0s autopkgtest [21:32:47]: starting date and time: 2024-03-23 21:32:47+0000 0s autopkgtest [21:32:47]: git checkout: 4a1cd702 l/adt_testbed: don't blame the testbed for unsolvable build deps 0s autopkgtest [21:32:47]: host juju-7f2275-prod-proposed-migration-environment-2; command line: /home/ubuntu/autopkgtest/runner/autopkgtest --output-dir /tmp/autopkgtest-work._j39nwc_/out --timeout-copy=6000 --setup-commands /home/ubuntu/autopkgtest-cloud/worker-config-production/setup-canonical.sh --setup-commands /home/ubuntu/autopkgtest/setup-commands/setup-testbed --apt-pocket=proposed=src:samba,src:cups,src:db5.3,src:gnutls28,src:gpgme1.0,src:libarchive,src:libtirpc,src:nettle,src:openssl,src:python3.12,src:readline,src:sssd,src:tevent --apt-upgrade sssd --timeout-short=300 --timeout-copy=20000 --timeout-build=20000 '--env=ADT_TEST_TRIGGERS=samba/2:4.19.5+dfsg-4ubuntu7 cups/2.4.7-1.2ubuntu1 db5.3/5.3.28+dfsg2-6 gnutls28/3.8.3-1.1ubuntu2 gpgme1.0/1.18.0-4.1ubuntu3 libarchive/3.7.2-1.1ubuntu2 libtirpc/1.3.4+ds-1.1 nettle/3.9.1-2.2 openssl/3.0.13-0ubuntu2 python3.12/3.12.2-4build3 readline/8.2-4 sssd/2.9.4-1.1ubuntu3 tevent/0.16.1-2' -- ssh -s /home/ubuntu/autopkgtest/ssh-setup/nova -- --flavor autopkgtest --security-groups autopkgtest-juju-7f2275-prod-proposed-migration-environment-2@bos02-s390x-9.secgroup --name adt-noble-s390x-sssd-20240323-213247-juju-7f2275-prod-proposed-migration-environment-2 --image adt/ubuntu-noble-s390x-server --keyname testbed-juju-7f2275-prod-proposed-migration-environment-2 --net-id=net_prod-proposed-migration -e TERM=linux -e ''"'"'http_proxy=http://squid.internal:3128'"'"'' -e ''"'"'https_proxy=http://squid.internal:3128'"'"'' -e ''"'"'no_proxy=127.0.0.1,127.0.1.1,login.ubuntu.com,localhost,localdomain,novalocal,internal,archive.ubuntu.com,ports.ubuntu.com,security.ubuntu.com,ddebs.ubuntu.com,changelogs.ubuntu.com,launchpadlibrarian.net,launchpadcontent.net,launchpad.net,10.24.0.0/24,keystone.ps5.canonical.com,objectstorage.prodstack5.canonical.com'"'"'' --mirror=http://ftpmaster.internal/ubuntu/ 129s autopkgtest [21:34:56]: testbed dpkg architecture: s390x 129s autopkgtest [21:34:56]: testbed apt version: 2.7.12 129s autopkgtest [21:34:56]: @@@@@@@@@@@@@@@@@@@@ test bed setup 130s Get:1 http://ftpmaster.internal/ubuntu noble-proposed InRelease [117 kB] 130s Get:2 http://ftpmaster.internal/ubuntu noble-proposed/restricted Sources [6540 B] 130s Get:3 http://ftpmaster.internal/ubuntu noble-proposed/universe Sources [3975 kB] 133s Get:4 http://ftpmaster.internal/ubuntu noble-proposed/main Sources [495 kB] 134s Get:5 http://ftpmaster.internal/ubuntu noble-proposed/multiverse Sources [56.9 kB] 134s Get:6 http://ftpmaster.internal/ubuntu noble-proposed/main s390x Packages [652 kB] 134s Get:7 http://ftpmaster.internal/ubuntu noble-proposed/main s390x c-n-f Metadata [3032 B] 134s Get:8 http://ftpmaster.internal/ubuntu noble-proposed/restricted s390x Packages [1372 B] 134s Get:9 http://ftpmaster.internal/ubuntu noble-proposed/restricted s390x c-n-f Metadata [116 B] 134s Get:10 http://ftpmaster.internal/ubuntu noble-proposed/universe s390x Packages [4172 kB] 138s Get:11 http://ftpmaster.internal/ubuntu noble-proposed/universe s390x c-n-f Metadata [7292 B] 138s Get:12 http://ftpmaster.internal/ubuntu noble-proposed/multiverse s390x Packages [46.8 kB] 138s Get:13 http://ftpmaster.internal/ubuntu noble-proposed/multiverse s390x c-n-f Metadata [116 B] 140s Fetched 9533 kB in 9s (1021 kB/s) 140s Reading package lists... 142s Reading package lists... 142s Building dependency tree... 142s Reading state information... 143s Calculating upgrade... 143s The following packages will be REMOVED: 143s libreadline8 libssl3 143s The following NEW packages will be installed: 143s libreadline8t64 libssl3t64 143s The following packages have been kept back: 143s libpython3.12-minimal libpython3.12-stdlib python3.12 python3.12-minimal 143s The following packages will be upgraded: 143s libtirpc-common openssl readline-common 143s 3 upgraded, 2 newly installed, 2 to remove and 4 not upgraded. 143s Need to get 2919 kB of archives. 143s After this operation, 257 kB of additional disk space will be used. 143s Get:1 http://ftpmaster.internal/ubuntu noble-proposed/main s390x readline-common all 8.2-4 [56.4 kB] 143s Get:2 http://ftpmaster.internal/ubuntu noble-proposed/main s390x libreadline8t64 s390x 8.2-4 [170 kB] 143s Get:3 http://ftpmaster.internal/ubuntu noble-proposed/main s390x openssl s390x 3.0.13-0ubuntu2 [1010 kB] 143s Get:4 http://ftpmaster.internal/ubuntu noble-proposed/main s390x libssl3t64 s390x 3.0.13-0ubuntu2 [1675 kB] 143s Get:5 http://ftpmaster.internal/ubuntu noble-proposed/main s390x libtirpc-common all 1.3.4+ds-1.1 [8018 B] 144s Fetched 2919 kB in 1s (3884 kB/s) 144s (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 52170 files and directories currently installed.) 144s Preparing to unpack .../readline-common_8.2-4_all.deb ... 144s Unpacking readline-common (8.2-4) over (8.2-3) ... 144s dpkg: libreadline8:s390x: dependency problems, but removing anyway as you requested: 144s parted depends on libreadline8 (>= 6.0). 144s libpython3.12-stdlib:s390x depends on libreadline8 (>= 7.0~beta). 144s libpython3.11-stdlib:s390x depends on libreadline8 (>= 7.0~beta). 144s gpgsm depends on libreadline8 (>= 6.0). 144s gpgconf depends on libreadline8 (>= 6.0). 144s gpg depends on libreadline8 (>= 6.0). 144s gawk depends on libreadline8 (>= 6.0). 144s fdisk depends on libreadline8 (>= 6.0). 144s 144s (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 52170 files and directories currently installed.) 144s Removing libreadline8:s390x (8.2-3) ... 144s Selecting previously unselected package libreadline8t64:s390x. 144s (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 52158 files and directories currently installed.) 144s Preparing to unpack .../libreadline8t64_8.2-4_s390x.deb ... 144s Adding 'diversion of /lib/s390x-linux-gnu/libhistory.so.8 to /lib/s390x-linux-gnu/libhistory.so.8.usr-is-merged by libreadline8t64' 144s Adding 'diversion of /lib/s390x-linux-gnu/libhistory.so.8.2 to /lib/s390x-linux-gnu/libhistory.so.8.2.usr-is-merged by libreadline8t64' 144s Adding 'diversion of /lib/s390x-linux-gnu/libreadline.so.8 to /lib/s390x-linux-gnu/libreadline.so.8.usr-is-merged by libreadline8t64' 144s Adding 'diversion of /lib/s390x-linux-gnu/libreadline.so.8.2 to /lib/s390x-linux-gnu/libreadline.so.8.2.usr-is-merged by libreadline8t64' 144s Unpacking libreadline8t64:s390x (8.2-4) ... 144s Preparing to unpack .../openssl_3.0.13-0ubuntu2_s390x.deb ... 144s Unpacking openssl (3.0.13-0ubuntu2) over (3.0.10-1ubuntu4) ... 144s dpkg: libssl3:s390x: dependency problems, but removing anyway as you requested: 144s wget depends on libssl3 (>= 3.0.0). 144s tnftp depends on libssl3 (>= 3.0.0). 144s tcpdump depends on libssl3 (>= 3.0.0). 144s systemd-resolved depends on libssl3 (>= 3.0.0). 144s systemd depends on libssl3 (>= 3.0.0). 144s sudo depends on libssl3 (>= 3.0.0). 144s s390-tools depends on libssl3 (>= 3.0.0). 144s rsync depends on libssl3 (>= 3.0.0). 144s python3-cryptography depends on libssl3 (>= 3.0.0). 144s openssh-server depends on libssl3 (>= 3.0.10). 144s openssh-client depends on libssl3 (>= 3.0.10). 144s linux-headers-6.8.0-11-generic depends on libssl3 (>= 3.0.0). 144s libsystemd-shared:s390x depends on libssl3 (>= 3.0.0). 144s libssh-4:s390x depends on libssl3 (>= 3.0.0). 144s libsasl2-modules:s390x depends on libssl3 (>= 3.0.0). 144s libsasl2-2:s390x depends on libssl3 (>= 3.0.0). 144s libpython3.12-minimal:s390x depends on libssl3 (>= 3.0.0). 144s libpython3.11-minimal:s390x depends on libssl3 (>= 3.0.0). 144s libnvme1 depends on libssl3 (>= 3.0.0). 144s libkrb5-3:s390x depends on libssl3 (>= 3.0.0). 144s libkmod2:s390x depends on libssl3 (>= 3.0.0). 144s libfido2-1:s390x depends on libssl3 (>= 3.0.0). 144s libcurl4:s390x depends on libssl3 (>= 3.0.0). 144s libcryptsetup12:s390x depends on libssl3 (>= 3.0.0). 144s kmod depends on libssl3 (>= 3.0.0). 144s dhcpcd-base depends on libssl3 (>= 3.0.0). 144s bind9-libs:s390x depends on libssl3 (>= 3.0.0). 144s 144s (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 52178 files and directories currently installed.) 144s Removing libssl3:s390x (3.0.10-1ubuntu4) ... 144s Selecting previously unselected package libssl3t64:s390x. 144s (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 52167 files and directories currently installed.) 144s Preparing to unpack .../libssl3t64_3.0.13-0ubuntu2_s390x.deb ... 144s Unpacking libssl3t64:s390x (3.0.13-0ubuntu2) ... 144s Preparing to unpack .../libtirpc-common_1.3.4+ds-1.1_all.deb ... 144s Unpacking libtirpc-common (1.3.4+ds-1.1) over (1.3.4+ds-1build1) ... 144s Setting up libssl3t64:s390x (3.0.13-0ubuntu2) ... 144s Setting up libtirpc-common (1.3.4+ds-1.1) ... 144s Setting up openssl (3.0.13-0ubuntu2) ... 144s Setting up readline-common (8.2-4) ... 144s Setting up libreadline8t64:s390x (8.2-4) ... 144s Processing triggers for libc-bin (2.39-0ubuntu6) ... 144s Processing triggers for man-db (2.12.0-3) ... 145s Processing triggers for install-info (7.1-3) ... 145s Reading package lists... 145s Building dependency tree... 145s Reading state information... 145s 0 upgraded, 0 newly installed, 0 to remove and 4 not upgraded. 146s Unknown architecture, assuming PC-style ttyS0 146s sh: Attempting to set up Debian/Ubuntu apt sources automatically 146s sh: Distribution appears to be Ubuntu 146s Reading package lists... 147s Building dependency tree... 147s Reading state information... 147s eatmydata is already the newest version (131-1). 147s 0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded. 147s Reading package lists... 147s Building dependency tree... 147s Reading state information... 147s dbus is already the newest version (1.14.10-4ubuntu1). 147s 0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded. 147s Reading package lists... 147s Building dependency tree... 147s Reading state information... 147s rng-tools-debian is already the newest version (2.4). 147s 0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded. 148s Reading package lists... 148s Building dependency tree... 148s Reading state information... 148s The following packages will be REMOVED: 148s cloud-init* python3-configobj* python3-debconf* 148s 0 upgraded, 0 newly installed, 3 to remove and 0 not upgraded. 148s After this operation, 3256 kB disk space will be freed. 148s (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 52180 files and directories currently installed.) 148s Removing cloud-init (24.1.2-0ubuntu1) ... 148s Removing python3-configobj (5.0.8-3) ... 148s Removing python3-debconf (1.5.86) ... 149s Processing triggers for man-db (2.12.0-3) ... 149s (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 51791 files and directories currently installed.) 149s Purging configuration files for cloud-init (24.1.2-0ubuntu1) ... 149s dpkg: warning: while removing cloud-init, directory '/etc/cloud/cloud.cfg.d' not empty so not removed 149s Processing triggers for rsyslog (8.2312.0-3ubuntu3) ... 149s invoke-rc.d: policy-rc.d denied execution of try-restart. 150s Reading package lists... 150s Building dependency tree... 150s Reading state information... 150s linux-generic is already the newest version (6.8.0-11.11+1). 150s 0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded. 150s Hit:1 http://ftpmaster.internal/ubuntu noble InRelease 150s Hit:2 http://ftpmaster.internal/ubuntu noble-updates InRelease 150s Hit:3 http://ftpmaster.internal/ubuntu noble-security InRelease 152s Reading package lists... 152s Reading package lists... 152s Building dependency tree... 152s Reading state information... 152s Calculating upgrade... 152s 0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded. 153s Reading package lists... 153s Building dependency tree... 153s Reading state information... 153s 0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded. 153s autopkgtest [21:35:20]: rebooting testbed after setup commands that affected boot 172s autopkgtest [21:35:39]: testbed running kernel: Linux 6.8.0-11-generic #11-Ubuntu SMP Tue Feb 13 23:45:46 UTC 2024 175s autopkgtest [21:35:42]: @@@@@@@@@@@@@@@@@@@@ apt-source sssd 193s Get:1 http://ftpmaster.internal/ubuntu noble/main sssd 2.9.4-1ubuntu1 (dsc) [5269 B] 193s Get:2 http://ftpmaster.internal/ubuntu noble/main sssd 2.9.4-1ubuntu1 (tar) [7983 kB] 193s Get:3 http://ftpmaster.internal/ubuntu noble/main sssd 2.9.4-1ubuntu1 (asc) [833 B] 193s Get:4 http://ftpmaster.internal/ubuntu noble/main sssd 2.9.4-1ubuntu1 (diff) [48.4 kB] 193s gpgv: Signature made Mon Feb 26 21:56:54 2024 UTC 193s gpgv: using RSA key E92FD0B36B14F1F4D8E0EB2F106DA1C8C3CBBF14 193s gpgv: Can't check signature: No public key 193s dpkg-source: warning: cannot verify inline signature for ./sssd_2.9.4-1ubuntu1.dsc: no acceptable signature found 194s autopkgtest [21:36:01]: testing package sssd version 2.9.4-1ubuntu1 194s autopkgtest [21:36:01]: build not needed 213s autopkgtest [21:36:20]: test ldap-user-group-ldap-auth: preparing testbed 227s Reading package lists... 228s Building dependency tree... 228s Reading state information... 228s Starting pkgProblemResolver with broken count: 0 228s Starting 2 pkgProblemResolver with broken count: 0 228s Done 228s The following additional packages will be installed: 228s expect ldap-utils libavahi-client3 libavahi-common-data libavahi-common3 228s libbasicobjects0 libc-ares2 libcollection4 libcrack2 libdhash1 228s libevent-2.1-7 libini-config5 libipa-hbac-dev libipa-hbac0 libjose0 libkrad0 228s libldb2 libltdl7 libnfsidmap1 libnss-sss libnss-sudo libodbc2 228s libpam-pwquality libpam-sss libpath-utils1 libpwquality-common libpwquality1 228s libref-array1 libsmbclient libsss-certmap-dev libsss-certmap0 228s libsss-idmap-dev libsss-idmap0 libsss-nss-idmap-dev libsss-nss-idmap0 228s libsss-sudo libtalloc2 libtcl8.6 libtdb1 libtevent0 libverto-libevent1 228s libverto1 libwbclient0 python3-libipa-hbac python3-libsss-nss-idmap 228s python3-sss samba-libs slapd sssd sssd-ad sssd-ad-common sssd-common 228s sssd-dbus sssd-idp sssd-ipa sssd-kcm sssd-krb5 sssd-krb5-common sssd-ldap 228s sssd-passkey sssd-proxy sssd-tools tcl-expect tcl8.6 228s Suggested packages: 228s tk8.6 libsasl2-modules-gssapi-mit | libsasl2-modules-gssapi-heimdal 228s odbc-postgresql tdsodbc adcli libsasl2-modules-ldap tcl-tclreadline 228s Recommended packages: 228s cracklib-runtime libsasl2-modules-gssapi-mit 228s | libsasl2-modules-gssapi-heimdal 228s The following NEW packages will be installed: 228s autopkgtest-satdep expect ldap-utils libavahi-client3 libavahi-common-data 228s libavahi-common3 libbasicobjects0 libc-ares2 libcollection4 libcrack2 228s libdhash1 libevent-2.1-7 libini-config5 libipa-hbac-dev libipa-hbac0 228s libjose0 libkrad0 libldb2 libltdl7 libnfsidmap1 libnss-sss libnss-sudo 228s libodbc2 libpam-pwquality libpam-sss libpath-utils1 libpwquality-common 228s libpwquality1 libref-array1 libsmbclient libsss-certmap-dev libsss-certmap0 228s libsss-idmap-dev libsss-idmap0 libsss-nss-idmap-dev libsss-nss-idmap0 228s libsss-sudo libtalloc2 libtcl8.6 libtdb1 libtevent0 libverto-libevent1 228s libverto1 libwbclient0 python3-libipa-hbac python3-libsss-nss-idmap 228s python3-sss samba-libs slapd sssd sssd-ad sssd-ad-common sssd-common 228s sssd-dbus sssd-idp sssd-ipa sssd-kcm sssd-krb5 sssd-krb5-common sssd-ldap 228s sssd-passkey sssd-proxy sssd-tools tcl-expect tcl8.6 228s 0 upgraded, 65 newly installed, 0 to remove and 0 not upgraded. 228s Need to get 12.9 MB/12.9 MB of archives. 228s After this operation, 50.0 MB of additional disk space will be used. 228s Get:1 /tmp/autopkgtest.3GCwZq/1-autopkgtest-satdep.deb autopkgtest-satdep s390x 0 [864 B] 228s Get:2 http://ftpmaster.internal/ubuntu noble/main s390x libltdl7 s390x 2.4.7-7 [41.6 kB] 228s Get:3 http://ftpmaster.internal/ubuntu noble/main s390x libodbc2 s390x 2.3.12-1 [164 kB] 229s Get:4 http://ftpmaster.internal/ubuntu noble/main s390x slapd s390x 2.6.7+dfsg-1~exp1ubuntu1 [1617 kB] 229s Get:5 http://ftpmaster.internal/ubuntu noble/main s390x libtcl8.6 s390x 8.6.13+dfsg-2 [948 kB] 229s Get:6 http://ftpmaster.internal/ubuntu noble/main s390x tcl8.6 s390x 8.6.13+dfsg-2 [14.7 kB] 229s Get:7 http://ftpmaster.internal/ubuntu noble/universe s390x tcl-expect s390x 5.45.4-2build1 [99.7 kB] 230s Get:8 http://ftpmaster.internal/ubuntu noble/universe s390x expect s390x 5.45.4-2build1 [137 kB] 230s Get:9 http://ftpmaster.internal/ubuntu noble/main s390x ldap-utils s390x 2.6.7+dfsg-1~exp1ubuntu1 [165 kB] 230s Get:10 http://ftpmaster.internal/ubuntu noble/main s390x libavahi-common-data s390x 0.8-13ubuntu2 [29.5 kB] 230s Get:11 http://ftpmaster.internal/ubuntu noble/main s390x libavahi-common3 s390x 0.8-13ubuntu2 [23.8 kB] 230s Get:12 http://ftpmaster.internal/ubuntu noble/main s390x libavahi-client3 s390x 0.8-13ubuntu2 [26.7 kB] 230s Get:13 http://ftpmaster.internal/ubuntu noble/main s390x libcrack2 s390x 2.9.6-5.1 [29.6 kB] 230s Get:14 http://ftpmaster.internal/ubuntu noble/main s390x libevent-2.1-7 s390x 2.1.12-stable-9 [144 kB] 230s Get:15 http://ftpmaster.internal/ubuntu noble/universe s390x libjose0 s390x 11-3 [45.2 kB] 230s Get:16 http://ftpmaster.internal/ubuntu noble/main s390x libverto-libevent1 s390x 0.3.1-1ubuntu5 [5810 B] 230s Get:17 http://ftpmaster.internal/ubuntu noble/main s390x libverto1 s390x 0.3.1-1ubuntu5 [10.6 kB] 230s Get:18 http://ftpmaster.internal/ubuntu noble/main s390x libkrad0 s390x 1.20.1-5build1 [22.0 kB] 230s Get:19 http://ftpmaster.internal/ubuntu noble/main s390x libtalloc2 s390x 2.4.2-1 [28.3 kB] 230s Get:20 http://ftpmaster.internal/ubuntu noble/main s390x libtdb1 s390x 1.4.10-1 [49.9 kB] 230s Get:21 http://ftpmaster.internal/ubuntu noble/main s390x libtevent0 s390x 0.16.1-1 [43.1 kB] 230s Get:22 http://ftpmaster.internal/ubuntu noble/main s390x libldb2 s390x 2:2.8.0+samba4.19.5+dfsg-1ubuntu1 [191 kB] 230s Get:23 http://ftpmaster.internal/ubuntu noble/main s390x libnfsidmap1 s390x 1:2.6.3-3ubuntu1 [49.0 kB] 230s Get:24 http://ftpmaster.internal/ubuntu noble/universe s390x libnss-sudo all 1.9.15p5-3ubuntu1 [14.9 kB] 230s Get:25 http://ftpmaster.internal/ubuntu noble/main s390x libpwquality-common all 1.4.5-3 [7658 B] 230s Get:26 http://ftpmaster.internal/ubuntu noble/main s390x libpwquality1 s390x 1.4.5-3 [14.7 kB] 230s Get:27 http://ftpmaster.internal/ubuntu noble/main s390x libpam-pwquality s390x 1.4.5-3 [11.6 kB] 230s Get:28 http://ftpmaster.internal/ubuntu noble/main s390x libwbclient0 s390x 2:4.19.5+dfsg-1ubuntu1 [70.3 kB] 230s Get:29 http://ftpmaster.internal/ubuntu noble/main s390x samba-libs s390x 2:4.19.5+dfsg-1ubuntu1 [6231 kB] 232s Get:30 http://ftpmaster.internal/ubuntu noble/main s390x libnss-sss s390x 2.9.4-1ubuntu1 [32.6 kB] 232s Get:31 http://ftpmaster.internal/ubuntu noble/main s390x libpam-sss s390x 2.9.4-1ubuntu1 [51.9 kB] 232s Get:32 http://ftpmaster.internal/ubuntu noble/main s390x python3-sss s390x 2.9.4-1ubuntu1 [46.6 kB] 232s Get:33 http://ftpmaster.internal/ubuntu noble/main s390x libc-ares2 s390x 1.27.0-1 [79.2 kB] 232s Get:34 http://ftpmaster.internal/ubuntu noble/main s390x libdhash1 s390x 0.6.2-2 [8648 B] 232s Get:35 http://ftpmaster.internal/ubuntu noble/main s390x libbasicobjects0 s390x 0.6.2-2 [5476 B] 232s Get:36 http://ftpmaster.internal/ubuntu noble/main s390x libcollection4 s390x 0.6.2-2 [23.2 kB] 232s Get:37 http://ftpmaster.internal/ubuntu noble/main s390x libpath-utils1 s390x 0.6.2-2 [8994 B] 232s Get:38 http://ftpmaster.internal/ubuntu noble/main s390x libref-array1 s390x 0.6.2-2 [6880 B] 232s Get:39 http://ftpmaster.internal/ubuntu noble/main s390x libini-config5 s390x 0.6.2-2 [45.3 kB] 232s Get:40 http://ftpmaster.internal/ubuntu noble/main s390x libsss-certmap0 s390x 2.9.4-1ubuntu1 [46.7 kB] 232s Get:41 http://ftpmaster.internal/ubuntu noble/main s390x libsss-idmap0 s390x 2.9.4-1ubuntu1 [22.1 kB] 232s Get:42 http://ftpmaster.internal/ubuntu noble/main s390x libsss-nss-idmap0 s390x 2.9.4-1ubuntu1 [31.4 kB] 232s Get:43 http://ftpmaster.internal/ubuntu noble/main s390x sssd-common s390x 2.9.4-1ubuntu1 [1125 kB] 233s Get:44 http://ftpmaster.internal/ubuntu noble/universe s390x sssd-idp s390x 2.9.4-1ubuntu1 [27.3 kB] 233s Get:45 http://ftpmaster.internal/ubuntu noble/universe s390x sssd-passkey s390x 2.9.4-1ubuntu1 [32.3 kB] 233s Get:46 http://ftpmaster.internal/ubuntu noble/main s390x sssd-ad-common s390x 2.9.4-1ubuntu1 [74.8 kB] 233s Get:47 http://ftpmaster.internal/ubuntu noble/main s390x sssd-krb5-common s390x 2.9.4-1ubuntu1 [90.3 kB] 233s Get:48 http://ftpmaster.internal/ubuntu noble/main s390x libsmbclient s390x 2:4.19.5+dfsg-1ubuntu1 [65.1 kB] 233s Get:49 http://ftpmaster.internal/ubuntu noble/main s390x sssd-ad s390x 2.9.4-1ubuntu1 [133 kB] 233s Get:50 http://ftpmaster.internal/ubuntu noble/main s390x libipa-hbac0 s390x 2.9.4-1ubuntu1 [16.8 kB] 233s Get:51 http://ftpmaster.internal/ubuntu noble/main s390x sssd-ipa s390x 2.9.4-1ubuntu1 [215 kB] 233s Get:52 http://ftpmaster.internal/ubuntu noble/main s390x sssd-krb5 s390x 2.9.4-1ubuntu1 [14.4 kB] 233s Get:53 http://ftpmaster.internal/ubuntu noble/main s390x sssd-ldap s390x 2.9.4-1ubuntu1 [31.0 kB] 233s Get:54 http://ftpmaster.internal/ubuntu noble/main s390x sssd-proxy s390x 2.9.4-1ubuntu1 [43.9 kB] 233s Get:55 http://ftpmaster.internal/ubuntu noble/main s390x sssd s390x 2.9.4-1ubuntu1 [4120 B] 233s Get:56 http://ftpmaster.internal/ubuntu noble/main s390x sssd-dbus s390x 2.9.4-1ubuntu1 [101 kB] 233s Get:57 http://ftpmaster.internal/ubuntu noble/universe s390x sssd-kcm s390x 2.9.4-1ubuntu1 [137 kB] 233s Get:58 http://ftpmaster.internal/ubuntu noble/main s390x sssd-tools s390x 2.9.4-1ubuntu1 [97.6 kB] 233s Get:59 http://ftpmaster.internal/ubuntu noble/main s390x libipa-hbac-dev s390x 2.9.4-1ubuntu1 [6660 B] 233s Get:60 http://ftpmaster.internal/ubuntu noble/main s390x libsss-certmap-dev s390x 2.9.4-1ubuntu1 [5734 B] 233s Get:61 http://ftpmaster.internal/ubuntu noble/main s390x libsss-idmap-dev s390x 2.9.4-1ubuntu1 [8376 B] 233s Get:62 http://ftpmaster.internal/ubuntu noble/main s390x libsss-nss-idmap-dev s390x 2.9.4-1ubuntu1 [6708 B] 233s Get:63 http://ftpmaster.internal/ubuntu noble/universe s390x libsss-sudo s390x 2.9.4-1ubuntu1 [21.3 kB] 233s Get:64 http://ftpmaster.internal/ubuntu noble/universe s390x python3-libipa-hbac s390x 2.9.4-1ubuntu1 [16.9 kB] 233s Get:65 http://ftpmaster.internal/ubuntu noble/universe s390x python3-libsss-nss-idmap s390x 2.9.4-1ubuntu1 [9140 B] 234s Preconfiguring packages ... 234s Fetched 12.9 MB in 5s (2441 kB/s) 234s Selecting previously unselected package libltdl7:s390x. 234s (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 51736 files and directories currently installed.) 234s Preparing to unpack .../00-libltdl7_2.4.7-7_s390x.deb ... 234s Unpacking libltdl7:s390x (2.4.7-7) ... 234s Selecting previously unselected package libodbc2:s390x. 234s Preparing to unpack .../01-libodbc2_2.3.12-1_s390x.deb ... 234s Unpacking libodbc2:s390x (2.3.12-1) ... 234s Selecting previously unselected package slapd. 234s Preparing to unpack .../02-slapd_2.6.7+dfsg-1~exp1ubuntu1_s390x.deb ... 234s Unpacking slapd (2.6.7+dfsg-1~exp1ubuntu1) ... 234s Selecting previously unselected package libtcl8.6:s390x. 234s Preparing to unpack .../03-libtcl8.6_8.6.13+dfsg-2_s390x.deb ... 234s Unpacking libtcl8.6:s390x (8.6.13+dfsg-2) ... 234s Selecting previously unselected package tcl8.6. 234s Preparing to unpack .../04-tcl8.6_8.6.13+dfsg-2_s390x.deb ... 234s Unpacking tcl8.6 (8.6.13+dfsg-2) ... 234s Selecting previously unselected package tcl-expect:s390x. 234s Preparing to unpack .../05-tcl-expect_5.45.4-2build1_s390x.deb ... 234s Unpacking tcl-expect:s390x (5.45.4-2build1) ... 234s Selecting previously unselected package expect. 234s Preparing to unpack .../06-expect_5.45.4-2build1_s390x.deb ... 234s Unpacking expect (5.45.4-2build1) ... 234s Selecting previously unselected package ldap-utils. 234s Preparing to unpack .../07-ldap-utils_2.6.7+dfsg-1~exp1ubuntu1_s390x.deb ... 234s Unpacking ldap-utils (2.6.7+dfsg-1~exp1ubuntu1) ... 234s Selecting previously unselected package libavahi-common-data:s390x. 234s Preparing to unpack .../08-libavahi-common-data_0.8-13ubuntu2_s390x.deb ... 234s Unpacking libavahi-common-data:s390x (0.8-13ubuntu2) ... 234s Selecting previously unselected package libavahi-common3:s390x. 234s Preparing to unpack .../09-libavahi-common3_0.8-13ubuntu2_s390x.deb ... 234s Unpacking libavahi-common3:s390x (0.8-13ubuntu2) ... 234s Selecting previously unselected package libavahi-client3:s390x. 234s Preparing to unpack .../10-libavahi-client3_0.8-13ubuntu2_s390x.deb ... 234s Unpacking libavahi-client3:s390x (0.8-13ubuntu2) ... 234s Selecting previously unselected package libcrack2:s390x. 234s Preparing to unpack .../11-libcrack2_2.9.6-5.1_s390x.deb ... 234s Unpacking libcrack2:s390x (2.9.6-5.1) ... 234s Selecting previously unselected package libevent-2.1-7:s390x. 234s Preparing to unpack .../12-libevent-2.1-7_2.1.12-stable-9_s390x.deb ... 234s Unpacking libevent-2.1-7:s390x (2.1.12-stable-9) ... 234s Selecting previously unselected package libjose0:s390x. 234s Preparing to unpack .../13-libjose0_11-3_s390x.deb ... 234s Unpacking libjose0:s390x (11-3) ... 234s Selecting previously unselected package libverto-libevent1:s390x. 234s Preparing to unpack .../14-libverto-libevent1_0.3.1-1ubuntu5_s390x.deb ... 234s Unpacking libverto-libevent1:s390x (0.3.1-1ubuntu5) ... 234s Selecting previously unselected package libverto1:s390x. 234s Preparing to unpack .../15-libverto1_0.3.1-1ubuntu5_s390x.deb ... 234s Unpacking libverto1:s390x (0.3.1-1ubuntu5) ... 234s Selecting previously unselected package libkrad0:s390x. 234s Preparing to unpack .../16-libkrad0_1.20.1-5build1_s390x.deb ... 234s Unpacking libkrad0:s390x (1.20.1-5build1) ... 234s Selecting previously unselected package libtalloc2:s390x. 234s Preparing to unpack .../17-libtalloc2_2.4.2-1_s390x.deb ... 234s Unpacking libtalloc2:s390x (2.4.2-1) ... 234s Selecting previously unselected package libtdb1:s390x. 234s Preparing to unpack .../18-libtdb1_1.4.10-1_s390x.deb ... 234s Unpacking libtdb1:s390x (1.4.10-1) ... 234s Selecting previously unselected package libtevent0:s390x. 234s Preparing to unpack .../19-libtevent0_0.16.1-1_s390x.deb ... 234s Unpacking libtevent0:s390x (0.16.1-1) ... 234s Selecting previously unselected package libldb2:s390x. 234s Preparing to unpack .../20-libldb2_2%3a2.8.0+samba4.19.5+dfsg-1ubuntu1_s390x.deb ... 234s Unpacking libldb2:s390x (2:2.8.0+samba4.19.5+dfsg-1ubuntu1) ... 234s Selecting previously unselected package libnfsidmap1:s390x. 234s Preparing to unpack .../21-libnfsidmap1_1%3a2.6.3-3ubuntu1_s390x.deb ... 234s Unpacking libnfsidmap1:s390x (1:2.6.3-3ubuntu1) ... 234s Selecting previously unselected package libnss-sudo. 234s Preparing to unpack .../22-libnss-sudo_1.9.15p5-3ubuntu1_all.deb ... 234s Unpacking libnss-sudo (1.9.15p5-3ubuntu1) ... 234s Selecting previously unselected package libpwquality-common. 234s Preparing to unpack .../23-libpwquality-common_1.4.5-3_all.deb ... 234s Unpacking libpwquality-common (1.4.5-3) ... 234s Selecting previously unselected package libpwquality1:s390x. 234s Preparing to unpack .../24-libpwquality1_1.4.5-3_s390x.deb ... 234s Unpacking libpwquality1:s390x (1.4.5-3) ... 234s Selecting previously unselected package libpam-pwquality:s390x. 234s Preparing to unpack .../25-libpam-pwquality_1.4.5-3_s390x.deb ... 234s Unpacking libpam-pwquality:s390x (1.4.5-3) ... 234s Selecting previously unselected package libwbclient0:s390x. 234s Preparing to unpack .../26-libwbclient0_2%3a4.19.5+dfsg-1ubuntu1_s390x.deb ... 234s Unpacking libwbclient0:s390x (2:4.19.5+dfsg-1ubuntu1) ... 234s Selecting previously unselected package samba-libs:s390x. 234s Preparing to unpack .../27-samba-libs_2%3a4.19.5+dfsg-1ubuntu1_s390x.deb ... 234s Unpacking samba-libs:s390x (2:4.19.5+dfsg-1ubuntu1) ... 235s Selecting previously unselected package libnss-sss:s390x. 235s Preparing to unpack .../28-libnss-sss_2.9.4-1ubuntu1_s390x.deb ... 235s Unpacking libnss-sss:s390x (2.9.4-1ubuntu1) ... 235s Selecting previously unselected package libpam-sss:s390x. 235s Preparing to unpack .../29-libpam-sss_2.9.4-1ubuntu1_s390x.deb ... 235s Unpacking libpam-sss:s390x (2.9.4-1ubuntu1) ... 235s Selecting previously unselected package python3-sss. 235s Preparing to unpack .../30-python3-sss_2.9.4-1ubuntu1_s390x.deb ... 235s Unpacking python3-sss (2.9.4-1ubuntu1) ... 235s Selecting previously unselected package libc-ares2:s390x. 235s Preparing to unpack .../31-libc-ares2_1.27.0-1_s390x.deb ... 235s Unpacking libc-ares2:s390x (1.27.0-1) ... 235s Selecting previously unselected package libdhash1:s390x. 235s Preparing to unpack .../32-libdhash1_0.6.2-2_s390x.deb ... 235s Unpacking libdhash1:s390x (0.6.2-2) ... 235s Selecting previously unselected package libbasicobjects0:s390x. 235s Preparing to unpack .../33-libbasicobjects0_0.6.2-2_s390x.deb ... 235s Unpacking libbasicobjects0:s390x (0.6.2-2) ... 235s Selecting previously unselected package libcollection4:s390x. 235s Preparing to unpack .../34-libcollection4_0.6.2-2_s390x.deb ... 235s Unpacking libcollection4:s390x (0.6.2-2) ... 235s Selecting previously unselected package libpath-utils1:s390x. 235s Preparing to unpack .../35-libpath-utils1_0.6.2-2_s390x.deb ... 235s Unpacking libpath-utils1:s390x (0.6.2-2) ... 235s Selecting previously unselected package libref-array1:s390x. 235s Preparing to unpack .../36-libref-array1_0.6.2-2_s390x.deb ... 235s Unpacking libref-array1:s390x (0.6.2-2) ... 235s Selecting previously unselected package libini-config5:s390x. 235s Preparing to unpack .../37-libini-config5_0.6.2-2_s390x.deb ... 235s Unpacking libini-config5:s390x (0.6.2-2) ... 235s Selecting previously unselected package libsss-certmap0. 235s Preparing to unpack .../38-libsss-certmap0_2.9.4-1ubuntu1_s390x.deb ... 235s Unpacking libsss-certmap0 (2.9.4-1ubuntu1) ... 235s Selecting previously unselected package libsss-idmap0. 235s Preparing to unpack .../39-libsss-idmap0_2.9.4-1ubuntu1_s390x.deb ... 235s Unpacking libsss-idmap0 (2.9.4-1ubuntu1) ... 235s Selecting previously unselected package libsss-nss-idmap0. 235s Preparing to unpack .../40-libsss-nss-idmap0_2.9.4-1ubuntu1_s390x.deb ... 235s Unpacking libsss-nss-idmap0 (2.9.4-1ubuntu1) ... 235s Selecting previously unselected package sssd-common. 235s Preparing to unpack .../41-sssd-common_2.9.4-1ubuntu1_s390x.deb ... 235s Unpacking sssd-common (2.9.4-1ubuntu1) ... 235s Selecting previously unselected package sssd-idp. 235s Preparing to unpack .../42-sssd-idp_2.9.4-1ubuntu1_s390x.deb ... 235s Unpacking sssd-idp (2.9.4-1ubuntu1) ... 235s Selecting previously unselected package sssd-passkey. 235s Preparing to unpack .../43-sssd-passkey_2.9.4-1ubuntu1_s390x.deb ... 235s Unpacking sssd-passkey (2.9.4-1ubuntu1) ... 235s Selecting previously unselected package sssd-ad-common. 235s Preparing to unpack .../44-sssd-ad-common_2.9.4-1ubuntu1_s390x.deb ... 235s Unpacking sssd-ad-common (2.9.4-1ubuntu1) ... 235s Selecting previously unselected package sssd-krb5-common. 235s Preparing to unpack .../45-sssd-krb5-common_2.9.4-1ubuntu1_s390x.deb ... 235s Unpacking sssd-krb5-common (2.9.4-1ubuntu1) ... 235s Selecting previously unselected package libsmbclient:s390x. 235s Preparing to unpack .../46-libsmbclient_2%3a4.19.5+dfsg-1ubuntu1_s390x.deb ... 235s Unpacking libsmbclient:s390x (2:4.19.5+dfsg-1ubuntu1) ... 235s Selecting previously unselected package sssd-ad. 235s Preparing to unpack .../47-sssd-ad_2.9.4-1ubuntu1_s390x.deb ... 235s Unpacking sssd-ad (2.9.4-1ubuntu1) ... 235s Selecting previously unselected package libipa-hbac0. 235s Preparing to unpack .../48-libipa-hbac0_2.9.4-1ubuntu1_s390x.deb ... 235s Unpacking libipa-hbac0 (2.9.4-1ubuntu1) ... 235s Selecting previously unselected package sssd-ipa. 235s Preparing to unpack .../49-sssd-ipa_2.9.4-1ubuntu1_s390x.deb ... 235s Unpacking sssd-ipa (2.9.4-1ubuntu1) ... 235s Selecting previously unselected package sssd-krb5. 235s Preparing to unpack .../50-sssd-krb5_2.9.4-1ubuntu1_s390x.deb ... 235s Unpacking sssd-krb5 (2.9.4-1ubuntu1) ... 235s Selecting previously unselected package sssd-ldap. 235s Preparing to unpack .../51-sssd-ldap_2.9.4-1ubuntu1_s390x.deb ... 235s Unpacking sssd-ldap (2.9.4-1ubuntu1) ... 235s Selecting previously unselected package sssd-proxy. 235s Preparing to unpack .../52-sssd-proxy_2.9.4-1ubuntu1_s390x.deb ... 235s Unpacking sssd-proxy (2.9.4-1ubuntu1) ... 235s Selecting previously unselected package sssd. 235s Preparing to unpack .../53-sssd_2.9.4-1ubuntu1_s390x.deb ... 235s Unpacking sssd (2.9.4-1ubuntu1) ... 235s Selecting previously unselected package sssd-dbus. 235s Preparing to unpack .../54-sssd-dbus_2.9.4-1ubuntu1_s390x.deb ... 235s Unpacking sssd-dbus (2.9.4-1ubuntu1) ... 235s Selecting previously unselected package sssd-kcm. 235s Preparing to unpack .../55-sssd-kcm_2.9.4-1ubuntu1_s390x.deb ... 235s Unpacking sssd-kcm (2.9.4-1ubuntu1) ... 235s Selecting previously unselected package sssd-tools. 235s Preparing to unpack .../56-sssd-tools_2.9.4-1ubuntu1_s390x.deb ... 235s Unpacking sssd-tools (2.9.4-1ubuntu1) ... 235s Selecting previously unselected package libipa-hbac-dev. 235s Preparing to unpack .../57-libipa-hbac-dev_2.9.4-1ubuntu1_s390x.deb ... 235s Unpacking libipa-hbac-dev (2.9.4-1ubuntu1) ... 235s Selecting previously unselected package libsss-certmap-dev. 235s Preparing to unpack .../58-libsss-certmap-dev_2.9.4-1ubuntu1_s390x.deb ... 235s Unpacking libsss-certmap-dev (2.9.4-1ubuntu1) ... 235s Selecting previously unselected package libsss-idmap-dev. 235s Preparing to unpack .../59-libsss-idmap-dev_2.9.4-1ubuntu1_s390x.deb ... 235s Unpacking libsss-idmap-dev (2.9.4-1ubuntu1) ... 235s Selecting previously unselected package libsss-nss-idmap-dev. 235s Preparing to unpack .../60-libsss-nss-idmap-dev_2.9.4-1ubuntu1_s390x.deb ... 235s Unpacking libsss-nss-idmap-dev (2.9.4-1ubuntu1) ... 235s Selecting previously unselected package libsss-sudo. 235s Preparing to unpack .../61-libsss-sudo_2.9.4-1ubuntu1_s390x.deb ... 235s Unpacking libsss-sudo (2.9.4-1ubuntu1) ... 235s Selecting previously unselected package python3-libipa-hbac. 235s Preparing to unpack .../62-python3-libipa-hbac_2.9.4-1ubuntu1_s390x.deb ... 235s Unpacking python3-libipa-hbac (2.9.4-1ubuntu1) ... 235s Selecting previously unselected package python3-libsss-nss-idmap. 235s Preparing to unpack .../63-python3-libsss-nss-idmap_2.9.4-1ubuntu1_s390x.deb ... 235s Unpacking python3-libsss-nss-idmap (2.9.4-1ubuntu1) ... 235s Selecting previously unselected package autopkgtest-satdep. 235s Preparing to unpack .../64-1-autopkgtest-satdep.deb ... 235s Unpacking autopkgtest-satdep (0) ... 235s Setting up libpwquality-common (1.4.5-3) ... 235s Setting up libpath-utils1:s390x (0.6.2-2) ... 235s Setting up libnfsidmap1:s390x (1:2.6.3-3ubuntu1) ... 235s Setting up libsss-idmap0 (2.9.4-1ubuntu1) ... 235s Setting up libbasicobjects0:s390x (0.6.2-2) ... 235s Setting up libsss-idmap-dev (2.9.4-1ubuntu1) ... 235s Setting up libtdb1:s390x (1.4.10-1) ... 235s Setting up libc-ares2:s390x (1.27.0-1) ... 235s Setting up ldap-utils (2.6.7+dfsg-1~exp1ubuntu1) ... 235s Setting up libjose0:s390x (11-3) ... 235s Setting up libwbclient0:s390x (2:4.19.5+dfsg-1ubuntu1) ... 235s Setting up libtalloc2:s390x (2.4.2-1) ... 235s Setting up libdhash1:s390x (0.6.2-2) ... 235s Setting up libtevent0:s390x (0.16.1-1) ... 235s Setting up libavahi-common-data:s390x (0.8-13ubuntu2) ... 235s Setting up libevent-2.1-7:s390x (2.1.12-stable-9) ... 235s Setting up libtcl8.6:s390x (8.6.13+dfsg-2) ... 235s Setting up libltdl7:s390x (2.4.7-7) ... 235s Setting up libcrack2:s390x (2.9.6-5.1) ... 235s Setting up libcollection4:s390x (0.6.2-2) ... 235s Setting up libodbc2:s390x (2.3.12-1) ... 235s Setting up libipa-hbac0 (2.9.4-1ubuntu1) ... 235s Setting up python3-libipa-hbac (2.9.4-1ubuntu1) ... 235s Setting up libref-array1:s390x (0.6.2-2) ... 235s Setting up libnss-sudo (1.9.15p5-3ubuntu1) ... 235s Setting up libldb2:s390x (2:2.8.0+samba4.19.5+dfsg-1ubuntu1) ... 235s Setting up libsss-nss-idmap0 (2.9.4-1ubuntu1) ... 235s Setting up libnss-sss:s390x (2.9.4-1ubuntu1) ... 235s Setting up slapd (2.6.7+dfsg-1~exp1ubuntu1) ... 236s Creating new user openldap... done. 236s Creating initial configuration... done. 236s Creating LDAP directory... done. 236s Setting up tcl8.6 (8.6.13+dfsg-2) ... 236s Setting up libsss-sudo (2.9.4-1ubuntu1) ... 236s Setting up libsss-nss-idmap-dev (2.9.4-1ubuntu1) ... 236s Setting up libipa-hbac-dev (2.9.4-1ubuntu1) ... 236s Setting up libini-config5:s390x (0.6.2-2) ... 236s Setting up libavahi-common3:s390x (0.8-13ubuntu2) ... 236s Setting up tcl-expect:s390x (5.45.4-2build1) ... 236s Setting up python3-sss (2.9.4-1ubuntu1) ... 236s Setting up libsss-certmap0 (2.9.4-1ubuntu1) ... 236s Setting up libpwquality1:s390x (1.4.5-3) ... 236s Setting up python3-libsss-nss-idmap (2.9.4-1ubuntu1) ... 236s Setting up libavahi-client3:s390x (0.8-13ubuntu2) ... 236s Setting up expect (5.45.4-2build1) ... 236s Setting up libpam-pwquality:s390x (1.4.5-3) ... 237s Setting up samba-libs:s390x (2:4.19.5+dfsg-1ubuntu1) ... 237s Setting up libsss-certmap-dev (2.9.4-1ubuntu1) ... 237s Setting up libsmbclient:s390x (2:4.19.5+dfsg-1ubuntu1) ... 237s Setting up libpam-sss:s390x (2.9.4-1ubuntu1) ... 237s Setting up sssd-common (2.9.4-1ubuntu1) ... 237s Creating SSSD system user & group... 237s warn: The home directory `/var/lib/sss' already exists. Not touching this directory. 237s warn: Warning: The home directory `/var/lib/sss' does not belong to the user you are currently creating. 237s Warning: found usr.sbin.sssd in /etc/apparmor.d/force-complain, forcing complain mode 237s Warning from /etc/apparmor.d/usr.sbin.sssd (/etc/apparmor.d/usr.sbin.sssd line 63): Caching disabled for: 'usr.sbin.sssd' due to force complain 237s Created symlink /etc/systemd/system/sssd.service.wants/sssd-autofs.socket → /usr/lib/systemd/system/sssd-autofs.socket. 237s Created symlink /etc/systemd/system/sssd.service.wants/sssd-nss.socket → /usr/lib/systemd/system/sssd-nss.socket. 238s Created symlink /etc/systemd/system/sssd.service.wants/sssd-pam-priv.socket → /usr/lib/systemd/system/sssd-pam-priv.socket. 238s Created symlink /etc/systemd/system/sssd.service.wants/sssd-pam.socket → /usr/lib/systemd/system/sssd-pam.socket. 238s Created symlink /etc/systemd/system/sssd.service.wants/sssd-ssh.socket → /usr/lib/systemd/system/sssd-ssh.socket. 238s Created symlink /etc/systemd/system/sssd.service.wants/sssd-sudo.socket → /usr/lib/systemd/system/sssd-sudo.socket. 238s Created symlink /etc/systemd/system/multi-user.target.wants/sssd.service → /usr/lib/systemd/system/sssd.service. 239s sssd-autofs.service is a disabled or a static unit, not starting it. 239s sssd-nss.service is a disabled or a static unit, not starting it. 239s sssd-pam.service is a disabled or a static unit, not starting it. 239s sssd-ssh.service is a disabled or a static unit, not starting it. 239s sssd-sudo.service is a disabled or a static unit, not starting it. 239s Could not execute systemctl: at /usr/bin/deb-systemd-invoke line 148. 239s Setting up sssd-proxy (2.9.4-1ubuntu1) ... 239s Setting up sssd-kcm (2.9.4-1ubuntu1) ... 239s Created symlink /etc/systemd/system/sockets.target.wants/sssd-kcm.socket → /usr/lib/systemd/system/sssd-kcm.socket. 239s sssd-kcm.service is a disabled or a static unit, not starting it. 239s Setting up sssd-dbus (2.9.4-1ubuntu1) ... 240s sssd-ifp.service is a disabled or a static unit, not starting it. 240s Setting up sssd-ad-common (2.9.4-1ubuntu1) ... 240s Created symlink /etc/systemd/system/sssd.service.wants/sssd-pac.socket → /usr/lib/systemd/system/sssd-pac.socket. 240s sssd-pac.service is a disabled or a static unit, not starting it. 240s Could not execute systemctl: at /usr/bin/deb-systemd-invoke line 148. 240s Setting up sssd-krb5-common (2.9.4-1ubuntu1) ... 240s Setting up sssd-krb5 (2.9.4-1ubuntu1) ... 240s Setting up sssd-ldap (2.9.4-1ubuntu1) ... 240s Setting up sssd-ad (2.9.4-1ubuntu1) ... 240s Setting up sssd-tools (2.9.4-1ubuntu1) ... 240s Setting up sssd-ipa (2.9.4-1ubuntu1) ... 240s Setting up sssd (2.9.4-1ubuntu1) ... 240s Setting up libverto-libevent1:s390x (0.3.1-1ubuntu5) ... 240s Setting up libverto1:s390x (0.3.1-1ubuntu5) ... 240s Setting up libkrad0:s390x (1.20.1-5build1) ... 240s Setting up sssd-passkey (2.9.4-1ubuntu1) ... 240s Setting up sssd-idp (2.9.4-1ubuntu1) ... 240s Setting up autopkgtest-satdep (0) ... 240s Processing triggers for libc-bin (2.39-0ubuntu6) ... 240s Processing triggers for ufw (0.36.2-5) ... 240s Processing triggers for man-db (2.12.0-3) ... 241s Processing triggers for dbus (1.14.10-4ubuntu1) ... 249s (Reading database ... 53021 files and directories currently installed.) 249s Removing autopkgtest-satdep (0) ... 250s autopkgtest [21:36:57]: test ldap-user-group-ldap-auth: [----------------------- 250s + . debian/tests/util 250s + . debian/tests/common-tests 250s + mydomain=example.com 250s + myhostname=ldap.example.com 250s + mysuffix=dc=example,dc=com 250s + admin_dn=cn=admin,dc=example,dc=com 250s + admin_pw=secret 250s + ldap_user=testuser1 250s + ldap_user_pw=testuser1secret 250s + ldap_group=ldapusers 250s + adjust_hostname ldap.example.com 250s + local myhostname=ldap.example.com 250s + echo ldap.example.com 250s + hostname ldap.example.com 250s + grep -qE ldap.example.com /etc/hosts 250s + echo 127.0.1.10 ldap.example.com 250s + reconfigure_slapd 250s + debconf-set-selections 250s + rm -rf /var/backups/*slapd* /var/backups/unknown*ldapdb 250s + dpkg-reconfigure -fnoninteractive -pcritical slapd 250s Backing up /etc/ldap/slapd.d in /var/backups/slapd-2.6.7+dfsg-1~exp1ubuntu1... done. 250s Moving old database directory to /var/backups: 250s - directory unknown... done. 250s Creating initial configuration... done. 250s Creating LDAP directory... done. 251s + generate_certs ldap.example.com 251s + local cn=ldap.example.com 251s + local cert=/etc/ldap/server.pem 251s + local key=/etc/ldap/server.key 251s + local cnf=/etc/ldap/openssl.cnf 251s + cat 251s + openssl req -new -x509 -nodes -out /etc/ldap/server.pem -keyout /etc/ldap/server.key -config /etc/ldap/openssl.cnf 251s ...........++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 251s .........................................++++++++++++++++++++++++++++++++++++++modifying entry "cn=config" 251s 251s ++++++++++++++++++++++++++ 251s ----- 251s + chmod 0640 /etc/ldap/server.key 251s + chgrp openldap /etc/ldap/server.key 251s + [ ! -f /etc/ldap/server.pem ] 251s + [ ! -f /etc/ldap/server.key ] 251s + enable_ldap_ssl 251s + cat 251s + + cat 251s ldapmodify -H ldapi:/// -Y EXTERNAL -Q 251s + populate_ldap_rfc2307 251s + cat 251s + ldapadd -x -D cn=admin,dc=example,dc=com -w secret 251s adding new entry "ou=People,dc=example,dc=com" 251s 251s adding new entry "ou=Group,dc=example,dc=com" 251s 251s adding new entry "uid=testuser1,ou=People,dc=example,dc=com" 251s 251s adding new entry "cn=testuser1,ou=Group,dc=example,dc=com" 251s 251s adding new entry "cn=ldapusers,ou=Group,dc=example,dc=com" 251s 251s + configure_sssd_ldap_rfc2307 251s + cat 251s + chmod 0600 /etc/sssd/sssd.conf 251s + systemctl restart sssd 251s + enable_pam_mkhomedir 251s + grep -qE ^session.*pam_mkhomedir\.so /etc/pam.d/common-session 251s + echo session optional pam_mkhomedir.so 251s + run_common_tests 251s + echo Assert local user databases do not have our LDAP test data 251s Assert local user databases do not have our LDAP test data 251s + check_local_user testuser1 251s + local local_user=testuser1 251s + grep -q ^testuser1 /etc/passwd 251s + check_local_group testuser1 251s + local local_group=testuser1 251s + grep -q ^testuser1 /etc/group 251s + check_local_group ldapusers 251s + local local_group=ldapusers 251s + grep -q ^ldapusers /etc/group 251s + The LDAP user is known to the system via getent 251s echo The LDAP user is known to the system via getent 251s + check_getent_user testuser1 251s + local getent_user=testuser1 251s + local output 251s + getent passwd testuser1 251s The LDAP user's private group is known to the system via getent 251s + output=testuser1:*:10001:10001:testuser1:/home/testuser1:/bin/bash 251s + [ -z testuser1:*:10001:10001:testuser1:/home/testuser1:/bin/bash ] 251s + echo The LDAP user's private group is known to the system via getent 251s + check_getent_group testuser1 251s + local getent_group=testuser1 251s + local output 251s + getent group testuser1 251s The LDAP group ldapusers is known to the system via getent 251s + output=testuser1:*:10001:testuser1 251s + [ -z testuser1:*:10001:testuser1 ] 251s + echo The LDAP group ldapusers is known to the system via getent 251s + check_getent_group ldapusers 251s + local getent_group=ldapusers 251s + local output 251s + getent group ldapusers 251s + The id(1) command can resolve the group membership of the LDAP user 251s output=ldapusers:*:10100:testuser1 251s + [ -z ldapusers:*:10100:testuser1 ] 251s + echo The id(1) command can resolve the group membership of the LDAP user 251s + id -Gn testuser1 251s The LDAP user can login on a terminal 251s + output=testuser1 ldapusers 251s + [ testuser1 ldapusers != testuser1 ldapusers ] 251s + echo The LDAP user can login on a terminal 251s + /usr/bin/expect -f debian/tests/login.exp testuser1 testuser1secret 251s spawn login 251s ldap.example.com login: testuser1 251s Password: 251s Welcome to Ubuntu Noble Numbat (development branch) (GNU/Linux 6.8.0-11-generic s390x) 251s 251s * Documentation: https://help.ubuntu.com 251s * Management: https://landscape.canonical.com 251s * Support: https://ubuntu.com/pro 251s 251s 251s The programs included with the Ubuntu system are free software; 251s the exact distribution terms for each program are described in the 251s individual files in /usr/share/doc/*/copyright. 251s 251s Ubuntu comes with ABSOLUTELY NO WARRANTY, to the extent permitted by 251s applicable law. 251s 251s 251s The programs included with the Ubuntu system are free software; 251s the exact distribution terms for each program are described in the 251s individual files in /usr/share/doc/*/copyright. 251s 251s Ubuntu comes with ABSOLUTELY NO WARRANTY, to the extent permitted by 251s applicable law. 251s 251s Creating directory '/home/testuser1'. 251s [?2004htestuser1@ldap:~$ id -un 251s [?2004l testuser1 251s [?2004htestuser1@ldap:~$ autopkgtest [21:36:58]: test ldap-user-group-ldap-auth: -----------------------] 252s ldap-user-group-ldap-auth PASS 252s autopkgtest [21:36:59]: test ldap-user-group-ldap-auth: - - - - - - - - - - results - - - - - - - - - - 252s autopkgtest [21:36:59]: test ldap-user-group-krb5-auth: preparing testbed 264s Reading package lists... 264s Building dependency tree... 264s Reading state information... 264s Starting pkgProblemResolver with broken count: 0 264s Starting 2 pkgProblemResolver with broken count: 0 264s Done 264s The following additional packages will be installed: 264s krb5-admin-server krb5-config krb5-kdc krb5-user libgssrpc4 264s libkadm5clnt-mit12 libkadm5srv-mit12 libkdb5-10 264s Suggested packages: 264s krb5-kdc-ldap krb5-kpropd krb5-k5tls krb5-doc 264s The following NEW packages will be installed: 264s autopkgtest-satdep krb5-admin-server krb5-config krb5-kdc krb5-user 264s libgssrpc4 libkadm5clnt-mit12 libkadm5srv-mit12 libkdb5-10 264s 0 upgraded, 9 newly installed, 0 to remove and 0 not upgraded. 264s Need to get 612 kB/613 kB of archives. 264s After this operation, 2067 kB of additional disk space will be used. 264s Get:1 /tmp/autopkgtest.3GCwZq/2-autopkgtest-satdep.deb autopkgtest-satdep s390x 0 [884 B] 265s Get:2 http://ftpmaster.internal/ubuntu noble/main s390x krb5-config all 2.7 [22.0 kB] 265s Get:3 http://ftpmaster.internal/ubuntu noble/main s390x libgssrpc4 s390x 1.20.1-5build1 [58.9 kB] 265s Get:4 http://ftpmaster.internal/ubuntu noble/main s390x libkadm5clnt-mit12 s390x 1.20.1-5build1 [40.5 kB] 265s Get:5 http://ftpmaster.internal/ubuntu noble/main s390x libkdb5-10 s390x 1.20.1-5build1 [41.4 kB] 265s Get:6 http://ftpmaster.internal/ubuntu noble/main s390x libkadm5srv-mit12 s390x 1.20.1-5build1 [55.2 kB] 265s Get:7 http://ftpmaster.internal/ubuntu noble/universe s390x krb5-user s390x 1.20.1-5build1 [110 kB] 265s Get:8 http://ftpmaster.internal/ubuntu noble/universe s390x krb5-kdc s390x 1.20.1-5build1 [188 kB] 265s Get:9 http://ftpmaster.internal/ubuntu noble/universe s390x krb5-admin-server s390x 1.20.1-5build1 [95.9 kB] 265s Preconfiguring packages ... 266s Fetched 612 kB in 1s (988 kB/s) 266s Selecting previously unselected package krb5-config. 266s (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 53021 files and directories currently installed.) 266s Preparing to unpack .../0-krb5-config_2.7_all.deb ... 266s Unpacking krb5-config (2.7) ... 266s Selecting previously unselected package libgssrpc4:s390x. 266s Preparing to unpack .../1-libgssrpc4_1.20.1-5build1_s390x.deb ... 266s Unpacking libgssrpc4:s390x (1.20.1-5build1) ... 266s Selecting previously unselected package libkadm5clnt-mit12:s390x. 266s Preparing to unpack .../2-libkadm5clnt-mit12_1.20.1-5build1_s390x.deb ... 266s Unpacking libkadm5clnt-mit12:s390x (1.20.1-5build1) ... 266s Selecting previously unselected package libkdb5-10:s390x. 266s Preparing to unpack .../3-libkdb5-10_1.20.1-5build1_s390x.deb ... 266s Unpacking libkdb5-10:s390x (1.20.1-5build1) ... 266s Selecting previously unselected package libkadm5srv-mit12:s390x. 266s Preparing to unpack .../4-libkadm5srv-mit12_1.20.1-5build1_s390x.deb ... 266s Unpacking libkadm5srv-mit12:s390x (1.20.1-5build1) ... 266s Selecting previously unselected package krb5-user. 267s Preparing to unpack .../5-krb5-user_1.20.1-5build1_s390x.deb ... 267s Unpacking krb5-user (1.20.1-5build1) ... 267s Selecting previously unselected package krb5-kdc. 267s Preparing to unpack .../6-krb5-kdc_1.20.1-5build1_s390x.deb ... 267s Unpacking krb5-kdc (1.20.1-5build1) ... 267s Selecting previously unselected package krb5-admin-server. 267s Preparing to unpack .../7-krb5-admin-server_1.20.1-5build1_s390x.deb ... 267s Unpacking krb5-admin-server (1.20.1-5build1) ... 267s Selecting previously unselected package autopkgtest-satdep. 267s Preparing to unpack .../8-2-autopkgtest-satdep.deb ... 267s Unpacking autopkgtest-satdep (0) ... 267s Setting up libgssrpc4:s390x (1.20.1-5build1) ... 267s Setting up krb5-config (2.7) ... 267s Setting up libkadm5clnt-mit12:s390x (1.20.1-5build1) ... 267s Setting up libkdb5-10:s390x (1.20.1-5build1) ... 267s Setting up libkadm5srv-mit12:s390x (1.20.1-5build1) ... 267s Setting up krb5-user (1.20.1-5build1) ... 267s update-alternatives: using /usr/bin/kinit.mit to provide /usr/bin/kinit (kinit) in auto mode 267s update-alternatives: using /usr/bin/klist.mit to provide /usr/bin/klist (klist) in auto mode 267s update-alternatives: using /usr/bin/kswitch.mit to provide /usr/bin/kswitch (kswitch) in auto mode 267s update-alternatives: using /usr/bin/ksu.mit to provide /usr/bin/ksu (ksu) in auto mode 267s update-alternatives: using /usr/bin/kpasswd.mit to provide /usr/bin/kpasswd (kpasswd) in auto mode 267s update-alternatives: using /usr/bin/kdestroy.mit to provide /usr/bin/kdestroy (kdestroy) in auto mode 267s update-alternatives: using /usr/bin/kadmin.mit to provide /usr/bin/kadmin (kadmin) in auto mode 267s update-alternatives: using /usr/bin/ktutil.mit to provide /usr/bin/ktutil (ktutil) in auto mode 267s Setting up krb5-kdc (1.20.1-5build1) ... 267s Created symlink /etc/systemd/system/multi-user.target.wants/krb5-kdc.service → /usr/lib/systemd/system/krb5-kdc.service. 268s Could not execute systemctl: at /usr/bin/deb-systemd-invoke line 148. 268s Setting up krb5-admin-server (1.20.1-5build1) ... 268s Created symlink /etc/systemd/system/multi-user.target.wants/krb5-admin-server.service → /usr/lib/systemd/system/krb5-admin-server.service. 269s Setting up autopkgtest-satdep (0) ... 269s Processing triggers for man-db (2.12.0-3) ... 270s Processing triggers for libc-bin (2.39-0ubuntu6) ... 277s (Reading database ... 53114 files and directories currently installed.) 277s Removing autopkgtest-satdep (0) ... 278s autopkgtest [21:37:25]: test ldap-user-group-krb5-auth: [----------------------- 278s + . debian/tests/util 278s + . debian/tests/common-tests 278s + mydomain=example.com 278s + myhostname=ldap.example.com 278s + mysuffix=dc=example,dc=com 278s + myrealm=EXAMPLE.COM 278s + admin_dn=cn=admin,dc=example,dc=com 278s + admin_pw=secret 278s + ldap_user=testuser1 278s + ldap_user_pw=testuser1secret 278s + kerberos_principal_pw=testuser1kerberos 278s + ldap_group=ldapusers 278s + adjust_hostname ldap.example.com 278s + local myhostname=ldap.example.com 278s + echo ldap.example.com 278s + hostname ldap.example.com 278s + grep -qE ldap.example.com /etc/hosts 278s + reconfigure_slapd 278s + debconf-set-selections 278s + rm -rf /var/backups/slapd-2.6.7+dfsg-1~exp1ubuntu1 /var/backups/unknown-2.6.7+dfsg-1~exp1ubuntu1-20240323-213657.ldapdb 278s + dpkg-reconfigure -fnoninteractive -pcritical slapd 279s Backing up /etc/ldap/slapd.d in /var/backups/slapd-2.6.7+dfsg-1~exp1ubuntu1... done. 279s Moving old database directory to /var/backups: 279s - directory unknown... done. 279s Creating initial configuration... done. 279s Creating LDAP directory... done. 279s + generate_certs ldap.example.com 279s + local cn=ldap.example.com 279s + local cert=/etc/ldap/server.pem 279s + local key=/etc/ldap/server.key 279s + local cnf=/etc/ldap/openssl.cnf 279s + cat 279s + openssl req -new -x509 -nodes -out /etc/ldap/server.pem -keyout /etc/ldap/server.key -config /etc/ldap/openssl.cnf 279s ................................................++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 279s ................................+++++++++++++++++++++++++++++++++++++++++++++++++++++++modifying entry "cn=config" 279s 279s adding new entry "ou=People,dc=example,dc=com" 279s 279s adding new entry "ou=Group,dc=example,dc=com" 279s 279s adding new entry "uid=testuser1,ou=People,dc=example,dc=com" 279s 279s adding new entry "cn=testuser1,ou=Group,dc=example,dc=com" 279s 279s adding new entry "cn=ldapusers,ou=Group,dc=example,dc=com" 279s 279s +++++++++ 279s ----- 279s + chmod 0640 /etc/ldap/server.key 279s + chgrp openldap /etc/ldap/server.key 279s + [ ! -f /etc/ldap/server.pem ] 279s + [ ! -f /etc/ldap/server.key ] 279s + enable_ldap_ssl 279s + cat 279s + cat+ 279s ldapmodify -H ldapi:/// -Y EXTERNAL -Q 279s + populate_ldap_rfc2307 279s + cat 279s + ldapadd -x -D cn=admin,dc=example,dc=com -w secret 279s + create_realm EXAMPLE.COM ldap.example.com 279s + local realm_name=EXAMPLE.COM 279s + local kerberos_server=ldap.example.com 279s + rm -rf /var/lib/krb5kdc/* 279s + rm -rf /etc/krb5kdc/kdc.conf 279s + rm -f /etc/krb5.keytab 279s + cat 279s + cat 279s + echo # */admin * 279s + kdb5_util create -s -P secretpassword 279s Initializing database '/var/lib/krb5kdc/principal' for realm 'EXAMPLE.COM', 279s master key name 'K/M@EXAMPLE.COM' 279s + systemctl restart krb5-kdc.service krb5-admin-server.service 279s + create_krb_principal testuser1 testuser1kerberos 279s + local principal=testuser1 279s + local password=testuser1kerberos 279s + kadmin.local -q addprinc -pw testuser1kerberos testuser1 279s No policy specified for testuser1@EXAMPLE.COM; defaulting to no policy 279s Authenticating as principal root/admin@EXAMPLE.COM with password. 279s Principal "testuser1@EXAMPLE.COM" created. 279s + configure_sssd_ldap_rfc2307_krb5_auth 279s + cat 279s + chmod 0600 /etc/sssd/sssd.conf 279s + systemctl restart sssd 279s + enable_pam_mkhomedir 279s + grep -qE ^session.*pam_mkhomedir\.so /etc/pam.d/common-session 279s + run_common_tests 279s + Assert local user databases do not have our LDAP test data 279s echo Assert local user databases do not have our LDAP test data 279s + check_local_user testuser1 279s + local local_user=testuser1 279s + grep -q ^testuser1 /etc/passwd 279s + check_local_group testuser1 279s + local local_group=testuser1 279s + grep -q ^testuser1 /etc/group 279s + check_local_group ldapusers 279s + local local_group=ldapusers 279s + grep -q ^ldapusers /etc/group 279s The LDAP user is known to the system via getent 279s + echo The LDAP user is known to the system via getent 279s + check_getent_user testuser1 279s + local getent_user=testuser1 279s + local output 279s + getent passwd testuser1 279s The LDAP user's private group is known to the system via getent 279s + output=testuser1:*:10001:10001:testuser1:/home/testuser1:/bin/bash 279s + [ -z testuser1:*:10001:10001:testuser1:/home/testuser1:/bin/bash ] 279s + echo The LDAP user's private group is known to the system via getent 279s + check_getent_group testuser1 279s + local getent_group=testuser1 279s + local output 279s + getent group testuser1 280s + The LDAP group ldapusers is known to the system via getent 280s output=testuser1:*:10001:testuser1 280s + [ -z testuser1:*:10001:testuser1 ] 280s + echo The LDAP group ldapusers is known to the system via getent 280s + check_getent_group ldapusers 280s + local getent_group=ldapusers 280s + local output 280s + getent group ldapusers 280s The id(1) command can resolve the group membership of the LDAP user 280s The Kerberos principal can login on a terminal 280s + output=ldapusers:*:10100:testuser1 280s + [ -z ldapusers:*:10100:testuser1 ] 280s + echo The id(1) command can resolve the group membership of the LDAP user 280s + id -Gn testuser1 280s + output=testuser1 ldapusers 280s + [ testuser1 ldapusers != testuser1 ldapusers ] 280s + echo The Kerberos principal can login on a terminal 280s + kdestroy 280s + /usr/bin/expect -f debian/tests/login.exp testuser1 testuser1kerberos testuser1@EXAMPLE.COM 280s spawn login 280s ldap.example.com login: testuser1 280s Password: 280s Welcome to Ubuntu Noble Numbat (development branch) (GNU/Linux 6.8.0-11-generic s390x) 280s 280s * Documentation: https://help.ubuntu.com 280s * Management: https://landscape.canonical.com 280s * Support: https://ubuntu.com/pro 280s 280s 280s The programs included with the Ubuntu system are free software; 280s the exact distribution terms for each program are described in the 280s individual files in /usr/share/doc/*/copyright. 280s 280s Ubuntu comes with ABSOLUTELY NO WARRANTY, to the extent permitted by 280s applicable law. 280s 280s Last login: Sat Mar 23 21:36:58 UTC 2024 on pts/0 280s [?2004htestuser1@ldap:~$ id -un 280s [?2004l testuser1 280s [?2004htestuser1@ldap:~$ klist 280s [?2004l Ticket cache: FILE:/tmp/krb5cc_10001_lA6iRr 280s Default principal: testuser1@EXAMPLE.COM 280s /tmp/autopkgtest.3GCwZq/wrapper.sh: Killing leaked background processes: 4690 280s PID TTY STAT TIME COMMAND 280s /tmp/autopkgtest.3GCwZq/wrapper.sh: 235: kill: No such process 280s 280s /tmp/autopkgtest.3GCwZq/wrapper.sh: 237: kill: No such process 280s 280s autopkgtest [21:37:27]: test ldap-user-group-krb5-auth: -----------------------] 281s autopkgtest [21:37:28]: test ldap-user-group-krb5-auth: - - - - - - - - - - results - - - - - - - - - - 281s ldap-user-group-krb5-auth PASS 281s autopkgtest [21:37:28]: test sssd-softhism2-certificates-tests.sh: preparing testbed 373s autopkgtest [21:39:00]: testbed dpkg architecture: s390x 373s autopkgtest [21:39:00]: testbed apt version: 2.7.12 373s autopkgtest [21:39:00]: @@@@@@@@@@@@@@@@@@@@ test bed setup 374s Get:1 http://ftpmaster.internal/ubuntu noble-proposed InRelease [117 kB] 374s Get:2 http://ftpmaster.internal/ubuntu noble-proposed/multiverse Sources [56.9 kB] 374s Get:3 http://ftpmaster.internal/ubuntu noble-proposed/restricted Sources [6540 B] 374s Get:4 http://ftpmaster.internal/ubuntu noble-proposed/main Sources [494 kB] 374s Get:5 http://ftpmaster.internal/ubuntu noble-proposed/universe Sources [4028 kB] 375s Get:6 http://ftpmaster.internal/ubuntu noble-proposed/main s390x Packages [654 kB] 375s Get:7 http://ftpmaster.internal/ubuntu noble-proposed/main s390x c-n-f Metadata [3032 B] 375s Get:8 http://ftpmaster.internal/ubuntu noble-proposed/restricted s390x Packages [1372 B] 375s Get:9 http://ftpmaster.internal/ubuntu noble-proposed/restricted s390x c-n-f Metadata [116 B] 375s Get:10 http://ftpmaster.internal/ubuntu noble-proposed/universe s390x Packages [4150 kB] 375s Get:11 http://ftpmaster.internal/ubuntu noble-proposed/universe s390x c-n-f Metadata [7292 B] 375s Get:12 http://ftpmaster.internal/ubuntu noble-proposed/multiverse s390x Packages [46.8 kB] 375s Get:13 http://ftpmaster.internal/ubuntu noble-proposed/multiverse s390x c-n-f Metadata [116 B] 377s Fetched 9565 kB in 3s (3337 kB/s) 378s Reading package lists... 380s Reading package lists... 380s Building dependency tree... 380s Reading state information... 381s Calculating upgrade... 381s The following packages will be REMOVED: 381s libreadline8 libssl3 381s The following NEW packages will be installed: 381s libreadline8t64 libssl3t64 381s The following packages have been kept back: 381s libpython3.12-minimal libpython3.12-stdlib python3.12 python3.12-minimal 381s The following packages will be upgraded: 381s libtirpc-common openssl readline-common 381s 3 upgraded, 2 newly installed, 2 to remove and 4 not upgraded. 381s Need to get 2919 kB of archives. 381s After this operation, 257 kB of additional disk space will be used. 381s Get:1 http://ftpmaster.internal/ubuntu noble-proposed/main s390x readline-common all 8.2-4 [56.4 kB] 381s Get:2 http://ftpmaster.internal/ubuntu noble-proposed/main s390x libreadline8t64 s390x 8.2-4 [170 kB] 381s Get:3 http://ftpmaster.internal/ubuntu noble-proposed/main s390x openssl s390x 3.0.13-0ubuntu2 [1010 kB] 382s Get:4 http://ftpmaster.internal/ubuntu noble-proposed/main s390x libssl3t64 s390x 3.0.13-0ubuntu2 [1675 kB] 382s Get:5 http://ftpmaster.internal/ubuntu noble-proposed/main s390x libtirpc-common all 1.3.4+ds-1.1 [8018 B] 382s Fetched 2919 kB in 1s (2951 kB/s) 382s (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 52170 files and directories currently installed.) 382s Preparing to unpack .../readline-common_8.2-4_all.deb ... 382s Unpacking readline-common (8.2-4) over (8.2-3) ... 382s dpkg: libreadline8:s390x: dependency problems, but removing anyway as you requested: 382s parted depends on libreadline8 (>= 6.0). 382s libpython3.12-stdlib:s390x depends on libreadline8 (>= 7.0~beta). 382s libpython3.11-stdlib:s390x depends on libreadline8 (>= 7.0~beta). 382s gpgsm depends on libreadline8 (>= 6.0). 382s gpgconf depends on libreadline8 (>= 6.0). 382s gpg depends on libreadline8 (>= 6.0). 382s gawk depends on libreadline8 (>= 6.0). 382s fdisk depends on libreadline8 (>= 6.0). 382s 382s (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 52170 files and directories currently installed.) 382s Removing libreadline8:s390x (8.2-3) ... 382s Selecting previously unselected package libreadline8t64:s390x. 383s (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 52158 files and directories currently installed.) 383s Preparing to unpack .../libreadline8t64_8.2-4_s390x.deb ... 