 382s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-31809 382s + local key_ring=/tmp/sssd-softhsm2-Imo5hn/test-root-CA.pem 382s + local verify_option=partial_chain 382s + prepare_softhsm2_card /tmp/sssd-softhsm2-Imo5hn/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-31809 382s + local certificate=/tmp/sssd-softhsm2-Imo5hn/test-intermediate-CA-trusted-certificate-0001.pem 382s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-31809 382s + local key_cn 382s + local key_name 382s + local tokens_dir 382s + local output_cert_file 382s + token_name= 382s ++ basename /tmp/sssd-softhsm2-Imo5hn/test-intermediate-CA-trusted-certificate-0001.pem .pem 382s + key_name=test-intermediate-CA-trusted-certificate-0001 382s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-Imo5hn/test-intermediate-CA-trusted-certificate-0001.pem 382s ++ sed -n 's/ *commonName *= //p' 382s + key_cn='Test Organization Intermediate Trusted Certificate 0001' 382s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 382s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-Imo5hn/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 382s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-Imo5hn/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 382s ++ basename /tmp/sssd-softhsm2-Imo5hn/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf .conf 382s + tokens_dir=/tmp/sssd-softhsm2-Imo5hn/softhsm2-test-intermediate-CA-trusted-certificate-0001 382s + token_name='Test Organization Interme Token' 382s + '[' '!' -e /tmp/sssd-softhsm2-Imo5hn/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf ']' 382s + '[' '!' -d /tmp/sssd-softhsm2-Imo5hn/softhsm2-test-intermediate-CA-trusted-certificate-0001 ']' 382s Test Organization Interme Token 382s + echo 'Test Organization Interme Token' 382s + '[' -n partial_chain ']' 382s + local verify_arg=--verify=partial_chain 382s + local output_base_name=SSSD-child-4488 382s + local output_file=/tmp/sssd-softhsm2-Imo5hn/SSSD-child-4488.output 382s + output_cert_file=/tmp/sssd-softhsm2-Imo5hn/SSSD-child-4488.pem 382s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so --verify=partial_chain --ca_db=/tmp/sssd-softhsm2-Imo5hn/test-root-CA.pem 382s [p11_child[2178]] [main] (0x0400): p11_child started. 382s [p11_child[2178]] [main] (0x2000): Running in [pre-auth] mode. 382s [p11_child[2178]] [main] (0x2000): Running with effective IDs: [0][0]. 382s [p11_child[2178]] [main] (0x2000): Running with real IDs [0][0]. 382s [p11_child[2178]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 382s [p11_child[2178]] [do_card] (0x4000): Module List: 382s [p11_child[2178]] [do_card] (0x4000): common name: [softhsm2]. 382s [p11_child[2178]] [do_card] (0x4000): dll name: [/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 382s [p11_child[2178]] [do_card] (0x4000): Description [SoftHSM slot ID 0x2b34e2c9] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 382s [p11_child[2178]] [do_card] (0x4000): Token label [Test Organization Interme Token]. 382s [p11_child[2178]] [do_card] (0x4000): Found [Test Organization Interme Token] in slot [SoftHSM slot ID 0x2b34e2c9][724886217] of module [0][/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 382s [p11_child[2178]] [do_card] (0x4000): Login NOT required. 382s [p11_child[2178]] [read_certs] (0x4000): found cert[Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] 382s [p11_child[2178]] [do_verification] (0x0040): X509_verify_cert failed [0]. 382s [p11_child[2178]] [do_verification] (0x0040): X509_verify_cert failed [20][unable to get local issuer certificate]. 382s [p11_child[2178]] [read_certs] (0x0040): Certificate [Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] not valid, skipping. 382s [p11_child[2178]] [do_card] (0x4000): No certificate found. 382s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-Imo5hn/SSSD-child-4488.output 382s + return 2 382s + valid_certificate /tmp/sssd-softhsm2-Imo5hn/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-31809 /tmp/sssd-softhsm2-Imo5hn/test-full-chain-CA.pem 382s + check_certificate /tmp/sssd-softhsm2-Imo5hn/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-31809 /tmp/sssd-softhsm2-Imo5hn/test-full-chain-CA.pem 382s + local certificate=/tmp/sssd-softhsm2-Imo5hn/test-intermediate-CA-trusted-certificate-0001.pem 382s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-31809 382s + local key_ring=/tmp/sssd-softhsm2-Imo5hn/test-full-chain-CA.pem 382s + local verify_option= 382s + prepare_softhsm2_card /tmp/sssd-softhsm2-Imo5hn/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-31809 382s + local certificate=/tmp/sssd-softhsm2-Imo5hn/test-intermediate-CA-trusted-certificate-0001.pem 382s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-31809 382s + local key_cn 382s + local key_name 382s + local tokens_dir 382s + local output_cert_file 382s + token_name= 382s ++ basename /tmp/sssd-softhsm2-Imo5hn/test-intermediate-CA-trusted-certificate-0001.pem .pem 382s + key_name=test-intermediate-CA-trusted-certificate-0001 382s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-Imo5hn/test-intermediate-CA-trusted-certificate-0001.pem 382s ++ sed -n 's/ *commonName *= //p' 382s + key_cn='Test Organization Intermediate Trusted Certificate 0001' 382s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 382s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-Imo5hn/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 382s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-Imo5hn/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 382s ++ basename /tmp/sssd-softhsm2-Imo5hn/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf .conf 382s + tokens_dir=/tmp/sssd-softhsm2-Imo5hn/softhsm2-test-intermediate-CA-trusted-certificate-0001 382s + token_name='Test Organization Interme Token' 382s + '[' '!' -e /tmp/sssd-softhsm2-Imo5hn/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf ']' 382s + '[' '!' -d /tmp/sssd-softhsm2-Imo5hn/softhsm2-test-intermediate-CA-trusted-certificate-0001 ']' 382s + echo 'Test Organization Interme Token' 382s + '[' -n '' ']' 382s + local output_base_name=SSSD-child-16718 382s + local output_file=/tmp/sssd-softhsm2-Imo5hn/SSSD-child-16718.output 382s Test Organization Interme Token 382s + output_cert_file=/tmp/sssd-softhsm2-Imo5hn/SSSD-child-16718.pem 382s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so '' --ca_db=/tmp/sssd-softhsm2-Imo5hn/test-full-chain-CA.pem 383s [p11_child[2185]] [main] (0x0400): p11_child started. 383s [p11_child[2185]] [main] (0x2000): Running in [pre-auth] mode. 383s [p11_child[2185]] [main] (0x2000): Running with effective IDs: [0][0]. 383s [p11_child[2185]] [main] (0x2000): Running with real IDs [0][0]. 383s [p11_child[2185]] [do_card] (0x4000): Module List: 383s [p11_child[2185]] [do_card] (0x4000): common name: [softhsm2]. 383s [p11_child[2185]] [do_card] (0x4000): dll name: [/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 383s [p11_child[2185]] [do_card] (0x4000): Description [SoftHSM slot ID 0x2b34e2c9] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 383s [p11_child[2185]] [do_card] (0x4000): Token label [Test Organization Interme Token]. 383s [p11_child[2185]] [do_card] (0x4000): Found [Test Organization Interme Token] in slot [SoftHSM slot ID 0x2b34e2c9][724886217] of module [0][/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 383s [p11_child[2185]] [do_card] (0x4000): Login NOT required. 383s [p11_child[2185]] [read_certs] (0x4000): found cert[Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] 383s [p11_child[2185]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 383s [p11_child[2185]] [do_card] (0x4000): /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so (null) Test Organization Interme Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 383s [p11_child[2185]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x2b34e2c9;slot-manufacturer=SoftHSM%20project;slot-id=724886217;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=0e9ce75a2b34e2c9;token=Test%20Organization%20Interme%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Intermediate%20Trusted%20Certificate%200001;type=cert. 383s [p11_child[2185]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 383s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-Imo5hn/SSSD-child-16718.output 383s + echo '-----BEGIN CERTIFICATE-----' 383s + tail -n1 /tmp/sssd-softhsm2-Imo5hn/SSSD-child-16718.output 383s + echo '-----END CERTIFICATE-----' 383s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-Imo5hn/SSSD-child-16718.pem 383s Certificate: 383s Data: 383s Version: 3 (0x2) 383s Serial Number: 4 (0x4) 383s Signature Algorithm: sha256WithRSAEncryption 383s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate CA 383s Validity 383s Not Before: Mar 22 00:37:07 2024 GMT 383s Not After : Mar 22 00:37:07 2025 GMT 383s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate Trusted Certificate 0001 383s Subject Public Key Info: 383s Public Key Algorithm: rsaEncryption 383s Public-Key: (1024 bit) 383s Modulus: 383s 00:eb:32:af:cf:07:3b:e1:2a:af:d4:cd:6d:d9:51: 383s 82:bf:20:2d:f7:5d:17:c8:69:cb:1d:0e:31:89:01: 383s de:3b:8b:87:8a:ff:0d:88:fc:8c:eb:29:97:fe:d6: 383s f7:5b:1b:fc:f9:f7:64:5b:08:af:f3:1f:c3:95:6e: 383s b4:3a:77:b4:0d:ee:39:8d:fd:63:43:f2:38:1c:f6: 383s 27:71:90:e4:7b:da:83:5e:22:da:98:a1:83:d7:de: 383s 47:79:b8:9d:34:9a:c0:41:86:a7:f9:48:ba:e2:7c: 383s a6:d8:21:7b:62:55:05:c2:f3:b3:c0:af:fc:95:28: 383s b6:a7:a8:8e:2d:39:a7:f0:eb 383s Exponent: 65537 (0x10001) 383s X509v3 extensions: 383s X509v3 Authority Key Identifier: 383s 01:84:CA:D2:23:C6:5A:69:0C:AD:22:5B:D5:67:A9:32:97:6E:24:05 383s X509v3 Basic Constraints: 383s CA:FALSE 383s Netscape Cert Type: 383s SSL Client, S/MIME 383s Netscape Comment: 383s Test Organization Intermediate CA trusted Certificate 383s X509v3 Subject Key Identifier: 383s BC:34:B4:AB:87:CE:AC:3B:EA:57:3C:2D:23:02:E2:97:6B:31:C1:7D 383s X509v3 Key Usage: critical 383s Digital Signature, Non Repudiation, Key Encipherment 383s X509v3 Extended Key Usage: 383s TLS Web Client Authentication, E-mail Protection 383s X509v3 Subject Alternative Name: 383s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 383s Signature Algorithm: sha256WithRSAEncryption 383s Signature Value: 383s 48:35:4f:93:86:e6:53:d3:f4:61:52:2d:88:75:a9:c2:cf:c4: 383s 3f:96:97:99:60:f1:e8:cc:ba:85:2e:44:73:3d:fb:d8:6b:05: 383s ba:90:ec:fb:ee:78:32:1c:e7:80:d8:e8:a2:81:24:22:00:69: 383s ed:87:be:89:6f:3f:70:5d:1d:94:03:ef:ce:37:22:4d:72:80: 383s 91:20:a7:af:b5:7a:ba:dc:61:ea:ca:1a:2f:33:ac:d8:38:17: 383s 76:26:9c:27:ec:aa:ee:9b:2c:90:c8:9c:02:20:af:ad:17:57: 383s aa:23:2f:16:c5:1a:8b:e8:a1:d1:5b:44:a1:a7:7e:7b:eb:d1: 383s 19:1c 383s + local found_md5 expected_md5 383s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-Imo5hn/test-intermediate-CA-trusted-certificate-0001.pem 383s + expected_md5=Modulus=EB32AFCF073BE12AAFD4CD6DD95182BF202DF75D17C869CB1D0E318901DE3B8B878AFF0D88FC8CEB2997FED6F75B1BFCF9F7645B08AFF31FC3956EB43A77B40DEE398DFD6343F2381CF6277190E47BDA835E22DA98A183D7DE4779B89D349AC04186A7F948BAE27CA6D8217B625505C2F3B3C0AFFC9528B6A7A88E2D39A7F0EB 383s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-Imo5hn/SSSD-child-16718.pem 383s + found_md5=Modulus=EB32AFCF073BE12AAFD4CD6DD95182BF202DF75D17C869CB1D0E318901DE3B8B878AFF0D88FC8CEB2997FED6F75B1BFCF9F7645B08AFF31FC3956EB43A77B40DEE398DFD6343F2381CF6277190E47BDA835E22DA98A183D7DE4779B89D349AC04186A7F948BAE27CA6D8217B625505C2F3B3C0AFFC9528B6A7A88E2D39A7F0EB 383s + '[' Modulus=EB32AFCF073BE12AAFD4CD6DD95182BF202DF75D17C869CB1D0E318901DE3B8B878AFF0D88FC8CEB2997FED6F75B1BFCF9F7645B08AFF31FC3956EB43A77B40DEE398DFD6343F2381CF6277190E47BDA835E22DA98A183D7DE4779B89D349AC04186A7F948BAE27CA6D8217B625505C2F3B3C0AFFC9528B6A7A88E2D39A7F0EB '!=' Modulus=EB32AFCF073BE12AAFD4CD6DD95182BF202DF75D17C869CB1D0E318901DE3B8B878AFF0D88FC8CEB2997FED6F75B1BFCF9F7645B08AFF31FC3956EB43A77B40DEE398DFD6343F2381CF6277190E47BDA835E22DA98A183D7DE4779B89D349AC04186A7F948BAE27CA6D8217B625505C2F3B3C0AFFC9528B6A7A88E2D39A7F0EB ']' 383s + output_file=/tmp/sssd-softhsm2-Imo5hn/SSSD-child-16718-auth.output 383s ++ basename /tmp/sssd-softhsm2-Imo5hn/SSSD-child-16718-auth.output .output 383s + output_cert_file=/tmp/sssd-softhsm2-Imo5hn/SSSD-child-16718-auth.pem 383s + echo -n 053350 383s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/tmp/sssd-softhsm2-Imo5hn/test-full-chain-CA.pem --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 '' --token_name 'Test Organization Interme Token' --module_name /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so 383s [p11_child[2193]] [main] (0x0400): p11_child started. 383s [p11_child[2193]] [main] (0x2000): Running in [auth] mode. 383s [p11_child[2193]] [main] (0x2000): Running with effective IDs: [0][0]. 383s [p11_child[2193]] [main] (0x2000): Running with real IDs [0][0]. 383s [p11_child[2193]] [do_card] (0x4000): Module List: 383s [p11_child[2193]] [do_card] (0x4000): common name: [softhsm2]. 383s [p11_child[2193]] [do_card] (0x4000): dll name: [/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 383s [p11_child[2193]] [do_card] (0x4000): Description [SoftHSM slot ID 0x2b34e2c9] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 383s [p11_child[2193]] [do_card] (0x4000): Token label [Test Organization Interme Token]. 383s [p11_child[2193]] [do_card] (0x4000): Found [Test Organization Interme Token] in slot [SoftHSM slot ID 0x2b34e2c9][724886217] of module [0][/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 383s [p11_child[2193]] [do_card] (0x4000): Login required. 383s [p11_child[2193]] [read_certs] (0x4000): found cert[Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] 383s [p11_child[2193]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 383s [p11_child[2193]] [do_card] (0x4000): /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so Test Organization Interme Token Test Organization Interme Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 383s [p11_child[2193]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x2b34e2c9;slot-manufacturer=SoftHSM%20project;slot-id=724886217;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=0e9ce75a2b34e2c9;token=Test%20Organization%20Interme%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Intermediate%20Trusted%20Certificate%200001;type=cert. 383s [p11_child[2193]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 383s [p11_child[2193]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 383s [p11_child[2193]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 383s [p11_child[2193]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 383s [p11_child[2193]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 383s [p11_child[2193]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 383s [p11_child[2193]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 383s [p11_child[2193]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 383s [p11_child[2193]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 383s [p11_child[2193]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 383s [p11_child[2193]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 383s [p11_child[2193]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 383s [p11_child[2193]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 383s [p11_child[2193]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 383s [p11_child[2193]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 383s [p11_child[2193]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 383s [p11_child[2193]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 383s [p11_child[2193]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 383s [p11_child[2193]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 383s [p11_child[2193]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 383s [p11_child[2193]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 383s [p11_child[2193]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 383s [p11_child[2193]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 383s [p11_child[2193]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 383s [p11_child[2193]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 383s [p11_child[2193]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 383s [p11_child[2193]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 383s [p11_child[2193]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 383s [p11_child[2193]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 383s [p11_child[2193]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 383s [p11_child[2193]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 383s [p11_child[2193]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 383s [p11_child[2193]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 383s [p11_child[2193]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 383s [p11_child[2193]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 383s [p11_child[2193]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 383s [p11_child[2193]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 383s [p11_child[2193]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 383s [p11_child[2193]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 383s [p11_child[2193]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 383s [p11_child[2193]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 383s [p11_child[2193]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 383s [p11_child[2193]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 383s [p11_child[2193]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 383s [p11_child[2193]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 383s [p11_child[2193]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 383s [p11_child[2193]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 383s [p11_child[2193]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 383s [p11_child[2193]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 383s [p11_child[2193]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 383s [p11_child[2193]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 383s [p11_child[2193]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 383s [p11_child[2193]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 383s [p11_child[2193]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 383s [p11_child[2193]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 383s [p11_child[2193]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 383s [p11_child[2193]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 383s [p11_child[2193]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 383s [p11_child[2193]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 383s [p11_child[2193]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 383s [p11_child[2193]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 383s [p11_child[2193]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 383s [p11_child[2193]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 383s [p11_child[2193]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 383s [p11_child[2193]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 383s [p11_child[2193]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 383s [p11_child[2193]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 383s [p11_child[2193]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 383s [p11_child[2193]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 383s [p11_child[2193]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 383s [p11_child[2193]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 383s [p11_child[2193]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 383s [p11_child[2193]] [do_card] (0x4000): Certificate verified and validated. 383s [p11_child[2193]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 383s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-Imo5hn/SSSD-child-16718-auth.output 383s + echo '-----BEGIN CERTIFICATE-----' 383s + tail -n1 /tmp/sssd-softhsm2-Imo5hn/SSSD-child-16718-auth.output 383s + echo '-----END CERTIFICATE-----' 383s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-Imo5hn/SSSD-child-16718-auth.pem 383s Certificate: 383s Data: 383s Version: 3 (0x2) 383s Serial Number: 4 (0x4) 383s Signature Algorithm: sha256WithRSAEncryption 383s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate CA 383s Validity 383s Not Before: Mar 22 00:37:07 2024 GMT 383s Not After : Mar 22 00:37:07 2025 GMT 383s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate Trusted Certificate 0001 383s Subject Public Key Info: 383s Public Key Algorithm: rsaEncryption 383s Public-Key: (1024 bit) 383s Modulus: 383s 00:eb:32:af:cf:07:3b:e1:2a:af:d4:cd:6d:d9:51: 383s 82:bf:20:2d:f7:5d:17:c8:69:cb:1d:0e:31:89:01: 383s de:3b:8b:87:8a:ff:0d:88:fc:8c:eb:29:97:fe:d6: 383s f7:5b:1b:fc:f9:f7:64:5b:08:af:f3:1f:c3:95:6e: 383s b4:3a:77:b4:0d:ee:39:8d:fd:63:43:f2:38:1c:f6: 383s 27:71:90:e4:7b:da:83:5e:22:da:98:a1:83:d7:de: 383s 47:79:b8:9d:34:9a:c0:41:86:a7:f9:48:ba:e2:7c: 383s a6:d8:21:7b:62:55:05:c2:f3:b3:c0:af:fc:95:28: 383s b6:a7:a8:8e:2d:39:a7:f0:eb 383s Exponent: 65537 (0x10001) 383s X509v3 extensions: 383s X509v3 Authority Key Identifier: 383s 01:84:CA:D2:23:C6:5A:69:0C:AD:22:5B:D5:67:A9:32:97:6E:24:05 383s X509v3 Basic Constraints: 383s CA:FALSE 383s Netscape Cert Type: 383s SSL Client, S/MIME 383s Netscape Comment: 383s Test Organization Intermediate CA trusted Certificate 383s X509v3 Subject Key Identifier: 383s BC:34:B4:AB:87:CE:AC:3B:EA:57:3C:2D:23:02:E2:97:6B:31:C1:7D 383s X509v3 Key Usage: critical 383s Digital Signature, Non Repudiation, Key Encipherment 383s X509v3 Extended Key Usage: 383s TLS Web Client Authentication, E-mail Protection 383s X509v3 Subject Alternative Name: 383s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 383s Signature Algorithm: sha256WithRSAEncryption 383s Signature Value: 383s 48:35:4f:93:86:e6:53:d3:f4:61:52:2d:88:75:a9:c2:cf:c4: 383s 3f:96:97:99:60:f1:e8:cc:ba:85:2e:44:73:3d:fb:d8:6b:05: 383s ba:90:ec:fb:ee:78:32:1c:e7:80:d8:e8:a2:81:24:22:00:69: 383s ed:87:be:89:6f:3f:70:5d:1d:94:03:ef:ce:37:22:4d:72:80: 383s 91:20:a7:af:b5:7a:ba:dc:61:ea:ca:1a:2f:33:ac:d8:38:17: 383s 76:26:9c:27:ec:aa:ee:9b:2c:90:c8:9c:02:20:af:ad:17:57: 383s aa:23:2f:16:c5:1a:8b:e8:a1:d1:5b:44:a1:a7:7e:7b:eb:d1: 383s 19:1c 383s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-Imo5hn/SSSD-child-16718-auth.pem 383s + found_md5=Modulus=EB32AFCF073BE12AAFD4CD6DD95182BF202DF75D17C869CB1D0E318901DE3B8B878AFF0D88FC8CEB2997FED6F75B1BFCF9F7645B08AFF31FC3956EB43A77B40DEE398DFD6343F2381CF6277190E47BDA835E22DA98A183D7DE4779B89D349AC04186A7F948BAE27CA6D8217B625505C2F3B3C0AFFC9528B6A7A88E2D39A7F0EB 383s + '[' Modulus=EB32AFCF073BE12AAFD4CD6DD95182BF202DF75D17C869CB1D0E318901DE3B8B878AFF0D88FC8CEB2997FED6F75B1BFCF9F7645B08AFF31FC3956EB43A77B40DEE398DFD6343F2381CF6277190E47BDA835E22DA98A183D7DE4779B89D349AC04186A7F948BAE27CA6D8217B625505C2F3B3C0AFFC9528B6A7A88E2D39A7F0EB '!=' Modulus=EB32AFCF073BE12AAFD4CD6DD95182BF202DF75D17C869CB1D0E318901DE3B8B878AFF0D88FC8CEB2997FED6F75B1BFCF9F7645B08AFF31FC3956EB43A77B40DEE398DFD6343F2381CF6277190E47BDA835E22DA98A183D7DE4779B89D349AC04186A7F948BAE27CA6D8217B625505C2F3B3C0AFFC9528B6A7A88E2D39A7F0EB ']' 383s + valid_certificate /tmp/sssd-softhsm2-Imo5hn/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-31809 /tmp/sssd-softhsm2-Imo5hn/test-full-chain-CA.pem partial_chain 383s + check_certificate /tmp/sssd-softhsm2-Imo5hn/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-31809 /tmp/sssd-softhsm2-Imo5hn/test-full-chain-CA.pem partial_chain 383s + local certificate=/tmp/sssd-softhsm2-Imo5hn/test-intermediate-CA-trusted-certificate-0001.pem 383s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-31809 383s + local key_ring=/tmp/sssd-softhsm2-Imo5hn/test-full-chain-CA.pem 383s + local verify_option=partial_chain 383s + prepare_softhsm2_card /tmp/sssd-softhsm2-Imo5hn/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-31809 383s + local certificate=/tmp/sssd-softhsm2-Imo5hn/test-intermediate-CA-trusted-certificate-0001.pem 383s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-31809 383s + local key_cn 383s + local key_name 383s + local tokens_dir 383s + local output_cert_file 383s + token_name= 383s ++ basename /tmp/sssd-softhsm2-Imo5hn/test-intermediate-CA-trusted-certificate-0001.pem .pem 383s + key_name=test-intermediate-CA-trusted-certificate-0001 383s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-Imo5hn/test-intermediate-CA-trusted-certificate-0001.pem 383s ++ sed -n 's/ *commonName *= //p' 383s + key_cn='Test Organization Intermediate Trusted Certificate 0001' 383s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 383s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-Imo5hn/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 383s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-Imo5hn/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 383s ++ basename /tmp/sssd-softhsm2-Imo5hn/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf .conf 383s + tokens_dir=/tmp/sssd-softhsm2-Imo5hn/softhsm2-test-intermediate-CA-trusted-certificate-0001 383s + token_name='Test Organization Interme Token' 383s + '[' '!' -e /tmp/sssd-softhsm2-Imo5hn/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf ']' 383s + '[' '!' -d /tmp/sssd-softhsm2-Imo5hn/softhsm2-test-intermediate-CA-trusted-certificate-0001 ']' 383s + echo 'Test Organization Interme Token' 383s + '[' -n partial_chain ']' 383s + local verify_arg=--verify=partial_chain 383s + local output_base_name=SSSD-child-29821 383s + local output_file=/tmp/sssd-softhsm2-Imo5hn/SSSD-child-29821.output 383s Test Organization Interme Token 383s + output_cert_file=/tmp/sssd-softhsm2-Imo5hn/SSSD-child-29821.pem 383s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so --verify=partial_chain --ca_db=/tmp/sssd-softhsm2-Imo5hn/test-full-chain-CA.pem 383s [p11_child[2203]] [main] (0x0400): p11_child started. 383s [p11_child[2203]] [main] (0x2000): Running in [pre-auth] mode. 383s [p11_child[2203]] [main] (0x2000): Running with effective IDs: [0][0]. 383s [p11_child[2203]] [main] (0x2000): Running with real IDs [0][0]. 383s [p11_child[2203]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 383s [p11_child[2203]] [do_card] (0x4000): Module List: 383s [p11_child[2203]] [do_card] (0x4000): common name: [softhsm2]. 383s [p11_child[2203]] [do_card] (0x4000): dll name: [/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 383s [p11_child[2203]] [do_card] (0x4000): Description [SoftHSM slot ID 0x2b34e2c9] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 383s [p11_child[2203]] [do_card] (0x4000): Token label [Test Organization Interme Token]. 383s [p11_child[2203]] [do_card] (0x4000): Found [Test Organization Interme Token] in slot [SoftHSM slot ID 0x2b34e2c9][724886217] of module [0][/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 383s [p11_child[2203]] [do_card] (0x4000): Login NOT required. 383s [p11_child[2203]] [read_certs] (0x4000): found cert[Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] 383s [p11_child[2203]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 383s [p11_child[2203]] [do_card] (0x4000): /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so (null) Test Organization Interme Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 383s [p11_child[2203]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x2b34e2c9;slot-manufacturer=SoftHSM%20project;slot-id=724886217;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=0e9ce75a2b34e2c9;token=Test%20Organization%20Interme%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Intermediate%20Trusted%20Certificate%200001;type=cert. 383s [p11_child[2203]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 383s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-Imo5hn/SSSD-child-29821.output 383s + echo '-----BEGIN CERTIFICATE-----' 383s + tail -n1 /tmp/sssd-softhsm2-Imo5hn/SSSD-child-29821.output 383s + echo '-----END CERTIFICATE-----' 383s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-Imo5hn/SSSD-child-29821.pem 383s Certificate: 383s Data: 383s Version: 3 (0x2) 383s Serial Number: 4 (0x4) 383s Signature Algorithm: sha256WithRSAEncryption 383s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate CA 383s Validity 383s Not Before: Mar 22 00:37:07 2024 GMT 383s Not After : Mar 22 00:37:07 2025 GMT 383s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate Trusted Certificate 0001 383s Subject Public Key Info: 383s Public Key Algorithm: rsaEncryption 383s Public-Key: (1024 bit) 383s Modulus: 383s 00:eb:32:af:cf:07:3b:e1:2a:af:d4:cd:6d:d9:51: 383s 82:bf:20:2d:f7:5d:17:c8:69:cb:1d:0e:31:89:01: 383s de:3b:8b:87:8a:ff:0d:88:fc:8c:eb:29:97:fe:d6: 383s f7:5b:1b:fc:f9:f7:64:5b:08:af:f3:1f:c3:95:6e: 383s b4:3a:77:b4:0d:ee:39:8d:fd:63:43:f2:38:1c:f6: 383s 27:71:90:e4:7b:da:83:5e:22:da:98:a1:83:d7:de: 383s 47:79:b8:9d:34:9a:c0:41:86:a7:f9:48:ba:e2:7c: 383s a6:d8:21:7b:62:55:05:c2:f3:b3:c0:af:fc:95:28: 383s b6:a7:a8:8e:2d:39:a7:f0:eb 383s Exponent: 65537 (0x10001) 383s X509v3 extensions: 383s X509v3 Authority Key Identifier: 383s 01:84:CA:D2:23:C6:5A:69:0C:AD:22:5B:D5:67:A9:32:97:6E:24:05 383s X509v3 Basic Constraints: 383s CA:FALSE 383s Netscape Cert Type: 383s SSL Client, S/MIME 383s Netscape Comment: 383s Test Organization Intermediate CA trusted Certificate 383s X509v3 Subject Key Identifier: 383s BC:34:B4:AB:87:CE:AC:3B:EA:57:3C:2D:23:02:E2:97:6B:31:C1:7D 383s X509v3 Key Usage: critical 383s Digital Signature, Non Repudiation, Key Encipherment 383s X509v3 Extended Key Usage: 383s TLS Web Client Authentication, E-mail Protection 383s X509v3 Subject Alternative Name: 383s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 383s Signature Algorithm: sha256WithRSAEncryption 383s Signature Value: 383s 48:35:4f:93:86:e6:53:d3:f4:61:52:2d:88:75:a9:c2:cf:c4: 383s 3f:96:97:99:60:f1:e8:cc:ba:85:2e:44:73:3d:fb:d8:6b:05: 383s ba:90:ec:fb:ee:78:32:1c:e7:80:d8:e8:a2:81:24:22:00:69: 383s ed:87:be:89:6f:3f:70:5d:1d:94:03:ef:ce:37:22:4d:72:80: 383s 91:20:a7:af:b5:7a:ba:dc:61:ea:ca:1a:2f:33:ac:d8:38:17: 383s 76:26:9c:27:ec:aa:ee:9b:2c:90:c8:9c:02:20:af:ad:17:57: 383s aa:23:2f:16:c5:1a:8b:e8:a1:d1:5b:44:a1:a7:7e:7b:eb:d1: 383s 19:1c 383s + local found_md5 expected_md5 383s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-Imo5hn/test-intermediate-CA-trusted-certificate-0001.pem 383s + expected_md5=Modulus=EB32AFCF073BE12AAFD4CD6DD95182BF202DF75D17C869CB1D0E318901DE3B8B878AFF0D88FC8CEB2997FED6F75B1BFCF9F7645B08AFF31FC3956EB43A77B40DEE398DFD6343F2381CF6277190E47BDA835E22DA98A183D7DE4779B89D349AC04186A7F948BAE27CA6D8217B625505C2F3B3C0AFFC9528B6A7A88E2D39A7F0EB 383s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-Imo5hn/SSSD-child-29821.pem 383s + found_md5=Modulus=EB32AFCF073BE12AAFD4CD6DD95182BF202DF75D17C869CB1D0E318901DE3B8B878AFF0D88FC8CEB2997FED6F75B1BFCF9F7645B08AFF31FC3956EB43A77B40DEE398DFD6343F2381CF6277190E47BDA835E22DA98A183D7DE4779B89D349AC04186A7F948BAE27CA6D8217B625505C2F3B3C0AFFC9528B6A7A88E2D39A7F0EB 383s + '[' Modulus=EB32AFCF073BE12AAFD4CD6DD95182BF202DF75D17C869CB1D0E318901DE3B8B878AFF0D88FC8CEB2997FED6F75B1BFCF9F7645B08AFF31FC3956EB43A77B40DEE398DFD6343F2381CF6277190E47BDA835E22DA98A183D7DE4779B89D349AC04186A7F948BAE27CA6D8217B625505C2F3B3C0AFFC9528B6A7A88E2D39A7F0EB '!