0s autopkgtest [07:20:05]: starting date and time: 2024-03-24 07:20:05+0000 0s autopkgtest [07:20:05]: git checkout: 4a1cd702 l/adt_testbed: don't blame the testbed for unsolvable build deps 0s autopkgtest [07:20:05]: host juju-7f2275-prod-proposed-migration-environment-2; command line: /home/ubuntu/autopkgtest/runner/autopkgtest --output-dir /tmp/autopkgtest-work.w8lbtlui/out --timeout-copy=6000 --setup-commands /home/ubuntu/autopkgtest-cloud/worker-config-production/setup-canonical.sh --setup-commands /home/ubuntu/autopkgtest/setup-commands/setup-testbed --apt-pocket=proposed=src:curl,src:gnutls28,src:libpsl,src:nettle,src:openssl,src:orthanc-python --apt-upgrade sssd --timeout-short=300 --timeout-copy=20000 --timeout-build=20000 '--env=ADT_TEST_TRIGGERS=curl/8.5.0-2ubuntu8 gnutls28/3.8.3-1.1ubuntu2 libpsl/0.21.2-1.1 nettle/3.9.1-2.2 openssl/3.0.13-0ubuntu2 orthanc-python/4.1+ds-2build3' -- ssh -s /home/ubuntu/autopkgtest/ssh-setup/nova -- --flavor autopkgtest --security-groups autopkgtest-juju-7f2275-prod-proposed-migration-environment-2@bos02-s390x-13.secgroup --name adt-noble-s390x-sssd-20240324-072005-juju-7f2275-prod-proposed-migration-environment-2 --image adt/ubuntu-noble-s390x-server --keyname testbed-juju-7f2275-prod-proposed-migration-environment-2 --net-id=net_prod-proposed-migration -e TERM=linux -e ''"'"'http_proxy=http://squid.internal:3128'"'"'' -e ''"'"'https_proxy=http://squid.internal:3128'"'"'' -e ''"'"'no_proxy=127.0.0.1,127.0.1.1,login.ubuntu.com,localhost,localdomain,novalocal,internal,archive.ubuntu.com,ports.ubuntu.com,security.ubuntu.com,ddebs.ubuntu.com,changelogs.ubuntu.com,launchpadlibrarian.net,launchpadcontent.net,launchpad.net,10.24.0.0/24,keystone.ps5.canonical.com,objectstorage.prodstack5.canonical.com'"'"'' --mirror=http://ftpmaster.internal/ubuntu/ 143s autopkgtest [07:22:28]: testbed dpkg architecture: s390x 143s autopkgtest [07:22:28]: testbed apt version: 2.7.12 143s autopkgtest [07:22:28]: @@@@@@@@@@@@@@@@@@@@ test bed setup 144s Get:1 http://ftpmaster.internal/ubuntu noble-proposed InRelease [117 kB] 145s Get:2 http://ftpmaster.internal/ubuntu noble-proposed/multiverse Sources [56.9 kB] 145s Get:3 http://ftpmaster.internal/ubuntu noble-proposed/restricted Sources [6540 B] 145s Get:4 http://ftpmaster.internal/ubuntu noble-proposed/main Sources [494 kB] 145s Get:5 http://ftpmaster.internal/ubuntu noble-proposed/universe Sources [4004 kB] 149s Get:6 http://ftpmaster.internal/ubuntu noble-proposed/main s390x Packages [690 kB] 150s Get:7 http://ftpmaster.internal/ubuntu noble-proposed/main s390x c-n-f Metadata [3032 B] 150s Get:8 http://ftpmaster.internal/ubuntu noble-proposed/restricted s390x Packages [1372 B] 150s Get:9 http://ftpmaster.internal/ubuntu noble-proposed/restricted s390x c-n-f Metadata [116 B] 150s Get:10 http://ftpmaster.internal/ubuntu noble-proposed/universe s390x Packages [4161 kB] 154s Get:11 http://ftpmaster.internal/ubuntu noble-proposed/universe s390x c-n-f Metadata [7292 B] 154s Get:12 http://ftpmaster.internal/ubuntu noble-proposed/multiverse s390x Packages [46.8 kB] 154s Get:13 http://ftpmaster.internal/ubuntu noble-proposed/multiverse s390x c-n-f Metadata [116 B] 156s Fetched 9588 kB in 11s (896 kB/s) 156s Reading package lists... 159s Reading package lists... 159s Building dependency tree... 159s Reading state information... 159s Calculating upgrade... 