383s Adding 'diversion of /lib/s390x-linux-gnu/libhistory.so.8 to /lib/s390x-linux-gnu/libhistory.so.8.usr-is-merged by libreadline8t64' 383s Adding 'diversion of /lib/s390x-linux-gnu/libhistory.so.8.2 to /lib/s390x-linux-gnu/libhistory.so.8.2.usr-is-merged by libreadline8t64' 383s Adding 'diversion of /lib/s390x-linux-gnu/libreadline.so.8 to /lib/s390x-linux-gnu/libreadline.so.8.usr-is-merged by libreadline8t64' 383s Adding 'diversion of /lib/s390x-linux-gnu/libreadline.so.8.2 to /lib/s390x-linux-gnu/libreadline.so.8.2.usr-is-merged by libreadline8t64' 383s Unpacking libreadline8t64:s390x (8.2-4) ... 383s Preparing to unpack .../openssl_3.0.13-0ubuntu2_s390x.deb ... 383s Unpacking openssl (3.0.13-0ubuntu2) over (3.0.10-1ubuntu4) ... 383s dpkg: libssl3:s390x: dependency problems, but removing anyway as you requested: 383s wget depends on libssl3 (>= 3.0.0). 383s tnftp depends on libssl3 (>= 3.0.0). 383s tcpdump depends on libssl3 (>= 3.0.0). 383s systemd-resolved depends on libssl3 (>= 3.0.0). 383s systemd depends on libssl3 (>= 3.0.0). 383s sudo depends on libssl3 (>= 3.0.0). 383s s390-tools depends on libssl3 (>= 3.0.0). 383s rsync depends on libssl3 (>= 3.0.0). 383s python3-cryptography depends on libssl3 (>= 3.0.0). 383s openssh-server depends on libssl3 (>= 3.0.10). 383s openssh-client depends on libssl3 (>= 3.0.10). 383s linux-headers-6.8.0-11-generic depends on libssl3 (>= 3.0.0). 383s libsystemd-shared:s390x depends on libssl3 (>= 3.0.0). 383s libssh-4:s390x depends on libssl3 (>= 3.0.0). 383s libsasl2-modules:s390x depends on libssl3 (>= 3.0.0). 383s libsasl2-2:s390x depends on libssl3 (>= 3.0.0). 383s libpython3.12-minimal:s390x depends on libssl3 (>= 3.0.0). 383s libpython3.11-minimal:s390x depends on libssl3 (>= 3.0.0). 383s libnvme1 depends on libssl3 (>= 3.0.0). 383s libkrb5-3:s390x depends on libssl3 (>= 3.0.0). 383s libkmod2:s390x depends on libssl3 (>= 3.0.0). 383s libfido2-1:s390x depends on libssl3 (>= 3.0.0). 383s libcurl4:s390x depends on libssl3 (>= 3.0.0). 383s libcryptsetup12:s390x depends on libssl3 (>= 3.0.0). 383s kmod depends on libssl3 (>= 3.0.0). 383s dhcpcd-base depends on libssl3 (>= 3.0.0). 383s bind9-libs:s390x depends on libssl3 (>= 3.0.0). 383s 383s (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 52178 files and directories currently installed.) 383s Removing libssl3:s390x (3.0.10-1ubuntu4) ... 383s Selecting previously unselected package libssl3t64:s390x. 383s (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 52167 files and directories currently installed.) 383s Preparing to unpack .../libssl3t64_3.0.13-0ubuntu2_s390x.deb ... 383s Unpacking libssl3t64:s390x (3.0.13-0ubuntu2) ... 383s Preparing to unpack .../libtirpc-common_1.3.4+ds-1.1_all.deb ... 383s Unpacking libtirpc-common (1.3.4+ds-1.1) over (1.3.4+ds-1build1) ... 383s Setting up libssl3t64:s390x (3.0.13-0ubuntu2) ... 383s Setting up libtirpc-common (1.3.4+ds-1.1) ... 383s Setting up openssl (3.0.13-0ubuntu2) ... 383s Setting up readline-common (8.2-4) ... 383s Setting up libreadline8t64:s390x (8.2-4) ... 383s Processing triggers for libc-bin (2.39-0ubuntu6) ... 383s Processing triggers for man-db (2.12.0-3) ... 383s Processing triggers for install-info (7.1-3) ... 384s Reading package lists... 384s Building dependency tree... 384s Reading state information... 384s 0 upgraded, 0 newly installed, 0 to remove and 4 not upgraded. 385s Unknown architecture, assuming PC-style ttyS0 385s sh: Attempting to set up Debian/Ubuntu apt sources automatically 385s sh: Distribution appears to be Ubuntu 386s Reading package lists... 386s Building dependency tree... 386s Reading state information... 386s eatmydata is already the newest version (131-1). 386s 0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded. 386s Reading package lists... 386s Building dependency tree... 386s Reading state information... 387s dbus is already the newest version (1.14.10-4ubuntu1). 387s 0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded. 387s Reading package lists... 387s Building dependency tree... 387s Reading state information... 387s rng-tools-debian is already the newest version (2.4). 387s 0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded. 388s Reading package lists... 388s Building dependency tree... 388s Reading state information... 388s The following packages will be REMOVED: 388s cloud-init* python3-configobj* python3-debconf* 388s 0 upgraded, 0 newly installed, 3 to remove and 0 not upgraded. 388s After this operation, 3256 kB disk space will be freed. 388s (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 52180 files and directories currently installed.) 388s Removing cloud-init (24.1.2-0ubuntu1) ... 389s Removing python3-configobj (5.0.8-3) ... 389s Removing python3-debconf (1.5.86) ... 389s Processing triggers for man-db (2.12.0-3) ... 389s (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 51791 files and directories currently installed.) 389s Purging configuration files for cloud-init (24.1.2-0ubuntu1) ... 390s dpkg: warning: while removing cloud-init, directory '/etc/cloud/cloud.cfg.d' not empty so not removed 390s Processing triggers for rsyslog (8.2312.0-3ubuntu3) ... 390s invoke-rc.d: policy-rc.d denied execution of try-restart. 390s Reading package lists... 390s Building dependency tree... 390s Reading state information... 391s linux-generic is already the newest version (6.8.0-11.11+1). 391s 0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded. 391s Hit:1 http://ftpmaster.internal/ubuntu noble InRelease 391s Hit:2 http://ftpmaster.internal/ubuntu noble-updates InRelease 391s Hit:3 http://ftpmaster.internal/ubuntu noble-security InRelease 393s Reading package lists... 393s Reading package lists... 393s Building dependency tree... 393s Reading state information... 394s Calculating upgrade... 394s 0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded. 394s Reading package lists... 394s Building dependency tree... 394s Reading state information... 394s 0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded. 394s autopkgtest [21:39:21]: rebooting testbed after setup commands that affected boot 421s Reading package lists... 421s Building dependency tree... 421s Reading state information... 421s Starting pkgProblemResolver with broken count: 0 421s Starting 2 pkgProblemResolver with broken count: 0 421s Done 421s The following additional packages will be installed: 421s gnutls-bin libavahi-client3 libavahi-common-data libavahi-common3 421s libbasicobjects0 libc-ares2 libcollection4 libcrack2 libdhash1 421s libevent-2.1-7 libgnutls-dane0 libini-config5 libipa-hbac0 libldb2 421s libnfsidmap1 libnss-sss libpam-pwquality libpam-sss libpath-utils1 421s libpwquality-common libpwquality1 libref-array1 libsmbclient libsofthsm2 421s libsss-certmap0 libsss-idmap0 libsss-nss-idmap0 libtalloc2 libtdb1 421s libtevent0 libunbound8 libwbclient0 python3-sss samba-libs softhsm2 421s softhsm2-common sssd sssd-ad sssd-ad-common sssd-common sssd-ipa sssd-krb5 421s sssd-krb5-common sssd-ldap sssd-proxy 422s Suggested packages: 422s dns-root-data adcli libsss-sudo sssd-tools libsasl2-modules-ldap 422s Recommended packages: 422s cracklib-runtime libsasl2-modules-gssapi-mit 422s | libsasl2-modules-gssapi-heimdal ldap-utils 422s The following NEW packages will be installed: 422s autopkgtest-satdep gnutls-bin libavahi-client3 libavahi-common-data 422s libavahi-common3 libbasicobjects0 libc-ares2 libcollection4 libcrack2 422s libdhash1 libevent-2.1-7 libgnutls-dane0 libini-config5 libipa-hbac0 libldb2 422s libnfsidmap1 libnss-sss libpam-pwquality libpam-sss libpath-utils1 422s libpwquality-common libpwquality1 libref-array1 libsmbclient libsofthsm2 422s libsss-certmap0 libsss-idmap0 libsss-nss-idmap0 libtalloc2 libtdb1 422s libtevent0 libunbound8 libwbclient0 python3-sss samba-libs softhsm2 422s softhsm2-common sssd sssd-ad sssd-ad-common sssd-common sssd-ipa sssd-krb5 422s sssd-krb5-common sssd-ldap sssd-proxy 422s 0 upgraded, 46 newly installed, 0 to remove and 0 not upgraded. 422s Need to get 10.4 MB/10.4 MB of archives. 422s After this operation, 40.5 MB of additional disk space will be used. 422s Get:1 /tmp/autopkgtest.3GCwZq/3-autopkgtest-satdep.deb autopkgtest-satdep s390x 0 [744 B] 422s Get:2 http://ftpmaster.internal/ubuntu noble/main s390x libevent-2.1-7 s390x 2.1.12-stable-9 [144 kB] 422s Get:3 http://ftpmaster.internal/ubuntu noble/main s390x libunbound8 s390x 1.19.1-1ubuntu1 [453 kB] 422s Get:4 http://ftpmaster.internal/ubuntu noble/main s390x libgnutls-dane0 s390x 3.8.3-1ubuntu1 [23.6 kB] 422s Get:5 http://ftpmaster.internal/ubuntu noble/universe s390x gnutls-bin s390x 3.8.3-1ubuntu1 [284 kB] 423s Get:6 http://ftpmaster.internal/ubuntu noble/main s390x libavahi-common-data s390x 0.8-13ubuntu2 [29.5 kB] 423s Get:7 http://ftpmaster.internal/ubuntu noble/main s390x libavahi-common3 s390x 0.8-13ubuntu2 [23.8 kB] 423s Get:8 http://ftpmaster.internal/ubuntu noble/main s390x libavahi-client3 s390x 0.8-13ubuntu2 [26.7 kB] 423s Get:9 http://ftpmaster.internal/ubuntu noble/main s390x libcrack2 s390x 2.9.6-5.1 [29.6 kB] 423s Get:10 http://ftpmaster.internal/ubuntu noble/main s390x libtalloc2 s390x 2.4.2-1 [28.3 kB] 423s Get:11 http://ftpmaster.internal/ubuntu noble/main s390x libtdb1 s390x 1.4.10-1 [49.9 kB] 423s Get:12 http://ftpmaster.internal/ubuntu noble/main s390x libtevent0 s390x 0.16.1-1 [43.1 kB] 423s Get:13 http://ftpmaster.internal/ubuntu noble/main s390x libldb2 s390x 2:2.8.0+samba4.19.5+dfsg-1ubuntu1 [191 kB] 423s Get:14 http://ftpmaster.internal/ubuntu noble/main s390x libnfsidmap1 s390x 1:2.6.3-3ubuntu1 [49.0 kB] 423s Get:15 http://ftpmaster.internal/ubuntu noble/main s390x libpwquality-common all 1.4.5-3 [7658 B] 423s Get:16 http://ftpmaster.internal/ubuntu noble/main s390x libpwquality1 s390x 1.4.5-3 [14.7 kB] 423s Get:17 http://ftpmaster.internal/ubuntu noble/main s390x libpam-pwquality s390x 1.4.5-3 [11.6 kB] 423s Get:18 http://ftpmaster.internal/ubuntu noble/main s390x libwbclient0 s390x 2:4.19.5+dfsg-1ubuntu1 [70.3 kB] 423s Get:19 http://ftpmaster.internal/ubuntu noble/main s390x samba-libs s390x 2:4.19.5+dfsg-1ubuntu1 [6231 kB] 425s Get:20 http://ftpmaster.internal/ubuntu noble/universe s390x softhsm2-common s390x 2.6.1-2.2 [5808 B] 425s Get:21 http://ftpmaster.internal/ubuntu noble/universe s390x libsofthsm2 s390x 2.6.1-2.2 [265 kB] 425s Get:22 http://ftpmaster.internal/ubuntu noble/universe s390x softhsm2 s390x 2.6.1-2.2 [174 kB] 425s Get:23 http://ftpmaster.internal/ubuntu noble/main s390x python3-sss s390x 2.9.4-1ubuntu1 [46.6 kB] 425s Get:24 http://ftpmaster.internal/ubuntu noble/main s390x libsss-idmap0 s390x 2.9.4-1ubuntu1 [22.1 kB] 425s Get:25 http://ftpmaster.internal/ubuntu noble/main s390x libnss-sss s390x 2.9.4-1ubuntu1 [32.6 kB] 425s Get:26 http://ftpmaster.internal/ubuntu noble/main s390x libpam-sss s390x 2.9.4-1ubuntu1 [51.9 kB] 425s Get:27 http://ftpmaster.internal/ubuntu noble/main s390x libc-ares2 s390x 1.27.0-1 [79.2 kB] 425s Get:28 http://ftpmaster.internal/ubuntu noble/main s390x libdhash1 s390x 0.6.2-2 [8648 B] 425s Get:29 http://ftpmaster.internal/ubuntu noble/main s390x libbasicobjects0 s390x 0.6.2-2 [5476 B] 425s Get:30 http://ftpmaster.internal/ubuntu noble/main s390x libcollection4 s390x 0.6.2-2 [23.2 kB] 425s Get:31 http://ftpmaster.internal/ubuntu noble/main s390x libpath-utils1 s390x 0.6.2-2 [8994 B] 425s Get:32 http://ftpmaster.internal/ubuntu noble/main s390x libref-array1 s390x 0.6.2-2 [6880 B] 425s Get:33 http://ftpmaster.internal/ubuntu noble/main s390x libini-config5 s390x 0.6.2-2 [45.3 kB] 425s Get:34 http://ftpmaster.internal/ubuntu noble/main s390x libsss-certmap0 s390x 2.9.4-1ubuntu1 [46.7 kB] 425s Get:35 http://ftpmaster.internal/ubuntu noble/main s390x libsss-nss-idmap0 s390x 2.9.4-1ubuntu1 [31.4 kB] 425s Get:36 http://ftpmaster.internal/ubuntu noble/main s390x sssd-common s390x 2.9.4-1ubuntu1 [1125 kB] 425s Get:37 http://ftpmaster.internal/ubuntu noble/main s390x sssd-ad-common s390x 2.9.4-1ubuntu1 [74.8 kB] 425s Get:38 http://ftpmaster.internal/ubuntu noble/main s390x sssd-krb5-common s390x 2.9.4-1ubuntu1 [90.3 kB] 425s Get:39 http://ftpmaster.internal/ubuntu noble/main s390x libsmbclient s390x 2:4.19.5+dfsg-1ubuntu1 [65.1 kB] 425s Get:40 http://ftpmaster.internal/ubuntu noble/main s390x sssd-ad s390x 2.9.4-1ubuntu1 [133 kB] 425s Get:41 http://ftpmaster.internal/ubuntu noble/main s390x libipa-hbac0 s390x 2.9.4-1ubuntu1 [16.8 kB] 425s Get:42 http://ftpmaster.internal/ubuntu noble/main s390x sssd-ipa s390x 2.9.4-1ubuntu1 [215 kB] 425s Get:43 http://ftpmaster.internal/ubuntu noble/main s390x sssd-krb5 s390x 2.9.4-1ubuntu1 [14.4 kB] 425s Get:44 http://ftpmaster.internal/ubuntu noble/main s390x sssd-ldap s390x 2.9.4-1ubuntu1 [31.0 kB] 425s Get:45 http://ftpmaster.internal/ubuntu noble/main s390x sssd-proxy s390x 2.9.4-1ubuntu1 [43.9 kB] 425s Get:46 http://ftpmaster.internal/ubuntu noble/main s390x sssd s390x 2.9.4-1ubuntu1 [4120 B] 425s Fetched 10.4 MB in 4s (2959 kB/s) 425s Selecting previously unselected package libevent-2.1-7:s390x. 426s (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 51736 files and directories currently installed.) 426s Preparing to unpack .../00-libevent-2.1-7_2.1.12-stable-9_s390x.deb ... 426s Unpacking libevent-2.1-7:s390x (2.1.12-stable-9) ... 426s Selecting previously unselected package libunbound8:s390x. 426s Preparing to unpack .../01-libunbound8_1.19.1-1ubuntu1_s390x.deb ... 426s Unpacking libunbound8:s390x (1.19.1-1ubuntu1) ... 426s Selecting previously unselected package libgnutls-dane0:s390x. 426s Preparing to unpack .../02-libgnutls-dane0_3.8.3-1ubuntu1_s390x.deb ... 426s Unpacking libgnutls-dane0:s390x (3.8.3-1ubuntu1) ... 426s Selecting previously unselected package gnutls-bin. 426s Preparing to unpack .../03-gnutls-bin_3.8.3-1ubuntu1_s390x.deb ... 426s Unpacking gnutls-bin (3.8.3-1ubuntu1) ... 426s Selecting previously unselected package libavahi-common-data:s390x. 426s Preparing to unpack .../04-libavahi-common-data_0.8-13ubuntu2_s390x.deb ... 426s Unpacking libavahi-common-data:s390x (0.8-13ubuntu2) ... 426s Selecting previously unselected package libavahi-common3:s390x. 426s Preparing to unpack .../05-libavahi-common3_0.8-13ubuntu2_s390x.deb ... 426s Unpacking libavahi-common3:s390x (0.8-13ubuntu2) ... 426s Selecting previously unselected package libavahi-client3:s390x. 426s Preparing to unpack .../06-libavahi-client3_0.8-13ubuntu2_s390x.deb ... 426s Unpacking libavahi-client3:s390x (0.8-13ubuntu2) ... 426s Selecting previously unselected package libcrack2:s390x. 426s Preparing to unpack .../07-libcrack2_2.9.6-5.1_s390x.deb ... 426s Unpacking libcrack2:s390x (2.9.6-5.1) ... 426s Selecting previously unselected package libtalloc2:s390x. 426s Preparing to unpack .../08-libtalloc2_2.4.2-1_s390x.deb ... 426s Unpacking libtalloc2:s390x (2.4.2-1) ... 426s Selecting previously unselected package libtdb1:s390x. 426s Preparing to unpack .../09-libtdb1_1.4.10-1_s390x.deb ... 426s Unpacking libtdb1:s390x (1.4.10-1) ... 426s Selecting previously unselected package libtevent0:s390x. 426s Preparing to unpack .../10-libtevent0_0.16.1-1_s390x.deb ... 426s Unpacking libtevent0:s390x (0.16.1-1) ... 426s Selecting previously unselected package libldb2:s390x. 426s Preparing to unpack .../11-libldb2_2%3a2.8.0+samba4.19.5+dfsg-1ubuntu1_s390x.deb ... 426s Unpacking libldb2:s390x (2:2.8.0+samba4.19.5+dfsg-1ubuntu1) ... 426s Selecting previously unselected package libnfsidmap1:s390x. 426s Preparing to unpack .../12-libnfsidmap1_1%3a2.6.3-3ubuntu1_s390x.deb ... 426s Unpacking libnfsidmap1:s390x (1:2.6.3-3ubuntu1) ... 426s Selecting previously unselected package libpwquality-common. 426s Preparing to unpack .../13-libpwquality-common_1.4.5-3_all.deb ... 426s Unpacking libpwquality-common (1.4.5-3) ... 426s Selecting previously unselected package libpwquality1:s390x. 426s Preparing to unpack .../14-libpwquality1_1.4.5-3_s390x.deb ... 426s Unpacking libpwquality1:s390x (1.4.5-3) ... 426s Selecting previously unselected package libpam-pwquality:s390x. 426s Preparing to unpack .../15-libpam-pwquality_1.4.5-3_s390x.deb ... 426s Unpacking libpam-pwquality:s390x (1.4.5-3) ... 426s Selecting previously unselected package libwbclient0:s390x. 426s Preparing to unpack .../16-libwbclient0_2%3a4.19.5+dfsg-1ubuntu1_s390x.deb ... 426s Unpacking libwbclient0:s390x (2:4.19.5+dfsg-1ubuntu1) ... 426s Selecting previously unselected package samba-libs:s390x. 426s Preparing to unpack .../17-samba-libs_2%3a4.19.5+dfsg-1ubuntu1_s390x.deb ... 426s Unpacking samba-libs:s390x (2:4.19.5+dfsg-1ubuntu1) ... 426s Selecting previously unselected package softhsm2-common. 426s Preparing to unpack .../18-softhsm2-common_2.6.1-2.2_s390x.deb ... 426s Unpacking softhsm2-common (2.6.1-2.2) ... 426s Selecting previously unselected package libsofthsm2. 426s Preparing to unpack .../19-libsofthsm2_2.6.1-2.2_s390x.deb ... 426s Unpacking libsofthsm2 (2.6.1-2.2) ... 426s Selecting previously unselected package softhsm2. 426s Preparing to unpack .../20-softhsm2_2.6.1-2.2_s390x.deb ... 426s Unpacking softhsm2 (2.6.1-2.2) ... 426s Selecting previously unselected package python3-sss. 426s Preparing to unpack .../21-python3-sss_2.9.4-1ubuntu1_s390x.deb ... 426s Unpacking python3-sss (2.9.4-1ubuntu1) ... 426s Selecting previously unselected package libsss-idmap0. 426s Preparing to unpack .../22-libsss-idmap0_2.9.4-1ubuntu1_s390x.deb ... 426s Unpacking libsss-idmap0 (2.9.4-1ubuntu1) ... 426s Selecting previously unselected package libnss-sss:s390x. 426s Preparing to unpack .../23-libnss-sss_2.9.4-1ubuntu1_s390x.deb ... 426s Unpacking libnss-sss:s390x (2.9.4-1ubuntu1) ... 426s Selecting previously unselected package libpam-sss:s390x. 426s Preparing to unpack .../24-libpam-sss_2.9.4-1ubuntu1_s390x.deb ... 426s Unpacking libpam-sss:s390x (2.9.4-1ubuntu1) ... 426s Selecting previously unselected package libc-ares2:s390x. 426s Preparing to unpack .../25-libc-ares2_1.27.0-1_s390x.deb ... 426s Unpacking libc-ares2:s390x (1.27.0-1) ... 426s Selecting previously unselected package libdhash1:s390x. 426s Preparing to unpack .../26-libdhash1_0.6.2-2_s390x.deb ... 426s Unpacking libdhash1:s390x (0.6.2-2) ... 426s Selecting previously unselected package libbasicobjects0:s390x. 426s Preparing to unpack .../27-libbasicobjects0_0.6.2-2_s390x.deb ... 426s Unpacking libbasicobjects0:s390x (0.6.2-2) ... 426s Selecting previously unselected package libcollection4:s390x. 426s Preparing to unpack .../28-libcollection4_0.6.2-2_s390x.deb ... 426s Unpacking libcollection4:s390x (0.6.2-2) ... 426s Selecting previously unselected package libpath-utils1:s390x. 426s Preparing to unpack .../29-libpath-utils1_0.6.2-2_s390x.deb ... 426s Unpacking libpath-utils1:s390x (0.6.2-2) ... 426s Selecting previously unselected package libref-array1:s390x. 426s Preparing to unpack .../30-libref-array1_0.6.2-2_s390x.deb ... 426s Unpacking libref-array1:s390x (0.6.2-2) ... 426s Selecting previously unselected package libini-config5:s390x. 426s Preparing to unpack .../31-libini-config5_0.6.2-2_s390x.deb ... 426s Unpacking libini-config5:s390x (0.6.2-2) ... 426s Selecting previously unselected package libsss-certmap0. 426s Preparing to unpack .../32-libsss-certmap0_2.9.4-1ubuntu1_s390x.deb ... 426s Unpacking libsss-certmap0 (2.9.4-1ubuntu1) ... 426s Selecting previously unselected package libsss-nss-idmap0. 426s Preparing to unpack .../33-libsss-nss-idmap0_2.9.4-1ubuntu1_s390x.deb ... 426s Unpacking libsss-nss-idmap0 (2.9.4-1ubuntu1) ... 426s Selecting previously unselected package sssd-common. 426s Preparing to unpack .../34-sssd-common_2.9.4-1ubuntu1_s390x.deb ... 426s Unpacking sssd-common (2.9.4-1ubuntu1) ... 426s Selecting previously unselected package sssd-ad-common. 426s Preparing to unpack .../35-sssd-ad-common_2.9.4-1ubuntu1_s390x.deb ... 426s Unpacking sssd-ad-common (2.9.4-1ubuntu1) ... 426s Selecting previously unselected package sssd-krb5-common. 426s Preparing to unpack .../36-sssd-krb5-common_2.9.4-1ubuntu1_s390x.deb ... 426s Unpacking sssd-krb5-common (2.9.4-1ubuntu1) ... 426s Selecting previously unselected package libsmbclient:s390x. 426s Preparing to unpack .../37-libsmbclient_2%3a4.19.5+dfsg-1ubuntu1_s390x.deb ... 426s Unpacking libsmbclient:s390x (2:4.19.5+dfsg-1ubuntu1) ... 426s Selecting previously unselected package sssd-ad. 426s Preparing to unpack .../38-sssd-ad_2.9.4-1ubuntu1_s390x.deb ... 426s Unpacking sssd-ad (2.9.4-1ubuntu1) ... 427s Selecting previously unselected package libipa-hbac0. 427s Preparing to unpack .../39-libipa-hbac0_2.9.4-1ubuntu1_s390x.deb ... 427s Unpacking libipa-hbac0 (2.9.4-1ubuntu1) ... 427s Selecting previously unselected package sssd-ipa. 427s Preparing to unpack .../40-sssd-ipa_2.9.4-1ubuntu1_s390x.deb ... 427s Unpacking sssd-ipa (2.9.4-1ubuntu1) ... 427s Selecting previously unselected package sssd-krb5. 427s Preparing to unpack .../41-sssd-krb5_2.9.4-1ubuntu1_s390x.deb ... 427s Unpacking sssd-krb5 (2.9.4-1ubuntu1) ... 427s Selecting previously unselected package sssd-ldap. 427s Preparing to unpack .../42-sssd-ldap_2.9.4-1ubuntu1_s390x.deb ... 427s Unpacking sssd-ldap (2.9.4-1ubuntu1) ... 427s Selecting previously unselected package sssd-proxy. 427s Preparing to unpack .../43-sssd-proxy_2.9.4-1ubuntu1_s390x.deb ... 427s Unpacking sssd-proxy (2.9.4-1ubuntu1) ... 427s Selecting previously unselected package sssd. 427s Preparing to unpack .../44-sssd_2.9.4-1ubuntu1_s390x.deb ... 427s Unpacking sssd (2.9.4-1ubuntu1) ... 427s Selecting previously unselected package autopkgtest-satdep. 427s Preparing to unpack .../45-3-autopkgtest-satdep.deb ... 427s Unpacking autopkgtest-satdep (0) ... 427s Setting up libpwquality-common (1.4.5-3) ... 427s Setting up libpath-utils1:s390x (0.6.2-2) ... 427s Setting up softhsm2-common (2.6.1-2.2) ... 427s 427s Creating config file /etc/softhsm/softhsm2.conf with new version 427s Setting up libnfsidmap1:s390x (1:2.6.3-3ubuntu1) ... 427s Setting up libsss-idmap0 (2.9.4-1ubuntu1) ... 427s Setting up libbasicobjects0:s390x (0.6.2-2) ... 427s Setting up libtdb1:s390x (1.4.10-1) ... 427s Setting up libc-ares2:s390x (1.27.0-1) ... 427s Setting up libwbclient0:s390x (2:4.19.5+dfsg-1ubuntu1) ... 427s Setting up libtalloc2:s390x (2.4.2-1) ... 427s Setting up libdhash1:s390x (0.6.2-2) ... 427s Setting up libtevent0:s390x (0.16.1-1) ... 427s Setting up libavahi-common-data:s390x (0.8-13ubuntu2) ... 427s Setting up libevent-2.1-7:s390x (2.1.12-stable-9) ... 427s Setting up libcrack2:s390x (2.9.6-5.1) ... 427s Setting up libcollection4:s390x (0.6.2-2) ... 427s Setting up libipa-hbac0 (2.9.4-1ubuntu1) ... 427s Setting up libref-array1:s390x (0.6.2-2) ... 427s Setting up libldb2:s390x (2:2.8.0+samba4.19.5+dfsg-1ubuntu1) ... 427s Setting up libsss-nss-idmap0 (2.9.4-1ubuntu1) ... 427s Setting up libnss-sss:s390x (2.9.4-1ubuntu1) ... 427s Setting up libsofthsm2 (2.6.1-2.2) ... 427s Setting up softhsm2 (2.6.1-2.2) ... 427s Setting up libini-config5:s390x (0.6.2-2) ... 427s Setting up libavahi-common3:s390x (0.8-13ubuntu2) ... 427s Setting up python3-sss (2.9.4-1ubuntu1) ... 427s Setting up libsss-certmap0 (2.9.4-1ubuntu1) ... 427s Setting up libunbound8:s390x (1.19.1-1ubuntu1) ... 427s Setting up libpwquality1:s390x (1.4.5-3) ... 427s Setting up libavahi-client3:s390x (0.8-13ubuntu2) ... 427s Setting up libgnutls-dane0:s390x (3.8.3-1ubuntu1) ... 427s Setting up libpam-pwquality:s390x (1.4.5-3) ... 427s Setting up samba-libs:s390x (2:4.19.5+dfsg-1ubuntu1) ... 427s Setting up libsmbclient:s390x (2:4.19.5+dfsg-1ubuntu1) ... 427s Setting up libpam-sss:s390x (2.9.4-1ubuntu1) ... 427s Setting up gnutls-bin (3.8.3-1ubuntu1) ... 427s Setting up sssd-common (2.9.4-1ubuntu1) ... 427s Creating SSSD system user & group... 428s warn: The home directory `/var/lib/sss' already exists. Not touching this directory. 428s warn: Warning: The home directory `/var/lib/sss' does not belong to the user you are currently creating. 428s Warning: found usr.sbin.sssd in /etc/apparmor.d/force-complain, forcing complain mode 428s Warning from /etc/apparmor.d/usr.sbin.sssd (/etc/apparmor.d/usr.sbin.sssd line 63): Caching disabled for: 'usr.sbin.sssd' due to force complain 428s Created symlink /etc/systemd/system/sssd.service.wants/sssd-autofs.socket → /usr/lib/systemd/system/sssd-autofs.socket. 428s Created symlink /etc/systemd/system/sssd.service.wants/sssd-nss.socket → /usr/lib/systemd/system/sssd-nss.socket. 429s Created symlink /etc/systemd/system/sssd.service.wants/sssd-pam-priv.socket → /usr/lib/systemd/system/sssd-pam-priv.socket. 429s Created symlink /etc/systemd/system/sssd.service.wants/sssd-pam.socket → /usr/lib/systemd/system/sssd-pam.socket. 429s Created symlink /etc/systemd/system/sssd.service.wants/sssd-ssh.socket → /usr/lib/systemd/system/sssd-ssh.socket. 429s Created symlink /etc/systemd/system/sssd.service.wants/sssd-sudo.socket → /usr/lib/systemd/system/sssd-sudo.socket. 430s Created symlink /etc/systemd/system/multi-user.target.wants/sssd.service → /usr/lib/systemd/system/sssd.service. 430s sssd-autofs.service is a disabled or a static unit, not starting it. 430s sssd-nss.service is a disabled or a static unit, not starting it. 430s sssd-pam.service is a disabled or a static unit, not starting it. 430s sssd-ssh.service is a disabled or a static unit, not starting it. 430s sssd-sudo.service is a disabled or a static unit, not starting it. 430s Could not execute systemctl: at /usr/bin/deb-systemd-invoke line 148. 430s Setting up sssd-proxy (2.9.4-1ubuntu1) ... 430s Setting up sssd-ad-common (2.9.4-1ubuntu1) ... 430s Created symlink /etc/systemd/system/sssd.service.wants/sssd-pac.socket → /usr/lib/systemd/system/sssd-pac.socket. 431s sssd-pac.service is a disabled or a static unit, not starting it. 431s Could not execute systemctl: at /usr/bin/deb-systemd-invoke line 148. 431s Setting up sssd-krb5-common (2.9.4-1ubuntu1) ... 431s Setting up sssd-krb5 (2.9.4-1ubuntu1) ... 431s Setting up sssd-ldap (2.9.4-1ubuntu1) ... 431s Setting up sssd-ad (2.9.4-1ubuntu1) ... 431s Setting up sssd-ipa (2.9.4-1ubuntu1) ... 431s Setting up sssd (2.9.4-1ubuntu1) ... 431s Setting up autopkgtest-satdep (0) ... 431s Processing triggers for man-db (2.12.0-3) ... 432s Processing triggers for libc-bin (2.39-0ubuntu6) ... 435s (Reading database ... 52324 files and directories currently installed.) 435s Removing autopkgtest-satdep (0) ... 443s autopkgtest [21:40:10]: test sssd-softhism2-certificates-tests.sh: [----------------------- 443s + '[' -z ubuntu ']' 443s + required_tools=(p11tool openssl softhsm2-util) 443s + for cmd in "${required_tools[@]}" 443s + command -v p11tool 443s + for cmd in "${required_tools[@]}" 443s + command -v openssl 443s + for cmd in "${required_tools[@]}" 443s + command -v softhsm2-util 443s + PIN=053350 443s +++ find /usr/lib/softhsm/libsofthsm2.so 443s +++ head -n 1 443s ++ realpath /usr/lib/softhsm/libsofthsm2.so 443s + SOFTHSM2_MODULE=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so 443s + SSSD_P11_CHILD=/usr/libexec/sssd/p11_child 443s + TOKEN_ID=00112233445566778899FFAABBCCDDEEFF012345 443s + '[' '!' -v NO_SSSD_TESTS ']' 443s + '[' '!' -x /usr/libexec/sssd/p11_child ']' 443s + ca_db_arg=ca_db 443s ++ /usr/libexec/sssd/p11_child --help 443s + p11_child_help='Usage: p11_child [OPTION...] 443s -d, --debug-level=INT Debug level 443s --debug-timestamps=INT Add debug timestamps 443s --debug-microseconds=INT Show timestamps with microseconds 443s --dumpable=INT Allow core dumps 443s --debug-fd=INT An open file descriptor for the debug 443s logs 443s --logger=stderr|files|journald Set logger 443s --auth Run in auth mode 443s --pre Run in pre-auth mode 443s --wait_for_card Wait until card is available 443s --verification Run in verification mode 443s --pin Expect PIN on stdin 443s --keypad Expect PIN on keypad 443s --verify=STRING Tune validation 443s --ca_db=STRING CA DB to use 443s --module_name=STRING Module name for authentication 443s --token_name=STRING Token name for authentication 443s --key_id=STRING Key ID for authentication 443s --label=STRING Label for authentication 443s --certificate=STRING certificate to verify, base64 encoded 443s --uri=STRING PKCS#11 URI to restrict selection 443s --chain-id=LONG Tevent chain ID used for logging 443s purposes 443s 443s Help options: 443s -?, --help Show this help message 443s --usage Display brief usage message' 443s + echo 'Usage: p11_child [OPTION...] 443s -d, --debug-level=INT Debug level 443s --debug-timestamps=INT Add debug timestamps 443s --debug-microseconds=INT Show timestamps with microseconds 443s --dumpable=INT Allow core dumps 443s --debug-fd=INT An open file descriptor for the debug 443s logs 443s --logger=stderr|files|journald Set logger 443s --auth Run in auth mode 443s --pre Run in pre-auth mode 443s --wait_for_card Wait until card is available 443s --verification Run in verification mode 443s --pin Expect PIN on stdin 443s --keypad Expect PIN on keypad 443s --verify=STRING Tune validation 443s --ca_db=STRING CA DB to use 443s --module_name=STRING Module name for authentication 443s --token_name=STRING Token name for authentication 443s --key_id=STRING Key ID for authentication 443s --label=STRING Label for authentication 443s --certificate=STRING certificate to verify, base64 encoded 443s --uri=STRING PKCS#11 URI to restrict selection 443s --chain-id=LONG Tevent chain ID used for logging 443s purposes 443s 443s Help options: 443s -?, --help Show this help message 443s --usage Display brief usage message' 443s + grep nssdb -qs 443s + echo 'Usage: p11_child [OPTION...] 443s -d, --debug-level=INT Debug level 443s + grep -qs -- --ca_db 443s --debug-timestamps=INT Add debug timestamps 443s --debug-microseconds=INT Show timestamps with microseconds 443s --dumpable=INT Allow core dumps 443s --debug-fd=INT An open file descriptor for the debug 443s logs 443s --logger=stderr|files|journald Set logger 443s --auth Run in auth mode 443s --pre Run in pre-auth mode 443s --wait_for_card Wait until card is available 443s --verification Run in verification mode 443s --pin Expect PIN on stdin 443s --keypad Expect PIN on keypad 443s --verify=STRING Tune validation 443s --ca_db=STRING CA DB to use 443s --module_name=STRING Module name for authentication 443s --token_name=STRING Token name for authentication 443s --key_id=STRING Key ID for authentication 443s --label=STRING Label for authentication 443s --certificate=STRING certificate to verify, base64 encoded 443s --uri=STRING PKCS#11 URI to restrict selection 443s --chain-id=LONG Tevent chain ID used for logging 443s purposes 443s 443s Help options: 443s -?, --help Show this help message 443s --usage Display brief usage message' 443s + '[' '!' -e /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so ']' 443s ++ mktemp -d -t sssd-softhsm2-XXXXXX 443s + tmpdir=/tmp/sssd-softhsm2-TfOciM 443s + keys_size=1024 443s + [[ ! -v KEEP_TEMPORARY_FILES ]] 443s + trap 'rm -rf "$tmpdir"' EXIT 443s + trap 'set +x; echo -e "\nUnexpected failure!!!"' ERR 443s + echo -n 01 443s + touch /tmp/sssd-softhsm2-TfOciM/index.txt 443s + mkdir -p /tmp/sssd-softhsm2-TfOciM/new_certs 443s + cat 443s + root_ca_key_pass=pass:random-root-CA-password-21202 443s + openssl genrsa -aes256 -out /tmp/sssd-softhsm2-TfOciM/test-root-CA-key.pem -passout pass:random-root-CA-password-21202 1024 443s + openssl req -passin pass:random-root-CA-password-21202 -batch -config /tmp/sssd-softhsm2-TfOciM/test-root-CA.config -x509 -new -nodes -key /tmp/sssd-softhsm2-TfOciM/test-root-CA-key.pem -sha256 -days 1024 -set_serial 0 -extensions v3_ca -out /tmp/sssd-softhsm2-TfOciM/test-root-CA.pem 443s + openssl x509 -noout -in /tmp/sssd-softhsm2-TfOciM/test-root-CA.pem 443s + cat 443s + intermediate_ca_key_pass=pass:random-intermediate-CA-password-11356 443s + openssl genrsa -aes256 -out /tmp/sssd-softhsm2-TfOciM/test-intermediate-CA-key.pem -passout pass:random-intermediate-CA-password-11356 1024 443s + openssl req -batch -new -nodes -passin pass:random-intermediate-CA-password-11356 -config /tmp/sssd-softhsm2-TfOciM/test-intermediate-CA.config -key /tmp/sssd-softhsm2-TfOciM/test-intermediate-CA-key.pem -passout pass:random-root-CA-password-21202 -sha256 -extensions v3_ca -out /tmp/sssd-softhsm2-TfOciM/test-intermediate-CA-certificate-request.pem 443s + openssl req -text -noout -in /tmp/sssd-softhsm2-TfOciM/test-intermediate-CA-certificate-request.pem 443s Certificate Request: 443s Data: 443s Version: 1 (0x0) 443s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate CA 443s Subject Public Key Info: 443s Public Key Algorithm: rsaEncryption 443s Public-Key: (1024 bit) 443s Modulus: 443s 00:c8:d5:59:47:0a:66:c3:fe:f9:95:3e:5a:03:30: 443s 43:86:dc:8f:55:7d:07:b2:a9:65:ad:ca:28:c8:df: 443s 04:5c:b9:b6:35:0d:42:3e:62:62:b2:6c:43:34:ab: 443s 6d:2d:e0:98:a6:c1:69:b8:fa:4e:5e:18:2f:f2:01: 443s 43:b3:43:33:af:7b:d7:9c:59:6a:5c:a7:7b:ac:f4: 443s 8d:c2:14:a1:89:95:94:13:97:84:58:4f:d8:88:6a: 443s 40:3d:6e:56:9b:d9:0f:da:99:ca:08:2c:e7:33:52: 443s cb:19:ab:c6:0e:7c:76:f6:d5:cc:21:e3:f4:50:99: 443s a1:91:59:8e:45:d3:6b:bc:31 443s Exponent: 65537 (0x10001) 443s Attributes: 443s (none) 443s Requested Extensions: 443s Signature Algorithm: sha256WithRSAEncryption 443s Signature Value: 443s 76:23:e0:52:38:cd:8b:6b:6b:58:04:02:b0:5a:71:7f:17:76: 443s b2:d8:b9:54:85:1c:50:d6:b4:ef:b8:44:80:38:c0:f6:4e:50: 443s 6d:c6:07:2b:22:d1:18:a7:f5:ea:fa:9a:ae:9f:f8:f9:6a:ff: 443s 57:44:57:fc:46:3e:38:8b:e7:9f:d6:71:23:6a:e7:d5:c0:93: 443s 88:ab:15:36:25:00:18:a1:a2:f5:41:96:5f:21:48:ba:2b:04: 443s 01:12:58:1f:78:23:5d:a7:3d:64:ba:12:76:f0:d3:93:e1:27: 443s da:a9:14:4c:ad:6f:db:c0:2e:70:3d:56:4c:01:e0:ab:7a:df: 443s ac:a7 443s + openssl ca -batch -notext -config /tmp/sssd-softhsm2-TfOciM/test-root-CA.config -passin pass:random-root-CA-password-21202 -keyfile /tmp/sssd-softhsm2-TfOciM/test-root-CA-key.pem -in /tmp/sssd-softhsm2-TfOciM/test-intermediate-CA-certificate-request.pem -days 365 -extensions v3_intermediate_ca -out /tmp/sssd-softhsm2-TfOciM/test-intermediate-CA.pem 443s Using configuration from /tmp/sssd-softhsm2-TfOciM/test-root-CA.config 443s Check that the request matches the signature 443s Signature ok 443s Certificate Details: 443s Serial Number: 1 (0x1) 443s Validity 443s Not Before: Mar 23 21:40:10 2024 GMT 443s Not After : Mar 23 21:40:10 2025 GMT 443s Subject: 443s organizationName = Test Organization 443s organizationalUnitName = Test Organization Unit 443s commonName = Test Organization Intermediate CA 443s X509v3 extensions: 443s X509v3 Subject Key Identifier: 443s 20:70:79:02:BD:06:DF:7F:5D:B6:B6:40:C8:70:2D:07:B4:A5:59:35 443s X509v3 Authority Key Identifier: 443s keyid:EF:46:F6:ED:E8:62:00:86:DC:6C:28:F1:15:19:41:B1:5A:FC:51:54 443s DirName:/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root CA 443s serial:00 443s X509v3 Basic Constraints: 443s CA:TRUE 443s X509v3 Key Usage: critical 443s Digital Signature, Certificate Sign, CRL Sign 443s Certificate is to be certified until Mar 23 21:40:10 2025 GMT (365 days) 443s 443s Write out database with 1 new entries 443s Database updated 443s + openssl x509 -noout -in /tmp/sssd-softhsm2-TfOciM/test-intermediate-CA.pem 443s + openssl verify -CAfile /tmp/sssd-softhsm2-TfOciM/test-root-CA.pem /tmp/sssd-softhsm2-TfOciM/test-intermediate-CA.pem 443s /tmp/sssd-softhsm2-TfOciM/test-intermediate-CA.pem: OK 443s + cat 443s + sub_intermediate_ca_key_pass=pass:random-sub-intermediate-CA-password-14153 443s + openssl genrsa -aes256 -out /tmp/sssd-softhsm2-TfOciM/test-sub-intermediate-CA-key.pem -passout pass:random-sub-intermediate-CA-password-14153 1024 443s + openssl req -batch -new -nodes -passin pass:random-sub-intermediate-CA-password-14153 -config /tmp/sssd-softhsm2-TfOciM/test-sub-intermediate-CA.config -key /tmp/sssd-softhsm2-TfOciM/test-sub-intermediate-CA-key.pem -passout pass:random-intermediate-CA-password-11356 -sha256 -extensions v3_ca -out /tmp/sssd-softhsm2-TfOciM/test-sub-intermediate-CA-certificate-request.pem 443s + openssl req -text -noout -in /tmp/sssd-softhsm2-TfOciM/test-sub-intermediate-CA-certificate-request.pem 443s Certificate Request: 443s Data: 443s Version: 1 (0x0) 443s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate CA 443s Subject Public Key Info: 443s Public Key Algorithm: rsaEncryption 443s Public-Key: (1024 bit) 443s Modulus: 443s 00:c6:4d:bf:bf:9b:44:11:29:4f:26:39:5a:84:f6: 443s 7d:8c:e0:41:f4:e7:b6:b8:a5:ef:5b:f2:07:21:26: 443s bc:5a:39:16:e8:bc:1d:68:60:c3:1f:d2:b0:e3:4e: 443s 6c:cb:d0:f2:e4:53:78:d3:9b:03:0d:c5:eb:38:d1: 443s e6:f6:70:de:91:a2:c5:ec:7b:17:cb:6d:f6:0e:d5: 443s 57:3e:c4:16:89:cb:ff:a4:bb:1a:f7:37:93:c6:0c: 443s 78:a0:04:05:fb:6c:13:0e:75:b9:16:d2:bb:de:7e: 443s ca:83:a3:83:7d:05:ee:19:14:be:85:63:46:2b:c2: 443s 6c:b2:49:27:3c:86:57:7b:2d 443s Exponent: 65537 (0x10001) 443s Attributes: 443s (none) 443s Requested Extensions: 443s Signature Algorithm: sha256WithRSAEncryption 443s Signature Value: 443s 01:d6:ef:93:99:48:80:8b:b8:20:1c:01:c1:a0:2f:c4:d8:a4: 443s b4:2e:f7:d4:05:b9:1b:b9:d6:ed:b1:22:1d:69:ed:de:de:5d: 443s 30:fd:f3:de:14:92:1e:d1:f6:11:16:70:b6:cd:24:92:e1:87: 443s 59:6c:9a:d9:a3:a1:a2:08:ae:57:ea:13:d0:67:b6:f8:c7:7f: 443s cb:5c:78:97:a5:05:3d:59:e0:ac:3f:32:e8:8b:a5:85:10:c5: 443s ff:14:7c:8f:1a:4d:8c:72:6f:6f:e3:42:27:66:84:8b:27:bb: 443s fe:af:c6:8d:51:49:13:1c:1d:6d:57:7f:d8:a8:bd:89:52:e4: 443s 2a:07 443s + openssl ca -batch -notext -config /tmp/sssd-softhsm2-TfOciM/test-intermediate-CA.config -passin pass:random-intermediate-CA-password-11356 -keyfile /tmp/sssd-softhsm2-TfOciM/test-intermediate-CA-key.pem -in /tmp/sssd-softhsm2-TfOciM/test-sub-intermediate-CA-certificate-request.pem -days 365 -extensions v3_intermediate_ca -out /tmp/sssd-softhsm2-TfOciM/test-sub-intermediate-CA.pem 443s Using configuration from /tmp/sssd-softhsm2-TfOciM/test-intermediate-CA.config 443s Check that the request matches the signature 443s Signature ok 443s Certificate Details: 443s Serial Number: 2 (0x2) 443s Validity 443s Not Before: Mar 23 21:40:10 2024 GMT 443s Not After : Mar 23 21:40:10 2025 GMT 443s Subject: 443s organizationName = Test Organization 443s organizationalUnitName = Test Organization Unit 443s commonName = Test Organization /tmp/sssd-softhsm2-TfOciM/test-sub-intermediate-CA.pem: OK 443s Sub Intermediate CA 443s X509v3 extensions: 443s X509v3 Subject Key Identifier: 443s 3E:C1:42:E9:19:80:E4:62:32:D5:1E:12:70:63:30:C5:83:4D:E2:10 443s X509v3 Authority Key Identifier: 443s keyid:20:70:79:02:BD:06:DF:7F:5D:B6:B6:40:C8:70:2D:07:B4:A5:59:35 443s DirName:/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root CA 443s serial:01 443s X509v3 Basic Constraints: 443s CA:TRUE 443s X509v3 Key Usage: critical 443s Digital Signature, Certificate Sign, CRL Sign 443s Certificate is to be certified until Mar 23 21:40:10 2025 GMT (365 days) 443s 443s Write out database with 1 new entries 443s Database updated 443s + openssl x509 -noout -in /tmp/sssd-softhsm2-TfOciM/test-sub-intermediate-CA.pem 443s + openssl verify -partial_chain -CAfile /tmp/sssd-softhsm2-TfOciM/test-intermediate-CA.pem /tmp/sssd-softhsm2-TfOciM/test-sub-intermediate-CA.pem 443s + expect_fail openssl verify -CAfile /tmp/sssd-softhsm2-TfOciM/test-root-CA.pem /tmp/sssd-softhsm2-TfOciM/test-sub-intermediate-CA.pem 443s + local cmd=openssl 443s + shift 443s + openssl verify -CAfile /tmp/sssd-softhsm2-TfOciM/test-root-CA.pem /tmp/sssd-softhsm2-TfOciM/test-sub-intermediate-CA.pem 443s O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate CA 443s error 20 at 0 depth lookup: unable to get local issuer certificate 443s error /tmp/sssd-softhsm2-TfOciM/test-sub-intermediate-CA.pem: verification failed 443s + cat 443s + root_ca_trusted_cert_0001_key_pass=pass:random-root-ca-trusted-cert-0001-277 443s + openssl genrsa -aes256 -out /tmp/sssd-softhsm2-TfOciM/test-root-CA-trusted-certificate-0001-key.pem -passout pass:random-root-ca-trusted-cert-0001-277 1024 443s + openssl req -new -nodes -reqexts req_exts -passin pass:random-root-ca-trusted-cert-0001-277 -key /tmp/sssd-softhsm2-TfOciM/test-root-CA-trusted-certificate-0001-key.pem -config /tmp/sssd-softhsm2-TfOciM/test-root-CA-trusted-certificate-0001.config -out /tmp/sssd-softhsm2-TfOciM/test-root-CA-trusted-certificate-0001-request.pem 443s + openssl req -text -noout -in /tmp/sssd-softhsm2-TfOciM/test-root-CA-trusted-certificate-0001-request.pem 443s Certificate Request: 443s Data: 443s Version: 1 (0x0) 443s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root Trusted Certificate 0001 443s Subject Public Key Info: 443s Public Key Algorithm: rsaEncryption 443s Public-Key: (1024 bit) 443s Modulus: 443s 00:b8:69:4a:91:be:db:5d:31:8c:54:3d:f0:07:ea: 443s c2:35:5f:d0:2d:0e:08:58:a0:f5:65:74:29:91:04: 443s 49:3f:58:07:29:eb:4b:62:c7:c8:e4:76:19:cf:41: 443s 19:b0:a0:0e:98:cf:1c:c8:c8:79:f6:f4:ee:d2:a4: 443s df:0c:4b:ce:84:57:1d:85:41:4d:6b:94:fa:07:16: 443s 1f:56:ef:66:74:8c:80:96:3c:02:55:c7:f4:6a:a2: 443s e9:37:c0:41:f2:86:c8:aa:89:8d:23:bf:a2:2d:ba: 443s 38:b3:64:12:de:52:48:73:f8:96:b4:a4:1a:1b:e4: 443s 3a:ef:e1:87:3f:2f:79:4c:b9 443s Exponent: 65537 (0x10001) 443s Attributes: 443s Requested Extensions: 443s X509v3 Basic Constraints: 443s CA:FALSE 443s Netscape Cert Type: 443s SSL Client, S/MIME 443s Netscape Comment: 443s Test Organization Root CA trusted Certificate 443s X509v3 Subject Key Identifier: 443s 0C:14:F1:72:8B:E0:06:02:9D:97:F3:F4:0F:53:8B:CC:6D:A1:AC:51 443s X509v3 Key Usage: critical 443s Digital Signature, Non Repudiation, Key Encipherment 443s X509v3 Extended Key Usage: 443s TLS Web Client Authentication, E-mail Protection 443s X509v3 Subject Alternative Name: 443s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 443s Signature Algorithm: sha256WithRSAEncryption 443s Signature Value: 443s 16:15:c9:2d:b1:fe:20:9e:16:83:e5:11:04:7e:09:72:6c:19: 443s c0:9d:67:50:9e:95:79:7f:9a:42:1c:1e:2e:14:ef:bd:0d:b0: 443s ae:00:09:50:53:ec:50:8a:cd:4f:b4:5d:ee:f0:4c:22:ab:c3: 443s dc:cc:34:39:d6:88:64:f3:08:85:ef:a0:d6:e4:ba:bc:ea:67: 443s b8:24:b5:7f:e9:aa:a1:b4:3f:52:2f:fe:d2:c4:6e:4b:ff:30: 443s 0f:c2:b4:2c:eb:7d:c0:59:d4:21:67:86:79:a4:1e:7f:61:3f: 443s e3:9f:89:ed:7c:e1:7f:9d:f1:13:34:f3:40:e8:3b:63:46:85: 443s 80:17 443s + openssl ca -batch -notext -config /tmp/sssd-softhsm2-TfOciM/test-root-CA.config -passin pass:random-root-CA-password-21202 -keyfile /tmp/sssd-softhsm2-TfOciM/test-root-CA-key.pem -in /tmp/sssd-softhsm2-TfOciM/test-root-CA-trusted-certificate-0001-request.pem -days 365 -extensions usr_cert -out /tmp/sssd-softhsm2-TfOciM/test-root-CA-trusted-certificate-0001.pem 443s Using configuration from /tmp/sssd-softhsm2-TfOciM/test-root-CA.config 443s Check that the request matches the signature 443s Signature ok 443s Certificate Details: 443s Serial Number: 3 (0x3) 443s Validity 443s Not Before: Mar 23 21:40:10 2024 GMT 443s Not After : Mar 23 21:40:10 2025 GMT 443s Subject: 443s organizationName = Test Organization 443s organizationalUnitName = Test Organization Unit 443s commonName = Test Organization Root Trusted Certificate 0001 443s X509v3 extensions: 443s X509v3 Authority Key Identifier: 443s EF:46:F6:ED:E8:62:00:86:DC:6C:28:F1:15:19:41:B1:5A:FC:51:54 443s X509v3 Basic Constraints: 443s CA:FALSE 443s Netscape Cert Type: 443s SSL Client, S/MIME 443s Netscape Comment: 443s Test Organization Root CA trusted Certificate 443s X509v3 Subject Key Identifier: 443s 0C:14:F1:72:8B:E0:06:02:9D:97:F3:F4:0F:53:8B:CC:6D:A1:AC:51 443s X509v3 Key Usage: critical 443s Digital Signature, Non Repudiation, Key Encipherment 443s X509v3 Extended Key Usage: 443s TLS Web Client Authentication, E-mail Protection 443s X509v3 Subject Alternative Name: 443s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 443s Certificate is to be certified until Mar 23 21:40:10 2025 GMT (365 days) 443s 443s Write out database with 1 new entries 443s Database updated 443s + openssl x509 -noout -in /tmp/sssd-softhsm2-TfOciM/test-root-CA-trusted-certificate-0001.pem 443s + openssl verify -CAfile /tmp/sssd-softhsm2-TfOciM/test-root-CA.pem /tmp/sssd-softhsm2-TfOciM/test-root-CA-trusted-certificate-0001.pem 443s /tmp/sssd-softhsm2-TfOciM/test-root-CA-trusted-certificate-0001.pem: OK 443s + expect_fail openssl verify -CAfile /tmp/sssd-softhsm2-TfOciM/test-intermediate-CA.pem /tmp/sssd-softhsm2-TfOciM/test-root-CA-trusted-certificate-0001.pem 443s + local cmd=openssl 443s + shift 443s + openssl verify -CAfile /tmp/sssd-softhsm2-TfOciM/test-intermediate-CA.pem /tmp/sssd-softhsm2-TfOciM/test-root-CA-trusted-certificate-0001.pem 443s O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root Trusted Certificate 0001 443s error 20 at 0 depth lookup: unable to get local issuer certificate 443s error /tmp/sssd-softhsm2-TfOciM/test-root-CA-trusted-certificate-0001.pem: verification failed 443s + cat 443s + intermediate_ca_trusted_cert_0001_key_pass=pass:random-intermediate-ca-trusted-cert-0001-32650 443s + openssl genrsa -aes256 -out /tmp/sssd-softhsm2-TfOciM/test-intermediate-CA-trusted-certificate-0001-key.pem -passout pass:random-intermediate-ca-trusted-cert-0001-32650 1024 443s + openssl req -new -nodes -reqexts req_exts -passin pass:random-intermediate-ca-trusted-cert-0001-32650 -key /tmp/sssd-softhsm2-TfOciM/test-intermediate-CA-trusted-certificate-0001-key.pem -config /tmp/sssd-softhsm2-TfOciM/test-intermediate-CA-trusted-certificate-0001.config -out /tmp/sssd-softhsm2-TfOciM/test-intermediate-CA-trusted-certificate-0001-request.pem 443s + openssl req -text -noout -in /tmp/sssd-softhsm2-TfOciM/test-intermediate-CA-trusted-certificate-0001-request.pem 443s Certificate Request: 443s Data: 443s Version: 1 (0x0) 443s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate Trusted Certificate 0001 443s Subject Public Key Info: 443s Public Key Algorithm: rsaEncryption 443s Public-Key: (1024 bit) 443s Modulus: 443s 00:a4:14:a0:5d:7c:8a:38:1c:fd:d1:3d:4b:8c:c2: 443s e2:33:9a:6a:28:3a:33:83:98:ac:77:cb:01:7f:07: 443s d4:f3:72:7b:2f:80:88:e3:4f:f1:29:cb:c0:90:e1: 443s 7a:e2:bb:14:d4:26:1c:df:d6:5b:bd:ae:ad:77:86: 443s b6:d8:11:dd:e7:61:7d:7b:23:da:dc:28:e9:53:ae: 443s 93:bf:22:53:8b:f0:1f:3a:dd:d7:ae:fd:0c:3c:6a: 443s ff:25:bc:61:43:19:26:55:1e:11:d5:0c:5e:c0:30: 443s 75:86:e0:0e:7c:d7:d5:57:e5:91:52:30:3f:c2:6f: 443s 57:e3:14:18:0f:d9:fa:e2:89 443s Exponent: 65537 (0x10001) 443s Attributes: 443s Requested Extensions: 443s X509v3 Basic Constraints: 443s CA:FALSE 443s Netscape Cert Type: 443s SSL Client, S/MIME 443s Netscape Comment: 443s Test Organization Intermediate CA trusted Certificate 443s X509v3 Subject Key Identifier: 443s 1F:D2:64:BE:B0:88:32:17:1B:2B:F3:09:B9:03:05:51:61:AF:7A:4F 443s X509v3 Key Usage: critical 443s Digital Signature, Non Repudiation, Key Encipherment 443s X509v3 Extended Key Usage: 443s TLS Web Client Authentication, E-mail Protection 443s X509v3 Subject Alternative Name: 443s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 443s Signature Algorithm: sha256WithRSAEncryption 443s Signature Value: 443s 7f:c1:05:40:af:be:e4:33:84:c9:cf:01:5a:4a:a0:ac:1c:91: 443s ec:90:1e:24:b6:15:11:ec:34:32:45:8c:b6:91:e8:a2:d6:e7: 443s cd:d8:23:58:95:f0:2d:d8:b2:98:0b:43:b5:36:ad:ac:7c:c2: 443s f4:13:33:b3:4b:d2:02:ca:3c:dd:84:82:41:a3:08:b6:8a:1d: 443s 3d:ed:88:0e:b2:cf:e4:74:b0:c8:dd:97:0b:ab:d9:e3:1d:1c: 443s 03:29:d4:8c:6a:ff:da:e6:21:19:11:5a:9a:ac:bf:9c:12:a2: 443s 2c:51:97:da:4d:e4:73:a5:6b:62:45:df:5c:2d:8e:3c:bc:9f: 443s 93:34 443s + openssl ca -passin pass:random-intermediate-CA-password-11356 -config /tmp/sssd-softhsm2-TfOciM/test-intermediate-CA.config -batch -notext -keyfile /tmp/sssd-softhsm2-TfOciM/test-intermediate-CA-key.pem -in /tmp/sssd-softhsm2-TfOciM/test-intermediate-CA-trusted-certificate-0001-request.pem -days 365 -extensions usr_cert -out /tmp/sssd-softhsm2-TfOciM/test-intermediate-CA-trusted-certificate-0001.pem 443s Using configuration from /tmp/sssd-softhsm2-TfOciM/test-intermediate-CA.config 443s Check that the request matches the signature 443s Signature ok 443s Certificate Details: 443s Serial Number: 4 (0x4) 443s Validity 443s Not Before: Mar 23 21:40:10 2024 GMT 443s Not After : Mar 23 21:40:10 2025 GMT 443s Subject: 443s organizationName = Test Organization 443s organizationalUnitName = Test Organization Unit 443s commonName = Test Organization Intermediate Trusted Certificate 0001 443s X509v3 extensions: 443s X509v3 Authority Key Identifier: 443s 20:70:79:02:BD:06:DF:7F:5D:B6:B6:40:C8:70:2D:07:B4:A5:59:35 443s X509v3 Basic Constraints: 443s CA:FALSE 443s Netscape Cert Type: 443s SSL Client, S/MIME 443s Netscape Comment: 443s Test Organization Intermediate CA trusted Certificate 443s X509v3 Subject Key Identifier: 443s 1F:D2:64:BE:B0:88:32:17:1B:2B:F3:09:B9:03:05:51:61:AF:7A:4F 443s X509v3 Key Usage: critical 443s Digital Signature, Non Repudiation, Key Encipherment 443s X509v3 Extended Key Usage: 443s TLS Web Client Authentication, E-mail Protection 443s X509v3 Subject Alternative Name: 443s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 443s Certificate is to be certified until Mar 23 21:40:10 2025 GMT (365 days) 443s 443s Write out database with 1 new entries 443s Database updated 443s + openssl x509 -noout -in /tmp/sssd-softhsm2-TfOciM/test-intermediate-CA-trusted-certificate-0001.pem 443s This certificate should not be trusted fully 443s + echo 'This certificate should not be trusted fully' 443s + expect_fail openssl verify -CAfile /tmp/sssd-softhsm2-TfOciM/test-intermediate-CA.pem /tmp/sssd-softhsm2-TfOciM/test-intermediate-CA-trusted-certificate-0001.pem 443s + local cmd=openssl 443s + shift 443s + openssl verify -CAfile /tmp/sssd-softhsm2-TfOciM/test-intermediate-CA.pem /tmp/sssd-softhsm2-TfOciM/test-intermediate-CA-trusted-certificate-0001.pem 443s O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate CA 443s error 2 at 1 depth lookup: unable to get issuer certificate 443s error /tmp/sssd-softhsm2-TfOciM/test-intermediate-CA-trusted-certificate-0001.pem: verification failed 443s + openssl verify -partial_chain -CAfile /tmp/sssd-softhsm2-TfOciM/test-intermediate-CA.pem /tmp/sssd-softhsm2-TfOciM/test-intermediate-CA-trusted-certificate-0001.pem 443s /tmp/sssd-softhsm2-TfOciM/test-intermediate-CA-trusted-certificate-0001.pem: OK 443s + cat 443s + sub_intermediate_ca_trusted_cert_0001_key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-24760 443s + openssl genrsa -aes256 -out /tmp/sssd-softhsm2-TfOciM/test-sub-intermediate-CA-trusted-certificate-0001-key.pem -passout pass:random-sub-intermediate-ca-trusted-cert-0001-24760 1024 444s + openssl req -new -nodes -reqexts req_exts -passin pass:random-sub-intermediate-ca-trusted-cert-0001-24760 -key /tmp/sssd-softhsm2-TfOciM/test-sub-intermediate-CA-trusted-certificate-0001-key.pem -config /tmp/sssd-softhsm2-TfOciM/test-sub-intermediate-CA-trusted-certificate-0001.config -out /tmp/sssd-softhsm2-TfOciM/test-sub-intermediate-CA-trusted-certificate-0001-request.pem 444s + openssl req -text -noout -in /tmp/sssd-softhsm2-TfOciM/test-sub-intermediate-CA-trusted-certificate-0001-request.pem 444s Certificate Request: 444s Data: 444s Version: 1 (0x0) 444s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate Trusted Certificate 0001 444s Subject Public Key Info: 444s Public Key Algorithm: rsaEncryption 444s Public-Key: (1024 bit) 444s Modulus: 444s 00:e1:e2:6d:5d:61:ac:8d:16:09:4f:fd:45:09:bf: 444s 63:05:1c:9b:2c:09:83:a9:44:da:7e:68:38:ac:d9: 444s ab:a0:39:4b:ee:c2:a5:86:47:c4:b7:be:88:9b:00: 444s a4:d4:41:d1:04:ce:ac:de:f0:18:41:a7:d4:40:bf: 444s 53:04:11:1c:c2:11:24:ce:d2:4a:e0:a6:10:cf:05: 444s 02:c3:14:dc:27:1e:72:41:97:29:41:a9:36:0a:0f: 444s c1:9a:f1:93:5d:5f:98:a9:4a:4d:03:f5:f1:7d:e2: 444s ba:c7:2c:5c:e5:21:58:95:71:5c:38:01:9e:6b:58: 444s 9b:00:b9:b3:c7:77:8e:59:8b 444s Exponent: 65537 (0x10001) 444s Attributes: 444s Requested Extensions: 444s X509v3 Basic Constraints: 444s CA:FALSE 444s Netscape Cert Type: 444s SSL Client, S/MIME 444s Netscape Comment: 444s Test Organization Sub Intermediate CA trusted Certificate 444s X509v3 Subject Key Identifier: 444s 0C:4D:0F:D9:0E:2B:75:D5:8E:6A:C2:7A:A8:BB:EB:EF:8F:99:B3:15 444s X509v3 Key Usage: critical 444s Digital Signature, Non Repudiation, Key Encipherment 444s X509v3 Extended Key Usage: 444s TLS Web Client Authentication, E-mail Protection 444s X509v3 Subject Alternative Name: 444s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 444s Signature Algorithm: sha256WithRSAEncryption 444s Signature Value: 444s 8c:e9:be:7b:20:7a:83:25:e7:28:0f:4e:19:ae:8f:c3:eb:66: 444s 6f:6b:cf:ce:09:0b:ec:fe:cb:6a:b2:67:99:3f:bf:5b:61:46: 444s 31:f7:a5:74:c0:78:92:5d:dc:de:2e:56:b9:82:fb:6c:e8:fb: 444s 29:1b:92:f7:80:a6:c7:d1:e1:a3:35:ca:7a:b2:df:ab:27:5a: 444s 3e:31:24:a3:09:ce:d5:90:e8:e7:26:7a:01:bd:24:75:a2:dd: 444s a3:eb:75:76:b0:9c:a6:44:f2:52:59:ef:de:0f:d4:e6:5a:75: 444s 81:a0:14:6c:96:2b:1b:89:74:65:10:82:87:e4:51:70:a4:cc: 444s 2f:df 444s + openssl ca -passin pass:random-sub-intermediate-CA-password-14153 -config /tmp/sssd-softhsm2-TfOciM/test-sub-intermediate-CA.config -batch -notext -keyfile /tmp/sssd-softhsm2-TfOciM/test-sub-intermediate-CA-key.pem -in /tmp/sssd-softhsm2-TfOciM/test-sub-intermediate-CA-trusted-certificate-0001-request.pem -days 365 -extensions usr_cert -out /tmp/sssd-softhsm2-TfOciM/test-sub-intermediate-CA-trusted-certificate-0001.pem 444s Using configuration from /tmp/sssd-softhsm2-TfOciM/test-sub-intermediate-CA.config 444s Check that the request matches the signature 444s Signature ok 444s Certificate Details: 444s Serial Number: 5 (0x5) 444s Validity 444s Not Before: Mar 23 21:40:11 2024 GMT 444s Not After : Mar 23 21:40:11 2025 GMT 444s Subject: 444s organizationName = Test Organization 444s organizationalUnitName = Test Organization Unit 444s commonName = Test Organization Sub Intermediate Trusted Certificate 0001 444s X509v3 extensions: 444s X509v3 Authority Key Identifier: 444s 3E:C1:42:E9:19:80:E4:62:32:D5:1E:12:70:63:30:C5:83:4D:E2:10 444s X509v3 Basic Constraints: 444s CA:FALSE 444s Netscape Cert Type: 444s SSL Client, S/MIME 444s Netscape Comment: 444s Test Organization Sub Intermediate CA trusted Certificate 444s X509v3 Subject Key Identifier: 444s 0C:4D:0F:D9:0E:2B:75:D5:8E:6A:C2:7A:A8:BB:EB:EF:8F:99:B3:15 444s X509v3 Key Usage: critical 444s Digital Signature, Non Repudiation, Key Encipherment 444s X509v3 Extended Key Usage: 444s TLS Web Client Authentication, E-mail Protection 444s X509v3 Subject Alternative Name: 444s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 444s Certificate is to be certified until Mar 23 21:40:11 2025 GMT (365 days) 444s 444s Write out database with 1 new entries 444s Database updated 444s + openssl x509 -noout -in /tmp/sssd-softhsm2-TfOciM/test-sub-intermediate-CA-trusted-certificate-0001.pem 444s This certificate should not be trusted fully 444s + echo 'This certificate should not be trusted fully' 444s + expect_fail openssl verify -CAfile /tmp/sssd-softhsm2-TfOciM/test-sub-intermediate-CA.pem /tmp/sssd-softhsm2-TfOciM/test-sub-intermediate-CA-trusted-certificate-0001.pem 444s + local cmd=openssl 444s + shift 444s + openssl verify -CAfile /tmp/sssd-softhsm2-TfOciM/test-sub-intermediate-CA.pem /tmp/sssd-softhsm2-TfOciM/test-sub-intermediate-CA-trusted-certificate-0001.pem 444s O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate CA 444s error 2 at 1 depth lookup: unable to get issuer certificate 444s error /tmp/sssd-softhsm2-TfOciM/test-sub-intermediate-CA-trusted-certificate-0001.pem: verification failed 444s + expect_fail openssl verify -CAfile /tmp/sssd-softhsm2-TfOciM/test-intermediate-CA.pem /tmp/sssd-softhsm2-TfOciM/test-sub-intermediate-CA-trusted-certificate-0001.pem 444s + local cmd=openssl 444s + shift 444s + openssl verify -CAfile /tmp/sssd-softhsm2-TfOciM/test-intermediate-CA.pem /tmp/sssd-softhsm2-TfOciM/test-sub-intermediate-CA-trusted-certificate-0001.pem 444s O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate Trusted Certificate 0001 444s error 20 at 0 depth lookup: unable to get local issuer certificate 444s error /tmp/sssd-softhsm2-TfOciM/test-sub-intermediate-CA-trusted-certificate-0001.pem: verification failed 444s + openssl verify -partial_chain -CAfile /tmp/sssd-softhsm2-TfOciM/test-sub-intermediate-CA.pem /tmp/sssd-softhsm2-TfOciM/test-sub-intermediate-CA-trusted-certificate-0001.pem 444s + expect_fail openssl verify -partial_chain -CAfile /tmp/sssd-softhsm2-TfOciM/test-intermediate-CA.pem /tmp/sssd-softhsm2-TfOciM/test-sub-intermediate-CA-trusted-certificate-0001.pem 444s + local cmd=openssl 444s /tmp/sssd-softhsm2-TfOciM/test-sub-intermediate-CA-trusted-certificate-0001.pem: OK 444s + shift 444s + openssl verify -partial_chain -CAfile /tmp/sssd-softhsm2-TfOciM/test-intermediate-CA.pem /tmp/sssd-softhsm2-TfOciM/test-sub-intermediate-CA-trusted-certificate-0001.pem 444s O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate Trusted Certificate 0001 444s error 20 at 0 depth lookup: unable to get local issuer certificate 444s error /tmp/sssd-softhsm2-TfOciM/test-sub-intermediate-CA-trusted-certificate-0001.pem: verification failed 444s + echo 'Building a the full-chain CA file...' 444s + cat /tmp/sssd-softhsm2-TfOciM/test-root-CA.pem /tmp/sssd-softhsm2-TfOciM/test-intermediate-CA.pem /tmp/sssd-softhsm2-TfOciM/test-sub-intermediate-CA.pem 444s Building a the full-chain CA file... 444s + cat /tmp/sssd-softhsm2-TfOciM/test-root-CA.pem /tmp/sssd-softhsm2-TfOciM/test-intermediate-CA.pem 444s + cat /tmp/sssd-softhsm2-TfOciM/test-intermediate-CA.pem /tmp/sssd-softhsm2-TfOciM/test-sub-intermediate-CA.pem 444s + openssl crl2pkcs7 -nocrl -certfile /tmp/sssd-softhsm2-TfOciM/test-full-chain-CA.pem 444s + openssl pkcs7 -print_certs -noout 444s subject=O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root CA 444s issuer=O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root CA 444s 444s subject=O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate CA 444s issuer=O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root CA 444s 444s subject=O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate CA 444s issuer=O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate CA 444s 444s + openssl verify -CAfile /tmp/sssd-softhsm2-TfOciM/test-full-chain-CA.pem /tmp/sssd-softhsm2-TfOciM/test-intermediate-CA.pem 444s + openssl verify -CAfile /tmp/sssd-softhsm2-TfOciM/test-full-chain-CA.pem /tmp/sssd-softhsm2-TfOciM/test-root-CA-trusted-certificate-0001.pem 444s /tmp/sssd-softhsm2-TfOciM/test-intermediate-CA.pem: OK 444s /tmp/sssd-softhsm2-TfOciM/test-root-CA-trusted-certificate-0001.pem: OK 444s + openssl verify -CAfile /tmp/sssd-softhsm2-TfOciM/test-full-chain-CA.pem /tmp/sssd-softhsm2-TfOciM/test-intermediate-CA-trusted-certificate-0001.pem 444s /tmp/sssd-softhsm2-TfOciM/test-intermediate-CA-trusted-certificate-0001.pem: OK 444s + openssl verify -CAfile /tmp/sssd-softhsm2-TfOciM/test-full-chain-CA.pem /tmp/sssd-softhsm2-TfOciM/test-root-intermediate-chain-CA.pem 444s /tmp/sssd-softhsm2-TfOciM/test-root-intermediate-chain-CA.pem: OK 444s + openssl verify -CAfile /tmp/sssd-softhsm2-TfOciM/test-full-chain-CA.pem /tmp/sssd-softhsm2-TfOciM/test-sub-intermediate-CA-trusted-certificate-0001.pem 444s /tmp/sssd-softhsm2-TfOciM/test-sub-intermediate-CA-trusted-certificate-0001.pem: OK 444s + echo 'Certificates generation completed!' 444s Certificates generation completed! 444s + [[ -v NO_SSSD_TESTS ]] 444s + invalid_certificate /tmp/sssd-softhsm2-TfOciM/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-277 /dev/null 444s + check_certificate /tmp/sssd-softhsm2-TfOciM/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-277 /dev/null 444s + local certificate=/tmp/sssd-softhsm2-TfOciM/test-root-CA-trusted-certificate-0001.pem 444s + local key_pass=pass:random-root-ca-trusted-cert-0001-277 444s + local key_ring=/dev/null 444s + local verify_option= 444s + prepare_softhsm2_card /tmp/sssd-softhsm2-TfOciM/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-277 444s + local certificate=/tmp/sssd-softhsm2-TfOciM/test-root-CA-trusted-certificate-0001.pem 444s + local key_pass=pass:random-root-ca-trusted-cert-0001-277 444s + local key_cn 444s + local key_name 444s + local tokens_dir 444s + local output_cert_file 444s + token_name= 444s ++ basename /tmp/sssd-softhsm2-TfOciM/test-root-CA-trusted-certificate-0001.pem .pem 444s + key_name=test-root-CA-trusted-certificate-0001 444s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-TfOciM/test-root-CA-trusted-certificate-0001.pem 444s ++ sed -n 's/ *commonName *= //p' 444s + key_cn='Test Organization Root Trusted Certificate 0001' 444s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 444s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-TfOciM/softhsm2-test-root-CA-trusted-certificate-0001.conf 444s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-TfOciM/softhsm2-test-root-CA-trusted-certificate-0001.conf 444s ++ basename /tmp/sssd-softhsm2-TfOciM/softhsm2-test-root-CA-trusted-certificate-0001.conf .conf 444s + tokens_dir=/tmp/sssd-softhsm2-TfOciM/softhsm2-test-root-CA-trusted-certificate-0001 444s + token_name='Test Organization Root Tr Token' 444s + '[' '!' -e /tmp/sssd-softhsm2-TfOciM/softhsm2-test-root-CA-trusted-certificate-0001.conf ']' 444s + local key_file 444s + local decrypted_key 444s + mkdir -p /tmp/sssd-softhsm2-TfOciM/softhsm2-test-root-CA-trusted-certificate-0001 444s + key_file=/tmp/sssd-softhsm2-TfOciM/test-root-CA-trusted-certificate-0001-key.pem 444s + decrypted_key=/tmp/sssd-softhsm2-TfOciM/test-root-CA-trusted-certificate-0001-key-decrypted.pem 444s + cat 444s + softhsm2-util --init-token --label 'Test Organization Root Tr Token' --pin 053350 --so-pin 053350 --free 444s Slot 0 has a free/uninitialized token. 444s The token has been initialized and is reassigned to slot 1862552542 444s + softhsm2-util --show-slots 444s Available slots: 444s Slot 1862552542 444s Slot info: 444s Description: SoftHSM slot ID 0x6f044bde 444s Manufacturer ID: SoftHSM project 444s Hardware version: 2.6 444s Firmware version: 2.6 444s Token present: yes 444s Token info: 444s Manufacturer ID: SoftHSM project 444s Model: SoftHSM v2 444s Hardware version: 2.6 444s Firmware version: 2.6 444s Serial number: 4e95af716f044bde 444s Initialized: yes 444s User PIN init.: yes 444s Label: Test Organization Root Tr Token 444s Slot 1 444s Slot info: 444s Description: SoftHSM slot ID 0x1 444s Manufacturer ID: SoftHSM project 444s Hardware version: 2.6 444s Firmware version: 2.6 444s Token present: yes 444s Token info: 444s Manufacturer ID: SoftHSM project 444s Model: SoftHSM v2 444s Hardware version: 2.6 444s Firmware version: 2.6 444s Serial number: 444s Initialized: no 444s User PIN init.: no 444s Label: 444s + p11tool --provider=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so --write --no-mark-private --load-certificate=/tmp/sssd-softhsm2-TfOciM/test-root-CA-trusted-certificate-0001.pem --login --set-pin=053350 --label 'Test Organization Root Trusted Certificate 0001' --id 00112233445566778899FFAABBCCDDEEFF012345 444s + openssl rsa -passin pass:random-root-ca-trusted-cert-0001-277 -in /tmp/sssd-softhsm2-TfOciM/test-root-CA-trusted-certificate-0001-key.pem -out /tmp/sssd-softhsm2-TfOciM/test-root-CA-trusted-certificate-0001-key-decrypted.pem 444s writing RSA key 444s + p11tool --provider=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so --write --load-privkey=/tmp/sssd-softhsm2-TfOciM/test-root-CA-trusted-certificate-0001-key-decrypted.pem --login --set-pin=053350 --label 'Test Organization Root Trusted Certificate 0001 Key' --id 00112233445566778899FFAABBCCDDEEFF012345 444s + rm /tmp/sssd-softhsm2-TfOciM/test-root-CA-trusted-certificate-0001-key-decrypted.pem 444s + p11tool --provider=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so --list-all 444s Object 0: 444s URL: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=4e95af716f044bde;token=Test%20Organization%20Root%20Tr%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Root%20Trusted%20Certificate%200001;type=cert 444s Type: X.509 Certificate (RSA-1024) 444s Expires: Sun Mar 23 21:40:10 2025 444s Label: Test Organization Root Trusted Certificate 0001 444s ID: 00:11:22:33:44:55:66:77:88:99:ff:aa:bb:cc:dd:ee:ff:01:23:45 444s 444s Test Organization Root Tr Token 444s + echo 'Test Organization Root Tr Token' 444s + '[' -n '' ']' 444s + local output_base_name=SSSD-child-2907 444s + local output_file=/tmp/sssd-softhsm2-TfOciM/SSSD-child-2907.output 444s + output_cert_file=/tmp/sssd-softhsm2-TfOciM/SSSD-child-2907.pem 444s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so '' --ca_db=/dev/null 444s [p11_child[2030]] [main] (0x0400): p11_child started. 