=' Modulus=EB32AFCF073BE12AAFD4CD6DD95182BF202DF75D17C869CB1D0E318901DE3B8B878AFF0D88FC8CEB2997FED6F75B1BFCF9F7645B08AFF31FC3956EB43A77B40DEE398DFD6343F2381CF6277190E47BDA835E22DA98A183D7DE4779B89D349AC04186A7F948BAE27CA6D8217B625505C2F3B3C0AFFC9528B6A7A88E2D39A7F0EB ']' 383s + output_file=/tmp/sssd-softhsm2-Imo5hn/SSSD-child-29821-auth.output 383s ++ basename /tmp/sssd-softhsm2-Imo5hn/SSSD-child-29821-auth.output .output 383s + output_cert_file=/tmp/sssd-softhsm2-Imo5hn/SSSD-child-29821-auth.pem 383s + echo -n 053350 383s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/tmp/sssd-softhsm2-Imo5hn/test-full-chain-CA.pem --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 --verify=partial_chain --token_name 'Test Organization Interme Token' --module_name /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so 383s [p11_child[2211]] [main] (0x0400): p11_child started. 383s [p11_child[2211]] [main] (0x2000): Running in [auth] mode. 383s [p11_child[2211]] [main] (0x2000): Running with effective IDs: [0][0]. 383s [p11_child[2211]] [main] (0x2000): Running with real IDs [0][0]. 383s [p11_child[2211]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 383s [p11_child[2211]] [do_card] (0x4000): Module List: 383s [p11_child[2211]] [do_card] (0x4000): common name: [softhsm2]. 383s [p11_child[2211]] [do_card] (0x4000): dll name: [/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 383s [p11_child[2211]] [do_card] (0x4000): Description [SoftHSM slot ID 0x2b34e2c9] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 383s [p11_child[2211]] [do_card] (0x4000): Token label [Test Organization Interme Token]. 383s [p11_child[2211]] [do_card] (0x4000): Found [Test Organization Interme Token] in slot [SoftHSM slot ID 0x2b34e2c9][724886217] of module [0][/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 383s [p11_child[2211]] [do_card] (0x4000): Login required. 383s [p11_child[2211]] [read_certs] (0x4000): found cert[Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] 383s [p11_child[2211]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 383s [p11_child[2211]] [do_card] (0x4000): /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so Test Organization Interme Token Test Organization Interme Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 383s [p11_child[2211]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x2b34e2c9;slot-manufacturer=SoftHSM%20project;slot-id=724886217;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=0e9ce75a2b34e2c9;token=Test%20Organization%20Interme%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Intermediate%20Trusted%20Certificate%200001;type=cert. 383s [p11_child[2211]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 383s [p11_child[2211]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 383s [p11_child[2211]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 383s [p11_child[2211]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 383s [p11_child[2211]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 383s [p11_child[2211]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 383s [p11_child[2211]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 383s [p11_child[2211]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 383s [p11_child[2211]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 383s [p11_child[2211]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 383s [p11_child[2211]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 383s [p11_child[2211]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 383s [p11_child[2211]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 383s [p11_child[2211]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 383s [p11_child[2211]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 383s [p11_child[2211]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 383s [p11_child[2211]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 383s [p11_child[2211]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 383s [p11_child[2211]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 383s [p11_child[2211]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 383s [p11_child[2211]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 383s [p11_child[2211]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 383s [p11_child[2211]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 383s [p11_child[2211]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 383s [p11_child[2211]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 383s [p11_child[2211]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 383s [p11_child[2211]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 383s [p11_child[2211]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 383s [p11_child[2211]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 383s [p11_child[2211]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 383s [p11_child[2211]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 383s [p11_child[2211]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 383s [p11_child[2211]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 383s [p11_child[2211]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 383s [p11_child[2211]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 383s [p11_child[2211]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 383s [p11_child[2211]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 383s [p11_child[2211]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 383s [p11_child[2211]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 383s [p11_child[2211]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 383s [p11_child[2211]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 383s [p11_child[2211]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 383s [p11_child[2211]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 383s [p11_child[2211]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 383s [p11_child[2211]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 383s [p11_child[2211]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 383s [p11_child[2211]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 383s [p11_child[2211]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 383s [p11_child[2211]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 383s [p11_child[2211]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 383s [p11_child[2211]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 383s [p11_child[2211]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 383s [p11_child[2211]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 383s [p11_child[2211]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 383s [p11_child[2211]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 383s [p11_child[2211]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 383s [p11_child[2211]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 383s [p11_child[2211]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 383s [p11_child[2211]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 383s [p11_child[2211]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 383s [p11_child[2211]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 383s [p11_child[2211]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 383s [p11_child[2211]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 383s [p11_child[2211]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 383s [p11_child[2211]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 383s [p11_child[2211]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 383s [p11_child[2211]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 383s [p11_child[2211]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 383s [p11_child[2211]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 383s [p11_child[2211]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 383s [p11_child[2211]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 383s [p11_child[2211]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 383s [p11_child[2211]] [do_card] (0x4000): Certificate verified and validated. 383s [p11_child[2211]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 383s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-Imo5hn/SSSD-child-29821-auth.output 383s + echo '-----BEGIN CERTIFICATE-----' 383s + tail -n1 /tmp/sssd-softhsm2-Imo5hn/SSSD-child-29821-auth.output 383s + echo '-----END CERTIFICATE-----' 383s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-Imo5hn/SSSD-child-29821-auth.pem 383s Certificate: 383s Data: 383s Version: 3 (0x2) 383s Serial Number: 4 (0x4) 383s Signature Algorithm: sha256WithRSAEncryption 383s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate CA 383s Validity 383s Not Before: Mar 22 00:37:07 2024 GMT 383s Not After : Mar 22 00:37:07 2025 GMT 383s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate Trusted Certificate 0001 383s Subject Public Key Info: 383s Public Key Algorithm: rsaEncryption 383s Public-Key: (1024 bit) 383s Modulus: 383s 00:eb:32:af:cf:07:3b:e1:2a:af:d4:cd:6d:d9:51: 383s 82:bf:20:2d:f7:5d:17:c8:69:cb:1d:0e:31:89:01: 383s de:3b:8b:87:8a:ff:0d:88:fc:8c:eb:29:97:fe:d6: 383s f7:5b:1b:fc:f9:f7:64:5b:08:af:f3:1f:c3:95:6e: 383s b4:3a:77:b4:0d:ee:39:8d:fd:63:43:f2:38:1c:f6: 383s 27:71:90:e4:7b:da:83:5e:22:da:98:a1:83:d7:de: 383s 47:79:b8:9d:34:9a:c0:41:86:a7:f9:48:ba:e2:7c: 383s a6:d8:21:7b:62:55:05:c2:f3:b3:c0:af:fc:95:28: 383s b6:a7:a8:8e:2d:39:a7:f0:eb 383s Exponent: 65537 (0x10001) 383s X509v3 extensions: 383s X509v3 Authority Key Identifier: 383s 01:84:CA:D2:23:C6:5A:69:0C:AD:22:5B:D5:67:A9:32:97:6E:24:05 383s X509v3 Basic Constraints: 383s CA:FALSE 383s Netscape Cert Type: 383s SSL Client, S/MIME 383s Netscape Comment: 383s Test Organization Intermediate CA trusted Certificate 383s X509v3 Subject Key Identifier: 383s BC:34:B4:AB:87:CE:AC:3B:EA:57:3C:2D:23:02:E2:97:6B:31:C1:7D 383s X509v3 Key Usage: critical 383s Digital Signature, Non Repudiation, Key Encipherment 383s X509v3 Extended Key Usage: 383s TLS Web Client Authentication, E-mail Protection 383s X509v3 Subject Alternative Name: 383s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 383s Signature Algorithm: sha256WithRSAEncryption 383s Signature Value: 383s 48:35:4f:93:86:e6:53:d3:f4:61:52:2d:88:75:a9:c2:cf:c4: 383s 3f:96:97:99:60:f1:e8:cc:ba:85:2e:44:73:3d:fb:d8:6b:05: 383s ba:90:ec:fb:ee:78:32:1c:e7:80:d8:e8:a2:81:24:22:00:69: 383s ed:87:be:89:6f:3f:70:5d:1d:94:03:ef:ce:37:22:4d:72:80: 383s 91:20:a7:af:b5:7a:ba:dc:61:ea:ca:1a:2f:33:ac:d8:38:17: 383s 76:26:9c:27:ec:aa:ee:9b:2c:90:c8:9c:02:20:af:ad:17:57: 383s aa:23:2f:16:c5:1a:8b:e8:a1:d1:5b:44:a1:a7:7e:7b:eb:d1: 383s 19:1c 383s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-Imo5hn/SSSD-child-29821-auth.pem 383s + found_md5=Modulus=EB32AFCF073BE12AAFD4CD6DD95182BF202DF75D17C869CB1D0E318901DE3B8B878AFF0D88FC8CEB2997FED6F75B1BFCF9F7645B08AFF31FC3956EB43A77B40DEE398DFD6343F2381CF6277190E47BDA835E22DA98A183D7DE4779B89D349AC04186A7F948BAE27CA6D8217B625505C2F3B3C0AFFC9528B6A7A88E2D39A7F0EB 383s + '[' Modulus=EB32AFCF073BE12AAFD4CD6DD95182BF202DF75D17C869CB1D0E318901DE3B8B878AFF0D88FC8CEB2997FED6F75B1BFCF9F7645B08AFF31FC3956EB43A77B40DEE398DFD6343F2381CF6277190E47BDA835E22DA98A183D7DE4779B89D349AC04186A7F948BAE27CA6D8217B625505C2F3B3C0AFFC9528B6A7A88E2D39A7F0EB '!=' Modulus=EB32AFCF073BE12AAFD4CD6DD95182BF202DF75D17C869CB1D0E318901DE3B8B878AFF0D88FC8CEB2997FED6F75B1BFCF9F7645B08AFF31FC3956EB43A77B40DEE398DFD6343F2381CF6277190E47BDA835E22DA98A183D7DE4779B89D349AC04186A7F948BAE27CA6D8217B625505C2F3B3C0AFFC9528B6A7A88E2D39A7F0EB ']' 383s + invalid_certificate /tmp/sssd-softhsm2-Imo5hn/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-31809 /tmp/sssd-softhsm2-Imo5hn/test-intermediate-CA.pem 383s + check_certificate /tmp/sssd-softhsm2-Imo5hn/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-31809 /tmp/sssd-softhsm2-Imo5hn/test-intermediate-CA.pem 383s + local certificate=/tmp/sssd-softhsm2-Imo5hn/test-intermediate-CA-trusted-certificate-0001.pem 383s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-31809 383s + local key_ring=/tmp/sssd-softhsm2-Imo5hn/test-intermediate-CA.pem 383s + local verify_option= 383s + prepare_softhsm2_card /tmp/sssd-softhsm2-Imo5hn/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-31809 383s + local certificate=/tmp/sssd-softhsm2-Imo5hn/test-intermediate-CA-trusted-certificate-0001.pem 383s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-31809 383s + local key_cn 383s + local key_name 383s + local tokens_dir 383s + local output_cert_file 383s + token_name= 383s ++ basename /tmp/sssd-softhsm2-Imo5hn/test-intermediate-CA-trusted-certificate-0001.pem .pem 383s + key_name=test-intermediate-CA-trusted-certificate-0001 383s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-Imo5hn/test-intermediate-CA-trusted-certificate-0001.pem 383s ++ sed -n 's/ *commonName *= //p' 383s + key_cn='Test Organization Intermediate Trusted Certificate 0001' 383s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 383s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-Imo5hn/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 383s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-Imo5hn/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 383s ++ basename /tmp/sssd-softhsm2-Imo5hn/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf .conf 383s + tokens_dir=/tmp/sssd-softhsm2-Imo5hn/softhsm2-test-intermediate-CA-trusted-certificate-0001 383s + token_name='Test Organization Interme Token' 383s + '[' '!' -e /tmp/sssd-softhsm2-Imo5hn/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf ']' 383s + '[' '!' -d /tmp/sssd-softhsm2-Imo5hn/softhsm2-test-intermediate-CA-trusted-certificate-0001 ']' 383s + echo 'Test Organization Interme Token' 383s Test Organization Interme Token 383s + '[' -n '' ']' 383s + local output_base_name=SSSD-child-1913 383s + local output_file=/tmp/sssd-softhsm2-Imo5hn/SSSD-child-1913.output 383s + output_cert_file=/tmp/sssd-softhsm2-Imo5hn/SSSD-child-1913.pem 383s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so '' --ca_db=/tmp/sssd-softhsm2-Imo5hn/test-intermediate-CA.pem 383s [p11_child[2221]] [main] (0x0400): p11_child started. 383s [p11_child[2221]] [main] (0x2000): Running in [pre-auth] mode. 383s [p11_child[2221]] [main] (0x2000): Running with effective IDs: [0][0]. 383s [p11_child[2221]] [main] (0x2000): Running with real IDs [0][0]. 383s [p11_child[2221]] [do_card] (0x4000): Module List: 383s [p11_child[2221]] [do_card] (0x4000): common name: [softhsm2]. 383s [p11_child[2221]] [do_card] (0x4000): dll name: [/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 383s [p11_child[2221]] [do_card] (0x4000): Description [SoftHSM slot ID 0x2b34e2c9] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 383s [p11_child[2221]] [do_card] (0x4000): Token label [Test Organization Interme Token]. 383s [p11_child[2221]] [do_card] (0x4000): Found [Test Organization Interme Token] in slot [SoftHSM slot ID 0x2b34e2c9][724886217] of module [0][/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 383s [p11_child[2221]] [do_card] (0x4000): Login NOT required. 383s [p11_child[2221]] [read_certs] (0x4000): found cert[Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] 383s [p11_child[2221]] [do_verification] (0x0040): X509_verify_cert failed [0]. 383s [p11_child[2221]] [do_verification] (0x0040): X509_verify_cert failed [2][unable to get issuer certificate]. 383s [p11_child[2221]] [read_certs] (0x0040): Certificate [Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] not valid, skipping. 383s [p11_child[2221]] [do_card] (0x4000): No certificate found. 383s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-Imo5hn/SSSD-child-1913.output 383s + return 2 383s + valid_certificate /tmp/sssd-softhsm2-Imo5hn/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-31809 /tmp/sssd-softhsm2-Imo5hn/test-intermediate-CA.pem partial_chain 383s + check_certificate /tmp/sssd-softhsm2-Imo5hn/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-31809 /tmp/sssd-softhsm2-Imo5hn/test-intermediate-CA.pem partial_chain 383s + local certificate=/tmp/sssd-softhsm2-Imo5hn/test-intermediate-CA-trusted-certificate-0001.pem 383s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-31809 383s + local key_ring=/tmp/sssd-softhsm2-Imo5hn/test-intermediate-CA.pem 383s + local verify_option=partial_chain 383s + prepare_softhsm2_card /tmp/sssd-softhsm2-Imo5hn/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-31809 383s + local certificate=/tmp/sssd-softhsm2-Imo5hn/test-intermediate-CA-trusted-certificate-0001.pem 383s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-31809 383s + local key_cn 383s + local key_name 383s + local tokens_dir 383s + local output_cert_file 383s + token_name= 383s ++ basename /tmp/sssd-softhsm2-Imo5hn/test-intermediate-CA-trusted-certificate-0001.pem .pem 383s + key_name=test-intermediate-CA-trusted-certificate-0001 383s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-Imo5hn/test-intermediate-CA-trusted-certificate-0001.pem 383s ++ sed -n 's/ *commonName *= //p' 383s + key_cn='Test Organization Intermediate Trusted Certificate 0001' 383s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 383s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-Imo5hn/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 383s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-Imo5hn/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 383s ++ basename /tmp/sssd-softhsm2-Imo5hn/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf .conf 383s + tokens_dir=/tmp/sssd-softhsm2-Imo5hn/softhsm2-test-intermediate-CA-trusted-certificate-0001 383s + token_name='Test Organization Interme Token' 383s + '[' '!' -e /tmp/sssd-softhsm2-Imo5hn/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf ']' 383s + '[' '!' -d /tmp/sssd-softhsm2-Imo5hn/softhsm2-test-intermediate-CA-trusted-certificate-0001 ']' 383s + echo 'Test Organization Interme Token' 383s Test Organization Interme Token 383s + '[' -n partial_chain ']' 383s + local verify_arg=--verify=partial_chain 383s + local output_base_name=SSSD-child-5605 383s + local output_file=/tmp/sssd-softhsm2-Imo5hn/SSSD-child-5605.output 383s + output_cert_file=/tmp/sssd-softhsm2-Imo5hn/SSSD-child-5605.pem 383s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so --verify=partial_chain --ca_db=/tmp/sssd-softhsm2-Imo5hn/test-intermediate-CA.pem 383s [p11_child[2228]] [main] (0x0400): p11_child started. 383s [p11_child[2228]] [main] (0x2000): Running in [pre-auth] mode. 383s [p11_child[2228]] [main] (0x2000): Running with effective IDs: [0][0]. 383s [p11_child[2228]] [main] (0x2000): Running with real IDs [0][0]. 383s [p11_child[2228]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 383s [p11_child[2228]] [do_card] (0x4000): Module List: 383s [p11_child[2228]] [do_card] (0x4000): common name: [softhsm2]. 383s [p11_child[2228]] [do_card] (0x4000): dll name: [/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 383s [p11_child[2228]] [do_card] (0x4000): Description [SoftHSM slot ID 0x2b34e2c9] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 383s [p11_child[2228]] [do_card] (0x4000): Token label [Test Organization Interme Token]. 383s [p11_child[2228]] [do_card] (0x4000): Found [Test Organization Interme Token] in slot [SoftHSM slot ID 0x2b34e2c9][724886217] of module [0][/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 383s [p11_child[2228]] [do_card] (0x4000): Login NOT required. 383s [p11_child[2228]] [read_certs] (0x4000): found cert[Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] 383s [p11_child[2228]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 383s [p11_child[2228]] [do_card] (0x4000): /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so (null) Test Organization Interme Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 383s [p11_child[2228]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x2b34e2c9;slot-manufacturer=SoftHSM%20project;slot-id=724886217;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=0e9ce75a2b34e2c9;token=Test%20Organization%20Interme%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Intermediate%20Trusted%20Certificate%200001;type=cert. 383s [p11_child[2228]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 383s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-Imo5hn/SSSD-child-5605.output 383s + echo '-----BEGIN CERTIFICATE-----' 383s + tail -n1 /tmp/sssd-softhsm2-Imo5hn/SSSD-child-5605.output 383s + echo '-----END CERTIFICATE-----' 383s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-Imo5hn/SSSD-child-5605.pem 383s Certificate: 383s Data: 383s Version: 3 (0x2) 383s Serial Number: 4 (0x4) 383s Signature Algorithm: sha256WithRSAEncryption 383s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate CA 383s Validity 383s Not Before: Mar 22 00:37:07 2024 GMT 383s Not After : Mar 22 00:37:07 2025 GMT 383s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate Trusted Certificate 0001 383s Subject Public Key Info: 383s Public Key Algorithm: rsaEncryption 383s Public-Key: (1024 bit) 383s Modulus: 383s 00:eb:32:af:cf:07:3b:e1:2a:af:d4:cd:6d:d9:51: 383s 82:bf:20:2d:f7:5d:17:c8:69:cb:1d:0e:31:89:01: 383s de:3b:8b:87:8a:ff:0d:88:fc:8c:eb:29:97:fe:d6: 383s f7:5b:1b:fc:f9:f7:64:5b:08:af:f3:1f:c3:95:6e: 383s b4:3a:77:b4:0d:ee:39:8d:fd:63:43:f2:38:1c:f6: 383s 27:71:90:e4:7b:da:83:5e:22:da:98:a1:83:d7:de: 383s 47:79:b8:9d:34:9a:c0:41:86:a7:f9:48:ba:e2:7c: 383s a6:d8:21:7b:62:55:05:c2:f3:b3:c0:af:fc:95:28: 383s b6:a7:a8:8e:2d:39:a7:f0:eb 383s Exponent: 65537 (0x10001) 383s X509v3 extensions: 383s X509v3 Authority Key Identifier: 383s 01:84:CA:D2:23:C6:5A:69:0C:AD:22:5B:D5:67:A9:32:97:6E:24:05 383s X509v3 Basic Constraints: 383s CA:FALSE 383s Netscape Cert Type: 383s SSL Client, S/MIME 383s Netscape Comment: 383s Test Organization Intermediate CA trusted Certificate 383s X509v3 Subject Key Identifier: 383s BC:34:B4:AB:87:CE:AC:3B:EA:57:3C:2D:23:02:E2:97:6B:31:C1:7D 383s X509v3 Key Usage: critical 383s Digital Signature, Non Repudiation, Key Encipherment 383s X509v3 Extended Key Usage: 383s TLS Web Client Authentication, E-mail Protection 383s X509v3 Subject Alternative Name: 383s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 383s Signature Algorithm: sha256WithRSAEncryption 383s Signature Value: 383s 48:35:4f:93:86:e6:53:d3:f4:61:52:2d:88:75:a9:c2:cf:c4: 383s 3f:96:97:99:60:f1:e8:cc:ba:85:2e:44:73:3d:fb:d8:6b:05: 383s ba:90:ec:fb:ee:78:32:1c:e7:80:d8:e8:a2:81:24:22:00:69: 383s ed:87:be:89:6f:3f:70:5d:1d:94:03:ef:ce:37:22:4d:72:80: 383s 91:20:a7:af:b5:7a:ba:dc:61:ea:ca:1a:2f:33:ac:d8:38:17: 383s 76:26:9c:27:ec:aa:ee:9b:2c:90:c8:9c:02:20:af:ad:17:57: 383s aa:23:2f:16:c5:1a:8b:e8:a1:d1:5b:44:a1:a7:7e:7b:eb:d1: 383s 19:1c 383s + local found_md5 expected_md5 383s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-Imo5hn/test-intermediate-CA-trusted-certificate-0001.pem 383s + expected_md5=Modulus=EB32AFCF073BE12AAFD4CD6DD95182BF202DF75D17C869CB1D0E318901DE3B8B878AFF0D88FC8CEB2997FED6F75B1BFCF9F7645B08AFF31FC3956EB43A77B40DEE398DFD6343F2381CF6277190E47BDA835E22DA98A183D7DE4779B89D349AC04186A7F948BAE27CA6D8217B625505C2F3B3C0AFFC9528B6A7A88E2D39A7F0EB 383s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-Imo5hn/SSSD-child-5605.pem 383s + found_md5=Modulus=EB32AFCF073BE12AAFD4CD6DD95182BF202DF75D17C869CB1D0E318901DE3B8B878AFF0D88FC8CEB2997FED6F75B1BFCF9F7645B08AFF31FC3956EB43A77B40DEE398DFD6343F2381CF6277190E47BDA835E22DA98A183D7DE4779B89D349AC04186A7F948BAE27CA6D8217B625505C2F3B3C0AFFC9528B6A7A88E2D39A7F0EB 383s + '[' Modulus=EB32AFCF073BE12AAFD4CD6DD95182BF202DF75D17C869CB1D0E318901DE3B8B878AFF0D88FC8CEB2997FED6F75B1BFCF9F7645B08AFF31FC3956EB43A77B40DEE398DFD6343F2381CF6277190E47BDA835E22DA98A183D7DE4779B89D349AC04186A7F948BAE27CA6D8217B625505C2F3B3C0AFFC9528B6A7A88E2D39A7F0EB '!=' Modulus=EB32AFCF073BE12AAFD4CD6DD95182BF202DF75D17C869CB1D0E318901DE3B8B878AFF0D88FC8CEB2997FED6F75B1BFCF9F7645B08AFF31FC3956EB43A77B40DEE398DFD6343F2381CF6277190E47BDA835E22DA98A183D7DE4779B89D349AC04186A7F948BAE27CA6D8217B625505C2F3B3C0AFFC9528B6A7A88E2D39A7F0EB ']' 383s + output_file=/tmp/sssd-softhsm2-Imo5hn/SSSD-child-5605-auth.output 383s ++ basename /tmp/sssd-softhsm2-Imo5hn/SSSD-child-5605-auth.output .output 383s + output_cert_file=/tmp/sssd-softhsm2-Imo5hn/SSSD-child-5605-auth.pem 383s + echo -n 053350 383s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/tmp/sssd-softhsm2-Imo5hn/test-intermediate-CA.pem --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 --verify=partial_chain --token_name 'Test Organization Interme Token' --module_name /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so 383s [p11_child[2236]] [main] (0x0400): p11_child started. 383s [p11_child[2236]] [main] (0x2000): Running in [auth] mode. 383s [p11_child[2236]] [main] (0x2000): Running with effective IDs: [0][0]. 383s [p11_child[2236]] [main] (0x2000): Running with real IDs [0][0]. 383s [p11_child[2236]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 383s [p11_child[2236]] [do_card] (0x4000): Module List: 383s [p11_child[2236]] [do_card] (0x4000): common name: [softhsm2]. 383s [p11_child[2236]] [do_card] (0x4000): dll name: [/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 383s [p11_child[2236]] [do_card] (0x4000): Description [SoftHSM slot ID 0x2b34e2c9] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 383s [p11_child[2236]] [do_card] (0x4000): Token label [Test Organization Interme Token]. 383s [p11_child[2236]] [do_card] (0x4000): Found [Test Organization Interme Token] in slot [SoftHSM slot ID 0x2b34e2c9][724886217] of module [0][/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 383s [p11_child[2236]] [do_card] (0x4000): Login required. 383s [p11_child[2236]] [read_certs] (0x4000): found cert[Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] 383s [p11_child[2236]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 383s [p11_child[2236]] [do_card] (0x4000): /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so Test Organization Interme Token Test Organization Interme Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 383s [p11_child[2236]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x2b34e2c9;slot-manufacturer=SoftHSM%20project;slot-id=724886217;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=0e9ce75a2b34e2c9;token=Test%20Organization%20Interme%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Intermediate%20Trusted%20Certificate%200001;type=cert. 383s [p11_child[2236]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 383s [p11_child[2236]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 383s [p11_child[2236]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 383s [p11_child[2236]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 383s [p11_child[2236]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 383s [p11_child[2236]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 383s [p11_child[2236]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 383s [p11_child[2236]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 383s [p11_child[2236]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 383s [p11_child[2236]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 383s [p11_child[2236]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 383s [p11_child[2236]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 383s [p11_child[2236]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 383s [p11_child[2236]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 383s [p11_child[2236]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 383s [p11_child[2236]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 383s [p11_child[2236]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 383s [p11_child[2236]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 383s [p11_child[2236]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 383s [p11_child[2236]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 383s [p11_child[2236]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 383s [p11_child[2236]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 383s [p11_child[2236]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 383s [p11_child[2236]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 383s [p11_child[2236]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 383s [p11_child[2236]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 383s [p11_child[2236]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 383s [p11_child[2236]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 383s [p11_child[2236]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 383s [p11_child[2236]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 383s [p11_child[2236]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 383s [p11_child[2236]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 383s [p11_child[2236]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 383s [p11_child[2236]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 383s [p11_child[2236]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 383s [p11_child[2236]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 383s [p11_child[2236]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 383s [p11_child[2236]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 383s [p11_child[2236]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 383s [p11_child[2236]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 383s [p11_child[2236]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 383s [p11_child[2236]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 383s [p11_child[2236]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 383s [p11_child[2236]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 383s [p11_child[2236]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 383s [p11_child[2236]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 383s [p11_child[2236]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 383s [p11_child[2236]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 383s [p11_child[2236]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 383s [p11_child[2236]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 383s [p11_child[2236]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 383s [p11_child[2236]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 383s [p11_child[2236]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 383s [p11_child[2236]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 383s [p11_child[2236]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 383s [p11_child[2236]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 383s [p11_child[2236]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 383s [p11_child[2236]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 383s [p11_child[2236]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 383s [p11_child[2236]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 383s [p11_child[2236]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 383s [p11_child[2236]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 383s [p11_child[2236]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 383s [p11_child[2236]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 383s [p11_child[2236]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 383s [p11_child[2236]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 383s [p11_child[2236]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 383s [p11_child[2236]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 383s [p11_child[2236]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 383s [p11_child[2236]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 383s [p11_child[2236]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 383s [p11_child[2236]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 383s [p11_child[2236]] [do_card] (0x4000): Certificate verified and validated. 