159s The following packages will be REMOVED: 159s libssl3 159s The following NEW packages will be installed: 159s libssl3t64 159s The following packages have been kept back: 159s curl 159s The following packages will be upgraded: 159s openssl 159s 1 upgraded, 1 newly installed, 1 to remove and 1 not upgraded. 159s Need to get 2685 kB of archives. 159s After this operation, 239 kB of additional disk space will be used. 159s Get:1 http://ftpmaster.internal/ubuntu noble-proposed/main s390x openssl s390x 3.0.13-0ubuntu2 [1010 kB] 160s Get:2 http://ftpmaster.internal/ubuntu noble-proposed/main s390x libssl3t64 s390x 3.0.13-0ubuntu2 [1675 kB] 162s Fetched 2685 kB in 2s (1341 kB/s) 162s (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 52170 files and directories currently installed.) 162s Preparing to unpack .../openssl_3.0.13-0ubuntu2_s390x.deb ... 162s Unpacking openssl (3.0.13-0ubuntu2) over (3.0.10-1ubuntu4) ... 162s dpkg: libssl3:s390x: dependency problems, but removing anyway as you requested: 162s wget depends on libssl3 (>= 3.0.0). 162s tnftp depends on libssl3 (>= 3.0.0). 162s tcpdump depends on libssl3 (>= 3.0.0). 162s systemd-resolved depends on libssl3 (>= 3.0.0). 162s systemd depends on libssl3 (>= 3.0.0). 162s sudo depends on libssl3 (>= 3.0.0). 162s s390-tools depends on libssl3 (>= 3.0.0). 162s rsync depends on libssl3 (>= 3.0.0). 162s python3-cryptography depends on libssl3 (>= 3.0.0). 162s openssh-server depends on libssl3 (>= 3.0.10). 162s openssh-client depends on libssl3 (>= 3.0.10). 162s linux-headers-6.8.0-11-generic depends on libssl3 (>= 3.0.0). 162s libsystemd-shared:s390x depends on libssl3 (>= 3.0.0). 162s libssh-4:s390x depends on libssl3 (>= 3.0.0). 162s libsasl2-modules:s390x depends on libssl3 (>= 3.0.0). 162s libsasl2-2:s390x depends on libssl3 (>= 3.0.0). 162s libpython3.12-minimal:s390x depends on libssl3 (>= 3.0.0). 162s libpython3.11-minimal:s390x depends on libssl3 (>= 3.0.0). 162s libnvme1 depends on libssl3 (>= 3.0.0). 162s libkrb5-3:s390x depends on libssl3 (>= 3.0.0). 162s libkmod2:s390x depends on libssl3 (>= 3.0.0). 162s libfido2-1:s390x depends on libssl3 (>= 3.0.0). 162s libcurl4:s390x depends on libssl3 (>= 3.0.0). 162s libcryptsetup12:s390x depends on libssl3 (>= 3.0.0). 162s kmod depends on libssl3 (>= 3.0.0). 162s dhcpcd-base depends on libssl3 (>= 3.0.0). 162s bind9-libs:s390x depends on libssl3 (>= 3.0.0). 162s 162s (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 52170 files and directories currently installed.) 162s Removing libssl3:s390x (3.0.10-1ubuntu4) ... 162s Selecting previously unselected package libssl3t64:s390x. 162s (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 52159 files and directories currently installed.) 162s Preparing to unpack .../libssl3t64_3.0.13-0ubuntu2_s390x.deb ... 162s Unpacking libssl3t64:s390x (3.0.13-0ubuntu2) ... 162s Setting up libssl3t64:s390x (3.0.13-0ubuntu2) ... 162s Setting up openssl (3.0.13-0ubuntu2) ... 162s Processing triggers for man-db (2.12.0-3) ... 162s Processing triggers for libc-bin (2.39-0ubuntu6) ... 163s Reading package lists... 163s Building dependency tree... 163s Reading state information... 163s 0 upgraded, 0 newly installed, 0 to remove and 1 not upgraded. 163s Unknown architecture, assuming PC-style ttyS0 163s sh: Attempting to set up Debian/Ubuntu apt sources automatically 163s sh: Distribution appears to be Ubuntu 164s Reading package lists... 164s Building dependency tree... 164s Reading state information... 165s eatmydata is already the newest version (131-1). 165s 0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded. 165s Reading package lists... 165s Building dependency tree... 165s Reading state information... 