444s [p11_child[2030]] [main] (0x2000): Running in [pre-auth] mode. 444s [p11_child[2030]] [main] (0x2000): Running with effective IDs: [0][0]. 444s [p11_child[2030]] [main] (0x2000): Running with real IDs [0][0]. 444s [p11_child[2030]] [init_verification] (0x0040): X509_LOOKUP_load_file [/dev/null] failed [92274824][error:05800088:x509 certificate routines::no certificate or crl found]. 444s [p11_child[2030]] [do_work] (0x0040): init_verification failed. 444s [p11_child[2030]] [main] (0x0020): p11_child failed (5) 444s + return 2 444s + valid_certificate /tmp/sssd-softhsm2-TfOciM/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-277 /dev/null no_verification 444s + check_certificate /tmp/sssd-softhsm2-TfOciM/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-277 /dev/null no_verification 444s + local certificate=/tmp/sssd-softhsm2-TfOciM/test-root-CA-trusted-certificate-0001.pem 444s + local key_pass=pass:random-root-ca-trusted-cert-0001-277 444s + local key_ring=/dev/null 444s + local verify_option=no_verification 444s + prepare_softhsm2_card /tmp/sssd-softhsm2-TfOciM/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-277 444s + local certificate=/tmp/sssd-softhsm2-TfOciM/test-root-CA-trusted-certificate-0001.pem 444s + local key_pass=pass:random-root-ca-trusted-cert-0001-277 444s + local key_cn 444s + local key_name 444s + local tokens_dir 444s + local output_cert_file 444s + token_name= 444s ++ basename /tmp/sssd-softhsm2-TfOciM/test-root-CA-trusted-certificate-0001.pem .pem 444s + key_name=test-root-CA-trusted-certificate-0001 444s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-TfOciM/test-root-CA-trusted-certificate-0001.pem 444s ++ sed -n 's/ *commonName *= //p' 444s + key_cn='Test Organization Root Trusted Certificate 0001' 444s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 444s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-TfOciM/softhsm2-test-root-CA-trusted-certificate-0001.conf 444s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-TfOciM/softhsm2-test-root-CA-trusted-certificate-0001.conf 444s ++ basename /tmp/sssd-softhsm2-TfOciM/softhsm2-test-root-CA-trusted-certificate-0001.conf .conf 444s + tokens_dir=/tmp/sssd-softhsm2-TfOciM/softhsm2-test-root-CA-trusted-certificate-0001 444s + token_name='Test Organization Root Tr Token' 444s + '[' '!' -e /tmp/sssd-softhsm2-TfOciM/softhsm2-test-root-CA-trusted-certificate-0001.conf ']' 444s Test Organization Root Tr Token 444s + '[' '!' -d /tmp/sssd-softhsm2-TfOciM/softhsm2-test-root-CA-trusted-certificate-0001 ']' 444s + echo 'Test Organization Root Tr Token' 444s + '[' -n no_verification ']' 444s + local verify_arg=--verify=no_verification 444s + local output_base_name=SSSD-child-3448 444s + local output_file=/tmp/sssd-softhsm2-TfOciM/SSSD-child-3448.output 444s + output_cert_file=/tmp/sssd-softhsm2-TfOciM/SSSD-child-3448.pem 444s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so --verify=no_verification --ca_db=/dev/null 444s [p11_child[2036]] [main] (0x0400): p11_child started. 444s [p11_child[2036]] [main] (0x2000): Running in [pre-auth] mode. 444s [p11_child[2036]] [main] (0x2000): Running with effective IDs: [0][0]. 444s [p11_child[2036]] [main] (0x2000): Running with real IDs [0][0]. 444s [p11_child[2036]] [parse_cert_verify_opts] (0x0020): Found 'no_verification' option, disabling verification completely. This should not be used in production. 444s [p11_child[2036]] [do_card] (0x4000): Module List: 444s [p11_child[2036]] [do_card] (0x4000): common name: [softhsm2]. 444s [p11_child[2036]] [do_card] (0x4000): dll name: [/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 444s [p11_child[2036]] [do_card] (0x4000): Description [SoftHSM slot ID 0x6f044bde] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 444s [p11_child[2036]] [do_card] (0x4000): Token label [Test Organization Root Tr Token]. 444s [p11_child[2036]] [do_card] (0x4000): Found [Test Organization Root Tr Token] in slot [SoftHSM slot ID 0x6f044bde][1862552542] of module [0][/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 444s [p11_child[2036]] [do_card] (0x4000): Login NOT required. 444s [p11_child[2036]] [read_certs] (0x4000): found cert[Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] 444s [p11_child[2036]] [do_card] (0x4000): /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so (null) Test Organization Root Tr Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 444s [p11_child[2036]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x6f044bde;slot-manufacturer=SoftHSM%20project;slot-id=1862552542;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=4e95af716f044bde;token=Test%20Organization%20Root%20Tr%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Root%20Trusted%20Certificate%200001;type=cert. 444s [p11_child[2036]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 444s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-TfOciM/SSSD-child-3448.output 444s + echo '-----BEGIN CERTIFICATE-----' 444s + tail -n1 /tmp/sssd-softhsm2-TfOciM/SSSD-child-3448.output 444s + echo '-----END CERTIFICATE-----' 444s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-TfOciM/SSSD-child-3448.pem 444s Certificate: 444s Data: 444s Version: 3 (0x2) 444s Serial Number: 3 (0x3) 444s Signature Algorithm: sha256WithRSAEncryption 444s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root CA 444s Validity 444s Not Before: Mar 23 21:40:10 2024 GMT 444s Not After : Mar 23 21:40:10 2025 GMT 444s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root Trusted Certificate 0001 444s Subject Public Key Info: 444s Public Key Algorithm: rsaEncryption 444s Public-Key: (1024 bit) 444s Modulus: 444s 00:b8:69:4a:91:be:db:5d:31:8c:54:3d:f0:07:ea: 444s c2:35:5f:d0:2d:0e:08:58:a0:f5:65:74:29:91:04: 444s 49:3f:58:07:29:eb:4b:62:c7:c8:e4:76:19:cf:41: 444s 19:b0:a0:0e:98:cf:1c:c8:c8:79:f6:f4:ee:d2:a4: 444s df:0c:4b:ce:84:57:1d:85:41:4d:6b:94:fa:07:16: 444s 1f:56:ef:66:74:8c:80:96:3c:02:55:c7:f4:6a:a2: 444s e9:37:c0:41:f2:86:c8:aa:89:8d:23:bf:a2:2d:ba: 444s 38:b3:64:12:de:52:48:73:f8:96:b4:a4:1a:1b:e4: 444s 3a:ef:e1:87:3f:2f:79:4c:b9 444s Exponent: 65537 (0x10001) 444s X509v3 extensions: 444s X509v3 Authority Key Identifier: 444s EF:46:F6:ED:E8:62:00:86:DC:6C:28:F1:15:19:41:B1:5A:FC:51:54 444s X509v3 Basic Constraints: 444s CA:FALSE 444s Netscape Cert Type: 444s SSL Client, S/MIME 444s Netscape Comment: 444s Test Organization Root CA trusted Certificate 444s X509v3 Subject Key Identifier: 444s 0C:14:F1:72:8B:E0:06:02:9D:97:F3:F4:0F:53:8B:CC:6D:A1:AC:51 444s X509v3 Key Usage: critical 444s Digital Signature, Non Repudiation, Key Encipherment 444s X509v3 Extended Key Usage: 444s TLS Web Client Authentication, E-mail Protection 444s X509v3 Subject Alternative Name: 444s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 444s Signature Algorithm: sha256WithRSAEncryption 444s Signature Value: 444s 81:13:55:bb:cc:0e:96:ef:af:fc:67:05:db:73:07:b2:3c:be: 444s e8:3f:0b:26:4d:90:f6:ba:4c:ad:2c:4c:ab:ca:ca:0e:8b:c8: 444s d9:cd:2e:b6:31:27:6e:1e:a1:5d:f1:01:f8:0b:85:00:0f:c4: 444s 9c:66:ec:96:3d:49:02:2c:76:65:cc:23:1a:74:a1:c6:56:18: 444s f6:8c:c7:da:22:15:e5:ba:47:92:f3:f1:c4:d7:c9:eb:67:97: 444s 03:cb:48:4e:2f:76:3a:ed:00:87:85:54:bd:ab:59:0b:89:40: 444s f5:a6:7e:e5:fc:f0:1c:34:07:e1:94:72:e7:47:23:c4:ec:f5: 444s 1f:34 444s + local found_md5 expected_md5 444s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-TfOciM/test-root-CA-trusted-certificate-0001.pem 444s + expected_md5=Modulus=B8694A91BEDB5D318C543DF007EAC2355FD02D0E0858A0F56574299104493F580729EB4B62C7C8E47619CF4119B0A00E98CF1CC8C879F6F4EED2A4DF0C4BCE84571D85414D6B94FA07161F56EF66748C80963C0255C7F46AA2E937C041F286C8AA898D23BFA22DBA38B36412DE524873F896B4A41A1BE43AEFE1873F2F794CB9 444s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-TfOciM/SSSD-child-3448.pem 444s + found_md5=Modulus=B8694A91BEDB5D318C543DF007EAC2355FD02D0E0858A0F56574299104493F580729EB4B62C7C8E47619CF4119B0A00E98CF1CC8C879F6F4EED2A4DF0C4BCE84571D85414D6B94FA07161F56EF66748C80963C0255C7F46AA2E937C041F286C8AA898D23BFA22DBA38B36412DE524873F896B4A41A1BE43AEFE1873F2F794CB9 444s + '[' Modulus=B8694A91BEDB5D318C543DF007EAC2355FD02D0E0858A0F56574299104493F580729EB4B62C7C8E47619CF4119B0A00E98CF1CC8C879F6F4EED2A4DF0C4BCE84571D85414D6B94FA07161F56EF66748C80963C0255C7F46AA2E937C041F286C8AA898D23BFA22DBA38B36412DE524873F896B4A41A1BE43AEFE1873F2F794CB9 '!=' Modulus=B8694A91BEDB5D318C543DF007EAC2355FD02D0E0858A0F56574299104493F580729EB4B62C7C8E47619CF4119B0A00E98CF1CC8C879F6F4EED2A4DF0C4BCE84571D85414D6B94FA07161F56EF66748C80963C0255C7F46AA2E937C041F286C8AA898D23BFA22DBA38B36412DE524873F896B4A41A1BE43AEFE1873F2F794CB9 ']' 444s + output_file=/tmp/sssd-softhsm2-TfOciM/SSSD-child-3448-auth.output 444s ++ basename /tmp/sssd-softhsm2-TfOciM/SSSD-child-3448-auth.output .output 444s + output_cert_file=/tmp/sssd-softhsm2-TfOciM/SSSD-child-3448-auth.pem 444s + echo -n 053350 444s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/dev/null --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 --verify=no_verification --token_name 'Test Organization Root Tr Token' --module_name /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so 444s [p11_child[2044]] [main] (0x0400): p11_child started. 444s [p11_child[2044]] [main] (0x2000): Running in [auth] mode. 444s [p11_child[2044]] [main] (0x2000): Running with effective IDs: [0][0]. 444s [p11_child[2044]] [main] (0x2000): Running with real IDs [0][0]. 444s [p11_child[2044]] [parse_cert_verify_opts] (0x0020): Found 'no_verification' option, disabling verification completely. This should not be used in production. 444s [p11_child[2044]] [do_card] (0x4000): Module List: 444s [p11_child[2044]] [do_card] (0x4000): common name: [softhsm2]. 444s [p11_child[2044]] [do_card] (0x4000): dll name: [/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 444s [p11_child[2044]] [do_card] (0x4000): Description [SoftHSM slot ID 0x6f044bde] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 444s [p11_child[2044]] [do_card] (0x4000): Token label [Test Organization Root Tr Token]. 444s [p11_child[2044]] [do_card] (0x4000): Found [Test Organization Root Tr Token] in slot [SoftHSM slot ID 0x6f044bde][1862552542] of module [0][/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 444s [p11_child[2044]] [do_card] (0x4000): Login required. 444s [p11_child[2044]] [read_certs] (0x4000): found cert[Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] 444s [p11_child[2044]] [do_card] (0x4000): /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so Test Organization Root Tr Token Test Organization Root Tr Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 444s [p11_child[2044]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x6f044bde;slot-manufacturer=SoftHSM%20project;slot-id=1862552542;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=4e95af716f044bde;token=Test%20Organization%20Root%20Tr%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Root%20Trusted%20Certificate%200001;type=cert. 444s [p11_child[2044]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 444s [p11_child[2044]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 444s [p11_child[2044]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 444s [p11_child[2044]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 444s [p11_child[2044]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 444s [p11_child[2044]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 444s [p11_child[2044]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 444s [p11_child[2044]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 444s [p11_child[2044]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 444s [p11_child[2044]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 444s [p11_child[2044]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 444s [p11_child[2044]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 444s [p11_child[2044]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 444s [p11_child[2044]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 444s [p11_child[2044]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 444s [p11_child[2044]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 444s [p11_child[2044]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 444s [p11_child[2044]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 444s [p11_child[2044]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 444s [p11_child[2044]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 444s [p11_child[2044]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 444s [p11_child[2044]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 444s [p11_child[2044]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 444s [p11_child[2044]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 444s [p11_child[2044]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 444s [p11_child[2044]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 444s [p11_child[2044]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 444s [p11_child[2044]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 444s [p11_child[2044]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 444s [p11_child[2044]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 444s [p11_child[2044]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 444s [p11_child[2044]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 444s [p11_child[2044]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 444s [p11_child[2044]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 444s [p11_child[2044]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 444s [p11_child[2044]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 444s [p11_child[2044]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 444s [p11_child[2044]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 444s [p11_child[2044]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 444s [p11_child[2044]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 444s [p11_child[2044]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 444s [p11_child[2044]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 444s [p11_child[2044]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 444s [p11_child[2044]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 444s [p11_child[2044]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 444s [p11_child[2044]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 444s [p11_child[2044]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 444s [p11_child[2044]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 444s [p11_child[2044]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 444s [p11_child[2044]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 444s [p11_child[2044]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 444s [p11_child[2044]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 444s [p11_child[2044]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 444s [p11_child[2044]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 444s [p11_child[2044]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 444s [p11_child[2044]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 444s [p11_child[2044]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 444s [p11_child[2044]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 444s [p11_child[2044]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 444s [p11_child[2044]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 444s [p11_child[2044]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 444s [p11_child[2044]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 444s [p11_child[2044]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 444s [p11_child[2044]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 444s [p11_child[2044]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 444s [p11_child[2044]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 444s [p11_child[2044]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 444s [p11_child[2044]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 444s [p11_child[2044]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 444s [p11_child[2044]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 444s [p11_child[2044]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 444s [p11_child[2044]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 444s [p11_child[2044]] [do_card] (0x4000): Certificate verified and validated. 444s [p11_child[2044]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 444s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-TfOciM/SSSD-child-3448-auth.output 444s + echo '-----BEGIN CERTIFICATE-----' 444s + tail -n1 /tmp/sssd-softhsm2-TfOciM/SSSD-child-3448-auth.output 444s + echo '-----END CERTIFICATE-----' 444s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-TfOciM/SSSD-child-3448-auth.pem 444s Certificate: 444s Data: 444s Version: 3 (0x2) 444s Serial Number: 3 (0x3) 444s Signature Algorithm: sha256WithRSAEncryption 444s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root CA 444s Validity 444s Not Before: Mar 23 21:40:10 2024 GMT 444s Not After : Mar 23 21:40:10 2025 GMT 444s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root Trusted Certificate 0001 444s Subject Public Key Info: 444s Public Key Algorithm: rsaEncryption 444s Public-Key: (1024 bit) 444s Modulus: 444s 00:b8:69:4a:91:be:db:5d:31:8c:54:3d:f0:07:ea: 444s c2:35:5f:d0:2d:0e:08:58:a0:f5:65:74:29:91:04: 444s 49:3f:58:07:29:eb:4b:62:c7:c8:e4:76:19:cf:41: 444s 19:b0:a0:0e:98:cf:1c:c8:c8:79:f6:f4:ee:d2:a4: 444s df:0c:4b:ce:84:57:1d:85:41:4d:6b:94:fa:07:16: 444s 1f:56:ef:66:74:8c:80:96:3c:02:55:c7:f4:6a:a2: 444s e9:37:c0:41:f2:86:c8:aa:89:8d:23:bf:a2:2d:ba: 444s 38:b3:64:12:de:52:48:73:f8:96:b4:a4:1a:1b:e4: 444s 3a:ef:e1:87:3f:2f:79:4c:b9 444s Exponent: 65537 (0x10001) 444s X509v3 extensions: 444s X509v3 Authority Key Identifier: 444s EF:46:F6:ED:E8:62:00:86:DC:6C:28:F1:15:19:41:B1:5A:FC:51:54 444s X509v3 Basic Constraints: 444s CA:FALSE 444s Netscape Cert Type: 444s SSL Client, S/MIME 444s Netscape Comment: 444s Test Organization Root CA trusted Certificate 444s X509v3 Subject Key Identifier: 444s 0C:14:F1:72:8B:E0:06:02:9D:97:F3:F4:0F:53:8B:CC:6D:A1:AC:51 444s X509v3 Key Usage: critical 444s Digital Signature, Non Repudiation, Key Encipherment 444s X509v3 Extended Key Usage: 444s TLS Web Client Authentication, E-mail Protection 444s X509v3 Subject Alternative Name: 444s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 444s Signature Algorithm: sha256WithRSAEncryption 444s Signature Value: 444s 81:13:55:bb:cc:0e:96:ef:af:fc:67:05:db:73:07:b2:3c:be: 444s e8:3f:0b:26:4d:90:f6:ba:4c:ad:2c:4c:ab:ca:ca:0e:8b:c8: 444s d9:cd:2e:b6:31:27:6e:1e:a1:5d:f1:01:f8:0b:85:00:0f:c4: 444s 9c:66:ec:96:3d:49:02:2c:76:65:cc:23:1a:74:a1:c6:56:18: 444s f6:8c:c7:da:22:15:e5:ba:47:92:f3:f1:c4:d7:c9:eb:67:97: 444s 03:cb:48:4e:2f:76:3a:ed:00:87:85:54:bd:ab:59:0b:89:40: 444s f5:a6:7e:e5:fc:f0:1c:34:07:e1:94:72:e7:47:23:c4:ec:f5: 444s 1f:34 444s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-TfOciM/SSSD-child-3448-auth.pem 444s + found_md5=Modulus=B8694A91BEDB5D318C543DF007EAC2355FD02D0E0858A0F56574299104493F580729EB4B62C7C8E47619CF4119B0A00E98CF1CC8C879F6F4EED2A4DF0C4BCE84571D85414D6B94FA07161F56EF66748C80963C0255C7F46AA2E937C041F286C8AA898D23BFA22DBA38B36412DE524873F896B4A41A1BE43AEFE1873F2F794CB9 444s + '[' Modulus=B8694A91BEDB5D318C543DF007EAC2355FD02D0E0858A0F56574299104493F580729EB4B62C7C8E47619CF4119B0A00E98CF1CC8C879F6F4EED2A4DF0C4BCE84571D85414D6B94FA07161F56EF66748C80963C0255C7F46AA2E937C041F286C8AA898D23BFA22DBA38B36412DE524873F896B4A41A1BE43AEFE1873F2F794CB9 '!=' Modulus=B8694A91BEDB5D318C543DF007EAC2355FD02D0E0858A0F56574299104493F580729EB4B62C7C8E47619CF4119B0A00E98CF1CC8C879F6F4EED2A4DF0C4BCE84571D85414D6B94FA07161F56EF66748C80963C0255C7F46AA2E937C041F286C8AA898D23BFA22DBA38B36412DE524873F896B4A41A1BE43AEFE1873F2F794CB9 ']' 444s + valid_certificate /tmp/sssd-softhsm2-TfOciM/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-277 /tmp/sssd-softhsm2-TfOciM/test-root-CA.pem 444s + check_certificate /tmp/sssd-softhsm2-TfOciM/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-277 /tmp/sssd-softhsm2-TfOciM/test-root-CA.pem 444s + local certificate=/tmp/sssd-softhsm2-TfOciM/test-root-CA-trusted-certificate-0001.pem 444s + local key_pass=pass:random-root-ca-trusted-cert-0001-277 444s + local key_ring=/tmp/sssd-softhsm2-TfOciM/test-root-CA.pem 444s + local verify_option= 444s + prepare_softhsm2_card /tmp/sssd-softhsm2-TfOciM/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-277 444s + local certificate=/tmp/sssd-softhsm2-TfOciM/test-root-CA-trusted-certificate-0001.pem 444s + local key_pass=pass:random-root-ca-trusted-cert-0001-277 444s + local key_cn 444s + local key_name 444s + local tokens_dir 444s + local output_cert_file 444s + token_name= 444s ++ basename /tmp/sssd-softhsm2-TfOciM/test-root-CA-trusted-certificate-0001.pem .pem 444s + key_name=test-root-CA-trusted-certificate-0001 444s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-TfOciM/test-root-CA-trusted-certificate-0001.pem 444s ++ sed -n 's/ *commonName *= //p' 444s + key_cn='Test Organization Root Trusted Certificate 0001' 444s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 444s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-TfOciM/softhsm2-test-root-CA-trusted-certificate-0001.conf 444s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-TfOciM/softhsm2-test-root-CA-trusted-certificate-0001.conf 444s ++ basename /tmp/sssd-softhsm2-TfOciM/softhsm2-test-root-CA-trusted-certificate-0001.conf .conf 444s + tokens_dir=/tmp/sssd-softhsm2-TfOciM/softhsm2-test-root-CA-trusted-certificate-0001 444s + token_name='Test Organization Root Tr Token' 444s + '[' '!' -e /tmp/sssd-softhsm2-TfOciM/softhsm2-test-root-CA-trusted-certificate-0001.conf ']' 444s + '[' '!' -d /tmp/sssd-softhsm2-TfOciM/softhsm2-test-root-CA-trusted-certificate-0001 ']' 444s + echo 'Test Organization Root Tr Token' 444s Test Organization Root Tr Token 444s + '[' -n '' ']' 444s + local output_base_name=SSSD-child-2922 444s + local output_file=/tmp/sssd-softhsm2-TfOciM/SSSD-child-2922.output 444s + output_cert_file=/tmp/sssd-softhsm2-TfOciM/SSSD-child-2922.pem 444s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so '' --ca_db=/tmp/sssd-softhsm2-TfOciM/test-root-CA.pem 444s [p11_child[2054]] [main] (0x0400): p11_child started. 444s [p11_child[2054]] [main] (0x2000): Running in [pre-auth] mode. 444s [p11_child[2054]] [main] (0x2000): Running with effective IDs: [0][0]. 444s [p11_child[2054]] [main] (0x2000): Running with real IDs [0][0]. 444s [p11_child[2054]] [do_card] (0x4000): Module List: 444s [p11_child[2054]] [do_card] (0x4000): common name: [softhsm2]. 444s [p11_child[2054]] [do_card] (0x4000): dll name: [/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 444s [p11_child[2054]] [do_card] (0x4000): Description [SoftHSM slot ID 0x6f044bde] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 444s [p11_child[2054]] [do_card] (0x4000): Token label [Test Organization Root Tr Token]. 444s [p11_child[2054]] [do_card] (0x4000): Found [Test Organization Root Tr Token] in slot [SoftHSM slot ID 0x6f044bde][1862552542] of module [0][/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 444s [p11_child[2054]] [do_card] (0x4000): Login NOT required. 444s [p11_child[2054]] [read_certs] (0x4000): found cert[Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] 444s [p11_child[2054]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 444s [p11_child[2054]] [do_card] (0x4000): /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so (null) Test Organization Root Tr Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 444s [p11_child[2054]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x6f044bde;slot-manufacturer=SoftHSM%20project;slot-id=1862552542;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=4e95af716f044bde;token=Test%20Organization%20Root%20Tr%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Root%20Trusted%20Certificate%200001;type=cert. 444s [p11_child[2054]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 444s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-TfOciM/SSSD-child-2922.output 444s + echo '-----BEGIN CERTIFICATE-----' 444s + tail -n1 /tmp/sssd-softhsm2-TfOciM/SSSD-child-2922.output 444s + echo '-----END CERTIFICATE-----' 444s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-TfOciM/SSSD-child-2922.pem 444s Certificate: 444s Data: 444s Version: 3 (0x2) 444s Serial Number: 3 (0x3) 444s Signature Algorithm: sha256WithRSAEncryption 444s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root CA 444s Validity 444s Not Before: Mar 23 21:40:10 2024 GMT 444s Not After : Mar 23 21:40:10 2025 GMT 444s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root Trusted Certificate 0001 444s Subject Public Key Info: 444s Public Key Algorithm: rsaEncryption 444s Public-Key: (1024 bit) 444s Modulus: 444s 00:b8:69:4a:91:be:db:5d:31:8c:54:3d:f0:07:ea: 444s c2:35:5f:d0:2d:0e:08:58:a0:f5:65:74:29:91:04: 444s 49:3f:58:07:29:eb:4b:62:c7:c8:e4:76:19:cf:41: 444s 19:b0:a0:0e:98:cf:1c:c8:c8:79:f6:f4:ee:d2:a4: 444s df:0c:4b:ce:84:57:1d:85:41:4d:6b:94:fa:07:16: 444s 1f:56:ef:66:74:8c:80:96:3c:02:55:c7:f4:6a:a2: 444s e9:37:c0:41:f2:86:c8:aa:89:8d:23:bf:a2:2d:ba: 444s 38:b3:64:12:de:52:48:73:f8:96:b4:a4:1a:1b:e4: 444s 3a:ef:e1:87:3f:2f:79:4c:b9 444s Exponent: 65537 (0x10001) 444s X509v3 extensions: 444s X509v3 Authority Key Identifier: 444s EF:46:F6:ED:E8:62:00:86:DC:6C:28:F1:15:19:41:B1:5A:FC:51:54 444s X509v3 Basic Constraints: 444s CA:FALSE 444s Netscape Cert Type: 444s SSL Client, S/MIME 444s Netscape Comment: 444s Test Organization Root CA trusted Certificate 444s X509v3 Subject Key Identifier: 444s 0C:14:F1:72:8B:E0:06:02:9D:97:F3:F4:0F:53:8B:CC:6D:A1:AC:51 444s X509v3 Key Usage: critical 444s Digital Signature, Non Repudiation, Key Encipherment 444s X509v3 Extended Key Usage: 444s TLS Web Client Authentication, E-mail Protection 444s X509v3 Subject Alternative Name: 444s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 444s Signature Algorithm: sha256WithRSAEncryption 444s Signature Value: 444s 81:13:55:bb:cc:0e:96:ef:af:fc:67:05:db:73:07:b2:3c:be: 444s e8:3f:0b:26:4d:90:f6:ba:4c:ad:2c:4c:ab:ca:ca:0e:8b:c8: 444s d9:cd:2e:b6:31:27:6e:1e:a1:5d:f1:01:f8:0b:85:00:0f:c4: 444s 9c:66:ec:96:3d:49:02:2c:76:65:cc:23:1a:74:a1:c6:56:18: 444s f6:8c:c7:da:22:15:e5:ba:47:92:f3:f1:c4:d7:c9:eb:67:97: 444s 03:cb:48:4e:2f:76:3a:ed:00:87:85:54:bd:ab:59:0b:89:40: 444s f5:a6:7e:e5:fc:f0:1c:34:07:e1:94:72:e7:47:23:c4:ec:f5: 444s 1f:34 444s + local found_md5 expected_md5 444s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-TfOciM/test-root-CA-trusted-certificate-0001.pem 444s + expected_md5=Modulus=B8694A91BEDB5D318C543DF007EAC2355FD02D0E0858A0F56574299104493F580729EB4B62C7C8E47619CF4119B0A00E98CF1CC8C879F6F4EED2A4DF0C4BCE84571D85414D6B94FA07161F56EF66748C80963C0255C7F46AA2E937C041F286C8AA898D23BFA22DBA38B36412DE524873F896B4A41A1BE43AEFE1873F2F794CB9 444s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-TfOciM/SSSD-child-2922.pem 444s + found_md5=Modulus=B8694A91BEDB5D318C543DF007EAC2355FD02D0E0858A0F56574299104493F580729EB4B62C7C8E47619CF4119B0A00E98CF1CC8C879F6F4EED2A4DF0C4BCE84571D85414D6B94FA07161F56EF66748C80963C0255C7F46AA2E937C041F286C8AA898D23BFA22DBA38B36412DE524873F896B4A41A1BE43AEFE1873F2F794CB9 444s + '[' Modulus=B8694A91BEDB5D318C543DF007EAC2355FD02D0E0858A0F56574299104493F580729EB4B62C7C8E47619CF4119B0A00E98CF1CC8C879F6F4EED2A4DF0C4BCE84571D85414D6B94FA07161F56EF66748C80963C0255C7F46AA2E937C041F286C8AA898D23BFA22DBA38B36412DE524873F896B4A41A1BE43AEFE1873F2F794CB9 '!=' Modulus=B8694A91BEDB5D318C543DF007EAC2355FD02D0E0858A0F56574299104493F580729EB4B62C7C8E47619CF4119B0A00E98CF1CC8C879F6F4EED2A4DF0C4BCE84571D85414D6B94FA07161F56EF66748C80963C0255C7F46AA2E937C041F286C8AA898D23BFA22DBA38B36412DE524873F896B4A41A1BE43AEFE1873F2F794CB9 ']' 444s + output_file=/tmp/sssd-softhsm2-TfOciM/SSSD-child-2922-auth.output 444s ++ basename /tmp/sssd-softhsm2-TfOciM/SSSD-child-2922-auth.output .output 444s + output_cert_file=/tmp/sssd-softhsm2-TfOciM/SSSD-child-2922-auth.pem 444s + echo -n 053350 444s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/tmp/sssd-softhsm2-TfOciM/test-root-CA.pem --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 '' --token_name 'Test Organization Root Tr Token' --module_name /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so 444s [p11_child[2062]] [main] (0x0400): p11_child started. 444s [p11_child[2062]] [main] (0x2000): Running in [auth] mode. 444s [p11_child[2062]] [main] (0x2000): Running with effective IDs: [0][0]. 444s [p11_child[2062]] [main] (0x2000): Running with real IDs [0][0]. 444s [p11_child[2062]] [do_card] (0x4000): Module List: 444s [p11_child[2062]] [do_card] (0x4000): common name: [softhsm2]. 444s [p11_child[2062]] [do_card] (0x4000): dll name: [/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 444s [p11_child[2062]] [do_card] (0x4000): Description [SoftHSM slot ID 0x6f044bde] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 444s [p11_child[2062]] [do_card] (0x4000): Token label [Test Organization Root Tr Token]. 444s [p11_child[2062]] [do_card] (0x4000): Found [Test Organization Root Tr Token] in slot [SoftHSM slot ID 0x6f044bde][1862552542] of module [0][/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 444s [p11_child[2062]] [do_card] (0x4000): Login required. 444s [p11_child[2062]] [read_certs] (0x4000): found cert[Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] 444s [p11_child[2062]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 444s [p11_child[2062]] [do_card] (0x4000): /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so Test Organization Root Tr Token Test Organization Root Tr Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 444s [p11_child[2062]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x6f044bde;slot-manufacturer=SoftHSM%20project;slot-id=1862552542;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=4e95af716f044bde;token=Test%20Organization%20Root%20Tr%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Root%20Trusted%20Certificate%200001;type=cert. 444s [p11_child[2062]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 444s [p11_child[2062]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 444s [p11_child[2062]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 444s [p11_child[2062]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 444s [p11_child[2062]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 444s [p11_child[2062]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 444s [p11_child[2062]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 444s [p11_child[2062]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 444s [p11_child[2062]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 444s [p11_child[2062]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 444s [p11_child[2062]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 444s [p11_child[2062]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 444s [p11_child[2062]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 444s [p11_child[2062]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 444s [p11_child[2062]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 444s [p11_child[2062]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 444s [p11_child[2062]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 444s [p11_child[2062]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 444s Certificate: 444s Data: 444s Version: 3 (0x2) 444s Serial Number: 3 (0x3) 444s Signature Algorithm: sha256WithRSAEncryption 444s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root CA 444s Validity 444s Not Before: Mar 23 21:40:10 2024 GMT 444s Not After : Mar 23 21:40:10 2025 GMT 444s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root Trusted Certificate 0001 444s Subject Public Key Info: 444s Public Key Algorithm: rsaEncryption 444s Public-Key: (1024 bit) 444s Modulus: 444s 00:b8:69:4a:91:be:db:5d:31:8c:54:3d:f0:07:ea: 444s c2:35:5f:d0:2d:0e:08:58:a0:f5:65:74:29:91:04: 444s 49:3f:58:07:29:eb:4b:62:c7:c8:e4:76:19:cf:41: 444s 19:b0:a0:0e:98:cf:1c:c8:c8:79:f6:f4:ee:d2:a4: 444s df:0c:4b:ce:84:57:1d:85:41:4d:6b:94:fa:07:16: 444s 1f:56:ef:66:74:8c:80:96:3c:02:55:c7:f4:6a:a2: 444s e9:37:c0:41:f2:86:c8:aa:89:8d:23:bf:a2:2d:ba: 444s 38:b3:64:12:de:52:48:73:f8:96:b4:a4:1a:1b:e4: 444s 3a:ef:e1:87:3f:2f:79:4c:b9 444s Exponent: 65537 (0x10001) 444s X509v3 extensions: 444s X509v3 Authority Key Identifier: 444s EF:46:F6:ED:E8:62:00:86:DC:6C:28:F1:15:19:41:B1:5A:FC:51:54 444s X509v3 Basic Constraints: 444s CA:FALSE 444s Netscape Cert Type: 444s SSL Client, S/MIME 444s Netscape Comment: 444s Test Organization Root CA trusted Certificate 444s X509v3 Subject Key Identifier: 444s 0C:14:F1:72:8B:E0:06:02:9D:97:F3:F4:0F:53:8B:CC:6D:A1:AC:51 444s X509v3 Key Usage: critical 444s Digital Signature, Non Repudiation, Key Encipherment 444s X509v3 Extended Key Usage: 444s TLS Web Client Authentication, E-mail Protection 444s X509v3 Subject Alternative Name: 444s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 444s Signature Algorithm: sha256WithRSAEncryption 444s Signature Value: 444s 81:13:55:bb:cc:0e:96:ef:af:fc:67:05:db:73:07:b2:3c:be: 444s e8:3f:0b:26:4d:90:f6:ba:4c:ad:2c:4c:ab:ca:ca:0e:8b:c8: 444s d9:cd:2e:b6:31:27:6e:1e:a1:5d:f1:01:f8:0b:85:00:0f:c4: 444s 9c:66:ec:96:3d:49:02:2c:76:65:cc:23:1a:74:a1:c6:56:18: 444s f6:8c:c7:da:22:15:e5:ba:47:92:f3:f1:c4:d7:c9:eb:67:97: 444s 03:cb:48:4e:2f:76:3a:ed:00:87:85:54:bd:ab:59:0b:89:40: 444s f5:a6:7e:e5:fc:f0:1c:34:07:e1:94:72:e7:47:23:c4:ec:f5: 444s 1f:34 444s [p11_child[2062]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 444s [p11_child[2062]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 444s [p11_child[2062]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 444s [p11_child[2062]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 444s [p11_child[2062]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 444s [p11_child[2062]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 444s [p11_child[2062]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 444s [p11_child[2062]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 444s [p11_child[2062]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 444s [p11_child[2062]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 444s [p11_child[2062]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 444s [p11_child[2062]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 444s [p11_child[2062]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 444s [p11_child[2062]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 444s [p11_child[2062]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 444s [p11_child[2062]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 444s [p11_child[2062]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 444s [p11_child[2062]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 444s [p11_child[2062]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 444s [p11_child[2062]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 444s [p11_child[2062]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 444s [p11_child[2062]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 444s [p11_child[2062]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 444s [p11_child[2062]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 444s [p11_child[2062]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 444s [p11_child[2062]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 444s [p11_child[2062]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 444s [p11_child[2062]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 444s [p11_child[2062]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 444s [p11_child[2062]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 444s [p11_child[2062]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 444s [p11_child[2062]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 444s [p11_child[2062]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 444s [p11_child[2062]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 444s [p11_child[2062]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 444s [p11_child[2062]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 444s [p11_child[2062]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 444s [p11_child[2062]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 444s [p11_child[2062]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 444s [p11_child[2062]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 444s [p11_child[2062]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 444s [p11_child[2062]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 444s [p11_child[2062]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 444s [p11_child[2062]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 444s [p11_child[2062]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 444s [p11_child[2062]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 444s [p11_child[2062]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 444s [p11_child[2062]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 444s [p11_child[2062]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 444s [p11_child[2062]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 444s [p11_child[2062]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 444s [p11_child[2062]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 444s [p11_child[2062]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 444s [p11_child[2062]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 444s [p11_child[2062]] [do_card] (0x4000): Certificate verified and validated. 444s [p11_child[2062]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 444s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-TfOciM/SSSD-child-2922-auth.output 444s + echo '-----BEGIN CERTIFICATE-----' 444s + tail -n1 /tmp/sssd-softhsm2-TfOciM/SSSD-child-2922-auth.output 444s + echo '-----END CERTIFICATE-----' 444s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-TfOciM/SSSD-child-2922-auth.pem 444s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-TfOciM/SSSD-child-2922-auth.pem 444s + found_md5=Modulus=B8694A91BEDB5D318C543DF007EAC2355FD02D0E0858A0F56574299104493F580729EB4B62C7C8E47619CF4119B0A00E98CF1CC8C879F6F4EED2A4DF0C4BCE84571D85414D6B94FA07161F56EF66748C80963C0255C7F46AA2E937C041F286C8AA898D23BFA22DBA38B36412DE524873F896B4A41A1BE43AEFE1873F2F794CB9 444s + '[' Modulus=B8694A91BEDB5D318C543DF007EAC2355FD02D0E0858A0F56574299104493F580729EB4B62C7C8E47619CF4119B0A00E98CF1CC8C879F6F4EED2A4DF0C4BCE84571D85414D6B94FA07161F56EF66748C80963C0255C7F46AA2E937C041F286C8AA898D23BFA22DBA38B36412DE524873F896B4A41A1BE43AEFE1873F2F794CB9 '!=' Modulus=B8694A91BEDB5D318C543DF007EAC2355FD02D0E0858A0F56574299104493F580729EB4B62C7C8E47619CF4119B0A00E98CF1CC8C879F6F4EED2A4DF0C4BCE84571D85414D6B94FA07161F56EF66748C80963C0255C7F46AA2E937C041F286C8AA898D23BFA22DBA38B36412DE524873F896B4A41A1BE43AEFE1873F2F794CB9 ']' 444s + valid_certificate /tmp/sssd-softhsm2-TfOciM/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-277 /tmp/sssd-softhsm2-TfOciM/test-root-CA.pem partial_chain 444s + check_certificate /tmp/sssd-softhsm2-TfOciM/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-277 /tmp/sssd-softhsm2-TfOciM/test-root-CA.pem partial_chain 444s + local certificate=/tmp/sssd-softhsm2-TfOciM/test-root-CA-trusted-certificate-0001.pem 444s + local key_pass=pass:random-root-ca-trusted-cert-0001-277 444s + local key_ring=/tmp/sssd-softhsm2-TfOciM/test-root-CA.pem 444s + local verify_option=partial_chain 444s + prepare_softhsm2_card /tmp/sssd-softhsm2-TfOciM/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-277 444s + local certificate=/tmp/sssd-softhsm2-TfOciM/test-root-CA-trusted-certificate-0001.pem 444s + local key_pass=pass:random-root-ca-trusted-cert-0001-277 444s + local key_cn 444s + local key_name 444s + local tokens_dir 444s + local output_cert_file 444s + token_name= 444s ++ basename /tmp/sssd-softhsm2-TfOciM/test-root-CA-trusted-certificate-0001.pem .pem 444s + key_name=test-root-CA-trusted-certificate-0001 444s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-TfOciM/test-root-CA-trusted-certificate-0001.pem 444s ++ sed -n 's/ *commonName *= //p' 444s + key_cn='Test Organization Root Trusted Certificate 0001' 444s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 444s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-TfOciM/softhsm2-test-root-CA-trusted-certificate-0001.conf 444s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-TfOciM/softhsm2-test-root-CA-trusted-certificate-0001.conf 444s ++ basename /tmp/sssd-softhsm2-TfOciM/softhsm2-test-root-CA-trusted-certificate-0001.conf .conf 444s Test Organization Root Tr Token 444s + tokens_dir=/tmp/sssd-softhsm2-TfOciM/softhsm2-test-root-CA-trusted-certificate-0001 444s + token_name='Test Organization Root Tr Token' 444s + '[' '!' -e /tmp/sssd-softhsm2-TfOciM/softhsm2-test-root-CA-trusted-certificate-0001.conf ']' 444s + '[' '!' -d /tmp/sssd-softhsm2-TfOciM/softhsm2-test-root-CA-trusted-certificate-0001 ']' 444s + echo 'Test Organization Root Tr Token' 444s + '[' -n partial_chain ']' 444s + local verify_arg=--verify=partial_chain 444s + local output_base_name=SSSD-child-13010 444s + local output_file=/tmp/sssd-softhsm2-TfOciM/SSSD-child-13010.output 444s + output_cert_file=/tmp/sssd-softhsm2-TfOciM/SSSD-child-13010.pem 444s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so --verify=partial_chain --ca_db=/tmp/sssd-softhsm2-TfOciM/test-root-CA.pem 444s [p11_child[2072]] [main] (0x0400): p11_child started. 444s [p11_child[2072]] [main] (0x2000): Running in [pre-auth] mode. 444s [p11_child[2072]] [main] (0x2000): Running with effective IDs: [0][0]. 444s [p11_child[2072]] [main] (0x2000): Running with real IDs [0][0]. 444s [p11_child[2072]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 444s [p11_child[2072]] [do_card] (0x4000): Module List: 444s [p11_child[2072]] [do_card] (0x4000): common name: [softhsm2]. 444s [p11_child[2072]] [do_card] (0x4000): dll name: [/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 444s [p11_child[2072]] [do_card] (0x4000): Description [SoftHSM slot ID 0x6f044bde] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 444s [p11_child[2072]] [do_card] (0x4000): Token label [Test Organization Root Tr Token]. 444s [p11_child[2072]] [do_card] (0x4000): Found [Test Organization Root Tr Token] in slot [SoftHSM slot ID 0x6f044bde][1862552542] of module [0][/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 444s [p11_child[2072]] [do_card] (0x4000): Login NOT required. 444s [p11_child[2072]] [read_certs] (0x4000): found cert[Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] 444s [p11_child[2072]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 444s [p11_child[2072]] [do_card] (0x4000): /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so (null) Test Organization Root Tr Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 444s [p11_child[2072]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x6f044bde;slot-manufacturer=SoftHSM%20project;slot-id=1862552542;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=4e95af716f044bde;token=Test%20Organization%20Root%20Tr%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Root%20Trusted%20Certificate%200001;type=cert. 444s [p11_child[2072]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 444s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-TfOciM/SSSD-child-13010.output 444s + echo '-----BEGIN CERTIFICATE-----' 444s + tail -n1 /tmp/sssd-softhsm2-TfOciM/SSSD-child-13010.output 444s + echo '-----END CERTIFICATE-----' 444s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-TfOciM/SSSD-child-13010.pem 444s Certificate: 444s Data: 444s Version: 3 (0x2) 444s Serial Number: 3 (0x3) 444s Signature Algorithm: sha256WithRSAEncryption 444s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root CA 444s Validity 444s Not Before: Mar 23 21:40:10 2024 GMT 444s Not After : Mar 23 21:40:10 2025 GMT 444s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root Trusted Certificate 0001 444s Subject Public Key Info: 444s Public Key Algorithm: rsaEncryption 444s Public-Key: (1024 bit) 444s Modulus: 444s 00:b8:69:4a:91:be:db:5d:31:8c:54:3d:f0:07:ea: 444s c2:35:5f:d0:2d:0e:08:58:a0:f5:65:74:29:91:04: 444s 49:3f:58:07:29:eb:4b:62:c7:c8:e4:76:19:cf:41: 444s 19:b0:a0:0e:98:cf:1c:c8:c8:79:f6:f4:ee:d2:a4: 444s df:0c:4b:ce:84:57:1d:85:41:4d:6b:94:fa:07:16: 444s 1f:56:ef:66:74:8c:80:96:3c:02:55:c7:f4:6a:a2: 444s e9:37:c0:41:f2:86:c8:aa:89:8d:23:bf:a2:2d:ba: 444s 38:b3:64:12:de:52:48:73:f8:96:b4:a4:1a:1b:e4: 444s 3a:ef:e1:87:3f:2f:79:4c:b9 444s Exponent: 65537 (0x10001) 444s X509v3 extensions: 444s X509v3 Authority Key Identifier: 444s EF:46:F6:ED:E8:62:00:86:DC:6C:28:F1:15:19:41:B1:5A:FC:51:54 444s X509v3 Basic Constraints: 444s CA:FALSE 444s Netscape Cert Type: 444s SSL Client, S/MIME 444s Netscape Comment: 444s Test Organization Root CA trusted Certificate 444s X509v3 Subject Key Identifier: 444s 0C:14:F1:72:8B:E0:06:02:9D:97:F3:F4:0F:53:8B:CC:6D:A1:AC:51 444s X509v3 Key Usage: critical 444s Digital Signature, Non Repudiation, Key Encipherment 444s X509v3 Extended Key Usage: 444s TLS Web Client Authentication, E-mail Protection 444s X509v3 Subject Alternative Name: 444s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 444s Signature Algorithm: sha256WithRSAEncryption 444s Signature Value: 444s 81:13:55:bb:cc:0e:96:ef:af:fc:67:05:db:73:07:b2:3c:be: 444s e8:3f:0b:26:4d:90:f6:ba:4c:ad:2c:4c:ab:ca:ca:0e:8b:c8: 444s d9:cd:2e:b6:31:27:6e:1e:a1:5d:f1:01:f8:0b:85:00:0f:c4: 444s 9c:66:ec:96:3d:49:02:2c:76:65:cc:23:1a:74:a1:c6:56:18: 444s f6:8c:c7:da:22:15:e5:ba:47:92:f3:f1:c4:d7:c9:eb:67:97: 444s 03:cb:48:4e:2f:76:3a:ed:00:87:85:54:bd:ab:59:0b:89:40: 444s f5:a6:7e:e5:fc:f0:1c:34:07:e1:94:72:e7:47:23:c4:ec:f5: 444s 1f:34 444s + local found_md5 expected_md5 444s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-TfOciM/test-root-CA-trusted-certificate-0001.pem 444s + expected_md5=Modulus=B8694A91BEDB5D318C543DF007EAC2355FD02D0E0858A0F56574299104493F580729EB4B62C7C8E47619CF4119B0A00E98CF1CC8C879F6F4EED2A4DF0C4BCE84571D85414D6B94FA07161F56EF66748C80963C0255C7F46AA2E937C041F286C8AA898D23BFA22DBA38B36412DE524873F896B4A41A1BE43AEFE1873F2F794CB9 444s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-TfOciM/SSSD-child-13010.pem 445s + found_md5=Modulus=B8694A91BEDB5D318C543DF007EAC2355FD02D0E0858A0F56574299104493F580729EB4B62C7C8E47619CF4119B0A00E98CF1CC8C879F6F4EED2A4DF0C4BCE84571D85414D6B94FA07161F56EF66748C80963C0255C7F46AA2E937C041F286C8AA898D23BFA22DBA38B36412DE524873F896B4A41A1BE43AEFE1873F2F794CB9 445s + '[' Modulus=B8694A91BEDB5D318C543DF007EAC2355FD02D0E0858A0F56574299104493F580729EB4B62C7C8E47619CF4119B0A00E98CF1CC8C879F6F4EED2A4DF0C4BCE84571D85414D6B94FA07161F56EF66748C80963C0255C7F46AA2E937C041F286C8AA898D23BFA22DBA38B36412DE524873F896B4A41A1BE43AEFE1873F2F794CB9 '!=' Modulus=B8694A91BEDB5D318C543DF007EAC2355FD02D0E0858A0F56574299104493F580729EB4B62C7C8E47619CF4119B0A00E98CF1CC8C879F6F4EED2A4DF0C4BCE84571D85414D6B94FA07161F56EF66748C80963C0255C7F46AA2E937C041F286C8AA898D23BFA22DBA38B36412DE524873F896B4A41A1BE43AEFE1873F2F794CB9 ']' 445s + output_file=/tmp/sssd-softhsm2-TfOciM/SSSD-child-13010-auth.output 445s ++ basename /tmp/sssd-softhsm2-TfOciM/SSSD-child-13010-auth.output .output 445s + output_cert_file=/tmp/sssd-softhsm2-TfOciM/SSSD-child-13010-auth.pem 445s + echo -n 053350 445s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/tmp/sssd-softhsm2-TfOciM/test-root-CA.pem --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 --verify=partial_chain --token_name 'Test Organization Root Tr Token' --module_name /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so 445s [p11_child[2080]] [main] (0x0400): p11_child started. 445s [p11_child[2080]] [main] (0x2000): Running in [auth] mode. 445s [p11_child[2080]] [main] (0x2000): Running with effective IDs: [0][0]. 445s [p11_child[2080]] [main] (0x2000): Running with real IDs [0][0]. 445s [p11_child[2080]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 445s [p11_child[2080]] [do_card] (0x4000): Module List: 445s [p11_child[2080]] [do_card] (0x4000): common name: [softhsm2]. 445s [p11_child[2080]] [do_card] (0x4000): dll name: [/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 445s [p11_child[2080]] [do_card] (0x4000): Description [SoftHSM slot ID 0x6f044bde] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 445s [p11_child[2080]] [do_card] (0x4000): Token label [Test Organization Root Tr Token]. 445s [p11_child[2080]] [do_card] (0x4000): Found [Test Organization Root Tr Token] in slot [SoftHSM slot ID 0x6f044bde][1862552542] of module [0][/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 445s [p11_child[2080]] [do_card] (0x4000): Login required. 445s [p11_child[2080]] [read_certs] (0x4000): found cert[Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] 445s [p11_child[2080]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 445s [p11_child[2080]] [do_card] (0x4000): /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so Test Organization Root Tr Token Test Organization Root Tr Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 445s [p11_child[2080]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x6f044bde;slot-manufacturer=SoftHSM%20project;slot-id=1862552542;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=4e95af716f044bde;token=Test%20Organization%20Root%20Tr%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Root%20Trusted%20Certificate%200001;type=cert. 445s [p11_child[2080]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 445s [p11_child[2080]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 445s [p11_child[2080]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 445s [p11_child[2080]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 445s [p11_child[2080]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 445s [p11_child[2080]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 445s [p11_child[2080]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 445s [p11_child[2080]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 445s [p11_child[2080]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 445s [p11_child[2080]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 445s [p11_child[2080]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 445s [p11_child[2080]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 445s [p11_child[2080]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 445s [p11_child[2080]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 445s [p11_child[2080]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 445s [p11_child[2080]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 445s [p11_child[2080]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 445s [p11_child[2080]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 445s [p11_child[2080]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 445s [p11_child[2080]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 445s [p11_child[2080]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 445s [p11_child[2080]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 445s [p11_child[2080]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 445s [p11_child[2080]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 445s [p11_child[2080]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 445s [p11_child[2080]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 445s [p11_child[2080]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 445s [p11_child[2080]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 445s [p11_child[2080]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 445s [p11_child[2080]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 445s [p11_child[2080]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 445s [p11_child[2080]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 445s [p11_child[2080]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 445s [p11_child[2080]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 445s [p11_child[2080]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 445s [p11_child[2080]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 445s [p11_child[2080]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 445s [p11_child[2080]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 445s [p11_child[2080]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 445s [p11_child[2080]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 445s [p11_child[2080]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 445s [p11_child[2080]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 445s [p11_child[2080]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 445s [p11_child[2080]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 445s [p11_child[2080]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 445s [p11_child[2080]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 445s [p11_child[2080]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 445s [p11_child[2080]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 445s [p11_child[2080]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 445s [p11_child[2080]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 445s [p11_child[2080]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 445s [p11_child[2080]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 445s [p11_child[2080]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 445s [p11_child[2080]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 445s [p11_child[2080]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 445s [p11_child[2080]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 445s [p11_child[2080]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 445s [p11_child[2080]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 445s [p11_child[2080]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 445s [p11_child[2080]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 445s [p11_child[2080]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 445s [p11_child[2080]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 445s [p11_child[2080]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 445s [p11_child[2080]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 445s [p11_child[2080]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 445s [p11_child[2080]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 445s [p11_child[2080]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 445s [p11_child[2080]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 445s [p11_child[2080]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 445s [p11_child[2080]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 445s [p11_child[2080]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 445s [p11_child[2080]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 445s [p11_child[2080]] [do_card] (0x4000): Certificate verified and validated. 445s [p11_child[2080]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 445s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-TfOciM/SSSD-child-13010-auth.output 445s + echo '-----BEGIN CERTIFICATE-----' 445s + tail -n1 /tmp/sssd-softhsm2-TfOciM/SSSD-child-13010-auth.output 445s + echo '-----END CERTIFICATE-----' 445s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-TfOciM/SSSD-child-13010-auth.pem 445s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-TfOciM/SSSD-child-13010-auth.pem 445s Certificate: 445s Data: 445s Version: 3 (0x2) 445s Serial Number: 3 (0x3) 445s Signature Algorithm: sha256WithRSAEncryption 445s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root CA 445s Validity 445s Not Before: Mar 23 21:40:10 2024 GMT 445s Not After : Mar 23 21:40:10 2025 GMT 445s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root Trusted Certificate 0001 445s Subject Public Key Info: 445s Public Key Algorithm: rsaEncryption 445s Public-Key: (1024 bit) 445s Modulus: 445s 00:b8:69:4a:91:be:db:5d:31:8c:54:3d:f0:07:ea: 445s c2:35:5f:d0:2d:0e:08:58:a0:f5:65:74:29:91:04: 445s 49:3f:58:07:29:eb:4b:62:c7:c8:e4:76:19:cf:41: 445s 19:b0:a0:0e:98:cf:1c:c8:c8:79:f6:f4:ee:d2:a4: 445s df:0c:4b:ce:84:57:1d:85:41:4d:6b:94:fa:07:16: 445s 1f:56:ef:66:74:8c:80:96:3c:02:55:c7:f4:6a:a2: 445s e9:37:c0:41:f2:86:c8:aa:89:8d:23:bf:a2:2d:ba: 445s 38:b3:64:12:de:52:48:73:f8:96:b4:a4:1a:1b:e4: 445s 3a:ef:e1:87:3f:2f:79:4c:b9 445s Exponent: 65537 (0x10001) 445s X509v3 extensions: 445s X509v3 Authority Key Identifier: 445s EF:46:F6:ED:E8:62:00:86:DC:6C:28:F1:15:19:41:B1:5A:FC:51:54 445s X509v3 Basic Constraints: 445s CA:FALSE 445s Netscape Cert Type: 445s SSL Client, S/MIME 445s Netscape Comment: 445s Test Organization Root CA trusted Certificate 445s X509v3 Subject Key Identifier: 445s 0C:14:F1:72:8B:E0:06:02:9D:97:F3:F4:0F:53:8B:CC:6D:A1:AC:51 445s X509v3 Key Usage: critical 445s Digital Signature, Non Repudiation, Key Encipherment 445s X509v3 Extended Key Usage: 445s TLS Web Client Authentication, E-mail Protection 445s X509v3 Subject Alternative Name: 445s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 445s Signature Algorithm: sha256WithRSAEncryption 445s Signature Value: 445s 81:13:55:bb:cc:0e:96:ef:af:fc:67:05:db:73:07:b2:3c:be: 445s e8:3f:0b:26:4d:90:f6:ba:4c:ad:2c:4c:ab:ca:ca:0e:8b:c8: 445s d9:cd:2e:b6:31:27:6e:1e:a1:5d:f1:01:f8:0b:85:00:0f:c4: 445s 9c:66:ec:96:3d:49:02:2c:76:65:cc:23:1a:74:a1:c6:56:18: 445s f6:8c:c7:da:22:15:e5:ba:47:92:f3:f1:c4:d7:c9:eb:67:97: 445s 03:cb:48:4e:2f:76:3a:ed:00:87:85:54:bd:ab:59:0b:89:40: 445s f5:a6:7e:e5:fc:f0:1c:34:07:e1:94:72:e7:47:23:c4:ec:f5: 445s 1f:34 445s + found_md5=Modulus=B8694A91BEDB5D318C543DF007EAC2355FD02D0E0858A0F56574299104493F580729EB4B62C7C8E47619CF4119B0A00E98CF1CC8C879F6F4EED2A4DF0C4BCE84571D85414D6B94FA07161F56EF66748C80963C0255C7F46AA2E937C041F286C8AA898D23BFA22DBA38B36412DE524873F896B4A41A1BE43AEFE1873F2F794CB9 445s + '[' Modulus=B8694A91BEDB5D318C543DF007EAC2355FD02D0E0858A0F56574299104493F580729EB4B62C7C8E47619CF4119B0A00E98CF1CC8C879F6F4EED2A4DF0C4BCE84571D85414D6B94FA07161F56EF66748C80963C0255C7F46AA2E937C041F286C8AA898D23BFA22DBA38B36412DE524873F896B4A41A1BE43AEFE1873F2F794CB9 '!=' Modulus=B8694A91BEDB5D318C543DF007EAC2355FD02D0E0858A0F56574299104493F580729EB4B62C7C8E47619CF4119B0A00E98CF1CC8C879F6F4EED2A4DF0C4BCE84571D85414D6B94FA07161F56EF66748C80963C0255C7F46AA2E937C041F286C8AA898D23BFA22DBA38B36412DE524873F896B4A41A1BE43AEFE1873F2F794CB9 ']' 445s + valid_certificate /tmp/sssd-softhsm2-TfOciM/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-277 /tmp/sssd-softhsm2-TfOciM/test-full-chain-CA.pem 445s + check_certificate /tmp/sssd-softhsm2-TfOciM/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-277 /tmp/sssd-softhsm2-TfOciM/test-full-chain-CA.pem 445s + local certificate=/tmp/sssd-softhsm2-TfOciM/test-root-CA-trusted-certificate-0001.pem 445s + local key_pass=pass:random-root-ca-trusted-cert-0001-277 445s + local key_ring=/tmp/sssd-softhsm2-TfOciM/test-full-chain-CA.pem 445s + local verify_option= 445s + prepare_softhsm2_card /tmp/sssd-softhsm2-TfOciM/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-277 445s + local certificate=/tmp/sssd-softhsm2-TfOciM/test-root-CA-trusted-certificate-0001.pem 445s + local key_pass=pass:random-root-ca-trusted-cert-0001-277 445s + local key_cn 445s + local key_name 445s + local tokens_dir 445s + local output_cert_file 445s + token_name= 445s ++ basename /tmp/sssd-softhsm2-TfOciM/test-root-CA-trusted-certificate-0001.pem .pem 445s + key_name=test-root-CA-trusted-certificate-0001 445s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-TfOciM/test-root-CA-trusted-certificate-0001.pem 445s ++ sed -n 's/ *commonName *= //p' 445s + key_cn='Test Organization Root Trusted Certificate 0001' 445s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 445s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-TfOciM/softhsm2-test-root-CA-trusted-certificate-0001.conf 445s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-TfOciM/softhsm2-test-root-CA-trusted-certificate-0001.conf 445s ++ basename /tmp/sssd-softhsm2-TfOciM/softhsm2-test-root-CA-trusted-certificate-0001.conf .conf 445s + tokens_dir=/tmp/sssd-softhsm2-TfOciM/softhsm2-test-root-CA-trusted-certificate-0001 445s + token_name='Test Organization Root Tr Token' 445s + '[' '!' -e /tmp/sssd-softhsm2-TfOciM/softhsm2-test-root-CA-trusted-certificate-0001.conf ']' 445s + '[' '!' -d /tmp/sssd-softhsm2-TfOciM/softhsm2-test-root-CA-trusted-certificate-0001 ']' 445s + echo 'Test Organization Root Tr Token' 445s + '[' -n '' ']' 445s + local output_base_name=SSSD-child-19274 445s + local output_file=/tmp/sssd-softhsm2-TfOciM/SSSD-child-19274.output 445s Test Organization Root Tr Token 445s + output_cert_file=/tmp/sssd-softhsm2-TfOciM/SSSD-child-19274.pem 445s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so '' --ca_db=/tmp/sssd-softhsm2-TfOciM/test-full-chain-CA.pem 445s [p11_child[2090]] [main] (0x0400): p11_child started. 445s [p11_child[2090]] [main] (0x2000): Running in [pre-auth] mode. 445s [p11_child[2090]] [main] (0x2000): Running with effective IDs: [0][0]. 445s [p11_child[2090]] [main] (0x2000): Running with real IDs [0][0]. 445s [p11_child[2090]] [do_card] (0x4000): Module List: 445s [p11_child[2090]] [do_card] (0x4000): common name: [softhsm2]. 445s [p11_child[2090]] [do_card] (0x4000): dll name: [/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 445s [p11_child[2090]] [do_card] (0x4000): Description [SoftHSM slot ID 0x6f044bde] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 445s [p11_child[2090]] [do_card] (0x4000): Token label [Test Organization Root Tr Token]. 445s [p11_child[2090]] [do_card] (0x4000): Found [Test Organization Root Tr Token] in slot [SoftHSM slot ID 0x6f044bde][1862552542] of module [0][/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 445s [p11_child[2090]] [do_card] (0x4000): Login NOT required. 