383s [p11_child[2236]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 383s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-Imo5hn/SSSD-child-5605-auth.output 383s + echo '-----BEGIN CERTIFICATE-----' 383s + tail -n1 /tmp/sssd-softhsm2-Imo5hn/SSSD-child-5605-auth.output 383s + echo '-----END CERTIFICATE-----' 383s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-Imo5hn/SSSD-child-5605-auth.pem 384s Certificate: 384s Data: 384s Version: 3 (0x2) 384s Serial Number: 4 (0x4) 384s Signature Algorithm: sha256WithRSAEncryption 384s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate CA 384s Validity 384s Not Before: Mar 22 00:37:07 2024 GMT 384s Not After : Mar 22 00:37:07 2025 GMT 384s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate Trusted Certificate 0001 384s Subject Public Key Info: 384s Public Key Algorithm: rsaEncryption 384s Public-Key: (1024 bit) 384s Modulus: 384s 00:eb:32:af:cf:07:3b:e1:2a:af:d4:cd:6d:d9:51: 384s 82:bf:20:2d:f7:5d:17:c8:69:cb:1d:0e:31:89:01: 384s de:3b:8b:87:8a:ff:0d:88:fc:8c:eb:29:97:fe:d6: 384s f7:5b:1b:fc:f9:f7:64:5b:08:af:f3:1f:c3:95:6e: 384s b4:3a:77:b4:0d:ee:39:8d:fd:63:43:f2:38:1c:f6: 384s 27:71:90:e4:7b:da:83:5e:22:da:98:a1:83:d7:de: 384s 47:79:b8:9d:34:9a:c0:41:86:a7:f9:48:ba:e2:7c: 384s a6:d8:21:7b:62:55:05:c2:f3:b3:c0:af:fc:95:28: 384s b6:a7:a8:8e:2d:39:a7:f0:eb 384s Exponent: 65537 (0x10001) 384s X509v3 extensions: 384s X509v3 Authority Key Identifier: 384s 01:84:CA:D2:23:C6:5A:69:0C:AD:22:5B:D5:67:A9:32:97:6E:24:05 384s X509v3 Basic Constraints: 384s CA:FALSE 384s Netscape Cert Type: 384s SSL Client, S/MIME 384s Netscape Comment: 384s Test Organization Intermediate CA trusted Certificate 384s X509v3 Subject Key Identifier: 384s BC:34:B4:AB:87:CE:AC:3B:EA:57:3C:2D:23:02:E2:97:6B:31:C1:7D 384s X509v3 Key Usage: critical 384s Digital Signature, Non Repudiation, Key Encipherment 384s X509v3 Extended Key Usage: 384s TLS Web Client Authentication, E-mail Protection 384s X509v3 Subject Alternative Name: 384s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 384s Signature Algorithm: sha256WithRSAEncryption 384s Signature Value: 384s 48:35:4f:93:86:e6:53:d3:f4:61:52:2d:88:75:a9:c2:cf:c4: 384s 3f:96:97:99:60:f1:e8:cc:ba:85:2e:44:73:3d:fb:d8:6b:05: 384s ba:90:ec:fb:ee:78:32:1c:e7:80:d8:e8:a2:81:24:22:00:69: 384s ed:87:be:89:6f:3f:70:5d:1d:94:03:ef:ce:37:22:4d:72:80: 384s 91:20:a7:af:b5:7a:ba:dc:61:ea:ca:1a:2f:33:ac:d8:38:17: 384s 76:26:9c:27:ec:aa:ee:9b:2c:90:c8:9c:02:20:af:ad:17:57: 384s aa:23:2f:16:c5:1a:8b:e8:a1:d1:5b:44:a1:a7:7e:7b:eb:d1: 384s 19:1c 384s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-Imo5hn/SSSD-child-5605-auth.pem 384s + found_md5=Modulus=EB32AFCF073BE12AAFD4CD6DD95182BF202DF75D17C869CB1D0E318901DE3B8B878AFF0D88FC8CEB2997FED6F75B1BFCF9F7645B08AFF31FC3956EB43A77B40DEE398DFD6343F2381CF6277190E47BDA835E22DA98A183D7DE4779B89D349AC04186A7F948BAE27CA6D8217B625505C2F3B3C0AFFC9528B6A7A88E2D39A7F0EB 384s + '[' Modulus=EB32AFCF073BE12AAFD4CD6DD95182BF202DF75D17C869CB1D0E318901DE3B8B878AFF0D88FC8CEB2997FED6F75B1BFCF9F7645B08AFF31FC3956EB43A77B40DEE398DFD6343F2381CF6277190E47BDA835E22DA98A183D7DE4779B89D349AC04186A7F948BAE27CA6D8217B625505C2F3B3C0AFFC9528B6A7A88E2D39A7F0EB '!=' Modulus=EB32AFCF073BE12AAFD4CD6DD95182BF202DF75D17C869CB1D0E318901DE3B8B878AFF0D88FC8CEB2997FED6F75B1BFCF9F7645B08AFF31FC3956EB43A77B40DEE398DFD6343F2381CF6277190E47BDA835E22DA98A183D7DE4779B89D349AC04186A7F948BAE27CA6D8217B625505C2F3B3C0AFFC9528B6A7A88E2D39A7F0EB ']' 384s + invalid_certificate /tmp/sssd-softhsm2-Imo5hn/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-39 /tmp/sssd-softhsm2-Imo5hn/test-root-CA.pem 384s + check_certificate /tmp/sssd-softhsm2-Imo5hn/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-39 /tmp/sssd-softhsm2-Imo5hn/test-root-CA.pem 384s + local certificate=/tmp/sssd-softhsm2-Imo5hn/test-sub-intermediate-CA-trusted-certificate-0001.pem 384s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-39 384s + local key_ring=/tmp/sssd-softhsm2-Imo5hn/test-root-CA.pem 384s + local verify_option= 384s + prepare_softhsm2_card /tmp/sssd-softhsm2-Imo5hn/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-39 384s + local certificate=/tmp/sssd-softhsm2-Imo5hn/test-sub-intermediate-CA-trusted-certificate-0001.pem 384s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-39 384s + local key_cn 384s + local key_name 384s + local tokens_dir 384s + local output_cert_file 384s + token_name= 384s ++ basename /tmp/sssd-softhsm2-Imo5hn/test-sub-intermediate-CA-trusted-certificate-0001.pem .pem 384s + key_name=test-sub-intermediate-CA-trusted-certificate-0001 384s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-Imo5hn/test-sub-intermediate-CA-trusted-certificate-0001.pem 384s ++ sed -n 's/ *commonName *= //p' 384s + key_cn='Test Organization Sub Intermediate Trusted Certificate 0001' 384s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 384s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-Imo5hn/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 384s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-Imo5hn/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 384s ++ basename /tmp/sssd-softhsm2-Imo5hn/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf .conf 384s + tokens_dir=/tmp/sssd-softhsm2-Imo5hn/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 384s + token_name='Test Organization Sub Int Token' 384s + '[' '!' -e /tmp/sssd-softhsm2-Imo5hn/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf ']' 384s + local key_file 384s + local decrypted_key 384s + mkdir -p /tmp/sssd-softhsm2-Imo5hn/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 384s + key_file=/tmp/sssd-softhsm2-Imo5hn/test-sub-intermediate-CA-trusted-certificate-0001-key.pem 384s + decrypted_key=/tmp/sssd-softhsm2-Imo5hn/test-sub-intermediate-CA-trusted-certificate-0001-key-decrypted.pem 384s + cat 384s + softhsm2-util --init-token --label 'Test Organization Sub Int Token' --pin 053350 --so-pin 053350 --free 384s Slot 0 has a free/uninitialized token. 384s The token has been initialized and is reassigned to slot 2145573682 384s + softhsm2-util --show-slots 384s Available slots: 384s Slot 2145573682 384s Slot info: 384s Description: SoftHSM slot ID 0x7fe2db32 384s Manufacturer ID: SoftHSM project 384s Hardware version: 2.6 384s Firmware version: 2.6 384s Token present: yes 384s Token info: 384s Manufacturer ID: SoftHSM project 384s Model: SoftHSM v2 384s Hardware version: 2.6 384s Firmware version: 2.6 384s Serial number: 3a494542ffe2db32 384s Initialized: yes 384s User PIN init.: yes 384s Label: Test Organization Sub Int Token 384s Slot 1 384s Slot info: 384s Description: SoftHSM slot ID 0x1 384s Manufacturer ID: SoftHSM project 384s Hardware version: 2.6 384s Firmware version: 2.6 384s Token present: yes 384s Token info: 384s Manufacturer ID: SoftHSM project 384s Model: SoftHSM v2 384s Hardware version: 2.6 384s Firmware version: 2.6 384s Serial number: 384s Initialized: no 384s User PIN init.: no 384s Label: 384s + p11tool --provider=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so --write --no-mark-private --load-certificate=/tmp/sssd-softhsm2-Imo5hn/test-sub-intermediate-CA-trusted-certificate-0001.pem --login --set-pin=053350 --label 'Test Organization Sub Intermediate Trusted Certificate 0001' --id 00112233445566778899FFAABBCCDDEEFF012345 384s + openssl rsa -passin pass:random-sub-intermediate-ca-trusted-cert-0001-39 -in /tmp/sssd-softhsm2-Imo5hn/test-sub-intermediate-CA-trusted-certificate-0001-key.pem -out /tmp/sssd-softhsm2-Imo5hn/test-sub-intermediate-CA-trusted-certificate-0001-key-decrypted.pem 384s writing RSA key 384s + p11tool --provider=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so --write --load-privkey=/tmp/sssd-softhsm2-Imo5hn/test-sub-intermediate-CA-trusted-certificate-0001-key-decrypted.pem --login --set-pin=053350 --label 'Test Organization Sub Intermediate Trusted Certificate 0001 Key' --id 00112233445566778899FFAABBCCDDEEFF012345 384s + rm /tmp/sssd-softhsm2-Imo5hn/test-sub-intermediate-CA-trusted-certificate-0001-key-decrypted.pem 384s + p11tool --provider=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so --list-all 384s Object 0: 384s URL: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=3a494542ffe2db32;token=Test%20Organization%20Sub%20Int%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Sub%20Intermediate%20Trusted%20Certificate%200001;type=cert 384s Type: X.509 Certificate (RSA-1024) 384s Expires: Sat Mar 22 00:37:08 2025 384s Label: Test Organization Sub Intermediate Trusted Certificate 0001 384s ID: 00:11:22:33:44:55:66:77:88:99:ff:aa:bb:cc:dd:ee:ff:01:23:45 384s 384s Test Organization Sub Int Token 384s + echo 'Test Organization Sub Int Token' 384s + '[' -n '' ']' 384s + local output_base_name=SSSD-child-4705 384s + local output_file=/tmp/sssd-softhsm2-Imo5hn/SSSD-child-4705.output 384s + output_cert_file=/tmp/sssd-softhsm2-Imo5hn/SSSD-child-4705.pem 384s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so '' --ca_db=/tmp/sssd-softhsm2-Imo5hn/test-root-CA.pem 384s [p11_child[2255]] [main] (0x0400): p11_child started. 384s [p11_child[2255]] [main] (0x2000): Running in [pre-auth] mode. 384s [p11_child[2255]] [main] (0x2000): Running with effective IDs: [0][0]. 384s [p11_child[2255]] [main] (0x2000): Running with real IDs [0][0]. 384s [p11_child[2255]] [do_card] (0x4000): Module List: 384s [p11_child[2255]] [do_card] (0x4000): common name: [softhsm2]. 384s [p11_child[2255]] [do_card] (0x4000): dll name: [/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 384s [p11_child[2255]] [do_card] (0x4000): Description [SoftHSM slot ID 0x7fe2db32] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 384s [p11_child[2255]] [do_card] (0x4000): Token label [Test Organization Sub Int Token]. 384s [p11_child[2255]] [do_card] (0x4000): Found [Test Organization Sub Int Token] in slot [SoftHSM slot ID 0x7fe2db32][2145573682] of module [0][/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 384s [p11_child[2255]] [do_card] (0x4000): Login NOT required. 384s [p11_child[2255]] [read_certs] (0x4000): found cert[Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] 384s [p11_child[2255]] [do_verification] (0x0040): X509_verify_cert failed [0]. 384s [p11_child[2255]] [do_verification] (0x0040): X509_verify_cert failed [20][unable to get local issuer certificate]. 384s [p11_child[2255]] [read_certs] (0x0040): Certificate [Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] not valid, skipping. 384s [p11_child[2255]] [do_card] (0x4000): No certificate found. 384s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-Imo5hn/SSSD-child-4705.output 384s + return 2 384s + invalid_certificate /tmp/sssd-softhsm2-Imo5hn/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-39 /tmp/sssd-softhsm2-Imo5hn/test-root-CA.pem partial_chain 384s + check_certificate /tmp/sssd-softhsm2-Imo5hn/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-39 /tmp/sssd-softhsm2-Imo5hn/test-root-CA.pem partial_chain 384s + local certificate=/tmp/sssd-softhsm2-Imo5hn/test-sub-intermediate-CA-trusted-certificate-0001.pem 384s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-39 384s + local key_ring=/tmp/sssd-softhsm2-Imo5hn/test-root-CA.pem 384s + local verify_option=partial_chain 384s + prepare_softhsm2_card /tmp/sssd-softhsm2-Imo5hn/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-39 384s + local certificate=/tmp/sssd-softhsm2-Imo5hn/test-sub-intermediate-CA-trusted-certificate-0001.pem 384s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-39 384s + local key_cn 384s + local key_name 384s + local tokens_dir 384s + local output_cert_file 384s + token_name= 384s ++ basename /tmp/sssd-softhsm2-Imo5hn/test-sub-intermediate-CA-trusted-certificate-0001.pem .pem 384s + key_name=test-sub-intermediate-CA-trusted-certificate-0001 384s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-Imo5hn/test-sub-intermediate-CA-trusted-certificate-0001.pem 384s ++ sed -n 's/ *commonName *= //p' 384s + key_cn='Test Organization Sub Intermediate Trusted Certificate 0001' 384s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 384s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-Imo5hn/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 384s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-Imo5hn/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 384s ++ basename /tmp/sssd-softhsm2-Imo5hn/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf .conf 384s + tokens_dir=/tmp/sssd-softhsm2-Imo5hn/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 384s + token_name='Test Organization Sub Int Token' 384s + '[' '!' -e /tmp/sssd-softhsm2-Imo5hn/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf ']' 384s + '[' '!' -d /tmp/sssd-softhsm2-Imo5hn/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 ']' 384s + echo 'Test Organization Sub Int Token' 384s Test Organization Sub Int Token 384s + '[' -n partial_chain ']' 384s + local verify_arg=--verify=partial_chain 384s + local output_base_name=SSSD-child-742 384s + local output_file=/tmp/sssd-softhsm2-Imo5hn/SSSD-child-742.output 384s + output_cert_file=/tmp/sssd-softhsm2-Imo5hn/SSSD-child-742.pem 384s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so --verify=partial_chain --ca_db=/tmp/sssd-softhsm2-Imo5hn/test-root-CA.pem 384s [p11_child[2262]] [main] (0x0400): p11_child started. 384s [p11_child[2262]] [main] (0x2000): Running in [pre-auth] mode. 384s [p11_child[2262]] [main] (0x2000): Running with effective IDs: [0][0]. 384s [p11_child[2262]] [main] (0x2000): Running with real IDs [0][0]. 384s [p11_child[2262]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 384s [p11_child[2262]] [do_card] (0x4000): Module List: 384s [p11_child[2262]] [do_card] (0x4000): common name: [softhsm2]. 384s [p11_child[2262]] [do_card] (0x4000): dll name: [/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 384s [p11_child[2262]] [do_card] (0x4000): Description [SoftHSM slot ID 0x7fe2db32] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 384s [p11_child[2262]] [do_card] (0x4000): Token label [Test Organization Sub Int Token]. 384s [p11_child[2262]] [do_card] (0x4000): Found [Test Organization Sub Int Token] in slot [SoftHSM slot ID 0x7fe2db32][2145573682] of module [0][/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 384s [p11_child[2262]] [do_card] (0x4000): Login NOT required. 384s [p11_child[2262]] [read_certs] (0x4000): found cert[Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] 384s [p11_child[2262]] [do_verification] (0x0040): X509_verify_cert failed [0]. 384s [p11_child[2262]] [do_verification] (0x0040): X509_verify_cert failed [20][unable to get local issuer certificate]. 384s [p11_child[2262]] [read_certs] (0x0040): Certificate [Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] not valid, skipping. 384s [p11_child[2262]] [do_card] (0x4000): No certificate found. 384s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-Imo5hn/SSSD-child-742.output 384s + return 2 384s + valid_certificate /tmp/sssd-softhsm2-Imo5hn/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-39 /tmp/sssd-softhsm2-Imo5hn/test-full-chain-CA.pem 384s + check_certificate /tmp/sssd-softhsm2-Imo5hn/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-39 /tmp/sssd-softhsm2-Imo5hn/test-full-chain-CA.pem 384s + local certificate=/tmp/sssd-softhsm2-Imo5hn/test-sub-intermediate-CA-trusted-certificate-0001.pem 384s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-39 384s + local key_ring=/tmp/sssd-softhsm2-Imo5hn/test-full-chain-CA.pem 384s + local verify_option= 384s + prepare_softhsm2_card /tmp/sssd-softhsm2-Imo5hn/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-39 384s + local certificate=/tmp/sssd-softhsm2-Imo5hn/test-sub-intermediate-CA-trusted-certificate-0001.pem 384s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-39 384s + local key_cn 384s + local key_name 384s + local tokens_dir 384s + local output_cert_file 384s + token_name= 384s ++ basename /tmp/sssd-softhsm2-Imo5hn/test-sub-intermediate-CA-trusted-certificate-0001.pem .pem 384s + key_name=test-sub-intermediate-CA-trusted-certificate-0001 384s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-Imo5hn/test-sub-intermediate-CA-trusted-certificate-0001.pem 384s ++ sed -n 's/ *commonName *= //p' 384s + key_cn='Test Organization Sub Intermediate Trusted Certificate 0001' 384s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 384s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-Imo5hn/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 384s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-Imo5hn/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 384s ++ basename /tmp/sssd-softhsm2-Imo5hn/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf .conf 384s + tokens_dir=/tmp/sssd-softhsm2-Imo5hn/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 384s + token_name='Test Organization Sub Int Token' 384s + '[' '!' -e /tmp/sssd-softhsm2-Imo5hn/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf ']' 384s + '[' '!' -d /tmp/sssd-softhsm2-Imo5hn/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 ']' 384s + echo 'Test Organization Sub Int Token' 384s + '[' -n '' ']' 384s Test Organization Sub Int Token 384s + local output_base_name=SSSD-child-31809 384s + local output_file=/tmp/sssd-softhsm2-Imo5hn/SSSD-child-31809.output 384s + output_cert_file=/tmp/sssd-softhsm2-Imo5hn/SSSD-child-31809.pem 384s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so '' --ca_db=/tmp/sssd-softhsm2-Imo5hn/test-full-chain-CA.pem 384s [p11_child[2269]] [main] (0x0400): p11_child started. 384s [p11_child[2269]] [main] (0x2000): Running in [pre-auth] mode. 384s [p11_child[2269]] [main] (0x2000): Running with effective IDs: [0][0]. 384s [p11_child[2269]] [main] (0x2000): Running with real IDs [0][0]. 384s [p11_child[2269]] [do_card] (0x4000): Module List: 384s [p11_child[2269]] [do_card] (0x4000): common name: [softhsm2]. 384s [p11_child[2269]] [do_card] (0x4000): dll name: [/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 384s [p11_child[2269]] [do_card] (0x4000): Description [SoftHSM slot ID 0x7fe2db32] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 384s [p11_child[2269]] [do_card] (0x4000): Token label [Test Organization Sub Int Token]. 384s [p11_child[2269]] [do_card] (0x4000): Found [Test Organization Sub Int Token] in slot [SoftHSM slot ID 0x7fe2db32][2145573682] of module [0][/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 384s [p11_child[2269]] [do_card] (0x4000): Login NOT required. 384s [p11_child[2269]] [read_certs] (0x4000): found cert[Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] 384s [p11_child[2269]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 384s [p11_child[2269]] [do_card] (0x4000): /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so (null) Test Organization Sub Int Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 384s [p11_child[2269]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x7fe2db32;slot-manufacturer=SoftHSM%20project;slot-id=2145573682;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=3a494542ffe2db32;token=Test%20Organization%20Sub%20Int%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Sub%20Intermediate%20Trusted%20Certificate%200001;type=cert. 384s [p11_child[2269]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 384s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-Imo5hn/SSSD-child-31809.output 384s + echo '-----BEGIN CERTIFICATE-----' 384s + tail -n1 /tmp/sssd-softhsm2-Imo5hn/SSSD-child-31809.output 384s + echo '-----END CERTIFICATE-----' 384s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-Imo5hn/SSSD-child-31809.pem 384s Certificate: 384s Data: 384s Version: 3 (0x2) 384s Serial Number: 5 (0x5) 384s Signature Algorithm: sha256WithRSAEncryption 384s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate CA 384s Validity 384s Not Before: Mar 22 00:37:08 2024 GMT 384s Not After : Mar 22 00:37:08 2025 GMT 384s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate Trusted Certificate 0001 384s Subject Public Key Info: 384s Public Key Algorithm: rsaEncryption 384s Public-Key: (1024 bit) 384s Modulus: 384s 00:b3:11:72:11:3e:dd:5c:17:78:84:53:e8:06:4d: 384s f6:d5:6e:df:8f:1f:ce:6c:78:f1:fb:75:8a:bc:ee: 384s a3:e2:d0:54:6e:7d:a3:cd:f0:06:12:19:59:b2:21: 384s f1:1e:74:a1:4d:9f:80:be:71:d2:97:ff:26:10:b4: 384s 4b:97:b8:9b:5d:43:bd:57:7f:46:d2:07:04:de:b8: 384s 28:71:ad:4e:c8:71:e2:c4:06:31:a5:fb:d4:2b:74: 384s 38:7f:4e:e0:2f:11:a1:e7:28:68:ed:1a:55:c0:9a: 384s 9a:6a:c8:ae:1d:9f:80:9a:7f:8c:cb:cf:15:ce:28: 384s 63:85:c5:81:67:35:15:86:29 384s Exponent: 65537 (0x10001) 384s X509v3 extensions: 384s X509v3 Authority Key Identifier: 384s 65:2C:9A:4F:FE:90:46:AD:A3:10:B7:0D:3D:8D:C6:EF:50:A2:6F:A4 384s X509v3 Basic Constraints: 384s CA:FALSE 384s Netscape Cert Type: 384s SSL Client, S/MIME 384s Netscape Comment: 384s Test Organization Sub Intermediate CA trusted Certificate 384s X509v3 Subject Key Identifier: 384s 1D:4F:2F:E9:23:C4:E1:91:C3:AA:30:6E:D9:F0:F7:6D:44:17:DF:6B 384s X509v3 Key Usage: critical 384s Digital Signature, Non Repudiation, Key Encipherment 384s X509v3 Extended Key Usage: 384s TLS Web Client Authentication, E-mail Protection 384s X509v3 Subject Alternative Name: 384s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 384s Signature Algorithm: sha256WithRSAEncryption 384s Signature Value: 384s 66:7b:e7:9e:f8:88:69:0e:96:4a:e8:4a:3a:e8:1b:b1:83:f1: 384s ac:08:4b:fd:32:7a:c9:07:ee:23:ce:4e:f7:a3:ba:b5:34:c2: 384s 3d:79:dc:2a:f8:a5:04:f0:41:53:99:5f:7e:14:f8:a7:ba:cf: 384s 05:d9:fd:bb:e3:04:15:d1:a9:7d:c6:bf:d8:81:29:c5:6b:98: 384s c6:9f:9b:fb:82:4a:7e:be:38:fd:76:a6:48:c5:6c:78:b2:1e: 384s 63:9b:8c:7a:6f:a6:9d:c6:c8:1b:4d:12:27:ac:e2:90:df:66: 384s 51:fb:4b:fa:d0:12:d2:75:c6:14:d3:5e:6d:7f:1e:d8:9d:44: 384s c1:92 384s + local found_md5 expected_md5 384s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-Imo5hn/test-sub-intermediate-CA-trusted-certificate-0001.pem 384s + expected_md5=Modulus=B31172113EDD5C17788453E8064DF6D56EDF8F1FCE6C78F1FB758ABCEEA3E2D0546E7DA3CDF006121959B221F11E74A14D9F80BE71D297FF2610B44B97B89B5D43BD577F46D20704DEB82871AD4EC871E2C40631A5FBD42B74387F4EE02F11A1E72868ED1A55C09A9A6AC8AE1D9F809A7F8CCBCF15CE286385C5816735158629 384s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-Imo5hn/SSSD-child-31809.pem 384s + found_md5=Modulus=B31172113EDD5C17788453E8064DF6D56EDF8F1FCE6C78F1FB758ABCEEA3E2D0546E7DA3CDF006121959B221F11E74A14D9F80BE71D297FF2610B44B97B89B5D43BD577F46D20704DEB82871AD4EC871E2C40631A5FBD42B74387F4EE02F11A1E72868ED1A55C09A9A6AC8AE1D9F809A7F8CCBCF15CE286385C5816735158629 384s + '[' Modulus=B31172113EDD5C17788453E8064DF6D56EDF8F1FCE6C78F1FB758ABCEEA3E2D0546E7DA3CDF006121959B221F11E74A14D9F80BE71D297FF2610B44B97B89B5D43BD577F46D20704DEB82871AD4EC871E2C40631A5FBD42B74387F4EE02F11A1E72868ED1A55C09A9A6AC8AE1D9F809A7F8CCBCF15CE286385C5816735158629 '!=' Modulus=B31172113EDD5C17788453E8064DF6D56EDF8F1FCE6C78F1FB758ABCEEA3E2D0546E7DA3CDF006121959B221F11E74A14D9F80BE71D297FF2610B44B97B89B5D43BD577F46D20704DEB82871AD4EC871E2C40631A5FBD42B74387F4EE02F11A1E72868ED1A55C09A9A6AC8AE1D9F809A7F8CCBCF15CE286385C5816735158629 ']' 384s + output_file=/tmp/sssd-softhsm2-Imo5hn/SSSD-child-31809-auth.output 384s ++ basename /tmp/sssd-softhsm2-Imo5hn/SSSD-child-31809-auth.output .output 384s + output_cert_file=/tmp/sssd-softhsm2-Imo5hn/SSSD-child-31809-auth.pem 384s + echo -n 053350 384s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/tmp/sssd-softhsm2-Imo5hn/test-full-chain-CA.pem --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 '' --token_name 'Test Organization Sub Int Token' --module_name /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so 384s [p11_child[2277]] [main] (0x0400): p11_child started. 384s [p11_child[2277]] [main] (0x2000): Running in [auth] mode. 384s [p11_child[2277]] [main] (0x2000): Running with effective IDs: [0][0]. 384s [p11_child[2277]] [main] (0x2000): Running with real IDs [0][0]. 384s [p11_child[2277]] [do_card] (0x4000): Module List: 384s [p11_child[2277]] [do_card] (0x4000): common name: [softhsm2]. 384s [p11_child[2277]] [do_card] (0x4000): dll name: [/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 384s [p11_child[2277]] [do_card] (0x4000): Description [SoftHSM slot ID 0x7fe2db32] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 384s [p11_child[2277]] [do_card] (0x4000): Token label [Test Organization Sub Int Token]. 384s [p11_child[2277]] [do_card] (0x4000): Found [Test Organization Sub Int Token] in slot [SoftHSM slot ID 0x7fe2db32][2145573682] of module [0][/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 384s [p11_child[2277]] [do_card] (0x4000): Login required. 