445s [p11_child[2090]] [read_certs] (0x4000): found cert[Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] 445s [p11_child[2090]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 445s [p11_child[2090]] [do_card] (0x4000): /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so (null) Test Organization Root Tr Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 445s [p11_child[2090]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x6f044bde;slot-manufacturer=SoftHSM%20project;slot-id=1862552542;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=4e95af716f044bde;token=Test%20Organization%20Root%20Tr%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Root%20Trusted%20Certificate%200001;type=cert. 445s [p11_child[2090]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 445s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-TfOciM/SSSD-child-19274.output 445s + echo '-----BEGIN CERTIFICATE-----' 445s + tail -n1 /tmp/sssd-softhsm2-TfOciM/SSSD-child-19274.output 445s + echo '-----END CERTIFICATE-----' 445s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-TfOciM/SSSD-child-19274.pem 445s + local found_md5 expected_md5 445s Certificate: 445s Data: 445s Version: 3 (0x2) 445s Serial Number: 3 (0x3) 445s Signature Algorithm: sha256WithRSAEncryption 445s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root CA 445s Validity 445s Not Before: Mar 23 21:40:10 2024 GMT 445s Not After : Mar 23 21:40:10 2025 GMT 445s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root Trusted Certificate 0001 445s Subject Public Key Info: 445s Public Key Algorithm: rsaEncryption 445s Public-Key: (1024 bit) 445s Modulus: 445s 00:b8:69:4a:91:be:db:5d:31:8c:54:3d:f0:07:ea: 445s c2:35:5f:d0:2d:0e:08:58:a0:f5:65:74:29:91:04: 445s 49:3f:58:07:29:eb:4b:62:c7:c8:e4:76:19:cf:41: 445s 19:b0:a0:0e:98:cf:1c:c8:c8:79:f6:f4:ee:d2:a4: 445s df:0c:4b:ce:84:57:1d:85:41:4d:6b:94:fa:07:16: 445s 1f:56:ef:66:74:8c:80:96:3c:02:55:c7:f4:6a:a2: 445s e9:37:c0:41:f2:86:c8:aa:89:8d:23:bf:a2:2d:ba: 445s 38:b3:64:12:de:52:48:73:f8:96:b4:a4:1a:1b:e4: 445s 3a:ef:e1:87:3f:2f:79:4c:b9 445s Exponent: 65537 (0x10001) 445s X509v3 extensions: 445s X509v3 Authority Key Identifier: 445s EF:46:F6:ED:E8:62:00:86:DC:6C:28:F1:15:19:41:B1:5A:FC:51:54 445s X509v3 Basic Constraints: 445s CA:FALSE 445s Netscape Cert Type: 445s SSL Client, S/MIME 445s Netscape Comment: 445s Test Organization Root CA trusted Certificate 445s X509v3 Subject Key Identifier: 445s 0C:14:F1:72:8B:E0:06:02:9D:97:F3:F4:0F:53:8B:CC:6D:A1:AC:51 445s X509v3 Key Usage: critical 445s Digital Signature, Non Repudiation, Key Encipherment 445s X509v3 Extended Key Usage: 445s TLS Web Client Authentication, E-mail Protection 445s X509v3 Subject Alternative Name: 445s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 445s Signature Algorithm: sha256WithRSAEncryption 445s Signature Value: 445s 81:13:55:bb:cc:0e:96:ef:af:fc:67:05:db:73:07:b2:3c:be: 445s e8:3f:0b:26:4d:90:f6:ba:4c:ad:2c:4c:ab:ca:ca:0e:8b:c8: 445s d9:cd:2e:b6:31:27:6e:1e:a1:5d:f1:01:f8:0b:85:00:0f:c4: 445s 9c:66:ec:96:3d:49:02:2c:76:65:cc:23:1a:74:a1:c6:56:18: 445s f6:8c:c7:da:22:15:e5:ba:47:92:f3:f1:c4:d7:c9:eb:67:97: 445s 03:cb:48:4e:2f:76:3a:ed:00:87:85:54:bd:ab:59:0b:89:40: 445s f5:a6:7e:e5:fc:f0:1c:34:07:e1:94:72:e7:47:23:c4:ec:f5: 445s 1f:34 445s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-TfOciM/test-root-CA-trusted-certificate-0001.pem 445s + expected_md5=Modulus=B8694A91BEDB5D318C543DF007EAC2355FD02D0E0858A0F56574299104493F580729EB4B62C7C8E47619CF4119B0A00E98CF1CC8C879F6F4EED2A4DF0C4BCE84571D85414D6B94FA07161F56EF66748C80963C0255C7F46AA2E937C041F286C8AA898D23BFA22DBA38B36412DE524873F896B4A41A1BE43AEFE1873F2F794CB9 445s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-TfOciM/SSSD-child-19274.pem 445s + found_md5=Modulus=B8694A91BEDB5D318C543DF007EAC2355FD02D0E0858A0F56574299104493F580729EB4B62C7C8E47619CF4119B0A00E98CF1CC8C879F6F4EED2A4DF0C4BCE84571D85414D6B94FA07161F56EF66748C80963C0255C7F46AA2E937C041F286C8AA898D23BFA22DBA38B36412DE524873F896B4A41A1BE43AEFE1873F2F794CB9 445s + '[' Modulus=B8694A91BEDB5D318C543DF007EAC2355FD02D0E0858A0F56574299104493F580729EB4B62C7C8E47619CF4119B0A00E98CF1CC8C879F6F4EED2A4DF0C4BCE84571D85414D6B94FA07161F56EF66748C80963C0255C7F46AA2E937C041F286C8AA898D23BFA22DBA38B36412DE524873F896B4A41A1BE43AEFE1873F2F794CB9 '!=' Modulus=B8694A91BEDB5D318C543DF007EAC2355FD02D0E0858A0F56574299104493F580729EB4B62C7C8E47619CF4119B0A00E98CF1CC8C879F6F4EED2A4DF0C4BCE84571D85414D6B94FA07161F56EF66748C80963C0255C7F46AA2E937C041F286C8AA898D23BFA22DBA38B36412DE524873F896B4A41A1BE43AEFE1873F2F794CB9 ']' 445s + output_file=/tmp/sssd-softhsm2-TfOciM/SSSD-child-19274-auth.output 445s ++ basename /tmp/sssd-softhsm2-TfOciM/SSSD-child-19274-auth.output .output 445s + output_cert_file=/tmp/sssd-softhsm2-TfOciM/SSSD-child-19274-auth.pem 445s + echo -n 053350 445s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/tmp/sssd-softhsm2-TfOciM/test-full-chain-CA.pem --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 '' --token_name 'Test Organization Root Tr Token' --module_name /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so 445s [p11_child[2098]] [main] (0x0400): p11_child started. 445s [p11_child[2098]] [main] (0x2000): Running in [auth] mode. 445s [p11_child[2098]] [main] (0x2000): Running with effective IDs: [0][0]. 445s [p11_child[2098]] [main] (0x2000): Running with real IDs [0][0]. 445s [p11_child[2098]] [do_card] (0x4000): Module List: 445s [p11_child[2098]] [do_card] (0x4000): common name: [softhsm2]. 445s [p11_child[2098]] [do_card] (0x4000): dll name: [/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 445s [p11_child[2098]] [do_card] (0x4000): Description [SoftHSM slot ID 0x6f044bde] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 445s [p11_child[2098]] [do_card] (0x4000): Token label [Test Organization Root Tr Token]. 445s [p11_child[2098]] [do_card] (0x4000): Found [Test Organization Root Tr Token] in slot [SoftHSM slot ID 0x6f044bde][1862552542] of module [0][/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 445s [p11_child[2098]] [do_card] (0x4000): Login required. 445s [p11_child[2098]] [read_certs] (0x4000): found cert[Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] 445s [p11_child[2098]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 445s [p11_child[2098]] [do_card] (0x4000): /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so Test Organization Root Tr Token Test Organization Root Tr Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 445s [p11_child[2098]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x6f044bde;slot-manufacturer=SoftHSM%20project;slot-id=1862552542;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=4e95af716f044bde;token=Test%20Organization%20Root%20Tr%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Root%20Trusted%20Certificate%200001;type=cert. 445s [p11_child[2098]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 445s [p11_child[2098]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 445s [p11_child[2098]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 445s [p11_child[2098]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 445s [p11_child[2098]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 445s [p11_child[2098]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 445s [p11_child[2098]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 445s [p11_child[2098]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 445s [p11_child[2098]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 445s [p11_child[2098]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 445s [p11_child[2098]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 445s [p11_child[2098]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 445s [p11_child[2098]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 445s [p11_child[2098]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 445s [p11_child[2098]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 445s [p11_child[2098]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 445s [p11_child[2098]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 445s [p11_child[2098]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 445s [p11_child[2098]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 445s [p11_child[2098]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 445s [p11_child[2098]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 445s [p11_child[2098]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 445s [p11_child[2098]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 445s [p11_child[2098]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 445s [p11_child[2098]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 445s [p11_child[2098]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 445s [p11_child[2098]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 445s [p11_child[2098]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 445s [p11_child[2098]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 445s [p11_child[2098]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 445s [p11_child[2098]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 445s [p11_child[2098]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 445s [p11_child[2098]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 445s [p11_child[2098]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 445s [p11_child[2098]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 445s [p11_child[2098]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 445s [p11_child[2098]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 445s [p11_child[2098]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 445s [p11_child[2098]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 445s [p11_child[2098]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 445s [p11_child[2098]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 445s [p11_child[2098]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 445s [p11_child[2098]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 445s [p11_child[2098]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 445s [p11_child[2098]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 445s [p11_child[2098]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 445s [p11_child[2098]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 445s [p11_child[2098]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 445s [p11_child[2098]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 445s [p11_child[2098]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 445s [p11_child[2098]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 445s [p11_child[2098]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 445s [p11_child[2098]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 445s [p11_child[2098]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 445s [p11_child[2098]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 445s [p11_child[2098]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 445s [p11_child[2098]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 445s [p11_child[2098]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 445s [p11_child[2098]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 445s [p11_child[2098]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 445s [p11_child[2098]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 445s [p11_child[2098]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 445s [p11_child[2098]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 445s [p11_child[2098]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 445s [p11_child[2098]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 445s [p11_child[2098]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 445s [p11_child[2098]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 445s [p11_child[2098]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 445s [p11_child[2098]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 445s [p11_child[2098]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 445s [p11_child[2098]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 445s [p11_child[2098]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 445s [p11_child[2098]] [do_card] (0x4000): Certificate verified and validated. 445s [p11_child[2098]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 445s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-TfOciM/SSSD-child-19274-auth.output 445s + echo '-----BEGIN CERTIFICATE-----' 445s + tail -n1 /tmp/sssd-softhsm2-TfOciM/SSSD-child-19274-auth.output 445s + echo '-----END CERTIFICATE-----' 445s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-TfOciM/SSSD-child-19274-auth.pem 445s Certificate: 445s Data: 445s Version: 3 (0x2) 445s Serial Number: 3 (0x3) 445s Signature Algorithm: sha256WithRSAEncryption 445s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root CA 445s Validity 445s Not Before: Mar 23 21:40:10 2024 GMT 445s Not After : Mar 23 21:40:10 2025 GMT 445s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root Trusted Certificate 0001 445s Subject Public Key Info: 445s Public Key Algorithm: rsaEncryption 445s Public-Key: (1024 bit) 445s Modulus: 445s 00:b8:69:4a:91:be:db:5d:31:8c:54:3d:f0:07:ea: 445s c2:35:5f:d0:2d:0e:08:58:a0:f5:65:74:29:91:04: 445s 49:3f:58:07:29:eb:4b:62:c7:c8:e4:76:19:cf:41: 445s 19:b0:a0:0e:98:cf:1c:c8:c8:79:f6:f4:ee:d2:a4: 445s df:0c:4b:ce:84:57:1d:85:41:4d:6b:94:fa:07:16: 445s 1f:56:ef:66:74:8c:80:96:3c:02:55:c7:f4:6a:a2: 445s e9:37:c0:41:f2:86:c8:aa:89:8d:23:bf:a2:2d:ba: 445s 38:b3:64:12:de:52:48:73:f8:96:b4:a4:1a:1b:e4: 445s 3a:ef:e1:87:3f:2f:79:4c:b9 445s Exponent: 65537 (0x10001) 445s X509v3 extensions: 445s X509v3 Authority Key Identifier: 445s EF:46:F6:ED:E8:62:00:86:DC:6C:28:F1:15:19:41:B1:5A:FC:51:54 445s X509v3 Basic Constraints: 445s CA:FALSE 445s Netscape Cert Type: 445s SSL Client, S/MIME 445s Netscape Comment: 445s Test Organization Root CA trusted Certificate 445s X509v3 Subject Key Identifier: 445s 0C:14:F1:72:8B:E0:06:02:9D:97:F3:F4:0F:53:8B:CC:6D:A1:AC:51 445s X509v3 Key Usage: critical 445s Digital Signature, Non Repudiation, Key Encipherment 445s X509v3 Extended Key Usage: 445s TLS Web Client Authentication, E-mail Protection 445s X509v3 Subject Alternative Name: 445s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 445s Signature Algorithm: sha256WithRSAEncryption 445s Signature Value: 445s 81:13:55:bb:cc:0e:96:ef:af:fc:67:05:db:73:07:b2:3c:be: 445s e8:3f:0b:26:4d:90:f6:ba:4c:ad:2c:4c:ab:ca:ca:0e:8b:c8: 445s d9:cd:2e:b6:31:27:6e:1e:a1:5d:f1:01:f8:0b:85:00:0f:c4: 445s 9c:66:ec:96:3d:49:02:2c:76:65:cc:23:1a:74:a1:c6:56:18: 445s f6:8c:c7:da:22:15:e5:ba:47:92:f3:f1:c4:d7:c9:eb:67:97: 445s 03:cb:48:4e:2f:76:3a:ed:00:87:85:54:bd:ab:59:0b:89:40: 445s f5:a6:7e:e5:fc:f0:1c:34:07:e1:94:72:e7:47:23:c4:ec:f5: 445s 1f:34 445s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-TfOciM/SSSD-child-19274-auth.pem 445s + found_md5=Modulus=B8694A91BEDB5D318C543DF007EAC2355FD02D0E0858A0F56574299104493F580729EB4B62C7C8E47619CF4119B0A00E98CF1CC8C879F6F4EED2A4DF0C4BCE84571D85414D6B94FA07161F56EF66748C80963C0255C7F46AA2E937C041F286C8AA898D23BFA22DBA38B36412DE524873F896B4A41A1BE43AEFE1873F2F794CB9 445s + '[' Modulus=B8694A91BEDB5D318C543DF007EAC2355FD02D0E0858A0F56574299104493F580729EB4B62C7C8E47619CF4119B0A00E98CF1CC8C879F6F4EED2A4DF0C4BCE84571D85414D6B94FA07161F56EF66748C80963C0255C7F46AA2E937C041F286C8AA898D23BFA22DBA38B36412DE524873F896B4A41A1BE43AEFE1873F2F794CB9 '!=' Modulus=B8694A91BEDB5D318C543DF007EAC2355FD02D0E0858A0F56574299104493F580729EB4B62C7C8E47619CF4119B0A00E98CF1CC8C879F6F4EED2A4DF0C4BCE84571D85414D6B94FA07161F56EF66748C80963C0255C7F46AA2E937C041F286C8AA898D23BFA22DBA38B36412DE524873F896B4A41A1BE43AEFE1873F2F794CB9 ']' 445s + valid_certificate /tmp/sssd-softhsm2-TfOciM/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-277 /tmp/sssd-softhsm2-TfOciM/test-full-chain-CA.pem partial_chain 445s + check_certificate /tmp/sssd-softhsm2-TfOciM/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-277 /tmp/sssd-softhsm2-TfOciM/test-full-chain-CA.pem partial_chain 445s + local certificate=/tmp/sssd-softhsm2-TfOciM/test-root-CA-trusted-certificate-0001.pem 445s + local key_pass=pass:random-root-ca-trusted-cert-0001-277 445s + local key_ring=/tmp/sssd-softhsm2-TfOciM/test-full-chain-CA.pem 445s + local verify_option=partial_chain 445s + prepare_softhsm2_card /tmp/sssd-softhsm2-TfOciM/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-277 445s + local certificate=/tmp/sssd-softhsm2-TfOciM/test-root-CA-trusted-certificate-0001.pem 445s + local key_pass=pass:random-root-ca-trusted-cert-0001-277 445s + local key_cn 445s + local key_name 445s + local tokens_dir 445s + local output_cert_file 445s + token_name= 445s ++ basename /tmp/sssd-softhsm2-TfOciM/test-root-CA-trusted-certificate-0001.pem .pem 445s + key_name=test-root-CA-trusted-certificate-0001 445s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-TfOciM/test-root-CA-trusted-certificate-0001.pem 445s ++ sed -n 's/ *commonName *= //p' 445s + key_cn='Test Organization Root Trusted Certificate 0001' 445s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 445s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-TfOciM/softhsm2-test-root-CA-trusted-certificate-0001.conf 445s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-TfOciM/softhsm2-test-root-CA-trusted-certificate-0001.conf 445s ++ basename /tmp/sssd-softhsm2-TfOciM/softhsm2-test-root-CA-trusted-certificate-0001.conf .conf 445s + tokens_dir=/tmp/sssd-softhsm2-TfOciM/softhsm2-test-root-CA-trusted-certificate-0001 445s + token_name='Test Organization Root Tr Token' 445s + '[' '!' -e /tmp/sssd-softhsm2-TfOciM/softhsm2-test-root-CA-trusted-certificate-0001.conf ']' 445s + '[' '!' -d /tmp/sssd-softhsm2-TfOciM/softhsm2-test-root-CA-trusted-certificate-0001 ']' 445s + echo 'Test Organization Root Tr Token' 445s + '[' -n partial_chain ']' 445s + local verify_arg=--verify=partial_chain 445s + local output_base_name=SSSD-child-22786 445s + local output_file=/tmp/sssd-softhsm2-TfOciM/SSSD-child-22786.output 445s + output_cert_file=/tmp/sssd-softhsm2-TfOciM/SSSD-child-22786.pem 445s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so --verify=partial_chain --ca_db=/tmp/sssd-softhsm2-TfOciM/test-full-chain-CA.pem 445s Test Organization Root Tr Token 445s [p11_child[2108]] [main] (0x0400): p11_child started. 445s [p11_child[2108]] [main] (0x2000): Running in [pre-auth] mode. 445s [p11_child[2108]] [main] (0x2000): Running with effective IDs: [0][0]. 445s [p11_child[2108]] [main] (0x2000): Running with real IDs [0][0]. 445s [p11_child[2108]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 445s [p11_child[2108]] [do_card] (0x4000): Module List: 445s [p11_child[2108]] [do_card] (0x4000): common name: [softhsm2]. 445s [p11_child[2108]] [do_card] (0x4000): dll name: [/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 445s [p11_child[2108]] [do_card] (0x4000): Description [SoftHSM slot ID 0x6f044bde] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 445s [p11_child[2108]] [do_card] (0x4000): Token label [Test Organization Root Tr Token]. 445s [p11_child[2108]] [do_card] (0x4000): Found [Test Organization Root Tr Token] in slot [SoftHSM slot ID 0x6f044bde][1862552542] of module [0][/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 445s [p11_child[2108]] [do_card] (0x4000): Login NOT required. 445s [p11_child[2108]] [read_certs] (0x4000): found cert[Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] 445s [p11_child[2108]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 445s [p11_child[2108]] [do_card] (0x4000): /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so (null) Test Organization Root Tr Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 445s [p11_child[2108]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x6f044bde;slot-manufacturer=SoftHSM%20project;slot-id=1862552542;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=4e95af716f044bde;token=Test%20Organization%20Root%20Tr%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Root%20Trusted%20Certificate%200001;type=cert. 445s [p11_child[2108]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 445s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-TfOciM/SSSD-child-22786.output 445s + echo '-----BEGIN CERTIFICATE-----' 445s + tail -n1 /tmp/sssd-softhsm2-TfOciM/SSSD-child-22786.output 445s + echo '-----END CERTIFICATE-----' 445s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-TfOciM/SSSD-child-22786.pem 445s Certificate: 445s Data: 445s Version: 3 (0x2) 445s Serial Number: 3 (0x3) 445s Signature Algorithm: sha256WithRSAEncryption 445s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root CA 445s Validity 445s Not Before: Mar 23 21:40:10 2024 GMT 445s Not After : Mar 23 21:40:10 2025 GMT 445s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root Trusted Certificate 0001 445s Subject Public Key Info: 445s Public Key Algorithm: rsaEncryption 445s Public-Key: (1024 bit) 445s Modulus: 445s 00:b8:69:4a:91:be:db:5d:31:8c:54:3d:f0:07:ea: 445s c2:35:5f:d0:2d:0e:08:58:a0:f5:65:74:29:91:04: 445s 49:3f:58:07:29:eb:4b:62:c7:c8:e4:76:19:cf:41: 445s 19:b0:a0:0e:98:cf:1c:c8:c8:79:f6:f4:ee:d2:a4: 445s df:0c:4b:ce:84:57:1d:85:41:4d:6b:94:fa:07:16: 445s 1f:56:ef:66:74:8c:80:96:3c:02:55:c7:f4:6a:a2: 445s e9:37:c0:41:f2:86:c8:aa:89:8d:23:bf:a2:2d:ba: 445s 38:b3:64:12:de:52:48:73:f8:96:b4:a4:1a:1b:e4: 445s 3a:ef:e1:87:3f:2f:79:4c:b9 445s Exponent: 65537 (0x10001) 445s X509v3 extensions: 445s X509v3 Authority Key Identifier: 445s EF:46:F6:ED:E8:62:00:86:DC:6C:28:F1:15:19:41:B1:5A:FC:51:54 445s X509v3 Basic Constraints: 445s CA:FALSE 445s Netscape Cert Type: 445s SSL Client, S/MIME 445s Netscape Comment: 445s Test Organization Root CA trusted Certificate 445s X509v3 Subject Key Identifier: 445s 0C:14:F1:72:8B:E0:06:02:9D:97:F3:F4:0F:53:8B:CC:6D:A1:AC:51 445s X509v3 Key Usage: critical 445s Digital Signature, Non Repudiation, Key Encipherment 445s X509v3 Extended Key Usage: 445s TLS Web Client Authentication, E-mail Protection 445s X509v3 Subject Alternative Name: 445s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 445s Signature Algorithm: sha256WithRSAEncryption 445s Signature Value: 445s 81:13:55:bb:cc:0e:96:ef:af:fc:67:05:db:73:07:b2:3c:be: 445s e8:3f:0b:26:4d:90:f6:ba:4c:ad:2c:4c:ab:ca:ca:0e:8b:c8: 445s d9:cd:2e:b6:31:27:6e:1e:a1:5d:f1:01:f8:0b:85:00:0f:c4: 445s 9c:66:ec:96:3d:49:02:2c:76:65:cc:23:1a:74:a1:c6:56:18: 445s f6:8c:c7:da:22:15:e5:ba:47:92:f3:f1:c4:d7:c9:eb:67:97: 445s 03:cb:48:4e:2f:76:3a:ed:00:87:85:54:bd:ab:59:0b:89:40: 445s f5:a6:7e:e5:fc:f0:1c:34:07:e1:94:72:e7:47:23:c4:ec:f5: 445s 1f:34 445s + local found_md5 expected_md5 445s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-TfOciM/test-root-CA-trusted-certificate-0001.pem 445s + expected_md5=Modulus=B8694A91BEDB5D318C543DF007EAC2355FD02D0E0858A0F56574299104493F580729EB4B62C7C8E47619CF4119B0A00E98CF1CC8C879F6F4EED2A4DF0C4BCE84571D85414D6B94FA07161F56EF66748C80963C0255C7F46AA2E937C041F286C8AA898D23BFA22DBA38B36412DE524873F896B4A41A1BE43AEFE1873F2F794CB9 445s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-TfOciM/SSSD-child-22786.pem 445s + found_md5=Modulus=B8694A91BEDB5D318C543DF007EAC2355FD02D0E0858A0F56574299104493F580729EB4B62C7C8E47619CF4119B0A00E98CF1CC8C879F6F4EED2A4DF0C4BCE84571D85414D6B94FA07161F56EF66748C80963C0255C7F46AA2E937C041F286C8AA898D23BFA22DBA38B36412DE524873F896B4A41A1BE43AEFE1873F2F794CB9 445s + '[' Modulus=B8694A91BEDB5D318C543DF007EAC2355FD02D0E0858A0F56574299104493F580729EB4B62C7C8E47619CF4119B0A00E98CF1CC8C879F6F4EED2A4DF0C4BCE84571D85414D6B94FA07161F56EF66748C80963C0255C7F46AA2E937C041F286C8AA898D23BFA22DBA38B36412DE524873F896B4A41A1BE43AEFE1873F2F794CB9 '!=' Modulus=B8694A91BEDB5D318C543DF007EAC2355FD02D0E0858A0F56574299104493F580729EB4B62C7C8E47619CF4119B0A00E98CF1CC8C879F6F4EED2A4DF0C4BCE84571D85414D6B94FA07161F56EF66748C80963C0255C7F46AA2E937C041F286C8AA898D23BFA22DBA38B36412DE524873F896B4A41A1BE43AEFE1873F2F794CB9 ']' 445s + output_file=/tmp/sssd-softhsm2-TfOciM/SSSD-child-22786-auth.output 445s ++ basename /tmp/sssd-softhsm2-TfOciM/SSSD-child-22786-auth.output .output 445s + output_cert_file=/tmp/sssd-softhsm2-TfOciM/SSSD-child-22786-auth.pem 445s + echo -n 053350 445s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/tmp/sssd-softhsm2-TfOciM/test-full-chain-CA.pem --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 --verify=partial_chain --token_name 'Test Organization Root Tr Token' --module_name /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so 445s [p11_child[2116]] [main] (0x0400): p11_child started. 445s [p11_child[2116]] [main] (0x2000): Running in [auth] mode. 445s [p11_child[2116]] [main] (0x2000): Running with effective IDs: [0][0]. 445s [p11_child[2116]] [main] (0x2000): Running with real IDs [0][0]. 445s [p11_child[2116]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 445s [p11_child[2116]] [do_card] (0x4000): Module List: 445s [p11_child[2116]] [do_card] (0x4000): common name: [softhsm2]. 445s [p11_child[2116]] [do_card] (0x4000): dll name: [/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 445s [p11_child[2116]] [do_card] (0x4000): Description [SoftHSM slot ID 0x6f044bde] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 445s [p11_child[2116]] [do_card] (0x4000): Token label [Test Organization Root Tr Token]. 445s [p11_child[2116]] [do_card] (0x4000): Found [Test Organization Root Tr Token] in slot [SoftHSM slot ID 0x6f044bde][1862552542] of module [0][/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 445s [p11_child[2116]] [do_card] (0x4000): Login required. 445s [p11_child[2116]] [read_certs] (0x4000): found cert[Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] 445s [p11_child[2116]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 445s [p11_child[2116]] [do_card] (0x4000): /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so Test Organization Root Tr Token Test Organization Root Tr Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 445s [p11_child[2116]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x6f044bde;slot-manufacturer=SoftHSM%20project;slot-id=1862552542;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=4e95af716f044bde;token=Test%20Organization%20Root%20Tr%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Root%20Trusted%20Certificate%200001;type=cert. 445s [p11_child[2116]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 445s [p11_child[2116]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 445s [p11_child[2116]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 445s [p11_child[2116]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 445s [p11_child[2116]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 445s [p11_child[2116]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 445s [p11_child[2116]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 445s [p11_child[2116]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 445s [p11_child[2116]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 445s [p11_child[2116]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 445s [p11_child[2116]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 445s [p11_child[2116]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 445s [p11_child[2116]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 445s [p11_child[2116]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 445s [p11_child[2116]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 445s [p11_child[2116]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 445s [p11_child[2116]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 445s [p11_child[2116]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 445s [p11_child[2116]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 445s [p11_child[2116]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 445s [p11_child[2116]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 445s [p11_child[2116]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 445s [p11_child[2116]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 445s [p11_child[2116]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 445s [p11_child[2116]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 445s [p11_child[2116]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 445s [p11_child[2116]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 445s [p11_child[2116]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 445s [p11_child[2116]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 445s [p11_child[2116]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 445s [p11_child[2116]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 445s [p11_child[2116]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 445s [p11_child[2116]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 445s [p11_child[2116]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 445s [p11_child[2116]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 445s [p11_child[2116]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 445s [p11_child[2116]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 445s [p11_child[2116]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 445s [p11_child[2116]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 445s [p11_child[2116]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 445s [p11_child[2116]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 445s [p11_child[2116]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 445s [p11_child[2116]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 445s [p11_child[2116]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 445s [p11_child[2116]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 445s [p11_child[2116]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 445s [p11_child[2116]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 445s [p11_child[2116]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 445s [p11_child[2116]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 445s [p11_child[2116]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 445s [p11_child[2116]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 445s [p11_child[2116]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 445s [p11_child[2116]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 445s [p11_child[2116]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 445s [p11_child[2116]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 445s [p11_child[2116]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 445s [p11_child[2116]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 445s [p11_child[2116]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 445s [p11_child[2116]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 445s [p11_child[2116]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 445s [p11_child[2116]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 445s [p11_child[2116]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 445s [p11_child[2116]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 445s [p11_child[2116]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 445s [p11_child[2116]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 445s [p11_child[2116]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 445s [p11_child[2116]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 445s [p11_child[2116]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 445s [p11_child[2116]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 445s [p11_child[2116]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 445s [p11_child[2116]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 445s [p11_child[2116]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 445s [p11_child[2116]] [do_card] (0x4000): Certificate verified and validated. 445s [p11_child[2116]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 445s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-TfOciM/SSSD-child-22786-auth.output 445s + echo '-----BEGIN CERTIFICATE-----' 445s + tail -n1 /tmp/sssd-softhsm2-TfOciM/SSSD-child-22786-auth.output 445s + echo '-----END CERTIFICATE-----' 445s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-TfOciM/SSSD-child-22786-auth.pem 445s Certificate: 445s Data: 445s Version: 3 (0x2) 445s Serial Number: 3 (0x3) 445s Signature Algorithm: sha256WithRSAEncryption 445s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root CA 445s Validity 445s Not Before: Mar 23 21:40:10 2024 GMT 445s Not After : Mar 23 21:40:10 2025 GMT 445s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root Trusted Certificate 0001 445s Subject Public Key Info: 445s Public Key Algorithm: rsaEncryption 445s Public-Key: (1024 bit) 445s Modulus: 445s 00:b8:69:4a:91:be:db:5d:31:8c:54:3d:f0:07:ea: 445s c2:35:5f:d0:2d:0e:08:58:a0:f5:65:74:29:91:04: 445s 49:3f:58:07:29:eb:4b:62:c7:c8:e4:76:19:cf:41: 445s 19:b0:a0:0e:98:cf:1c:c8:c8:79:f6:f4:ee:d2:a4: 445s df:0c:4b:ce:84:57:1d:85:41:4d:6b:94:fa:07:16: 445s 1f:56:ef:66:74:8c:80:96:3c:02:55:c7:f4:6a:a2: 445s e9:37:c0:41:f2:86:c8:aa:89:8d:23:bf:a2:2d:ba: 445s 38:b3:64:12:de:52:48:73:f8:96:b4:a4:1a:1b:e4: 445s 3a:ef:e1:87:3f:2f:79:4c:b9 445s Exponent: 65537 (0x10001) 445s X509v3 extensions: 445s X509v3 Authority Key Identifier: 445s EF:46:F6:ED:E8:62:00:86:DC:6C:28:F1:15:19:41:B1:5A:FC:51:54 445s X509v3 Basic Constraints: 445s CA:FALSE 445s Netscape Cert Type: 445s SSL Client, S/MIME 445s Netscape Comment: 445s Test Organization Root CA trusted Certificate 445s X509v3 Subject Key Identifier: 445s 0C:14:F1:72:8B:E0:06:02:9D:97:F3:F4:0F:53:8B:CC:6D:A1:AC:51 445s X509v3 Key Usage: critical 445s Digital Signature, Non Repudiation, Key Encipherment 445s X509v3 Extended Key Usage: 445s TLS Web Client Authentication, E-mail Protection 445s X509v3 Subject Alternative Name: 445s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 445s Signature Algorithm: sha256WithRSAEncryption 445s Signature Value: 445s 81:13:55:bb:cc:0e:96:ef:af:fc:67:05:db:73:07:b2:3c:be: 445s e8:3f:0b:26:4d:90:f6:ba:4c:ad:2c:4c:ab:ca:ca:0e:8b:c8: 445s d9:cd:2e:b6:31:27:6e:1e:a1:5d:f1:01:f8:0b:85:00:0f:c4: 445s 9c:66:ec:96:3d:49:02:2c:76:65:cc:23:1a:74:a1:c6:56:18: 445s f6:8c:c7:da:22:15:e5:ba:47:92:f3:f1:c4:d7:c9:eb:67:97: 445s 03:cb:48:4e:2f:76:3a:ed:00:87:85:54:bd:ab:59:0b:89:40: 445s f5:a6:7e:e5:fc:f0:1c:34:07:e1:94:72:e7:47:23:c4:ec:f5: 445s 1f:34 445s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-TfOciM/SSSD-child-22786-auth.pem 445s + found_md5=Modulus=B8694A91BEDB5D318C543DF007EAC2355FD02D0E0858A0F56574299104493F580729EB4B62C7C8E47619CF4119B0A00E98CF1CC8C879F6F4EED2A4DF0C4BCE84571D85414D6B94FA07161F56EF66748C80963C0255C7F46AA2E937C041F286C8AA898D23BFA22DBA38B36412DE524873F896B4A41A1BE43AEFE1873F2F794CB9 445s + '[' Modulus=B8694A91BEDB5D318C543DF007EAC2355FD02D0E0858A0F56574299104493F580729EB4B62C7C8E47619CF4119B0A00E98CF1CC8C879F6F4EED2A4DF0C4BCE84571D85414D6B94FA07161F56EF66748C80963C0255C7F46AA2E937C041F286C8AA898D23BFA22DBA38B36412DE524873F896B4A41A1BE43AEFE1873F2F794CB9 '!=' Modulus=B8694A91BEDB5D318C543DF007EAC2355FD02D0E0858A0F56574299104493F580729EB4B62C7C8E47619CF4119B0A00E98CF1CC8C879F6F4EED2A4DF0C4BCE84571D85414D6B94FA07161F56EF66748C80963C0255C7F46AA2E937C041F286C8AA898D23BFA22DBA38B36412DE524873F896B4A41A1BE43AEFE1873F2F794CB9 ']' 445s + invalid_certificate /tmp/sssd-softhsm2-TfOciM/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-277 /tmp/sssd-softhsm2-TfOciM/test-intermediate-CA.pem 445s + check_certificate /tmp/sssd-softhsm2-TfOciM/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-277 /tmp/sssd-softhsm2-TfOciM/test-intermediate-CA.pem 445s + local certificate=/tmp/sssd-softhsm2-TfOciM/test-root-CA-trusted-certificate-0001.pem 445s + local key_pass=pass:random-root-ca-trusted-cert-0001-277 445s + local key_ring=/tmp/sssd-softhsm2-TfOciM/test-intermediate-CA.pem 445s + local verify_option= 445s + prepare_softhsm2_card /tmp/sssd-softhsm2-TfOciM/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-277 445s + local certificate=/tmp/sssd-softhsm2-TfOciM/test-root-CA-trusted-certificate-0001.pem 445s + local key_pass=pass:random-root-ca-trusted-cert-0001-277 445s + local key_cn 445s + local key_name 445s + local tokens_dir 445s + local output_cert_file 445s + token_name= 445s ++ basename /tmp/sssd-softhsm2-TfOciM/test-root-CA-trusted-certificate-0001.pem .pem 445s + key_name=test-root-CA-trusted-certificate-0001 445s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-TfOciM/test-root-CA-trusted-certificate-0001.pem 445s ++ sed -n 's/ *commonName *= //p' 445s + key_cn='Test Organization Root Trusted Certificate 0001' 445s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 445s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-TfOciM/softhsm2-test-root-CA-trusted-certificate-0001.conf 445s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-TfOciM/softhsm2-test-root-CA-trusted-certificate-0001.conf 445s ++ basename /tmp/sssd-softhsm2-TfOciM/softhsm2-test-root-CA-trusted-certificate-0001.conf .conf 445s + tokens_dir=/tmp/sssd-softhsm2-TfOciM/softhsm2-test-root-CA-trusted-certificate-0001 445s + token_name='Test Organization Root Tr Token' 445s + '[' '!' -e /tmp/sssd-softhsm2-TfOciM/softhsm2-test-root-CA-trusted-certificate-0001.conf ']' 445s + '[' '!' -d /tmp/sssd-softhsm2-TfOciM/softhsm2-test-root-CA-trusted-certificate-0001 ']' 445s + echo 'Test Organization Root Tr Token' 445s + '[' -n '' ']' 445s + local output_base_name=SSSD-child-21120 445s + local output_file=/tmp/sssd-softhsm2-TfOciM/SSSD-child-21120.output 445s + output_cert_file=/tmp/sssd-softhsm2-TfOciM/SSSD-child-21120.pem 445s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so '' --ca_db=/tmp/sssd-softhsm2-TfOciM/test-intermediate-CA.pem 445s [p11_child[2126]] [main] (0x0400): p11_child started. 445s [p11_child[2126]] [main] (0x2000): Running in [pre-auth] mode. 445s [p11_child[2126]] [main] (0x2000): Running with effective IDs: [0][0]. 445s [p11_child[2126]] [main] (0x2000): Running with real IDs [0][0]. 445s Test Organization Root Tr Token 445s [p11_child[2126]] [do_card] (0x4000): Module List: 445s [p11_child[2126]] [do_card] (0x4000): common name: [softhsm2]. 445s [p11_child[2126]] [do_card] (0x4000): dll name: [/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 445s [p11_child[2126]] [do_card] (0x4000): Description [SoftHSM slot ID 0x6f044bde] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 445s [p11_child[2126]] [do_card] (0x4000): Token label [Test Organization Root Tr Token]. 445s [p11_child[2126]] [do_card] (0x4000): Found [Test Organization Root Tr Token] in slot [SoftHSM slot ID 0x6f044bde][1862552542] of module [0][/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 445s [p11_child[2126]] [do_card] (0x4000): Login NOT required. 445s [p11_child[2126]] [read_certs] (0x4000): found cert[Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] 445s [p11_child[2126]] [do_verification] (0x0040): X509_verify_cert failed [0]. 445s [p11_child[2126]] [do_verification] (0x0040): X509_verify_cert failed [20][unable to get local issuer certificate]. 445s [p11_child[2126]] [read_certs] (0x0040): Certificate [Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] not valid, skipping. 445s [p11_child[2126]] [do_card] (0x4000): No certificate found. 445s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-TfOciM/SSSD-child-21120.output 445s + return 2 445s + invalid_certificate /tmp/sssd-softhsm2-TfOciM/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-277 /tmp/sssd-softhsm2-TfOciM/test-intermediate-CA.pem partial_chain 445s + check_certificate /tmp/sssd-softhsm2-TfOciM/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-277 /tmp/sssd-softhsm2-TfOciM/test-intermediate-CA.pem partial_chain 445s + local certificate=/tmp/sssd-softhsm2-TfOciM/test-root-CA-trusted-certificate-0001.pem 445s + local key_pass=pass:random-root-ca-trusted-cert-0001-277 445s + local key_ring=/tmp/sssd-softhsm2-TfOciM/test-intermediate-CA.pem 445s + local verify_option=partial_chain 445s + prepare_softhsm2_card /tmp/sssd-softhsm2-TfOciM/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-277 445s + local certificate=/tmp/sssd-softhsm2-TfOciM/test-root-CA-trusted-certificate-0001.pem 445s + local key_pass=pass:random-root-ca-trusted-cert-0001-277 445s + local key_cn 445s + local key_name 445s + local tokens_dir 445s + local output_cert_file 445s + token_name= 445s ++ basename /tmp/sssd-softhsm2-TfOciM/test-root-CA-trusted-certificate-0001.pem .pem 445s + key_name=test-root-CA-trusted-certificate-0001 445s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-TfOciM/test-root-CA-trusted-certificate-0001.pem 445s ++ sed -n 's/ *commonName *= //p' 445s + key_cn='Test Organization Root Trusted Certificate 0001' 445s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 445s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-TfOciM/softhsm2-test-root-CA-trusted-certificate-0001.conf 445s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-TfOciM/softhsm2-test-root-CA-trusted-certificate-0001.conf 445s ++ basename /tmp/sssd-softhsm2-TfOciM/softhsm2-test-root-CA-trusted-certificate-0001.conf .conf 445s + tokens_dir=/tmp/sssd-softhsm2-TfOciM/softhsm2-test-root-CA-trusted-certificate-0001 445s + token_name='Test Organization Root Tr Token' 445s + '[' '!' -e /tmp/sssd-softhsm2-TfOciM/softhsm2-test-root-CA-trusted-certificate-0001.conf ']' 445s + '[' '!' -d /tmp/sssd-softhsm2-TfOciM/softhsm2-test-root-CA-trusted-certificate-0001 ']' 445s + echo 'Test Organization Root Tr Token' 445s + '[' -n partial_chain ']' 445s + local verify_arg=--verify=partial_chain 445s + local output_base_name=SSSD-child-32348 445s + local output_file=/tmp/sssd-softhsm2-TfOciM/SSSD-child-32348.output 445s + output_cert_file=/tmp/sssd-softhsm2-TfOciM/SSSD-child-32348.pem 445s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so --verify=partial_chain --ca_db=/tmp/sssd-softhsm2-TfOciM/test-intermediate-CA.pem 445s Test Organization Root Tr Token 445s [p11_child[2133]] [main] (0x0400): p11_child started. 445s [p11_child[2133]] [main] (0x2000): Running in [pre-auth] mode. 445s [p11_child[2133]] [main] (0x2000): Running with effective IDs: [0][0]. 445s [p11_child[2133]] [main] (0x2000): Running with real IDs [0][0]. 445s [p11_child[2133]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 445s [p11_child[2133]] [do_card] (0x4000): Module List: 445s [p11_child[2133]] [do_card] (0x4000): common name: [softhsm2]. 445s [p11_child[2133]] [do_card] (0x4000): dll name: [/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 445s [p11_child[2133]] [do_card] (0x4000): Description [SoftHSM slot ID 0x6f044bde] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 445s [p11_child[2133]] [do_card] (0x4000): Token label [Test Organization Root Tr Token]. 445s [p11_child[2133]] [do_card] (0x4000): Found [Test Organization Root Tr Token] in slot [SoftHSM slot ID 0x6f044bde][1862552542] of module [0][/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 445s [p11_child[2133]] [do_card] (0x4000): Login NOT required. 445s [p11_child[2133]] [read_certs] (0x4000): found cert[Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] 445s [p11_child[2133]] [do_verification] (0x0040): X509_verify_cert failed [0]. 445s [p11_child[2133]] [do_verification] (0x0040): X509_verify_cert failed [20][unable to get local issuer certificate]. 445s [p11_child[2133]] [read_certs] (0x0040): Certificate [Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] not valid, skipping. 445s [p11_child[2133]] [do_card] (0x4000): No certificate found. 445s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-TfOciM/SSSD-child-32348.output 445s + return 2 445s + invalid_certificate /tmp/sssd-softhsm2-TfOciM/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-32650 /dev/null 445s + check_certificate /tmp/sssd-softhsm2-TfOciM/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-32650 /dev/null 445s + local certificate=/tmp/sssd-softhsm2-TfOciM/test-intermediate-CA-trusted-certificate-0001.pem 445s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-32650 445s + local key_ring=/dev/null 445s + local verify_option= 445s + prepare_softhsm2_card /tmp/sssd-softhsm2-TfOciM/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-32650 445s + local certificate=/tmp/sssd-softhsm2-TfOciM/test-intermediate-CA-trusted-certificate-0001.pem 445s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-32650 445s + local key_cn 445s + local key_name 445s + local tokens_dir 445s + local output_cert_file 445s + token_name= 445s ++ basename /tmp/sssd-softhsm2-TfOciM/test-intermediate-CA-trusted-certificate-0001.pem .pem 445s + key_name=test-intermediate-CA-trusted-certificate-0001 445s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-TfOciM/test-intermediate-CA-trusted-certificate-0001.pem 445s ++ sed -n 's/ *commonName *= //p' 445s + key_cn='Test Organization Intermediate Trusted Certificate 0001' 445s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 445s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-TfOciM/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 445s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-TfOciM/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 445s ++ basename /tmp/sssd-softhsm2-TfOciM/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf .conf 445s + tokens_dir=/tmp/sssd-softhsm2-TfOciM/softhsm2-test-intermediate-CA-trusted-certificate-0001 445s + token_name='Test Organization Interme Token' 445s + '[' '!' -e /tmp/sssd-softhsm2-TfOciM/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf ']' 445s + local key_file 445s + local decrypted_key 445s + mkdir -p /tmp/sssd-softhsm2-TfOciM/softhsm2-test-intermediate-CA-trusted-certificate-0001 445s + key_file=/tmp/sssd-softhsm2-TfOciM/test-intermediate-CA-trusted-certificate-0001-key.pem 445s + decrypted_key=/tmp/sssd-softhsm2-TfOciM/test-intermediate-CA-trusted-certificate-0001-key-decrypted.pem 445s + cat 445s + softhsm2-util --init-token --label 'Test Organization Interme Token' --pin 053350 --so-pin 053350 --free 445s + softhsm2-util --show-slots 445s Slot 0 has a free/uninitialized token. 445s The token has been initialized and is reassigned to slot 71472765 445s Available slots: 445s Slot 71472765 445s Slot info: 445s Description: SoftHSM slot ID 0x442967d 445s Manufacturer ID: SoftHSM project 445s Hardware version: 2.6 445s Firmware version: 2.6 445s Token present: yes 445s Token info: 445s Manufacturer ID: SoftHSM project 445s Model: SoftHSM v2 445s Hardware version: 2.6 445s Firmware version: 2.6 445s Serial number: 04efb2d68442967d 445s Initialized: yes 445s User PIN init.: yes 445s Label: Test Organization Interme Token 445s Slot 1 445s Slot info: 445s Description: SoftHSM slot ID 0x1 445s Manufacturer ID: SoftHSM project 445s Hardware version: 2.6 445s Firmware version: 2.6 445s Token present: yes 445s Token info: 445s Manufacturer ID: SoftHSM project 445s Model: SoftHSM v2 445s Hardware version: 2.6 445s Firmware version: 2.6 445s Serial number: 445s Initialized: no 445s User PIN init.: no 445s Label: 445s + p11tool --provider=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so --write --no-mark-private --load-certificate=/tmp/sssd-softhsm2-TfOciM/test-intermediate-CA-trusted-certificate-0001.pem --login --set-pin=053350 --label 'Test Organization Intermediate Trusted Certificate 0001' --id 00112233445566778899FFAABBCCDDEEFF012345 445s + openssl rsa -passin pass:random-intermediate-ca-trusted-cert-0001-32650 -in /tmp/sssd-softhsm2-TfOciM/test-intermediate-CA-trusted-certificate-0001-key.pem -out /tmp/sssd-softhsm2-TfOciM/test-intermediate-CA-trusted-certificate-0001-key-decrypted.pem 445s writing RSA key 445s + p11tool --provider=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so --write --load-privkey=/tmp/sssd-softhsm2-TfOciM/test-intermediate-CA-trusted-certificate-0001-key-decrypted.pem --login --set-pin=053350 --label 'Test Organization Intermediate Trusted Certificate 0001 Key' --id 00112233445566778899FFAABBCCDDEEFF012345 445s + rm /tmp/sssd-softhsm2-TfOciM/test-intermediate-CA-trusted-certificate-0001-key-decrypted.pem 445s + p11tool --provider=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so --list-all 445s Object 0: 445s URL: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=04efb2d68442967d;token=Test%20Organization%20Interme%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Intermediate%20Trusted%20Certificate%200001;type=cert 445s Type: X.509 Certificate (RSA-1024) 445s Expires: Sun Mar 23 21:40:10 2025 445s Label: Test Organization Intermediate Trusted Certificate 0001 445s ID: 00:11:22:33:44:55:66:77:88:99:ff:aa:bb:cc:dd:ee:ff:01:23:45 445s 445s Test Organization Interme Token 445s + echo 'Test Organization Interme Token' 445s + '[' -n '' ']' 445s + local output_base_name=SSSD-child-10822 445s + local output_file=/tmp/sssd-softhsm2-TfOciM/SSSD-child-10822.output 445s + output_cert_file=/tmp/sssd-softhsm2-TfOciM/SSSD-child-10822.pem 445s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so '' --ca_db=/dev/null 445s [p11_child[2149]] [main] (0x0400): p11_child started. 445s [p11_child[2149]] [main] (0x2000): Running in [pre-auth] mode. 445s [p11_child[2149]] [main] (0x2000): Running with effective IDs: [0][0]. 445s [p11_child[2149]] [main] (0x2000): Running with real IDs [0][0]. 445s [p11_child[2149]] [init_verification] (0x0040): X509_LOOKUP_load_file [/dev/null] failed [92274824][error:05800088:x509 certificate routines::no certificate or crl found]. 445s [p11_child[2149]] [do_work] (0x0040): init_verification failed. 445s [p11_child[2149]] [main] (0x0020): p11_child failed (5) 445s + return 2 445s + valid_certificate /tmp/sssd-softhsm2-TfOciM/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-32650 /dev/null no_verification 445s + check_certificate /tmp/sssd-softhsm2-TfOciM/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-32650 /dev/null no_verification 445s + local certificate=/tmp/sssd-softhsm2-TfOciM/test-intermediate-CA-trusted-certificate-0001.pem 445s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-32650 445s + local key_ring=/dev/null 445s + local verify_option=no_verification 445s + prepare_softhsm2_card /tmp/sssd-softhsm2-TfOciM/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-32650 445s + local certificate=/tmp/sssd-softhsm2-TfOciM/test-intermediate-CA-trusted-certificate-0001.pem 445s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-32650 445s + local key_cn 445s + local key_name 445s + local tokens_dir 445s + local output_cert_file 445s + token_name= 445s ++ basename /tmp/sssd-softhsm2-TfOciM/test-intermediate-CA-trusted-certificate-0001.pem .pem 445s + key_name=test-intermediate-CA-trusted-certificate-0001 445s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-TfOciM/test-intermediate-CA-trusted-certificate-0001.pem 445s ++ sed -n 's/ *commonName *= //p' 445s + key_cn='Test Organization Intermediate Trusted Certificate 0001' 445s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 445s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-TfOciM/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 445s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-TfOciM/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 445s ++ basename /tmp/sssd-softhsm2-TfOciM/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf .conf 445s + tokens_dir=/tmp/sssd-softhsm2-TfOciM/softhsm2-test-intermediate-CA-trusted-certificate-0001 445s + token_name='Test Organization Interme Token' 445s + '[' '!' -e /tmp/sssd-softhsm2-TfOciM/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf ']' 445s + '[' '!' -d /tmp/sssd-softhsm2-TfOciM/softhsm2-test-intermediate-CA-trusted-certificate-0001 ']' 445s + echo 'Test Organization Interme Token' 445s Test Organization Interme Token 445s + '[' -n no_verification ']' 445s + local verify_arg=--verify=no_verification 445s + local output_base_name=SSSD-child-2324 445s + local output_file=/tmp/sssd-softhsm2-TfOciM/SSSD-child-2324.output 445s + output_cert_file=/tmp/sssd-softhsm2-TfOciM/SSSD-child-2324.pem 445s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so --verify=no_verification --ca_db=/dev/null 445s [p11_child[2155]] [main] (0x0400): p11_child started. 445s [p11_child[2155]] [main] (0x2000): Running in [pre-auth] mode. 445s [p11_child[2155]] [main] (0x2000): Running with effective IDs: [0][0]. 445s [p11_child[2155]] [main] (0x2000): Running with real IDs [0][0]. 445s [p11_child[2155]] [parse_cert_verify_opts] (0x0020): Found 'no_verification' option, disabling verification completely. This should not be used in production. 445s [p11_child[2155]] [do_card] (0x4000): Module List: 445s [p11_child[2155]] [do_card] (0x4000): common name: [softhsm2]. 445s [p11_child[2155]] [do_card] (0x4000): dll name: [/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 445s [p11_child[2155]] [do_card] (0x4000): Description [SoftHSM slot ID 0x442967d] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 445s [p11_child[2155]] [do_card] (0x4000): Token label [Test Organization Interme Token]. 445s [p11_child[2155]] [do_card] (0x4000): Found [Test Organization Interme Token] in slot [SoftHSM slot ID 0x442967d][71472765] of module [0][/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 445s [p11_child[2155]] [do_card] (0x4000): Login NOT required. 445s [p11_child[2155]] [read_certs] (0x4000): found cert[Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] 445s [p11_child[2155]] [do_card] (0x4000): /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so (null) Test Organization Interme Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 445s [p11_child[2155]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x442967d;slot-manufacturer=SoftHSM%20project;slot-id=71472765;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=04efb2d68442967d;token=Test%20Organization%20Interme%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Intermediate%20Trusted%20Certificate%200001;type=cert. 445s [p11_child[2155]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 445s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-TfOciM/SSSD-child-2324.output 445s + echo '-----BEGIN CERTIFICATE-----' 445s + tail -n1 /tmp/sssd-softhsm2-TfOciM/SSSD-child-2324.output 445s + echo '-----END CERTIFICATE-----' 445s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-TfOciM/SSSD-child-2324.pem 445s + local found_md5 expected_md5 445s Certificate: 445s Data: 445s Version: 3 (0x2) 445s Serial Number: 4 (0x4) 445s Signature Algorithm: sha256WithRSAEncryption 445s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate CA 445s Validity 445s Not Before: Mar 23 21:40:10 2024 GMT 445s Not After : Mar 23 21:40:10 2025 GMT 445s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate Trusted Certificate 0001 445s Subject Public Key Info: 445s Public Key Algorithm: rsaEncryption 445s Public-Key: (1024 bit) 445s Modulus: 445s 00:a4:14:a0:5d:7c:8a:38:1c:fd:d1:3d:4b:8c:c2: 445s e2:33:9a:6a:28:3a:33:83:98:ac:77:cb:01:7f:07: 445s d4:f3:72:7b:2f:80:88:e3:4f:f1:29:cb:c0:90:e1: 445s 7a:e2:bb:14:d4:26:1c:df:d6:5b:bd:ae:ad:77:86: 445s b6:d8:11:dd:e7:61:7d:7b:23:da:dc:28:e9:53:ae: 445s 93:bf:22:53:8b:f0:1f:3a:dd:d7:ae:fd:0c:3c:6a: 445s ff:25:bc:61:43:19:26:55:1e:11:d5:0c:5e:c0:30: 445s 75:86:e0:0e:7c:d7:d5:57:e5:91:52:30:3f:c2:6f: 445s 57:e3:14:18:0f:d9:fa:e2:89 445s Exponent: 65537 (0x10001) 445s X509v3 extensions: 445s X509v3 Authority Key Identifier: 445s 20:70:79:02:BD:06:DF:7F:5D:B6:B6:40:C8:70:2D:07:B4:A5:59:35 445s X509v3 Basic Constraints: 445s CA:FALSE 445s Netscape Cert Type: 445s SSL Client, S/MIME 445s Netscape Comment: 445s Test Organization Intermediate CA trusted Certificate 445s X509v3 Subject Key Identifier: 445s 1F:D2:64:BE:B0:88:32:17:1B:2B:F3:09:B9:03:05:51:61:AF:7A:4F 445s X509v3 Key Usage: critical 445s Digital Signature, Non Repudiation, Key Encipherment 445s X509v3 Extended Key Usage: 445s TLS Web Client Authentication, E-mail Protection 445s X509v3 Subject Alternative Name: 445s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 445s Signature Algorithm: sha256WithRSAEncryption 445s Signature Value: 445s a1:c8:49:e4:4c:e5:fe:21:f2:5e:63:da:2e:86:8b:7c:ff:56: 445s 8a:ba:e0:48:fe:de:38:55:e6:9c:7b:3e:2a:e8:e9:86:7f:56: 445s 44:81:fb:f5:7e:ec:a5:57:16:7d:68:0b:4e:a0:32:b0:ee:96: 445s 82:f8:b2:c8:2a:6b:45:a4:60:70:eb:bd:d3:3c:78:a4:d4:ca: 445s a1:c7:2e:7a:86:e4:7c:f2:21:f8:5b:b1:4b:6b:75:24:a1:0c: 445s e3:91:0b:8d:01:9d:5d:52:91:0e:90:91:ab:f1:5a:6c:26:70: 445s 0d:7e:d7:47:29:ba:26:c4:ed:0b:ba:13:4a:c0:48:ca:4a:72: 445s 78:a9 445s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-TfOciM/test-intermediate-CA-trusted-certificate-0001.pem 446s + expected_md5=Modulus=A414A05D7C8A381CFDD13D4B8CC2E2339A6A283A338398AC77CB017F07D4F3727B2F8088E34FF129CBC090E17AE2BB14D4261CDFD65BBDAEAD7786B6D811DDE7617D7B23DADC28E953AE93BF22538BF01F3ADDD7AEFD0C3C6AFF25BC61431926551E11D50C5EC0307586E00E7CD7D557E59152303FC26F57E314180FD9FAE289 446s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-TfOciM/SSSD-child-2324.pem 446s + found_md5=Modulus=A414A05D7C8A381CFDD13D4B8CC2E2339A6A283A338398AC77CB017F07D4F3727B2F8088E34FF129CBC090E17AE2BB14D4261CDFD65BBDAEAD7786B6D811DDE7617D7B23DADC28E953AE93BF22538BF01F3ADDD7AEFD0C3C6AFF25BC61431926551E11D50C5EC0307586E00E7CD7D557E59152303FC26F57E314180FD9FAE289 446s + '[' Modulus=A414A05D7C8A381CFDD13D4B8CC2E2339A6A283A338398AC77CB017F07D4F3727B2F8088E34FF129CBC090E17AE2BB14D4261CDFD65BBDAEAD7786B6D811DDE7617D7B23DADC28E953AE93BF22538BF01F3ADDD7AEFD0C3C6AFF25BC61431926551E11D50C5EC0307586E00E7CD7D557E59152303FC26F57E314180FD9FAE289 '!=' Modulus=A414A05D7C8A381CFDD13D4B8CC2E2339A6A283A338398AC77CB017F07D4F3727B2F8088E34FF129CBC090E17AE2BB14D4261CDFD65BBDAEAD7786B6D811DDE7617D7B23DADC28E953AE93BF22538BF01F3ADDD7AEFD0C3C6AFF25BC61431926551E11D50C5EC0307586E00E7CD7D557E59152303FC26F57E314180FD9FAE289 ']' 446s + output_file=/tmp/sssd-softhsm2-TfOciM/SSSD-child-2324-auth.output 446s ++ basename /tmp/sssd-softhsm2-TfOciM/SSSD-child-2324-auth.output .output 446s + output_cert_file=/tmp/sssd-softhsm2-TfOciM/SSSD-child-2324-auth.pem 446s + echo -n 053350 446s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/dev/null --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 --verify=no_verification --token_name 'Test Organization Interme Token' --module_name /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so 446s [p11_child[2163]] [main] (0x0400): p11_child started. 446s [p11_child[2163]] [main] (0x2000): Running in [auth] mode. 446s [p11_child[2163]] [main] (0x2000): Running with effective IDs: [0][0]. 446s [p11_child[2163]] [main] (0x2000): Running with real IDs [0][0]. 446s [p11_child[2163]] [parse_cert_verify_opts] (0x0020): Found 'no_verification' option, disabling verification completely. This should not be used in production. 446s [p11_child[2163]] [do_card] (0x4000): Module List: 446s [p11_child[2163]] [do_card] (0x4000): common name: [softhsm2]. 446s [p11_child[2163]] [do_card] (0x4000): dll name: [/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 446s [p11_child[2163]] [do_card] (0x4000): Description [SoftHSM slot ID 0x442967d] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 446s [p11_child[2163]] [do_card] (0x4000): Token label [Test Organization Interme Token]. 446s [p11_child[2163]] [do_card] (0x4000): Found [Test Organization Interme Token] in slot [SoftHSM slot ID 0x442967d][71472765] of module [0][/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 446s [p11_child[2163]] [do_card] (0x4000): Login required. 446s [p11_child[2163]] [read_certs] (0x4000): found cert[Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] 446s [p11_child[2163]] [do_card] (0x4000): /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so Test Organization Interme Token Test Organization Interme Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 446s [p11_child[2163]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x442967d;slot-manufacturer=SoftHSM%20project;slot-id=71472765;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=04efb2d68442967d;token=Test%20Organization%20Interme%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Intermediate%20Trusted%20Certificate%200001;type=cert. 446s [p11_child[2163]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 446s [p11_child[2163]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 446s [p11_child[2163]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 446s [p11_child[2163]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 446s [p11_child[2163]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 446s [p11_child[2163]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 446s [p11_child[2163]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 446s [p11_child[2163]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 446s [p11_child[2163]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 446s [p11_child[2163]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 446s [p11_child[2163]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 446s [p11_child[2163]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 446s [p11_child[2163]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 446s [p11_child[2163]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 446s [p11_child[2163]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 446s [p11_child[2163]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 446s [p11_child[2163]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 446s [p11_child[2163]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 446s [p11_child[2163]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 446s [p11_child[2163]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 446s [p11_child[2163]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 446s [p11_child[2163]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 446s [p11_child[2163]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 446s [p11_child[2163]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 446s [p11_child[2163]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 446s [p11_child[2163]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 446s [p11_child[2163]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 446s [p11_child[2163]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 446s [p11_child[2163]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 446s [p11_child[2163]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 446s [p11_child[2163]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 446s [p11_child[2163]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 446s [p11_child[2163]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 446s [p11_child[2163]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 446s [p11_child[2163]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 446s [p11_child[2163]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 446s [p11_child[2163]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 446s [p11_child[2163]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 446s [p11_child[2163]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 446s [p11_child[2163]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 446s [p11_child[2163]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 446s [p11_child[2163]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 446s [p11_child[2163]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 446s [p11_child[2163]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 446s [p11_child[2163]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 446s [p11_child[2163]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 446s [p11_child[2163]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 446s [p11_child[2163]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 446s [p11_child[2163]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 446s [p11_child[2163]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 446s [p11_child[2163]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 446s [p11_child[2163]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 446s [p11_child[2163]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 446s [p11_child[2163]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 446s [p11_child[2163]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 446s [p11_child[2163]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 446s [p11_child[2163]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 446s [p11_child[2163]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 446s [p11_child[2163]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 446s [p11_child[2163]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 446s [p11_child[2163]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 446s [p11_child[2163]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 446s [p11_child[2163]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 446s [p11_child[2163]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 446s [p11_child[2163]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 446s [p11_child[2163]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 446s [p11_child[2163]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 446s [p11_child[2163]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 446s [p11_child[2163]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 446s [p11_child[2163]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 446s [p11_child[2163]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 446s [p11_child[2163]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 446s [p11_child[2163]] [do_card] (0x4000): Certificate verified and validated. 446s [p11_child[2163]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 446s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-TfOciM/SSSD-child-2324-auth.output 446s + echo '-----BEGIN CERTIFICATE-----' 446s + tail -n1 /tmp/sssd-softhsm2-TfOciM/SSSD-child-2324-auth.output 446s + echo '-----END CERTIFICATE-----' 446s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-TfOciM/SSSD-child-2324-auth.pem 446s Certificate: 446s Data: 446s Version: 3 (0x2) 446s Serial Number: 4 (0x4) 446s Signature Algorithm: sha256WithRSAEncryption 446s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate CA 446s Validity 446s Not Before: Mar 23 21:40:10 2024 GMT 446s Not After : Mar 23 21:40:10 2025 GMT 446s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate Trusted Certificate 0001 446s Subject Public Key Info: 446s Public Key Algorithm: rsaEncryption 446s Public-Key: (1024 bit) 446s Modulus: 446s 00:a4:14:a0:5d:7c:8a:38:1c:fd:d1:3d:4b:8c:c2: 446s e2:33:9a:6a:28:3a:33:83:98:ac:77:cb:01:7f:07: 446s d4:f3:72:7b:2f:80:88:e3:4f:f1:29:cb:c0:90:e1: 446s 7a:e2:bb:14:d4:26:1c:df:d6:5b:bd:ae:ad:77:86: 446s b6:d8:11:dd:e7:61:7d:7b:23:da:dc:28:e9:53:ae: 446s 93:bf:22:53:8b:f0:1f:3a:dd:d7:ae:fd:0c:3c:6a: 446s ff:25:bc:61:43:19:26:55:1e:11:d5:0c:5e:c0:30: 446s 75:86:e0:0e:7c:d7:d5:57:e5:91:52:30:3f:c2:6f: 446s 57:e3:14:18:0f:d9:fa:e2:89 446s Exponent: 65537 (0x10001) 446s X509v3 extensions: 446s X509v3 Authority Key Identifier: 446s 20:70:79:02:BD:06:DF:7F:5D:B6:B6:40:C8:70:2D:07:B4:A5:59:35 446s X509v3 Basic Constraints: 446s CA:FALSE 446s Netscape Cert Type: 446s SSL Client, S/MIME 446s Netscape Comment: 446s Test Organization Intermediate CA trusted Certificate 446s X509v3 Subject Key Identifier: 446s 1F:D2:64:BE:B0:88:32:17:1B:2B:F3:09:B9:03:05:51:61:AF:7A:4F 446s X509v3 Key Usage: critical 446s Digital Signature, Non Repudiation, Key Encipherment 446s X509v3 Extended Key Usage: 446s TLS Web Client Authentication, E-mail Protection 446s X509v3 Subject Alternative Name: 446s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 446s Signature Algorithm: sha256WithRSAEncryption 446s Signature Value: 446s a1:c8:49:e4:4c:e5:fe:21:f2:5e:63:da:2e:86:8b:7c:ff:56: 446s 8a:ba:e0:48:fe:de:38:55:e6:9c:7b:3e:2a:e8:e9:86:7f:56: 446s 44:81:fb:f5:7e:ec:a5:57:16:7d:68:0b:4e:a0:32:b0:ee:96: 446s 82:f8:b2:c8:2a:6b:45:a4:60:70:eb:bd:d3:3c:78:a4:d4:ca: 446s a1:c7:2e:7a:86:e4:7c:f2:21:f8:5b:b1:4b:6b:75:24:a1:0c: 446s e3:91:0b:8d:01:9d:5d:52:91:0e:90:91:ab:f1:5a:6c:26:70: 446s 0d:7e:d7:47:29:ba:26:c4:ed:0b:ba:13:4a:c0:48:ca:4a:72: 446s 78:a9 446s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-TfOciM/SSSD-child-2324-auth.pem 446s + found_md5=Modulus=A414A05D7C8A381CFDD13D4B8CC2E2339A6A283A338398AC77CB017F07D4F3727B2F8088E34FF129CBC090E17AE2BB14D4261CDFD65BBDAEAD7786B6D811DDE7617D7B23DADC28E953AE93BF22538BF01F3ADDD7AEFD0C3C6AFF25BC61431926551E11D50C5EC0307586E00E7CD7D557E59152303FC26F57E314180FD9FAE289 446s + '[' Modulus=A414A05D7C8A381CFDD13D4B8CC2E2339A6A283A338398AC77CB017F07D4F3727B2F8088E34FF129CBC090E17AE2BB14D4261CDFD65BBDAEAD7786B6D811DDE7617D7B23DADC28E953AE93BF22538BF01F3ADDD7AEFD0C3C6AFF25BC61431926551E11D50C5EC0307586E00E7CD7D557E59152303FC26F57E314180FD9FAE289 '!=' Modulus=A414A05D7C8A381CFDD13D4B8CC2E2339A6A283A338398AC77CB017F07D4F3727B2F8088E34FF129CBC090E17AE2BB14D4261CDFD65BBDAEAD7786B6D811DDE7617D7B23DADC28E953AE93BF22538BF01F3ADDD7AEFD0C3C6AFF25BC61431926551E11D50C5EC0307586E00E7CD7D557E59152303FC26F57E314180FD9FAE289 ']' 446s + invalid_certificate /tmp/sssd-softhsm2-TfOciM/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-32650 /tmp/sssd-softhsm2-TfOciM/test-root-CA.pem 446s + check_certificate /tmp/sssd-softhsm2-TfOciM/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-32650 /tmp/sssd-softhsm2-TfOciM/test-root-CA.pem 446s + local certificate=/tmp/sssd-softhsm2-TfOciM/test-intermediate-CA-trusted-certificate-0001.pem 446s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-32650 446s + local key_ring=/tmp/sssd-softhsm2-TfOciM/test-root-CA.pem 446s + local verify_option= 446s + prepare_softhsm2_card /tmp/sssd-softhsm2-TfOciM/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-32650 446s + local certificate=/tmp/sssd-softhsm2-TfOciM/test-intermediate-CA-trusted-certificate-0001.pem 446s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-32650 446s + local key_cn 446s + local key_name 446s + local tokens_dir 446s + local output_cert_file 446s + token_name= 446s ++ basename /tmp/sssd-softhsm2-TfOciM/test-intermediate-CA-trusted-certificate-0001.pem .pem 446s + key_name=test-intermediate-CA-trusted-certificate-0001 446s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-TfOciM/test-intermediate-CA-trusted-certificate-0001.pem 446s ++ sed -n 's/ *commonName *= //p' 446s + key_cn='Test Organization Intermediate Trusted Certificate 0001' 446s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 446s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-TfOciM/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 446s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-TfOciM/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 446s ++ basename /tmp/sssd-softhsm2-TfOciM/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf .conf 446s + tokens_dir=/tmp/sssd-softhsm2-TfOciM/softhsm2-test-intermediate-CA-trusted-certificate-0001 446s + token_name='Test Organization Interme Token' 446s + '[' '!' -e /tmp/sssd-softhsm2-TfOciM/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf ']' 446s + '[' '!' -d /tmp/sssd-softhsm2-TfOciM/softhsm2-test-intermediate-CA-trusted-certificate-0001 ']' 446s + echo 'Test Organization Interme Token' 446s + '[' -n '' ']' 446s + local output_base_name=SSSD-child-28890 446s + local output_file=/tmp/sssd-softhsm2-TfOciM/SSSD-child-28890.output 446s + output_cert_file=/tmp/sssd-softhsm2-TfOciM/SSSD-child-28890.pem 446s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so '' --ca_db=/tmp/sssd-softhsm2-TfOciM/test-root-CA.pem 446s Test Organization Interme Token 446s [p11_child[2173]] [main] (0x0400): p11_child started. 446s [p11_child[2173]] [main] (0x2000): Running in [pre-auth] mode. 446s [p11_child[2173]] [main] (0x2000): Running with effective IDs: [0][0]. 446s [p11_child[2173]] [main] (0x2000): Running with real IDs [0][0]. 446s [p11_child[2173]] [do_card] (0x4000): Module List: 446s [p11_child[2173]] [do_card] (0x4000): common name: [softhsm2]. 446s [p11_child[2173]] [do_card] (0x4000): dll name: [/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 446s [p11_child[2173]] [do_card] (0x4000): Description [SoftHSM slot ID 0x442967d] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 446s [p11_child[2173]] [do_card] (0x4000): Token label [Test Organization Interme Token]. 446s [p11_child[2173]] [do_card] (0x4000): Found [Test Organization Interme Token] in slot [SoftHSM slot ID 0x442967d][71472765] of module [0][/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 446s [p11_child[2173]] [do_card] (0x4000): Login NOT required. 446s [p11_child[2173]] [read_certs] (0x4000): found cert[Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] 446s [p11_child[2173]] [do_verification] (0x0040): X509_verify_cert failed [0]. 446s [p11_child[2173]] [do_verification] (0x0040): X509_verify_cert failed [20][unable to get local issuer certificate]. 446s [p11_child[2173]] [read_certs] (0x0040): Certificate [Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] not valid, skipping. 446s [p11_child[2173]] [do_card] (0x4000): No certificate found. 446s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-TfOciM/SSSD-child-28890.output 446s + return 2 446s + invalid_certificate /tmp/sssd-softhsm2-TfOciM/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-32650 /tmp/sssd-softhsm2-TfOciM/test-root-CA.pem partial_chain 446s + check_certificate /tmp/sssd-softhsm2-TfOciM/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-32650 /tmp/sssd-softhsm2-TfOciM/test-root-CA.pem partial_chain 446s + local certificate=/tmp/sssd-softhsm2-TfOciM/test-intermediate-CA-trusted-certificate-0001.pem 446s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-32650 446s + local key_ring=/tmp/sssd-softhsm2-TfOciM/test-root-CA.pem 446s + local verify_option=partial_chain 446s + prepare_softhsm2_card /tmp/sssd-softhsm2-TfOciM/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-32650 446s + local certificate=/tmp/sssd-softhsm2-TfOciM/test-intermediate-CA-trusted-certificate-0001.pem 446s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-32650 446s + local key_cn 446s + local key_name 446s + local tokens_dir 446s + local output_cert_file 446s + token_name= 446s ++ basename /tmp/sssd-softhsm2-TfOciM/test-intermediate-CA-trusted-certificate-0001.pem .pem 446s + key_name=test-intermediate-CA-trusted-certificate-0001 446s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-TfOciM/test-intermediate-CA-trusted-certificate-0001.pem 446s ++ sed -n 's/ *commonName *= //p' 446s + key_cn='Test Organization Intermediate Trusted Certificate 0001' 446s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 446s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-TfOciM/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 446s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-TfOciM/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 446s ++ basename /tmp/sssd-softhsm2-TfOciM/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf .conf 446s + tokens_dir=/tmp/sssd-softhsm2-TfOciM/softhsm2-test-intermediate-CA-trusted-certificate-0001 446s + token_name='Test Organization Interme Token' 446s + '[' '!' -e /tmp/sssd-softhsm2-TfOciM/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf ']' 446s + '[' '!' -d /tmp/sssd-softhsm2-TfOciM/softhsm2-test-intermediate-CA-trusted-certificate-0001 ']' 446s + echo 'Test Organization Interme Token' 446s + '[' -n partial_chain ']' 446s + local verify_arg=--verify=partial_chain 446s + local output_base_name=SSSD-child-28273 446s Test Organization Interme Token 446s + local output_file=/tmp/sssd-softhsm2-TfOciM/SSSD-child-28273.output 446s + output_cert_file=/tmp/sssd-softhsm2-TfOciM/SSSD-child-28273.pem 446s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so --verify=partial_chain --ca_db=/tmp/sssd-softhsm2-TfOciM/test-root-CA.pem 446s [p11_child[2180]] [main] (0x0400): p11_child started. 446s [p11_child[2180]] [main] (0x2000): Running in [pre-auth] mode. 446s [p11_child[2180]] [main] (0x2000): Running with effective IDs: [0][0]. 446s [p11_child[2180]] [main] (0x2000): Running with real IDs [0][0]. 446s [p11_child[2180]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 446s [p11_child[2180]] [do_card] (0x4000): Module List: 446s [p11_child[2180]] [do_card] (0x4000): common name: [softhsm2]. 446s [p11_child[2180]] [do_card] (0x4000): dll name: [/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 446s [p11_child[2180]] [do_card] (0x4000): Description [SoftHSM slot ID 0x442967d] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 446s [p11_child[2180]] [do_card] (0x4000): Token label [Test Organization Interme Token]. 446s [p11_child[2180]] [do_card] (0x4000): Found [Test Organization Interme Token] in slot [SoftHSM slot ID 0x442967d][71472765] of module [0][/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 446s [p11_child[2180]] [do_card] (0x4000): Login NOT required. 446s [p11_child[2180]] [read_certs] (0x4000): found cert[Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] 446s [p11_child[2180]] [do_verification] (0x0040): X509_verify_cert failed [0]. 446s [p11_child[2180]] [do_verification] (0x0040): X509_verify_cert failed [20][unable to get local issuer certificate]. 446s [p11_child[2180]] [read_certs] (0x0040): Certificate [Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] not valid, skipping. 446s [p11_child[2180]] [do_card] (0x4000): No certificate found. 446s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-TfOciM/SSSD-child-28273.output 446s + return 2 446s + valid_certificate /tmp/sssd-softhsm2-TfOciM/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-32650 /tmp/sssd-softhsm2-TfOciM/test-full-chain-CA.pem 446s + check_certificate /tmp/sssd-softhsm2-TfOciM/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-32650 /tmp/sssd-softhsm2-TfOciM/test-full-chain-CA.pem 446s + local certificate=/tmp/sssd-softhsm2-TfOciM/test-intermediate-CA-trusted-certificate-0001.pem 446s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-32650 446s + local key_ring=/tmp/sssd-softhsm2-TfOciM/test-full-chain-CA.pem 446s + local verify_option= 446s + prepare_softhsm2_card /tmp/sssd-softhsm2-TfOciM/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-32650 446s + local certificate=/tmp/sssd-softhsm2-TfOciM/test-intermediate-CA-trusted-certificate-0001.pem 446s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-32650 446s + local key_cn 446s + local key_name 446s + local tokens_dir 446s + local output_cert_file 446s + token_name= 446s ++ basename /tmp/sssd-softhsm2-TfOciM/test-intermediate-CA-trusted-certificate-0001.pem .pem 446s + key_name=test-intermediate-CA-trusted-certificate-0001 446s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-TfOciM/test-intermediate-CA-trusted-certificate-0001.pem 446s ++ sed -n 's/ *commonName *= //p' 446s + key_cn='Test Organization Intermediate Trusted Certificate 0001' 446s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 446s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-TfOciM/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 446s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-TfOciM/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 446s ++ basename /tmp/sssd-softhsm2-TfOciM/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf .conf 446s + tokens_dir=/tmp/sssd-softhsm2-TfOciM/softhsm2-test-intermediate-CA-trusted-certificate-0001 446s + token_name='Test Organization Interme Token' 446s + '[' '!' -e /tmp/sssd-softhsm2-TfOciM/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf ']' 446s + '[' '!' -d /tmp/sssd-softhsm2-TfOciM/softhsm2-test-intermediate-CA-trusted-certificate-0001 ']' 446s + echo 'Test Organization Interme Token' 446s Test Organization Interme Token 446s + '[' -n '' ']' 446s + local output_base_name=SSSD-child-13275 446s + local output_file=/tmp/sssd-softhsm2-TfOciM/SSSD-child-13275.output 446s + output_cert_file=/tmp/sssd-softhsm2-TfOciM/SSSD-child-13275.pem 446s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so '' --ca_db=/tmp/sssd-softhsm2-TfOciM/test-full-chain-CA.pem 446s [p11_child[2187]] [main] (0x0400): p11_child started. 446s [p11_child[2187]] [main] (0x2000): Running in [pre-auth] mode. 446s [p11_child[2187]] [main] (0x2000): Running with effective IDs: [0][0]. 446s [p11_child[2187]] [main] (0x2000): Running with real IDs [0][0]. 446s [p11_child[2187]] [do_card] (0x4000): Module List: 446s [p11_child[2187]] [do_card] (0x4000): common name: [softhsm2]. 446s [p11_child[2187]] [do_card] (0x4000): dll name: [/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 446s [p11_child[2187]] [do_card] (0x4000): Description [SoftHSM slot ID 0x442967d] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 446s [p11_child[2187]] [do_card] (0x4000): Token label [Test Organization Interme Token]. 446s [p11_child[2187]] [do_card] (0x4000): Found [Test Organization Interme Token] in slot [SoftHSM slot ID 0x442967d][71472765] of module [0][/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 446s [p11_child[2187]] [do_card] (0x4000): Login NOT required. 446s [p11_child[2187]] [read_certs] (0x4000): found cert[Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] 446s [p11_child[2187]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 446s [p11_child[2187]] [do_card] (0x4000): /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so (null) Test Organization Interme Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 446s [p11_child[2187]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x442967d;slot-manufacturer=SoftHSM%20project;slot-id=71472765;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=04efb2d68442967d;token=Test%20Organization%20Interme%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Intermediate%20Trusted%20Certificate%200001;type=cert. 446s [p11_child[2187]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 446s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-TfOciM/SSSD-child-13275.output 446s + echo '-----BEGIN CERTIFICATE-----' 446s + tail -n1 /tmp/sssd-softhsm2-TfOciM/SSSD-child-13275.output 446s + echo '-----END CERTIFICATE-----' 446s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-TfOciM/SSSD-child-13275.pem 446s Certificate: 446s Data: 446s Version: 3 (0x2) 446s Serial Number: 4 (0x4) 446s Signature Algorithm: sha256WithRSAEncryption 446s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate CA 446s Validity 446s Not Before: Mar 23 21:40:10 2024 GMT 446s Not After : Mar 23 21:40:10 2025 GMT 446s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate Trusted Certificate 0001 446s Subject Public Key Info: 446s Public Key Algorithm: rsaEncryption 446s Public-Key: (1024 bit) 446s Modulus: 446s 00:a4:14:a0:5d:7c:8a:38:1c:fd:d1:3d:4b:8c:c2: 446s e2:33:9a:6a:28:3a:33:83:98:ac:77:cb:01:7f:07: 446s d4:f3:72:7b:2f:80:88:e3:4f:f1:29:cb:c0:90:e1: 446s 7a:e2:bb:14:d4:26:1c:df:d6:5b:bd:ae:ad:77:86: 446s b6:d8:11:dd:e7:61:7d:7b:23:da:dc:28:e9:53:ae: 446s 93:bf:22:53:8b:f0:1f:3a:dd:d7:ae:fd:0c:3c:6a: 446s ff:25:bc:61:43:19:26:55:1e:11:d5:0c:5e:c0:30: 446s 75:86:e0:0e:7c:d7:d5:57:e5:91:52:30:3f:c2:6f: 446s 57:e3:14:18:0f:d9:fa:e2:89 446s Exponent: 65537 (0x10001) 446s X509v3 extensions: 446s X509v3 Authority Key Identifier: 446s 20:70:79:02:BD:06:DF:7F:5D:B6:B6:40:C8:70:2D:07:B4:A5:59:35 446s X509v3 Basic Constraints: 446s CA:FALSE 446s Netscape Cert Type: 446s SSL Client, S/MIME 446s Netscape Comment: 446s Test Organization Intermediate CA trusted Certificate 446s X509v3 Subject Key Identifier: 446s 1F:D2:64:BE:B0:88:32:17:1B:2B:F3:09:B9:03:05:51:61:AF:7A:4F 446s X509v3 Key Usage: critical 446s Digital Signature, Non Repudiation, Key Encipherment 446s X509v3 Extended Key Usage: 446s TLS Web Client Authentication, E-mail Protection 446s X509v3 Subject Alternative Name: 446s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 446s Signature Algorithm: sha256WithRSAEncryption 446s Signature Value: 446s a1:c8:49:e4:4c:e5:fe:21:f2:5e:63:da:2e:86:8b:7c:ff:56: 446s 8a:ba:e0:48:fe:de:38:55:e6:9c:7b:3e:2a:e8:e9:86:7f:56: 446s 44:81:fb:f5:7e:ec:a5:57:16:7d:68:0b:4e:a0:32:b0:ee:96: 446s 82:f8:b2:c8:2a:6b:45:a4:60:70:eb:bd:d3:3c:78:a4:d4:ca: 446s a1:c7:2e:7a:86:e4:7c:f2:21:f8:5b:b1:4b:6b:75:24:a1:0c: 446s e3:91:0b:8d:01:9d:5d:52:91:0e:90:91:ab:f1:5a:6c:26:70: 446s 0d:7e:d7:47:29:ba:26:c4:ed:0b:ba:13:4a:c0:48:ca:4a:72: 446s 78:a9 446s + local found_md5 expected_md5 446s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-TfOciM/test-intermediate-CA-trusted-certificate-0001.pem 446s + expected_md5=Modulus=A414A05D7C8A381CFDD13D4B8CC2E2339A6A283A338398AC77CB017F07D4F3727B2F8088E34FF129CBC090E17AE2BB14D4261CDFD65BBDAEAD7786B6D811DDE7617D7B23DADC28E953AE93BF22538BF01F3ADDD7AEFD0C3C6AFF25BC61431926551E11D50C5EC0307586E00E7CD7D557E59152303FC26F57E314180FD9FAE289 446s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-TfOciM/SSSD-child-13275.pem 446s + found_md5=Modulus=A414A05D7C8A381CFDD13D4B8CC2E2339A6A283A338398AC77CB017F07D4F3727B2F8088E34FF129CBC090E17AE2BB14D4261CDFD65BBDAEAD7786B6D811DDE7617D7B23DADC28E953AE93BF22538BF01F3ADDD7AEFD0C3C6AFF25BC61431926551E11D50C5EC0307586E00E7CD7D557E59152303FC26F57E314180FD9FAE289 446s + '[' Modulus=A414A05D7C8A381CFDD13D4B8CC2E2339A6A283A338398AC77CB017F07D4F3727B2F8088E34FF129CBC090E17AE2BB14D4261CDFD65BBDAEAD7786B6D811DDE7617D7B23DADC28E953AE93BF22538BF01F3ADDD7AEFD0C3C6AFF25BC61431926551E11D50C5EC0307586E00E7CD7D557E59152303FC26F57E314180FD9FAE289 '!=' Modulus=A414A05D7C8A381CFDD13D4B8CC2E2339A6A283A338398AC77CB017F07D4F3727B2F8088E34FF129CBC090E17AE2BB14D4261CDFD65BBDAEAD7786B6D811DDE7617D7B23DADC28E953AE93BF22538BF01F3ADDD7AEFD0C3C6AFF25BC61431926551E11D50C5EC0307586E00E7CD7D557E59152303FC26F57E314180FD9FAE289 ']' 446s + output_file=/tmp/sssd-softhsm2-TfOciM/SSSD-child-13275-auth.output 446s ++ basename /tmp/sssd-softhsm2-TfOciM/SSSD-child-13275-auth.output .output 446s + output_cert_file=/tmp/sssd-softhsm2-TfOciM/SSSD-child-13275-auth.pem 446s + echo -n 053350 446s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/tmp/sssd-softhsm2-TfOciM/test-full-chain-CA.pem --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 '' --token_name 'Test Organization Interme Token' --module_name /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so 446s [p11_child[2195]] [main] (0x0400): p11_child started. 446s [p11_child[2195]] [main] (0x2000): Running in [auth] mode. 446s [p11_child[2195]] [main] (0x2000): Running with effective IDs: [0][0]. 446s [p11_child[2195]] [main] (0x2000): Running with real IDs [0][0]. 446s [p11_child[2195]] [do_card] (0x4000): Module List: 446s [p11_child[2195]] [do_card] (0x4000): common name: [softhsm2]. 446s [p11_child[2195]] [do_card] (0x4000): dll name: [/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 446s [p11_child[2195]] [do_card] (0x4000): Description [SoftHSM slot ID 0x442967d] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 446s [p11_child[2195]] [do_card] (0x4000): Token label [Test Organization Interme Token]. 446s [p11_child[2195]] [do_card] (0x4000): Found [Test Organization Interme Token] in slot [SoftHSM slot ID 0x442967d][71472765] of module [0][/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 446s [p11_child[2195]] [do_card] (0x4000): Login required. 446s [p11_child[2195]] [read_certs] (0x4000): found cert[Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] 446s [p11_child[2195]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 446s [p11_child[2195]] [do_card] (0x4000): /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so Test Organization Interme Token Test Organization Interme Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 446s [p11_child[2195]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x442967d;slot-manufacturer=SoftHSM%20project;slot-id=71472765;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=04efb2d68442967d;token=Test%20Organization%20Interme%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Intermediate%20Trusted%20Certificate%200001;type=cert. 446s [p11_child[2195]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 446s [p11_child[2195]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 446s [p11_child[2195]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 446s [p11_child[2195]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 446s [p11_child[2195]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 446s [p11_child[2195]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 446s [p11_child[2195]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 446s [p11_child[2195]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 446s [p11_child[2195]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 446s [p11_child[2195]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 446s [p11_child[2195]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 446s [p11_child[2195]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 446s [p11_child[2195]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 446s [p11_child[2195]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 446s [p11_child[2195]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 446s [p11_child[2195]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 446s [p11_child[2195]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 446s [p11_child[2195]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 446s [p11_child[2195]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 446s [p11_child[2195]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 446s [p11_child[2195]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 446s [p11_child[2195]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 446s [p11_child[2195]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 446s [p11_child[2195]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 446s [p11_child[2195]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 446s [p11_child[2195]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 446s [p11_child[2195]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 446s [p11_child[2195]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 446s [p11_child[2195]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 446s [p11_child[2195]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 446s [p11_child[2195]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 446s [p11_child[2195]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 446s [p11_child[2195]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 446s [p11_child[2195]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 446s [p11_child[2195]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 446s [p11_child[2195]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 446s [p11_child[2195]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 446s [p11_child[2195]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 446s [p11_child[2195]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 446s [p11_child[2195]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 446s [p11_child[2195]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 446s [p11_child[2195]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 446s [p11_child[2195]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 446s [p11_child[2195]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 446s [p11_child[2195]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 446s [p11_child[2195]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 446s [p11_child[2195]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 446s [p11_child[2195]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 446s [p11_child[2195]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 446s [p11_child[2195]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 446s [p11_child[2195]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 446s [p11_child[2195]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 446s [p11_child[2195]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 446s [p11_child[2195]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 446s [p11_child[2195]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 446s [p11_child[2195]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 446s [p11_child[2195]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 446s [p11_child[2195]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 446s [p11_child[2195]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 446s [p11_child[2195]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 446s [p11_child[2195]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 446s [p11_child[2195]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 446s [p11_child[2195]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 446s [p11_child[2195]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 446s [p11_child[2195]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 446s [p11_child[2195]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 446s [p11_child[2195]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 446s [p11_child[2195]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 446s [p11_child[2195]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 446s [p11_child[2195]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 446s [p11_child[2195]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 446s [p11_child[2195]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 446s [p11_child[2195]] [do_card] (0x4000): Certificate verified and validated. 446s [p11_child[2195]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 446s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-TfOciM/SSSD-child-13275-auth.output 446s + echo '-----BEGIN CERTIFICATE-----' 446s + tail -n1 /tmp/sssd-softhsm2-TfOciM/SSSD-child-13275-auth.output 446s + echo '-----END CERTIFICATE-----' 446s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-TfOciM/SSSD-child-13275-auth.pem 446s Certificate: 446s Data: 446s Version: 3 (0x2) 446s Serial Number: 4 (0x4) 446s Signature Algorithm: sha256WithRSAEncryption 446s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate CA 446s Validity 446s Not Before: Mar 23 21:40:10 2024 GMT 446s Not After : Mar 23 21:40:10 2025 GMT 446s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate Trusted Certificate 0001 446s Subject Public Key Info: 446s Public Key Algorithm: rsaEncryption 446s Public-Key: (1024 bit) 446s Modulus: 446s 00:a4:14:a0:5d:7c:8a:38:1c:fd:d1:3d:4b:8c:c2: 446s e2:33:9a:6a:28:3a:33:83:98:ac:77:cb:01:7f:07: 446s d4:f3:72:7b:2f:80:88:e3:4f:f1:29:cb:c0:90:e1: 446s 7a:e2:bb:14:d4:26:1c:df:d6:5b:bd:ae:ad:77:86: 446s b6:d8:11:dd:e7:61:7d:7b:23:da:dc:28:e9:53:ae: 446s 93:bf:22:53:8b:f0:1f:3a:dd:d7:ae:fd:0c:3c:6a: 446s ff:25:bc:61:43:19:26:55:1e:11:d5:0c:5e:c0:30: 446s 75:86:e0:0e:7c:d7:d5:57:e5:91:52:30:3f:c2:6f: 446s 57:e3:14:18:0f:d9:fa:e2:89 446s Exponent: 65537 (0x10001) 446s X509v3 extensions: 446s X509v3 Authority Key Identifier: 446s 20:70:79:02:BD:06:DF:7F:5D:B6:B6:40:C8:70:2D:07:B4:A5:59:35 446s X509v3 Basic Constraints: 446s CA:FALSE 446s Netscape Cert Type: 446s SSL Client, S/MIME 446s Netscape Comment: 446s Test Organization Intermediate CA trusted Certificate 446s X509v3 Subject Key Identifier: 446s 1F:D2:64:BE:B0:88:32:17:1B:2B:F3:09:B9:03:05:51:61:AF:7A:4F 446s X509v3 Key Usage: critical 446s Digital Signature, Non Repudiation, Key Encipherment 446s X509v3 Extended Key Usage: 446s TLS Web Client Authentication, E-mail Protection 446s X509v3 Subject Alternative Name: 446s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 446s Signature Algorithm: sha256WithRSAEncryption 446s Signature Value: 446s a1:c8:49:e4:4c:e5:fe:21:f2:5e:63:da:2e:86:8b:7c:ff:56: 446s 8a:ba:e0:48:fe:de:38:55:e6:9c:7b:3e:2a:e8:e9:86:7f:56: 446s 44:81:fb:f5:7e:ec:a5:57:16:7d:68:0b:4e:a0:32:b0:ee:96: 446s 82:f8:b2:c8:2a:6b:45:a4:60:70:eb:bd:d3:3c:78:a4:d4:ca: 446s a1:c7:2e:7a:86:e4:7c:f2:21:f8:5b:b1:4b:6b:75:24:a1:0c: 446s e3:91:0b:8d:01:9d:5d:52:91:0e:90:91:ab:f1:5a:6c:26:70: 446s 0d:7e:d7:47:29:ba:26:c4:ed:0b:ba:13:4a:c0:48:ca:4a:72: 446s 78:a9 446s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-TfOciM/SSSD-child-13275-auth.pem 446s + found_md5=Modulus=A414A05D7C8A381CFDD13D4B8CC2E2339A6A283A338398AC77CB017F07D4F3727B2F8088E34FF129CBC090E17AE2BB14D4261CDFD65BBDAEAD7786B6D811DDE7617D7B23DADC28E953AE93BF22538BF01F3ADDD7AEFD0C3C6AFF25BC61431926551E11D50C5EC0307586E00E7CD7D557E59152303FC26F57E314180FD9FAE289 446s + '[' Modulus=A414A05D7C8A381CFDD13D4B8CC2E2339A6A283A338398AC77CB017F07D4F3727B2F8088E34FF129CBC090E17AE2BB14D4261CDFD65BBDAEAD7786B6D811DDE7617D7B23DADC28E953AE93BF22538BF01F3ADDD7AEFD0C3C6AFF25BC61431926551E11D50C5EC0307586E00E7CD7D557E59152303FC26F57E314180FD9FAE289 '!=' Modulus=A414A05D7C8A381CFDD13D4B8CC2E2339A6A283A338398AC77CB017F07D4F3727B2F8088E34FF129CBC090E17AE2BB14D4261CDFD65BBDAEAD7786B6D811DDE7617D7B23DADC28E953AE93BF22538BF01F3ADDD7AEFD0C3C6AFF25BC61431926551E11D50C5EC0307586E00E7CD7D557E59152303FC26F57E314180FD9FAE289 ']' 446s + valid_certificate /tmp/sssd-softhsm2-TfOciM/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-32650 /tmp/sssd-softhsm2-TfOciM/test-full-chain-CA.pem partial_chain 446s + check_certificate /tmp/sssd-softhsm2-TfOciM/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-32650 /tmp/sssd-softhsm2-TfOciM/test-full-chain-CA.pem partial_chain 446s + local certificate=/tmp/sssd-softhsm2-TfOciM/test-intermediate-CA-trusted-certificate-0001.pem 446s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-32650 446s + local key_ring=/tmp/sssd-softhsm2-TfOciM/test-full-chain-CA.pem 446s + local verify_option=partial_chain 446s + prepare_softhsm2_card /tmp/sssd-softhsm2-TfOciM/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-32650 446s + local certificate=/tmp/sssd-softhsm2-TfOciM/test-intermediate-CA-trusted-certificate-0001.pem 446s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-32650 446s + local key_cn 446s + local key_name 446s + local tokens_dir 446s + local output_cert_file 446s + token_name= 446s ++ basename /tmp/sssd-softhsm2-TfOciM/test-intermediate-CA-trusted-certificate-0001.pem .pem 446s + key_name=test-intermediate-CA-trusted-certificate-0001 446s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-TfOciM/test-intermediate-CA-trusted-certificate-0001.pem 446s ++ sed -n 's/ *commonName *= //p' 446s + key_cn='Test Organization Intermediate Trusted Certificate 0001' 446s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 446s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-TfOciM/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 446s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-TfOciM/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 446s ++ basename /tmp/sssd-softhsm2-TfOciM/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf .conf 446s + tokens_dir=/tmp/sssd-softhsm2-TfOciM/softhsm2-test-intermediate-CA-trusted-certificate-0001 446s + token_name='Test Organization Interme Token' 446s + '[' '!' -e /tmp/sssd-softhsm2-TfOciM/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf ']' 446s + '[' '!' -d /tmp/sssd-softhsm2-TfOciM/softhsm2-test-intermediate-CA-trusted-certificate-0001 ']' 446s + echo 'Test Organization Interme Token' 446s + '[' -n partial_chain ']' 446s + local verify_arg=--verify=partial_chain 446s Test Organization Interme Token 446s + local output_base_name=SSSD-child-7037 446s + local output_file=/tmp/sssd-softhsm2-TfOciM/SSSD-child-7037.output 446s + output_cert_file=/tmp/sssd-softhsm2-TfOciM/SSSD-child-7037.pem 446s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so --verify=partial_chain --ca_db=/tmp/sssd-softhsm2-TfOciM/test-full-chain-CA.pem 446s [p11_child[2205]] [main] (0x0400): p11_child started. 446s [p11_child[2205]] [main] (0x2000): Running in [pre-auth] mode. 446s [p11_child[2205]] [main] (0x2000): Running with effective IDs: [0][0]. 446s [p11_child[2205]] [main] (0x2000): Running with real IDs [0][0]. 446s [p11_child[2205]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 446s [p11_child[2205]] [do_card] (0x4000): Module List: 446s [p11_child[2205]] [do_card] (0x4000): common name: [softhsm2]. 446s [p11_child[2205]] [do_card] (0x4000): dll name: [/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 446s [p11_child[2205]] [do_card] (0x4000): Description [SoftHSM slot ID 0x442967d] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 446s [p11_child[2205]] [do_card] (0x4000): Token label [Test Organization Interme Token]. 446s [p11_child[2205]] [do_card] (0x4000): Found [Test Organization Interme Token] in slot [SoftHSM slot ID 0x442967d][71472765] of module [0][/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 446s [p11_child[2205]] [do_card] (0x4000): Login NOT required. 446s [p11_child[2205]] [read_certs] (0x4000): found cert[Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] 446s [p11_child[2205]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 446s [p11_child[2205]] [do_card] (0x4000): /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so (null) Test Organization Interme Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 446s [p11_child[2205]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x442967d;slot-manufacturer=SoftHSM%20project;slot-id=71472765;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=04efb2d68442967d;token=Test%20Organization%20Interme%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Intermediate%20Trusted%20Certificate%200001;type=cert. 446s [p11_child[2205]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 446s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-TfOciM/SSSD-child-7037.output 446s + echo '-----BEGIN CERTIFICATE-----' 446s + tail -n1 /tmp/sssd-softhsm2-TfOciM/SSSD-child-7037.output 446s + echo '-----END CERTIFICATE-----' 446s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-TfOciM/SSSD-child-7037.pem 446s Certificate: 446s Data: 446s Version: 3 (0x2) 446s Serial Number: 4 (0x4) 446s Signature Algorithm: sha256WithRSAEncryption 446s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate CA 446s Validity 446s Not Before: Mar 23 21:40:10 2024 GMT 446s Not After : Mar 23 21:40:10 2025 GMT 446s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate Trusted Certificate 0001 446s Subject Public Key Info: 446s Public Key Algorithm: rsaEncryption 446s Public-Key: (1024 bit) 446s Modulus: 446s 00:a4:14:a0:5d:7c:8a:38:1c:fd:d1:3d:4b:8c:c2: 446s e2:33:9a:6a:28:3a:33:83:98:ac:77:cb:01:7f:07: 446s d4:f3:72:7b:2f:80:88:e3:4f:f1:29:cb:c0:90:e1: 446s 7a:e2:bb:14:d4:26:1c:df:d6:5b:bd:ae:ad:77:86: 446s b6:d8:11:dd:e7:61:7d:7b:23:da:dc:28:e9:53:ae: 446s 93:bf:22:53:8b:f0:1f:3a:dd:d7:ae:fd:0c:3c:6a: 446s ff:25:bc:61:43:19:26:55:1e:11:d5:0c:5e:c0:30: 446s 75:86:e0:0e:7c:d7:d5:57:e5:91:52:30:3f:c2:6f: 446s 57:e3:14:18:0f:d9:fa:e2:89 446s Exponent: 65537 (0x10001) 446s X509v3 extensions: 446s X509v3 Authority Key Identifier: 446s 20:70:79:02:BD:06:DF:7F:5D:B6:B6:40:C8:70:2D:07:B4:A5:59:35 446s X509v3 Basic Constraints: 446s CA:FALSE 446s Netscape Cert Type: 446s SSL Client, S/MIME 446s Netscape Comment: 446s Test Organization Intermediate CA trusted Certificate 446s X509v3 Subject Key Identifier: 446s 1F:D2:64:BE:B0:88:32:17:1B:2B:F3:09:B9:03:05:51:61:AF:7A:4F 446s X509v3 Key Usage: critical 446s Digital Signature, Non Repudiation, Key Encipherment 446s X509v3 Extended Key Usage: 446s TLS Web Client Authentication, E-mail Protection 446s X509v3 Subject Alternative Name: 446s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 446s Signature Algorithm: sha256WithRSAEncryption 446s Signature Value: 446s a1:c8:49:e4:4c:e5:fe:21:f2:5e:63:da:2e:86:8b:7c:ff:56: 446s 8a:ba:e0:48:fe:de:38:55:e6:9c:7b:3e:2a:e8:e9:86:7f:56: 446s 44:81:fb:f5:7e:ec:a5:57:16:7d:68:0b:4e:a0:32:b0:ee:96: 446s 82:f8:b2:c8:2a:6b:45:a4:60:70:eb:bd:d3:3c:78:a4:d4:ca: 446s a1:c7:2e:7a:86:e4:7c:f2:21:f8:5b:b1:4b:6b:75:24:a1:0c: 446s e3:91:0b:8d:01:9d:5d:52:91:0e:90:91:ab:f1:5a:6c:26:70: 446s 0d:7e:d7:47:29:ba:26:c4:ed:0b:ba:13:4a:c0:48:ca:4a:72: 446s 78:a9 446s + local found_md5 expected_md5 446s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-TfOciM/test-intermediate-CA-trusted-certificate-0001.pem 446s + expected_md5=Modulus=A414A05D7C8A381CFDD13D4B8CC2E2339A6A283A338398AC77CB017F07D4F3727B2F8088E34FF129CBC090E17AE2BB14D4261CDFD65BBDAEAD7786B6D811DDE7617D7B23DADC28E953AE93BF22538BF01F3ADDD7AEFD0C3C6AFF25BC61431926551E11D50C5EC0307586E00E7CD7D557E59152303FC26F57E314180FD9FAE289 446s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-TfOciM/SSSD-child-7037.pem 446s + found_md5=Modulus=A414A05D7C8A381CFDD13D4B8CC2E2339A6A283A338398AC77CB017F07D4F3727B2F8088E34FF129CBC090E17AE2BB14D4261CDFD65BBDAEAD7786B6D811DDE7617D7B23DADC28E953AE93BF22538BF01F3ADDD7AEFD0C3C6AFF25BC61431926551E11D50C5EC0307586E00E7CD7D557E59152303FC26F57E314180FD9FAE289 446s + '[' Modulus=A414A05D7C8A381CFDD13D4B8CC2E2339A6A283A338398AC77CB017F07D4F3727B2F8088E34FF129CBC090E17AE2BB14D4261CDFD65BBDAEAD7786B6D811DDE7617D7B23DADC28E953AE93BF22538BF01F3ADDD7AEFD0C3C6AFF25BC61431926551E11D50C5EC0307586E00E7CD7D557E59152303FC26F57E314180FD9FAE289 '!=' Modulus=A414A05D7C8A381CFDD13D4B8CC2E2339A6A283A338398AC77CB017F07D4F3727B2F8088E34FF129CBC090E17AE2BB14D4261CDFD65BBDAEAD7786B6D811DDE7617D7B23DADC28E953AE93BF22538BF01F3ADDD7AEFD0C3C6AFF25BC61431926551E11D50C5EC0307586E00E7CD7D557E59152303FC26F57E314180FD9FAE289 ']' 446s + output_file=/tmp/sssd-softhsm2-TfOciM/SSSD-child-7037-auth.output 446s ++ basename /tmp/sssd-softhsm2-TfOciM/SSSD-child-7037-auth.output .output 446s + output_cert_file=/tmp/sssd-softhsm2-TfOciM/SSSD-child-7037-auth.pem 446s + echo -n 053350 446s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/tmp/sssd-softhsm2-TfOciM/test-full-chain-CA.pem --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 --verify=partial_chain --token_name 'Test Organization Interme Token' --module_name /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so 446s [p11_child[2213]] [main] (0x0400): p11_child started. 446s [p11_child[2213]] [main] (0x2000): Running in [auth] mode. 446s [p11_child[2213]] [main] (0x2000): Running with effective IDs: [0][0]. 446s [p11_child[2213]] [main] (0x2000): Running with real IDs [0][0]. 446s [p11_child[2213]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 446s [p11_child[2213]] [do_card] (0x4000): Module List: 446s [p11_child[2213]] [do_card] (0x4000): common name: [softhsm2]. 446s [p11_child[2213]] [do_card] (0x4000): dll name: [/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 446s [p11_child[2213]] [do_card] (0x4000): Description [SoftHSM slot ID 0x442967d] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 446s [p11_child[2213]] [do_card] (0x4000): Token label [Test Organization Interme Token]. 446s [p11_child[2213]] [do_card] (0x4000): Found [Test Organization Interme Token] in slot [SoftHSM slot ID 0x442967d][71472765] of module [0][/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 446s [p11_child[2213]] [do_card] (0x4000): Login required. 446s [p11_child[2213]] [read_certs] (0x4000): found cert[Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] 446s [p11_child[2213]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 446s [p11_child[2213]] [do_card] (0x4000): /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so Test Organization Interme Token Test Organization Interme Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 446s [p11_child[2213]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x442967d;slot-manufacturer=SoftHSM%20project;slot-id=71472765;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=04efb2d68442967d;token=Test%20Organization%20Interme%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Intermediate%20Trusted%20Certificate%200001;type=cert. 446s [p11_child[2213]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 446s [p11_child[2213]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 446s [p11_child[2213]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 446s [p11_child[2213]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 446s [p11_child[2213]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 446s [p11_child[2213]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 446s [p11_child[2213]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 446s [p11_child[2213]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 446s [p11_child[2213]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 446s [p11_child[2213]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 446s [p11_child[2213]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 446s [p11_child[2213]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 446s [p11_child[2213]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 446s [p11_child[2213]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 446s [p11_child[2213]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 446s [p11_child[2213]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 446s [p11_child[2213]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 446s [p11_child[2213]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 446s [p11_child[2213]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 446s [p11_child[2213]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 446s [p11_child[2213]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 446s [p11_child[2213]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 446s [p11_child[2213]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 446s [p11_child[2213]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 446s [p11_child[2213]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 446s [p11_child[2213]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 446s [p11_child[2213]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 446s [p11_child[2213]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 446s [p11_child[2213]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 446s [p11_child[2213]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 446s [p11_child[2213]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 446s [p11_child[2213]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 446s [p11_child[2213]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 446s [p11_child[2213]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 446s [p11_child[2213]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 446s [p11_child[2213]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 446s [p11_child[2213]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 446s [p11_child[2213]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 446s [p11_child[2213]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 446s [p11_child[2213]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 446s [p11_child[2213]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 446s [p11_child[2213]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 446s [p11_child[2213]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 446s [p11_child[2213]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 446s [p11_child[2213]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 446s [p11_child[2213]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 446s [p11_child[2213]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 446s [p11_child[2213]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 446s [p11_child[2213]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 446s [p11_child[2213]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 446s [p11_child[2213]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 446s [p11_child[2213]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 446s [p11_child[2213]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 446s [p11_child[2213]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 446s [p11_child[2213]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 446s [p11_child[2213]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 446s [p11_child[2213]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 446s [p11_child[2213]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 446s [p11_child[2213]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 446s [p11_child[2213]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 446s [p11_child[2213]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 446s [p11_child[2213]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 446s [p11_child[2213]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 446s [p11_child[2213]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 446s [p11_child[2213]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 446s [p11_child[2213]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 446s [p11_child[2213]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 446s [p11_child[2213]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 446s [p11_child[2213]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 446s [p11_child[2213]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 446s [p11_child[2213]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 446s [p11_child[2213]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 446s [p11_child[2213]] [do_card] (0x4000): Certificate verified and validated. 446s [p11_child[2213]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 446s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-TfOciM/SSSD-child-7037-auth.output 446s + echo '-----BEGIN CERTIFICATE-----' 446s + tail -n1 /tmp/sssd-softhsm2-TfOciM/SSSD-child-7037-auth.output 446s + echo '-----END CERTIFICATE-----' 446s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-TfOciM/SSSD-child-7037-auth.pem 446s Certificate: 446s Data: 446s Version: 3 (0x2) 446s Serial Number: 4 (0x4) 446s Signature Algorithm: sha256WithRSAEncryption 446s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate CA 446s Validity 446s Not Before: Mar 23 21:40:10 2024 GMT 446s Not After : Mar 23 21:40:10 2025 GMT 446s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate Trusted Certificate 0001 446s Subject Public Key Info: 446s Public Key Algorithm: rsaEncryption 446s Public-Key: (1024 bit) 446s Modulus: 446s 00:a4:14:a0:5d:7c:8a:38:1c:fd:d1:3d:4b:8c:c2: 446s e2:33:9a:6a:28:3a:33:83:98:ac:77:cb:01:7f:07: 446s d4:f3:72:7b:2f:80:88:e3:4f:f1:29:cb:c0:90:e1: 446s 7a:e2:bb:14:d4:26:1c:df:d6:5b:bd:ae:ad:77:86: 446s b6:d8:11:dd:e7:61:7d:7b:23:da:dc:28:e9:53:ae: 446s 93:bf:22:53:8b:f0:1f:3a:dd:d7:ae:fd:0c:3c:6a: 446s ff:25:bc:61:43:19:26:55:1e:11:d5:0c:5e:c0:30: 446s 75:86:e0:0e:7c:d7:d5:57:e5:91:52:30:3f:c2:6f: 446s 57:e3:14:18:0f:d9:fa:e2:89 446s Exponent: 65537 (0x10001) 446s X509v3 extensions: 446s X509v3 Authority Key Identifier: 446s 20:70:79:02:BD:06:DF:7F:5D:B6:B6:40:C8:70:2D:07:B4:A5:59:35 446s X509v3 Basic Constraints: 446s CA:FALSE 446s Netscape Cert Type: 446s SSL Client, S/MIME 446s Netscape Comment: 446s Test Organization Intermediate CA trusted Certificate 446s X509v3 Subject Key Identifier: 446s 1F:D2:64:BE:B0:88:32:17:1B:2B:F3:09:B9:03:05:51:61:AF:7A:4F 446s X509v3 Key Usage: critical 446s Digital Signature, Non Repudiation, Key Encipherment 446s X509v3 Extended Key Usage: 446s TLS Web Client Authentication, E-mail Protection 446s X509v3 Subject Alternative Name: 446s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 446s Signature Algorithm: sha256WithRSAEncryption 446s Signature Value: 446s a1:c8:49:e4:4c:e5:fe:21:f2:5e:63:da:2e:86:8b:7c:ff:56: 446s 8a:ba:e0:48:fe:de:38:55:e6:9c:7b:3e:2a:e8:e9:86:7f:56: 446s 44:81:fb:f5:7e:ec:a5:57:16:7d:68:0b:4e:a0:32:b0:ee:96: 446s 82:f8:b2:c8:2a:6b:45:a4:60:70:eb:bd:d3:3c:78:a4:d4:ca: 446s a1:c7:2e:7a:86:e4:7c:f2:21:f8:5b:b1:4b:6b:75:24:a1:0c: 446s e3:91:0b:8d:01:9d:5d:52:91:0e:90:91:ab:f1:5a:6c:26:70: 446s 0d:7e:d7:47:29:ba:26:c4:ed:0b:ba:13:4a:c0:48:ca:4a:72: 446s 78:a9 446s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-TfOciM/SSSD-child-7037-auth.pem 446s + found_md5=Modulus=A414A05D7C8A381CFDD13D4B8CC2E2339A6A283A338398AC77CB017F07D4F3727B2F8088E34FF129CBC090E17AE2BB14D4261CDFD65BBDAEAD7786B6D811DDE7617D7B23DADC28E953AE93BF22538BF01F3ADDD7AEFD0C3C6AFF25BC61431926551E11D50C5EC0307586E00E7CD7D557E59152303FC26F57E314180FD9FAE289 446s + '[' Modulus=A414A05D7C8A381CFDD13D4B8CC2E2339A6A283A338398AC77CB017F07D4F3727B2F8088E34FF129CBC090E17AE2BB14D4261CDFD65BBDAEAD7786B6D811DDE7617D7B23DADC28E953AE93BF22538BF01F3ADDD7AEFD0C3C6AFF25BC61431926551E11D50C5EC0307586E00E7CD7D557E59152303FC26F57E314180FD9FAE289 '!=' Modulus=A414A05D7C8A381CFDD13D4B8CC2E2339A6A283A338398AC77CB017F07D4F3727B2F8088E34FF129CBC090E17AE2BB14D4261CDFD65BBDAEAD7786B6D811DDE7617D7B23DADC28E953AE93BF22538BF01F3ADDD7AEFD0C3C6AFF25BC61431926551E11D50C5EC0307586E00E7CD7D557E59152303FC26F57E314180FD9FAE289 ']' 446s + invalid_certificate /tmp/sssd-softhsm2-TfOciM/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-32650 /tmp/sssd-softhsm2-TfOciM/test-intermediate-CA.pem 446s + check_certificate /tmp/sssd-softhsm2-TfOciM/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-32650 /tmp/sssd-softhsm2-TfOciM/test-intermediate-CA.pem 446s + local certificate=/tmp/sssd-softhsm2-TfOciM/test-intermediate-CA-trusted-certificate-0001.pem 446s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-32650 446s + local key_ring=/tmp/sssd-softhsm2-TfOciM/test-intermediate-CA.pem 446s + local verify_option= 446s + prepare_softhsm2_card /tmp/sssd-softhsm2-TfOciM/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-32650 446s + local certificate=/tmp/sssd-softhsm2-TfOciM/test-intermediate-CA-trusted-certificate-0001.pem 446s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-32650 446s + local key_cn 446s + local key_name 446s + local tokens_dir 446s + local output_cert_file 446s + token_name= 446s ++ basename /tmp/sssd-softhsm2-TfOciM/test-intermediate-CA-trusted-certificate-0001.pem .pem 446s + key_name=test-intermediate-CA-trusted-certificate-0001 446s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-TfOciM/test-intermediate-CA-trusted-certificate-0001.pem 446s ++ sed -n 's/ *commonName *= //p' 446s + key_cn='Test Organization Intermediate Trusted Certificate 0001' 446s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 446s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-TfOciM/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 446s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-TfOciM/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 446s ++ basename /tmp/sssd-softhsm2-TfOciM/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf .conf 446s + tokens_dir=/tmp/sssd-softhsm2-TfOciM/softhsm2-test-intermediate-CA-trusted-certificate-0001 446s Test Organization Interme Token 446s + token_name='Test Organization Interme Token' 446s + '[' '!' -e /tmp/sssd-softhsm2-TfOciM/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf ']' 446s + '[' '!' -d /tmp/sssd-softhsm2-TfOciM/softhsm2-test-intermediate-CA-trusted-certificate-0001 ']' 446s + echo 'Test Organization Interme Token' 446s + '[' -n '' ']' 446s + local output_base_name=SSSD-child-6596 446s + local output_file=/tmp/sssd-softhsm2-TfOciM/SSSD-child-6596.output 446s + output_cert_file=/tmp/sssd-softhsm2-TfOciM/SSSD-child-6596.pem 446s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so '' --ca_db=/tmp/sssd-softhsm2-TfOciM/test-intermediate-CA.pem 446s [p11_child[2223]] [main] (0x0400): p11_child started. 446s [p11_child[2223]] [main] (0x2000): Running in [pre-auth] mode. 446s [p11_child[2223]] [main] (0x2000): Running with effective IDs: [0][0]. 446s [p11_child[2223]] [main] (0x2000): Running with real IDs [0][0]. 447s [p11_child[2223]] [do_card] (0x4000): Module List: 447s [p11_child[2223]] [do_card] (0x4000): common name: [softhsm2]. 447s [p11_child[2223]] [do_card] (0x4000): dll name: [/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 447s [p11_child[2223]] [do_card] (0x4000): Description [SoftHSM slot ID 0x442967d] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 447s [p11_child[2223]] [do_card] (0x4000): Token label [Test Organization Interme Token]. 447s [p11_child[2223]] [do_card] (0x4000): Found [Test Organization Interme Token] in slot [SoftHSM slot ID 0x442967d][71472765] of module [0][/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 447s [p11_child[2223]] [do_card] (0x4000): Login NOT required. 447s [p11_child[2223]] [read_certs] (0x4000): found cert[Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] 447s [p11_child[2223]] [do_verification] (0x0040): X509_verify_cert failed [0]. 447s [p11_child[2223]] [do_verification] (0x0040): X509_verify_cert failed [2][unable to get issuer certificate]. 447s [p11_child[2223]] [read_certs] (0x0040): Certificate [Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] not valid, skipping. 447s [p11_child[2223]] [do_card] (0x4000): No certificate found. 447s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-TfOciM/SSSD-child-6596.output 447s + return 2 447s + valid_certificate /tmp/sssd-softhsm2-TfOciM/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-32650 /tmp/sssd-softhsm2-TfOciM/test-intermediate-CA.pem partial_chain 447s + check_certificate /tmp/sssd-softhsm2-TfOciM/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-32650 /tmp/sssd-softhsm2-TfOciM/test-intermediate-CA.pem partial_chain 447s + local certificate=/tmp/sssd-softhsm2-TfOciM/test-intermediate-CA-trusted-certificate-0001.pem 447s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-32650 447s + local key_ring=/tmp/sssd-softhsm2-TfOciM/test-intermediate-CA.pem 447s + local verify_option=partial_chain 447s + prepare_softhsm2_card /tmp/sssd-softhsm2-TfOciM/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-32650 447s + local certificate=/tmp/sssd-softhsm2-TfOciM/test-intermediate-CA-trusted-certificate-0001.pem 447s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-32650 447s + local key_cn 447s + local key_name 447s + local tokens_dir 447s + local output_cert_file 447s + token_name= 447s ++ basename /tmp/sssd-softhsm2-TfOciM/test-intermediate-CA-trusted-certificate-0001.pem .pem 447s + key_name=test-intermediate-CA-trusted-certificate-0001 447s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-TfOciM/test-intermediate-CA-trusted-certificate-0001.pem 447s ++ sed -n 's/ *commonName *= //p' 447s + key_cn='Test Organization Intermediate Trusted Certificate 0001' 447s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 447s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-TfOciM/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 447s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-TfOciM/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 447s ++ basename /tmp/sssd-softhsm2-TfOciM/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf .conf 447s + tokens_dir=/tmp/sssd-softhsm2-TfOciM/softhsm2-test-intermediate-CA-trusted-certificate-0001 447s + token_name='Test Organization Interme Token' 447s + '[' '!' -e /tmp/sssd-softhsm2-TfOciM/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf ']' 447s + '[' '!' -d /tmp/sssd-softhsm2-TfOciM/softhsm2-test-intermediate-CA-trusted-certificate-0001 ']' 447s + echo 'Test Organization Interme Token' 447s Test Organization Interme Token 447s + '[' -n partial_chain ']' 447s + local verify_arg=--verify=partial_chain 447s + local output_base_name=SSSD-child-16984 447s + local output_file=/tmp/sssd-softhsm2-TfOciM/SSSD-child-16984.output 447s + output_cert_file=/tmp/sssd-softhsm2-TfOciM/SSSD-child-16984.pem 447s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so --verify=partial_chain --ca_db=/tmp/sssd-softhsm2-TfOciM/test-intermediate-CA.pem 447s [p11_child[2230]] [main] (0x0400): p11_child started. 447s [p11_child[2230]] [main] (0x2000): Running in [pre-auth] mode. 447s [p11_child[2230]] [main] (0x2000): Running with effective IDs: [0][0]. 447s [p11_child[2230]] [main] (0x2000): Running with real IDs [0][0]. 447s [p11_child[2230]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 447s [p11_child[2230]] [do_card] (0x4000): Module List: 447s [p11_child[2230]] [do_card] (0x4000): common name: [softhsm2]. 447s [p11_child[2230]] [do_card] (0x4000): dll name: [/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 447s [p11_child[2230]] [do_card] (0x4000): Description [SoftHSM slot ID 0x442967d] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 447s [p11_child[2230]] [do_card] (0x4000): Token label [Test Organization Interme Token]. 447s [p11_child[2230]] [do_card] (0x4000): Found [Test Organization Interme Token] in slot [SoftHSM slot ID 0x442967d][71472765] of module [0][/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 447s [p11_child[2230]] [do_card] (0x4000): Login NOT required. 