384s [p11_child[2277]] [read_certs] (0x4000): found cert[Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] 384s [p11_child[2277]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 384s [p11_child[2277]] [do_card] (0x4000): /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so Test Organization Sub Int Token Test Organization Sub Int Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 384s [p11_child[2277]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x7fe2db32;slot-manufacturer=SoftHSM%20project;slot-id=2145573682;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=3a494542ffe2db32;token=Test%20Organization%20Sub%20Int%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Sub%20Intermediate%20Trusted%20Certificate%200001;type=cert. 384s [p11_child[2277]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 384s [p11_child[2277]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 384s [p11_child[2277]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 384s [p11_child[2277]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 384s [p11_child[2277]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 384s [p11_child[2277]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 384s [p11_child[2277]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 384s [p11_child[2277]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 384s [p11_child[2277]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 384s [p11_child[2277]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 384s [p11_child[2277]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 384s [p11_child[2277]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 384s [p11_child[2277]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 384s [p11_child[2277]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 384s [p11_child[2277]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 384s [p11_child[2277]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 384s [p11_child[2277]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 384s [p11_child[2277]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 384s [p11_child[2277]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 384s [p11_child[2277]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 384s [p11_child[2277]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 384s [p11_child[2277]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 384s [p11_child[2277]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 384s [p11_child[2277]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 384s [p11_child[2277]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 384s [p11_child[2277]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 384s [p11_child[2277]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 384s [p11_child[2277]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 384s [p11_child[2277]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 384s [p11_child[2277]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 384s [p11_child[2277]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 384s [p11_child[2277]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 384s [p11_child[2277]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 384s [p11_child[2277]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 384s [p11_child[2277]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 384s [p11_child[2277]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 384s [p11_child[2277]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 384s [p11_child[2277]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 384s [p11_child[2277]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 384s [p11_child[2277]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 384s [p11_child[2277]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 384s [p11_child[2277]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 384s [p11_child[2277]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 384s [p11_child[2277]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 384s [p11_child[2277]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 384s [p11_child[2277]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 384s [p11_child[2277]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 384s [p11_child[2277]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 384s [p11_child[2277]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 384s [p11_child[2277]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 384s [p11_child[2277]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 384s [p11_child[2277]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 384s [p11_child[2277]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 384s [p11_child[2277]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 384s [p11_child[2277]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 384s [p11_child[2277]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 384s [p11_child[2277]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 384s [p11_child[2277]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 384s [p11_child[2277]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 384s [p11_child[2277]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 384s [p11_child[2277]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 384s [p11_child[2277]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 384s [p11_child[2277]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 384s [p11_child[2277]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 384s [p11_child[2277]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 384s [p11_child[2277]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 384s [p11_child[2277]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 384s [p11_child[2277]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 384s [p11_child[2277]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 384s [p11_child[2277]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 384s [p11_child[2277]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 384s [p11_child[2277]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 384s [p11_child[2277]] [do_card] (0x4000): Certificate verified and validated. 384s [p11_child[2277]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 384s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-Imo5hn/SSSD-child-31809-auth.output 384s + echo '-----BEGIN CERTIFICATE-----' 384s + tail -n1 /tmp/sssd-softhsm2-Imo5hn/SSSD-child-31809-auth.output 384s + echo '-----END CERTIFICATE-----' 384s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-Imo5hn/SSSD-child-31809-auth.pem 384s Certificate: 384s Data: 384s Version: 3 (0x2) 384s Serial Number: 5 (0x5) 384s Signature Algorithm: sha256WithRSAEncryption 384s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate CA 384s Validity 384s Not Before: Mar 22 00:37:08 2024 GMT 384s Not After : Mar 22 00:37:08 2025 GMT 384s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate Trusted Certificate 0001 384s Subject Public Key Info: 384s Public Key Algorithm: rsaEncryption 384s Public-Key: (1024 bit) 384s Modulus: 384s 00:b3:11:72:11:3e:dd:5c:17:78:84:53:e8:06:4d: 384s f6:d5:6e:df:8f:1f:ce:6c:78:f1:fb:75:8a:bc:ee: 384s a3:e2:d0:54:6e:7d:a3:cd:f0:06:12:19:59:b2:21: 384s f1:1e:74:a1:4d:9f:80:be:71:d2:97:ff:26:10:b4: 384s 4b:97:b8:9b:5d:43:bd:57:7f:46:d2:07:04:de:b8: 384s 28:71:ad:4e:c8:71:e2:c4:06:31:a5:fb:d4:2b:74: 384s 38:7f:4e:e0:2f:11:a1:e7:28:68:ed:1a:55:c0:9a: 384s 9a:6a:c8:ae:1d:9f:80:9a:7f:8c:cb:cf:15:ce:28: 384s 63:85:c5:81:67:35:15:86:29 384s Exponent: 65537 (0x10001) 384s X509v3 extensions: 384s X509v3 Authority Key Identifier: 384s 65:2C:9A:4F:FE:90:46:AD:A3:10:B7:0D:3D:8D:C6:EF:50:A2:6F:A4 384s X509v3 Basic Constraints: 384s CA:FALSE 384s Netscape Cert Type: 384s SSL Client, S/MIME 384s Netscape Comment: 384s Test Organization Sub Intermediate CA trusted Certificate 384s X509v3 Subject Key Identifier: 384s 1D:4F:2F:E9:23:C4:E1:91:C3:AA:30:6E:D9:F0:F7:6D:44:17:DF:6B 384s X509v3 Key Usage: critical 384s Digital Signature, Non Repudiation, Key Encipherment 384s X509v3 Extended Key Usage: 384s TLS Web Client Authentication, E-mail Protection 384s X509v3 Subject Alternative Name: 384s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 384s Signature Algorithm: sha256WithRSAEncryption 384s Signature Value: 384s 66:7b:e7:9e:f8:88:69:0e:96:4a:e8:4a:3a:e8:1b:b1:83:f1: 384s ac:08:4b:fd:32:7a:c9:07:ee:23:ce:4e:f7:a3:ba:b5:34:c2: 384s 3d:79:dc:2a:f8:a5:04:f0:41:53:99:5f:7e:14:f8:a7:ba:cf: 384s 05:d9:fd:bb:e3:04:15:d1:a9:7d:c6:bf:d8:81:29:c5:6b:98: 384s c6:9f:9b:fb:82:4a:7e:be:38:fd:76:a6:48:c5:6c:78:b2:1e: 384s 63:9b:8c:7a:6f:a6:9d:c6:c8:1b:4d:12:27:ac:e2:90:df:66: 384s 51:fb:4b:fa:d0:12:d2:75:c6:14:d3:5e:6d:7f:1e:d8:9d:44: 384s c1:92 384s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-Imo5hn/SSSD-child-31809-auth.pem 384s + found_md5=Modulus=B31172113EDD5C17788453E8064DF6D56EDF8F1FCE6C78F1FB758ABCEEA3E2D0546E7DA3CDF006121959B221F11E74A14D9F80BE71D297FF2610B44B97B89B5D43BD577F46D20704DEB82871AD4EC871E2C40631A5FBD42B74387F4EE02F11A1E72868ED1A55C09A9A6AC8AE1D9F809A7F8CCBCF15CE286385C5816735158629 384s + '[' Modulus=B31172113EDD5C17788453E8064DF6D56EDF8F1FCE6C78F1FB758ABCEEA3E2D0546E7DA3CDF006121959B221F11E74A14D9F80BE71D297FF2610B44B97B89B5D43BD577F46D20704DEB82871AD4EC871E2C40631A5FBD42B74387F4EE02F11A1E72868ED1A55C09A9A6AC8AE1D9F809A7F8CCBCF15CE286385C5816735158629 '!=' Modulus=B31172113EDD5C17788453E8064DF6D56EDF8F1FCE6C78F1FB758ABCEEA3E2D0546E7DA3CDF006121959B221F11E74A14D9F80BE71D297FF2610B44B97B89B5D43BD577F46D20704DEB82871AD4EC871E2C40631A5FBD42B74387F4EE02F11A1E72868ED1A55C09A9A6AC8AE1D9F809A7F8CCBCF15CE286385C5816735158629 ']' 384s + valid_certificate /tmp/sssd-softhsm2-Imo5hn/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-39 /tmp/sssd-softhsm2-Imo5hn/test-full-chain-CA.pem partial_chain 384s + check_certificate /tmp/sssd-softhsm2-Imo5hn/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-39 /tmp/sssd-softhsm2-Imo5hn/test-full-chain-CA.pem partial_chain 384s + local certificate=/tmp/sssd-softhsm2-Imo5hn/test-sub-intermediate-CA-trusted-certificate-0001.pem 384s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-39 384s + local key_ring=/tmp/sssd-softhsm2-Imo5hn/test-full-chain-CA.pem 384s + local verify_option=partial_chain 384s + prepare_softhsm2_card /tmp/sssd-softhsm2-Imo5hn/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-39 384s + local certificate=/tmp/sssd-softhsm2-Imo5hn/test-sub-intermediate-CA-trusted-certificate-0001.pem 384s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-39 384s + local key_cn 384s + local key_name 384s + local tokens_dir 384s + local output_cert_file 384s + token_name= 384s ++ basename /tmp/sssd-softhsm2-Imo5hn/test-sub-intermediate-CA-trusted-certificate-0001.pem .pem 384s + key_name=test-sub-intermediate-CA-trusted-certificate-0001 384s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-Imo5hn/test-sub-intermediate-CA-trusted-certificate-0001.pem 384s ++ sed -n 's/ *commonName *= //p' 384s + key_cn='Test Organization Sub Intermediate Trusted Certificate 0001' 384s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 384s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-Imo5hn/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 384s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-Imo5hn/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 384s ++ basename /tmp/sssd-softhsm2-Imo5hn/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf .conf 384s + tokens_dir=/tmp/sssd-softhsm2-Imo5hn/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 384s + token_name='Test Organization Sub Int Token' 384s + '[' '!' -e /tmp/sssd-softhsm2-Imo5hn/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf ']' 384s + '[' '!' -d /tmp/sssd-softhsm2-Imo5hn/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 ']' 384s + echo 'Test Organization Sub Int Token' 384s + '[' -n partial_chain ']' 384s + local verify_arg=--verify=partial_chain 384s + local output_base_name=SSSD-child-896 384s + local output_file=/tmp/sssd-softhsm2-Imo5hn/SSSD-child-896.output 384s + output_cert_file=/tmp/sssd-softhsm2-Imo5hn/SSSD-child-896.pem 384s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so --verify=partial_chain --ca_db=/tmp/sssd-softhsm2-Imo5hn/test-full-chain-CA.pem 384s Test Organization Sub Int Token 384s [p11_child[2287]] [main] (0x0400): p11_child started. 384s [p11_child[2287]] [main] (0x2000): Running in [pre-auth] mode. 384s [p11_child[2287]] [main] (0x2000): Running with effective IDs: [0][0]. 384s [p11_child[2287]] [main] (0x2000): Running with real IDs [0][0]. 384s [p11_child[2287]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 384s [p11_child[2287]] [do_card] (0x4000): Module List: 384s [p11_child[2287]] [do_card] (0x4000): common name: [softhsm2]. 384s [p11_child[2287]] [do_card] (0x4000): dll name: [/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 384s [p11_child[2287]] [do_card] (0x4000): Description [SoftHSM slot ID 0x7fe2db32] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 384s [p11_child[2287]] [do_card] (0x4000): Token label [Test Organization Sub Int Token]. 384s [p11_child[2287]] [do_card] (0x4000): Found [Test Organization Sub Int Token] in slot [SoftHSM slot ID 0x7fe2db32][2145573682] of module [0][/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 384s [p11_child[2287]] [do_card] (0x4000): Login NOT required. 384s [p11_child[2287]] [read_certs] (0x4000): found cert[Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] 384s [p11_child[2287]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 384s [p11_child[2287]] [do_card] (0x4000): /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so (null) Test Organization Sub Int Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 384s [p11_child[2287]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x7fe2db32;slot-manufacturer=SoftHSM%20project;slot-id=2145573682;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=3a494542ffe2db32;token=Test%20Organization%20Sub%20Int%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Sub%20Intermediate%20Trusted%20Certificate%200001;type=cert. 384s [p11_child[2287]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 384s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-Imo5hn/SSSD-child-896.output 384s + echo '-----BEGIN CERTIFICATE-----' 384s + tail -n1 /tmp/sssd-softhsm2-Imo5hn/SSSD-child-896.output 384s + echo '-----END CERTIFICATE-----' 384s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-Imo5hn/SSSD-child-896.pem 384s Certificate: 384s Data: 384s Version: 3 (0x2) 384s Serial Number: 5 (0x5) 384s Signature Algorithm: sha256WithRSAEncryption 384s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate CA 384s Validity 384s Not Before: Mar 22 00:37:08 2024 GMT 384s Not After : Mar 22 00:37:08 2025 GMT 384s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate Trusted Certificate 0001 384s Subject Public Key Info: 384s Public Key Algorithm: rsaEncryption 384s Public-Key: (1024 bit) 384s Modulus: 384s 00:b3:11:72:11:3e:dd:5c:17:78:84:53:e8:06:4d: 384s f6:d5:6e:df:8f:1f:ce:6c:78:f1:fb:75:8a:bc:ee: 384s a3:e2:d0:54:6e:7d:a3:cd:f0:06:12:19:59:b2:21: 384s f1:1e:74:a1:4d:9f:80:be:71:d2:97:ff:26:10:b4: 384s 4b:97:b8:9b:5d:43:bd:57:7f:46:d2:07:04:de:b8: 384s 28:71:ad:4e:c8:71:e2:c4:06:31:a5:fb:d4:2b:74: 384s 38:7f:4e:e0:2f:11:a1:e7:28:68:ed:1a:55:c0:9a: 384s 9a:6a:c8:ae:1d:9f:80:9a:7f:8c:cb:cf:15:ce:28: 384s 63:85:c5:81:67:35:15:86:29 384s Exponent: 65537 (0x10001) 384s X509v3 extensions: 384s X509v3 Authority Key Identifier: 384s 65:2C:9A:4F:FE:90:46:AD:A3:10:B7:0D:3D:8D:C6:EF:50:A2:6F:A4 384s X509v3 Basic Constraints: 384s CA:FALSE 384s Netscape Cert Type: 384s SSL Client, S/MIME 384s Netscape Comment: 384s Test Organization Sub Intermediate CA trusted Certificate 384s X509v3 Subject Key Identifier: 384s 1D:4F:2F:E9:23:C4:E1:91:C3:AA:30:6E:D9:F0:F7:6D:44:17:DF:6B 384s X509v3 Key Usage: critical 384s Digital Signature, Non Repudiation, Key Encipherment 384s X509v3 Extended Key Usage: 384s TLS Web Client Authentication, E-mail Protection 384s X509v3 Subject Alternative Name: 384s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 384s Signature Algorithm: sha256WithRSAEncryption 384s Signature Value: 384s 66:7b:e7:9e:f8:88:69:0e:96:4a:e8:4a:3a:e8:1b:b1:83:f1: 384s ac:08:4b:fd:32:7a:c9:07:ee:23:ce:4e:f7:a3:ba:b5:34:c2: 384s 3d:79:dc:2a:f8:a5:04:f0:41:53:99:5f:7e:14:f8:a7:ba:cf: 384s 05:d9:fd:bb:e3:04:15:d1:a9:7d:c6:bf:d8:81:29:c5:6b:98: 384s c6:9f:9b:fb:82:4a:7e:be:38:fd:76:a6:48:c5:6c:78:b2:1e: 384s 63:9b:8c:7a:6f:a6:9d:c6:c8:1b:4d:12:27:ac:e2:90:df:66: 384s 51:fb:4b:fa:d0:12:d2:75:c6:14:d3:5e:6d:7f:1e:d8:9d:44: 384s c1:92 384s + local found_md5 expected_md5 384s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-Imo5hn/test-sub-intermediate-CA-trusted-certificate-0001.pem 384s + expected_md5=Modulus=B31172113EDD5C17788453E8064DF6D56EDF8F1FCE6C78F1FB758ABCEEA3E2D0546E7DA3CDF006121959B221F11E74A14D9F80BE71D297FF2610B44B97B89B5D43BD577F46D20704DEB82871AD4EC871E2C40631A5FBD42B74387F4EE02F11A1E72868ED1A55C09A9A6AC8AE1D9F809A7F8CCBCF15CE286385C5816735158629 384s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-Imo5hn/SSSD-child-896.pem 384s + found_md5=Modulus=B31172113EDD5C17788453E8064DF6D56EDF8F1FCE6C78F1FB758ABCEEA3E2D0546E7DA3CDF006121959B221F11E74A14D9F80BE71D297FF2610B44B97B89B5D43BD577F46D20704DEB82871AD4EC871E2C40631A5FBD42B74387F4EE02F11A1E72868ED1A55C09A9A6AC8AE1D9F809A7F8CCBCF15CE286385C5816735158629 384s + '[' Modulus=B31172113EDD5C17788453E8064DF6D56EDF8F1FCE6C78F1FB758ABCEEA3E2D0546E7DA3CDF006121959B221F11E74A14D9F80BE71D297FF2610B44B97B89B5D43BD577F46D20704DEB82871AD4EC871E2C40631A5FBD42B74387F4EE02F11A1E72868ED1A55C09A9A6AC8AE1D9F809A7F8CCBCF15CE286385C5816735158629 '!=' Modulus=B31172113EDD5C17788453E8064DF6D56EDF8F1FCE6C78F1FB758ABCEEA3E2D0546E7DA3CDF006121959B221F11E74A14D9F80BE71D297FF2610B44B97B89B5D43BD577F46D20704DEB82871AD4EC871E2C40631A5FBD42B74387F4EE02F11A1E72868ED1A55C09A9A6AC8AE1D9F809A7F8CCBCF15CE286385C5816735158629 ']' 384s + output_file=/tmp/sssd-softhsm2-Imo5hn/SSSD-child-896-auth.output 384s ++ basename /tmp/sssd-softhsm2-Imo5hn/SSSD-child-896-auth.output .output 384s + output_cert_file=/tmp/sssd-softhsm2-Imo5hn/SSSD-child-896-auth.pem 384s + echo -n 053350 384s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/tmp/sssd-softhsm2-Imo5hn/test-full-chain-CA.pem --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 --verify=partial_chain --token_name 'Test Organization Sub Int Token' --module_name /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so 384s [p11_child[2295]] [main] (0x0400): p11_child started. 384s [p11_child[2295]] [main] (0x2000): Running in [auth] mode. 384s [p11_child[2295]] [main] (0x2000): Running with effective IDs: [0][0]. 384s [p11_child[2295]] [main] (0x2000): Running with real IDs [0][0]. 384s [p11_child[2295]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 384s [p11_child[2295]] [do_card] (0x4000): Module List: 384s [p11_child[2295]] [do_card] (0x4000): common name: [softhsm2]. 384s [p11_child[2295]] [do_card] (0x4000): dll name: [/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 384s [p11_child[2295]] [do_card] (0x4000): Description [SoftHSM slot ID 0x7fe2db32] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 384s [p11_child[2295]] [do_card] (0x4000): Token label [Test Organization Sub Int Token]. 384s [p11_child[2295]] [do_card] (0x4000): Found [Test Organization Sub Int Token] in slot [SoftHSM slot ID 0x7fe2db32][2145573682] of module [0][/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 384s [p11_child[2295]] [do_card] (0x4000): Login required. 384s [p11_child[2295]] [read_certs] (0x4000): found cert[Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] 384s [p11_child[2295]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 384s [p11_child[2295]] [do_card] (0x4000): /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so Test Organization Sub Int Token Test Organization Sub Int Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 384s [p11_child[2295]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x7fe2db32;slot-manufacturer=SoftHSM%20project;slot-id=2145573682;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=3a494542ffe2db32;token=Test%20Organization%20Sub%20Int%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Sub%20Intermediate%20Trusted%20Certificate%200001;type=cert. 384s [p11_child[2295]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 384s [p11_child[2295]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 384s [p11_child[2295]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 384s [p11_child[2295]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 384s [p11_child[2295]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 384s [p11_child[2295]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 384s [p11_child[2295]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 384s [p11_child[2295]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 384s [p11_child[2295]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 384s [p11_child[2295]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 384s [p11_child[2295]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 384s [p11_child[2295]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 384s [p11_child[2295]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 384s [p11_child[2295]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 384s [p11_child[2295]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 384s [p11_child[2295]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 384s [p11_child[2295]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 384s [p11_child[2295]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 384s [p11_child[2295]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 384s [p11_child[2295]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 384s [p11_child[2295]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 384s [p11_child[2295]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 384s [p11_child[2295]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 384s [p11_child[2295]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 384s [p11_child[2295]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 384s [p11_child[2295]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 384s [p11_child[2295]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 384s [p11_child[2295]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 384s [p11_child[2295]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 384s [p11_child[2295]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 384s [p11_child[2295]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 384s [p11_child[2295]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 384s [p11_child[2295]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 384s [p11_child[2295]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 384s [p11_child[2295]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 384s [p11_child[2295]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 384s [p11_child[2295]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 384s [p11_child[2295]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 384s [p11_child[2295]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 384s [p11_child[2295]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 384s [p11_child[2295]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 384s [p11_child[2295]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 384s [p11_child[2295]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 384s [p11_child[2295]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 384s [p11_child[2295]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 384s [p11_child[2295]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 384s [p11_child[2295]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 384s [p11_child[2295]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 384s [p11_child[2295]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 384s [p11_child[2295]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 384s [p11_child[2295]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 384s [p11_child[2295]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 384s [p11_child[2295]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 384s [p11_child[2295]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 384s [p11_child[2295]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 384s [p11_child[2295]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 384s [p11_child[2295]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 384s [p11_child[2295]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 384s [p11_child[2295]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 384s [p11_child[2295]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 384s [p11_child[2295]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 384s [p11_child[2295]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 384s [p11_child[2295]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 384s [p11_child[2295]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 384s [p11_child[2295]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 384s [p11_child[2295]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 384s [p11_child[2295]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 384s [p11_child[2295]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 384s [p11_child[2295]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 384s [p11_child[2295]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 384s [p11_child[2295]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 384s [p11_child[2295]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 384s [p11_child[2295]] [do_card] (0x4000): Certificate verified and validated. 384s [p11_child[2295]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 384s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-Imo5hn/SSSD-child-896-auth.output 384s + echo '-----BEGIN CERTIFICATE-----' 384s + tail -n1 /tmp/sssd-softhsm2-Imo5hn/SSSD-child-896-auth.output 384s + echo '-----END CERTIFICATE-----' 384s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-Imo5hn/SSSD-child-896-auth.pem 385s Certificate: 385s Data: 385s Version: 3 (0x2) 385s Serial Number: 5 (0x5) 385s Signature Algorithm: sha256WithRSAEncryption 385s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate CA 385s Validity 385s Not Before: Mar 22 00:37:08 2024 GMT 385s Not After : Mar 22 00:37:08 2025 GMT 385s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate Trusted Certificate 0001 385s Subject Public Key Info: 385s Public Key Algorithm: rsaEncryption 385s Public-Key: (1024 bit) 385s Modulus: 385s 00:b3:11:72:11:3e:dd:5c:17:78:84:53:e8:06:4d: 385s f6:d5:6e:df:8f:1f:ce:6c:78:f1:fb:75:8a:bc:ee: 385s a3:e2:d0:54:6e:7d:a3:cd:f0:06:12:19:59:b2:21: 385s f1:1e:74:a1:4d:9f:80:be:71:d2:97:ff:26:10:b4: 385s 4b:97:b8:9b:5d:43:bd:57:7f:46:d2:07:04:de:b8: 385s 28:71:ad:4e:c8:71:e2:c4:06:31:a5:fb:d4:2b:74: 385s 38:7f:4e:e0:2f:11:a1:e7:28:68:ed:1a:55:c0:9a: 385s 9a:6a:c8:ae:1d:9f:80:9a:7f:8c:cb:cf:15:ce:28: 385s 63:85:c5:81:67:35:15:86:29 385s Exponent: 65537 (0x10001) 385s X509v3 extensions: 385s X509v3 Authority Key Identifier: 385s 65:2C:9A:4F:FE:90:46:AD:A3:10:B7:0D:3D:8D:C6:EF:50:A2:6F:A4 385s X509v3 Basic Constraints: 385s CA:FALSE 385s Netscape Cert Type: 385s SSL Client, S/MIME 385s Netscape Comment: 385s Test Organization Sub Intermediate CA trusted Certificate 385s X509v3 Subject Key Identifier: 385s 1D:4F:2F:E9:23:C4:E1:91:C3:AA:30:6E:D9:F0:F7:6D:44:17:DF:6B 385s X509v3 Key Usage: critical 385s Digital Signature, Non Repudiation, Key Encipherment 385s X509v3 Extended Key Usage: 385s TLS Web Client Authentication, E-mail Protection 385s X509v3 Subject Alternative Name: 385s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 385s Signature Algorithm: sha256WithRSAEncryption 385s Signature Value: 385s 66:7b:e7:9e:f8:88:69:0e:96:4a:e8:4a:3a:e8:1b:b1:83:f1: 385s ac:08:4b:fd:32:7a:c9:07:ee:23:ce:4e:f7:a3:ba:b5:34:c2: 385s 3d:79:dc:2a:f8:a5:04:f0:41:53:99:5f:7e:14:f8:a7:ba:cf: 385s 05:d9:fd:bb:e3:04:15:d1:a9:7d:c6:bf:d8:81:29:c5:6b:98: 385s c6:9f:9b:fb:82:4a:7e:be:38:fd:76:a6:48:c5:6c:78:b2:1e: 385s 63:9b:8c:7a:6f:a6:9d:c6:c8:1b:4d:12:27:ac:e2:90:df:66: 385s 51:fb:4b:fa:d0:12:d2:75:c6:14:d3:5e:6d:7f:1e:d8:9d:44: 385s c1:92 385s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-Imo5hn/SSSD-child-896-auth.pem 385s + found_md5=Modulus=B31172113EDD5C17788453E8064DF6D56EDF8F1FCE6C78F1FB758ABCEEA3E2D0546E7DA3CDF006121959B221F11E74A14D9F80BE71D297FF2610B44B97B89B5D43BD577F46D20704DEB82871AD4EC871E2C40631A5FBD42B74387F4EE02F11A1E72868ED1A55C09A9A6AC8AE1D9F809A7F8CCBCF15CE286385C5816735158629 385s + '[' Modulus=B31172113EDD5C17788453E8064DF6D56EDF8F1FCE6C78F1FB758ABCEEA3E2D0546E7DA3CDF006121959B221F11E74A14D9F80BE71D297FF2610B44B97B89B5D43BD577F46D20704DEB82871AD4EC871E2C40631A5FBD42B74387F4EE02F11A1E72868ED1A55C09A9A6AC8AE1D9F809A7F8CCBCF15CE286385C5816735158629 '!=' Modulus=B31172113EDD5C17788453E8064DF6D56EDF8F1FCE6C78F1FB758ABCEEA3E2D0546E7DA3CDF006121959B221F11E74A14D9F80BE71D297FF2610B44B97B89B5D43BD577F46D20704DEB82871AD4EC871E2C40631A5FBD42B74387F4EE02F11A1E72868ED1A55C09A9A6AC8AE1D9F809A7F8CCBCF15CE286385C5816735158629 ']' 385s + invalid_certificate /tmp/sssd-softhsm2-Imo5hn/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-39 /tmp/sssd-softhsm2-Imo5hn/test-sub-intermediate-CA.pem 385s + check_certificate /tmp/sssd-softhsm2-Imo5hn/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-39 /tmp/sssd-softhsm2-Imo5hn/test-sub-intermediate-CA.pem 385s + local certificate=/tmp/sssd-softhsm2-Imo5hn/test-sub-intermediate-CA-trusted-certificate-0001.pem 385s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-39 385s + local key_ring=/tmp/sssd-softhsm2-Imo5hn/test-sub-intermediate-CA.pem 385s + local verify_option= 385s + prepare_softhsm2_card /tmp/sssd-softhsm2-Imo5hn/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-39 385s + local certificate=/tmp/sssd-softhsm2-Imo5hn/test-sub-intermediate-CA-trusted-certificate-0001.pem 385s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-39 385s + local key_cn 385s + local key_name 385s + local tokens_dir 385s + local output_cert_file 385s + token_name= 385s ++ basename /tmp/sssd-softhsm2-Imo5hn/test-sub-intermediate-CA-trusted-certificate-0001.pem .pem 385s + key_name=test-sub-intermediate-CA-trusted-certificate-0001 385s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-Imo5hn/test-sub-intermediate-CA-trusted-certificate-0001.pem 385s ++ sed -n 's/ *commonName *= //p' 385s + key_cn='Test Organization Sub Intermediate Trusted Certificate 0001' 385s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 385s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-Imo5hn/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 385s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-Imo5hn/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 385s ++ basename /tmp/sssd-softhsm2-Imo5hn/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf .conf 385s + tokens_dir=/tmp/sssd-softhsm2-Imo5hn/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 385s + token_name='Test Organization Sub Int Token' 385s + '[' '!' -e /tmp/sssd-softhsm2-Imo5hn/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf ']' 385s + '[' '!' -d /tmp/sssd-softhsm2-Imo5hn/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 ']' 385s + echo 'Test Organization Sub Int Token' 385s Test Organization Sub Int Token 385s + '[' -n '' ']' 385s + local output_base_name=SSSD-child-31753 385s + local output_file=/tmp/sssd-softhsm2-Imo5hn/SSSD-child-31753.output 385s + output_cert_file=/tmp/sssd-softhsm2-Imo5hn/SSSD-child-31753.pem 385s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so '' --ca_db=/tmp/sssd-softhsm2-Imo5hn/test-sub-intermediate-CA.pem 385s [p11_child[2305]] [main] (0x0400): p11_child started. 385s [p11_child[2305]] [main] (0x2000): Running in [pre-auth] mode. 385s [p11_child[2305]] [main] (0x2000): Running with effective IDs: [0][0]. 385s [p11_child[2305]] [main] (0x2000): Running with real IDs [0][0]. 385s [p11_child[2305]] [do_card] (0x4000): Module List: 385s [p11_child[2305]] [do_card] (0x4000): common name: [softhsm2]. 385s [p11_child[2305]] [do_card] (0x4000): dll name: [/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 385s [p11_child[2305]] [do_card] (0x4000): Description [SoftHSM slot ID 0x7fe2db32] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 385s [p11_child[2305]] [do_card] (0x4000): Token label [Test Organization Sub Int Token]. 385s [p11_child[2305]] [do_card] (0x4000): Found [Test Organization Sub Int Token] in slot [SoftHSM slot ID 0x7fe2db32][2145573682] of module [0][/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 385s [p11_child[2305]] [do_card] (0x4000): Login NOT required. 385s [p11_child[2305]] [read_certs] (0x4000): found cert[Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] 385s [p11_child[2305]] [do_verification] (0x0040): X509_verify_cert failed [0]. 385s [p11_child[2305]] [do_verification] (0x0040): X509_verify_cert failed [2][unable to get issuer certificate]. 385s [p11_child[2305]] [read_certs] (0x0040): Certificate [Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] not valid, skipping. 385s [p11_child[2305]] [do_card] (0x4000): No certificate found. 385s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-Imo5hn/SSSD-child-31753.output 385s + return 2 385s + invalid_certificate /tmp/sssd-softhsm2-Imo5hn/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-39 /tmp/sssd-softhsm2-Imo5hn/test-root-intermediate-chain-CA.pem partial_chain 385s + check_certificate /tmp/sssd-softhsm2-Imo5hn/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-39 /tmp/sssd-softhsm2-Imo5hn/test-root-intermediate-chain-CA.pem partial_chain 385s + local certificate=/tmp/sssd-softhsm2-Imo5hn/test-sub-intermediate-CA-trusted-certificate-0001.pem 385s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-39 385s + local key_ring=/tmp/sssd-softhsm2-Imo5hn/test-root-intermediate-chain-CA.pem 385s + local verify_option=partial_chain 385s + prepare_softhsm2_card /tmp/sssd-softhsm2-Imo5hn/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-39 385s + local certificate=/tmp/sssd-softhsm2-Imo5hn/test-sub-intermediate-CA-trusted-certificate-0001.pem 385s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-39 385s + local key_cn 385s + local key_name 385s + local tokens_dir 385s + local output_cert_file 385s + token_name= 385s ++ basename /tmp/sssd-softhsm2-Imo5hn/test-sub-intermediate-CA-trusted-certificate-0001.pem .pem 385s + key_name=test-sub-intermediate-CA-trusted-certificate-0001 385s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-Imo5hn/test-sub-intermediate-CA-trusted-certificate-0001.pem 385s ++ sed -n 's/ *commonName *= //p' 385s + key_cn='Test Organization Sub Intermediate Trusted Certificate 0001' 385s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 385s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-Imo5hn/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 385s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-Imo5hn/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 385s ++ basename /tmp/sssd-softhsm2-Imo5hn/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf .conf 385s + tokens_dir=/tmp/sssd-softhsm2-Imo5hn/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 385s + token_name='Test Organization Sub Int Token' 385s + '[' '!' -e /tmp/sssd-softhsm2-Imo5hn/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf ']' 385s + '[' '!' -d /tmp/sssd-softhsm2-Imo5hn/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 ']' 385s + echo 'Test Organization Sub Int Token' 385s + '[' -n partial_chain ']' 385s Test Organization Sub Int Token 385s + local verify_arg=--verify=partial_chain 385s + local output_base_name=SSSD-child-10913 385s + local output_file=/tmp/sssd-softhsm2-Imo5hn/SSSD-child-10913.output 385s + output_cert_file=/tmp/sssd-softhsm2-Imo5hn/SSSD-child-10913.pem 385s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so --verify=partial_chain --ca_db=/tmp/sssd-softhsm2-Imo5hn/test-root-intermediate-chain-CA.pem 385s [p11_child[2312]] [main] (0x0400): p11_child started. 385s [p11_child[2312]] [main] (0x2000): Running in [pre-auth] mode. 385s [p11_child[2312]] [main] (0x2000): Running with effective IDs: [0][0]. 385s [p11_child[2312]] [main] (0x2000): Running with real IDs [0][0]. 385s [p11_child[2312]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 385s [p11_child[2312]] [do_card] (0x4000): Module List: 385s [p11_child[2312]] [do_card] (0x4000): common name: [softhsm2]. 385s [p11_child[2312]] [do_card] (0x4000): dll name: [/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 385s [p11_child[2312]] [do_card] (0x4000): Description [SoftHSM slot ID 0x7fe2db32] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 385s [p11_child[2312]] [do_card] (0x4000): Token label [Test Organization Sub Int Token]. 385s [p11_child[2312]] [do_card] (0x4000): Found [Test Organization Sub Int Token] in slot [SoftHSM slot ID 0x7fe2db32][2145573682] of module [0][/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 385s [p11_child[2312]] [do_card] (0x4000): Login NOT required. 385s [p11_child[2312]] [read_certs] (0x4000): found cert[Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] 385s [p11_child[2312]] [do_verification] (0x0040): X509_verify_cert failed [0]. 385s [p11_child[2312]] [do_verification] (0x0040): X509_verify_cert failed [20][unable to get local issuer certificate]. 385s [p11_child[2312]] [read_certs] (0x0040): Certificate [Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] not valid, skipping. 385s [p11_child[2312]] [do_card] (0x4000): No certificate found. 385s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-Imo5hn/SSSD-child-10913.output 385s + return 2 385s + valid_certificate /tmp/sssd-softhsm2-Imo5hn/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-39 /tmp/sssd-softhsm2-Imo5hn/test-sub-intermediate-CA.pem partial_chain 385s + check_certificate /tmp/sssd-softhsm2-Imo5hn/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-39 /tmp/sssd-softhsm2-Imo5hn/test-sub-intermediate-CA.pem partial_chain 385s + local certificate=/tmp/sssd-softhsm2-Imo5hn/test-sub-intermediate-CA-trusted-certificate-0001.pem 385s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-39 385s + local key_ring=/tmp/sssd-softhsm2-Imo5hn/test-sub-intermediate-CA.pem 385s + local verify_option=partial_chain 385s + prepare_softhsm2_card /tmp/sssd-softhsm2-Imo5hn/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-39 385s + local certificate=/tmp/sssd-softhsm2-Imo5hn/test-sub-intermediate-CA-trusted-certificate-0001.pem 385s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-39 385s + local key_cn 385s + local key_name 385s + local tokens_dir 385s + local output_cert_file 385s + token_name= 385s ++ basename /tmp/sssd-softhsm2-Imo5hn/test-sub-intermediate-CA-trusted-certificate-0001.pem .pem 385s + key_name=test-sub-intermediate-CA-trusted-certificate-0001 385s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-Imo5hn/test-sub-intermediate-CA-trusted-certificate-0001.pem 385s ++ sed -n 's/ *commonName *= //p' 385s + key_cn='Test Organization Sub Intermediate Trusted Certificate 0001' 385s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 385s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-Imo5hn/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 385s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-Imo5hn/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 385s ++ basename /tmp/sssd-softhsm2-Imo5hn/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf .conf 385s + tokens_dir=/tmp/sssd-softhsm2-Imo5hn/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 385s + token_name='Test Organization Sub Int Token' 385s + '[' '!' -e /tmp/sssd-softhsm2-Imo5hn/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf ']' 385s + '[' '!' -d /tmp/sssd-softhsm2-Imo5hn/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 ']' 385s Test Organization Sub Int Token 385s + echo 'Test Organization Sub Int Token' 385s + '[' -n partial_chain ']' 385s + local verify_arg=--verify=partial_chain 385s + local output_base_name=SSSD-child-3361 385s + local output_file=/tmp/sssd-softhsm2-Imo5hn/SSSD-child-3361.output 385s + output_cert_file=/tmp/sssd-softhsm2-Imo5hn/SSSD-child-3361.pem 385s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so --verify=partial_chain --ca_db=/tmp/sssd-softhsm2-Imo5hn/test-sub-intermediate-CA.pem 385s [p11_child[2319]] [main] (0x0400): p11_child started. 385s [p11_child[2319]] [main] (0x2000): Running in [pre-auth] mode. 385s [p11_child[2319]] [main] (0x2000): Running with effective IDs: [0][0]. 385s [p11_child[2319]] [main] (0x2000): Running with real IDs [0][0]. 385s [p11_child[2319]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 385s [p11_child[2319]] [do_card] (0x4000): Module List: 385s [p11_child[2319]] [do_card] (0x4000): common name: [softhsm2]. 385s [p11_child[2319]] [do_card] (0x4000): dll name: [/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 385s [p11_child[2319]] [do_card] (0x4000): Description [SoftHSM slot ID 0x7fe2db32] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 385s [p11_child[2319]] [do_card] (0x4000): Token label [Test Organization Sub Int Token]. 385s [p11_child[2319]] [do_card] (0x4000): Found [Test Organization Sub Int Token] in slot [SoftHSM slot ID 0x7fe2db32][2145573682] of module [0][/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 385s [p11_child[2319]] [do_card] (0x4000): Login NOT required. 385s [p11_child[2319]] [read_certs] (0x4000): found cert[Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] 385s [p11_child[2319]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 385s [p11_child[2319]] [do_card] (0x4000): /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so (null) Test Organization Sub Int Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 385s [p11_child[2319]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x7fe2db32;slot-manufacturer=SoftHSM%20project;slot-id=2145573682;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=3a494542ffe2db32;token=Test%20Organization%20Sub%20Int%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Sub%20Intermediate%20Trusted%20Certificate%200001;type=cert. 385s [p11_child[2319]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 385s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-Imo5hn/SSSD-child-3361.output 385s + echo '-----BEGIN CERTIFICATE-----' 385s + tail -n1 /tmp/sssd-softhsm2-Imo5hn/SSSD-child-3361.output 385s + echo '-----END CERTIFICATE-----' 385s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-Imo5hn/SSSD-child-3361.pem 385s Certificate: 385s Data: 385s Version: 3 (0x2) 385s Serial Number: 5 (0x5) 385s Signature Algorithm: sha256WithRSAEncryption 385s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate CA 385s Validity 385s Not Before: Mar 22 00:37:08 2024 GMT 385s Not After : Mar 22 00:37:08 2025 GMT 385s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate Trusted Certificate 0001 385s Subject Public Key Info: 385s Public Key Algorithm: rsaEncryption 385s Public-Key: (1024 bit) 385s Modulus: 385s 00:b3:11:72:11:3e:dd:5c:17:78:84:53:e8:06:4d: 385s f6:d5:6e:df:8f:1f:ce:6c:78:f1:fb:75:8a:bc:ee: 385s a3:e2:d0:54:6e:7d:a3:cd:f0:06:12:19:59:b2:21: 385s f1:1e:74:a1:4d:9f:80:be:71:d2:97:ff:26:10:b4: 385s 4b:97:b8:9b:5d:43:bd:57:7f:46:d2:07:04:de:b8: 385s 28:71:ad:4e:c8:71:e2:c4:06:31:a5:fb:d4:2b:74: 385s 38:7f:4e:e0:2f:11:a1:e7:28:68:ed:1a:55:c0:9a: 385s 9a:6a:c8:ae:1d:9f:80:9a:7f:8c:cb:cf:15:ce:28: 385s 63:85:c5:81:67:35:15:86:29 385s Exponent: 65537 (0x10001) 385s X509v3 extensions: 385s X509v3 Authority Key Identifier: 385s 65:2C:9A:4F:FE:90:46:AD:A3:10:B7:0D:3D:8D:C6:EF:50:A2:6F:A4 385s X509v3 Basic Constraints: 385s CA:FALSE 385s Netscape Cert Type: 385s SSL Client, S/MIME 385s Netscape Comment: 385s Test Organization Sub Intermediate CA trusted Certificate 385s X509v3 Subject Key Identifier: 385s 1D:4F:2F:E9:23:C4:E1:91:C3:AA:30:6E:D9:F0:F7:6D:44:17:DF:6B 385s X509v3 Key Usage: critical 385s Digital Signature, Non Repudiation, Key Encipherment 385s X509v3 Extended Key Usage: 385s TLS Web Client Authentication, E-mail Protection 385s X509v3 Subject Alternative Name: 385s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 385s Signature Algorithm: sha256WithRSAEncryption 385s Signature Value: 385s 66:7b:e7:9e:f8:88:69:0e:96:4a:e8:4a:3a:e8:1b:b1:83:f1: 385s ac:08:4b:fd:32:7a:c9:07:ee:23:ce:4e:f7:a3:ba:b5:34:c2: 385s 3d:79:dc:2a:f8:a5:04:f0:41:53:99:5f:7e:14:f8:a7:ba:cf: 385s 05:d9:fd:bb:e3:04:15:d1:a9:7d:c6:bf:d8:81:29:c5:6b:98: 385s c6:9f:9b:fb:82:4a:7e:be:38:fd:76:a6:48:c5:6c:78:b2:1e: 385s 63:9b:8c:7a:6f:a6:9d:c6:c8:1b:4d:12:27:ac:e2:90:df:66: 385s 51:fb:4b:fa:d0:12:d2:75:c6:14:d3:5e:6d:7f:1e:d8:9d:44: 385s c1:92 385s + local found_md5 expected_md5 385s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-Imo5hn/test-sub-intermediate-CA-trusted-certificate-0001.pem 385s + expected_md5=Modulus=B31172113EDD5C17788453E8064DF6D56EDF8F1FCE6C78F1FB758ABCEEA3E2D0546E7DA3CDF006121959B221F11E74A14D9F80BE71D297FF2610B44B97B89B5D43BD577F46D20704DEB82871AD4EC871E2C40631A5FBD42B74387F4EE02F11A1E72868ED1A55C09A9A6AC8AE1D9F809A7F8CCBCF15CE286385C5816735158629 385s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-Imo5hn/SSSD-child-3361.pem 385s + found_md5=Modulus=B31172113EDD5C17788453E8064DF6D56EDF8F1FCE6C78F1FB758ABCEEA3E2D0546E7DA3CDF006121959B221F11E74A14D9F80BE71D297FF2610B44B97B89B5D43BD577F46D20704DEB82871AD4EC871E2C40631A5FBD42B74387F4EE02F11A1E72868ED1A55C09A9A6AC8AE1D9F809A7F8CCBCF15CE286385C5816735158629 385s + '[' Modulus=B31172113EDD5C17788453E8064DF6D56EDF8F1FCE6C78F1FB758ABCEEA3E2D0546E7DA3CDF006121959B221F11E74A14D9F80BE71D297FF2610B44B97B89B5D43BD577F46D20704DEB82871AD4EC871E2C40631A5FBD42B74387F4EE02F11A1E72868ED1A55C09A9A6AC8AE1D9F809A7F8CCBCF15CE286385C5816735158629 '!=' Modulus=B31172113EDD5C17788453E8064DF6D56EDF8F1FCE6C78F1FB758ABCEEA3E2D0546E7DA3CDF006121959B221F11E74A14D9F80BE71D297FF2610B44B97B89B5D43BD577F46D20704DEB82871AD4EC871E2C40631A5FBD42B74387F4EE02F11A1E72868ED1A55C09A9A6AC8AE1D9F809A7F8CCBCF15CE286385C5816735158629 ']' 385s + output_file=/tmp/sssd-softhsm2-Imo5hn/SSSD-child-3361-auth.output 385s ++ basename /tmp/sssd-softhsm2-Imo5hn/SSSD-child-3361-auth.output .output 385s + output_cert_file=/tmp/sssd-softhsm2-Imo5hn/SSSD-child-3361-auth.pem 385s + echo -n 053350 385s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/tmp/sssd-softhsm2-Imo5hn/test-sub-intermediate-CA.pem --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 --verify=partial_chain --token_name 'Test Organization Sub Int Token' --module_name /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so 385s [p11_child[2327]] [main] (0x0400): p11_child started. 385s [p11_child[2327]] [main] (0x2000): Running in [auth] mode. 385s [p11_child[2327]] [main] (0x2000): Running with effective IDs: [0][0]. 385s [p11_child[2327]] [main] (0x2000): Running with real IDs [0][0]. 385s [p11_child[2327]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 385s [p11_child[2327]] [do_card] (0x4000): Module List: 385s [p11_child[2327]] [do_card] (0x4000): common name: [softhsm2]. 385s [p11_child[2327]] [do_card] (0x4000): dll name: [/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 385s [p11_child[2327]] [do_card] (0x4000): Description [SoftHSM slot ID 0x7fe2db32] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 385s [p11_child[2327]] [do_card] (0x4000): Token label [Test Organization Sub Int Token]. 385s [p11_child[2327]] [do_card] (0x4000): Found [Test Organization Sub Int Token] in slot [SoftHSM slot ID 0x7fe2db32][2145573682] of module [0][/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 385s [p11_child[2327]] [do_card] (0x4000): Login required. 385s [p11_child[2327]] [read_certs] (0x4000): found cert[Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] 385s [p11_child[2327]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 385s [p11_child[2327]] [do_card] (0x4000): /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so Test Organization Sub Int Token Test Organization Sub Int Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 385s [p11_child[2327]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x7fe2db32;slot-manufacturer=SoftHSM%20project;slot-id=2145573682;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=3a494542ffe2db32;token=Test%20Organization%20Sub%20Int%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Sub%20Intermediate%20Trusted%20Certificate%200001;type=cert. 385s [p11_child[2327]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 385s [p11_child[2327]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 385s [p11_child[2327]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 385s [p11_child[2327]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 385s [p11_child[2327]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 385s [p11_child[2327]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 385s [p11_child[2327]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 385s [p11_child[2327]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 385s [p11_child[2327]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 385s [p11_child[2327]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 385s [p11_child[2327]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 385s [p11_child[2327]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 385s [p11_child[2327]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 385s [p11_child[2327]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 385s [p11_child[2327]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 385s [p11_child[2327]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 385s [p11_child[2327]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 385s [p11_child[2327]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 385s [p11_child[2327]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 385s [p11_child[2327]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 385s [p11_child[2327]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 385s [p11_child[2327]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 385s [p11_child[2327]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 385s [p11_child[2327]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 385s [p11_child[2327]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 385s [p11_child[2327]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 385s [p11_child[2327]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 385s [p11_child[2327]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 385s [p11_child[2327]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 385s [p11_child[2327]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 385s [p11_child[2327]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 385s [p11_child[2327]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 385s [p11_child[2327]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 385s [p11_child[2327]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 385s [p11_child[2327]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 385s [p11_child[2327]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 385s [p11_child[2327]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 385s [p11_child[2327]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 385s [p11_child[2327]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 385s [p11_child[2327]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 385s [p11_child[2327]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 385s [p11_child[2327]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 385s [p11_child[2327]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 385s [p11_child[2327]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 385s [p11_child[2327]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 385s [p11_child[2327]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 385s [p11_child[2327]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 385s [p11_child[2327]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 385s [p11_child[2327]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 385s [p11_child[2327]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 385s [p11_child[2327]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 385s [p11_child[2327]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 385s [p11_child[2327]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 385s [p11_child[2327]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 385s [p11_child[2327]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 385s [p11_child[2327]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 385s [p11_child[2327]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 385s [p11_child[2327]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 385s [p11_child[2327]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 385s [p11_child[2327]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 385s [p11_child[2327]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 385s [p11_child[2327]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 385s [p11_child[2327]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 385s [p11_child[2327]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 385s [p11_child[2327]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 385s [p11_child[2327]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 385s [p11_child[2327]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 385s [p11_child[2327]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 385s [p11_child[2327]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 385s [p11_child[2327]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 385s [p11_child[2327]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 385s [p11_child[2327]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 385s [p11_child[2327]] [do_card] (0x4000): Certificate verified and validated. 385s [p11_child[2327]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 385s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-Imo5hn/SSSD-child-3361-auth.output 385s + echo '-----BEGIN CERTIFICATE-----' 385s + tail -n1 /tmp/sssd-softhsm2-Imo5hn/SSSD-child-3361-auth.output 385s + echo '-----END CERTIFICATE-----' 385s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-Imo5hn/SSSD-child-3361-auth.pem 385s Certificate: 385s Data: 385s Version: 3 (0x2) 385s Serial Number: 5 (0x5) 385s Signature Algorithm: sha256WithRSAEncryption 385s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate CA 385s Validity 385s Not Before: Mar 22 00:37:08 2024 GMT 385s Not After : Mar 22 00:37:08 2025 GMT 385s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate Trusted Certificate 0001 385s Subject Public Key Info: 385s Public Key Algorithm: rsaEncryption 385s Public-Key: (1024 bit) 385s Modulus: 385s 00:b3:11:72:11:3e:dd:5c:17:78:84:53:e8:06:4d: 385s f6:d5:6e:df:8f:1f:ce:6c:78:f1:fb:75:8a:bc:ee: 385s a3:e2:d0:54:6e:7d:a3:cd:f0:06:12:19:59:b2:21: 385s f1:1e:74:a1:4d:9f:80:be:71:d2:97:ff:26:10:b4: 385s 4b:97:b8:9b:5d:43:bd:57:7f:46:d2:07:04:de:b8: 385s 28:71:ad:4e:c8:71:e2:c4:06:31:a5:fb:d4:2b:74: 385s 38:7f:4e:e0:2f:11:a1:e7:28:68:ed:1a:55:c0:9a: 385s 9a:6a:c8:ae:1d:9f:80:9a:7f:8c:cb:cf:15:ce:28: 385s 63:85:c5:81:67:35:15:86:29 385s Exponent: 65537 (0x10001) 385s X509v3 extensions: 385s X509v3 Authority Key Identifier: 385s 65:2C:9A:4F:FE:90:46:AD:A3:10:B7:0D:3D:8D:C6:EF:50:A2:6F:A4 385s X509v3 Basic Constraints: 385s CA:FALSE 385s Netscape Cert Type: 385s SSL Client, S/MIME 385s Netscape Comment: 385s Test Organization Sub Intermediate CA trusted Certificate 385s X509v3 Subject Key Identifier: 385s 1D:4F:2F:E9:23:C4:E1:91:C3:AA:30:6E:D9:F0:F7:6D:44:17:DF:6B 385s X509v3 Key Usage: critical 385s Digital Signature, Non Repudiation, Key Encipherment 385s X509v3 Extended Key Usage: 385s TLS Web Client Authentication, E-mail Protection 385s X509v3 Subject Alternative Name: 385s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 385s Signature Algorithm: sha256WithRSAEncryption 385s Signature Value: 385s 66:7b:e7:9e:f8:88:69:0e:96:4a:e8:4a:3a:e8:1b:b1:83:f1: 385s ac:08:4b:fd:32:7a:c9:07:ee:23:ce:4e:f7:a3:ba:b5:34:c2: 385s 3d:79:dc:2a:f8:a5:04:f0:41:53:99:5f:7e:14:f8:a7:ba:cf: 385s 05:d9:fd:bb:e3:04:15:d1:a9:7d:c6:bf:d8:81:29:c5:6b:98: 385s c6:9f:9b:fb:82:4a:7e:be:38:fd:76:a6:48:c5:6c:78:b2:1e: 385s 63:9b:8c:7a:6f:a6:9d:c6:c8:1b:4d:12:27:ac:e2:90:df:66: 385s 51:fb:4b:fa:d0:12:d2:75:c6:14:d3:5e:6d:7f:1e:d8:9d:44: 385s c1:92 385s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-Imo5hn/SSSD-child-3361-auth.pem 385s + found_md5=Modulus=B31172113EDD5C17788453E8064DF6D56EDF8F1FCE6C78F1FB758ABCEEA3E2D0546E7DA3CDF006121959B221F11E74A14D9F80BE71D297FF2610B44B97B89B5D43BD577F46D20704DEB82871AD4EC871E2C40631A5FBD42B74387F4EE02F11A1E72868ED1A55C09A9A6AC8AE1D9F809A7F8CCBCF15CE286385C5816735158629 385s + '[' Modulus=B31172113EDD5C17788453E8064DF6D56EDF8F1FCE6C78F1FB758ABCEEA3E2D0546E7DA3CDF006121959B221F11E74A14D9F80BE71D297FF2610B44B97B89B5D43BD577F46D20704DEB82871AD4EC871E2C40631A5FBD42B74387F4EE02F11A1E72868ED1A55C09A9A6AC8AE1D9F809A7F8CCBCF15CE286385C5816735158629 '!=' Modulus=B31172113EDD5C17788453E8064DF6D56EDF8F1FCE6C78F1FB758ABCEEA3E2D0546E7DA3CDF006121959B221F11E74A14D9F80BE71D297FF2610B44B97B89B5D43BD577F46D20704DEB82871AD4EC871E2C40631A5FBD42B74387F4EE02F11A1E72868ED1A55C09A9A6AC8AE1D9F809A7F8CCBCF15CE286385C5816735158629 ']' 385s + valid_certificate /tmp/sssd-softhsm2-Imo5hn/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-39 /tmp/sssd-softhsm2-Imo5hn/test-intermediate-sub-chain-CA.pem partial_chain 385s + check_certificate /tmp/sssd-softhsm2-Imo5hn/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-39 /tmp/sssd-softhsm2-Imo5hn/test-intermediate-sub-chain-CA.pem partial_chain 385s + local certificate=/tmp/sssd-softhsm2-Imo5hn/test-sub-intermediate-CA-trusted-certificate-0001.pem 385s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-39 385s + local key_ring=/tmp/sssd-softhsm2-Imo5hn/test-intermediate-sub-chain-CA.pem 385s + local verify_option=partial_chain 385s + prepare_softhsm2_card /tmp/sssd-softhsm2-Imo5hn/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-39 385s + local certificate=/tmp/sssd-softhsm2-Imo5hn/test-sub-intermediate-CA-trusted-certificate-0001.pem 385s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-39 385s + local key_cn 385s + local key_name 385s + local tokens_dir 385s + local output_cert_file 385s + token_name= 385s ++ basename /tmp/sssd-softhsm2-Imo5hn/test-sub-intermediate-CA-trusted-certificate-0001.pem .pem 385s + key_name=test-sub-intermediate-CA-trusted-certificate-0001 385s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-Imo5hn/test-sub-intermediate-CA-trusted-certificate-0001.pem 385s ++ sed -n 's/ *commonName *= //p' 385s + key_cn='Test Organization Sub Intermediate Trusted Certificate 0001' 385s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 385s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-Imo5hn/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 385s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-Imo5hn/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 385s ++ basename /tmp/sssd-softhsm2-Imo5hn/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf .conf 385s + tokens_dir=/tmp/sssd-softhsm2-Imo5hn/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 385s + token_name='Test Organization Sub Int Token' 385s + '[' '!' -e /tmp/sssd-softhsm2-Imo5hn/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf ']' 385s + '[' '!' -d /tmp/sssd-softhsm2-Imo5hn/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 ']' 385s + echo 'Test Organization Sub Int Token' 385s Test Organization Sub Int Token 385s + '[' -n partial_chain ']' 385s + local verify_arg=--verify=partial_chain 385s + local output_base_name=SSSD-child-28844 385s + local output_file=/tmp/sssd-softhsm2-Imo5hn/SSSD-child-28844.output 385s + output_cert_file=/tmp/sssd-softhsm2-Imo5hn/SSSD-child-28844.pem 385s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so --verify=partial_chain --ca_db=/tmp/sssd-softhsm2-Imo5hn/test-intermediate-sub-chain-CA.pem 385s [p11_child[2337]] [main] (0x0400): p11_child started. 385s [p11_child[2337]] [main] (0x2000): Running in [pre-auth] mode. 385s [p11_child[2337]] [main] (0x2000): Running with effective IDs: [0][0]. 385s [p11_child[2337]] [main] (0x2000): Running with real IDs [0][0]. 385s [p11_child[2337]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 385s [p11_child[2337]] [do_card] (0x4000): Module List: 385s [p11_child[2337]] [do_card] (0x4000): common name: [softhsm2]. 385s [p11_child[2337]] [do_card] (0x4000): dll name: [/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 385s [p11_child[2337]] [do_card] (0x4000): Description [SoftHSM slot ID 0x7fe2db32] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 385s [p11_child[2337]] [do_card] (0x4000): Token label [Test Organization Sub Int Token]. 385s [p11_child[2337]] [do_card] (0x4000): Found [Test Organization Sub Int Token] in slot [SoftHSM slot ID 0x7fe2db32][2145573682] of module [0][/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 385s [p11_child[2337]] [do_card] (0x4000): Login NOT required. 