447s [p11_child[2230]] [read_certs] (0x4000): found cert[Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] 447s [p11_child[2230]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 447s [p11_child[2230]] [do_card] (0x4000): /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so (null) Test Organization Interme Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 447s [p11_child[2230]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x442967d;slot-manufacturer=SoftHSM%20project;slot-id=71472765;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=04efb2d68442967d;token=Test%20Organization%20Interme%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Intermediate%20Trusted%20Certificate%200001;type=cert. 447s [p11_child[2230]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 447s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-TfOciM/SSSD-child-16984.output 447s + echo '-----BEGIN CERTIFICATE-----' 447s + tail -n1 /tmp/sssd-softhsm2-TfOciM/SSSD-child-16984.output 447s + echo '-----END CERTIFICATE-----' 447s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-TfOciM/SSSD-child-16984.pem 447s Certificate: 447s Data: 447s Version: 3 (0x2) 447s Serial Number: 4 (0x4) 447s Signature Algorithm: sha256WithRSAEncryption 447s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate CA 447s Validity 447s Not Before: Mar 23 21:40:10 2024 GMT 447s Not After : Mar 23 21:40:10 2025 GMT 447s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate Trusted Certificate 0001 447s Subject Public Key Info: 447s Public Key Algorithm: rsaEncryption 447s Public-Key: (1024 bit) 447s Modulus: 447s 00:a4:14:a0:5d:7c:8a:38:1c:fd:d1:3d:4b:8c:c2: 447s e2:33:9a:6a:28:3a:33:83:98:ac:77:cb:01:7f:07: 447s d4:f3:72:7b:2f:80:88:e3:4f:f1:29:cb:c0:90:e1: 447s 7a:e2:bb:14:d4:26:1c:df:d6:5b:bd:ae:ad:77:86: 447s b6:d8:11:dd:e7:61:7d:7b:23:da:dc:28:e9:53:ae: 447s 93:bf:22:53:8b:f0:1f:3a:dd:d7:ae:fd:0c:3c:6a: 447s ff:25:bc:61:43:19:26:55:1e:11:d5:0c:5e:c0:30: 447s 75:86:e0:0e:7c:d7:d5:57:e5:91:52:30:3f:c2:6f: 447s 57:e3:14:18:0f:d9:fa:e2:89 447s Exponent: 65537 (0x10001) 447s X509v3 extensions: 447s X509v3 Authority Key Identifier: 447s 20:70:79:02:BD:06:DF:7F:5D:B6:B6:40:C8:70:2D:07:B4:A5:59:35 447s X509v3 Basic Constraints: 447s CA:FALSE 447s Netscape Cert Type: 447s SSL Client, S/MIME 447s Netscape Comment: 447s Test Organization Intermediate CA trusted Certificate 447s X509v3 Subject Key Identifier: 447s 1F:D2:64:BE:B0:88:32:17:1B:2B:F3:09:B9:03:05:51:61:AF:7A:4F 447s X509v3 Key Usage: critical 447s Digital Signature, Non Repudiation, Key Encipherment 447s X509v3 Extended Key Usage: 447s TLS Web Client Authentication, E-mail Protection 447s X509v3 Subject Alternative Name: 447s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 447s Signature Algorithm: sha256WithRSAEncryption 447s Signature Value: 447s a1:c8:49:e4:4c:e5:fe:21:f2:5e:63:da:2e:86:8b:7c:ff:56: 447s 8a:ba:e0:48:fe:de:38:55:e6:9c:7b:3e:2a:e8:e9:86:7f:56: 447s 44:81:fb:f5:7e:ec:a5:57:16:7d:68:0b:4e:a0:32:b0:ee:96: 447s 82:f8:b2:c8:2a:6b:45:a4:60:70:eb:bd:d3:3c:78:a4:d4:ca: 447s a1:c7:2e:7a:86:e4:7c:f2:21:f8:5b:b1:4b:6b:75:24:a1:0c: 447s e3:91:0b:8d:01:9d:5d:52:91:0e:90:91:ab:f1:5a:6c:26:70: 447s 0d:7e:d7:47:29:ba:26:c4:ed:0b:ba:13:4a:c0:48:ca:4a:72: 447s 78:a9 447s + local found_md5 expected_md5 447s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-TfOciM/test-intermediate-CA-trusted-certificate-0001.pem 447s + expected_md5=Modulus=A414A05D7C8A381CFDD13D4B8CC2E2339A6A283A338398AC77CB017F07D4F3727B2F8088E34FF129CBC090E17AE2BB14D4261CDFD65BBDAEAD7786B6D811DDE7617D7B23DADC28E953AE93BF22538BF01F3ADDD7AEFD0C3C6AFF25BC61431926551E11D50C5EC0307586E00E7CD7D557E59152303FC26F57E314180FD9FAE289 447s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-TfOciM/SSSD-child-16984.pem 447s + found_md5=Modulus=A414A05D7C8A381CFDD13D4B8CC2E2339A6A283A338398AC77CB017F07D4F3727B2F8088E34FF129CBC090E17AE2BB14D4261CDFD65BBDAEAD7786B6D811DDE7617D7B23DADC28E953AE93BF22538BF01F3ADDD7AEFD0C3C6AFF25BC61431926551E11D50C5EC0307586E00E7CD7D557E59152303FC26F57E314180FD9FAE289 447s + '[' Modulus=A414A05D7C8A381CFDD13D4B8CC2E2339A6A283A338398AC77CB017F07D4F3727B2F8088E34FF129CBC090E17AE2BB14D4261CDFD65BBDAEAD7786B6D811DDE7617D7B23DADC28E953AE93BF22538BF01F3ADDD7AEFD0C3C6AFF25BC61431926551E11D50C5EC0307586E00E7CD7D557E59152303FC26F57E314180FD9FAE289 '!=' Modulus=A414A05D7C8A381CFDD13D4B8CC2E2339A6A283A338398AC77CB017F07D4F3727B2F8088E34FF129CBC090E17AE2BB14D4261CDFD65BBDAEAD7786B6D811DDE7617D7B23DADC28E953AE93BF22538BF01F3ADDD7AEFD0C3C6AFF25BC61431926551E11D50C5EC0307586E00E7CD7D557E59152303FC26F57E314180FD9FAE289 ']' 447s + output_file=/tmp/sssd-softhsm2-TfOciM/SSSD-child-16984-auth.output 447s ++ basename /tmp/sssd-softhsm2-TfOciM/SSSD-child-16984-auth.output .output 447s + output_cert_file=/tmp/sssd-softhsm2-TfOciM/SSSD-child-16984-auth.pem 447s + echo -n 053350 447s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/tmp/sssd-softhsm2-TfOciM/test-intermediate-CA.pem --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 --verify=partial_chain --token_name 'Test Organization Interme Token' --module_name /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so 447s [p11_child[2238]] [main] (0x0400): p11_child started. 447s [p11_child[2238]] [main] (0x2000): Running in [auth] mode. 447s [p11_child[2238]] [main] (0x2000): Running with effective IDs: [0][0]. 447s [p11_child[2238]] [main] (0x2000): Running with real IDs [0][0]. 447s [p11_child[2238]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 447s [p11_child[2238]] [do_card] (0x4000): Module List: 447s [p11_child[2238]] [do_card] (0x4000): common name: [softhsm2]. 447s [p11_child[2238]] [do_card] (0x4000): dll name: [/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 447s [p11_child[2238]] [do_card] (0x4000): Description [SoftHSM slot ID 0x442967d] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 447s [p11_child[2238]] [do_card] (0x4000): Token label [Test Organization Interme Token]. 447s [p11_child[2238]] [do_card] (0x4000): Found [Test Organization Interme Token] in slot [SoftHSM slot ID 0x442967d][71472765] of module [0][/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 447s [p11_child[2238]] [do_card] (0x4000): Login required. 447s [p11_child[2238]] [read_certs] (0x4000): found cert[Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] 447s [p11_child[2238]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 447s [p11_child[2238]] [do_card] (0x4000): /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so Test Organization Interme Token Test Organization Interme Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 447s [p11_child[2238]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x442967d;slot-manufacturer=SoftHSM%20project;slot-id=71472765;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=04efb2d68442967d;token=Test%20Organization%20Interme%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Intermediate%20Trusted%20Certificate%200001;type=cert. 447s [p11_child[2238]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 447s [p11_child[2238]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 447s [p11_child[2238]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 447s [p11_child[2238]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 447s [p11_child[2238]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 447s [p11_child[2238]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 447s [p11_child[2238]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 447s [p11_child[2238]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 447s [p11_child[2238]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 447s [p11_child[2238]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 447s [p11_child[2238]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 447s [p11_child[2238]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 447s [p11_child[2238]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 447s [p11_child[2238]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 447s [p11_child[2238]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 447s [p11_child[2238]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 447s [p11_child[2238]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 447s [p11_child[2238]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 447s [p11_child[2238]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 447s [p11_child[2238]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 447s [p11_child[2238]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 447s [p11_child[2238]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 447s [p11_child[2238]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 447s [p11_child[2238]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 447s [p11_child[2238]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 447s [p11_child[2238]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 447s [p11_child[2238]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 447s [p11_child[2238]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 447s [p11_child[2238]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 447s [p11_child[2238]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 447s [p11_child[2238]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 447s [p11_child[2238]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 447s [p11_child[2238]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 447s [p11_child[2238]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 447s [p11_child[2238]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 447s [p11_child[2238]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 447s [p11_child[2238]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 447s [p11_child[2238]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 447s [p11_child[2238]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 447s [p11_child[2238]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 447s [p11_child[2238]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 447s [p11_child[2238]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 447s [p11_child[2238]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 447s [p11_child[2238]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 447s [p11_child[2238]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 447s [p11_child[2238]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 447s [p11_child[2238]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 447s [p11_child[2238]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 447s [p11_child[2238]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 447s [p11_child[2238]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 447s [p11_child[2238]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 447s [p11_child[2238]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 447s [p11_child[2238]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 447s [p11_child[2238]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 447s [p11_child[2238]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 447s [p11_child[2238]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 447s [p11_child[2238]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 447s [p11_child[2238]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 447s [p11_child[2238]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 447s [p11_child[2238]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 447s [p11_child[2238]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 447s [p11_child[2238]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 447s [p11_child[2238]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 447s [p11_child[2238]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 447s [p11_child[2238]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 447s [p11_child[2238]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 447s [p11_child[2238]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 447s [p11_child[2238]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 447s [p11_child[2238]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 447s [p11_child[2238]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 447s [p11_child[2238]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 447s [p11_child[2238]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 447s [p11_child[2238]] [do_card] (0x4000): Certificate verified and validated. 447s [p11_child[2238]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 447s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-TfOciM/SSSD-child-16984-auth.output 447s + echo '-----BEGIN CERTIFICATE-----' 447s + tail -n1 /tmp/sssd-softhsm2-TfOciM/SSSD-child-16984-auth.output 447s + echo '-----END CERTIFICATE-----' 447s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-TfOciM/SSSD-child-16984-auth.pem 447s Certificate: 447s Data: 447s Version: 3 (0x2) 447s Serial Number: 4 (0x4) 447s Signature Algorithm: sha256WithRSAEncryption 447s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate CA 447s Validity 447s Not Before: Mar 23 21:40:10 2024 GMT 447s Not After : Mar 23 21:40:10 2025 GMT 447s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate Trusted Certificate 0001 447s Subject Public Key Info: 447s Public Key Algorithm: rsaEncryption 447s Public-Key: (1024 bit) 447s Modulus: 447s 00:a4:14:a0:5d:7c:8a:38:1c:fd:d1:3d:4b:8c:c2: 447s e2:33:9a:6a:28:3a:33:83:98:ac:77:cb:01:7f:07: 447s d4:f3:72:7b:2f:80:88:e3:4f:f1:29:cb:c0:90:e1: 447s 7a:e2:bb:14:d4:26:1c:df:d6:5b:bd:ae:ad:77:86: 447s b6:d8:11:dd:e7:61:7d:7b:23:da:dc:28:e9:53:ae: 447s 93:bf:22:53:8b:f0:1f:3a:dd:d7:ae:fd:0c:3c:6a: 447s ff:25:bc:61:43:19:26:55:1e:11:d5:0c:5e:c0:30: 447s 75:86:e0:0e:7c:d7:d5:57:e5:91:52:30:3f:c2:6f: 447s 57:e3:14:18:0f:d9:fa:e2:89 447s Exponent: 65537 (0x10001) 447s X509v3 extensions: 447s X509v3 Authority Key Identifier: 447s 20:70:79:02:BD:06:DF:7F:5D:B6:B6:40:C8:70:2D:07:B4:A5:59:35 447s X509v3 Basic Constraints: 447s CA:FALSE 447s Netscape Cert Type: 447s SSL Client, S/MIME 447s Netscape Comment: 447s Test Organization Intermediate CA trusted Certificate 447s X509v3 Subject Key Identifier: 447s 1F:D2:64:BE:B0:88:32:17:1B:2B:F3:09:B9:03:05:51:61:AF:7A:4F 447s X509v3 Key Usage: critical 447s Digital Signature, Non Repudiation, Key Encipherment 447s X509v3 Extended Key Usage: 447s TLS Web Client Authentication, E-mail Protection 447s X509v3 Subject Alternative Name: 447s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 447s Signature Algorithm: sha256WithRSAEncryption 447s Signature Value: 447s a1:c8:49:e4:4c:e5:fe:21:f2:5e:63:da:2e:86:8b:7c:ff:56: 447s 8a:ba:e0:48:fe:de:38:55:e6:9c:7b:3e:2a:e8:e9:86:7f:56: 447s 44:81:fb:f5:7e:ec:a5:57:16:7d:68:0b:4e:a0:32:b0:ee:96: 447s 82:f8:b2:c8:2a:6b:45:a4:60:70:eb:bd:d3:3c:78:a4:d4:ca: 447s a1:c7:2e:7a:86:e4:7c:f2:21:f8:5b:b1:4b:6b:75:24:a1:0c: 447s e3:91:0b:8d:01:9d:5d:52:91:0e:90:91:ab:f1:5a:6c:26:70: 447s 0d:7e:d7:47:29:ba:26:c4:ed:0b:ba:13:4a:c0:48:ca:4a:72: 447s 78:a9 447s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-TfOciM/SSSD-child-16984-auth.pem 447s + found_md5=Modulus=A414A05D7C8A381CFDD13D4B8CC2E2339A6A283A338398AC77CB017F07D4F3727B2F8088E34FF129CBC090E17AE2BB14D4261CDFD65BBDAEAD7786B6D811DDE7617D7B23DADC28E953AE93BF22538BF01F3ADDD7AEFD0C3C6AFF25BC61431926551E11D50C5EC0307586E00E7CD7D557E59152303FC26F57E314180FD9FAE289 447s + '[' Modulus=A414A05D7C8A381CFDD13D4B8CC2E2339A6A283A338398AC77CB017F07D4F3727B2F8088E34FF129CBC090E17AE2BB14D4261CDFD65BBDAEAD7786B6D811DDE7617D7B23DADC28E953AE93BF22538BF01F3ADDD7AEFD0C3C6AFF25BC61431926551E11D50C5EC0307586E00E7CD7D557E59152303FC26F57E314180FD9FAE289 '!=' Modulus=A414A05D7C8A381CFDD13D4B8CC2E2339A6A283A338398AC77CB017F07D4F3727B2F8088E34FF129CBC090E17AE2BB14D4261CDFD65BBDAEAD7786B6D811DDE7617D7B23DADC28E953AE93BF22538BF01F3ADDD7AEFD0C3C6AFF25BC61431926551E11D50C5EC0307586E00E7CD7D557E59152303FC26F57E314180FD9FAE289 ']' 447s + invalid_certificate /tmp/sssd-softhsm2-TfOciM/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-24760 /tmp/sssd-softhsm2-TfOciM/test-root-CA.pem 447s + check_certificate /tmp/sssd-softhsm2-TfOciM/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-24760 /tmp/sssd-softhsm2-TfOciM/test-root-CA.pem 447s + local certificate=/tmp/sssd-softhsm2-TfOciM/test-sub-intermediate-CA-trusted-certificate-0001.pem 447s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-24760 447s + local key_ring=/tmp/sssd-softhsm2-TfOciM/test-root-CA.pem 447s + local verify_option= 447s + prepare_softhsm2_card /tmp/sssd-softhsm2-TfOciM/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-24760 447s + local certificate=/tmp/sssd-softhsm2-TfOciM/test-sub-intermediate-CA-trusted-certificate-0001.pem 447s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-24760 447s + local key_cn 447s + local key_name 447s + local tokens_dir 447s + local output_cert_file 447s + token_name= 447s ++ basename /tmp/sssd-softhsm2-TfOciM/test-sub-intermediate-CA-trusted-certificate-0001.pem .pem 447s + key_name=test-sub-intermediate-CA-trusted-certificate-0001 447s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-TfOciM/test-sub-intermediate-CA-trusted-certificate-0001.pem 447s ++ sed -n 's/ *commonName *= //p' 447s + key_cn='Test Organization Sub Intermediate Trusted Certificate 0001' 447s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 447s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-TfOciM/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 447s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-TfOciM/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 447s ++ basename /tmp/sssd-softhsm2-TfOciM/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf .conf 447s + tokens_dir=/tmp/sssd-softhsm2-TfOciM/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 447s + token_name='Test Organization Sub Int Token' 447s + '[' '!' -e /tmp/sssd-softhsm2-TfOciM/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf ']' 447s + local key_file 447s + local decrypted_key 447s + mkdir -p /tmp/sssd-softhsm2-TfOciM/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 447s + key_file=/tmp/sssd-softhsm2-TfOciM/test-sub-intermediate-CA-trusted-certificate-0001-key.pem 447s + decrypted_key=/tmp/sssd-softhsm2-TfOciM/test-sub-intermediate-CA-trusted-certificate-0001-key-decrypted.pem 447s + cat 447s + softhsm2-util --init-token --label 'Test Organization Sub Int Token' --pin 053350 --so-pin 053350 --free 447s Slot 0 has a free/uninitialized token. 447s The token has been initialized and is reassigned to slot 1305530564 447s + softhsm2-util --show-slots 447s Available slots: 447s Slot 1305530564 447s Slot info: 447s Description: SoftHSM slot ID 0x4dd0d0c4 447s Manufacturer ID: SoftHSM project 447s Hardware version: 2.6 447s Firmware version: 2.6 447s Token present: yes 447s Token info: 447s Manufacturer ID: SoftHSM project 447s Model: SoftHSM v2 447s Hardware version: 2.6 447s Firmware version: 2.6 447s Serial number: d7fd57834dd0d0c4 447s Initialized: yes 447s User PIN init.: yes 447s Label: Test Organization Sub Int Token 447s Slot 1 447s Slot info: 447s Description: SoftHSM slot ID 0x1 447s Manufacturer ID: SoftHSM project 447s Hardware version: 2.6 447s Firmware version: 2.6 447s Token present: yes 447s Token info: 447s Manufacturer ID: SoftHSM project 447s Model: SoftHSM v2 447s Hardware version: 2.6 447s Firmware version: 2.6 447s Serial number: 447s Initialized: no 447s User PIN init.: no 447s Label: 447s + p11tool --provider=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so --write --no-mark-private --load-certificate=/tmp/sssd-softhsm2-TfOciM/test-sub-intermediate-CA-trusted-certificate-0001.pem --login --set-pin=053350 --label 'Test Organization Sub Intermediate Trusted Certificate 0001' --id 00112233445566778899FFAABBCCDDEEFF012345 447s + openssl rsa -passin pass:random-sub-intermediate-ca-trusted-cert-0001-24760 -in /tmp/sssd-softhsm2-TfOciM/test-sub-intermediate-CA-trusted-certificate-0001-key.pem -out /tmp/sssd-softhsm2-TfOciM/test-sub-intermediate-CA-trusted-certificate-0001-key-decrypted.pem 447s writing RSA key 447s + p11tool --provider=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so --write --load-privkey=/tmp/sssd-softhsm2-TfOciM/test-sub-intermediate-CA-trusted-certificate-0001-key-decrypted.pem --login --set-pin=053350 --label 'Test Organization Sub Intermediate Trusted Certificate 0001 Key' --id 00112233445566778899FFAABBCCDDEEFF012345 447s + rm /tmp/sssd-softhsm2-TfOciM/test-sub-intermediate-CA-trusted-certificate-0001-key-decrypted.pem 447s + p11tool --provider=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so --list-all 447s Object 0: 447s URL: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=d7fd57834dd0d0c4;token=Test%20Organization%20Sub%20Int%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Sub%20Intermediate%20Trusted%20Certificate%200001;type=cert 447s Type: X.509 Certificate (RSA-1024) 447s Expires: Sun Mar 23 21:40:11 2025 447s Label: Test Organization Sub Intermediate Trusted Certificate 0001 447s ID: 00:11:22:33:44:55:66:77:88:99:ff:aa:bb:cc:dd:ee:ff:01:23:45 447s 447s Test Organization Sub Int Token 447s + echo 'Test Organization Sub Int Token' 447s + '[' -n '' ']' 447s + local output_base_name=SSSD-child-24028 447s + local output_file=/tmp/sssd-softhsm2-TfOciM/SSSD-child-24028.output 447s + output_cert_file=/tmp/sssd-softhsm2-TfOciM/SSSD-child-24028.pem 447s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so '' --ca_db=/tmp/sssd-softhsm2-TfOciM/test-root-CA.pem 447s [p11_child[2257]] [main] (0x0400): p11_child started. 447s [p11_child[2257]] [main] (0x2000): Running in [pre-auth] mode. 447s [p11_child[2257]] [main] (0x2000): Running with effective IDs: [0][0]. 447s [p11_child[2257]] [main] (0x2000): Running with real IDs [0][0]. 447s [p11_child[2257]] [do_card] (0x4000): Module List: 447s [p11_child[2257]] [do_card] (0x4000): common name: [softhsm2]. 447s [p11_child[2257]] [do_card] (0x4000): dll name: [/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 447s [p11_child[2257]] [do_card] (0x4000): Description [SoftHSM slot ID 0x4dd0d0c4] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 447s [p11_child[2257]] [do_card] (0x4000): Token label [Test Organization Sub Int Token]. 447s [p11_child[2257]] [do_card] (0x4000): Found [Test Organization Sub Int Token] in slot [SoftHSM slot ID 0x4dd0d0c4][1305530564] of module [0][/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 447s [p11_child[2257]] [do_card] (0x4000): Login NOT required. 447s [p11_child[2257]] [read_certs] (0x4000): found cert[Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] 447s [p11_child[2257]] [do_verification] (0x0040): X509_verify_cert failed [0]. 447s [p11_child[2257]] [do_verification] (0x0040): X509_verify_cert failed [20][unable to get local issuer certificate]. 447s [p11_child[2257]] [read_certs] (0x0040): Certificate [Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] not valid, skipping. 447s [p11_child[2257]] [do_card] (0x4000): No certificate found. 447s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-TfOciM/SSSD-child-24028.output 447s + return 2 447s + invalid_certificate /tmp/sssd-softhsm2-TfOciM/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-24760 /tmp/sssd-softhsm2-TfOciM/test-root-CA.pem partial_chain 447s + check_certificate /tmp/sssd-softhsm2-TfOciM/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-24760 /tmp/sssd-softhsm2-TfOciM/test-root-CA.pem partial_chain 447s + local certificate=/tmp/sssd-softhsm2-TfOciM/test-sub-intermediate-CA-trusted-certificate-0001.pem 447s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-24760 447s + local key_ring=/tmp/sssd-softhsm2-TfOciM/test-root-CA.pem 447s + local verify_option=partial_chain 447s + prepare_softhsm2_card /tmp/sssd-softhsm2-TfOciM/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-24760 447s + local certificate=/tmp/sssd-softhsm2-TfOciM/test-sub-intermediate-CA-trusted-certificate-0001.pem 447s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-24760 447s + local key_cn 447s + local key_name 447s + local tokens_dir 447s + local output_cert_file 447s + token_name= 447s ++ basename /tmp/sssd-softhsm2-TfOciM/test-sub-intermediate-CA-trusted-certificate-0001.pem .pem 447s + key_name=test-sub-intermediate-CA-trusted-certificate-0001 447s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-TfOciM/test-sub-intermediate-CA-trusted-certificate-0001.pem 447s ++ sed -n 's/ *commonName *= //p' 447s + key_cn='Test Organization Sub Intermediate Trusted Certificate 0001' 447s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 447s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-TfOciM/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 447s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-TfOciM/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 447s ++ basename /tmp/sssd-softhsm2-TfOciM/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf .conf 447s + tokens_dir=/tmp/sssd-softhsm2-TfOciM/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 447s + token_name='Test Organization Sub Int Token' 447s + '[' '!' -e /tmp/sssd-softhsm2-TfOciM/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf ']' 447s + '[' '!' -d /tmp/sssd-softhsm2-TfOciM/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 ']' 447s + echo 'Test Organization Sub Int Token' 447s + '[' -n partial_chain ']' 447s + local verify_arg=--verify=partial_chain 447s + local output_base_name=SSSD-child-31275 447s + local output_file=/tmp/sssd-softhsm2-TfOciM/SSSD-child-31275.output 447s + output_cert_file=/tmp/sssd-softhsm2-TfOciM/SSSD-child-31275.pem 447s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so --verify=partial_chain --ca_db=/tmp/sssd-softhsm2-TfOciM/test-root-CA.pem 447s Test Organization Sub Int Token 447s [p11_child[2264]] [main] (0x0400): p11_child started. 447s [p11_child[2264]] [main] (0x2000): Running in [pre-auth] mode. 447s [p11_child[2264]] [main] (0x2000): Running with effective IDs: [0][0]. 447s [p11_child[2264]] [main] (0x2000): Running with real IDs [0][0]. 447s [p11_child[2264]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 447s [p11_child[2264]] [do_card] (0x4000): Module List: 447s [p11_child[2264]] [do_card] (0x4000): common name: [softhsm2]. 447s [p11_child[2264]] [do_card] (0x4000): dll name: [/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 447s [p11_child[2264]] [do_card] (0x4000): Description [SoftHSM slot ID 0x4dd0d0c4] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 447s [p11_child[2264]] [do_card] (0x4000): Token label [Test Organization Sub Int Token]. 447s [p11_child[2264]] [do_card] (0x4000): Found [Test Organization Sub Int Token] in slot [SoftHSM slot ID 0x4dd0d0c4][1305530564] of module [0][/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 447s [p11_child[2264]] [do_card] (0x4000): Login NOT required. 447s [p11_child[2264]] [read_certs] (0x4000): found cert[Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] 447s [p11_child[2264]] [do_verification] (0x0040): X509_verify_cert failed [0]. 447s [p11_child[2264]] [do_verification] (0x0040): X509_verify_cert failed [20][unable to get local issuer certificate]. 447s [p11_child[2264]] [read_certs] (0x0040): Certificate [Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] not valid, skipping. 447s [p11_child[2264]] [do_card] (0x4000): No certificate found. 447s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-TfOciM/SSSD-child-31275.output 447s + return 2 447s + valid_certificate /tmp/sssd-softhsm2-TfOciM/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-24760 /tmp/sssd-softhsm2-TfOciM/test-full-chain-CA.pem 447s + check_certificate /tmp/sssd-softhsm2-TfOciM/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-24760 /tmp/sssd-softhsm2-TfOciM/test-full-chain-CA.pem 447s + local certificate=/tmp/sssd-softhsm2-TfOciM/test-sub-intermediate-CA-trusted-certificate-0001.pem 447s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-24760 447s + local key_ring=/tmp/sssd-softhsm2-TfOciM/test-full-chain-CA.pem 447s + local verify_option= 447s + prepare_softhsm2_card /tmp/sssd-softhsm2-TfOciM/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-24760 447s + local certificate=/tmp/sssd-softhsm2-TfOciM/test-sub-intermediate-CA-trusted-certificate-0001.pem 447s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-24760 447s + local key_cn 447s + local key_name 447s + local tokens_dir 447s + local output_cert_file 447s + token_name= 447s ++ basename /tmp/sssd-softhsm2-TfOciM/test-sub-intermediate-CA-trusted-certificate-0001.pem .pem 447s + key_name=test-sub-intermediate-CA-trusted-certificate-0001 447s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-TfOciM/test-sub-intermediate-CA-trusted-certificate-0001.pem 447s ++ sed -n 's/ *commonName *= //p' 447s + key_cn='Test Organization Sub Intermediate Trusted Certificate 0001' 447s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 447s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-TfOciM/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 447s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-TfOciM/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 447s ++ basename /tmp/sssd-softhsm2-TfOciM/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf .conf 447s + tokens_dir=/tmp/sssd-softhsm2-TfOciM/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 447s + token_name='Test Organization Sub Int Token' 447s + '[' '!' -e /tmp/sssd-softhsm2-TfOciM/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf ']' 447s + '[' '!' -d /tmp/sssd-softhsm2-TfOciM/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 ']' 447s + echo 'Test Organization Sub Int Token' 447s Test Organization Sub Int Token 447s + '[' -n '' ']' 447s + local output_base_name=SSSD-child-9234 447s + local output_file=/tmp/sssd-softhsm2-TfOciM/SSSD-child-9234.output 447s + output_cert_file=/tmp/sssd-softhsm2-TfOciM/SSSD-child-9234.pem 447s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so '' --ca_db=/tmp/sssd-softhsm2-TfOciM/test-full-chain-CA.pem 447s [p11_child[2271]] [main] (0x0400): p11_child started. 447s [p11_child[2271]] [main] (0x2000): Running in [pre-auth] mode. 447s [p11_child[2271]] [main] (0x2000): Running with effective IDs: [0][0]. 447s [p11_child[2271]] [main] (0x2000): Running with real IDs [0][0]. 447s [p11_child[2271]] [do_card] (0x4000): Module List: 447s [p11_child[2271]] [do_card] (0x4000): common name: [softhsm2]. 447s [p11_child[2271]] [do_card] (0x4000): dll name: [/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 447s [p11_child[2271]] [do_card] (0x4000): Description [SoftHSM slot ID 0x4dd0d0c4] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 447s [p11_child[2271]] [do_card] (0x4000): Token label [Test Organization Sub Int Token]. 447s [p11_child[2271]] [do_card] (0x4000): Found [Test Organization Sub Int Token] in slot [SoftHSM slot ID 0x4dd0d0c4][1305530564] of module [0][/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 447s [p11_child[2271]] [do_card] (0x4000): Login NOT required. 447s [p11_child[2271]] [read_certs] (0x4000): found cert[Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] 447s [p11_child[2271]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 447s [p11_child[2271]] [do_card] (0x4000): /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so (null) Test Organization Sub Int Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 447s [p11_child[2271]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x4dd0d0c4;slot-manufacturer=SoftHSM%20project;slot-id=1305530564;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=d7fd57834dd0d0c4;token=Test%20Organization%20Sub%20Int%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Sub%20Intermediate%20Trusted%20Certificate%200001;type=cert. 447s [p11_child[2271]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 447s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-TfOciM/SSSD-child-9234.output 447s + echo '-----BEGIN CERTIFICATE-----' 447s + tail -n1 /tmp/sssd-softhsm2-TfOciM/SSSD-child-9234.output 447s + echo '-----END CERTIFICATE-----' 447s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-TfOciM/SSSD-child-9234.pem 447s Certificate: 447s Data: 447s Version: 3 (0x2) 447s Serial Number: 5 (0x5) 447s Signature Algorithm: sha256WithRSAEncryption 447s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate CA 447s Validity 447s Not Before: Mar 23 21:40:11 2024 GMT 447s Not After : Mar 23 21:40:11 2025 GMT 447s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate Trusted Certificate 0001 447s Subject Public Key Info: 447s Public Key Algorithm: rsaEncryption 447s Public-Key: (1024 bit) 447s Modulus: 447s 00:e1:e2:6d:5d:61:ac:8d:16:09:4f:fd:45:09:bf: 447s 63:05:1c:9b:2c:09:83:a9:44:da:7e:68:38:ac:d9: 447s ab:a0:39:4b:ee:c2:a5:86:47:c4:b7:be:88:9b:00: 447s a4:d4:41:d1:04:ce:ac:de:f0:18:41:a7:d4:40:bf: 447s 53:04:11:1c:c2:11:24:ce:d2:4a:e0:a6:10:cf:05: 447s 02:c3:14:dc:27:1e:72:41:97:29:41:a9:36:0a:0f: 447s c1:9a:f1:93:5d:5f:98:a9:4a:4d:03:f5:f1:7d:e2: 447s ba:c7:2c:5c:e5:21:58:95:71:5c:38:01:9e:6b:58: 447s 9b:00:b9:b3:c7:77:8e:59:8b 447s Exponent: 65537 (0x10001) 447s X509v3 extensions: 447s X509v3 Authority Key Identifier: 447s 3E:C1:42:E9:19:80:E4:62:32:D5:1E:12:70:63:30:C5:83:4D:E2:10 447s X509v3 Basic Constraints: 447s CA:FALSE 447s Netscape Cert Type: 447s SSL Client, S/MIME 447s Netscape Comment: 447s Test Organization Sub Intermediate CA trusted Certificate 447s X509v3 Subject Key Identifier: 447s 0C:4D:0F:D9:0E:2B:75:D5:8E:6A:C2:7A:A8:BB:EB:EF:8F:99:B3:15 447s X509v3 Key Usage: critical 447s Digital Signature, Non Repudiation, Key Encipherment 447s X509v3 Extended Key Usage: 447s TLS Web Client Authentication, E-mail Protection 447s X509v3 Subject Alternative Name: 447s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 447s Signature Algorithm: sha256WithRSAEncryption 447s Signature Value: 447s 45:b6:b1:03:99:54:db:d9:e4:46:61:6b:0f:3f:02:07:ec:70: 447s 1b:d0:b7:dd:34:86:b7:fa:1b:ea:1d:1c:7c:f0:92:39:0d:2f: 447s fb:c8:ca:29:27:99:30:4f:96:8a:88:bf:b1:ca:09:23:bc:8e: 447s 86:e1:9e:73:e6:21:b5:5b:b4:7f:32:c8:8b:9f:27:bf:9a:f3: 447s 3e:63:3c:bf:8f:85:fb:8e:94:85:46:48:e0:b9:ab:c5:c3:47: 447s b4:eb:c5:ea:df:72:83:81:31:62:3a:21:05:a8:d4:be:8b:e0: 447s 46:11:e0:65:0e:56:56:50:19:98:e5:b6:e0:0b:2c:67:a3:d9: 447s 56:70 447s + local found_md5 expected_md5 447s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-TfOciM/test-sub-intermediate-CA-trusted-certificate-0001.pem 447s + expected_md5=Modulus=E1E26D5D61AC8D16094FFD4509BF63051C9B2C0983A944DA7E6838ACD9ABA0394BEEC2A58647C4B7BE889B00A4D441D104CEACDEF01841A7D440BF5304111CC21124CED24AE0A610CF0502C314DC271E7241972941A9360A0FC19AF1935D5F98A94A4D03F5F17DE2BAC72C5CE5215895715C38019E6B589B00B9B3C7778E598B 447s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-TfOciM/SSSD-child-9234.pem 447s + found_md5=Modulus=E1E26D5D61AC8D16094FFD4509BF63051C9B2C0983A944DA7E6838ACD9ABA0394BEEC2A58647C4B7BE889B00A4D441D104CEACDEF01841A7D440BF5304111CC21124CED24AE0A610CF0502C314DC271E7241972941A9360A0FC19AF1935D5F98A94A4D03F5F17DE2BAC72C5CE5215895715C38019E6B589B00B9B3C7778E598B 447s + '[' Modulus=E1E26D5D61AC8D16094FFD4509BF63051C9B2C0983A944DA7E6838ACD9ABA0394BEEC2A58647C4B7BE889B00A4D441D104CEACDEF01841A7D440BF5304111CC21124CED24AE0A610CF0502C314DC271E7241972941A9360A0FC19AF1935D5F98A94A4D03F5F17DE2BAC72C5CE5215895715C38019E6B589B00B9B3C7778E598B '!=' Modulus=E1E26D5D61AC8D16094FFD4509BF63051C9B2C0983A944DA7E6838ACD9ABA0394BEEC2A58647C4B7BE889B00A4D441D104CEACDEF01841A7D440BF5304111CC21124CED24AE0A610CF0502C314DC271E7241972941A9360A0FC19AF1935D5F98A94A4D03F5F17DE2BAC72C5CE5215895715C38019E6B589B00B9B3C7778E598B ']' 447s + output_file=/tmp/sssd-softhsm2-TfOciM/SSSD-child-9234-auth.output 447s ++ basename /tmp/sssd-softhsm2-TfOciM/SSSD-child-9234-auth.output .output 447s + output_cert_file=/tmp/sssd-softhsm2-TfOciM/SSSD-child-9234-auth.pem 447s + echo -n 053350 447s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/tmp/sssd-softhsm2-TfOciM/test-full-chain-CA.pem --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 '' --token_name 'Test Organization Sub Int Token' --module_name /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so 447s [p11_child[2279]] [main] (0x0400): p11_child started. 447s [p11_child[2279]] [main] (0x2000): Running in [auth] mode. 447s [p11_child[2279]] [main] (0x2000): Running with effective IDs: [0][0]. 447s [p11_child[2279]] [main] (0x2000): Running with real IDs [0][0]. 447s [p11_child[2279]] [do_card] (0x4000): Module List: 447s [p11_child[2279]] [do_card] (0x4000): common name: [softhsm2]. 447s [p11_child[2279]] [do_card] (0x4000): dll name: [/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 447s [p11_child[2279]] [do_card] (0x4000): Description [SoftHSM slot ID 0x4dd0d0c4] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 447s [p11_child[2279]] [do_card] (0x4000): Token label [Test Organization Sub Int Token]. 447s [p11_child[2279]] [do_card] (0x4000): Found [Test Organization Sub Int Token] in slot [SoftHSM slot ID 0x4dd0d0c4][1305530564] of module [0][/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 447s [p11_child[2279]] [do_card] (0x4000): Login required. 447s [p11_child[2279]] [read_certs] (0x4000): found cert[Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] 447s [p11_child[2279]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 447s [p11_child[2279]] [do_card] (0x4000): /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so Test Organization Sub Int Token Test Organization Sub Int Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 447s [p11_child[2279]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x4dd0d0c4;slot-manufacturer=SoftHSM%20project;slot-id=1305530564;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=d7fd57834dd0d0c4;token=Test%20Organization%20Sub%20Int%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Sub%20Intermediate%20Trusted%20Certificate%200001;type=cert. 447s [p11_child[2279]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 447s [p11_child[2279]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 447s [p11_child[2279]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 447s [p11_child[2279]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 447s [p11_child[2279]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 447s [p11_child[2279]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 447s [p11_child[2279]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 447s [p11_child[2279]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 447s [p11_child[2279]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 447s [p11_child[2279]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 447s [p11_child[2279]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 447s [p11_child[2279]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 447s [p11_child[2279]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 447s [p11_child[2279]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 447s [p11_child[2279]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 447s [p11_child[2279]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 447s [p11_child[2279]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 447s [p11_child[2279]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 447s [p11_child[2279]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 447s [p11_child[2279]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 447s [p11_child[2279]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 447s [p11_child[2279]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 447s [p11_child[2279]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 447s [p11_child[2279]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 447s [p11_child[2279]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 447s [p11_child[2279]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 447s [p11_child[2279]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 447s [p11_child[2279]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 447s [p11_child[2279]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 447s [p11_child[2279]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 447s [p11_child[2279]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 447s [p11_child[2279]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 447s [p11_child[2279]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 447s [p11_child[2279]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 447s [p11_child[2279]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 447s [p11_child[2279]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 447s [p11_child[2279]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 447s [p11_child[2279]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 447s [p11_child[2279]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 447s [p11_child[2279]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 447s [p11_child[2279]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 447s [p11_child[2279]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 447s [p11_child[2279]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 447s [p11_child[2279]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 447s [p11_child[2279]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 447s [p11_child[2279]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 447s [p11_child[2279]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 447s [p11_child[2279]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 447s [p11_child[2279]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 447s [p11_child[2279]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 447s [p11_child[2279]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 447s [p11_child[2279]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 447s [p11_child[2279]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 447s [p11_child[2279]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 447s [p11_child[2279]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 447s [p11_child[2279]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 447s [p11_child[2279]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 447s [p11_child[2279]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 447s [p11_child[2279]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 447s [p11_child[2279]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 447s [p11_child[2279]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 447s [p11_child[2279]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 447s [p11_child[2279]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 447s [p11_child[2279]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 447s [p11_child[2279]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 447s [p11_child[2279]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 447s [p11_child[2279]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 447s [p11_child[2279]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 447s [p11_child[2279]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 447s [p11_child[2279]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 447s [p11_child[2279]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 447s [p11_child[2279]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 447s [p11_child[2279]] [do_card] (0x4000): Certificate verified and validated. 447s [p11_child[2279]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 447s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-TfOciM/SSSD-child-9234-auth.output 447s + echo '-----BEGIN CERTIFICATE-----' 447s + tail -n1 /tmp/sssd-softhsm2-TfOciM/SSSD-child-9234-auth.output 447s + echo '-----END CERTIFICATE-----' 447s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-TfOciM/SSSD-child-9234-auth.pem 447s Certificate: 447s Data: 447s Version: 3 (0x2) 447s Serial Number: 5 (0x5) 447s Signature Algorithm: sha256WithRSAEncryption 447s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate CA 447s Validity 447s Not Before: Mar 23 21:40:11 2024 GMT 447s Not After : Mar 23 21:40:11 2025 GMT 447s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate Trusted Certificate 0001 447s Subject Public Key Info: 447s Public Key Algorithm: rsaEncryption 447s Public-Key: (1024 bit) 447s Modulus: 447s 00:e1:e2:6d:5d:61:ac:8d:16:09:4f:fd:45:09:bf: 447s 63:05:1c:9b:2c:09:83:a9:44:da:7e:68:38:ac:d9: 447s ab:a0:39:4b:ee:c2:a5:86:47:c4:b7:be:88:9b:00: 447s a4:d4:41:d1:04:ce:ac:de:f0:18:41:a7:d4:40:bf: 447s 53:04:11:1c:c2:11:24:ce:d2:4a:e0:a6:10:cf:05: 447s 02:c3:14:dc:27:1e:72:41:97:29:41:a9:36:0a:0f: 447s c1:9a:f1:93:5d:5f:98:a9:4a:4d:03:f5:f1:7d:e2: 447s ba:c7:2c:5c:e5:21:58:95:71:5c:38:01:9e:6b:58: 447s 9b:00:b9:b3:c7:77:8e:59:8b 447s Exponent: 65537 (0x10001) 447s X509v3 extensions: 447s X509v3 Authority Key Identifier: 447s 3E:C1:42:E9:19:80:E4:62:32:D5:1E:12:70:63:30:C5:83:4D:E2:10 447s X509v3 Basic Constraints: 447s CA:FALSE 447s Netscape Cert Type: 447s SSL Client, S/MIME 447s Netscape Comment: 447s Test Organization Sub Intermediate CA trusted Certificate 447s X509v3 Subject Key Identifier: 447s 0C:4D:0F:D9:0E:2B:75:D5:8E:6A:C2:7A:A8:BB:EB:EF:8F:99:B3:15 447s X509v3 Key Usage: critical 447s Digital Signature, Non Repudiation, Key Encipherment 447s X509v3 Extended Key Usage: 447s TLS Web Client Authentication, E-mail Protection 447s X509v3 Subject Alternative Name: 447s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 447s Signature Algorithm: sha256WithRSAEncryption 447s Signature Value: 447s 45:b6:b1:03:99:54:db:d9:e4:46:61:6b:0f:3f:02:07:ec:70: 447s 1b:d0:b7:dd:34:86:b7:fa:1b:ea:1d:1c:7c:f0:92:39:0d:2f: 447s fb:c8:ca:29:27:99:30:4f:96:8a:88:bf:b1:ca:09:23:bc:8e: 447s 86:e1:9e:73:e6:21:b5:5b:b4:7f:32:c8:8b:9f:27:bf:9a:f3: 447s 3e:63:3c:bf:8f:85:fb:8e:94:85:46:48:e0:b9:ab:c5:c3:47: 447s b4:eb:c5:ea:df:72:83:81:31:62:3a:21:05:a8:d4:be:8b:e0: 447s 46:11:e0:65:0e:56:56:50:19:98:e5:b6:e0:0b:2c:67:a3:d9: 447s 56:70 447s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-TfOciM/SSSD-child-9234-auth.pem 447s + found_md5=Modulus=E1E26D5D61AC8D16094FFD4509BF63051C9B2C0983A944DA7E6838ACD9ABA0394BEEC2A58647C4B7BE889B00A4D441D104CEACDEF01841A7D440BF5304111CC21124CED24AE0A610CF0502C314DC271E7241972941A9360A0FC19AF1935D5F98A94A4D03F5F17DE2BAC72C5CE5215895715C38019E6B589B00B9B3C7778E598B 447s + '[' Modulus=E1E26D5D61AC8D16094FFD4509BF63051C9B2C0983A944DA7E6838ACD9ABA0394BEEC2A58647C4B7BE889B00A4D441D104CEACDEF01841A7D440BF5304111CC21124CED24AE0A610CF0502C314DC271E7241972941A9360A0FC19AF1935D5F98A94A4D03F5F17DE2BAC72C5CE5215895715C38019E6B589B00B9B3C7778E598B '!=' Modulus=E1E26D5D61AC8D16094FFD4509BF63051C9B2C0983A944DA7E6838ACD9ABA0394BEEC2A58647C4B7BE889B00A4D441D104CEACDEF01841A7D440BF5304111CC21124CED24AE0A610CF0502C314DC271E7241972941A9360A0FC19AF1935D5F98A94A4D03F5F17DE2BAC72C5CE5215895715C38019E6B589B00B9B3C7778E598B ']' 447s + valid_certificate /tmp/sssd-softhsm2-TfOciM/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-24760 /tmp/sssd-softhsm2-TfOciM/test-full-chain-CA.pem partial_chain 447s + check_certificate /tmp/sssd-softhsm2-TfOciM/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-24760 /tmp/sssd-softhsm2-TfOciM/test-full-chain-CA.pem partial_chain 447s + local certificate=/tmp/sssd-softhsm2-TfOciM/test-sub-intermediate-CA-trusted-certificate-0001.pem 447s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-24760 447s + local key_ring=/tmp/sssd-softhsm2-TfOciM/test-full-chain-CA.pem 447s + local verify_option=partial_chain 447s + prepare_softhsm2_card /tmp/sssd-softhsm2-TfOciM/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-24760 447s + local certificate=/tmp/sssd-softhsm2-TfOciM/test-sub-intermediate-CA-trusted-certificate-0001.pem 447s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-24760 447s + local key_cn 447s + local key_name 447s + local tokens_dir 447s + local output_cert_file 447s + token_name= 447s ++ basename /tmp/sssd-softhsm2-TfOciM/test-sub-intermediate-CA-trusted-certificate-0001.pem .pem 447s + key_name=test-sub-intermediate-CA-trusted-certificate-0001 447s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-TfOciM/test-sub-intermediate-CA-trusted-certificate-0001.pem 447s ++ sed -n 's/ *commonName *= //p' 447s + key_cn='Test Organization Sub Intermediate Trusted Certificate 0001' 447s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 447s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-TfOciM/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 447s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-TfOciM/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 447s ++ basename /tmp/sssd-softhsm2-TfOciM/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf .conf 447s Test Organization Sub Int Token 447s + tokens_dir=/tmp/sssd-softhsm2-TfOciM/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 447s + token_name='Test Organization Sub Int Token' 447s + '[' '!' -e /tmp/sssd-softhsm2-TfOciM/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf ']' 447s + '[' '!' -d /tmp/sssd-softhsm2-TfOciM/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 ']' 447s + echo 'Test Organization Sub Int Token' 447s + '[' -n partial_chain ']' 447s + local verify_arg=--verify=partial_chain 447s + local output_base_name=SSSD-child-18809 447s + local output_file=/tmp/sssd-softhsm2-TfOciM/SSSD-child-18809.output 447s + output_cert_file=/tmp/sssd-softhsm2-TfOciM/SSSD-child-18809.pem 447s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so --verify=partial_chain --ca_db=/tmp/sssd-softhsm2-TfOciM/test-full-chain-CA.pem 447s [p11_child[2289]] [main] (0x0400): p11_child started. 447s [p11_child[2289]] [main] (0x2000): Running in [pre-auth] mode. 447s [p11_child[2289]] [main] (0x2000): Running with effective IDs: [0][0]. 447s [p11_child[2289]] [main] (0x2000): Running with real IDs [0][0]. 447s [p11_child[2289]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 447s [p11_child[2289]] [do_card] (0x4000): Module List: 447s [p11_child[2289]] [do_card] (0x4000): common name: [softhsm2]. 447s [p11_child[2289]] [do_card] (0x4000): dll name: [/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 447s [p11_child[2289]] [do_card] (0x4000): Description [SoftHSM slot ID 0x4dd0d0c4] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 447s [p11_child[2289]] [do_card] (0x4000): Token label [Test Organization Sub Int Token]. 447s [p11_child[2289]] [do_card] (0x4000): Found [Test Organization Sub Int Token] in slot [SoftHSM slot ID 0x4dd0d0c4][1305530564] of module [0][/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 447s [p11_child[2289]] [do_card] (0x4000): Login NOT required. 447s [p11_child[2289]] [read_certs] (0x4000): found cert[Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] 447s [p11_child[2289]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 447s [p11_child[2289]] [do_card] (0x4000): /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so (null) Test Organization Sub Int Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 447s [p11_child[2289]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x4dd0d0c4;slot-manufacturer=SoftHSM%20project;slot-id=1305530564;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=d7fd57834dd0d0c4;token=Test%20Organization%20Sub%20Int%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Sub%20Intermediate%20Trusted%20Certificate%200001;type=cert. 447s [p11_child[2289]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 447s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-TfOciM/SSSD-child-18809.output 447s + echo '-----BEGIN CERTIFICATE-----' 447s + tail -n1 /tmp/sssd-softhsm2-TfOciM/SSSD-child-18809.output 447s + echo '-----END CERTIFICATE-----' 447s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-TfOciM/SSSD-child-18809.pem 448s Certificate: 448s Data: 448s Version: 3 (0x2) 448s Serial Number: 5 (0x5) 448s Signature Algorithm: sha256WithRSAEncryption 448s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate CA 448s Validity 448s Not Before: Mar 23 21:40:11 2024 GMT 448s Not After : Mar 23 21:40:11 2025 GMT 448s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate Trusted Certificate 0001 448s Subject Public Key Info: 448s Public Key Algorithm: rsaEncryption 448s Public-Key: (1024 bit) 448s Modulus: 448s 00:e1:e2:6d:5d:61:ac:8d:16:09:4f:fd:45:09:bf: 448s 63:05:1c:9b:2c:09:83:a9:44:da:7e:68:38:ac:d9: 448s ab:a0:39:4b:ee:c2:a5:86:47:c4:b7:be:88:9b:00: 448s a4:d4:41:d1:04:ce:ac:de:f0:18:41:a7:d4:40:bf: 448s 53:04:11:1c:c2:11:24:ce:d2:4a:e0:a6:10:cf:05: 448s 02:c3:14:dc:27:1e:72:41:97:29:41:a9:36:0a:0f: 448s c1:9a:f1:93:5d:5f:98:a9:4a:4d:03:f5:f1:7d:e2: 448s ba:c7:2c:5c:e5:21:58:95:71:5c:38:01:9e:6b:58: 448s 9b:00:b9:b3:c7:77:8e:59:8b 448s Exponent: 65537 (0x10001) 448s X509v3 extensions: 448s X509v3 Authority Key Identifier: 448s 3E:C1:42:E9:19:80:E4:62:32:D5:1E:12:70:63:30:C5:83:4D:E2:10 448s X509v3 Basic Constraints: 448s CA:FALSE 448s Netscape Cert Type: 448s SSL Client, S/MIME 448s Netscape Comment: 448s Test Organization Sub Intermediate CA trusted Certificate 448s X509v3 Subject Key Identifier: 448s 0C:4D:0F:D9:0E:2B:75:D5:8E:6A:C2:7A:A8:BB:EB:EF:8F:99:B3:15 448s X509v3 Key Usage: critical 448s Digital Signature, Non Repudiation, Key Encipherment 448s X509v3 Extended Key Usage: 448s TLS Web Client Authentication, E-mail Protection 448s X509v3 Subject Alternative Name: 448s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 448s Signature Algorithm: sha256WithRSAEncryption 448s Signature Value: 448s 45:b6:b1:03:99:54:db:d9:e4:46:61:6b:0f:3f:02:07:ec:70: 448s 1b:d0:b7:dd:34:86:b7:fa:1b:ea:1d:1c:7c:f0:92:39:0d:2f: 448s fb:c8:ca:29:27:99:30:4f:96:8a:88:bf:b1:ca:09:23:bc:8e: 448s 86:e1:9e:73:e6:21:b5:5b:b4:7f:32:c8:8b:9f:27:bf:9a:f3: 448s 3e:63:3c:bf:8f:85:fb:8e:94:85:46:48:e0:b9:ab:c5:c3:47: 448s b4:eb:c5:ea:df:72:83:81:31:62:3a:21:05:a8:d4:be:8b:e0: 448s 46:11:e0:65:0e:56:56:50:19:98:e5:b6:e0:0b:2c:67:a3:d9: 448s 56:70 448s + local found_md5 expected_md5 448s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-TfOciM/test-sub-intermediate-CA-trusted-certificate-0001.pem 448s + expected_md5=Modulus=E1E26D5D61AC8D16094FFD4509BF63051C9B2C0983A944DA7E6838ACD9ABA0394BEEC2A58647C4B7BE889B00A4D441D104CEACDEF01841A7D440BF5304111CC21124CED24AE0A610CF0502C314DC271E7241972941A9360A0FC19AF1935D5F98A94A4D03F5F17DE2BAC72C5CE5215895715C38019E6B589B00B9B3C7778E598B 448s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-TfOciM/SSSD-child-18809.pem 448s Certificate: 448s Data: 448s Version: 3 (0x2) 448s Serial Number: 5 (0x5) 448s Signature Algorithm: sha256WithRSAEncryption 448s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate CA 448s Validity 448s Not Before: Mar 23 21:40:11 2024 GMT 448s Not After : Mar 23 21:40:11 2025 GMT 448s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate Trusted Certificate 0001 448s Subject Public Key Info: 448s Public Key Algorithm: rsaEncryption 448s Public-Key: (1024 bit) 448s Modulus: 448s 00:e1:e2:6d:5d:61:ac:8d:16:09:4f:fd:45:09:bf: 448s 63:05:1c:9b:2c:09:83:a9:44:da:7e:68:38:ac:d9: 448s ab:a0:39:4b:ee:c2:a5:86:47:c4:b7:be:88:9b:00: 448s a4:d4:41:d1:04:ce:ac:de:f0:18:41:a7:d4:40:bf: 448s 53:04:11:1c:c2:11:24:ce:d2:4a:e0:a6:10:cf:05: 448s 02:c3:14:dc:27:1e:72:41:97:29:41:a9:36:0a:0f: 448s c1:9a:f1:93:5d:5f:98:a9:4a:4d:03:f5:f1:7d:e2: 448s ba:c7:2c:5c:e5:21:58:95:71:5c:38:01:9e:6b:58: 448s 9b:00:b9:b3:c7:77:8e:59:8b 448s Exponent: 65537 (0x10001) 448s X509v3 extensions: 448s X509v3 Authority Key Identifier: 448s 3E:C1:42:E9:19:80:E4:62:32:D5:1E:12:70:63:30:C5:83:4D:E2:10 448s X509v3 Basic Constraints: 448s CA:FALSE 448s Netscape Cert Type: 448s SSL Client, S/MIME 448s Netscape Comment: 448s Test Organization Sub Intermediate CA trusted Certificate 448s X509v3 Subject Key Identifier: 448s 0C:4D:0F:D9:0E:2B:75:D5:8E:6A:C2:7A:A8:BB:EB:EF:8F:99:B3:15 448s X509v3 Key Usage: critical 448s Digital Signature, Non Repudiation, Key Encipherment 448s X509v3 Extended Key Usage: 448s TLS Web Client Authentication, E-mail Protection 448s X509v3 Subject Alternative Name: 448s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 448s Signature Algorithm: sha256WithRSAEncryption 448s Signature Value: 448s 45:b6:b1:03:99:54:db:d9:e4:46:61:6b:0f:3f:02:07:ec:70: 448s 1b:d0:b7:dd:34:86:b7:fa:1b:ea:1d:1c:7c:f0:92:39:0d:2f: 448s fb:c8:ca:29:27:99:30:4f:96:8a:88:bf:b1:ca:09:23:bc:8e: 448s 86:e1:9e:73:e6:21:b5:5b:b4:7f:32:c8:8b:9f:27:bf:9a:f3: 448s 3e:63:3c:bf:8f:85:fb:8e:94:85:46:48:e0:b9:ab:c5:c3:47: 448s b4:eb:c5:ea:df:72:83:81:31:62:3a:21:05:a8:d4:be:8b:e0: 448s 46:11:e0:65:0e:56:56:50:19:98:e5:b6:e0:0b:2c:67:a3:d9: 448s 56:70 448s Test Organization Sub Int Token 448s Test Organization Sub Int Token 448s Test Organization Sub Int Token 448s Certificate: 448s Data: 448s Version: 3 (0x2) 448s Serial Number: 5 (0x5) 448s Signature Algorithm: sha256WithRSAEncryption 448s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate CA 448s Validity 448s Not Before: Mar 23 21:40:11 2024 GMT 448s Not After : Mar 23 21:40:11 2025 GMT 448s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate Trusted Certificate 0001 448s Subject Public Key Info: 448s Public Key Algorithm: rsaEncryption 448s Public-Key: (1024 bit) 448s Modulus: 448s 00:e1:e2:6d:5d:61:ac:8d:16:09:4f:fd:45:09:bf: 448s 63:05:1c:9b:2c:09:83:a9:44:da:7e:68:38:ac:d9: 448s ab:a0:39:4b:ee:c2:a5:86:47:c4:b7:be:88:9b:00: 448s a4:d4:41:d1:04:ce:ac:de:f0:18:41:a7:d4:40:bf: 448s 53:04:11:1c:c2:11:24:ce:d2:4a:e0:a6:10:cf:05: 448s 02:c3:14:dc:27:1e:72:41:97:29:41:a9:36:0a:0f: 448s c1:9a:f1:93:5d:5f:98:a9:4a:4d:03:f5:f1:7d:e2: 448s ba:c7:2c:5c:e5:21:58:95:71:5c:38:01:9e:6b:58: 448s 9b:00:b9:b3:c7:77:8e:59:8b 448s Exponent: 65537 (0x10001) 448s X509v3 extensions: 448s X509v3 Authority Key Identifier: 448s 3E:C1:42:E9:19:80:E4:62:32:D5:1E:12:70:63:30:C5:83:4D:E2:10 448s X509v3 Basic Constraints: 448s CA:FALSE 448s Netscape Cert Type: 448s SSL Client, S/MIME 448s Netscape Comment: 448s Test Organization Sub Intermediate CA trusted Certificate 448s X509v3 Subject Key Identifier: 448s 0C:4D:0F:D9:0E:2B:75:D5:8E:6A:C2:7A:A8:BB:EB:EF:8F:99:B3:15 448s X509v3 Key Usage: critical 448s Digital Signature, Non Repudiation, Key Encipherment 448s X509v3 Extended Key Usage: 448s TLS Web Client Authentication, E-mail Protection 448s X509v3 Subject Alternative Name: 448s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 448s Signature Algorithm: sha256WithRSAEncryption 448s Signature Value: 448s 45:b6:b1:03:99:54:db:d9:e4:46:61:6b:0f:3f:02:07:ec:70: 448s 1b:d0:b7:dd:34:86:b7:fa:1b:ea:1d:1c:7c:f0:92:39:0d:2f: 448s fb:c8:ca:29:27:99:30:4f:96:8a:88:bf:b1:ca:09:23:bc:8e: 448s 86:e1:9e:73:e6:21:b5:5b:b4:7f:32:c8:8b:9f:27:bf:9a:f3: 448s 3e:63:3c:bf:8f:85:fb:8e:94:85:46:48:e0:b9:ab:c5:c3:47: 448s b4:eb:c5:ea:df:72:83:81:31:62:3a:21:05:a8:d4:be:8b:e0: 448s 46:11:e0:65:0e:56:56:50:19:98:e5:b6:e0:0b:2c:67:a3:d9: 448s 56:70 448s Certificate: 448s Data: 448s Version: 3 (0x2) 448s Serial Number: 5 (0x5) 448s Signature Algorithm: sha256WithRSAEncryption 448s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate CA 448s Validity 448s Not Before: Mar 23 21:40:11 2024 GMT 448s Not After : Mar 23 21:40:11 2025 GMT 448s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate Trusted Certificate 0001 448s Subject Public Key Info: 448s Public Key Algorithm: rsaEncryption 448s Public-Key: (1024 bit) 448s Modulus: 448s 00:e1:e2:6d:5d:61:ac:8d:16:09:4f:fd:45:09:bf: 448s 63:05:1c:9b:2c:09:83:a9:44:da:7e:68:38:ac:d9: 448s ab:a0:39:4b:ee:c2:a5:86:47:c4:b7:be:88:9b:00: 448s a4:d4:41:d1:04:ce:ac:de:f0:18:41:a7:d4:40:bf: 448s 53:04:11:1c:c2:11:24:ce:d2:4a:e0:a6:10:cf:05: 448s 02:c3:14:dc:27:1e:72:41:97:29:41:a9:36:0a:0f: 448s c1:9a:f1:93:5d:5f:98:a9:4a:4d:03:f5:f1:7d:e2: 448s ba:c7:2c:5c:e5:21:58:95:71:5c:38:01:9e:6b:58: 448s 9b:00:b9:b3:c7:77:8e:59:8b 448s Exponent: 65537 (0x10001) 448s X509v3 extensions: 448s X509v3 Authority Key Identifier: 448s 3E:C1:42:E9:19:80:E4:62:32:D5:1E:12:70:63:30:C5:83:4D:E2:10 448s X509v3 Basic Constraints: 448s CA:FALSE 448s Netscape Cert Type: 448s SSL Client, S/MIME 448s Netscape Comment: 448s Test Organization Sub Intermediate CA trusted Certificate 448s X509v3 Subject Key Identifier: 448s 0C:4D:0F:D9:0E:2B:75:D5:8E:6A:C2:7A:A8:BB:EB:EF:8F:99:B3:15 448s X509v3 Key Usage: critical 448s Digital Signature, Non Repudiation, Key Encipherment 448s X509v3 Extended Key Usage: 448s TLS Web Client Authentication, E-mail Protection 448s X509v3 Subject Alternative Name: 448s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 448s Signature Algorithm: sha256WithRSAEncryption 448s Signature Value: 448s 45:b6:b1:03:99:54:db:d9:e4:46:61:6b:0f:3f:02:07:ec:70: 448s 1b:d0:b7:dd:34:86:b7:fa:1b:ea:1d:1c:7c:f0:92:39:0d:2f: 448s fb:c8:ca:29:27:99:30:4f:96:8a:88:bf:b1:ca:09:23:bc:8e: 448s 86:e1:9e:73:e6:21:b5:5b:b4:7f:32:c8:8b:9f:27:bf:9a:f3: 448s 3e:63:3c:bf:8f:85:fb:8e:94:85:46:48:e0:b9:ab:c5:c3:47: 448s b4:eb:c5:ea:df:72:83:81:31:62:3a:21:05:a8:d4:be:8b:e0: 448s 46:11:e0:65:0e:56:56:50:19:98:e5:b6:e0:0b:2c:67:a3:d9: 448s 56:70 448s Test Organization Sub Int Token 448s Certificate: 448s Data: 448s Version: 3 (0x2) 448s Serial Number: 5 (0x5) 448s Signature Algorithm: sha256WithRSAEncryption 448s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate CA 448s Validity 448s Not Before: Mar 23 21:40:11 2024 GMT 448s Not After : Mar 23 21:40:11 2025 GMT 448s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate Trusted Certificate 0001 448s Subject Public Key Info: 448s Public Key Algorithm: rsaEncryption 448s Public-Key: (1024 bit) 448s Modulus: 448s 00:e1:e2:6d:5d:61:ac:8d:16:09:4f:fd:45:09:bf: 448s 63:05:1c:9b:2c:09:83:a9:44:da:7e:68:38:ac:d9: 448s ab:a0:39:4b:ee:c2:a5:86:47:c4:b7:be:88:9b:00: 448s a4:d4:41:d1:04:ce:ac:de:f0:18:41:a7:d4:40:bf: 448s 53:04:11:1c:c2:11:24:ce:d2:4a:e0:a6:10:cf:05: 448s 02:c3:14:dc:27:1e:72:41:97:29:41:a9:36:0a:0f: 448s c1:9a:f1:93:5d:5f:98:a9:4a:4d:03:f5:f1:7d:e2: 448s ba:c7:2c:5c:e5:21:58:95:71:5c:38:01:9e:6b:58: 448s 9b:00:b9:b3:c7:77:8e:59:8b 448s Exponent: 65537 (0x10001) 448s X509v3 extensions: 448s X509v3 Authority Key Identifier: 448s 3E:C1:42:E9:19:80:E4:62:32:D5:1E:12:70:63:30:C5:83:4D:E2:10 448s X509v3 Basic Constraints: 448s CA:FALSE 448s Netscape Cert Type: 448s SSL Client, S/MIME 448s Netscape Comment: 448s Test Organization Sub Intermediate CA trusted Certificate 448s X509v3 Subject Key Identifier: 448s 0C:4D:0F:D9:0E:2B:75:D5:8E:6A:C2:7A:A8:BB:EB:EF:8F:99:B3:15 448s X509v3 Key Usage: critical 448s Digital Signature, Non Repudiation, Key Encipherment 448s X509v3 Extended Key Usage: 448s TLS Web Client Authentication, E-mail Protection 448s X509v3 Subject Alternative Name: 448s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 448s Signature Algorithm: sha256WithRSAEncryption 448s Signature Value: 448s 45:b6:b1:03:99:54:db:d9:e4:46:61:6b:0f:3f:02:07:ec:70: 448s 1b:d0:b7:dd:34:86:b7:fa:1b:ea:1d:1c:7c:f0:92:39:0d:2f: 448s fb:c8:ca:29:27:99:30:4f:96:8a:88:bf:b1:ca:09:23:bc:8e: 448s 86:e1:9e:73:e6:21:b5:5b:b4:7f:32:c8:8b:9f:27:bf:9a:f3: 448s 3e:63:3c:bf:8f:85:fb:8e:94:85:46:48:e0:b9:ab:c5:c3:47: 448s b4:eb:c5:ea:df:72:83:81:31:62:3a:21:05:a8:d4:be:8b:e0: 448s 46:11:e0:65:0e:56:56:50:19:98:e5:b6:e0:0b:2c:67:a3:d9: 448s 56:70 448s + found_md5=Modulus=E1E26D5D61AC8D16094FFD4509BF63051C9B2C0983A944DA7E6838ACD9ABA0394BEEC2A58647C4B7BE889B00A4D441D104CEACDEF01841A7D440BF5304111CC21124CED24AE0A610CF0502C314DC271E7241972941A9360A0FC19AF1935D5F98A94A4D03F5F17DE2BAC72C5CE5215895715C38019E6B589B00B9B3C7778E598B 448s + '[' Modulus=E1E26D5D61AC8D16094FFD4509BF63051C9B2C0983A944DA7E6838ACD9ABA0394BEEC2A58647C4B7BE889B00A4D441D104CEACDEF01841A7D440BF5304111CC21124CED24AE0A610CF0502C314DC271E7241972941A9360A0FC19AF1935D5F98A94A4D03F5F17DE2BAC72C5CE5215895715C38019E6B589B00B9B3C7778E598B '!=' Modulus=E1E26D5D61AC8D16094FFD4509BF63051C9B2C0983A944DA7E6838ACD9ABA0394BEEC2A58647C4B7BE889B00A4D441D104CEACDEF01841A7D440BF5304111CC21124CED24AE0A610CF0502C314DC271E7241972941A9360A0FC19AF1935D5F98A94A4D03F5F17DE2BAC72C5CE5215895715C38019E6B589B00B9B3C7778E598B ']' 448s + output_file=/tmp/sssd-softhsm2-TfOciM/SSSD-child-18809-auth.output 448s ++ basename /tmp/sssd-softhsm2-TfOciM/SSSD-child-18809-auth.output .output 448s + output_cert_file=/tmp/sssd-softhsm2-TfOciM/SSSD-child-18809-auth.pem 448s + echo -n 053350 448s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/tmp/sssd-softhsm2-TfOciM/test-full-chain-CA.pem --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 --verify=partial_chain --token_name 'Test Organization Sub Int Token' --module_name /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so 448s [p11_child[2297]] [main] (0x0400): p11_child started. 448s [p11_child[2297]] [main] (0x2000): Running in [auth] mode. 448s [p11_child[2297]] [main] (0x2000): Running with effective IDs: [0][0]. 448s [p11_child[2297]] [main] (0x2000): Running with real IDs [0][0]. 448s [p11_child[2297]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 448s [p11_child[2297]] [do_card] (0x4000): Module List: 448s [p11_child[2297]] [do_card] (0x4000): common name: [softhsm2]. 448s [p11_child[2297]] [do_card] (0x4000): dll name: [/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 448s [p11_child[2297]] [do_card] (0x4000): Description [SoftHSM slot ID 0x4dd0d0c4] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 448s [p11_child[2297]] [do_card] (0x4000): Token label [Test Organization Sub Int Token]. 448s [p11_child[2297]] [do_card] (0x4000): Found [Test Organization Sub Int Token] in slot [SoftHSM slot ID 0x4dd0d0c4][1305530564] of module [0][/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 448s [p11_child[2297]] [do_card] (0x4000): Login required. 448s [p11_child[2297]] [read_certs] (0x4000): found cert[Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] 448s [p11_child[2297]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 448s [p11_child[2297]] [do_card] (0x4000): /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so Test Organization Sub Int Token Test Organization Sub Int Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 448s [p11_child[2297]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x4dd0d0c4;slot-manufacturer=SoftHSM%20project;slot-id=1305530564;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=d7fd57834dd0d0c4;token=Test%20Organization%20Sub%20Int%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Sub%20Intermediate%20Trusted%20Certificate%200001;type=cert. 448s [p11_child[2297]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 448s [p11_child[2297]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 448s [p11_child[2297]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 448s [p11_child[2297]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 448s [p11_child[2297]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 448s [p11_child[2297]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 448s [p11_child[2297]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 448s [p11_child[2297]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 448s [p11_child[2297]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 448s [p11_child[2297]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 448s [p11_child[2297]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 448s [p11_child[2297]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 448s [p11_child[2297]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 448s [p11_child[2297]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 448s [p11_child[2297]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 448s [p11_child[2297]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 448s [p11_child[2297]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 448s [p11_child[2297]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 448s [p11_child[2297]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 448s [p11_child[2297]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 448s [p11_child[2297]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 448s [p11_child[2297]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 448s [p11_child[2297]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 448s [p11_child[2297]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 448s [p11_child[2297]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 448s [p11_child[2297]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 448s [p11_child[2297]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 448s [p11_child[2297]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 448s [p11_child[2297]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 448s [p11_child[2297]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 448s [p11_child[2297]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 448s [p11_child[2297]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 448s [p11_child[2297]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 448s [p11_child[2297]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 448s [p11_child[2297]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 448s [p11_child[2297]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 448s [p11_child[2297]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 448s [p11_child[2297]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 448s [p11_child[2297]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 448s [p11_child[2297]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 448s [p11_child[2297]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 448s [p11_child[2297]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 448s [p11_child[2297]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 448s [p11_child[2297]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 448s [p11_child[2297]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 448s [p11_child[2297]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 448s [p11_child[2297]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 448s [p11_child[2297]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 448s [p11_child[2297]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 448s [p11_child[2297]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 448s [p11_child[2297]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 448s [p11_child[2297]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 448s [p11_child[2297]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 448s [p11_child[2297]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 448s [p11_child[2297]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 448s [p11_child[2297]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 448s [p11_child[2297]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 448s [p11_child[2297]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 448s [p11_child[2297]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 448s [p11_child[2297]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 448s [p11_child[2297]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 448s [p11_child[2297]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 448s [p11_child[2297]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 448s [p11_child[2297]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 448s [p11_child[2297]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 448s [p11_child[2297]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 448s [p11_child[2297]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 448s [p11_child[2297]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 448s [p11_child[2297]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 448s [p11_child[2297]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 448s [p11_child[2297]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 448s [p11_child[2297]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 448s [p11_child[2297]] [do_card] (0x4000): Certificate verified and validated. 448s [p11_child[2297]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 448s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-TfOciM/SSSD-child-18809-auth.output 448s + echo '-----BEGIN CERTIFICATE-----' 448s + tail -n1 /tmp/sssd-softhsm2-TfOciM/SSSD-child-18809-auth.output 448s + echo '-----END CERTIFICATE-----' 448s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-TfOciM/SSSD-child-18809-auth.pem 448s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-TfOciM/SSSD-child-18809-auth.pem 448s + found_md5=Modulus=E1E26D5D61AC8D16094FFD4509BF63051C9B2C0983A944DA7E6838ACD9ABA0394BEEC2A58647C4B7BE889B00A4D441D104CEACDEF01841A7D440BF5304111CC21124CED24AE0A610CF0502C314DC271E7241972941A9360A0FC19AF1935D5F98A94A4D03F5F17DE2BAC72C5CE5215895715C38019E6B589B00B9B3C7778E598B 448s + '[' Modulus=E1E26D5D61AC8D16094FFD4509BF63051C9B2C0983A944DA7E6838ACD9ABA0394BEEC2A58647C4B7BE889B00A4D441D104CEACDEF01841A7D440BF5304111CC21124CED24AE0A610CF0502C314DC271E7241972941A9360A0FC19AF1935D5F98A94A4D03F5F17DE2BAC72C5CE5215895715C38019E6B589B00B9B3C7778E598B '!=' Modulus=E1E26D5D61AC8D16094FFD4509BF63051C9B2C0983A944DA7E6838ACD9ABA0394BEEC2A58647C4B7BE889B00A4D441D104CEACDEF01841A7D440BF5304111CC21124CED24AE0A610CF0502C314DC271E7241972941A9360A0FC19AF1935D5F98A94A4D03F5F17DE2BAC72C5CE5215895715C38019E6B589B00B9B3C7778E598B ']' 448s + invalid_certificate /tmp/sssd-softhsm2-TfOciM/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-24760 /tmp/sssd-softhsm2-TfOciM/test-sub-intermediate-CA.pem 448s + check_certificate /tmp/sssd-softhsm2-TfOciM/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-24760 /tmp/sssd-softhsm2-TfOciM/test-sub-intermediate-CA.pem 448s + local certificate=/tmp/sssd-softhsm2-TfOciM/test-sub-intermediate-CA-trusted-certificate-0001.pem 448s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-24760 448s + local key_ring=/tmp/sssd-softhsm2-TfOciM/test-sub-intermediate-CA.pem 448s + local verify_option= 448s + prepare_softhsm2_card /tmp/sssd-softhsm2-TfOciM/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-24760 448s + local certificate=/tmp/sssd-softhsm2-TfOciM/test-sub-intermediate-CA-trusted-certificate-0001.pem 448s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-24760 448s + local key_cn 448s + local key_name 448s + local tokens_dir 448s + local output_cert_file 448s + token_name= 448s ++ basename /tmp/sssd-softhsm2-TfOciM/test-sub-intermediate-CA-trusted-certificate-0001.pem .pem 448s + key_name=test-sub-intermediate-CA-trusted-certificate-0001 448s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-TfOciM/test-sub-intermediate-CA-trusted-certificate-0001.pem 448s ++ sed -n 's/ *commonName *= //p' 448s + key_cn='Test Organization Sub Intermediate Trusted Certificate 0001' 448s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 448s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-TfOciM/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 448s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-TfOciM/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 448s ++ basename /tmp/sssd-softhsm2-TfOciM/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf .conf 448s + tokens_dir=/tmp/sssd-softhsm2-TfOciM/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 448s + token_name='Test Organization Sub Int Token' 448s + '[' '!' -e /tmp/sssd-softhsm2-TfOciM/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf ']' 448s + '[' '!' -d /tmp/sssd-softhsm2-TfOciM/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 ']' 448s + echo 'Test Organization Sub Int Token' 448s + '[' -n '' ']' 448s + local output_base_name=SSSD-child-12385 448s + local output_file=/tmp/sssd-softhsm2-TfOciM/SSSD-child-12385.output 448s + output_cert_file=/tmp/sssd-softhsm2-TfOciM/SSSD-child-12385.pem 448s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so '' --ca_db=/tmp/sssd-softhsm2-TfOciM/test-sub-intermediate-CA.pem 448s [p11_child[2307]] [main] (0x0400): p11_child started. 448s [p11_child[2307]] [main] (0x2000): Running in [pre-auth] mode. 448s [p11_child[2307]] [main] (0x2000): Running with effective IDs: [0][0]. 448s [p11_child[2307]] [main] (0x2000): Running with real IDs [0][0]. 448s [p11_child[2307]] [do_card] (0x4000): Module List: 448s [p11_child[2307]] [do_card] (0x4000): common name: [softhsm2]. 448s [p11_child[2307]] [do_card] (0x4000): dll name: [/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 448s [p11_child[2307]] [do_card] (0x4000): Description [SoftHSM slot ID 0x4dd0d0c4] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 448s [p11_child[2307]] [do_card] (0x4000): Token label [Test Organization Sub Int Token]. 448s [p11_child[2307]] [do_card] (0x4000): Found [Test Organization Sub Int Token] in slot [SoftHSM slot ID 0x4dd0d0c4][1305530564] of module [0][/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 448s [p11_child[2307]] [do_card] (0x4000): Login NOT required. 448s [p11_child[2307]] [read_certs] (0x4000): found cert[Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] 448s [p11_child[2307]] [do_verification] (0x0040): X509_verify_cert failed [0]. 448s [p11_child[2307]] [do_verification] (0x0040): X509_verify_cert failed [2][unable to get issuer certificate]. 448s [p11_child[2307]] [read_certs] (0x0040): Certificate [Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] not valid, skipping. 448s [p11_child[2307]] [do_card] (0x4000): No certificate found. 448s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-TfOciM/SSSD-child-12385.output 448s + return 2 448s + invalid_certificate /tmp/sssd-softhsm2-TfOciM/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-24760 /tmp/sssd-softhsm2-TfOciM/test-root-intermediate-chain-CA.pem partial_chain 448s + check_certificate /tmp/sssd-softhsm2-TfOciM/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-24760 /tmp/sssd-softhsm2-TfOciM/test-root-intermediate-chain-CA.pem partial_chain 448s + local certificate=/tmp/sssd-softhsm2-TfOciM/test-sub-intermediate-CA-trusted-certificate-0001.pem 448s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-24760 448s + local key_ring=/tmp/sssd-softhsm2-TfOciM/test-root-intermediate-chain-CA.pem 448s + local verify_option=partial_chain 448s + prepare_softhsm2_card /tmp/sssd-softhsm2-TfOciM/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-24760 448s + local certificate=/tmp/sssd-softhsm2-TfOciM/test-sub-intermediate-CA-trusted-certificate-0001.pem 448s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-24760 448s + local key_cn 448s + local key_name 448s + local tokens_dir 448s + local output_cert_file 448s + token_name= 448s ++ basename /tmp/sssd-softhsm2-TfOciM/test-sub-intermediate-CA-trusted-certificate-0001.pem .pem 448s + key_name=test-sub-intermediate-CA-trusted-certificate-0001 448s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-TfOciM/test-sub-intermediate-CA-trusted-certificate-0001.pem 448s ++ sed -n 's/ *commonName *= //p' 448s + key_cn='Test Organization Sub Intermediate Trusted Certificate 0001' 448s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 448s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-TfOciM/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 448s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-TfOciM/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 448s ++ basename /tmp/sssd-softhsm2-TfOciM/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf .conf 448s + tokens_dir=/tmp/sssd-softhsm2-TfOciM/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 448s + token_name='Test Organization Sub Int Token' 448s + '[' '!' -e /tmp/sssd-softhsm2-TfOciM/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf ']' 448s + '[' '!' -d /tmp/sssd-softhsm2-TfOciM/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 ']' 448s + echo 'Test Organization Sub Int Token' 448s + '[' -n partial_chain ']' 448s + local verify_arg=--verify=partial_chain 448s + local output_base_name=SSSD-child-1159 448s + local output_file=/tmp/sssd-softhsm2-TfOciM/SSSD-child-1159.output 448s + output_cert_file=/tmp/sssd-softhsm2-TfOciM/SSSD-child-1159.pem 448s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so --verify=partial_chain --ca_db=/tmp/sssd-softhsm2-TfOciM/test-root-intermediate-chain-CA.pem 448s [p11_child[2314]] [main] (0x0400): p11_child started. 448s [p11_child[2314]] [main] (0x2000): Running in [pre-auth] mode. 448s [p11_child[2314]] [main] (0x2000): Running with effective IDs: [0][0]. 448s [p11_child[2314]] [main] (0x2000): Running with real IDs [0][0]. 448s [p11_child[2314]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 448s [p11_child[2314]] [do_card] (0x4000): Module List: 448s [p11_child[2314]] [do_card] (0x4000): common name: [softhsm2]. 448s [p11_child[2314]] [do_card] (0x4000): dll name: [/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 448s [p11_child[2314]] [do_card] (0x4000): Description [SoftHSM slot ID 0x4dd0d0c4] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 448s [p11_child[2314]] [do_card] (0x4000): Token label [Test Organization Sub Int Token]. 448s [p11_child[2314]] [do_card] (0x4000): Found [Test Organization Sub Int Token] in slot [SoftHSM slot ID 0x4dd0d0c4][1305530564] of module [0][/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 448s [p11_child[2314]] [do_card] (0x4000): Login NOT required. 448s [p11_child[2314]] [read_certs] (0x4000): found cert[Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] 448s [p11_child[2314]] [do_verification] (0x0040): X509_verify_cert failed [0]. 448s [p11_child[2314]] [do_verification] (0x0040): X509_verify_cert failed [20][unable to get local issuer certificate]. 448s [p11_child[2314]] [read_certs] (0x0040): Certificate [Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] not valid, skipping. 448s [p11_child[2314]] [do_card] (0x4000): No certificate found. 448s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-TfOciM/SSSD-child-1159.output 448s + return 2 448s + valid_certificate /tmp/sssd-softhsm2-TfOciM/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-24760 /tmp/sssd-softhsm2-TfOciM/test-sub-intermediate-CA.pem partial_chain 448s + check_certificate /tmp/sssd-softhsm2-TfOciM/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-24760 /tmp/sssd-softhsm2-TfOciM/test-sub-intermediate-CA.pem partial_chain 448s + local certificate=/tmp/sssd-softhsm2-TfOciM/test-sub-intermediate-CA-trusted-certificate-0001.pem 448s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-24760 448s + local key_ring=/tmp/sssd-softhsm2-TfOciM/test-sub-intermediate-CA.pem 448s + local verify_option=partial_chain 448s + prepare_softhsm2_card /tmp/sssd-softhsm2-TfOciM/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-24760 448s + local certificate=/tmp/sssd-softhsm2-TfOciM/test-sub-intermediate-CA-trusted-certificate-0001.pem 448s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-24760 448s + local key_cn 448s + local key_name 448s + local tokens_dir 448s + local output_cert_file 448s + token_name= 448s ++ basename /tmp/sssd-softhsm2-TfOciM/test-sub-intermediate-CA-trusted-certificate-0001.pem .pem 448s + key_name=test-sub-intermediate-CA-trusted-certificate-0001 448s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-TfOciM/test-sub-intermediate-CA-trusted-certificate-0001.pem 448s ++ sed -n 's/ *commonName *= //p' 448s + key_cn='Test Organization Sub Intermediate Trusted Certificate 0001' 448s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 448s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-TfOciM/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 448s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-TfOciM/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 448s ++ basename /tmp/sssd-softhsm2-TfOciM/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf .conf 448s + tokens_dir=/tmp/sssd-softhsm2-TfOciM/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 448s + token_name='Test Organization Sub Int Token' 448s + '[' '!' -e /tmp/sssd-softhsm2-TfOciM/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf ']' 448s + '[' '!' -d /tmp/sssd-softhsm2-TfOciM/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 ']' 448s + echo 'Test Organization Sub Int Token' 448s + '[' -n partial_chain ']' 448s + local verify_arg=--verify=partial_chain 448s + local output_base_name=SSSD-child-24879 448s + local output_file=/tmp/sssd-softhsm2-TfOciM/SSSD-child-24879.output 448s + output_cert_file=/tmp/sssd-softhsm2-TfOciM/SSSD-child-24879.pem 448s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so --verify=partial_chain --ca_db=/tmp/sssd-softhsm2-TfOciM/test-sub-intermediate-CA.pem 448s [p11_child[2321]] [main] (0x0400): p11_child started. 448s [p11_child[2321]] [main] (0x2000): Running in [pre-auth] mode. 448s [p11_child[2321]] [main] (0x2000): Running with effective IDs: [0][0]. 448s [p11_child[2321]] [main] (0x2000): Running with real IDs [0][0]. 448s [p11_child[2321]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 448s [p11_child[2321]] [do_card] (0x4000): Module List: 448s [p11_child[2321]] [do_card] (0x4000): common name: [softhsm2]. 448s [p11_child[2321]] [do_card] (0x4000): dll name: [/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 448s [p11_child[2321]] [do_card] (0x4000): Description [SoftHSM slot ID 0x4dd0d0c4] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 448s [p11_child[2321]] [do_card] (0x4000): Token label [Test Organization Sub Int Token]. 448s [p11_child[2321]] [do_card] (0x4000): Found [Test Organization Sub Int Token] in slot [SoftHSM slot ID 0x4dd0d0c4][1305530564] of module [0][/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 448s [p11_child[2321]] [do_card] (0x4000): Login NOT required. 448s [p11_child[2321]] [read_certs] (0x4000): found cert[Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] 448s [p11_child[2321]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 448s [p11_child[2321]] [do_card] (0x4000): /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so (null) Test Organization Sub Int Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 448s [p11_child[2321]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x4dd0d0c4;slot-manufacturer=SoftHSM%20project;slot-id=1305530564;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=d7fd57834dd0d0c4;token=Test%20Organization%20Sub%20Int%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Sub%20Intermediate%20Trusted%20Certificate%200001;type=cert. 448s [p11_child[2321]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 448s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-TfOciM/SSSD-child-24879.output 448s + echo '-----BEGIN CERTIFICATE-----' 448s + tail -n1 /tmp/sssd-softhsm2-TfOciM/SSSD-child-24879.output 448s + echo '-----END CERTIFICATE-----' 448s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-TfOciM/SSSD-child-24879.pem 448s + local found_md5 expected_md5 448s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-TfOciM/test-sub-intermediate-CA-trusted-certificate-0001.pem 448s + expected_md5=Modulus=E1E26D5D61AC8D16094FFD4509BF63051C9B2C0983A944DA7E6838ACD9ABA0394BEEC2A58647C4B7BE889B00A4D441D104CEACDEF01841A7D440BF5304111CC21124CED24AE0A610CF0502C314DC271E7241972941A9360A0FC19AF1935D5F98A94A4D03F5F17DE2BAC72C5CE5215895715C38019E6B589B00B9B3C7778E598B 448s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-TfOciM/SSSD-child-24879.pem 448s + found_md5=Modulus=E1E26D5D61AC8D16094FFD4509BF63051C9B2C0983A944DA7E6838ACD9ABA0394BEEC2A58647C4B7BE889B00A4D441D104CEACDEF01841A7D440BF5304111CC21124CED24AE0A610CF0502C314DC271E7241972941A9360A0FC19AF1935D5F98A94A4D03F5F17DE2BAC72C5CE5215895715C38019E6B589B00B9B3C7778E598B 448s + '[' Modulus=E1E26D5D61AC8D16094FFD4509BF63051C9B2C0983A944DA7E6838ACD9ABA0394BEEC2A58647C4B7BE889B00A4D441D104CEACDEF01841A7D440BF5304111CC21124CED24AE0A610CF0502C314DC271E7241972941A9360A0FC19AF1935D5F98A94A4D03F5F17DE2BAC72C5CE5215895715C38019E6B589B00B9B3C7778E598B '!=' Modulus=E1E26D5D61AC8D16094FFD4509BF63051C9B2C0983A944DA7E6838ACD9ABA0394BEEC2A58647C4B7BE889B00A4D441D104CEACDEF01841A7D440BF5304111CC21124CED24AE0A610CF0502C314DC271E7241972941A9360A0FC19AF1935D5F98A94A4D03F5F17DE2BAC72C5CE5215895715C38019E6B589B00B9B3C7778E598B ']' 448s + output_file=/tmp/sssd-softhsm2-TfOciM/SSSD-child-24879-auth.output 448s ++ basename /tmp/sssd-softhsm2-TfOciM/SSSD-child-24879-auth.output .output 448s + output_cert_file=/tmp/sssd-softhsm2-TfOciM/SSSD-child-24879-auth.pem 448s + echo -n 053350 448s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/tmp/sssd-softhsm2-TfOciM/test-sub-intermediate-CA.pem --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 --verify=partial_chain --token_name 'Test Organization Sub Int Token' --module_name /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so 448s [p11_child[2329]] [main] (0x0400): p11_child started. 448s [p11_child[2329]] [main] (0x2000): Running in [auth] mode. 448s [p11_child[2329]] [main] (0x2000): Running with effective IDs: [0][0]. 448s [p11_child[2329]] [main] (0x2000): Running with real IDs [0][0]. 448s [p11_child[2329]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 448s [p11_child[2329]] [do_card] (0x4000): Module List: 448s [p11_child[2329]] [do_card] (0x4000): common name: [softhsm2]. 448s [p11_child[2329]] [do_card] (0x4000): dll name: [/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 448s [p11_child[2329]] [do_card] (0x4000): Description [SoftHSM slot ID 0x4dd0d0c4] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 448s [p11_child[2329]] [do_card] (0x4000): Token label [Test Organization Sub Int Token]. 448s [p11_child[2329]] [do_card] (0x4000): Found [Test Organization Sub Int Token] in slot [SoftHSM slot ID 0x4dd0d0c4][1305530564] of module [0][/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 448s [p11_child[2329]] [do_card] (0x4000): Login required. 448s [p11_child[2329]] [read_certs] (0x4000): found cert[Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] 448s [p11_child[2329]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 448s [p11_child[2329]] [do_card] (0x4000): /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so Test Organization Sub Int Token Test Organization Sub Int Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 448s [p11_child[2329]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x4dd0d0c4;slot-manufacturer=SoftHSM%20project;slot-id=1305530564;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=d7fd57834dd0d0c4;token=Test%20Organization%20Sub%20Int%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Sub%20Intermediate%20Trusted%20Certificate%200001;type=cert. 448s [p11_child[2329]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 448s [p11_child[2329]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 448s [p11_child[2329]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 448s [p11_child[2329]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 448s [p11_child[2329]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 448s [p11_child[2329]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 448s [p11_child[2329]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 448s [p11_child[2329]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 448s [p11_child[2329]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 448s [p11_child[2329]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 448s [p11_child[2329]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 448s [p11_child[2329]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 448s [p11_child[2329]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 448s [p11_child[2329]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 448s [p11_child[2329]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 448s [p11_child[2329]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 448s [p11_child[2329]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 448s [p11_child[2329]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 448s [p11_child[2329]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 448s [p11_child[2329]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 448s [p11_child[2329]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 448s [p11_child[2329]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 448s [p11_child[2329]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 448s [p11_child[2329]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 448s [p11_child[2329]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 448s [p11_child[2329]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 448s [p11_child[2329]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 448s [p11_child[2329]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 448s [p11_child[2329]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 448s [p11_child[2329]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 448s [p11_child[2329]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 448s [p11_child[2329]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 448s [p11_child[2329]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 448s [p11_child[2329]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 448s [p11_child[2329]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 448s [p11_child[2329]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 448s [p11_child[2329]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 448s [p11_child[2329]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 448s [p11_child[2329]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 448s [p11_child[2329]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 448s [p11_child[2329]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 448s [p11_child[2329]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 448s [p11_child[2329]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 448s [p11_child[2329]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 448s [p11_child[2329]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 448s [p11_child[2329]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 448s [p11_child[2329]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 448s [p11_child[2329]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 448s [p11_child[2329]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 448s [p11_child[2329]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 448s [p11_child[2329]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 448s [p11_child[2329]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 448s [p11_child[2329]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 448s [p11_child[2329]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 448s [p11_child[2329]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 448s [p11_child[2329]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 448s [p11_child[2329]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 448s [p11_child[2329]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 448s [p11_child[2329]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 448s [p11_child[2329]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 448s [p11_child[2329]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 448s [p11_child[2329]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 448s [p11_child[2329]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 448s [p11_child[2329]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 448s [p11_child[2329]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 448s [p11_child[2329]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 448s [p11_child[2329]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 448s [p11_child[2329]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 448s [p11_child[2329]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 448s [p11_child[2329]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 448s [p11_child[2329]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 448s [p11_child[2329]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 448s [p11_child[2329]] [do_card] (0x4000): Certificate verified and validated. 448s [p11_child[2329]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 448s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-TfOciM/SSSD-child-24879-auth.output 448s + echo '-----BEGIN CERTIFICATE-----' 448s + tail -n1 /tmp/sssd-softhsm2-TfOciM/SSSD-child-24879-auth.output 448s + echo '-----END CERTIFICATE-----' 448s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-TfOciM/SSSD-child-24879-auth.pem 448s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-TfOciM/SSSD-child-24879-auth.pem 448s + found_md5=Modulus=E1E26D5D61AC8D16094FFD4509BF63051C9B2C0983A944DA7E6838ACD9ABA0394BEEC2A58647C4B7BE889B00A4D441D104CEACDEF01841A7D440BF5304111CC21124CED24AE0A610CF0502C314DC271E7241972941A9360A0FC19AF1935D5F98A94A4D03F5F17DE2BAC72C5CE5215895715C38019E6B589B00B9B3C7778E598B 448s + '[' Modulus=E1E26D5D61AC8D16094FFD4509BF63051C9B2C0983A944DA7E6838ACD9ABA0394BEEC2A58647C4B7BE889B00A4D441D104CEACDEF01841A7D440BF5304111CC21124CED24AE0A610CF0502C314DC271E7241972941A9360A0FC19AF1935D5F98A94A4D03F5F17DE2BAC72C5CE5215895715C38019E6B589B00B9B3C7778E598B '!=' Modulus=E1E26D5D61AC8D16094FFD4509BF63051C9B2C0983A944DA7E6838ACD9ABA0394BEEC2A58647C4B7BE889B00A4D441D104CEACDEF01841A7D440BF5304111CC21124CED24AE0A610CF0502C314DC271E7241972941A9360A0FC19AF1935D5F98A94A4D03F5F17DE2BAC72C5CE5215895715C38019E6B589B00B9B3C7778E598B ']' 448s + valid_certificate /tmp/sssd-softhsm2-TfOciM/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-24760 /tmp/sssd-softhsm2-TfOciM/test-intermediate-sub-chain-CA.pem partial_chain 448s + check_certificate /tmp/sssd-softhsm2-TfOciM/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-24760 /tmp/sssd-softhsm2-TfOciM/test-intermediate-sub-chain-CA.pem partial_chain 448s + local certificate=/tmp/sssd-softhsm2-TfOciM/test-sub-intermediate-CA-trusted-certificate-0001.pem 448s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-24760 448s + local key_ring=/tmp/sssd-softhsm2-TfOciM/test-intermediate-sub-chain-CA.pem 448s + local verify_option=partial_chain 448s + prepare_softhsm2_card /tmp/sssd-softhsm2-TfOciM/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-24760 448s + local certificate=/tmp/sssd-softhsm2-TfOciM/test-sub-intermediate-CA-trusted-certificate-0001.pem 448s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-24760 448s + local key_cn 448s + local key_name 448s + local tokens_dir 448s + local output_cert_file 448s + token_name= 448s ++ basename /tmp/sssd-softhsm2-TfOciM/test-sub-intermediate-CA-trusted-certificate-0001.pem .pem 448s + key_name=test-sub-intermediate-CA-trusted-certificate-0001 448s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-TfOciM/test-sub-intermediate-CA-trusted-certificate-0001.pem 448s ++ sed -n 's/ *commonName *= //p' 448s + key_cn='Test Organization Sub Intermediate Trusted Certificate 0001' 448s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 448s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-TfOciM/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 448s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-TfOciM/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 448s ++ basename /tmp/sssd-softhsm2-TfOciM/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf .conf 448s + tokens_dir=/tmp/sssd-softhsm2-TfOciM/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 448s + token_name='Test Organization Sub Int Token' 448s + '[' '!' -e /tmp/sssd-softhsm2-TfOciM/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf ']' 448s + '[' '!' -d /tmp/sssd-softhsm2-TfOciM/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 ']' 448s + echo 'Test Organization Sub Int Token' 448s + '[' -n partial_chain ']' 448s + local verify_arg=--verify=partial_chain 448s + local output_base_name=SSSD-child-7881 448s + local output_file=/tmp/sssd-softhsm2-TfOciM/SSSD-child-7881.output 448s + output_cert_file=/tmp/sssd-softhsm2-TfOciM/SSSD-child-7881.pem 448s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so --verify=partial_chain --ca_db=/tmp/sssd-softhsm2-TfOciM/test-intermediate-sub-chain-CA.pem 448s [p11_child[2339]] [main] (0x0400): p11_child started. 448s [p11_child[2339]] [main] (0x2000): Running in [pre-auth] mode. 448s [p11_child[2339]] [main] (0x2000): Running with effective IDs: [0][0]. 448s [p11_child[2339]] [main] (0x2000): Running with real IDs [0][0]. 448s [p11_child[2339]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 448s [p11_child[2339]] [do_card] (0x4000): Module List: 448s [p11_child[2339]] [do_card] (0x4000): common name: [softhsm2]. 448s [p11_child[2339]] [do_card] (0x4000): dll name: [/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 448s [p11_child[2339]] [do_card] (0x4000): Description [SoftHSM slot ID 0x4dd0d0c4] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 448s [p11_child[2339]] [do_card] (0x4000): Token label [Test Organization Sub Int Token]. 448s [p11_child[2339]] [do_card] (0x4000): Found [Test Organization Sub Int Token] in slot [SoftHSM slot ID 0x4dd0d0c4][1305530564] of module [0][/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 448s [p11_child[2339]] [do_card] (0x4000): Login NOT required. 448s [p11_child[2339]] [read_certs] (0x4000): found cert[Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] 448s [p11_child[2339]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 448s [p11_child[2339]] [do_card] (0x4000): /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so (null) Test Organization Sub Int Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 448s [p11_child[2339]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x4dd0d0c4;slot-manufacturer=SoftHSM%20project;slot-id=1305530564;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=d7fd57834dd0d0c4;token=Test%20Organization%20Sub%20Int%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Sub%20Intermediate%20Trusted%20Certificate%200001;type=cert. 448s [p11_child[2339]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 448s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-TfOciM/SSSD-child-7881.output 448s + echo '-----BEGIN CERTIFICATE-----' 448s + tail -n1 /tmp/sssd-softhsm2-TfOciM/SSSD-child-7881.output 448s + echo '-----END CERTIFICATE-----' 448s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-TfOciM/SSSD-child-7881.pem 448s + local found_md5 expected_md5 448s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-TfOciM/test-sub-intermediate-CA-trusted-certificate-0001.pem 448s + expected_md5=Modulus=E1E26D5D61AC8D16094FFD4509BF63051C9B2C0983A944DA7E6838ACD9ABA0394BEEC2A58647C4B7BE889B00A4D441D104CEACDEF01841A7D440BF5304111CC21124CED24AE0A610CF0502C314DC271E7241972941A9360A0FC19AF1935D5F98A94A4D03F5F17DE2BAC72C5CE5215895715C38019E6B589B00B9B3C7778E598B 448s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-TfOciM/SSSD-child-7881.pem 448s + found_md5=Modulus=E1E26D5D61AC8D16094FFD4509BF63051C9B2C0983A944DA7E6838ACD9ABA0394BEEC2A58647C4B7BE889B00A4D441D104CEACDEF01841A7D440BF5304111CC21124CED24AE0A610CF0502C314DC271E7241972941A9360A0FC19AF1935D5F98A94A4D03F5F17DE2BAC72C5CE5215895715C38019E6B589B00B9B3C7778E598B 448s + '[' Modulus=E1E26D5D61AC8D16094FFD4509BF63051C9B2C0983A944DA7E6838ACD9ABA0394BEEC2A58647C4B7BE889B00A4D441D104CEACDEF01841A7D440BF5304111CC21124CED24AE0A610CF0502C314DC271E7241972941A9360A0FC19AF1935D5F98A94A4D03F5F17DE2BAC72C5CE5215895715C38019E6B589B00B9B3C7778E598B '!=' Modulus=E1E26D5D61AC8D16094FFD4509BF63051C9B2C0983A944DA7E6838ACD9ABA0394BEEC2A58647C4B7BE889B00A4D441D104CEACDEF01841A7D440BF5304111CC21124CED24AE0A610CF0502C314DC271E7241972941A9360A0FC19AF1935D5F98A94A4D03F5F17DE2BAC72C5CE5215895715C38019E6B589B00B9B3C7778E598B ']' 448s + output_file=/tmp/sssd-softhsm2-TfOciM/SSSD-child-7881-auth.output 448s ++ basename /tmp/sssd-softhsm2-TfOciM/SSSD-child-7881-auth.output .output 448s + output_cert_file=/tmp/sssd-softhsm2-TfOciM/SSSD-child-7881-auth.pem 448s + echo -n 053350 448s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/tmp/sssd-softhsm2-TfOciM/test-intermediate-sub-chain-CA.pem --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 --verify=partial_chain --token_name 'Test Organization Sub Int Token' --module_name /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so 448s [p11_child[2347]] [main] (0x0400): p11_child started. 448s [p11_child[2347]] [main] (0x2000): Running in [auth] mode. 448s [p11_child[2347]] [main] (0x2000): Running with effective IDs: [0][0]. 448s [p11_child[2347]] [main] (0x2000): Running with real IDs [0][0]. 448s [p11_child[2347]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 448s [p11_child[2347]] [do_card] (0x4000): Module List: 448s [p11_child[2347]] [do_card] (0x4000): common name: [softhsm2]. 448s [p11_child[2347]] [do_card] (0x4000): dll name: [/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 448s [p11_child[2347]] [do_card] (0x4000): Description [SoftHSM slot ID 0x4dd0d0c4] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 448s [p11_child[2347]] [do_card] (0x4000): Token label [Test Organization Sub Int Token]. 448s [p11_child[2347]] [do_card] (0x4000): Found [Test Organization Sub Int Token] in slot [SoftHSM slot ID 0x4dd0d0c4][1305530564] of module [0][/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 448s [p11_child[2347]] [do_card] (0x4000): Login required. 448s [p11_child[2347]] [read_certs] (0x4000): found cert[Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] 448s [p11_child[2347]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 448s [p11_child[2347]] [do_card] (0x4000): /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so Test Organization Sub Int Token Test Organization Sub Int Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 448s [p11_child[2347]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x4dd0d0c4;slot-manufacturer=SoftHSM%20project;slot-id=1305530564;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=d7fd57834dd0d0c4;token=Test%20Organization%20Sub%20Int%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Sub%20Intermediate%20Trusted%20Certificate%200001;type=cert. 448s [p11_child[2347]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 448s [p11_child[2347]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 448s [p11_child[2347]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 448s [p11_child[2347]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 448s [p11_child[2347]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 448s [p11_child[2347]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 448s [p11_child[2347]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 448s [p11_child[2347]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 448s [p11_child[2347]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 448s [p11_child[2347]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 448s [p11_child[2347]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 448s [p11_child[2347]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 448s [p11_child[2347]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 448s [p11_child[2347]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 448s [p11_child[2347]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 448s [p11_child[2347]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 448s [p11_child[2347]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 448s [p11_child[2347]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 448s [p11_child[2347]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 448s [p11_child[2347]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 448s [p11_child[2347]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 448s [p11_child[2347]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 448s [p11_child[2347]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 448s [p11_child[2347]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 448s [p11_child[2347]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 448s [p11_child[2347]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 448s [p11_child[2347]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 448s [p11_child[2347]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 448s [p11_child[2347]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 448s [p11_child[2347]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 448s [p11_child[2347]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 448s [p11_child[2347]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 448s [p11_child[2347]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 448s [p11_child[2347]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 448s [p11_child[2347]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 448s [p11_child[2347]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 448s [p11_child[2347]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 448s [p11_child[2347]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 448s [p11_child[2347]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 448s [p11_child[2347]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 448s [p11_child[2347]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 448s [p11_child[2347]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 448s [p11_child[2347]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 448s [p11_child[2347]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 448s [p11_child[2347]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 448s [p11_child[2347]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 448s [p11_child[2347]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 448s [p11_child[2347]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 448s [p11_child[2347]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 448s [p11_child[2347]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 448s [p11_child[2347]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 448s [p11_child[2347]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 448s [p11_child[2347]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 448s [p11_child[2347]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 448s [p11_child[2347]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 448s [p11_child[2347]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 448s [p11_child[2347]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 448s [p11_child[2347]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 448s [p11_child[2347]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 448s [p11_child[2347]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 448s [p11_child[2347]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 448s [p11_child[2347]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 448s [p11_child[2347]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 448s [p11_child[2347]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 448s [p11_child[2347]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 448s [p11_child[2347]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 448s [p11_child[2347]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 448s [p11_child[2347]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 448s [p11_child[2347]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 448s [p11_child[2347]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 448s [p11_child[2347]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 448s [p11_child[2347]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 448s [p11_child[2347]] [do_card] (0x4000): Certificate verified and validated. 448s [p11_child[2347]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 448s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-TfOciM/SSSD-child-7881-auth.output 448s + echo '-----BEGIN CERTIFICATE-----' 448s + tail -n1 /tmp/sssd-softhsm2-TfOciM/SSSD-child-7881-auth.output 448s + echo '-----END CERTIFICATE-----' 448s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-TfOciM/SSSD-child-7881-auth.pem 448s Certificate: 448s Data: 448s Version: 3 (0x2) 448s Serial Number: 5 (0x5) 448s Signature Algorithm: sha256WithRSAEncryption 448s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate CA 448s Validity 448s Not Before: Mar 23 21:40:11 2024 GMT 448s Not After : Mar 23 21:40:11 2025 GMT 448s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate Trusted Certificate 0001 448s Subject Public Key Info: 448s Public Key Algorithm: rsaEncryption 448s Public-Key: (1024 bit) 448s Modulus: 448s 00:e1:e2:6d:5d:61:ac:8d:16:09:4f:fd:45:09:bf: 448s 63:05:1c:9b:2c:09:83:a9:44:da:7e:68:38:ac:d9: 448s ab:a0:39:4b:ee:c2:a5:86:47:c4:b7:be:88:9b:00: 448s a4:d4:41:d1:04:ce:ac:de:f0:18:41:a7:d4:40:bf: 448s 53:04:11:1c:c2:11:24:ce:d2:4a:e0:a6:10:cf:05: 448s 02:c3:14:dc:27:1e:72:41:97:29:41:a9:36:0a:0f: 448s c1:9a:f1:93:5d:5f:98:a9:4a:4d:03:f5:f1:7d:e2: 448s ba:c7:2c:5c:e5:21:58:95:71:5c:38:01:9e:6b:58: 448s 9b:00:b9:b3:c7:77:8e:59:8b 448s Exponent: 65537 (0x10001) 448s X509v3 extensions: 448s X509v3 Authority Key Identifier: 448s 3E:C1:42:E9:19:80:E4:62:32:D5:1E:12:70:63:30:C5:83:4D:E2:10 448s X509v3 Basic Constraints: 448s CA:FALSE 448s Netscape Cert Type: 448s SSL Client, S/MIME 448s Netscape Comment: 448s Test Organization Sub Intermediate CA trusted Certificate 448s X509v3 Subject Key Identifier: 448s 0C:4D:0F:D9:0E:2B:75:D5:8E:6A:C2:7A:A8:BB:EB:EF:8F:99:B3:15 448s X509v3 Key Usage: critical 448s Digital Signature, Non Repudiation, Key Encipherment 448s X509v3 Extended Key Usage: 448s TLS Web Client Authentication, E-mail Protection 448s X509v3 Subject Alternative Name: 448s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 448s Signature Algorithm: sha256WithRSAEncryption 448s Signature Value: 448s 45:b6:b1:03:99:54:db:d9:e4:46:61:6b:0f:3f:02:07:ec:70: 448s 1b:d0:b7:dd:34:86:b7:fa:1b:ea:1d:1c:7c:f0:92:39:0d:2f: 448s fb:c8:ca:29:27:99:30:4f:96:8a:88:bf:b1:ca:09:23:bc:8e: 448s 86:e1:9e:73:e6:21:b5:5b:b4:7f:32:c8:8b:9f:27:bf:9a:f3: 448s 3e:63:3c:bf:8f:85:fb:8e:94:85:46:48:e0:b9:ab:c5:c3:47: 448s b4:eb:c5:ea:df:72:83:81:31:62:3a:21:05:a8:d4:be:8b:e0: 448s 46:11:e0:65:0e:56:56:50:19:98:e5:b6:e0:0b:2c:67:a3:d9: 448s 56:70 448s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-TfOciM/SSSD-child-7881-auth.pem 448s + found_md5=Modulus=E1E26D5D61AC8D16094FFD4509BF63051C9B2C0983A944DA7E6838ACD9ABA0394BEEC2A58647C4B7BE889B00A4D441D104CEACDEF01841A7D440BF5304111CC21124CED24AE0A610CF0502C314DC271E7241972941A9360A0FC19AF1935D5F98A94A4D03F5F17DE2BAC72C5CE5215895715C38019E6B589B00B9B3C7778E598B 448s + '[' Modulus=E1E26D5D61AC8D16094FFD4509BF63051C9B2C0983A944DA7E6838ACD9ABA0394BEEC2A58647C4B7BE889B00A4D441D104CEACDEF01841A7D440BF5304111CC21124CED24AE0A610CF0502C314DC271E7241972941A9360A0FC19AF1935D5F98A94A4D03F5F17DE2BAC72C5CE5215895715C38019E6B589B00B9B3C7778E598B '!=' Modulus=E1E26D5D61AC8D16094FFD4509BF63051C9B2C0983A944DA7E6838ACD9ABA0394BEEC2A58647C4B7BE889B00A4D441D104CEACDEF01841A7D440BF5304111CC21124CED24AE0A610CF0502C314DC271E7241972941A9360A0FC19AF1935D5F98A94A4D03F5F17DE2BAC72C5CE5215895715C38019E6B589B00B9B3C7778E598B ']' 448s + set +x 448s 448s Test completed, Root CA and intermediate issued certificates verified! 448s autopkgtest [21:40:15]: test sssd-softhism2-certificates-tests.sh: -----------------------] 449s autopkgtest [21:40:16]: test sssd-softhism2-certificates-tests.sh: - - - - - - - - - - results - - - - - - - - - - 449s sssd-softhism2-certificates-tests.sh PASS 449s autopkgtest [21:40:16]: test sssd-smart-card-pam-auth-configs: preparing testbed 460s Reading package lists... 460s Building dependency tree... 460s Reading state information... 460s Starting pkgProblemResolver with broken count: 0 460s Starting 2 pkgProblemResolver with broken count: 0 460s Done 460s The following additional packages will be installed: 460s pamtester 460s The following NEW packages will be installed: 460s autopkgtest-satdep pamtester 460s 0 upgraded, 2 newly installed, 0 to remove and 0 not upgraded. 460s Need to get 12.2 kB/13.0 kB of archives. 460s After this operation, 36.9 kB of additional disk space will be used. 460s Get:1 /tmp/autopkgtest.3GCwZq/4-autopkgtest-satdep.deb autopkgtest-satdep s390x 0 [764 B] 460s Get:2 http://ftpmaster.internal/ubuntu noble/universe s390x pamtester s390x 0.1.2-4 [12.2 kB] 461s Fetched 12.2 kB in 0s (45.4 kB/s) 461s Selecting previously unselected package pamtester. 461s (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 52325 files and directories currently installed.) 461s Preparing to unpack .../pamtester_0.1.2-4_s390x.deb ... 461s Unpacking pamtester (0.1.2-4) ... 461s Selecting previously unselected package autopkgtest-satdep. 461s Preparing to unpack .../4-autopkgtest-satdep.deb ... 461s Unpacking autopkgtest-satdep (0) ... 461s Setting up pamtester (0.1.2-4) ... 461s Setting up autopkgtest-satdep (0) ... 461s Processing triggers for man-db (2.12.0-3) ... 464s (Reading database ... 52331 files and directories currently installed.) 465s Removing autopkgtest-satdep (0) ... 465s autopkgtest [21:40:32]: test sssd-smart-card-pam-auth-configs: env OFFLINE_MODE=1 bash debian/tests/sssd-smart-card-pam-auth-configs-tester.sh 465s autopkgtest [21:40:32]: test sssd-smart-card-pam-auth-configs: [----------------------- 465s + '[' -z ubuntu ']' 465s + export DEBIAN_FRONTEND=noninteractive 465s + DEBIAN_FRONTEND=noninteractive 465s + required_tools=(pamtester softhsm2-util sssd) 465s + [[ ! -v OFFLINE_MODE ]] 465s + for cmd in "${required_tools[@]}" 465s + command -v pamtester 465s + for cmd in "${required_tools[@]}" 465s + command -v softhsm2-util 465s + for cmd in "${required_tools[@]}" 465s + command -v sssd 465s + PIN=123456 465s ++ mktemp -d -t sssd-softhsm2-certs-XXXXXX 465s + tmpdir=/tmp/sssd-softhsm2-certs-6NrAYp 465s + backupsdir= 465s + alternative_pam_configs=(sss-smart-card-optional sss-smart-card-required) 465s + declare -a restore_paths 465s + declare -a delete_paths 465s + trap handle_exit EXIT 465s ++ dirname debian/tests/sssd-smart-card-pam-auth-configs-tester.sh 465s + tester=debian/tests/sssd-softhism2-certificates-tests.sh 465s + '[' '!' -e debian/tests/sssd-softhism2-certificates-tests.sh ']' 465s + '[' '!' -e debian/tests/sssd-softhism2-certificates-tests.sh ']' 465s + export PIN TEST_TMPDIR=/tmp/sssd-softhsm2-certs-6NrAYp GENERATE_SMART_CARDS=1 KEEP_TEMPORARY_FILES=1 NO_SSSD_TESTS=1 465s + TEST_TMPDIR=/tmp/sssd-softhsm2-certs-6NrAYp 465s + GENERATE_SMART_CARDS=1 465s + KEEP_TEMPORARY_FILES=1 465s + NO_SSSD_TESTS=1 465s + bash debian/tests/sssd-softhism2-certificates-tests.sh 465s + '[' -z ubuntu ']' 465s + required_tools=(p11tool openssl softhsm2-util) 465s + for cmd in "${required_tools[@]}" 466s + command -v p11tool 466s + for cmd in "${required_tools[@]}" 466s + command -v openssl 466s + for cmd in "${required_tools[@]}" 466s + command -v softhsm2-util 466s + PIN=123456 466s +++ find /usr/lib/softhsm/libsofthsm2.so 466s +++ head -n 1 466s ++ realpath /usr/lib/softhsm/libsofthsm2.so 466s + SOFTHSM2_MODULE=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so 466s + SSSD_P11_CHILD=/usr/libexec/sssd/p11_child 466s + TOKEN_ID=00112233445566778899FFAABBCCDDEEFF012345 466s + '[' '!' -v NO_SSSD_TESTS ']' 466s + '[' '!' -e /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so ']' 466s + tmpdir=/tmp/sssd-softhsm2-certs-6NrAYp 466s + keys_size=1024 466s + [[ ! -v KEEP_TEMPORARY_FILES ]] 466s + trap 'set +x; echo -e "\nUnexpected failure!!!"' ERR 466s + echo -n 01 466s + touch /tmp/sssd-softhsm2-certs-6NrAYp/index.txt 466s + mkdir -p /tmp/sssd-softhsm2-certs-6NrAYp/new_certs 466s + cat 466s + root_ca_key_pass=pass:random-root-CA-password-31274 466s + openssl genrsa -aes256 -out /tmp/sssd-softhsm2-certs-6NrAYp/test-root-CA-key.pem -passout pass:random-root-CA-password-31274 1024 466s + openssl req -passin pass:random-root-CA-password-31274 -batch -config /tmp/sssd-softhsm2-certs-6NrAYp/test-root-CA.config -x509 -new -nodes -key /tmp/sssd-softhsm2-certs-6NrAYp/test-root-CA-key.pem -sha256 -days 1024 -set_serial 0 -extensions v3_ca -out /tmp/sssd-softhsm2-certs-6NrAYp/test-root-CA.pem 466s + openssl x509 -noout -in /tmp/sssd-softhsm2-certs-6NrAYp/test-root-CA.pem 466s + cat 466s + intermediate_ca_key_pass=pass:random-intermediate-CA-password-29332 466s + openssl genrsa -aes256 -out /tmp/sssd-softhsm2-certs-6NrAYp/test-intermediate-CA-key.pem -passout pass:random-intermediate-CA-password-29332 1024 466s + openssl req -batch -new -nodes -passin pass:random-intermediate-CA-password-29332 -config /tmp/sssd-softhsm2-certs-6NrAYp/test-intermediate-CA.config -key /tmp/sssd-softhsm2-certs-6NrAYp/test-intermediate-CA-key.pem -passout pass:random-root-CA-password-31274 -sha256 -extensions v3_ca -out /tmp/sssd-softhsm2-certs-6NrAYp/test-intermediate-CA-certificate-request.pem 466s + openssl req -text -noout -in /tmp/sssd-softhsm2-certs-6NrAYp/test-intermediate-CA-certificate-request.pem 466s + openssl ca -batch -notext -config /tmp/sssd-softhsm2-certs-6NrAYp/test-root-CA.config -passin pass:random-root-CA-password-31274 -keyfile /tmp/sssd-softhsm2-certs-6NrAYp/test-root-CA-key.pem -in /tmp/sssd-softhsm2-certs-6NrAYp/test-intermediate-CA-certificate-request.pem -days 365 -extensions v3_intermediate_ca -out /tmp/sssd-softhsm2-certs-6NrAYp/test-intermediate-CA.pem 466s Certificate Request: 466s Data: 466s Version: 1 (0x0) 466s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate CA 466s Subject Public Key Info: 466s Public Key Algorithm: rsaEncryption 466s Public-Key: (1024 bit) 466s Modulus: 466s 00:a2:43:13:0c:91:a8:e6:29:12:e3:08:27:bd:82: 466s 92:4e:df:9f:0f:4c:57:e5:1e:3b:e7:bd:55:0c:ba: 466s f6:c2:bd:5a:0e:4a:5d:aa:eb:dc:57:25:3e:0e:e1: 466s 39:16:b2:e5:6f:14:a4:89:d9:ff:f1:02:4f:dc:e4: 466s c0:a5:b7:83:4f:66:fc:b1:05:37:38:ca:36:71:75: 466s c7:80:71:6f:6f:db:a9:30:3e:91:58:9b:1c:66:9a: 466s e9:c1:07:c7:4e:3c:cb:8a:c7:80:27:8a:b3:cf:c7: 466s b9:33:61:0d:da:4b:4d:ed:32:46:10:28:af:c3:49: 466s 0d:8b:b3:a7:0d:a0:f5:53:15 466s Exponent: 65537 (0x10001) 466s Attributes: 466s (none) 466s Requested Extensions: 466s Signature Algorithm: sha256WithRSAEncryption 466s Signature Value: 466s 5d:7b:ce:6c:ad:55:f3:bb:f2:25:fc:eb:2a:4e:9d:45:9b:e3: 466s b0:76:15:da:70:b1:06:69:d7:e8:8b:97:74:80:0c:11:bd:eb: 466s 56:7d:f4:3c:4e:03:7d:31:65:d5:e9:3e:95:2f:d4:53:21:8a: 466s 46:28:81:ab:a3:af:c3:da:a5:18:87:17:ac:ea:81:29:4f:82: 466s 4b:aa:8f:4e:e1:8c:9e:49:90:2c:c6:11:83:b6:87:50:1e:8c: 466s 12:da:58:c6:7f:4f:fe:02:f1:b0:8b:93:f3:5f:f0:47:bc:62: 466s 8f:f0:6a:47:c0:9a:8d:cf:f2:ed:ae:20:1e:b8:00:4e:24:f4: 466s 26:d3 466s Using configuration from /tmp/sssd-softhsm2-certs-6NrAYp/test-root-CA.config 466s Check that the request matches the signature 466s Signature ok 466s Certificate Details: 466s Serial Number: 1 (0x1) 466s Validity 466s Not Before: Mar 23 21:40:33 2024 GMT 466s Not After : Mar 23 21:40:33 2025 GMT 466s Subject: 466s organizationName = Test Organization 466s organizationalUnitName = Test Organization Unit 466s commonName = Test Organization Intermediate CA 466s X509v3 extensions: 466s X509v3 Subject Key Identifier: 466s 4D:8D:8F:35:0E:08:DB:B2:D0:E7:99:3D:3C:C3:1D:6F:EE:64:A7:20 466s X509v3 Authority Key Identifier: 466s keyid:34:7E:0B:F8:BF:8F:43:CB:8B:99:AF:AA:4C:E7:70:0E:20:67:DA:61 466s DirName:/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root CA 466s serial:00 466s X509v3 Basic Constraints: 466s CA:TRUE 466s X509v3 Key Usage: critical 466s Digital Signature, Certificate Sign, CRL Sign 466s Certificate is to be certified until Mar 23 21:40:33 2025 GMT (365 days) 466s 466s Write out database with 1 new entries 466s Database updated 466s + openssl x509 -noout -in /tmp/sssd-softhsm2-certs-6NrAYp/test-intermediate-CA.pem 466s + openssl verify -CAfile /tmp/sssd-softhsm2-certs-6NrAYp/test-root-CA.pem /tmp/sssd-softhsm2-certs-6NrAYp/test-intermediate-CA.pem 466s /tmp/sssd-softhsm2-certs-6NrAYp/test-intermediate-CA.pem: OK 466s + cat 466s + sub_intermediate_ca_key_pass=pass:random-sub-intermediate-CA-password-28656 466s + openssl genrsa -aes256 -out /tmp/sssd-softhsm2-certs-6NrAYp/test-sub-intermediate-CA-key.pem -passout pass:random-sub-intermediate-CA-password-28656 1024 466s + openssl req -batch -new -nodes -passin pass:random-sub-intermediate-CA-password-28656 -config /tmp/sssd-softhsm2-certs-6NrAYp/test-sub-intermediate-CA.config -key /tmp/sssd-softhsm2-certs-6NrAYp/test-sub-intermediate-CA-key.pem -passout pass:random-intermediate-CA-password-29332 -sha256 -extensions v3_ca -out /tmp/sssd-softhsm2-certs-6NrAYp/test-sub-intermediate-CA-certificate-request.pem 466s + openssl req -text -noout -in /tmp/sssd-softhsm2-certs-6NrAYp/test-sub-intermediate-CA-certificate-request.pem 466s + openssl ca -batch -notext -config /tmp/sssd-softhsm2-certs-6NrAYp/test-intermediate-CA.config -passin pass:random-intermediate-CA-password-29332 -keyfile /tmp/sssd-softhsm2-certs-6NrAYp/test-intermediate-CA-key.pem -in /tmp/sssd-softhsm2-certs-6NrAYp/test-sub-intermediate-CA-certificate-request.pem -days 365 -extensions v3_intermediate_ca -out /tmp/sssd-softhsm2-certs-6NrAYp/test-sub-intermediate-CA.pem 466s Certificate Request: 466s Data: 466s Version: 1 (0x0) 466s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate CA 466s Subject Public Key Info: 466s Public Key Algorithm: rsaEncryption 466s Public-Key: (1024 bit) 466s Modulus: 466s 00:aa:79:4b:f3:37:82:8e:3d:32:04:f3:7c:36:d7: 466s 45:c8:dd:ec:15:e2:a8:58:17:e4:f6:56:fc:aa:31: 466s a9:91:69:06:d9:c6:e0:fa:c8:97:6a:69:72:ad:b0: 466s 25:dd:89:c7:14:e1:af:73:79:44:6a:15:a0:a3:5e: 466s 9f:b1:d2:37:ca:b1:d0:14:a4:82:2f:8a:ee:3a:38: 466s 6a:b4:b3:7f:90:b5:db:a7:0c:89:99:62:76:b5:e4: 466s 3a:6c:6c:26:10:18:b8:62:6b:41:ed:47:20:c0:28: 466s b1:d2:2f:1e:f5:a2:7b:e6:b5:86:3f:59:08:e9:24: 466s cb:18:cc:ba:30:00:70:fa:15 466s Exponent: 65537 (0x10001) 466s Attributes: 466s (none) 466s Requested Extensions: 466s Signature Algorithm: sha256WithRSAEncryption 466s Signature Value: 466s 1f:27:9d:3c:0f:56:85:84:0e:8d:66:08:12:4c:4d:40:e3:2d: 466s 7e:ac:ce:12:62:9b:69:be:fd:27:db:6d:6f:59:60:24:26:41: 466s a7:82:cb:c7:5c:8b:7b:42:05:e5:68:7b:05:fd:25:a3:1f:1c: 466s 5d:a5:10:a9:3d:d0:45:72:1a:21:29:f9:e6:74:55:77:f7:e9: 466s d6:63:db:fd:aa:af:bc:8e:9f:68:d6:77:99:eb:28:68:94:9d: 466s 0d:d2:4c:06:2f:2c:26:cf:fd:5d:12:75:ac:b1:ff:36:82:ea: 466s b7:cb:76:07:3d:56:3d:e7:ce:ac:72:03:5a:99:68:3c:45:1e: 466s c9:fa 466s Using configuration from /tmp/sssd-softhsm2-certs-6NrAYp/test-intermediate-CA.config 466s Check that the request matches the signature 466s Signature ok 466s Certificate Details: 466s Serial Number: 2 (0x2) 466s Validity 466s Not Before: Mar 23 21:40:33 2024 GMT 466s Not After : Mar 23 21:40:33 2025 GMT 466s Subject: 466s organizationName = Test Organization 466s organizationalUnitName = Test Organization Unit 466s commonName = Test Organization Sub Intermediate CA 466s X509v3 extensions: 466s X509v3 Subject Key Identifier: 466s 5F:A7:D8:F5:EC:8F:ED:4F:1E:29:FF:05:A9:94:E7:3C:A9:B2:02:41 466s X509v3 Authority Key Identifier: 466s keyid:4D:8D:8F:35:0E:08:DB:B2:D0:E7:99:3D:3C:C3:1D:6F:EE:64:A7:20 466s DirName:/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root CA 466s serial:01 466s X509v3 Basic Constraints: 466s CA:TRUE 466s X509v3 Key Usage: critical 466s Digital Signature, Certificate Sign, CRL Sign 466s Certificate is to be certified until Mar 23 21:40:33 2025 GMT (365 days) 466s 466s Write out database with 1 new entries 466s Database updated 466s + openssl x509 -noout -in /tmp/sssd-softhsm2-certs-6NrAYp/test-sub-intermediate-CA.pem 466s + openssl verify -partial_chain -CAfile /tmp/sssd-softhsm2-certs-6NrAYp/test-intermediate-CA.pem /tmp/sssd-softhsm2-certs-6NrAYp/test-sub-intermediate-CA.pem 466s + expect_fail openssl verify -CAfile /tmp/sssd-softhsm2-certs-6NrAYp/test-root-CA.pem /tmp/sssd-softhsm2-certs-6NrAYp/test-sub-intermediate-CA.pem 466s + local cmd=openssl 466s + shift 466s + openssl verify -CAfile /tmp/sssd-softhsm2-certs-6NrAYp/test-root-CA.pem /tmp/sssd-softhsm2-certs-6NrAYp/test-sub-intermediate-CA.pem 466s /tmp/sssd-softhsm2-certs-6NrAYp/test-sub-intermediate-CA.pem: OK 466s O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate CA 466s error 20 at 0 depth lookup: unable to get local issuer certificate 466s error /tmp/sssd-softhsm2-certs-6NrAYp/test-sub-intermediate-CA.pem: verification failed 466s + cat 466s + root_ca_trusted_cert_0001_key_pass=pass:random-root-ca-trusted-cert-0001-25820 466s + openssl genrsa -aes256 -out /tmp/sssd-softhsm2-certs-6NrAYp/test-root-CA-trusted-certificate-0001-key.pem -passout pass:random-root-ca-trusted-cert-0001-25820 