385s [p11_child[2337]] [read_certs] (0x4000): found cert[Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] 385s [p11_child[2337]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 385s [p11_child[2337]] [do_card] (0x4000): /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so (null) Test Organization Sub Int Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 385s [p11_child[2337]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x7fe2db32;slot-manufacturer=SoftHSM%20project;slot-id=2145573682;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=3a494542ffe2db32;token=Test%20Organization%20Sub%20Int%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Sub%20Intermediate%20Trusted%20Certificate%200001;type=cert. 385s [p11_child[2337]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 385s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-Imo5hn/SSSD-child-28844.output 385s + echo '-----BEGIN CERTIFICATE-----' 385s + tail -n1 /tmp/sssd-softhsm2-Imo5hn/SSSD-child-28844.output 385s + echo '-----END CERTIFICATE-----' 385s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-Imo5hn/SSSD-child-28844.pem 385s Certificate: 385s Data: 385s Version: 3 (0x2) 385s Serial Number: 5 (0x5) 385s Signature Algorithm: sha256WithRSAEncryption 385s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate CA 385s Validity 385s Not Before: Mar 22 00:37:08 2024 GMT 385s Not After : Mar 22 00:37:08 2025 GMT 385s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate Trusted Certificate 0001 385s Subject Public Key Info: 385s Public Key Algorithm: rsaEncryption 385s Public-Key: (1024 bit) 385s Modulus: 385s 00:b3:11:72:11:3e:dd:5c:17:78:84:53:e8:06:4d: 385s f6:d5:6e:df:8f:1f:ce:6c:78:f1:fb:75:8a:bc:ee: 385s a3:e2:d0:54:6e:7d:a3:cd:f0:06:12:19:59:b2:21: 385s f1:1e:74:a1:4d:9f:80:be:71:d2:97:ff:26:10:b4: 385s 4b:97:b8:9b:5d:43:bd:57:7f:46:d2:07:04:de:b8: 385s 28:71:ad:4e:c8:71:e2:c4:06:31:a5:fb:d4:2b:74: 385s 38:7f:4e:e0:2f:11:a1:e7:28:68:ed:1a:55:c0:9a: 385s 9a:6a:c8:ae:1d:9f:80:9a:7f:8c:cb:cf:15:ce:28: 385s 63:85:c5:81:67:35:15:86:29 385s Exponent: 65537 (0x10001) 385s X509v3 extensions: 385s X509v3 Authority Key Identifier: 385s 65:2C:9A:4F:FE:90:46:AD:A3:10:B7:0D:3D:8D:C6:EF:50:A2:6F:A4 385s X509v3 Basic Constraints: 385s CA:FALSE 385s Netscape Cert Type: 385s SSL Client, S/MIME 385s Netscape Comment: 385s Test Organization Sub Intermediate CA trusted Certificate 385s X509v3 Subject Key Identifier: 385s 1D:4F:2F:E9:23:C4:E1:91:C3:AA:30:6E:D9:F0:F7:6D:44:17:DF:6B 385s X509v3 Key Usage: critical 385s Digital Signature, Non Repudiation, Key Encipherment 385s X509v3 Extended Key Usage: 385s TLS Web Client Authentication, E-mail Protection 385s X509v3 Subject Alternative Name: 385s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 385s Signature Algorithm: sha256WithRSAEncryption 385s Signature Value: 385s 66:7b:e7:9e:f8:88:69:0e:96:4a:e8:4a:3a:e8:1b:b1:83:f1: 385s ac:08:4b:fd:32:7a:c9:07:ee:23:ce:4e:f7:a3:ba:b5:34:c2: 385s 3d:79:dc:2a:f8:a5:04:f0:41:53:99:5f:7e:14:f8:a7:ba:cf: 385s 05:d9:fd:bb:e3:04:15:d1:a9:7d:c6:bf:d8:81:29:c5:6b:98: 385s c6:9f:9b:fb:82:4a:7e:be:38:fd:76:a6:48:c5:6c:78:b2:1e: 385s 63:9b:8c:7a:6f:a6:9d:c6:c8:1b:4d:12:27:ac:e2:90:df:66: 385s 51:fb:4b:fa:d0:12:d2:75:c6:14:d3:5e:6d:7f:1e:d8:9d:44: 385s c1:92 385s + local found_md5 expected_md5 385s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-Imo5hn/test-sub-intermediate-CA-trusted-certificate-0001.pem 385s + expected_md5=Modulus=B31172113EDD5C17788453E8064DF6D56EDF8F1FCE6C78F1FB758ABCEEA3E2D0546E7DA3CDF006121959B221F11E74A14D9F80BE71D297FF2610B44B97B89B5D43BD577F46D20704DEB82871AD4EC871E2C40631A5FBD42B74387F4EE02F11A1E72868ED1A55C09A9A6AC8AE1D9F809A7F8CCBCF15CE286385C5816735158629 385s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-Imo5hn/SSSD-child-28844.pem 385s + found_md5=Modulus=B31172113EDD5C17788453E8064DF6D56EDF8F1FCE6C78F1FB758ABCEEA3E2D0546E7DA3CDF006121959B221F11E74A14D9F80BE71D297FF2610B44B97B89B5D43BD577F46D20704DEB82871AD4EC871E2C40631A5FBD42B74387F4EE02F11A1E72868ED1A55C09A9A6AC8AE1D9F809A7F8CCBCF15CE286385C5816735158629 385s + '[' Modulus=B31172113EDD5C17788453E8064DF6D56EDF8F1FCE6C78F1FB758ABCEEA3E2D0546E7DA3CDF006121959B221F11E74A14D9F80BE71D297FF2610B44B97B89B5D43BD577F46D20704DEB82871AD4EC871E2C40631A5FBD42B74387F4EE02F11A1E72868ED1A55C09A9A6AC8AE1D9F809A7F8CCBCF15CE286385C5816735158629 '!=' Modulus=B31172113EDD5C17788453E8064DF6D56EDF8F1FCE6C78F1FB758ABCEEA3E2D0546E7DA3CDF006121959B221F11E74A14D9F80BE71D297FF2610B44B97B89B5D43BD577F46D20704DEB82871AD4EC871E2C40631A5FBD42B74387F4EE02F11A1E72868ED1A55C09A9A6AC8AE1D9F809A7F8CCBCF15CE286385C5816735158629 ']' 385s + output_file=/tmp/sssd-softhsm2-Imo5hn/SSSD-child-28844-auth.output 385s ++ basename /tmp/sssd-softhsm2-Imo5hn/SSSD-child-28844-auth.output .output 385s + output_cert_file=/tmp/sssd-softhsm2-Imo5hn/SSSD-child-28844-auth.pem 385s + echo -n 053350 385s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/tmp/sssd-softhsm2-Imo5hn/test-intermediate-sub-chain-CA.pem --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 --verify=partial_chain --token_name 'Test Organization Sub Int Token' --module_name /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so 385s [p11_child[2345]] [main] (0x0400): p11_child started. 385s [p11_child[2345]] [main] (0x2000): Running in [auth] mode. 385s [p11_child[2345]] [main] (0x2000): Running with effective IDs: [0][0]. 385s [p11_child[2345]] [main] (0x2000): Running with real IDs [0][0]. 385s [p11_child[2345]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 385s [p11_child[2345]] [do_card] (0x4000): Module List: 385s [p11_child[2345]] [do_card] (0x4000): common name: [softhsm2]. 385s [p11_child[2345]] [do_card] (0x4000): dll name: [/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 385s [p11_child[2345]] [do_card] (0x4000): Description [SoftHSM slot ID 0x7fe2db32] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 385s [p11_child[2345]] [do_card] (0x4000): Token label [Test Organization Sub Int Token]. 385s [p11_child[2345]] [do_card] (0x4000): Found [Test Organization Sub Int Token] in slot [SoftHSM slot ID 0x7fe2db32][2145573682] of module [0][/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 385s [p11_child[2345]] [do_card] (0x4000): Login required. 385s [p11_child[2345]] [read_certs] (0x4000): found cert[Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] 385s [p11_child[2345]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 385s [p11_child[2345]] [do_card] (0x4000): /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so Test Organization Sub Int Token Test Organization Sub Int Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 385s [p11_child[2345]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x7fe2db32;slot-manufacturer=SoftHSM%20project;slot-id=2145573682;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=3a494542ffe2db32;token=Test%20Organization%20Sub%20Int%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Sub%20Intermediate%20Trusted%20Certificate%200001;type=cert. 385s [p11_child[2345]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 385s [p11_child[2345]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 385s [p11_child[2345]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 385s [p11_child[2345]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 385s [p11_child[2345]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 385s [p11_child[2345]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 385s [p11_child[2345]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 385s [p11_child[2345]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 385s [p11_child[2345]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 385s [p11_child[2345]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 385s [p11_child[2345]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 385s [p11_child[2345]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 385s [p11_child[2345]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 385s [p11_child[2345]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 385s [p11_child[2345]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 385s [p11_child[2345]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 385s [p11_child[2345]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 385s [p11_child[2345]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 385s [p11_child[2345]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 385s [p11_child[2345]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 385s [p11_child[2345]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 385s [p11_child[2345]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 385s [p11_child[2345]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 385s [p11_child[2345]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 385s [p11_child[2345]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 385s [p11_child[2345]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 385s [p11_child[2345]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 385s [p11_child[2345]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 385s [p11_child[2345]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 385s [p11_child[2345]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 385s [p11_child[2345]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 385s [p11_child[2345]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 385s [p11_child[2345]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 385s [p11_child[2345]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 385s [p11_child[2345]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 385s [p11_child[2345]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 385s [p11_child[2345]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 385s [p11_child[2345]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 385s [p11_child[2345]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 385s [p11_child[2345]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 385s [p11_child[2345]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 385s [p11_child[2345]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 385s [p11_child[2345]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 385s [p11_child[2345]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 385s [p11_child[2345]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 385s [p11_child[2345]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 385s [p11_child[2345]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 385s [p11_child[2345]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 385s [p11_child[2345]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 385s [p11_child[2345]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 385s [p11_child[2345]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 385s [p11_child[2345]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 385s [p11_child[2345]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 385s [p11_child[2345]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 385s [p11_child[2345]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 385s [p11_child[2345]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 385s [p11_child[2345]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 385s [p11_child[2345]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 385s [p11_child[2345]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 385s [p11_child[2345]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 385s [p11_child[2345]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 385s [p11_child[2345]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 385s [p11_child[2345]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 385s [p11_child[2345]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 385s [p11_child[2345]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 385s [p11_child[2345]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 385s [p11_child[2345]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 385s [p11_child[2345]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 385s [p11_child[2345]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 385s [p11_child[2345]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 385s [p11_child[2345]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 385s [p11_child[2345]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 385s [p11_child[2345]] [do_card] (0x4000): Certificate verified and validated. 385s [p11_child[2345]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 385s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-Imo5hn/SSSD-child-28844-auth.output 385s + echo '-----BEGIN CERTIFICATE-----' 385s + tail -n1 /tmp/sssd-softhsm2-Imo5hn/SSSD-child-28844-auth.output 385s + echo '-----END CERTIFICATE-----' 385s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-Imo5hn/SSSD-child-28844-auth.pem 385s Certificate: 385s Data: 385s Version: 3 (0x2) 385s Serial Number: 5 (0x5) 385s Signature Algorithm: sha256WithRSAEncryption 385s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate CA 385s Validity 385s Not Before: Mar 22 00:37:08 2024 GMT 385s Not After : Mar 22 00:37:08 2025 GMT 385s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate Trusted Certificate 0001 385s Subject Public Key Info: 385s Public Key Algorithm: rsaEncryption 385s Public-Key: (1024 bit) 385s Modulus: 385s 00:b3:11:72:11:3e:dd:5c:17:78:84:53:e8:06:4d: 385s f6:d5:6e:df:8f:1f:ce:6c:78:f1:fb:75:8a:bc:ee: 385s a3:e2:d0:54:6e:7d:a3:cd:f0:06:12:19:59:b2:21: 385s f1:1e:74:a1:4d:9f:80:be:71:d2:97:ff:26:10:b4: 385s 4b:97:b8:9b:5d:43:bd:57:7f:46:d2:07:04:de:b8: 385s 28:71:ad:4e:c8:71:e2:c4:06:31:a5:fb:d4:2b:74: 385s 38:7f:4e:e0:2f:11:a1:e7:28:68:ed:1a:55:c0:9a: 385s 9a:6a:c8:ae:1d:9f:80:9a:7f:8c:cb:cf:15:ce:28: 385s 63:85:c5:81:67:35:15:86:29 385s Exponent: 65537 (0x10001) 385s X509v3 extensions: 385s X509v3 Authority Key Identifier: 385s 65:2C:9A:4F:FE:90:46:AD:A3:10:B7:0D:3D:8D:C6:EF:50:A2:6F:A4 385s X509v3 Basic Constraints: 385s CA:FALSE 385s Netscape Cert Type: 385s SSL Client, S/MIME 385s Netscape Comment: 385s Test Organization Sub Intermediate CA trusted Certificate 385s X509v3 Subject Key Identifier: 385s 1D:4F:2F:E9:23:C4:E1:91:C3:AA:30:6E:D9:F0:F7:6D:44:17:DF:6B 385s X509v3 Key Usage: critical 385s Digital Signature, Non Repudiation, Key Encipherment 385s X509v3 Extended Key Usage: 385s TLS Web Client Authentication, E-mail Protection 385s X509v3 Subject Alternative Name: 385s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 385s Signature Algorithm: sha256WithRSAEncryption 385s Signature Value: 385s 66:7b:e7:9e:f8:88:69:0e:96:4a:e8:4a:3a:e8:1b:b1:83:f1: 385s ac:08:4b:fd:32:7a:c9:07:ee:23:ce:4e:f7:a3:ba:b5:34:c2: 385s 3d:79:dc:2a:f8:a5:04:f0:41:53:99:5f:7e:14:f8:a7:ba:cf: 385s 05:d9:fd:bb:e3:04:15:d1:a9:7d:c6:bf:d8:81:29:c5:6b:98: 385s c6:9f:9b:fb:82:4a:7e:be:38:fd:76:a6:48:c5:6c:78:b2:1e: 385s 63:9b:8c:7a:6f:a6:9d:c6:c8:1b:4d:12:27:ac:e2:90:df:66: 385s 51:fb:4b:fa:d0:12:d2:75:c6:14:d3:5e:6d:7f:1e:d8:9d:44: 385s c1:92 385s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-Imo5hn/SSSD-child-28844-auth.pem 385s + found_md5=Modulus=B31172113EDD5C17788453E8064DF6D56EDF8F1FCE6C78F1FB758ABCEEA3E2D0546E7DA3CDF006121959B221F11E74A14D9F80BE71D297FF2610B44B97B89B5D43BD577F46D20704DEB82871AD4EC871E2C40631A5FBD42B74387F4EE02F11A1E72868ED1A55C09A9A6AC8AE1D9F809A7F8CCBCF15CE286385C5816735158629 385s + '[' Modulus=B31172113EDD5C17788453E8064DF6D56EDF8F1FCE6C78F1FB758ABCEEA3E2D0546E7DA3CDF006121959B221F11E74A14D9F80BE71D297FF2610B44B97B89B5D43BD577F46D20704DEB82871AD4EC871E2C40631A5FBD42B74387F4EE02F11A1E72868ED1A55C09A9A6AC8AE1D9F809A7F8CCBCF15CE286385C5816735158629 '!=' Modulus=B31172113EDD5C17788453E8064DF6D56EDF8F1FCE6C78F1FB758ABCEEA3E2D0546E7DA3CDF006121959B221F11E74A14D9F80BE71D297FF2610B44B97B89B5D43BD577F46D20704DEB82871AD4EC871E2C40631A5FBD42B74387F4EE02F11A1E72868ED1A55C09A9A6AC8AE1D9F809A7F8CCBCF15CE286385C5816735158629 ']' 385s + set +x 385s 385s Test completed, Root CA and intermediate issued certificates verified! 386s autopkgtest [00:37:14]: test sssd-softhism2-certificates-tests.sh: -----------------------] 386s autopkgtest [00:37:14]: test sssd-softhism2-certificates-tests.sh: - - - - - - - - - - results - - - - - - - - - - 386s sssd-softhism2-certificates-tests.sh PASS 387s autopkgtest [00:37:15]: test sssd-smart-card-pam-auth-configs: preparing testbed 388s Reading package lists... 388s Building dependency tree... 388s Reading state information... 389s Starting pkgProblemResolver with broken count: 0 389s Starting 2 pkgProblemResolver with broken count: 0 389s Done 389s The following additional packages will be installed: 389s pamtester 389s The following NEW packages will be installed: 389s autopkgtest-satdep pamtester 389s 0 upgraded, 2 newly installed, 0 to remove and 0 not upgraded. 389s Need to get 12.2 kB/13.0 kB of archives. 389s After this operation, 36.9 kB of additional disk space will be used. 389s Get:1 /tmp/autopkgtest.A657xW/4-autopkgtest-satdep.deb autopkgtest-satdep s390x 0 [760 B] 389s Get:2 http://ftpmaster.internal/ubuntu noble/universe s390x pamtester s390x 0.1.2-4 [12.2 kB] 389s Fetched 12.2 kB in 0s (70.6 kB/s) 389s Selecting previously unselected package pamtester. 389s (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 52317 files and directories currently installed.) 389s Preparing to unpack .../pamtester_0.1.2-4_s390x.deb ... 389s Unpacking pamtester (0.1.2-4) ... 389s Selecting previously unselected package autopkgtest-satdep. 389s Preparing to unpack .../4-autopkgtest-satdep.deb ... 389s Unpacking autopkgtest-satdep (0) ... 389s Setting up pamtester (0.1.2-4) ... 389s Setting up autopkgtest-satdep (0) ... 389s Processing triggers for man-db (2.12.0-3) ... 393s (Reading database ... 52323 files and directories currently installed.) 393s Removing autopkgtest-satdep (0) ... 393s autopkgtest [00:37:21]: test sssd-smart-card-pam-auth-configs: env OFFLINE_MODE=1 bash debian/tests/sssd-smart-card-pam-auth-configs-tester.sh 393s autopkgtest [00:37:21]: test sssd-smart-card-pam-auth-configs: [----------------------- 394s + '[' -z ubuntu ']' 394s + export DEBIAN_FRONTEND=noninteractive 394s + DEBIAN_FRONTEND=noninteractive 394s + required_tools=(pamtester softhsm2-util sssd) 394s + [[ ! -v OFFLINE_MODE ]] 394s + for cmd in "${required_tools[@]}" 394s + command -v pamtester 394s + for cmd in "${required_tools[@]}" 394s + command -v softhsm2-util 394s + for cmd in "${required_tools[@]}" 394s + command -v sssd 394s + PIN=123456 394s ++ mktemp -d -t sssd-softhsm2-certs-XXXXXX 394s + tmpdir=/tmp/sssd-softhsm2-certs-q7ZXKQ 394s + backupsdir= 394s + alternative_pam_configs=(sss-smart-card-optional sss-smart-card-required) 394s + declare -a restore_paths 394s + declare -a delete_paths 394s + trap handle_exit EXIT 394s ++ dirname debian/tests/sssd-smart-card-pam-auth-configs-tester.sh 394s + tester=debian/tests/sssd-softhism2-certificates-tests.sh 394s + '[' '!' -e debian/tests/sssd-softhism2-certificates-tests.sh ']' 394s + '[' '!' -e debian/tests/sssd-softhism2-certificates-tests.sh ']' 394s + export PIN TEST_TMPDIR=/tmp/sssd-softhsm2-certs-q7ZXKQ GENERATE_SMART_CARDS=1 KEEP_TEMPORARY_FILES=1 NO_SSSD_TESTS=1 394s + TEST_TMPDIR=/tmp/sssd-softhsm2-certs-q7ZXKQ 394s + GENERATE_SMART_CARDS=1 394s + KEEP_TEMPORARY_FILES=1 394s + NO_SSSD_TESTS=1 394s + bash debian/tests/sssd-softhism2-certificates-tests.sh 394s + '[' -z ubuntu ']' 394s + required_tools=(p11tool openssl softhsm2-util) 394s + for cmd in "${required_tools[@]}" 394s + command -v p11tool 394s + for cmd in "${required_tools[@]}" 394s + command -v openssl 394s + for cmd in "${required_tools[@]}" 394s + command -v softhsm2-util 394s + PIN=123456 394s +++ find /usr/lib/softhsm/libsofthsm2.so 394s +++ head -n 1 394s ++ realpath /usr/lib/softhsm/libsofthsm2.so 394s + SOFTHSM2_MODULE=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so 394s + SSSD_P11_CHILD=/usr/libexec/sssd/p11_child 394s + TOKEN_ID=00112233445566778899FFAABBCCDDEEFF012345 394s + '[' '!' -v NO_SSSD_TESTS ']' 394s + '[' '!' -e /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so ']' 394s + tmpdir=/tmp/sssd-softhsm2-certs-q7ZXKQ 394s + keys_size=1024 394s + [[ ! -v KEEP_TEMPORARY_FILES ]] 394s + trap 'set +x; echo -e "\nUnexpected failure!!!"' ERR 394s + echo -n 01 394s + touch /tmp/sssd-softhsm2-certs-q7ZXKQ/index.txt 394s + mkdir -p /tmp/sssd-softhsm2-certs-q7ZXKQ/new_certs 394s + cat 394s + root_ca_key_pass=pass:random-root-CA-password-8536 394s + openssl genrsa -aes256 -out /tmp/sssd-softhsm2-certs-q7ZXKQ/test-root-CA-key.pem -passout pass:random-root-CA-password-8536 1024 394s + openssl req -passin pass:random-root-CA-password-8536 -batch -config /tmp/sssd-softhsm2-certs-q7ZXKQ/test-root-CA.config -x509 -new -nodes -key /tmp/sssd-softhsm2-certs-q7ZXKQ/test-root-CA-key.pem -sha256 -days 1024 -set_serial 0 -extensions v3_ca -out /tmp/sssd-softhsm2-certs-q7ZXKQ/test-root-CA.pem 394s + openssl x509 -noout -in /tmp/sssd-softhsm2-certs-q7ZXKQ/test-root-CA.pem 394s + cat 394s + intermediate_ca_key_pass=pass:random-intermediate-CA-password-15672 394s + openssl genrsa -aes256 -out /tmp/sssd-softhsm2-certs-q7ZXKQ/test-intermediate-CA-key.pem -passout pass:random-intermediate-CA-password-15672 1024 394s + openssl req -batch -new -nodes -passin pass:random-intermediate-CA-password-15672 -config /tmp/sssd-softhsm2-certs-q7ZXKQ/test-intermediate-CA.config -key /tmp/sssd-softhsm2-certs-q7ZXKQ/test-intermediate-CA-key.pem -passout pass:random-root-CA-password-8536 -sha256 -extensions v3_ca -out /tmp/sssd-softhsm2-certs-q7ZXKQ/test-intermediate-CA-certificate-request.pem 394s + openssl req -text -noout -in /tmp/sssd-softhsm2-certs-q7ZXKQ/test-intermediate-CA-certificate-request.pem 394s Certificate Request: 394s Data: 394s Version: 1 (0x0) 394s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate CA 394s Subject Public Key Info: 394s Public Key Algorithm: rsaEncryption 394s Public-Key: (1024 bit) 394s Modulus: 394s 00:d2:29:89:0f:92:b7:e1:d8:14:44:70:6b:40:4f: 394s 63:a1:9b:2a:70:f1:98:1d:69:b4:7b:b3:a6:87:bc: 394s 32:12:fb:60:75:de:79:cc:34:b6:78:3b:6d:0e:e2: 394s 4a:b7:4e:d4:09:1a:f2:b8:7d:a2:db:47:e2:cf:d2: 394s 3e:be:a3:fe:23:0c:7c:f2:70:f4:33:ee:4f:fb:54: 394s 77:d9:84:12:2d:4e:84:66:16:ae:13:80:0f:99:69: 394s ed:b1:83:e2:cc:39:04:88:90:77:dc:5a:25:e3:23: 394s 7f:ce:99:0c:5a:f5:0b:0a:07:41:ae:bc:21:5e:99: 394s cc:2b:bc:4c:a4:f1:8d:25:b5 394s Exponent: 65537 (0x10001) 394s Attributes: 394s (none) 394s Requested Extensions: 394s Signature Algorithm: sha256WithRSAEncryption 394s Signature Value: 394s 22:f1:a3:d0:81:0e:af:8e:ee:d5:88:fd:b3:44:92:a8:46:5a: 394s 0f:46:32:ad:38:56:a8:5e:4d:43:6d:ec:a7:bc:55:53:d8:81: 394s 67:18:18:9b:ba:74:97:2e:23:a4:a6:e8:b8:21:35:32:82:e0: 394s 8f:93:05:b2:48:ca:42:73:65:72:cf:4a:e8:ea:37:86:bd:5c: 394s cf:63:88:f6:6f:a9:c0:e9:ad:68:78:95:f0:10:82:4f:6c:26: 394s c4:64:12:6e:f9:ae:a9:66:29:9d:dc:4e:7b:d8:56:a8:1c:10: 394s 32:9c:ac:9f:23:2c:10:54:ef:e0:1f:3a:82:de:28:b9:9b:8a: 394s b8:fc 394s + openssl ca -batch -notext -config /tmp/sssd-softhsm2-certs-q7ZXKQ/test-root-CA.config -passin pass:random-root-CA-password-8536 -keyfile /tmp/sssd-softhsm2-certs-q7ZXKQ/test-root-CA-key.pem -in /tmp/sssd-softhsm2-certs-q7ZXKQ/test-intermediate-CA-certificate-request.pem -days 365 -extensions v3_intermediate_ca -out /tmp/sssd-softhsm2-certs-q7ZXKQ/test-intermediate-CA.pem 394s Using configuration from /tmp/sssd-softhsm2-certs-q7ZXKQ/test-root-CA.config 394s Check that the request matches the signature 394s Signature ok 394s Certificate Details: 394s Serial Number: 1 (0x1) 394s Validity 394s Not Before: Mar 22 00:37:22 2024 GMT 394s Not After : Mar 22 00:37:22 2025 GMT 394s Subject: 394s organizationName = Test Organization 394s organizationalUnitName = Test Organization Unit 394s commonName = Test Organization Intermediate CA 394s X509v3 extensions: 394s X509v3 Subject Key Identifier: 394s CF:84:5A:44:FE:C8:FD:A5:F9:D9:DC:8C:19:DC:43:99:18:ED:30:B9 394s X509v3 Authority Key Identifier: 394s keyid:F0:8C:07:50:65:93:FB:91:02:1C:17:FA:9A:0F:44:74:66:19:BA:F6 394s DirName:/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root CA 394s serial:00 394s X509v3 Basic Constraints: 394s CA:TRUE 394s X509v3 Key Usage: critical 394s Digital Signature, Certificate Sign, CRL Sign 394s Certificate is to be certified until Mar 22 00:37:22 2025 GMT (365 days) 394s 394s Write out database with 1 new entries 394s Database updated 394s + openssl x509 -noout -in /tmp/sssd-softhsm2-certs-q7ZXKQ/test-intermediate-CA.pem 394s + openssl verify -CAfile /tmp/sssd-softhsm2-certs-q7ZXKQ/test-root-CA.pem /tmp/sssd-softhsm2-certs-q7ZXKQ/test-intermediate-CA.pem 394s /tmp/sssd-softhsm2-certs-q7ZXKQ/test-intermediate-CA.pem: OK 394s + cat 394s + sub_intermediate_ca_key_pass=pass:random-sub-intermediate-CA-password-16627 394s + openssl genrsa -aes256 -out /tmp/sssd-softhsm2-certs-q7ZXKQ/test-sub-intermediate-CA-key.pem -passout pass:random-sub-intermediate-CA-password-16627 1024 394s + openssl req -batch -new -nodes -passin pass:random-sub-intermediate-CA-password-16627 -config /tmp/sssd-softhsm2-certs-q7ZXKQ/test-sub-intermediate-CA.config -key /tmp/sssd-softhsm2-certs-q7ZXKQ/test-sub-intermediate-CA-key.pem -passout pass:random-intermediate-CA-password-15672 -sha256 -extensions v3_ca -out /tmp/sssd-softhsm2-certs-q7ZXKQ/test-sub-intermediate-CA-certificate-request.pem 394s + openssl req -text -noout -in /tmp/sssd-softhsm2-certs-q7ZXKQ/test-sub-intermediate-CA-certificate-request.pem 394s + openssl ca -batch -notext -config /tmp/sssd-softhsm2-certs-q7ZXKQ/test-intermediate-CA.config -passin pass:random-intermediate-CA-password-15672 -keyfile /tmp/sssd-softhsm2-certs-q7ZXKQ/test-intermediate-CA-key.pem -in /tmp/sssd-softhsm2-certs-q7ZXKQ/test-sub-intermediate-CA-certificate-request.pem -days 365 -extensions v3_intermediate_ca -out /tmp/sssd-softhsm2-certs-q7ZXKQ/test-sub-intermediate-CA.pem 394s Certificate Request: 394s Data: 394s Version: 1 (0x0) 394s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate CA 394s Subject Public Key Info: 394s Public Key Algorithm: rsaEncryption 394s Public-Key: (1024 bit) 394s Modulus: 394s 00:97:c2:20:35:6e:9e:d5:a1:42:ec:1b:31:ec:35: 394s 48:0a:2a:d2:7d:aa:63:69:34:6f:cd:8a:d3:de:a2: 394s 6d:31:f1:fb:b4:d2:3d:9b:b9:f4:fe:8a:54:59:e6: 394s 78:b1:c8:23:00:fc:ba:b5:11:f7:69:cc:65:48:38: 394s d2:b2:5f:33:0e:67:d4:56:d9:45:0f:47:69:b4:f0: 394s f6:b9:a7:66:b8:44:2c:b1:0c:53:08:72:a5:6a:3e: 394s 9c:3f:74:f6:65:2b:d6:e4:5c:e5:ad:04:2a:e8:11: 394s ad:4d:24:12:ca:40:0b:83:21:2f:9c:eb:44:e7:5c: 394s 38:93:f4:70:6e:d4:9b:55:1f 394s Exponent: 65537 (0x10001) 394s Attributes: 394s (none) 394s Requested Extensions: 394s Signature Algorithm: sha256WithRSAEncryption 394s Signature Value: 394s 8d:25:8a:b6:5d:c6:0e:bc:e6:d0:16:a8:ea:a4:3c:0e:1b:61: 394s 83:74:33:64:d8:cd:b2:2a:9b:69:3c:88:2b:4c:31:1c:30:48: 394s a2:f0:20:88:03:41:5e:95:99:89:99:a7:07:c3:fd:97:bb:68: 394s d6:6e:d7:e3:c1:e6:8d:1c:31:f3:e1:7d:5d:8d:5c:90:7a:b4: 394s 4e:23:90:c2:f3:a8:4d:9e:73:53:bd:5a:c7:71:12:e2:16:ed: 394s 1c:08:4f:a1:ad:9d:ff:74:a8:af:0c:2c:54:59:51:70:7a:f3: 394s 4a:88:a4:e8:f6:61:3e:b6:fd:3d:75:48:03:d9:fb:4b:01:7e: 394s ac:4b 394s Using configuration from /tmp/sssd-softhsm2-certs-q7ZXKQ/test-intermediate-CA.config 394s Check that the request matches the signature 394s Signature ok 394s Certificate Details: 394s Serial Number: 2 (0x2) 394s Validity 394s Not Before: Mar 22 00:37:22 2024 GMT 394s Not After : Mar 22 00:37:22 2025 GMT 394s Subject: 394s organizationName = Test Organization 394s organizationalUnitName = Test Organization Unit 394s commonName = Test Organization Sub Intermediate CA 394s X509v3 extensions: 394s X509v3 Subject Key Identifier: 394s B1:BB:D5:AC:08:44:D2:BA:5A:2A:96:B6:01:49:49:55:0F:22:74:D7 394s X509v3 Authority Key Identifier: 394s keyid:CF:84:5A:44:FE:C8:FD:A5:F9:D9:DC:8C:19:DC:43:99:18:ED:30:B9 394s DirName:/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root CA 394s serial:01 394s X509v3 Basic Constraints: 394s CA:TRUE 394s X509v3 Key Usage: critical 394s Digital Signature, Certificate Sign, CRL Sign 394s Certificate is to be certified until Mar 22 00:37:22 2025 GMT (365 days) 394s 394s Write out database with 1 new entries 394s Database updated 394s + openssl x509 -noout -in /tmp/sssd-softhsm2-certs-q7ZXKQ/test-sub-intermediate-CA.pem 394s + openssl verify -partial_chain -CAfile /tmp/sssd-softhsm2-certs-q7ZXKQ/test-intermediate-CA.pem /tmp/sssd-softhsm2-certs-q7ZXKQ/test-sub-intermediate-CA.pem 394s /tmp/sssd-softhsm2-certs-q7ZXKQ/test-sub-intermediate-CA.pem: OK 394s + expect_fail openssl verify -CAfile /tmp/sssd-softhsm2-certs-q7ZXKQ/test-root-CA.pem /tmp/sssd-softhsm2-certs-q7ZXKQ/test-sub-intermediate-CA.pem 394s + local cmd=openssl 394s + shift 394s + openssl verify -CAfile /tmp/sssd-softhsm2-certs-q7ZXKQ/test-root-CA.pem /tmp/sssd-softhsm2-certs-q7ZXKQ/test-sub-intermediate-CA.pem 394s O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate CA 394s error 20 at 0 depth lookup: unable to get local issuer certificate 394s error /tmp/sssd-softhsm2-certs-q7ZXKQ/test-sub-intermediate-CA.pem: verification failed 394s + cat 394s + root_ca_trusted_cert_0001_key_pass=pass:random-root-ca-trusted-cert-0001-23488 394s + openssl genrsa -aes256 -out /tmp/sssd-softhsm2-certs-q7ZXKQ/test-root-CA-trusted-certificate-0001-key.pem -passout pass:random-root-ca-trusted-cert-0001-23488 1024 394s + openssl req -new -nodes -reqexts req_exts -passin pass:random-root-ca-trusted-cert-0001-23488 -key /tmp/sssd-softhsm2-certs-q7ZXKQ/test-root-CA-trusted-certificate-0001-key.pem -config /tmp/sssd-softhsm2-certs-q7ZXKQ/test-root-CA-trusted-certificate-0001.config -out /tmp/sssd-softhsm2-certs-q7ZXKQ/test-root-CA-trusted-certificate-0001-request.pem 394s + openssl req -text -noout -in /tmp/sssd-softhsm2-certs-q7ZXKQ/test-root-CA-trusted-certificate-0001-request.pem 394s Certificate Request: 394s Data: 394s Version: 1 (0x0) 394s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root Trusted Certificate 0001 394s Subject Public Key Info: 394s Public Key Algorithm: rsaEncryption 394s Public-Key: (1024 bit) 394s Modulus: 394s 00:b6:69:42:75:07:29:d4:7d:94:4a:c4:c0:c3:7d: 394s d3:5c:c8:8c:39:ab:31:b0:2d:28:76:e9:1b:e8:90: 394s 22:ea:82:2b:9d:fe:bf:8b:3e:3f:37:8c:8f:89:83: 394s 8c:9a:4d:b4:66:87:7a:ae:b2:e4:6b:ab:b9:9a:f4: 394s b3:d8:13:d7:5e:27:b0:19:0c:81:3b:e2:6e:5d:af: 394s b5:8a:96:64:57:e1:ba:1a:56:f2:10:08:9a:02:5e: 394s 70:f1:67:d9:f7:23:49:a1:a4:01:b9:d7:04:ec:86: 394s 77:c7:62:38:f5:a5:64:08:7b:03:4a:5d:bd:51:20: 394s 1b:9c:73:40:7c:70:bb:5d:ed 394s Exponent: 65537 (0x10001) 394s Attributes: 394s Requested Extensions: 394s X509v3 Basic Constraints: 394s CA:FALSE 394s Netscape Cert Type: 394s SSL Client, S/MIME 394s Netscape Comment: 394s Test Organization Root CA trusted Certificate 394s X509v3 Subject Key Identifier: 394s 2F:07:A5:A7:73:1A:93:3B:31:4A:37:1F:79:D7:72:AC:CE:DC:AC:52 394s X509v3 Key Usage: critical 394s Digital Signature, Non Repudiation, Key Encipherment 394s X509v3 Extended Key Usage: 394s TLS Web Client Authentication, E-mail Protection 394s X509v3 Subject Alternative Name: 394s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 394s Signature Algorithm: sha256WithRSAEncryption 394s Signature Value: 394s 1b:6a:fa:c8:24:9c:22:67:7c:03:bf:1d:2b:bd:ec:2d:ae:33: 394s c8:c6:38:52:f5:82:c0:2d:e0:82:31:11:b0:5f:2f:cb:39:4b: 394s 40:a6:38:2d:ff:52:d4:3f:f4:73:fd:b8:41:2d:1b:c1:3a:dc: 394s 92:da:c9:93:f9:9f:7c:92:90:3e:6f:cc:20:0e:79:c6:60:65: 394s 83:75:39:54:d9:ec:86:03:52:8f:4a:90:73:77:ee:d8:fc:2a: 394s 42:40:8e:3f:92:7e:4a:29:ff:86:42:84:2d:82:46:98:12:d9: 394s 51:40:ee:61:44:ad:2d:81:f3:5e:bc:91:32:56:77:2e:92:5e: 394s 9e:3f 394s + openssl ca -batch -notext -config /tmp/sssd-softhsm2-certs-q7ZXKQ/test-root-CA.config -passin pass:random-root-CA-password-8536 -keyfile /tmp/sssd-softhsm2-certs-q7ZXKQ/test-root-CA-key.pem -in /tmp/sssd-softhsm2-certs-q7ZXKQ/test-root-CA-trusted-certificate-0001-request.pem -days 365 -extensions usr_cert -out /tmp/sssd-softhsm2-certs-q7ZXKQ/test-root-CA-trusted-certificate-0001.pem 394s Using configuration from /tmp/sssd-softhsm2-certs-q7ZXKQ/test-root-CA.config 394s Check that the request matches the signature 394s Signature ok 394s Certificate Details: 394s Serial Number: 3 (0x3) 394s Validity 394s Not Before: Mar 22 00:37:22 2024 GMT 394s Not After : Mar 22 00:37:22 2025 GMT 394s Subject: 394s organizationName = Test Organization 394s organizationalUnitName = Test Organization Unit 394s commonName = Test Organization Root Trusted Certificate 0001 394s X509v3 extensions: 394s X509v3 Authority Key Identifier: 394s F0:8C:07:50:65:93:FB:91:02:1C:17:FA:9A:0F:44:74:66:19:BA:F6 394s X509v3 Basic Constraints: 394s CA:FALSE 394s Netscape Cert Type: 394s SSL Client, S/MIME 394s Netscape Comment: 394s Test Organization Root CA trusted Certificate 394s X509v3 Subject Key Identifier: 394s 2F:07:A5:A7:73:1A:93:3B:31:4A:37:1F:79:D7:72:AC:CE:DC:AC:52 394s X509v3 Key Usage: critical 394s Digital Signature, Non Repudiation, Key Encipherment 394s X509v3 Extended Key Usage: 394s TLS Web Client Authentication, E-mail Protection 394s X509v3 Subject Alternative Name: 394s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 394s Certificate is to be certified until Mar 22 00:37:22 2025 GMT (365 days) 394s 394s Write out database with 1 new entries 394s Database updated 394s + openssl x509 -noout -in /tmp/sssd-softhsm2-certs-q7ZXKQ/test-root-CA-trusted-certificate-0001.pem 394s + openssl verify -CAfile /tmp/sssd-softhsm2-certs-q7ZXKQ/test-root-CA.pem /tmp/sssd-softhsm2-certs-q7ZXKQ/test-root-CA-trusted-certificate-0001.pem 394s /tmp/sssd-softhsm2-certs-q7ZXKQ/test-root-CA-trusted-certificate-0001.pem: OK 394s + expect_fail openssl verify -CAfile /tmp/sssd-softhsm2-certs-q7ZXKQ/test-intermediate-CA.pem /tmp/sssd-softhsm2-certs-q7ZXKQ/test-root-CA-trusted-certificate-0001.pem 394s + local cmd=openssl 394s + shift 394s + openssl verify -CAfile /tmp/sssd-softhsm2-certs-q7ZXKQ/test-intermediate-CA.pem /tmp/sssd-softhsm2-certs-q7ZXKQ/test-root-CA-trusted-certificate-0001.pem 394s O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root Trusted Certificate 0001 394s error 20 at 0 depth lookup: unable to get local issuer certificate 394s error /tmp/sssd-softhsm2-certs-q7ZXKQ/test-root-CA-trusted-certificate-0001.pem: verification failed 394s + cat 394s + intermediate_ca_trusted_cert_0001_key_pass=pass:random-intermediate-ca-trusted-cert-0001-8952 394s + openssl genrsa -aes256 -out /tmp/sssd-softhsm2-certs-q7ZXKQ/test-intermediate-CA-trusted-certificate-0001-key.pem -passout pass:random-intermediate-ca-trusted-cert-0001-8952 1024 394s + openssl req -new -nodes -reqexts req_exts -passin pass:random-intermediate-ca-trusted-cert-0001-8952 -key /tmp/sssd-softhsm2-certs-q7ZXKQ/test-intermediate-CA-trusted-certificate-0001-key.pem -config /tmp/sssd-softhsm2-certs-q7ZXKQ/test-intermediate-CA-trusted-certificate-0001.config -out /tmp/sssd-softhsm2-certs-q7ZXKQ/test-intermediate-CA-trusted-certificate-0001-request.pem 394s + openssl req -text -noout -in /tmp/sssd-softhsm2-certs-q7ZXKQ/test-intermediate-CA-trusted-certificate-0001-request.pem 394s Certificate Request: 394s Data: 394s Version: 1 (0x0) 394s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate Trusted Certificate 0001 394s Subject Public Key Info: 394s Public Key Algorithm: rsaEncryption 394s Public-Key: (1024 bit) 394s Modulus: 394s 00:e1:bb:9c:80:26:34:ff:96:5d:20:d0:aa:33:1d: 394s e3:bb:de:56:7a:f5:fb:fd:d1:13:a4:ec:51:45:1c: 394s 3a:46:e8:a8:b9:1b:1b:3d:f0:9f:8b:58:8a:5c:36: 394s 2b:6e:99:ea:d1:7e:40:c0:d1:e4:ab:72:2d:25:77: 394s fe:5b:d9:59:26:f6:5b:2b:f4:3c:3a:e6:95:50:b7: 394s fc:b5:30:71:1e:a5:9f:ed:a6:52:23:71:4c:7b:22: 394s 35:13:c7:aa:33:4a:d1:04:7e:1b:af:14:af:e0:be: 394s d7:8f:98:69:e4:fe:fa:c9:7d:33:ba:8a:2f:3e:e5: 394s d2:43:98:23:0c:7a:7b:3d:5f 394s Exponent: 65537 (0x10001) 394s Attributes: 394s Requested Extensions: 394s X509v3 Basic Constraints: 394s CA:FALSE 394s Netscape Cert Type: 394s SSL Client, S/MIME 394s Netscape Comment: 394s Test Organization Intermediate CA trusted Certificate 394s X509v3 Subject Key Identifier: 394s 12:82:6A:88:4D:40:75:40:6B:25:CF:98:50:64:AA:5F:45:92:5C:17 394s X509v3 Key Usage: critical 394s Digital Signature, Non Repudiation, Key Encipherment 394s X509v3 Extended Key Usage: 394s TLS Web Client Authentication, E-mail Protection 394s X509v3 Subject Alternative Name: 394s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 394s Signature Algorithm: sha256WithRSAEncryption 394s Signature Value: 394s c7:21:49:8d:a0:87:a6:30:5a:58:14:07:a4:74:28:a4:43:17: 394s 39:82:49:b1:d4:43:48:57:f5:8b:d8:ee:11:de:dd:f2:a5:81: 394s d8:0a:22:be:ac:3d:e3:06:bf:61:77:d8:ad:ae:9b:d1:91:f5: 394s f8:df:1e:14:62:88:6a:4c:f2:55:41:57:f4:ff:1c:c4:a4:4c: 394s aa:b6:f4:12:0c:fa:5a:64:9f:73:85:2a:c3:f0:ad:8d:de:12: 394s 75:c8:cf:ab:d5:b6:4b:6e:a9:99:dc:7e:9c:e6:eb:6c:ae:1b: 394s 8b:46:45:ed:57:21:2f:d8:d2:07:33:ff:23:49:ee:38:36:d3: 394s a6:91 394s + openssl ca -passin pass:random-intermediate-CA-password-15672 -config /tmp/sssd-softhsm2-certs-q7ZXKQ/test-intermediate-CA.config -batch -notext -keyfile /tmp/sssd-softhsm2-certs-q7ZXKQ/test-intermediate-CA-key.pem -in /tmp/sssd-softhsm2-certs-q7ZXKQ/test-intermediate-CA-trusted-certificate-0001-request.pem -days 365 -extensions usr_cert -out /tmp/sssd-softhsm2-certs-q7ZXKQ/test-intermediate-CA-trusted-certificate-0001.pem 394s Using configuration from /tmp/sssd-softhsm2-certs-q7ZXKQ/test-intermediate-CA.config 394s Check that the request matches the signature 394s Signature ok 394s Certificate Details: 394s Serial Number: 4 (0x4) 394s Validity 394s Not Before: Mar 22 00:37:22 2024 GMT 394s Not After : Mar 22 00:37:22 2025 GMT 394s Subject: 394s organizationName = Test Organization 394s organizationalUnitName = Test Organization Unit 394s commonName = Test Organization Intermediate Trusted Certificate 0001 394s X509v3 extensions: 394s X509v3 Authority Key Identifier: 394s CF:84:5A:44:FE:C8:FD:A5:F9:D9:DC:8C:19:DC:43:99:18:ED:30:B9 394s X509v3 Basic Constraints: 394s CA:FALSE 394s Netscape Cert Type: 394s SSL Client, S/MIME 394s Netscape Comment: 394s Test Organization Intermediate CA trusted Certificate 394s X509v3 Subject Key Identifier: 394s 12:82:6A:88:4D:40:75:40:6B:25:CF:98:50:64:AA:5F:45:92:5C:17 394s X509v3 Key Usage: critical 394s Digital Signature, Non Repudiation, Key Encipherment 394s X509v3 Extended Key Usage: 394s TLS Web Client Authentication, E-mail Protection 394s X509v3 Subject Alternative Name: 394s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 394s Certificate is to be certified until Mar 22 00:37:22 2025 GMT (365 days) 394s 394s Write out database with 1 new entries 394s Database updated 394s + openssl x509 -noout -in /tmp/sssd-softhsm2-certs-q7ZXKQ/test-intermediate-CA-trusted-certificate-0001.pem 395s + echo 'This certificate should not be trusted fully' 395s + expect_fail openssl verify -CAfile /tmp/sssd-softhsm2-certs-q7ZXKQ/test-intermediate-CA.pem /tmp/sssd-softhsm2-certs-q7ZXKQ/test-intermediate-CA-trusted-certificate-0001.pem 395s + local cmd=openssl 395s + shift 395s This certificate should not be trusted fully 395s + openssl verify -CAfile /tmp/sssd-softhsm2-certs-q7ZXKQ/test-intermediate-CA.pem /tmp/sssd-softhsm2-certs-q7ZXKQ/test-intermediate-CA-trusted-certificate-0001.pem 395s O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate CA 395s error 2 at 1 depth lookup: unable to get issuer certificate 395s error /tmp/sssd-softhsm2-certs-q7ZXKQ/test-intermediate-CA-trusted-certificate-0001.pem: verification failed 395s + openssl verify -partial_chain -CAfile /tmp/sssd-softhsm2-certs-q7ZXKQ/test-intermediate-CA.pem /tmp/sssd-softhsm2-certs-q7ZXKQ/test-intermediate-CA-trusted-certificate-0001.pem 395s /tmp/sssd-softhsm2-certs-q7ZXKQ/test-intermediate-CA-trusted-certificate-0001.pem: OK 395s + cat 395s + sub_intermediate_ca_trusted_cert_0001_key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-29140 395s + openssl genrsa -aes256 -out /tmp/sssd-softhsm2-certs-q7ZXKQ/test-sub-intermediate-CA-trusted-certificate-0001-key.pem -passout pass:random-sub-intermediate-ca-trusted-cert-0001-29140 1024 395s + openssl req -new -nodes -reqexts req_exts -passin pass:random-sub-intermediate-ca-trusted-cert-0001-29140 -key /tmp/sssd-softhsm2-certs-q7ZXKQ/test-sub-intermediate-CA-trusted-certificate-0001-key.pem -config /tmp/sssd-softhsm2-certs-q7ZXKQ/test-sub-intermediate-CA-trusted-certificate-0001.config -out /tmp/sssd-softhsm2-certs-q7ZXKQ/test-sub-intermediate-CA-trusted-certificate-0001-request.pem 395s + openssl req -text -noout -in /tmp/sssd-softhsm2-certs-q7ZXKQ/test-sub-intermediate-CA-trusted-certificate-0001-request.pem 395s Certificate Request: 395s Data: 395s Version: 1 (0x0) 395s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate Trusted Certificate 0001 395s Subject Public Key Info: 395s Public Key Algorithm: rsaEncryption 395s Public-Key: (1024 bit) 395s Modulus: 395s 00:d7:65:ea:90:be:d2:b2:e5:30:19:5f:b8:bf:f0: 395s 5f:fb:43:79:5d:fd:2d:9d:ce:d1:2b:bf:3e:0c:d4: 395s 77:b2:9c:00:98:b6:e6:52:90:88:26:38:c4:03:1d: 395s 05:5d:7f:b0:20:52:83:38:4d:cf:59:c6:26:1f:b4: 395s 12:6f:33:63:8f:85:8c:af:c8:2a:af:ec:4e:05:27: 395s 0a:d1:14:2f:23:a5:ce:28:24:66:54:d1:d8:d5:83: 395s ab:aa:5e:89:96:6d:9a:94:aa:d1:e3:a6:5b:ca:72: 395s 5f:80:04:16:0c:7e:9e:a3:75:e4:8a:c3:a4:69:5f: 395s e9:13:46:bd:0a:15:a7:d3:73 395s Exponent: 65537 (0x10001) 395s Attributes: 395s Requested Extensions: 395s X509v3 Basic Constraints: 395s CA:FALSE 395s Netscape Cert Type: 395s SSL Client, S/MIME 395s Netscape Comment: 395s Test Organization Sub Intermediate CA trusted Certificate 395s X509v3 Subject Key Identifier: 395s 90:CB:D8:5B:C9:80:40:4A:68:6B:25:83:E4:FA:79:99:85:F0:36:D2 395s X509v3 Key Usage: critical 395s Digital Signature, Non Repudiation, Key Encipherment 395s X509v3 Extended Key Usage: 395s TLS Web Client Authentication, E-mail Protection 395s X509v3 Subject Alternative Name: 395s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 395s Signature Algorithm: sha256WithRSAEncryption 395s Signature Value: 395s 80:4a:ee:97:15:72:d5:75:c7:fb:91:e8:49:e6:da:3f:e6:4a: 395s 4d:81:2c:b9:fa:94:e3:bc:59:07:f8:6d:93:4a:3a:bc:4d:b0: 395s 38:91:79:05:21:71:91:b3:df:fa:db:ae:b9:eb:78:4a:f6:e7: 395s 49:78:23:af:b9:60:ad:77:85:fe:d5:e8:a3:aa:d1:e1:9b:05: 395s fd:7f:d8:9c:18:8f:0f:37:37:a0:20:6f:95:e4:00:85:5a:bb: 395s 80:56:4e:d2:41:47:cc:34:6b:14:75:c4:c2:31:12:4e:a3:9e: 395s 62:a5:4b:a9:70:77:86:72:13:e6:cb:8e:32:ab:08:39:a3:b2: 395s 47:54 395s + openssl ca -passin pass:random-sub-intermediate-CA-password-16627 -config /tmp/sssd-softhsm2-certs-q7ZXKQ/test-sub-intermediate-CA.config -batch -notext -keyfile /tmp/sssd-softhsm2-certs-q7ZXKQ/test-sub-intermediate-CA-key.pem -in /tmp/sssd-softhsm2-certs-q7ZXKQ/test-sub-intermediate-CA-trusted-certificate-0001-request.pem -days 365 -extensions usr_cert -out /tmp/sssd-softhsm2-certs-q7ZXKQ/test-sub-intermediate-CA-trusted-certificate-0001.pem 395s Using configuration from /tmp/sssd-softhsm2-certs-q7ZXKQ/test-sub-intermediate-CA.config 395s Check that the request matches the signature 395s Signature ok 395s Certificate Details: 395s Serial Number: 5 (0x5) 395s Validity 395s Not Before: Mar 22 00:37:23 2024 GMT 395s Not After : Mar 22 00:37:23 2025 GMT 395s Subject: 395s organizationName = Test Organization 395s organizationalUnitName = Test Organization Unit 395s commonName = Test Organization Sub Intermediate Trusted Certificate 0001 395s X509v3 extensions: 395s X509v3 Authority Key Identifier: 395s B1:BB:D5:AC:08:44:D2:BA:5A:2A:96:B6:01:49:49:55:0F:22:74:D7 395s X509v3 Basic Constraints: 395s CA:FALSE 395s Netscape Cert Type: 395s SSL Client, S/MIME 395s Netscape Comment: 395s Test Organization Sub Intermediate CA trusted Certificate 395s X509v3 Subject Key Identifier: 395s 90:CB:D8:5B:C9:80:40:4A:68:6B:25:83:E4:FA:79:99:85:F0:36:D2 395s X509v3 Key Usage: critical 395s Digital Signature, Non Repudiation, Key Encipherment 395s X509v3 Extended Key Usage: 395s TLS Web Client Authentication, E-mail Protection 395s X509v3 Subject Alternative Name: 395s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 395s Certificate is to be certified until Mar 22 00:37:23 2025 GMT (365 days) 395s 395s Write out database with 1 new entries 395s Database updated 395s + openssl x509 -noout -in /tmp/sssd-softhsm2-certs-q7ZXKQ/test-sub-intermediate-CA-trusted-certificate-0001.pem 395s + echo 'This certificate should not be trusted fully' 395s + expect_fail openssl verify -CAfile /tmp/sssd-softhsm2-certs-q7ZXKQ/test-sub-intermediate-CA.pem /tmp/sssd-softhsm2-certs-q7ZXKQ/test-sub-intermediate-CA-trusted-certificate-0001.pem 395s + local cmd=openssl 395s + shift 395s + openssl verify -CAfile /tmp/sssd-softhsm2-certs-q7ZXKQ/test-sub-intermediate-CA.pem /tmp/sssd-softhsm2-certs-q7ZXKQ/test-sub-intermediate-CA-trusted-certificate-0001.pem 395s This certificate should not be trusted fully 395s O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate CA 395s error 2 at 1 depth lookup: unable to get issuer certificate 395s error /tmp/sssd-softhsm2-certs-q7ZXKQ/test-sub-intermediate-CA-trusted-certificate-0001.pem: verification failed 395s + expect_fail openssl verify -CAfile /tmp/sssd-softhsm2-certs-q7ZXKQ/test-intermediate-CA.pem /tmp/sssd-softhsm2-certs-q7ZXKQ/test-sub-intermediate-CA-trusted-certificate-0001.pem 395s + local cmd=openssl 395s + shift 395s + openssl verify -CAfile /tmp/sssd-softhsm2-certs-q7ZXKQ/test-intermediate-CA.pem /tmp/sssd-softhsm2-certs-q7ZXKQ/test-sub-intermediate-CA-trusted-certificate-0001.pem 395s O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate Trusted Certificate 0001 395s error 20 at 0 depth lookup: unable to get local issuer certificate 395s error /tmp/sssd-softhsm2-certs-q7ZXKQ/test-sub-intermediate-CA-trusted-certificate-0001.pem: verification failed 395s + openssl verify -partial_chain -CAfile /tmp/sssd-softhsm2-certs-q7ZXKQ/test-sub-intermediate-CA.pem /tmp/sssd-softhsm2-certs-q7ZXKQ/test-sub-intermediate-CA-trusted-certificate-0001.pem 395s /tmp/sssd-softhsm2-certs-q7ZXKQ/test-sub-intermediate-CA-trusted-certificate-0001.pem: OK 395s + expect_fail openssl verify -partial_chain -CAfile /tmp/sssd-softhsm2-certs-q7ZXKQ/test-intermediate-CA.pem /tmp/sssd-softhsm2-certs-q7ZXKQ/test-sub-intermediate-CA-trusted-certificate-0001.pem 395s + local cmd=openssl 395s + shift 395s + openssl verify -partial_chain -CAfile /tmp/sssd-softhsm2-certs-q7ZXKQ/test-intermediate-CA.pem /tmp/sssd-softhsm2-certs-q7ZXKQ/test-sub-intermediate-CA-trusted-certificate-0001.pem 395s O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate Trusted Certificate 0001 395s error 20 at 0 depth lookup: unable to get local issuer certificate 395s error /tmp/sssd-softhsm2-certs-q7ZXKQ/test-sub-intermediate-CA-trusted-certificate-0001.pem: verification failed 395s + echo 'Building a the full-chain CA file...' 395s + cat /tmp/sssd-softhsm2-certs-q7ZXKQ/test-root-CA.pem /tmp/sssd-softhsm2-certs-q7ZXKQ/test-intermediate-CA.pem /tmp/sssd-softhsm2-certs-q7ZXKQ/test-sub-intermediate-CA.pem 395s + cat /tmp/sssd-softhsm2-certs-q7ZXKQ/test-root-CA.pem /tmp/sssd-softhsm2-certs-q7ZXKQ/test-intermediate-CA.pem 395s + cat /tmp/sssd-softhsm2-certs-q7ZXKQ/test-intermediate-CA.pem /tmp/sssd-softhsm2-certs-q7ZXKQ/test-sub-intermediate-CA.pem 395s + openssl crl2pkcs7 -nocrl -certfile /tmp/sssd-softhsm2-certs-q7ZXKQ/test-full-chain-CA.pem 395s + openssl pkcs7 -print_certs -noout 395s + openssl verify -CAfile /tmp/sssd-softhsm2-certs-q7ZXKQ/test-full-chain-CA.pem /tmp/sssd-softhsm2-certs-q7ZXKQ/test-intermediate-CA.pem 395s + openssl verify -CAfile /tmp/sssd-softhsm2-certs-q7ZXKQ/test-full-chain-CA.pem /tmp/sssd-softhsm2-certs-q7ZXKQ/test-root-CA-trusted-certificate-0001.pem 395s + openssl verify -CAfile /tmp/sssd-softhsm2-certs-q7ZXKQ/test-full-chain-CA.pem /tmp/sssd-softhsm2-certs-q7ZXKQ/test-intermediate-CA-trusted-certificate-0001.pem 395s + openssl verify -CAfile /tmp/sssd-softhsm2-certs-q7ZXKQ/test-full-chain-CA.pem /tmp/sssd-softhsm2-certs-q7ZXKQ/test-root-intermediate-chain-CA.pem 395s + openssl verify -CAfile /tmp/sssd-softhsm2-certs-q7ZXKQ/test-full-chain-CA.pem /tmp/sssd-softhsm2-certs-q7ZXKQ/test-sub-intermediate-CA-trusted-certificate-0001.pem 395s Building a the full-chain CA file... 395s subject=O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root CA 395s issuer=O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root CA 395s 395s subject=O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate CA 395s issuer=O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root CA 395s 395s subject=O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate CA 395s issuer=O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate CA 395s 395s /tmp/sssd-softhsm2-certs-q7ZXKQ/test-intermediate-CA.pem: OK 395s /tmp/sssd-softhsm2-certs-q7ZXKQ/test-root-CA-trusted-certificate-0001.pem: OK 395s /tmp/sssd-softhsm2-certs-q7ZXKQ/test-intermediate-CA-trusted-certificate-0001.pem: OK 395s /tmp/sssd-softhsm2-certs-q7ZXKQ/test-root-intermediate-chain-CA.pem: OK 395s /tmp/sssd-softhsm2-certs-q7ZXKQ/test-sub-intermediate-CA-trusted-certificate-0001.pem: OK 395s + echo 'Certificates generation completed!' 395s Certificates generation completed! 395s + [[ -v NO_SSSD_TESTS ]] 395s + [[ -v GENERATE_SMART_CARDS ]] 395s + prepare_softhsm2_card /tmp/sssd-softhsm2-certs-q7ZXKQ/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-23488 395s + local certificate=/tmp/sssd-softhsm2-certs-q7ZXKQ/test-root-CA-trusted-certificate-0001.pem 395s + local key_pass=pass:random-root-ca-trusted-cert-0001-23488 395s + local key_cn 395s + local key_name 395s + local tokens_dir 395s + local output_cert_file 395s + token_name= 395s ++ basename /tmp/sssd-softhsm2-certs-q7ZXKQ/test-root-CA-trusted-certificate-0001.pem .pem 395s + key_name=test-root-CA-trusted-certificate-0001 395s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-certs-q7ZXKQ/test-root-CA-trusted-certificate-0001.pem 395s ++ sed -n 's/ *commonName *= //p' 395s + key_cn='Test Organization Root Trusted Certificate 0001' 395s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 395s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-certs-q7ZXKQ/softhsm2-test-root-CA-trusted-certificate-0001.conf 395s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-certs-q7ZXKQ/softhsm2-test-root-CA-trusted-certificate-0001.conf 395s ++ basename /tmp/sssd-softhsm2-certs-q7ZXKQ/softhsm2-test-root-CA-trusted-certificate-0001.conf .conf 395s + tokens_dir=/tmp/sssd-softhsm2-certs-q7ZXKQ/softhsm2-test-root-CA-trusted-certificate-0001 395s + token_name='Test Organization Root Tr Token' 395s + '[' '!' -e /tmp/sssd-softhsm2-certs-q7ZXKQ/softhsm2-test-root-CA-trusted-certificate-0001.conf ']' 395s + local key_file 395s + local decrypted_key 395s + mkdir -p /tmp/sssd-softhsm2-certs-q7ZXKQ/softhsm2-test-root-CA-trusted-certificate-0001 395s + key_file=/tmp/sssd-softhsm2-certs-q7ZXKQ/test-root-CA-trusted-certificate-0001-key.pem 395s + decrypted_key=/tmp/sssd-softhsm2-certs-q7ZXKQ/test-root-CA-trusted-certificate-0001-key-decrypted.pem 395s + cat 395s + softhsm2-util --init-token --label 'Test Organization Root Tr Token' --pin 123456 --so-pin 123456 --free 395s Slot 0 has a free/uninitialized token. 395s The token has been initialized and is reassigned to slot 1227182743 395s + softhsm2-util --show-slots 395s Available slots: 395s Slot 1227182743 395s Slot info: 395s Description: SoftHSM slot ID 0x49255297 395s Manufacturer ID: SoftHSM project 395s Hardware version: 2.6 395s Firmware version: 2.6 395s Token present: yes 395s Token info: 395s Manufacturer ID: SoftHSM project 395s Model: SoftHSM v2 395s Hardware version: 2.6 395s Firmware version: 2.6 395s Serial number: e2e18e9ec9255297 395s Initialized: yes 395s User PIN init.: yes 395s Label: Test Organization Root Tr Token 395s Slot 1 395s Slot info: 395s Description: SoftHSM slot ID 0x1 395s Manufacturer ID: SoftHSM project 395s Hardware version: 2.6 395s Firmware version: 2.6 395s Token present: yes 395s Token info: 395s Manufacturer ID: SoftHSM project 395s Model: SoftHSM v2 395s Hardware version: 2.6 395s Firmware version: 2.6 395s Serial number: 395s Initialized: no 395s User PIN init.: no 395s Label: 395s + p11tool --provider=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so --write --no-mark-private --load-certificate=/tmp/sssd-softhsm2-certs-q7ZXKQ/test-root-CA-trusted-certificate-0001.pem --login --set-pin=123456 --label 'Test Organization Root Trusted Certificate 0001' --id 00112233445566778899FFAABBCCDDEEFF012345 395s + openssl rsa -passin pass:random-root-ca-trusted-cert-0001-23488 -in /tmp/sssd-softhsm2-certs-q7ZXKQ/test-root-CA-trusted-certificate-0001-key.pem -out /tmp/sssd-softhsm2-certs-q7ZXKQ/test-root-CA-trusted-certificate-0001-key-decrypted.pem 395s writing RSA key 395s + p11tool --provider=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so --write --load-privkey=/tmp/sssd-softhsm2-certs-q7ZXKQ/test-root-CA-trusted-certificate-0001-key-decrypted.pem --login --set-pin=123456 --label 'Test Organization Root Trusted Certificate 0001 Key' --id 00112233445566778899FFAABBCCDDEEFF012345 395s + rm /tmp/sssd-softhsm2-certs-q7ZXKQ/test-root-CA-trusted-certificate-0001-key-decrypted.pem 395s + p11tool --provider=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so --list-all 395s + echo 'Test Organization Root Tr Token' 395s Object 0: 395s URL: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=e2e18e9ec9255297;token=Test%20Organization%20Root%20Tr%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Root%20Trusted%20Certificate%200001;type=cert 395s Type: X.509 Certificate (RSA-1024) 395s Expires: Sat Mar 22 00:37:22 2025 395s Label: Test Organization Root Trusted Certificate 0001 395s ID: 00:11:22:33:44:55:66:77:88:99:ff:aa:bb:cc:dd:ee:ff:01:23:45 395s 395s Test Organization Root Tr Token 395s + prepare_softhsm2_card /tmp/sssd-softhsm2-certs-q7ZXKQ/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-8952 395s + local certificate=/tmp/sssd-softhsm2-certs-q7ZXKQ/test-intermediate-CA-trusted-certificate-0001.pem 395s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-8952 395s + local key_cn 395s + local key_name 395s + local tokens_dir 395s + local output_cert_file 395s + token_name= 395s ++ basename /tmp/sssd-softhsm2-certs-q7ZXKQ/test-intermediate-CA-trusted-certificate-0001.pem .pem 395s + key_name=test-intermediate-CA-trusted-certificate-0001 395s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-certs-q7ZXKQ/test-intermediate-CA-trusted-certificate-0001.pem 395s ++ sed -n 's/ *commonName *= //p' 395s + key_cn='Test Organization Intermediate Trusted Certificate 0001' 395s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 395s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-certs-q7ZXKQ/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 395s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-certs-q7ZXKQ/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 395s ++ basename /tmp/sssd-softhsm2-certs-q7ZXKQ/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf .conf 395s + tokens_dir=/tmp/sssd-softhsm2-certs-q7ZXKQ/softhsm2-test-intermediate-CA-trusted-certificate-0001 395s + token_name='Test Organization Interme Token' 395s + '[' '!' -e /tmp/sssd-softhsm2-certs-q7ZXKQ/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf ']' 395s + local key_file 395s + local decrypted_key 395s + mkdir -p /tmp/sssd-softhsm2-certs-q7ZXKQ/softhsm2-test-intermediate-CA-trusted-certificate-0001 395s + key_file=/tmp/sssd-softhsm2-certs-q7ZXKQ/test-intermediate-CA-trusted-certificate-0001-key.pem 395s + decrypted_key=/tmp/sssd-softhsm2-certs-q7ZXKQ/test-intermediate-CA-trusted-certificate-0001-key-decrypted.pem 395s + cat 395s + softhsm2-util --init-token --label 'Test Organization Interme Token' --pin 123456 --so-pin 123456 --free 395s Slot 0 has a free/uninitialized token. 395s The token has been initialized and is reassigned to slot 1204453273 395s + softhsm2-util --show-slots 395s Available slots: 395s Slot 1204453273 395s Slot info: 395s Description: SoftHSM slot ID 0x47ca7f99 395s Manufacturer ID: SoftHSM project 395s Hardware version: 2.6 395s Firmware version: 2.6 395s Token present: yes 395s Token info: 395s Manufacturer ID: SoftHSM project 395s Model: SoftHSM v2 395s Hardware version: 2.6 395s Firmware version: 2.6 395s Serial number: 5626b650c7ca7f99 395s Initialized: yes 395s User PIN init.: yes 395s Label: Test Organization Interme Token 395s Slot 1 395s Slot info: 395s Description: SoftHSM slot ID 0x1 395s Manufacturer ID: SoftHSM project 395s Hardware version: 2.6 395s Firmware version: 2.6 395s Token present: yes 395s Token info: 395s Manufacturer ID: SoftHSM project 395s Model: SoftHSM v2 395s Hardware version: 2.6 395s Firmware version: 2.6 395s Serial number: 395s Initialized: no 395s User PIN init.: no 395s Label: 395s + p11tool --provider=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so --write --no-mark-private --load-certificate=/tmp/sssd-softhsm2-certs-q7ZXKQ/test-intermediate-CA-trusted-certificate-0001.pem --login --set-pin=123456 --label 'Test Organization Intermediate Trusted Certificate 0001' --id 00112233445566778899FFAABBCCDDEEFF012345 395s + openssl rsa -passin pass:random-intermediate-ca-trusted-cert-0001-8952 -in /tmp/sssd-softhsm2-certs-q7ZXKQ/test-intermediate-CA-trusted-certificate-0001-key.pem -out /tmp/sssd-softhsm2-certs-q7ZXKQ/test-intermediate-CA-trusted-certificate-0001-key-decrypted.pem 395s writing RSA key 395s + p11tool --provider=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so --write --load-privkey=/tmp/sssd-softhsm2-certs-q7ZXKQ/test-intermediate-CA-trusted-certificate-0001-key-decrypted.pem --login --set-pin=123456 --label 'Test Organization Intermediate Trusted Certificate 0001 Key' --id 00112233445566778899FFAABBCCDDEEFF012345 395s + rm /tmp/sssd-softhsm2-certs-q7ZXKQ/test-intermediate-CA-trusted-certificate-0001-key-decrypted.pem 395s + p11tool --provider=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so --list-all 395s Object 0: 395s URL: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=5626b650c7ca7f99;token=Test%20Organization%20Interme%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Intermediate%20Trusted%20Certificate%200001;type=cert 395s Type: X.509 Certificate (RSA-1024) 395s Expires: Sat Mar 22 00:37:22 2025 395s Label: Test Organization Intermediate Trusted Certificate 0001 395s ID: 00:11:22:33:44:55:66:77:88:99:ff:aa:bb:cc:dd:ee:ff:01:23:45 395s 395s Test Organization Interme Token 395s + echo 'Test Organization Interme Token' 395s + prepare_softhsm2_card /tmp/sssd-softhsm2-certs-q7ZXKQ/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-29140 395s + local certificate=/tmp/sssd-softhsm2-certs-q7ZXKQ/test-sub-intermediate-CA-trusted-certificate-0001.pem 395s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-29140 395s + local key_cn 395s + local key_name 395s + local tokens_dir 395s + local output_cert_file 395s + token_name= 395s ++ basename /tmp/sssd-softhsm2-certs-q7ZXKQ/test-sub-intermediate-CA-trusted-certificate-0001.pem .pem 395s + key_name=test-sub-intermediate-CA-trusted-certificate-0001 395s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-certs-q7ZXKQ/test-sub-intermediate-CA-trusted-certificate-0001.pem 395s ++ sed -n 's/ *commonName *= //p' 395s + key_cn='Test Organization Sub Intermediate Trusted Certificate 0001' 395s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 395s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-certs-q7ZXKQ/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 395s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-certs-q7ZXKQ/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 395s ++ basename /tmp/sssd-softhsm2-certs-q7ZXKQ/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf .conf 395s + tokens_dir=/tmp/sssd-softhsm2-certs-q7ZXKQ/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 395s + token_name='Test Organization Sub Int Token' 395s + '[' '!' -e /tmp/sssd-softhsm2-certs-q7ZXKQ/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf ']' 395s + local key_file 395s + local decrypted_key 395s + mkdir -p /tmp/sssd-softhsm2-certs-q7ZXKQ/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 395s + key_file=/tmp/sssd-softhsm2-certs-q7ZXKQ/test-sub-intermediate-CA-trusted-certificate-0001-key.pem 395s + decrypted_key=/tmp/sssd-softhsm2-certs-q7ZXKQ/test-sub-intermediate-CA-trusted-certificate-0001-key-decrypted.pem 395s + cat 395s + softhsm2-util --init-token --label 'Test Organization Sub Int Token' --pin 123456 --so-pin 123456 --free 395s Slot 0 has a free/uninitialized token. 395s The token has been initialized and is reassigned to slot 1375610281 395s + softhsm2-util --show-slots 395s Available slots: 395s Slot 1375610281 395s Slot info: 395s Description: SoftHSM slot ID 0x51fe25a9 395s Manufacturer ID: SoftHSM project 395s Hardware version: 2.6 395s Firmware version: 2.6 395s Token present: yes 395s Token info: 395s Manufacturer ID: SoftHSM project 395s Model: SoftHSM v2 395s Hardware version: 2.6 395s Firmware version: 2.6 395s Serial number: 475df36dd1fe25a9 395s Initialized: yes 395s User PIN init.: yes 395s Label: Test Organization Sub Int Token 395s Slot 1 395s Slot info: 395s Description: SoftHSM slot ID 0x1 395s Manufacturer ID: SoftHSM project 395s Hardware version: 2.6 395s Firmware version: 2.6 395s Token present: yes 395s Token info: 395s Manufacturer ID: SoftHSM project 395s Model: SoftHSM v2 395s Hardware version: 2.6 395s Firmware version: 2.6 395s Serial number: 395s Initialized: no 395s User PIN init.: no 395s Label: 395s + p11tool --provider=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so --write --no-mark-private --load-certificate=/tmp/sssd-softhsm2-certs-q7ZXKQ/test-sub-intermediate-CA-trusted-certificate-0001.pem --login --set-pin=123456 --label 'Test Organization Sub Intermediate Trusted Certificate 0001' --id 00112233445566778899FFAABBCCDDEEFF012345 395s + openssl rsa -passin pass:random-sub-intermediate-ca-trusted-cert-0001-29140 -in /tmp/sssd-softhsm2-certs-q7ZXKQ/test-sub-intermediate-CA-trusted-certificate-0001-key.pem -out /tmp/sssd-softhsm2-certs-q7ZXKQ/test-sub-intermediate-CA-trusted-certificate-0001-key-decrypted.pem 395s writing RSA key 395s + p11tool --provider=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so --write --load-privkey=/tmp/sssd-softhsm2-certs-q7ZXKQ/test-sub-intermediate-CA-trusted-certificate-0001-key-decrypted.pem --login --set-pin=123456 --label 'Test Organization Sub Intermediate Trusted Certificate 0001 Key' --id 00112233445566778899FFAABBCCDDEEFF012345 395s + rm /tmp/sssd-softhsm2-certs-q7ZXKQ/test-sub-intermediate-CA-trusted-certificate-0001-key-decrypted.pem 395s + p11tool --provider=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so --list-all 395s Object 0: 395s URL: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=475df36dd1fe25a9;token=Test%20Organization%20Sub%20Int%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Sub%20Intermediate%20Trusted%20Certificate%200001;type=cert 395s Type: X.509 Certificate (RSA-1024) 395s Expires: Sat Mar 22 00:37:23 2025 395s Label: Test Organization Sub Intermediate Trusted Certificate 0001 395s ID: 00:11:22:33:44:55:66:77:88:99:ff:aa:bb:cc:dd:ee:ff:01:23:45 395s 395s Test Organization Sub Int Token 395s Certificates generation completed! 