1024 466s + openssl req -new -nodes -reqexts req_exts -passin pass:random-root-ca-trusted-cert-0001-25820 -key /tmp/sssd-softhsm2-certs-6NrAYp/test-root-CA-trusted-certificate-0001-key.pem -config /tmp/sssd-softhsm2-certs-6NrAYp/test-root-CA-trusted-certificate-0001.config -out /tmp/sssd-softhsm2-certs-6NrAYp/test-root-CA-trusted-certificate-0001-request.pem 466s + openssl req -text -noout -in /tmp/sssd-softhsm2-certs-6NrAYp/test-root-CA-trusted-certificate-0001-request.pem 466s + openssl ca -batch -notext -config /tmp/sssd-softhsm2-certs-6NrAYp/test-root-CA.config -passin pass:random-root-CA-password-31274 -keyfile /tmp/sssd-softhsm2-certs-6NrAYp/test-root-CA-key.pem -in /tmp/sssd-softhsm2-certs-6NrAYp/test-root-CA-trusted-certificate-0001-request.pem -days 365 -extensions usr_cert -out /tmp/sssd-softhsm2-certs-6NrAYp/test-root-CA-trusted-certificate-0001.pem 466s Certificate Request: 466s Data: 466s Version: 1 (0x0) 466s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root Trusted Certificate 0001 466s Subject Public Key Info: 466s Public Key Algorithm: rsaEncryption 466s Public-Key: (1024 bit) 466s Modulus: 466s 00:93:ec:c7:ad:62:a3:14:a7:a6:5f:a6:68:31:80: 466s ca:cd:b1:f0:4f:3b:74:b2:01:51:bf:c4:ce:4c:be: 466s e6:b9:fd:d8:96:69:4b:07:5f:50:06:a8:31:8a:b9: 466s 6c:36:48:aa:0c:7d:d7:fb:65:90:04:93:98:50:e8: 466s 6e:a0:ec:8e:68:3d:f8:e4:50:81:50:e0:2f:98:cc: 466s 83:c0:03:b2:5e:da:94:a0:5d:47:91:65:6a:a8:2f: 466s 73:0c:26:b1:a6:fc:4f:d1:0a:d3:9f:53:92:31:40: 466s 02:d2:23:93:7a:a0:dd:32:f5:5f:48:26:85:70:a3: 466s 01:36:ff:ca:b1:2a:d1:e4:31 466s Exponent: 65537 (0x10001) 466s Attributes: 466s Requested Extensions: 466s X509v3 Basic Constraints: 466s CA:FALSE 466s Netscape Cert Type: 466s SSL Client, S/MIME 466s Netscape Comment: 466s Test Organization Root CA trusted Certificate 466s X509v3 Subject Key Identifier: 466s DC:0E:FE:FA:4C:D8:0A:5F:7D:47:6B:88:CC:88:29:21:D6:D1:39:24 466s X509v3 Key Usage: critical 466s Digital Signature, Non Repudiation, Key Encipherment 466s X509v3 Extended Key Usage: 466s TLS Web Client Authentication, E-mail Protection 466s X509v3 Subject Alternative Name: 466s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 466s Signature Algorithm: sha256WithRSAEncryption 466s Signature Value: 466s 75:b6:f6:10:19:03:2c:97:a1:45:c5:01:b4:9a:fe:d5:67:b5: 466s f3:b0:bb:e6:11:43:65:29:5d:b6:5d:e1:80:e9:77:bf:d9:f5: 466s 66:b8:9f:a0:65:7f:ac:99:7e:08:89:e1:02:a2:24:fc:f4:2e: 466s c8:58:8c:3b:77:4a:8f:fd:bc:93:d3:12:67:e2:16:f7:5d:7b: 466s 8d:a3:c5:92:8e:d9:b6:52:2c:55:f2:11:a8:21:ca:dd:23:10: 466s 59:fe:55:e8:b6:be:2b:53:92:f9:d4:76:f3:bb:2e:bb:1b:79: 466s e2:a1:d1:c7:b8:ba:a9:35:6e:3b:69:3a:e1:b1:93:d6:c2:0c: 466s b8:5d 466s Using configuration from /tmp/sssd-softhsm2-certs-6NrAYp/test-root-CA.config 466s Check that the request matches the signature 466s Signature ok 466s Certificate Details: 466s Serial Number: 3 (0x3) 466s Validity 466s Not Before: Mar 23 21:40:33 2024 GMT 466s Not After : Mar 23 21:40:33 2025 GMT 466s Subject: 466s organizationName = Test Organization 466s organizationalUnitName = Test Organization Unit 466s commonName = Test Organization Root Trusted Certificate 0001 466s X509v3 extensions: 466s X509v3 Authority Key Identifier: 466s 34:7E:0B:F8:BF:8F:43:CB:8B:99:AF:AA:4C:E7:70:0E:20:67:DA:61 466s X509v3 Basic Constraints: 466s CA:FALSE 466s Netscape Cert Type: 466s SSL Client, S/MIME 466s Netscape Comment: 466s Test Organization Root CA trusted Certificate 466s X509v3 Subject Key Identifier: 466s DC:0E:FE:FA:4C:D8:0A:5F:7D:47:6B:88:CC:88:29:21:D6:D1:39:24 466s X509v3 Key Usage: critical 466s Digital Signature, Non Repudiation, Key Encipherment 466s X509v3 Extended Key Usage: 466s TLS Web Client Authentication, E-mail Protection 466s X509v3 Subject Alternative Name: 466s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 466s Certificate is to be certified until Mar 23 21:40:33 2025 GMT (365 days) 466s 466s Write out database with 1 new entries 466s Database updated 466s + openssl x509 -noout -in /tmp/sssd-softhsm2-certs-6NrAYp/test-root-CA-trusted-certificate-0001.pem 466s + openssl verify -CAfile /tmp/sssd-softhsm2-certs-6NrAYp/test-root-CA.pem /tmp/sssd-softhsm2-certs-6NrAYp/test-root-CA-trusted-certificate-0001.pem 466s + expect_fail openssl verify -CAfile /tmp/sssd-softhsm2-certs-6NrAYp/test-intermediate-CA.pem /tmp/sssd-softhsm2-certs-6NrAYp/test-root-CA-trusted-certificate-0001.pem 466s + local cmd=openssl 466s + shift 466s + openssl verify -CAfile /tmp/sssd-softhsm2-certs-6NrAYp/test-intermediate-CA.pem /tmp/sssd-softhsm2-certs-6NrAYp/test-root-CA-trusted-certificate-0001.pem 466s O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root Trusted Certificate 0001 466s error 20 at 0 depth lookup: unable to get local issuer certificate 466s error /tmp/sssd-softhsm2-certs-6NrAYp/test-root-CA-trusted-certificate-0001.pem: verification failed 466s + cat 466s + intermediate_ca_trusted_cert_0001_key_pass=pass:random-intermediate-ca-trusted-cert-0001-14934 466s + openssl genrsa -aes256 -out /tmp/sssd-softhsm2-certs-6NrAYp/test-intermediate-CA-trusted-certificate-0001-key.pem -passout pass:random-intermediate-ca-trusted-cert-0001-14934 1024 466s /tmp/sssd-softhsm2-certs-6NrAYp/test-root-CA-trusted-certificate-0001.pem: OK 466s + openssl req -new -nodes -reqexts req_exts -passin pass:random-intermediate-ca-trusted-cert-0001-14934 -key /tmp/sssd-softhsm2-certs-6NrAYp/test-intermediate-CA-trusted-certificate-0001-key.pem -config /tmp/sssd-softhsm2-certs-6NrAYp/test-intermediate-CA-trusted-certificate-0001.config -out /tmp/sssd-softhsm2-certs-6NrAYp/test-intermediate-CA-trusted-certificate-0001-request.pem 466s + openssl req -text -noout -in /tmp/sssd-softhsm2-certs-6NrAYp/test-intermediate-CA-trusted-certificate-0001-request.pem 466s + openssl ca -passin pass:random-intermediate-CA-password-29332 -config /tmp/sssd-softhsm2-certs-6NrAYp/test-intermediate-CA.config -batch -notext -keyfile /tmp/sssd-softhsm2-certs-6NrAYp/test-intermediate-CA-key.pem -in /tmp/sssd-softhsm2-certs-6NrAYp/test-intermediate-CA-trusted-certificate-0001-request.pem -days 365 -extensions usr_cert -out /tmp/sssd-softhsm2-certs-6NrAYp/test-intermediate-CA-trusted-certificate-0001.pem 466s Using configuration from /tmp/sssd-softhsm2-certs-6NrAYp/test-intermediate-CA.config 466s Check that the request matches the signature 466s Signature ok 466s Certificate Details: 466s Serial Number: 4 (0x4) 466s Validity 466s Not Before: Mar 23 21:40:33 2024 GMT 466s Not After : Mar 23 21:40:33 2025 GMT 466s Subject: 466s organizationName = Test Organization 466s organizationalUnitName = Test Organization Unit 466s commonName = Test Organization Intermediate Trusted Certificate 0001 466s X509v3 extensions: 466s X509v3 Authority Key Identifier: 466s 4D:8D:8F:35:0E:08:DB:B2:D0:E7:99:3D:3C:C3:1D:6F:EE:64:A7:20 466s X509v3 Basic Constraints: 466s CA:FALSE 466s Netscape Cert Type: 466s SSL Client, S/MIME 466s Netscape Comment: 466s Test Organization Intermediate CA trusted Certificate 466s X509v3 Subject Key Identifier: 466s 1C:8D:D7:E0:EE:55:FC:F7:BF:90:06:A9:F6:2F:41:9F:06:73:BE:56 466s X509v3 Key Usage: critical 466s Digital Signature, Non Repudiation, Key Encipherment 466s X509v3 Extended Key Usage: 466s TLS Web Client Authentication, E-mail Protection 466s X509v3 Subject Alternative Name: 466s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 466s Certificate is to be certified until Mar 23 21:40:33 2025 GMT (365 days) 466s 466s Write out database with 1 new entries 466s Database updated 466s + openssl x509 -noout -in /tmp/sssd-softhsm2-certs-6NrAYp/test-intermediate-CA-trusted-certificate-0001.pem 466s Certificate Request: 466s Data: 466s Version: 1 (0x0) 466s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate Trusted Certificate 0001 466s Subject Public Key Info: 466s Public Key Algorithm: rsaEncryption 466s Public-Key: (1024 bit) 466s Modulus: 466s 00:b4:ea:d5:00:72:ff:d0:21:90:3d:12:5c:6a:8c: 466s 3f:09:71:a7:86:b3:04:a9:16:90:58:e2:57:19:d2: 466s 86:3b:78:fa:cb:f9:1e:c1:e6:d1:f5:63:52:c2:a8: 466s 73:20:f8:25:98:4b:0d:5b:f7:2f:4e:e7:67:c9:7e: 466s 9e:45:0e:3b:79:b8:4e:af:ba:c2:39:13:d6:e1:18: 466s bd:42:06:ab:d6:7c:b4:3f:02:f0:6a:2c:1c:33:22: 466s ca:60:bc:d4:62:11:10:6c:9b:15:10:cb:9e:a1:04: 466s 2c:e3:c5:ed:c6:d7:c8:87:21:76:f0:cc:65:b5:09: 466s 28:ea:ee:d0:06:f7:9d:b1:15 466s Exponent: 65537 (0x10001) 466s Attributes: 466s Requested Extensions: 466s X509v3 Basic Constraints: 466s CA:FALSE 466s Netscape Cert Type: 466s SSL Client, S/MIME 466s Netscape Comment: 466s Test Organization Intermediate CA trusted Certificate 466s X509v3 Subject Key Identifier: 466s 1C:8D:D7:E0:EE:55:FC:F7:BF:90:06:A9:F6:2F:41:9F:06:73:BE:56 466s X509v3 Key Usage: critical 466s Digital Signature, Non Repudiation, Key Encipherment 466s X509v3 Extended Key Usage: 466s TLS Web Client Authentication, E-mail Protection 466s X509v3 Subject Alternative Name: 466s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 466s Signature Algorithm: sha256WithRSAEncryption 466s Signature Value: 466s 3a:fc:ea:24:82:da:09:8d:f9:3e:94:18:0a:68:51:f3:57:f4: 466s 23:00:bc:ce:9f:46:ba:3a:14:05:5a:0a:7a:d3:45:ba:46:7e: 466s 85:d6:e0:6e:28:35:54:69:bf:98:db:d3:bf:09:70:7c:af:14: 466s 2d:96:fe:d7:fb:f4:18:15:c7:73:d8:2c:bb:b9:e9:b4:bb:93: 466s e2:8f:b1:a7:cc:b8:37:18:86:8d:73:57:69:d9:18:4e:df:76: 466s 17:d7:40:a3:7c:2b:3f:0d:af:02:ae:a4:8e:05:1a:5f:86:0f: 466s 1e:ec:c7:14:07:f5:c5:28:5c:4d:60:c7:ea:36:7a:63:da:47: 466s 9f:1b 466s + echo 'This certificate should not be trusted fully' 466s + expect_fail openssl verify -CAfile /tmp/sssd-softhsm2-certs-6NrAYp/test-intermediate-CA.pem /tmp/sssd-softhsm2-certs-6NrAYp/test-intermediate-CA-trusted-certificate-0001.pem 466s + local cmd=openssl 466s + shift 466s + openssl verify -CAfile /tmp/sssd-softhsm2-certs-6NrAYp/test-intermediate-CA.pem /tmp/sssd-softhsm2-certs-6NrAYp/test-intermediate-CA-trusted-certificate-0001.pem 466s This certificate should not be trusted fully 466s O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate CA 466s error 2 at 1 depth lookup: unable to get issuer certificate 466s error /tmp/sssd-softhsm2-certs-6NrAYp/test-intermediate-CA-trusted-certificate-0001.pem: verification failed 466s + openssl verify -partial_chain -CAfile /tmp/sssd-softhsm2-certs-6NrAYp/test-intermediate-CA.pem /tmp/sssd-softhsm2-certs-6NrAYp/test-intermediate-CA-trusted-certificate-0001.pem 466s /tmp/sssd-softhsm2-certs-6NrAYp/test-intermediate-CA-trusted-certificate-0001.pem: OK 466s + cat 466s + sub_intermediate_ca_trusted_cert_0001_key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-23956 466s + openssl genrsa -aes256 -out /tmp/sssd-softhsm2-certs-6NrAYp/test-sub-intermediate-CA-trusted-certificate-0001-key.pem -passout pass:random-sub-intermediate-ca-trusted-cert-0001-23956 1024 466s + openssl req -new -nodes -reqexts req_exts -passin pass:random-sub-intermediate-ca-trusted-cert-0001-23956 -key /tmp/sssd-softhsm2-certs-6NrAYp/test-sub-intermediate-CA-trusted-certificate-0001-key.pem -config /tmp/sssd-softhsm2-certs-6NrAYp/test-sub-intermediate-CA-trusted-certificate-0001.config -out /tmp/sssd-softhsm2-certs-6NrAYp/test-sub-intermediate-CA-trusted-certificate-0001-request.pem 466s + openssl req -text -noout -in /tmp/sssd-softhsm2-certs-6NrAYp/test-sub-intermediate-CA-trusted-certificate-0001-request.pem 466s Certificate Request: 466s Data: 466s Version: 1 (0x0) 466s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate Trusted Certificate 0001 466s Subject Public Key Info: 466s Public Key Algorithm: rsaEncryption 466s Public-Key: (1024 bit) 466s Modulus: 466s 00:bf:60:63:84:42:c6:95:3a:bf:bf:46:8f:49:ac: 466s f2:13:7d:0a:25:7e:71:d1:2c:8f:0c:3d:af:d9:9a: 466s cf:2a:4e:68:f5:a4:f0:a6:ef:9e:1b:ec:36:d4:d5: 466s 4b:c8:70:a3:62:21:47:3c:39:44:83:5b:51:47:e0: 466s 23:86:38:ce:a3:1d:96:e2:d6:0c:e2:78:ec:d8:84: 466s 79:d4:0f:14:36:38:66:6c:fb:a7:22:b4:6e:ef:0c: 466s ee:38:00:4b:cf:4f:6d:de:17:c1:de:f7:c1:d1:49: 466s f3:66:af:53:a0:d8:0c:a2:aa:68:c2:d5:ac:14:45: 466s b7:e4:01:15:bd:b8:58:f7:67 466s Exponent: 65537 (0x10001) 466s Attributes: 466s Requested Extensions: 466s X509v3 Basic Constraints: 466s CA:FALSE 466s Netscape Cert Type: 466s SSL Client, S/MIME 466s Netscape Comment: 466s Test Organization Sub Intermediate CA trusted Certificate 466s X509v3 Subject Key Identifier: 466s CF:62:1F:FC:E7:B5:DD:2D:6F:E7:08:95:E5:72:0C:AB:EE:DE:45:69 466s X509v3 Key Usage: critical 466s Digital Signature, Non Repudiation, Key Encipherment 466s X509v3 Extended Key Usage: 466s TLS Web Client Authentication, E-mail Protection 466s X509v3 Subject Alternative Name: 466s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 466s Signature Algorithm: sha256WithRSAEncryption 466s Signature Value: 466s 1b:72:ac:59:ec:02:13:2e:29:68:22:65:e0:ad:f0:40:a4:4f: 466s 84:44:68:33:8c:77:86:c1:8c:d0:27:2c:5c:17:ab:a9:7b:64: 466s a4:ad:7f:ca:9c:05:89:ad:5b:b2:71:8a:2f:59:bc:c9:e7:92: 466s 8f:bf:34:dc:8a:6a:39:3b:6d:ae:1f:76:ea:c4:d6:7a:51:9d: 466s f4:f3:74:5b:8c:64:77:e2:5b:c9:82:62:c3:be:f7:5a:07:8a: 466s 76:d0:d8:ed:27:30:d0:9a:53:ab:3f:6b:2e:db:7c:76:f9:06: 466s dc:93:10:11:f0:93:a1:c0:ad:ba:92:86:c9:2a:f5:57:ce:97: 466s ac:30 466s + openssl ca -passin pass:random-sub-intermediate-CA-password-28656 -config /tmp/sssd-softhsm2-certs-6NrAYp/test-sub-intermediate-CA.config -batch -notext -keyfile /tmp/sssd-softhsm2-certs-6NrAYp/test-sub-intermediate-CA-key.pem -in /tmp/sssd-softhsm2-certs-6NrAYp/test-sub-intermediate-CA-trusted-certificate-0001-request.pem -days 365 -extensions usr_cert -out /tmp/sssd-softhsm2-certs-6NrAYp/test-sub-intermediate-CA-trusted-certificate-0001.pem 466s Using configuration from /tmp/sssd-softhsm2-certs-6NrAYp/test-sub-intermediate-CA.config 466s Check that the request matches the signature 466s Signature ok 466s Certificate Details: 466s Serial Number: 5 (0x5) 466s Validity 466s Not Before: Mar 23 21:40:33 2024 GMT 466s Not After : Mar 23 21:40:33 2025 GMT 466s Subject: 466s organizationName = Test Organization 466s organizationalUnitName = Test Organization Unit 466s commonName = Test Organization Sub Intermediate Trusted Certificate 0001 466s X509v3 extensions: 466s X509v3 Authority Key Identifier: 466s 5F:A7:D8:F5:EC:8F:ED:4F:1E:29:FF:05:A9:94:E7:3C:A9:B2:02:41 466s X509v3 Basic Constraints: 466s CA:FALSE 466s Netscape Cert Type: 466s SSL Client, S/MIME 466s Netscape Comment: 466s Test Organization Sub Intermediate CA trusted Certificate 466s X509v3 Subject Key Identifier: 466s CF:62:1F:FC:E7:B5:DD:2D:6F:E7:08:95:E5:72:0C:AB:EE:DE:45:69 466s X509v3 Key Usage: critical 466s Digital Signature, Non Repudiation, Key Encipherment 466s X509v3 Extended Key Usage: 466s TLS Web Client Authentication, E-mail Protection 466s X509v3 Subject Alternative Name: 466s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 466s Certificate is to be certified until Mar 23 21:40:33 2025 GMT (365 days) 466s 466s Write out database with 1 new entries 466s Database updated 466s + openssl x509 -noout -in /tmp/sssd-softhsm2-certs-6NrAYp/test-sub-intermediate-CA-trusted-certificate-0001.pem 466s + echo 'This certificate should not be trusted fully' 466s + expect_fail openssl verify -CAfile /tmp/sssd-softhsm2-certs-6NrAYp/test-sub-intermediate-CA.pem /tmp/sssd-softhsm2-certs-6NrAYp/test-sub-intermediate-CA-trusted-certificate-0001.pem 466s + local cmd=openssl 466s + shift 466s + openssl verify -CAfile /tmp/sssd-softhsm2-certs-6NrAYp/test-sub-intermediate-CA.pem /tmp/sssd-softhsm2-certs-6NrAYp/test-sub-intermediate-CA-trusted-certificate-0001.pem 466s O = Test Organization, OU = Test Organization UniThis certificate should not be trusted fully 466s t, CN = Test Organization Sub Intermediate CA 466s error 2 at 1 depth lookup: unable to get issuer certificate 466s error /tmp/sssd-softhsm2-certs-6NrAYp/test-sub-intermediate-CA-trusted-certificate-0001.pem: verification failed 466s + expect_fail openssl verify -CAfile /tmp/sssd-softhsm2-certs-6NrAYp/test-intermediate-CA.pem /tmp/sssd-softhsm2-certs-6NrAYp/test-sub-intermediate-CA-trusted-certificate-0001.pem 466s + local cmd=openssl 466s + shift 466s + openssl verify -CAfile /tmp/sssd-softhsm2-certs-6NrAYp/test-intermediate-CA.pem /tmp/sssd-softhsm2-certs-6NrAYp/test-sub-intermediate-CA-trusted-certificate-0001.pem 466s O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate Trusted Certificate 0001 466s error 20 at 0 depth lookup: unable to get local issuer certificate 466s error /tmp/sssd-softhsm2-certs-6NrAYp/test-sub-intermediate-CA-trusted-certificate-0001.pem: verification failed 466s + openssl verify -partial_chain -CAfile /tmp/sssd-softhsm2-certs-6NrAYp/test-sub-intermediate-CA.pem /tmp/sssd-softhsm2-certs-6NrAYp/test-sub-intermediate-CA-trusted-certificate-0001.pem 466s + expect_fail openssl verify -partial_chain -CAfile /tmp/sssd-softhsm2-certs-6NrAYp/test-intermediate-CA.pem /tmp/sssd-softhsm2-certs-6NrAYp/test-sub-intermediate-CA-trusted-certificate-0001.pem 466s + local cmd=openssl 466s + shift 466s + openssl verify -partial_chain -CAfile /tmp/sssd-softhsm2-certs-6NrAYp/test-intermediate-CA.pem /tmp/sssd-softhsm2-certs-6NrAYp/test-sub-intermediate-CA-trusted-certificate-0001.pem 466s O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate Trusted Certificate 0001 466s error 20 at 0 depth lookup: unable to get local issuer certificate 466s error /tmp/sssd-softhsm2-certs-6NrAYp/test-sub-intermediate-CA-trusted-certificate-0001.pem: verification failed 466s + echo 'Building a the full-chain CA file...' 466s + cat /tmp/sssd-softhsm2-certs-6NrAYp/test-root-CA.pem /tmp/sssd-softhsm2-certs-6NrAYp/test-intermediate-CA.pem /tmp/sssd-softhsm2-certs-6NrAYp/test-sub-intermediate-CA.pem 466s + cat /tmp/sssd-softhsm2-certs-6NrAYp/test-root-CA.pem /tmp/sssd-softhsm2-certs-6NrAYp/test-intermediate-CA.pem 466s + cat /tmp/sssd-softhsm2-certs-6NrAYp/test-intermediate-CA.pem /tmp/sssd-softhsm2-certs-6NrAYp/test-sub-intermediate-CA.pem 466s /tmp/sssd-softhsm2-certs-6NrAYp/test-sub-intermediate-CA-trusted-certificate-0001.pem: OK 466s Building a the full-chain CA file... 466s + openssl crl2pkcs7 -nocrl -certfile /tmp/sssd-softhsm2-certs-6NrAYp/test-full-chain-CA.pem 466s + openssl pkcs7 -print_certs -noout 466s subject=O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root CA 466s issuer=O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root CA 466s 466s subject=O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate CA 466s issuer=O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root CA 466s 466s subject=O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate CA 466s issuer=O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate CA 466s 466s + openssl verify -CAfile /tmp/sssd-softhsm2-certs-6NrAYp/test-full-chain-CA.pem /tmp/sssd-softhsm2-certs-6NrAYp/test-intermediate-CA.pem 466s /tmp/sssd-softhsm2-certs-6NrAYp/test-intermediate-CA.pem: OK 466s + openssl verify -CAfile /tmp/sssd-softhsm2-certs-6NrAYp/test-full-chain-CA.pem /tmp/sssd-softhsm2-certs-6NrAYp/test-root-CA-trusted-certificate-0001.pem 466s /tmp/sssd-softhsm2-certs-6NrAYp/test-root-CA-trusted-certificate-0001.pem: OK 466s + openssl verify -CAfile /tmp/sssd-softhsm2-certs-6NrAYp/test-full-chain-CA.pem /tmp/sssd-softhsm2-certs-6NrAYp/test-intermediate-CA-trusted-certificate-0001.pem 466s /tmp/sssd-softhsm2-certs-6NrAYp/test-intermediate-CA-trusted-certificate-0001.pem: OK 466s + openssl verify -CAfile /tmp/sssd-softhsm2-certs-6NrAYp/test-full-chain-CA.pem /tmp/sssd-softhsm2-certs-6NrAYp/test-root-intermediate-chain-CA.pem 466s /tmp/sssd-softhsm2-certs-6NrAYp/test-root-intermediate-chain-CA.pem: OK 466s + openssl verify -CAfile /tmp/sssd-softhsm2-certs-6NrAYp/test-full-chain-CA.pem /tmp/sssd-softhsm2-certs-6NrAYp/test-sub-intermediate-CA-trusted-certificate-0001.pem 466s /tmp/sssd-softhsm2-certs-6NrAYp/test-sub-intermediate-CA-trusted-certificate-0001.pem: OK 466s Certificates generation completed! 466s + echo 'Certificates generation completed!' 466s + [[ -v NO_SSSD_TESTS ]] 466s + [[ -v GENERATE_SMART_CARDS ]] 466s + prepare_softhsm2_card /tmp/sssd-softhsm2-certs-6NrAYp/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-25820 466s + local certificate=/tmp/sssd-softhsm2-certs-6NrAYp/test-root-CA-trusted-certificate-0001.pem 466s + local key_pass=pass:random-root-ca-trusted-cert-0001-25820 466s + local key_cn 466s + local key_name 466s + local tokens_dir 466s + local output_cert_file 466s + token_name= 466s ++ basename /tmp/sssd-softhsm2-certs-6NrAYp/test-root-CA-trusted-certificate-0001.pem .pem 466s + key_name=test-root-CA-trusted-certificate-0001 466s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-certs-6NrAYp/test-root-CA-trusted-certificate-0001.pem 466s ++ sed -n 's/ *commonName *= //p' 466s + key_cn='Test Organization Root Trusted Certificate 0001' 466s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 466s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-certs-6NrAYp/softhsm2-test-root-CA-trusted-certificate-0001.conf 466s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-certs-6NrAYp/softhsm2-test-root-CA-trusted-certificate-0001.conf 466s ++ basename /tmp/sssd-softhsm2-certs-6NrAYp/softhsm2-test-root-CA-trusted-certificate-0001.conf .conf 466s + tokens_dir=/tmp/sssd-softhsm2-certs-6NrAYp/softhsm2-test-root-CA-trusted-certificate-0001 466s + token_name='Test Organization Root Tr Token' 466s + '[' '!' -e /tmp/sssd-softhsm2-certs-6NrAYp/softhsm2-test-root-CA-trusted-certificate-0001.conf ']' 466s + local key_file 466s + local decrypted_key 466s + mkdir -p /tmp/sssd-softhsm2-certs-6NrAYp/softhsm2-test-root-CA-trusted-certificate-0001 466s + key_file=/tmp/sssd-softhsm2-certs-6NrAYp/test-root-CA-trusted-certificate-0001-key.pem 466s + decrypted_key=/tmp/sssd-softhsm2-certs-6NrAYp/test-root-CA-trusted-certificate-0001-key-decrypted.pem 466s + cat 466s + softhsm2-util --init-token --label 'Test Organization Root Tr Token' --pin 123456 --so-pin 123456 --free 466s + softhsm2-util --show-slots 466s Slot 0 has a free/uninitialized token. 466s The token has been initialized and is reassigned to slot 187849309 466s Available slots: 466s Slot 187849309 466s Slot info: 466s Description: SoftHSM slot ID 0xb325a5d 466s Manufacturer ID: SoftHSM project 466s Hardware version: 2.6 466s Firmware version: 2.6 466s Token present: yes 466s Token info: 466s Manufacturer ID: SoftHSM project 466s Model: SoftHSM v2 466s Hardware version: 2.6 466s Firmware version: 2.6 466s Serial number: 19a2173d0b325a5d 466s Initialized: yes 466s User PIN init.: yes 466s Label: Test Organization Root Tr Token 466s Slot 1 466s Slot info: 466s Description: SoftHSM slot ID 0x1 466s Manufacturer ID: SoftHSM project 466s Hardware version: 2.6 466s Firmware version: 2.6 466s Token present: yes 466s Token info: 466s Manufacturer ID: SoftHSM project 466s Model: SoftHSM v2 466s Hardware version: 2.6 466s Firmware version: 2.6 466s Serial number: 466s Initialized: no 466s User PIN init.: no 466s Label: 466s + p11tool --provider=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so --write --no-mark-private --load-certificate=/tmp/sssd-softhsm2-certs-6NrAYp/test-root-CA-trusted-certificate-0001.pem --login --set-pin=123456 --label 'Test Organization Root Trusted Certificate 0001' --id 00112233445566778899FFAABBCCDDEEFF012345 466s + openssl rsa -passin pass:random-root-ca-trusted-cert-0001-25820 -in /tmp/sssd-softhsm2-certs-6NrAYp/test-root-CA-trusted-certificate-0001-key.pem -out /tmp/sssd-softhsm2-certs-6NrAYp/test-root-CA-trusted-certificate-0001-key-decrypted.pem 466s writing RSA key 466s + p11tool --provider=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so --write --load-privkey=/tmp/sssd-softhsm2-certs-6NrAYp/test-root-CA-trusted-certificate-0001-key-decrypted.pem --login --set-pin=123456 --label 'Test Organization Root Trusted Certificate 0001 Key' --id 00112233445566778899FFAABBCCDDEEFF012345 466s + rm /tmp/sssd-softhsm2-certs-6NrAYp/test-root-CA-trusted-certificate-0001-key-decrypted.pem 466s + p11tool --provider=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so --list-all 466s Object 0: 466s URL: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=19a2173d0b325a5d;token=Test%20Organization%20Root%20Tr%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Root%20Trusted%20Certificate%200001;type=cert 466s Type: X.509 Certificate (RSA-1024) 466s Expires: Sun Mar 23 21:40:33 2025 466s Label: Test Organization Root Trusted Certificate 0001 466s ID: 00:11:22:33:44:55:66:77:88:99:ff:aa:bb:cc:dd:ee:ff:01:23:45 466s 466s Test Organization Root Tr Token 466s + echo 'Test Organization Root Tr Token' 466s + prepare_softhsm2_card /tmp/sssd-softhsm2-certs-6NrAYp/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-14934 466s + local certificate=/tmp/sssd-softhsm2-certs-6NrAYp/test-intermediate-CA-trusted-certificate-0001.pem 466s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-14934 466s + local key_cn 466s + local key_name 466s + local tokens_dir 466s + local output_cert_file 466s + token_name= 466s ++ basename /tmp/sssd-softhsm2-certs-6NrAYp/test-intermediate-CA-trusted-certificate-0001.pem .pem 466s + key_name=test-intermediate-CA-trusted-certificate-0001 466s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-certs-6NrAYp/test-intermediate-CA-trusted-certificate-0001.pem 466s ++ sed -n 's/ *commonName *= //p' 466s + key_cn='Test Organization Intermediate Trusted Certificate 0001' 466s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 466s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-certs-6NrAYp/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 466s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-certs-6NrAYp/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 466s ++ basename /tmp/sssd-softhsm2-certs-6NrAYp/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf .conf 466s + tokens_dir=/tmp/sssd-softhsm2-certs-6NrAYp/softhsm2-test-intermediate-CA-trusted-certificate-0001 466s + token_name='Test Organization Interme Token' 466s + '[' '!' -e /tmp/sssd-softhsm2-certs-6NrAYp/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf ']' 466s + local key_file 466s + local decrypted_key 466s + mkdir -p /tmp/sssd-softhsm2-certs-6NrAYp/softhsm2-test-intermediate-CA-trusted-certificate-0001 466s + key_file=/tmp/sssd-softhsm2-certs-6NrAYp/test-intermediate-CA-trusted-certificate-0001-key.pem 466s + decrypted_key=/tmp/sssd-softhsm2-certs-6NrAYp/test-intermediate-CA-trusted-certificate-0001-key-decrypted.pem 466s + cat 466s + softhsm2-util --init-token --label 'Test Organization Interme Token' --pin 123456 --so-pin 123456 --free 466s + softhsm2-util --show-slots 466s Slot 0 has a free/uninitialized token. 466s The token has been initialized and is reassigned to slot 1157303324 466s Available slots: 466s Slot 1157303324 466s Slot info: 466s Description: SoftHSM slot ID 0x44fb0c1c 466s Manufacturer ID: SoftHSM project 466s Hardware version: 2.6 466s Firmware version: 2.6 466s Token present: yes 466s Token info: 466s Manufacturer ID: SoftHSM project 466s Model: SoftHSM v2 466s Hardware version: 2.6 466s Firmware version: 2.6 466s Serial number: 3949734744fb0c1c 466s Initialized: yes 466s User PIN init.: yes 466s Label: Test Organization Interme Token 466s Slot 1 466s Slot info: 466s Description: SoftHSM slot ID 0x1 466s Manufacturer ID: SoftHSM project 466s Hardware version: 2.6 466s Firmware version: 2.6 466s Token present: yes 466s Token info: 466s Manufacturer ID: SoftHSM project 466s Model: SoftHSM v2 466s Hardware version: 2.6 466s Firmware version: 2.6 466s Serial number: 466s Initialized: no 466s User PIN init.: no 466s Label: 466s + p11tool --provider=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so --write --no-mark-private --load-certificate=/tmp/sssd-softhsm2-certs-6NrAYp/test-intermediate-CA-trusted-certificate-0001.pem --login --set-pin=123456 --label 'Test Organization Intermediate Trusted Certificate 0001' --id 00112233445566778899FFAABBCCDDEEFF012345 466s + openssl rsa -passin pass:random-intermediate-ca-trusted-cert-0001-14934 -in /tmp/sssd-softhsm2-certs-6NrAYp/test-intermediate-CA-trusted-certificate-0001-key.pem -out /tmp/sssd-softhsm2-certs-6NrAYp/test-intermediate-CA-trusted-certificate-0001-key-decrypted.pem 466s writing RSA key 466s + p11tool --provider=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so --write --load-privkey=/tmp/sssd-softhsm2-certs-6NrAYp/test-intermediate-CA-trusted-certificate-0001-key-decrypted.pem --login --set-pin=123456 --label 'Test Organization Intermediate Trusted Certificate 0001 Key' --id 00112233445566778899FFAABBCCDDEEFF012345 466s + rm /tmp/sssd-softhsm2-certs-6NrAYp/test-intermediate-CA-trusted-certificate-0001-key-decrypted.pem 466s + p11tool --provider=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so --list-all 466s Object 0: 466s URL: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=3949734744fb0c1c;token=Test%20Organization%20Interme%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Intermediate%20Trusted%20Certificate%200001;type=cert 466s Type: X.509 Certificate (RSA-1024) 466s Expires: Sun Mar 23 21:40:33 2025 466s Label: Test Organization Intermediate Trusted Certificate 0001 466s ID: 00:11:22:33:44:55:66:77:88:99:ff:aa:bb:cc:dd:ee:ff:01:23:45 466s 466s + echo 'Test Organization Interme Token' 466s + prepare_softhsm2_card /tmp/sssd-softhsm2-certs-6NrAYp/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-23956 466s + local certificate=/tmp/sssd-softhsm2-certs-6NrAYp/test-sub-intermediate-CA-trusted-certificate-0001.pem 466s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-23956 466s + local key_cn 466s + local key_name 466s + local tokens_dir 466s + local output_cert_file 466s + token_name= 466s ++ basename /tmp/sssd-softhsm2-certs-6NrAYp/test-sub-intermediate-CA-trusted-certificate-0001.pem .pem 466s Test Organization Interme Token 466s + key_name=test-sub-intermediate-CA-trusted-certificate-0001 466s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-certs-6NrAYp/test-sub-intermediate-CA-trusted-certificate-0001.pem 466s ++ sed -n 's/ *commonName *= //p' 466s + key_cn='Test Organization Sub Intermediate Trusted Certificate 0001' 466s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 466s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-certs-6NrAYp/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 466s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-certs-6NrAYp/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 466s ++ basename /tmp/sssd-softhsm2-certs-6NrAYp/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf .conf 466s + tokens_dir=/tmp/sssd-softhsm2-certs-6NrAYp/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 466s + token_name='Test Organization Sub Int Token' 466s + '[' '!' -e /tmp/sssd-softhsm2-certs-6NrAYp/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf ']' 466s + local key_file 466s + local decrypted_key 466s + mkdir -p /tmp/sssd-softhsm2-certs-6NrAYp/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 466s + key_file=/tmp/sssd-softhsm2-certs-6NrAYp/test-sub-intermediate-CA-trusted-certificate-0001-key.pem 466s + decrypted_key=/tmp/sssd-softhsm2-certs-6NrAYp/test-sub-intermediate-CA-trusted-certificate-0001-key-decrypted.pem 466s + cat 466s + softhsm2-util --init-token --label 'Test Organization Sub Int Token' --pin 123456 --so-pin 123456 --free 466s + softhsm2-util --show-slots 466s Slot 0 has a free/uninitialized token. 466s The token has been initialized and is reassigned to slot 988394720 466s Available slots: 466s Slot 988394720 466s Slot info: 466s Description: SoftHSM slot ID 0x3ae9b4e0 466s Manufacturer ID: SoftHSM project 466s Hardware version: 2.6 466s Firmware version: 2.6 466s Token present: yes 466s Token info: 466s Manufacturer ID: SoftHSM project 466s Model: SoftHSM v2 466s Hardware version: 2.6 466s Firmware version: 2.6 466s Serial number: 60b97bc9bae9b4e0 466s Initialized: yes 466s User PIN init.: yes 466s Label: Test Organization Sub Int Token 466s Slot 1 466s Slot info: 466s Description: SoftHSM slot ID 0x1 466s Manufacturer ID: SoftHSM project 466s Hardware version: 2.6 466s Firmware version: 2.6 466s Token present: yes 466s Token info: 466s Manufacturer ID: SoftHSM project 466s Model: SoftHSM v2 466s Hardware version: 2.6 466s Firmware version: 2.6 466s Serial number: 466s Initialized: no 466s User PIN init.: no 466s Label: 466s + p11tool --provider=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so --write --no-mark-private --load-certificate=/tmp/sssd-softhsm2-certs-6NrAYp/test-sub-intermediate-CA-trusted-certificate-0001.pem --login --set-pin=123456 --label 'Test Organization Sub Intermediate Trusted Certificate 0001' --id 00112233445566778899FFAABBCCDDEEFF012345 466s + openssl rsa -passin pass:random-sub-intermediate-ca-trusted-cert-0001-23956 -in /tmp/sssd-softhsm2-certs-6NrAYp/test-sub-intermediate-CA-trusted-certificate-0001-key.pem -out /tmp/sssd-softhsm2-certs-6NrAYp/test-sub-intermediate-CA-trusted-certificate-0001-key-decrypted.pem 466s writing RSA key 466s + p11tool --provider=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so --write --load-privkey=/tmp/sssd-softhsm2-certs-6NrAYp/test-sub-intermediate-CA-trusted-certificate-0001-key-decrypted.pem --login --set-pin=123456 --label 'Test Organization Sub Intermediate Trusted Certificate 0001 Key' --id 00112233445566778899FFAABBCCDDEEFF012345 466s + rm /tmp/sssd-softhsm2-certs-6NrAYp/test-sub-intermediate-CA-trusted-certificate-0001-key-decrypted.pem 466s + p11tool --provider=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so --list-all 467s Object 0: 467s URL: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=60b97bc9bae9b4e0;token=Test%20Organization%20Sub%20Int%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Sub%20Intermediate%20Trusted%20Certificate%200001;type=cert 467s Type: X.509 Certificate (RSA-1024) 467s Expires: Sun Mar 23 21:40:33 2025 467s Label: Test Organization Sub Intermediate Trusted Certificate 0001 467s ID: 00:11:22:33:44:55:66:77:88:99:ff:aa:bb:cc:dd:ee:ff:01:23:45 467s 467s Test Organization Sub Int Token 467s + echo 'Test Organization Sub Int Token' 467s + echo 'Certificates generation completed!' 467s + exit 0 467s + find /tmp/sssd-softhsm2-certs-6NrAYp -type d -exec chmod 777 '{}' ';' 467s Certificates generation completed! 467s + find /tmp/sssd-softhsm2-certs-6NrAYp -type f -exec chmod 666 '{}' ';' 467s + backup_file /etc/sssd/sssd.conf 467s + '[' -z '' ']' 467s ++ mktemp -d -t sssd-softhsm2-backups-XXXXXX 467s + backupsdir=/tmp/sssd-softhsm2-backups-nwLGkM 467s + '[' -e /etc/sssd/sssd.conf ']' 467s + delete_paths+=("$1") 467s + rm -f /etc/sssd/sssd.conf 467s ++ runuser -u ubuntu -- sh -c 'echo ~' 467s + user_home=/home/ubuntu 467s + mkdir -p /home/ubuntu 467s + chown ubuntu:ubuntu /home/ubuntu 467s ++ runuser -u ubuntu -- sh -c 'echo ${XDG_CONFIG_HOME:-~/.config}' 467s + user_config=/home/ubuntu/.config 467s + system_config=/etc 467s + softhsm2_conf_paths=("${AUTOPKGTEST_NORMAL_USER}:$user_config/softhsm2/softhsm2.conf" "root:$system_config/softhsm/softhsm2.conf") 467s + for path_pair in "${softhsm2_conf_paths[@]}" 467s + IFS=: 467s + read -r -a path 467s + path=/home/ubuntu/.config/softhsm2/softhsm2.conf 467s + backup_file /home/ubuntu/.config/softhsm2/softhsm2.conf 467s + '[' -z /tmp/sssd-softhsm2-backups-nwLGkM ']' 467s + '[' -e /home/ubuntu/.config/softhsm2/softhsm2.conf ']' 467s + delete_paths+=("$1") 467s + rm -f /home/ubuntu/.config/softhsm2/softhsm2.conf 467s + for path_pair in "${softhsm2_conf_paths[@]}" 467s + IFS=: 467s + read -r -a path 467s + path=/etc/softhsm/softhsm2.conf 467s + backup_file /etc/softhsm/softhsm2.conf 467s + '[' -z /tmp/sssd-softhsm2-backups-nwLGkM ']' 467s + '[' -e /etc/softhsm/softhsm2.conf ']' 467s ++ dirname /etc/softhsm/softhsm2.conf 467s + local back_dir=/tmp/sssd-softhsm2-backups-nwLGkM//etc/softhsm 467s ++ basename /etc/softhsm/softhsm2.conf 467s + local back_path=/tmp/sssd-softhsm2-backups-nwLGkM//etc/softhsm/softhsm2.conf 467s + '[' '!' -e /tmp/sssd-softhsm2-backups-nwLGkM//etc/softhsm/softhsm2.conf ']' 467s + mkdir -p /tmp/sssd-softhsm2-backups-nwLGkM//etc/softhsm 467s + cp -a /etc/softhsm/softhsm2.conf /tmp/sssd-softhsm2-backups-nwLGkM//etc/softhsm/softhsm2.conf 467s + restore_paths+=("$back_path") 467s + rm -f /etc/softhsm/softhsm2.conf 467s + test_authentication login /tmp/sssd-softhsm2-certs-6NrAYp/softhsm2-test-root-CA-trusted-certificate-0001.conf /tmp/sssd-softhsm2-certs-6NrAYp/test-full-chain-CA.pem 467s + pam_service=login 467s + certificate_config=/tmp/sssd-softhsm2-certs-6NrAYp/softhsm2-test-root-CA-trusted-certificate-0001.conf 467s + ca_db=/tmp/sssd-softhsm2-certs-6NrAYp/test-full-chain-CA.pem 467s + verification_options= 467s + mkdir -p -m 700 /etc/sssd 467s Using CA DB '/tmp/sssd-softhsm2-certs-6NrAYp/test-full-chain-CA.pem' with verification options: '' 467s + echo 'Using CA DB '\''/tmp/sssd-softhsm2-certs-6NrAYp/test-full-chain-CA.pem'\'' with verification options: '\'''\''' 467s + cat 467s + chmod 600 /etc/sssd/sssd.conf 467s + for path_pair in "${softhsm2_conf_paths[@]}" 467s + IFS=: 467s + read -r -a path 467s + user=ubuntu 467s + path=/home/ubuntu/.config/softhsm2/softhsm2.conf 467s ++ dirname /home/ubuntu/.config/softhsm2/softhsm2.conf 467s + runuser -u ubuntu -- mkdir -p /home/ubuntu/.config/softhsm2 467s + runuser -u ubuntu -- ln -sf /tmp/sssd-softhsm2-certs-6NrAYp/softhsm2-test-root-CA-trusted-certificate-0001.conf /home/ubuntu/.config/softhsm2/softhsm2.conf 467s + runuser -u ubuntu -- softhsm2-util --show-slots 467s + grep 'Test Organization' 467s Label: Test Organization Root Tr Token 467s + for path_pair in "${softhsm2_conf_paths[@]}" 467s + IFS=: 467s + read -r -a path 467s + user=root 467s + path=/etc/softhsm/softhsm2.conf 467s ++ dirname /etc/softhsm/softhsm2.conf 467s + runuser -u root -- mkdir -p /etc/softhsm 467s + runuser -u root -- ln -sf /tmp/sssd-softhsm2-certs-6NrAYp/softhsm2-test-root-CA-trusted-certificate-0001.conf /etc/softhsm/softhsm2.conf 467s + runuser -u root -- softhsm2-util --show-slots 467s + grep 'Test Organization' 467s Label: Test Organization Root Tr Token 467s + systemctl restart sssd 467s + pam-auth-update --disable sss-smart-card-optional sss-smart-card-required 467s + for alternative in "${alternative_pam_configs[@]}" 467s + pam-auth-update --enable sss-smart-card-optional 467s + cat /etc/pam.d/common-auth 467s # 467s # /etc/pam.d/common-auth - authentication settings common to all services 467s # 467s # This file is included from other service-specific PAM config files, 467s # and should contain a list of the authentication modules that define 467s # the central authentication scheme for use on the system 467s # (e.g., /etc/shadow, LDAP, Kerberos, etc.). The default is to use the 467s # traditional Unix authentication mechanisms. 467s # 467s # As of pam 1.0.1-6, this file is managed by pam-auth-update by default. 467s # To take advantage of this, it is recommended that you configure any 467s # local modules either before or after the default block, and use 467s # pam-auth-update to manage selection of other modules. See 467s # pam-auth-update(8) for details. 467s 467s # here are the per-package modules (the "Primary" block) 467s auth [success=3 default=ignore] pam_sss.so allow_missing_name try_cert_auth 467s auth [success=2 default=ignore] pam_unix.so nullok try_first_pass 467s auth [success=1 default=ignore] pam_sss.so use_first_pass 467s # here's the fallback if no module succeeds 467s auth requisite pam_deny.so 467s # prime the stack with a positive return value if there isn't one already; 467s # this avoids us returning an error just because nothing sets a success code 467s # since the modules above will each just jump around 467s auth required pam_permit.so 467s # and here are more per-package modules (the "Additional" block) 467s auth optional pam_cap.so 467s # end of pam-auth-update config 467s + echo -n -e 123456 467s + runuser -u ubuntu -- pamtester -v login ubuntu authenticate 467s pamtester: invoking pam_start(login, ubuntu, ...) 467s pamtester: performing operation - authenticate 467s PIN for Test Organization Root Tr Token: pamtester: successfully authenticated 467s + echo -n -e 123456 467s + runuser -u ubuntu -- pamtester -v login '' authenticate 467s pamtester: invoking pam_start(login, , ...) 467s pamtester: performing operation - authenticate 467s PIN for Test Organization Root Tr Token: pamtester: successfully authenticated 467s + echo -n -e wrong123456 467s + runuser -u ubuntu -- pamtester -v login ubuntu authenticate 467s pamtester: invoking pam_start(login, ubuntu, ...) 467s pamtester: performing operation - authenticate 469s PIN for Test Organization Root Tr Token: Password: pamtester: Authentication failure 469s + echo -n -e wrong123456 469s + runuser -u ubuntu -- pamtester -v login '' authenticate 469s pamtester: invoking pam_start(login, , ...) 469s pamtester: performing operation - authenticate 472s PIN for Test Organization Root Tr Token: Password: pamtester: Authentication failure 472s + echo -n -e 123456 472s + pamtester -v login root authenticate 472s pamtester: invoking pam_start(login, root, ...) 472s pamtester: performing operation - authenticate 475s Password: pamtester: Authentication failure 475s + for alternative in "${alternative_pam_configs[@]}" 475s + pam-auth-update --enable sss-smart-card-required 475s PAM configuration 475s ----------------- 475s 475s Incompatible PAM profiles selected. 475s 475s The following PAM profiles cannot be used together: 475s 475s SSS required smart card authentication, SSS optional smart card 475s authentication 475s 475s Please select a different set of modules to enable. 475s 475s + cat /etc/pam.d/common-auth 475s # 475s # /etc/pam.d/common-auth - authentication settings common to all services 475s # 475s # This file is included from other service-specific PAM config files, 475s # and should contain a list of the authentication modules that define 475s # the central authentication scheme for use on the system 475s # (e.g., /etc/shadow, LDAP, Kerberos, etc.). The default is to use the 475s # traditional Unix authentication mechanisms. 475s # 475s # As of pam 1.0.1-6, this file is managed by pam-auth-update by default. 475s # To take advantage of this, it is recommended that you configure any 475s # local modules either before or after the default block, and use 475s # pam-auth-update to manage selection of other modules. See 475s # pam-auth-update(8) for details. 475s 475s # here are the per-package modules (the "Primary" block) 475s auth [success=3 ignore=ignore default=die] pam_sss.so allow_missing_name require_cert_auth 475s auth [success=2 default=ignore] pam_unix.so nullok try_first_pass 475s auth [success=1 default=ignore] pam_sss.so use_first_pass 475s # here's the fallback if no module succeeds 475s auth requisite pam_deny.so 475s # prime the stack with a positive return value if there isn't one already; 475s # this avoids us returning an error just because nothing sets a success code 475s # since the modules above will each just jump around 475s auth required pam_permit.so 475s # and here are more per-package modules (the "Additional" block) 475s auth optional pam_cap.so 475s # end of pam-auth-update config 475s + echo -n -e 123456 475s + runuser -u ubuntu -- pamtester -v login ubuntu authenticate 475s pamtester: invoking pam_start(login, ubuntu, ...) 475s pamtester: performing operation - authenticate 475s PIN for Test Organization Root Tr Token: pamtester: successfully authenticated 475s + echo -n -e 123456 475s + runuser -u ubuntu -- pamtester -v login '' authenticate 475s pamtester: invoking pam_start(login, , ...) 475s pamtester: performing operation - authenticate 475s PIN for Test Organization Root Tr Token: pamtester: successfully authenticated 475s + echo -n -e wrong123456 475s + runuser -u ubuntu -- pamtester -v login ubuntu authenticate 475s pamtester: invoking pam_start(login, ubuntu, ...) 475s pamtester: performing operation - authenticate 479s PIN for Test Organization Root Tr Token: pamtester: Authentication failure 479s + echo -n -e wrong123456 479s + runuser -u ubuntu -- pamtester -v login '' authenticate 479s pamtester: invoking pam_start(login, , ...) 479s pamtester: performing operation - authenticate 481s PIN for Test Organization Root Tr Token: pamtester: Authentication failure 481s + echo -n -e 123456 481s + pamtester -v login root authenticate 481s pamtester: invoking pam_start(login, root, ...) 481s pamtester: performing operation - authenticate 484s pamtester: Authentication service cannot retrieve authentication info 484s + test_authentication login /tmp/sssd-softhsm2-certs-6NrAYp/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf /tmp/sssd-softhsm2-certs-6NrAYp/test-full-chain-CA.pem 484s + pam_service=login 484s + certificate_config=/tmp/sssd-softhsm2-certs-6NrAYp/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 484s + ca_db=/tmp/sssd-softhsm2-certs-6NrAYp/test-full-chain-CA.pem 484s + verification_options= 484s + mkdir -p -m 700 /etc/sssd 484s + echo 'Using CA DB '\''/tmp/sssd-softhsm2-certs-6NrAYp/test-full-chain-CA.pem'\'' with verification options: '\'''\''' 484s Using CA DB '/tmp/sssd-softhsm2-certs-6NrAYp/test-full-chain-CA.pem' with verification options: '' 484s + cat 484s Label: Test Organization Sub Int Token 484s Label: Test Organization Sub Int Token 484s + chmod 600 /etc/sssd/sssd.conf 484s + for path_pair in "${softhsm2_conf_paths[@]}" 484s + IFS=: 484s + read -r -a path 484s + user=ubuntu 484s + path=/home/ubuntu/.config/softhsm2/softhsm2.conf 484s ++ dirname /home/ubuntu/.config/softhsm2/softhsm2.conf 484s + runuser -u ubuntu -- mkdir -p /home/ubuntu/.config/softhsm2 484s + runuser -u ubuntu -- ln -sf /tmp/sssd-softhsm2-certs-6NrAYp/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf /home/ubuntu/.config/softhsm2/softhsm2.conf 484s + runuser -u ubuntu -- softhsm2-util --show-slots 484s + grep 'Test Organization' 484s + for path_pair in "${softhsm2_conf_paths[@]}" 484s + IFS=: 484s + read -r -a path 484s + user=root 484s + path=/etc/softhsm/softhsm2.conf 484s ++ dirname /etc/softhsm/softhsm2.conf 484s + runuser -u root -- mkdir -p /etc/softhsm 484s + runuser -u root -- ln -sf /tmp/sssd-softhsm2-certs-6NrAYp/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf /etc/softhsm/softhsm2.conf 484s + runuser -u root -- softhsm2-util --show-slots 484s + grep 'Test Organization' 484s + systemctl restart sssd 484s + pam-auth-update --disable sss-smart-card-optional sss-smart-card-required 484s + for alternative in "${alternative_pam_configs[@]}" 484s + pam-auth-update --enable sss-smart-card-optional 485s + cat /etc/pam.d/common-auth 485s # 485s # /etc/pam.d/common-auth - authentication settings common to all services 485s # 485s # This file is included from other service-specific PAM config files, 485s # and should contain a list of the authentication modules that define 485s # the central authentication scheme for use on the system 485s # (e.g., /etc/shadow, LDAP, Kerberos, etc.). The default is to use the 485s # traditional Unix authentication mechanisms. 485s # 485s # As of pam 1.0.1-6, this file is managed by pam-auth-update by default. 485s # To take advantage of this, it is recommended that you configure any 485s # local modules either before or after the default block, and use 485s # pam-auth-update to manage selection of other modules. See 485s # pam-auth-update(8) for details. 485s 485s # here are the per-package modules (the "Primary" block) 485s auth [success=3 default=ignore] pam_sss.so allow_missing_name try_cert_auth 485s auth [success=2 default=ignore] pam_unix.so nullok try_first_pass 485s auth [success=1 default=ignore] pam_sss.so use_first_pass 485s # here's the fallback if no module succeeds 485s auth requisite pam_deny.so 485s # prime the stack with a positive return value if there isn't one already; 485s # this avoids us returning an error just because nothing sets a success code 485s # since the modules above will each just jump around 485s auth required pam_permit.so 485s # and here are more per-package modules (the "Additional" block) 485s auth optional pam_cap.so 485s # end of pam-auth-update config 485s + echo -n -e 123456 485s + runuser -u ubuntu -- pamtester -v login ubuntu authenticate 485s pamtester: invoking pam_start(login, ubuntu, ...) 485s pamtester: performing operation - authenticate 485s PIN for Test Organization Sub Int Token: pamtester: successfully authenticated 485s + echo -n -e 123456 485s + runuser -u ubuntu -- pamtester -v login '' authenticate 485s pamtester: invoking pam_start(login, , ...) 485s pamtester: performing operation - authenticate 485s PIN for Test Organization Sub Int Token: pamtester: successfully authenticated 485s + echo -n -e wrong123456 485s + runuser -u ubuntu -- pamtester -v login ubuntu authenticate 485s pamtester: invoking pam_start(login, ubuntu, ...) 485s pamtester: performing operation - authenticate 487s PIN for Test Organization Sub Int Token: Password: pamtester: Authentication failure 487s + echo -n -e wrong123456 487s + runuser -u ubuntu -- pamtester -v login '' authenticate 487s pamtester: invoking pam_start(login, , ...) 487s pamtester: performing operation - authenticate 490s PIN for Test Organization Sub Int Token: Password: pamtester: Authentication failure 490s + echo -n -e 123456 490s + pamtester -v login root authenticate 490s pamtester: invoking pam_start(login, root, ...) 490s pamtester: performing operation - authenticate 494s Password: pamtester: Authentication failure 494s + for alternative in "${alternative_pam_configs[@]}" 494s + pam-auth-update --enable sss-smart-card-required 494s PAM configuration 494s ----------------- 494s 494s Incompatible PAM profiles selected. 494s 494s The following PAM profiles cannot be used together: 494s 494s SSS required smart card authentication, SSS optional smart card 494s authentication 494s 494s Please select a different set of modules to enable. 494s 494s + cat /etc/pam.d/common-auth 494s # 494s # /etc/pam.d/common-auth - authentication settings common to all services 494s # 494s # This file is included from other service-specific PAM config files, 494s # and should contain a list of the authentication modules that define 494s # the central authentication scheme for use on the system 494s # (e.g., /etc/shadow, LDAP, Kerberos, etc.). The default is to use the 494s # traditional Unix authentication mechanisms. 494s # 494s # As of pam 1.0.1-6, this file is managed by pam-auth-update by default. 494s # To take advantage of this, it is recommended that you configure any 494s # local modules either before or after the default block, and use 494s # pam-auth-update to manage selection of other modules. See 494s # pam-auth-update(8) for details. 494s 494s # here are the per-package modules (the "Primary" block) 494s auth [success=3 ignore=ignore default=die] pam_sss.so allow_missing_name require_cert_auth 494s auth [success=2 default=ignore] pam_unix.so nullok try_first_pass 494s auth [success=1 default=ignore] pam_sss.so use_first_pass 494s # here's the fallback if no module succeeds 494s auth requisite pam_deny.so 494s # prime the stack with a positive return value if there isn't one already; 494s # this avoids us returning an error just because nothing sets a success code 494s # since the modules above will each just jump around 494s auth required pam_permit.so 494s # and here are more per-package modules (the "Additional" block) 494s auth optional pam_cap.so 494s # end of pam-auth-update config 494s + echo -n -e 123456 494s + runuser -u ubuntu -- pamtester -v login ubuntu authenticate 494s pamtester: invoking pam_start(login, ubuntu, ...) 494s pamtester: performing operation - authenticate 494s PIN for Test Organization Sub Int Token: pamtester: successfully authenticated 494s + echo -n -e 123456 494s + runuser -u ubuntu -- pamtester -v login '' authenticate 494s pamtester: invoking pam_start(login, , ...) 494s pamtester: performing operation - authenticate 494s PIN for Test Organization Sub Int Token: pamtester: successfully authenticated 494s + echo -n -e wrong123456 494s + runuser -u ubuntu -- pamtester -v login ubuntu authenticate 494s pamtester: invoking pam_start(login, ubuntu, ...) 494s pamtester: performing operation - authenticate 498s PIN for Test Organization Sub Int Token: pamtester: Authentication failure 498s + echo -n -e wrong123456 498s + runuser -u ubuntu -- pamtester -v login '' authenticate 498s pamtester: invoking pam_start(login, , ...) 498s pamtester: performing operation - authenticate 501s PIN for Test Organization Sub Int Token: pamtester: Authentication failure 501s + echo -n -e 123456 501s + pamtester -v login root authenticate 501s pamtester: invoking pam_start(login, root, ...) 501s pamtester: performing operation - authenticate 504s pamtester: Authentication service cannot retrieve authentication info 504s + test_authentication login /tmp/sssd-softhsm2-certs-6NrAYp/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf /tmp/sssd-softhsm2-certs-6NrAYp/test-sub-intermediate-CA.pem partial_chain 504s + pam_service=login 504s + certificate_config=/tmp/sssd-softhsm2-certs-6NrAYp/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 504s + ca_db=/tmp/sssd-softhsm2-certs-6NrAYp/test-sub-intermediate-CA.pem 504s + verification_options=partial_chain 504s + mkdir -p -m 700 /etc/sssd 504s Using CA DB '/tmp/sssd-softhsm2-certs-6NrAYp/test-sub-intermediate-CA.pem' with verification options: 'partial_chain' 504s + echo 'Using CA DB '\''/tmp/sssd-softhsm2-certs-6NrAYp/test-sub-intermediate-CA.pem'\'' with verification options: '\''partial_chain'\''' 504s + cat 504s Label: Test Organization Sub Int Token 504s Label: Test Organization Sub Int Token 504s + chmod 600 /etc/sssd/sssd.conf 504s + for path_pair in "${softhsm2_conf_paths[@]}" 504s + IFS=: 504s + read -r -a path 504s + user=ubuntu 504s + path=/home/ubuntu/.config/softhsm2/softhsm2.conf 504s ++ dirname /home/ubuntu/.config/softhsm2/softhsm2.conf 504s + runuser -u ubuntu -- mkdir -p /home/ubuntu/.config/softhsm2 504s + runuser -u ubuntu -- ln -sf /tmp/sssd-softhsm2-certs-6NrAYp/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf /home/ubuntu/.config/softhsm2/softhsm2.conf 504s + runuser -u ubuntu -- softhsm2-util --show-slots 504s + grep 'Test Organization' 504s + for path_pair in "${softhsm2_conf_paths[@]}" 504s + IFS=: 504s + read -r -a path 504s + user=root 504s + path=/etc/softhsm/softhsm2.conf 504s ++ dirname /etc/softhsm/softhsm2.conf 504s + runuser -u root -- mkdir -p /etc/softhsm 504s + runuser -u root -- ln -sf /tmp/sssd-softhsm2-certs-6NrAYp/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf /etc/softhsm/softhsm2.conf 504s + runuser -u root -- softhsm2-util --show-slots 504s + grep 'Test Organization' 504s + systemctl restart sssd 504s + pam-auth-update --disable sss-smart-card-optional sss-smart-card-required 505s + for alternative in "${alternative_pam_configs[@]}" 505s + pam-auth-update --enable sss-smart-card-optional 505s + cat /etc/pam.d/common-auth 505s # 505s # /etc/pam.d/common-auth - authentication settings common to all services 505s # 505s # This file is included from other service-specific PAM config files, 505s # and should contain a list of the authentication modules that define 505s # the central authentication scheme for use on the system 505s # (e.g., /etc/shadow, LDAP, Kerberos, etc.). The default is to use the 505s # traditional Unix authentication mechanisms. 505s # 505s # As of pam 1.0.1-6, this file is managed by pam-auth-update by default. 505s # To take advantage of this, it is recommended that you configure any 505s # local modules either before or after the default block, and use 505s # pam-auth-update to manage selection of other modules. See 505s # pam-auth-update(8) for details. 505s 505s # here are the per-package modules (the "Primary" block) 505s auth [success=3 default=ignore] pam_sss.so allow_missing_name try_cert_auth 505s auth [success=2 default=ignore] pam_unix.so nullok try_first_pass 505s auth [success=1 default=ignore] pam_sss.so use_first_pass 505s # here's the fallback if no module succeeds 505s auth requisite pam_deny.so 505s # prime the stack with a positive return value if there isn't one already; 505s # this avoids us returning an error just because nothing sets a success code 505s # since the modules above will each just jump around 505s auth required pam_permit.so 505s # and here are more per-package modules (the "Additional" block) 505s auth optional pam_cap.so 505s # end of pam-auth-update config 505s + echo -n -e 123456 505s + runuser -u ubuntu -- pamtester -v login ubuntu authenticate 505s pamtester: invoking pam_start(login, ubuntu, ...) 505s pamtester: performing operation - authenticate 505s PIN for Test Organization Sub Int Token: pamtester: successfully authenticated 505s + echo -n -e 123456 505s + runuser -u ubuntu -- pamtester -v login '' authenticate 505s pamtester: invoking pam_start(login, , ...) 505s pamtester: performing operation - authenticate 505s PIN for Test Organization Sub Int Token: pamtester: successfully authenticated 505s + echo -n -e wrong123456 505s + runuser -u ubuntu -- pamtester -v login ubuntu authenticate 505s pamtester: invoking pam_start(login, ubuntu, ...) 505s pamtester: performing operation - authenticate 507s PIN for Test Organization Sub Int Token: Password: pamtester: Authentication failure 507s + echo -n -e wrong123456 507s + runuser -u ubuntu -- pamtester -v login '' authenticate 507s pamtester: invoking pam_start(login, , ...) 507s pamtester: performing operation - authenticate 511s PIN for Test Organization Sub Int Token: Password: pamtester: Authentication failure 511s + echo -n -e 123456 511s + pamtester -v login root authenticate 511s pamtester: invoking pam_start(login, root, ...) 511s pamtester: performing operation - authenticate 514s Password: pamtester: Authentication failure 514s + for alternative in "${alternative_pam_configs[@]}" 514s + pam-auth-update --enable sss-smart-card-required 514s PAM configuration 514s ----------------- 514s 514s Incompatible PAM profiles selected. 514s 514s The following PAM profiles cannot be used together: 514s 514s SSS required smart card authentication, SSS optional smart card 514s authentication 514s 514s Please select a different set of modules to enable. 514s 514s + cat /etc/pam.d/common-auth 514s # 514s # /etc/pam.d/common-auth - authentication settings common to all services 514s # 514s # This file is included from other service-specific PAM config files, 514s # and should contain a list of the authentication modules that define 514s # the central authentication scheme for use on the system 514s # (e.g., /etc/shadow, LDAP, Kerberos, etc.). The default is to use the 514s # traditional Unix authentication mechanisms. 514s # 514s # As of pam 1.0.1-6, this file is managed by pam-auth-update by default. 514s # To take advantage of this, it is recommended that you configure any 514s # local modules either before or after the default block, and use 514s # pam-auth-update to manage selection of other modules. See 514s # pam-auth-update(8) for details. 514s 514s # here are the per-package modules (the "Primary" block) 514s auth [success=3 ignore=ignore default=die] pam_sss.so allow_missing_name require_cert_auth 514s auth [success=2 default=ignore] pam_unix.so nullok try_first_pass 514s auth [success=1 default=ignore] pam_sss.so use_first_pass 514s # here's the fallback if no module succeeds 514s auth requisite pam_deny.so 514s # prime the stack with a positive return value if there isn't one already; 514s # this avoids us returning an error just because nothing sets a success code 514s # since the modules above will each just jump around 514s auth required pam_permit.so 514s # and here are more per-package modules (the "Additional" block) 514s auth optional pam_cap.so 514s # end of pam-auth-update config 514s + echo -n -e 123456 514s + runuser -u ubuntu -- pamtester -v login ubuntu authenticate 514s pamtester: invoking pam_start(login, ubuntu, ...) 514s pamtester: performing operation - authenticate 514s PIN for Test Organization Sub Int Token: pamtester: successfully authenticated 514s + echo -n -e 123456 514s + runuser -u ubuntu -- pamtester -v login '' authenticate 514s pamtester: invoking pam_start(login, , ...) 514s pamtester: performing operation - authenticate 514s PIN for Test Organization Sub Int Token: pamtester: successfully authenticated 514s + echo -n -e wrong123456 514s + runuser -u ubuntu -- pamtester -v login ubuntu authenticate 514s pamtester: invoking pam_start(login, ubuntu, ...) 514s pamtester: performing operation - authenticate 517s PIN for Test Organization Sub Int Token: pamtester: Authentication failure 517s + echo -n -e wrong123456 517s + runuser -u ubuntu -- pamtester -v login '' authenticate 517s pamtester: invoking pam_start(login, , ...) 517s pamtester: performing operation - authenticate 520s PIN for Test Organization Sub Int Token: pamtester: Authentication failure 520s + echo -n -e 123456 520s + pamtester -v login root authenticate 520s pamtester: invoking pam_start(login, root, ...) 520s pamtester: performing operation - authenticate 524s pamtester: Authentication service cannot retrieve authentication info 524s + handle_exit 524s + exit_code=0 524s + restore_changes 524s + for path in "${restore_paths[@]}" 524s + local original_path 524s ++ realpath --strip --relative-base=/tmp/sssd-softhsm2-backups-nwLGkM /tmp/sssd-softhsm2-backups-nwLGkM//etc/softhsm/softhsm2.conf 524s + original_path=/etc/softhsm/softhsm2.conf 524s + rm /etc/softhsm/softhsm2.conf 524s + mv /tmp/sssd-softhsm2-backups-nwLGkM//etc/softhsm/softhsm2.conf /etc/softhsm/softhsm2.conf 524s + for path in "${delete_paths[@]}" 524s + rm -f /etc/sssd/sssd.conf 524s + for path in "${delete_paths[@]}" 524s + rm -f /home/ubuntu/.config/softhsm2/softhsm2.conf 524s + pam-auth-update --disable sss-smart-card-optional sss-smart-card-required 524s + '[' -e /etc/sssd/sssd.conf ']' 524s + systemctl stop sssd 524s + '[' -e /etc/softhsm/softhsm2.conf ']' 524s + chmod 600 /etc/softhsm/softhsm2.conf 524s + rm -rf /tmp/sssd-softhsm2-certs-6NrAYp 524s + '[' 0 = 0 ']' 524s + rm -rf /tmp/sssd-softhsm2-backups-nwLGkM 524s + set +x 524s Script completed successfully! 525s autopkgtest [21:41:32]: test sssd-smart-card-pam-auth-configs: -----------------------] 525s autopkgtest [21:41:32]: test sssd-smart-card-pam-auth-configs: - - - - - - - - - - results - - - - - - - - - - 525s sssd-smart-card-pam-auth-configs PASS 526s autopkgtest [21:41:33]: @@@@@@@@@@@@@@@@@@@@ summary 526s ldap-user-group-ldap-auth PASS 526s ldap-user-group-krb5-auth PASS 526s sssd-softhism2-certificates-tests.sh PASS 526s sssd-smart-card-pam-auth-configs PASS 537s Creating nova instance adt-noble-s390x-sssd-20240323-213247-juju-7f2275-prod-proposed-migration-environment-2 from image adt/ubuntu-noble-s390x-server-20240323.img (UUID 15bd59e1-c29b-45d7-aba1-73ff15182fb5)... 537s Creating nova instance adt-noble-s390x-sssd-20240323-213247-juju-7f2275-prod-proposed-migration-environment-2 from image adt/ubuntu-noble-s390x-server-20240323.img (UUID 15bd59e1-c29b-45d7-aba1-73ff15182fb5)...