395s + echo 'Test Organization Sub Int Token' 395s + echo 'Certificates generation completed!' 395s + exit 0 395s + find /tmp/sssd-softhsm2-certs-q7ZXKQ -type d -exec chmod 777 '{}' ';' 395s + find /tmp/sssd-softhsm2-certs-q7ZXKQ -type f -exec chmod 666 '{}' ';' 395s + backup_file /etc/sssd/sssd.conf 395s + '[' -z '' ']' 395s ++ mktemp -d -t sssd-softhsm2-backups-XXXXXX 395s + backupsdir=/tmp/sssd-softhsm2-backups-Nex2HA 395s + '[' -e /etc/sssd/sssd.conf ']' 395s + delete_paths+=("$1") 395s + rm -f /etc/sssd/sssd.conf 395s ++ runuser -u ubuntu -- sh -c 'echo ~' 395s + user_home=/home/ubuntu 395s + mkdir -p /home/ubuntu 395s + chown ubuntu:ubuntu /home/ubuntu 395s ++ runuser -u ubuntu -- sh -c 'echo ${XDG_CONFIG_HOME:-~/.config}' 395s + user_config=/home/ubuntu/.config 395s + system_config=/etc 395s + softhsm2_conf_paths=("${AUTOPKGTEST_NORMAL_USER}:$user_config/softhsm2/softhsm2.conf" "root:$system_config/softhsm/softhsm2.conf") 395s + for path_pair in "${softhsm2_conf_paths[@]}" 395s + IFS=: 395s + read -r -a path 395s + path=/home/ubuntu/.config/softhsm2/softhsm2.conf 395s + backup_file /home/ubuntu/.config/softhsm2/softhsm2.conf 395s + '[' -z /tmp/sssd-softhsm2-backups-Nex2HA ']' 395s + '[' -e /home/ubuntu/.config/softhsm2/softhsm2.conf ']' 395s + delete_paths+=("$1") 395s + rm -f /home/ubuntu/.config/softhsm2/softhsm2.conf 395s + for path_pair in "${softhsm2_conf_paths[@]}" 395s + IFS=: 395s + read -r -a path 395s + path=/etc/softhsm/softhsm2.conf 395s + backup_file /etc/softhsm/softhsm2.conf 395s + '[' -z /tmp/sssd-softhsm2-backups-Nex2HA ']' 395s + '[' -e /etc/softhsm/softhsm2.conf ']' 395s ++ dirname /etc/softhsm/softhsm2.conf 395s + local back_dir=/tmp/sssd-softhsm2-backups-Nex2HA//etc/softhsm 395s ++ basename /etc/softhsm/softhsm2.conf 395s + local back_path=/tmp/sssd-softhsm2-backups-Nex2HA//etc/softhsm/softhsm2.conf 395s + '[' '!' -e /tmp/sssd-softhsm2-backups-Nex2HA//etc/softhsm/softhsm2.conf ']' 395s + mkdir -p /tmp/sssd-softhsm2-backups-Nex2HA//etc/softhsm 395s + cp -a /etc/softhsm/softhsm2.conf /tmp/sssd-softhsm2-backups-Nex2HA//etc/softhsm/softhsm2.conf 395s + restore_paths+=("$back_path") 395s + rm -f /etc/softhsm/softhsm2.conf 395s + test_authentication login /tmp/sssd-softhsm2-certs-q7ZXKQ/softhsm2-test-root-CA-trusted-certificate-0001.conf /tmp/sssd-softhsm2-certs-q7ZXKQ/test-full-chain-CA.pem 395s + pam_service=login 395s + certificate_config=/tmp/sssd-softhsm2-certs-q7ZXKQ/softhsm2-test-root-CA-trusted-certificate-0001.conf 395s + ca_db=/tmp/sssd-softhsm2-certs-q7ZXKQ/test-full-chain-CA.pem 395s + verification_options= 395s + mkdir -p -m 700 /etc/sssd 395s Using CA DB '/tmp/sssd-softhsm2-certs-q7ZXKQ/test-full-chain-CA.pem' with verification options: '' 395s + echo 'Using CA DB '\''/tmp/sssd-softhsm2-certs-q7ZXKQ/test-full-chain-CA.pem'\'' with verification options: '\'''\''' 395s + cat 395s + chmod 600 /etc/sssd/sssd.conf 395s + for path_pair in "${softhsm2_conf_paths[@]}" 395s + IFS=: 395s + read -r -a path 395s + user=ubuntu 395s + path=/home/ubuntu/.config/softhsm2/softhsm2.conf 395s ++ dirname /home/ubuntu/.config/softhsm2/softhsm2.conf 395s + runuser -u ubuntu -- mkdir -p /home/ubuntu/.config/softhsm2 395s + runuser -u ubuntu -- ln -sf /tmp/sssd-softhsm2-certs-q7ZXKQ/softhsm2-test-root-CA-trusted-certificate-0001.conf /home/ubuntu/.config/softhsm2/softhsm2.conf 395s + runuser -u ubuntu -- softhsm2-util --show-slots 395s + grep 'Test Organization' 395s Label: Test Organization Root Tr Token 395s + for path_pair in "${softhsm2_conf_paths[@]}" 395s + IFS=: 395s + read -r -a path 395s + user=root 395s + path=/etc/softhsm/softhsm2.conf 395s ++ dirname /etc/softhsm/softhsm2.conf 395s + runuser -u root -- mkdir -p /etc/softhsm 395s + runuser -u root -- ln -sf /tmp/sssd-softhsm2-certs-q7ZXKQ/softhsm2-test-root-CA-trusted-certificate-0001.conf /etc/softhsm/softhsm2.conf 395s + runuser -u root -- softhsm2-util --show-slots 395s + grep 'Test Organization' 395s Label: Test Organization Root Tr Token 395s + systemctl restart sssd 395s + pam-auth-update --disable sss-smart-card-optional sss-smart-card-required 396s + for alternative in "${alternative_pam_configs[@]}" 396s + pam-auth-update --enable sss-smart-card-optional 396s + cat /etc/pam.d/common-auth 396s # 396s # /etc/pam.d/common-auth - authentication settings common to all services 396s # 396s # This file is included from other service-specific PAM config files, 396s # and should contain a list of the authentication modules that define 396s # the central authentication scheme for use on the system 396s # (e.g., /etc/shadow, LDAP, Kerberos, etc.). The default is to use the 396s # traditional Unix authentication mechanisms. 396s # 396s # As of pam 1.0.1-6, this file is managed by pam-auth-update by default. 396s # To take advantage of this, it is recommended that you configure any 396s # local modules either before or after the default block, and use 396s # pam-auth-update to manage selection of other modules. See 396s # pam-auth-update(8) for details. 396s 396s # here are the per-package modules (the "Primary" block) 396s auth [success=3 default=ignore] pam_sss.so allow_missing_name try_cert_auth 396s auth [success=2 default=ignore] pam_unix.so nullok try_first_pass 396s auth [success=1 default=ignore] pam_sss.so use_first_pass 396s # here's the fallback if no module succeeds 396s auth requisite pam_deny.so 396s # prime the stack with a positive return value if there isn't one already; 396s # this avoids us returning an error just because nothing sets a success code 396s # since the modules above will each just jump around 396s auth required pam_permit.so 396s # and here are more per-package modules (the "Additional" block) 396s auth optional pam_cap.so 396s # end of pam-auth-update config 396s + echo -n -e 123456 396s + runuser -u ubuntu -- pamtester -v login ubuntu authenticate 396s pamtester: invoking pam_start(login, ubuntu, ...) 396s pamtester: performing operation - authenticate 396s PIN for Test Organization Root Tr Token: pamtester: successfully authenticated 396s + echo -n -e 123456 396s + runuser -u ubuntu -- pamtester -v login '' authenticate 396s pamtester: invoking pam_start(login, , ...) 396s pamtester: performing operation - authenticate 396s PIN for Test Organization Root Tr Token: pamtester: successfully authenticated 396s + echo -n -e wrong123456 396s + runuser -u ubuntu -- pamtester -v login ubuntu authenticate 396s pamtester: invoking pam_start(login, ubuntu, ...) 396s pamtester: performing operation - authenticate 399s PIN for Test Organization Root Tr Token: Password: pamtester: Authentication failure 399s + echo -n -e wrong123456 399s + runuser -u ubuntu -- pamtester -v login '' authenticate 399s pamtester: invoking pam_start(login, , ...) 399s pamtester: performing operation - authenticate 404s PIN for Test Organization Root Tr Token: Password: pamtester: Authentication failure 404s + echo -n -e 123456 404s + pamtester -v login root authenticate 404s pamtester: invoking pam_start(login, root, ...) 404s pamtester: performing operation - authenticate 406s Password: pamtester: Authentication failure 406s + for alternative in "${alternative_pam_configs[@]}" 406s + pam-auth-update --enable sss-smart-card-required 406s PAM configuration 406s ----------------- 406s 406s Incompatible PAM profiles selected. 406s 406s The following PAM profiles cannot be used together: 406s 406s SSS required smart card authentication, SSS optional smart card 406s authentication 406s 406s Please select a different set of modules to enable. 406s 406s + cat /etc/pam.d/common-auth 406s # 406s # /etc/pam.d/common-auth - authentication settings common to all services 406s # 406s # This file is included from other service-specific PAM config files, 406s # and should contain a list of the authentication modules that define 406s # the central authentication scheme for use on the system 406s # (e.g., /etc/shadow, LDAP, Kerberos, etc.). The default is to use the 406s # traditional Unix authentication mechanisms. 406s # 406s # As of pam 1.0.1-6, this file is managed by pam-auth-update by default. 406s # To take advantage of this, it is recommended that you configure any 406s # local modules either before or after the default block, and use 406s # pam-auth-update to manage selection of other modules. See 406s # pam-auth-update(8) for details. 406s 406s # here are the per-package modules (the "Primary" block) 406s auth [success=3 ignore=ignore default=die] pam_sss.so allow_missing_name require_cert_auth 406s auth [success=2 default=ignore] pam_unix.so nullok try_first_pass 406s auth [success=1 default=ignore] pam_sss.so use_first_pass 406s # here's the fallback if no module succeeds 406s auth requisite pam_deny.so 406s # prime the stack with a positive return value if there isn't one already; 406s # this avoids us returning an error just because nothing sets a success code 406s # since the modules above will each just jump around 406s auth required pam_permit.so 406s # and here are more per-package modules (the "Additional" block) 406s auth optional pam_cap.so 406s # end of pam-auth-update config 406s + echo -n -e 123456 406s + runuser -u ubuntu -- pamtester -v login ubuntu authenticate 406s pamtester: invoking pam_start(login, ubuntu, ...) 406s pamtester: performing operation - authenticate 407s PIN for Test Organization Root Tr Token: pamtester: successfully authenticated 407s + echo -n -e 123456 407s + runuser -u ubuntu -- pamtester -v login '' authenticate 407s pamtester: invoking pam_start(login, , ...) 407s pamtester: performing operation - authenticate 407s PIN for Test Organization Root Tr Token: pamtester: successfully authenticated 407s + echo -n -e wrong123456 407s + runuser -u ubuntu -- pamtester -v login ubuntu authenticate 407s pamtester: invoking pam_start(login, ubuntu, ...) 407s pamtester: performing operation - authenticate 410s PIN for Test Organization Root Tr Token: pamtester: Authentication failure 410s + echo -n -e wrong123456 410s + runuser -u ubuntu -- pamtester -v login '' authenticate 410s pamtester: invoking pam_start(login, , ...) 410s pamtester: performing operation - authenticate 413s PIN for Test Organization Root Tr Token: pamtester: Authentication failure 413s + echo -n -e 123456 413s + pamtester -v login root authenticate 413s pamtester: invoking pam_start(login, root, ...) 413s pamtester: performing operation - authenticate 416s pamtester: Authentication service cannot retrieve authentication info 416s + test_authentication login /tmp/sssd-softhsm2-certs-q7ZXKQ/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf /tmp/sssd-softhsm2-certs-q7ZXKQ/test-full-chain-CA.pem 416s + pam_service=login 416s + certificate_config=/tmp/sssd-softhsm2-certs-q7ZXKQ/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 416s + ca_db=/tmp/sssd-softhsm2-certs-q7ZXKQ/test-full-chain-CA.pem 416s + verification_options= 416s + mkdir -p -m 700 /etc/sssd 416s + echo 'Using CA DB '\''/tmp/sssd-softhsm2-certs-q7ZXKQ/test-full-chain-CA.pem'\'' with verification options: '\'''\''' 416s + cat 416s Using CA DB '/tmp/sssd-softhsm2-certs-q7ZXKQ/test-full-chain-CA.pem' with verification options: '' 416s + chmod 600 /etc/sssd/sssd.conf 416s + for path_pair in "${softhsm2_conf_paths[@]}" 416s + IFS=: 416s + read -r -a path 416s + user=ubuntu 416s + path=/home/ubuntu/.config/softhsm2/softhsm2.conf 416s ++ dirname /home/ubuntu/.config/softhsm2/softhsm2.conf 416s + runuser -u ubuntu -- mkdir -p /home/ubuntu/.config/softhsm2 416s Label: Test Organization Sub Int Token 416s + runuser -u ubuntu -- ln -sf /tmp/sssd-softhsm2-certs-q7ZXKQ/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf /home/ubuntu/.config/softhsm2/softhsm2.conf 416s + runuser -u ubuntu -- softhsm2-util --show-slots 416s + grep 'Test Organization' 416s + for path_pair in "${softhsm2_conf_paths[@]}" 416s + IFS=: 416s + read -r -a path 416s + user=root 416s + path=/etc/softhsm/softhsm2.conf 416s ++ dirname /etc/softhsm/softhsm2.conf 416s + runuser -u root -- mkdir -p /etc/softhsm 416s + runuser -u root -- ln -sf /tmp/sssd-softhsm2-certs-q7ZXKQ/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf /etc/softhsm/softhsm2.conf 416s + runuser -u root -- softhsm2-util --show-slots 416s + grep 'Test Organization' 416s Label: Test Organization Sub Int Token 416s + systemctl restart sssd 417s + pam-auth-update --disable sss-smart-card-optional sss-smart-card-required 417s + for alternative in "${alternative_pam_configs[@]}" 417s + pam-auth-update --enable sss-smart-card-optional 417s # 417s # /etc/pam.d/common-auth - authentication settings common to all services 417s # 417s # This file is included from other service-specific PAM config files, 417s # and should contain a list of the authentication modules that define 417s # the central authentication scheme for use on the system 417s # (e.g., /etc/shadow, LDAP, Kerberos, etc.). The default is to use the 417s # traditional Unix authentication mechanisms. 417s # 417s # As of pam 1.0.1-6, this file is managed by pam-auth-update by default. 417s # To take advantage of this, it is recommended that you configure any 417s # local modules either before or after the default block, and use 417s # pam-auth-update to manage selection of other modules. See 417s # pam-auth-update(8) for details. 417s 417s # here are the per-package modules (the "Primary" block) 417s auth [success=3 default=ignore] pam_sss.so allow_missing_name try_cert_auth 417s auth [success=2 default=ignore] pam_unix.so nullok try_first_pass 417s auth [success=1 default=ignore] pam_sss.so use_first_pass 417s # here's the fallback if no module succeeds 417s auth requisite pam_deny.so 417s # prime the stack with a positive return value if there isn't one already; 417s # this avoids us returning an error just because nothing sets a success code 417s # since the modules above will each just jump around 417s auth required pam_permit.so 417s # and here are more per-package modules (the "Additional" block) 417s auth optional pam_cap.so 417s # end of pam-auth-update config 417s + cat /etc/pam.d/common-auth 417s + echo -n -e 123456 417s + runuser -u ubuntu -- pamtester -v login ubuntu authenticate 417s pamtester: invoking pam_start(login, ubuntu, ...) 417s pamtester: performing operation - authenticate 417s PIN for Test Organization Sub Int Token: pamtester: successfully authenticated 417s + echo -n -e 123456 417s + runuser -u ubuntu -- pamtester -v login '' authenticate 417s pamtester: invoking pam_start(login, , ...) 417s pamtester: performing operation - authenticate 417s PIN for Test Organization Sub Int Token: pamtester: successfully authenticated 417s + echo -n -e wrong123456 417s + runuser -u ubuntu -- pamtester -v login ubuntu authenticate 417s pamtester: invoking pam_start(login, ubuntu, ...) 417s pamtester: performing operation - authenticate 420s PIN for Test Organization Sub Int Token: Password: pamtester: Authentication failure 420s + echo -n -e wrong123456 420s + runuser -u ubuntu -- pamtester -v login '' authenticate 420s pamtester: invoking pam_start(login, , ...) 420s pamtester: performing operation - authenticate 423s PIN for Test Organization Sub Int Token: Password: pamtester: Authentication failure 423s + echo -n -e 123456 423s + pamtester -v login root authenticate 423s pamtester: invoking pam_start(login, root, ...) 423s pamtester: performing operation - authenticate 427s Password: pamtester: Authentication failure 427s + for alternative in "${alternative_pam_configs[@]}" 427s + pam-auth-update --enable sss-smart-card-required 427s PAM configuration 427s ----------------- 427s 427s Incompatible PAM profiles selected. 427s 427s The following PAM profiles cannot be used together: 427s 427s SSS required smart card authentication, SSS optional smart card 427s authentication 427s 427s Please select a different set of modules to enable. 427s 427s + cat /etc/pam.d/common-auth 427s # 427s # /etc/pam.d/common-auth - authentication settings common to all services 427s # 427s # This file is included from other service-specific PAM config files, 427s # and should contain a list of the authentication modules that define 427s # the central authentication scheme for use on the system 427s # (e.g., /etc/shadow, LDAP, Kerberos, etc.). The default is to use the 427s # traditional Unix authentication mechanisms. 427s # 427s # As of pam 1.0.1-6, this file is managed by pam-auth-update by default. 427s # To take advantage of this, it is recommended that you configure any 427s # local modules either before or after the default block, and use 427s # pam-auth-update to manage selection of other modules. See 427s # pam-auth-update(8) for details. 427s 427s # here are the per-package modules (the "Primary" block) 427s auth [success=3 ignore=ignore default=die] pam_sss.so allow_missing_name require_cert_auth 427s auth [success=2 default=ignore] pam_unix.so nullok try_first_pass 427s auth [success=1 default=ignore] pam_sss.so use_first_pass 427s # here's the fallback if no module succeeds 427s auth requisite pam_deny.so 427s # prime the stack with a positive return value if there isn't one already; 427s # this avoids us returning an error just because nothing sets a success code 427s # since the modules above will each just jump around 427s auth required pam_permit.so 427s # and here are more per-package modules (the "Additional" block) 427s auth optional pam_cap.so 427s # end of pam-auth-update config 427s + echo -n -e 123456 427s + runuser -u ubuntu -- pamtester -v login ubuntu authenticate 427s pamtester: invoking pam_start(login, ubuntu, ...) 427s pamtester: performing operation - authenticate 427s PIN for Test Organization Sub Int Token: pamtester: successfully authenticated 427s + echo -n -e 123456 427s + runuser -u ubuntu -- pamtester -v login '' authenticate 427s pamtester: invoking pam_start(login, , ...) 427s pamtester: performing operation - authenticate 427s PIN for Test Organization Sub Int Token: pamtester: successfully authenticated 427s + echo -n -e wrong123456 427s + runuser -u ubuntu -- pamtester -v login ubuntu authenticate 427s pamtester: invoking pam_start(login, ubuntu, ...) 427s pamtester: performing operation - authenticate 431s PIN for Test Organization Sub Int Token: pamtester: Authentication failure 431s + echo -n -e wrong123456 431s + runuser -u ubuntu -- pamtester -v login '' authenticate 431s pamtester: invoking pam_start(login, , ...) 431s pamtester: performing operation - authenticate 434s PIN for Test Organization Sub Int Token: pamtester: Authentication failure 434s + echo -n -e 123456 434s + pamtester -v login root authenticate 434s pamtester: invoking pam_start(login, root, ...) 434s pamtester: performing operation - authenticate 438s pamtester: Authentication service cannot retrieve authentication info 438s + test_authentication login /tmp/sssd-softhsm2-certs-q7ZXKQ/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf /tmp/sssd-softhsm2-certs-q7ZXKQ/test-sub-intermediate-CA.pem partial_chain 438s + pam_service=login 438s + certificate_config=/tmp/sssd-softhsm2-certs-q7ZXKQ/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 438s + ca_db=/tmp/sssd-softhsm2-certs-q7ZXKQ/test-sub-intermediate-CA.pem 438s + verification_options=partial_chain 438s + mkdir -p -m 700 /etc/sssd 438s + echo 'Using CA DB '\''/tmp/sssd-softhsm2-certs-q7ZXKQ/test-sub-intermediate-CA.pem'\'' with verification options: '\''partial_chain'\''' 438s Using CA DB '/tmp/sssd-softhsm2-certs-q7ZXKQ/test-sub-intermediate-CA.pem' with verification options: 'partial_chain' 438s + cat 438s + chmod 600 /etc/sssd/sssd.conf 438s + for path_pair in "${softhsm2_conf_paths[@]}" 438s + IFS=: 438s + read -r -a path 438s + user=ubuntu 438s + path=/home/ubuntu/.config/softhsm2/softhsm2.conf 438s ++ dirname /home/ubuntu/.config/softhsm2/softhsm2.conf 438s + runuser -u ubuntu -- mkdir -p /home/ubuntu/.config/softhsm2 438s + runuser -u ubuntu -- ln -sf /tmp/sssd-softhsm2-certs-q7ZXKQ/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf /home/ubuntu/.config/softhsm2/softhsm2.conf 438s + runuser -u ubuntu -- softhsm2-util --show-slots 438s + grep 'Test Organization' 438s + for path_pair in "${softhsm2_conf_paths[@]}" 438s + IFS=: 438s + read -r -a path 438s + user=root 438s + path=/etc/softhsm/softhsm2.conf 438s ++ dirname /etc/softhsm/softhsm2.conf 438s + runuser -u root -- mkdir -p /etc/softhsm 438s + runuser -u root -- ln -sf /tmp/sssd-softhsm2-certs-q7ZXKQ/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf /etc/softhsm/softhsm2.conf 438s + runuser -u root -- softhsm2-util --show-slots 438s + grep 'Test Organization' 438s + systemctl restart sssd 438s Label: Test Organization Sub Int Token 438s Label: Test Organization Sub Int Token 438s + pam-auth-update --disable sss-smart-card-optional sss-smart-card-required 438s + for alternative in "${alternative_pam_configs[@]}" 438s + pam-auth-update --enable sss-smart-card-optional 438s + cat /etc/pam.d/common-auth 438s # 438s # /etc/pam.d/common-auth - authentication settings common to all services 438s # 438s # This file is included from other service-specific PAM config files, 438s # and should contain a list of the authentication modules that define 438s # the central authentication scheme for use on the system 438s # (e.g., /etc/shadow, LDAP, Kerberos, etc.). The default is to use the 438s # traditional Unix authentication mechanisms. 438s # 438s # As of pam 1.0.1-6, this file is managed by pam-auth-update by default. 438s # To take advantage of this, it is recommended that you configure any 438s # local modules either before or after the default block, and use 438s # pam-auth-update to manage selection of other modules. See 438s # pam-auth-update(8) for details. 438s 438s # here are the per-package modules (the "Primary" block) 438s auth [success=3 default=ignore] pam_sss.so allow_missing_name try_cert_auth 438s auth [success=2 default=ignore] pam_unix.so nullok try_first_pass 438s auth [success=1 default=ignore] pam_sss.so use_first_pass 438s # here's the fallback if no module succeeds 438s auth requisite pam_deny.so 438s # prime the stack with a positive return value if there isn't one already; 438s # this avoids us returning an error just because nothing sets a success code 438s # since the modules above will each just jump around 438s auth required pam_permit.so 438s # and here are more per-package modules (the "Additional" block) 438s auth optional pam_cap.so 438s # end of pam-auth-update config 438s + echo -n -e 123456 438s + runuser -u ubuntu -- pamtester -v login ubuntu authenticate 438s pamtester: invoking pam_start(login, ubuntu, ...) 438s pamtester: performing operation - authenticate 438s PIN for Test Organization Sub Int Token: pamtester: successfully authenticated 438s + echo -n -e 123456 438s + runuser -u ubuntu -- pamtester -v login '' authenticate 438s pamtester: invoking pam_start(login, , ...) 438s pamtester: performing operation - authenticate 438s PIN for Test Organization Sub Int Token: pamtester: successfully authenticated 438s + echo -n -e wrong123456 438s + runuser -u ubuntu -- pamtester -v login ubuntu authenticate 438s pamtester: invoking pam_start(login, ubuntu, ...) 438s pamtester: performing operation - authenticate 442s PIN for Test Organization Sub Int Token: Password: pamtester: Authentication failure 442s + echo -n -e wrong123456 442s + runuser -u ubuntu -- pamtester -v login '' authenticate 442s pamtester: invoking pam_start(login, , ...) 442s pamtester: performing operation - authenticate 445s PIN for Test Organization Sub Int Token: Password: pamtester: Authentication failure 445s + echo -n -e 123456 445s + pamtester -v login root authenticate 445s pamtester: invoking pam_start(login, root, ...) 445s pamtester: performing operation - authenticate 448s Password: pamtester: Authentication failure 448s + for alternative in "${alternative_pam_configs[@]}" 448s + pam-auth-update --enable sss-smart-card-required 448s PAM configuration 448s ----------------- 448s 448s Incompatible PAM profiles selected. 448s 448s The following PAM profiles cannot be used together: 448s 448s SSS required smart card authentication, SSS optional smart card 448s authentication 448s 448s Please select a different set of modules to enable. 448s 448s + cat /etc/pam.d/common-auth 448s # 448s # /etc/pam.d/common-auth - authentication settings common to all services 448s # 448s # This file is included from other service-specific PAM config files, 448s # and should contain a list of the authentication modules that define 448s # the central authentication scheme for use on the system 448s # (e.g., /etc/shadow, LDAP, Kerberos, etc.). The default is to use the 448s # traditional Unix authentication mechanisms. 448s # 448s # As of pam 1.0.1-6, this file is managed by pam-auth-update by default. 448s # To take advantage of this, it is recommended that you configure any 448s # local modules either before or after the default block, and use 448s # pam-auth-update to manage selection of other modules. See 448s # pam-auth-update(8) for details. 448s 448s # here are the per-package modules (the "Primary" block) 448s auth [success=3 ignore=ignore default=die] pam_sss.so allow_missing_name require_cert_auth 448s auth [success=2 default=ignore] pam_unix.so nullok try_first_pass 448s auth [success=1 default=ignore] pam_sss.so use_first_pass 448s # here's the fallback if no module succeeds 448s auth requisite pam_deny.so 448s # prime the stack with a positive return value if there isn't one already; 448s # this avoids us returning an error just because nothing sets a success code 448s # since the modules above will each just jump around 448s auth required pam_permit.so 448s # and here are more per-package modules (the "Additional" block) 448s auth optional pam_cap.so 448s # end of pam-auth-update config 448s + echo -n -e 123456 448s + runuser -u ubuntu -- pamtester -v login ubuntu authenticate 448s pamtester: invoking pam_start(login, ubuntu, ...) 448s pamtester: performing operation - authenticate 448s PIN for Test Organization Sub Int Token: pamtester: successfully authenticated 448s + echo -n -e 123456 448s + runuser -u ubuntu -- pamtester -v login '' authenticate 448s pamtester: invoking pam_start(login, , ...) 448s pamtester: performing operation - authenticate 448s PIN for Test Organization Sub Int Token: pamtester: successfully authenticated 449s + echo -n -e wrong123456 449s + runuser -u ubuntu -- pamtester -v login ubuntu authenticate 449s pamtester: invoking pam_start(login, ubuntu, ...) 449s pamtester: performing operation - authenticate 451s PIN for Test Organization Sub Int Token: pamtester: Authentication failure 451s + echo -n -e wrong123456 451s + runuser -u ubuntu -- pamtester -v login '' authenticate 451s pamtester: invoking pam_start(login, , ...) 451s pamtester: performing operation - authenticate 454s PIN for Test Organization Sub Int Token: pamtester: Authentication failure 454s + echo -n -e 123456 454s + pamtester -v login root authenticate 454s pamtester: invoking pam_start(login, root, ...) 454s pamtester: performing operation - authenticate 457s pamtester: Authentication service cannot retrieve authentication info 457s + handle_exit 457s + exit_code=0 457s + restore_changes 457s + for path in "${restore_paths[@]}" 457s + local original_path 457s ++ realpath --strip --relative-base=/tmp/sssd-softhsm2-backups-Nex2HA /tmp/sssd-softhsm2-backups-Nex2HA//etc/softhsm/softhsm2.conf 457s + original_path=/etc/softhsm/softhsm2.conf 457s + rm /etc/softhsm/softhsm2.conf 457s + mv /tmp/sssd-softhsm2-backups-Nex2HA//etc/softhsm/softhsm2.conf /etc/softhsm/softhsm2.conf 457s + for path in "${delete_paths[@]}" 457s + rm -f /etc/sssd/sssd.conf 457s + for path in "${delete_paths[@]}" 457s + rm -f /home/ubuntu/.config/softhsm2/softhsm2.conf 457s + pam-auth-update --disable sss-smart-card-optional sss-smart-card-required 457s + '[' -e /etc/sssd/sssd.conf ']' 457s + systemctl stop sssd 457s + '[' -e /etc/softhsm/softhsm2.conf ']' 457s + chmod 600 /etc/softhsm/softhsm2.conf 457s + rm -rf /tmp/sssd-softhsm2-certs-q7ZXKQ 457s + '[' 0 = 0 ']' 457s + rm -rf /tmp/sssd-softhsm2-backups-Nex2HA 457s + set +x 457s Script completed successfully! 458s autopkgtest [00:38:26]: test sssd-smart-card-pam-auth-configs: -----------------------] 458s sssd-smart-card-pam-auth-configs PASS 458s autopkgtest [00:38:26]: test sssd-smart-card-pam-auth-configs: - - - - - - - - - - results - - - - - - - - - - 459s autopkgtest [00:38:27]: @@@@@@@@@@@@@@@@@@@@ summary 459s ldap-user-group-ldap-auth PASS 459s ldap-user-group-krb5-auth PASS 459s sssd-softhism2-certificates-tests.sh PASS 459s sssd-smart-card-pam-auth-configs PASS 470s Creating nova instance adt-noble-s390x-sssd-20240322-003047-juju-7f2275-prod-proposed-migration-environment-3 from image adt/ubuntu-noble-s390x-server-20240321.img (UUID f7ee8f0f-480f-4014-94f0-3be2a19e259d)... 470s Creating nova instance adt-noble-s390x-sssd-20240322-003047-juju-7f2275-prod-proposed-migration-environment-3 from image adt/ubuntu-noble-s390x-server-20240321.img (UUID f7ee8f0f-480f-4014-94f0-3be2a19e259d)...