165s dbus is already the newest version (1.14.10-4ubuntu1). 165s 0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded. 165s Reading package lists... 165s Building dependency tree... 165s Reading state information... 166s rng-tools-debian is already the newest version (2.4). 166s 0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded. 166s Reading package lists... 166s Building dependency tree... 166s Reading state information... 166s The following packages will be REMOVED: 166s cloud-init* python3-configobj* python3-debconf* 166s 0 upgraded, 0 newly installed, 3 to remove and 0 not upgraded. 166s After this operation, 3256 kB disk space will be freed. 166s (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 52172 files and directories currently installed.) 166s Removing cloud-init (24.1.2-0ubuntu1) ... 167s Removing python3-configobj (5.0.8-3) ... 167s Removing python3-debconf (1.5.86) ... 167s Processing triggers for man-db (2.12.0-3) ... 167s (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 51783 files and directories currently installed.) 167s Purging configuration files for cloud-init (24.1.2-0ubuntu1) ... 168s dpkg: warning: while removing cloud-init, directory '/etc/cloud/cloud.cfg.d' not empty so not removed 168s Processing triggers for rsyslog (8.2312.0-3ubuntu3) ... 168s invoke-rc.d: policy-rc.d denied execution of try-restart. 168s Reading package lists... 168s Building dependency tree... 168s Reading state information... 168s linux-generic is already the newest version (6.8.0-11.11+1). 168s 0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded. 169s Get:1 http://ftpmaster.internal/ubuntu noble InRelease [255 kB] 169s Hit:2 http://ftpmaster.internal/ubuntu noble-updates InRelease 169s Hit:3 http://ftpmaster.internal/ubuntu noble-security InRelease 169s Get:4 http://ftpmaster.internal/ubuntu noble/universe Sources [19.8 MB] 173s Get:5 http://ftpmaster.internal/ubuntu noble/main Sources [1375 kB] 173s Get:6 http://ftpmaster.internal/ubuntu noble/main s390x Packages [1367 kB] 173s Get:7 http://ftpmaster.internal/ubuntu noble/universe s390x Packages [14.4 MB] 180s Fetched 37.2 MB in 11s (3416 kB/s) 181s Reading package lists... 181s Reading package lists... 181s Building dependency tree... 181s Reading state information... 182s Calculating upgrade... 182s 0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded. 182s Reading package lists... 182s Building dependency tree... 182s Reading state information... 182s 0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded. 183s autopkgtest [07:23:08]: rebooting testbed after setup commands that affected boot 239s autopkgtest [07:24:04]: testbed running kernel: Linux 6.8.0-11-generic #11-Ubuntu SMP Tue Feb 13 23:45:46 UTC 2024 242s autopkgtest [07:24:07]: @@@@@@@@@@@@@@@@@@@@ apt-source sssd 259s Get:1 http://ftpmaster.internal/ubuntu noble/main sssd 2.9.4-1ubuntu1 (dsc) [5269 B] 259s Get:2 http://ftpmaster.internal/ubuntu noble/main sssd 2.9.4-1ubuntu1 (tar) [7983 kB] 259s Get:3 http://ftpmaster.internal/ubuntu noble/main sssd 2.9.4-1ubuntu1 (asc) [833 B] 259s Get:4 http://ftpmaster.internal/ubuntu noble/main sssd 2.9.4-1ubuntu1 (diff) [48.4 kB] 259s gpgv: Signature made Mon Feb 26 21:56:54 2024 UTC 259s gpgv: using RSA key E92FD0B36B14F1F4D8E0EB2F106DA1C8C3CBBF14 259s gpgv: Can't check signature: No public key 259s dpkg-source: warning: cannot verify inline signature for ./sssd_2.9.4-1ubuntu1.dsc: no acceptable signature found 260s autopkgtest [07:24:25]: testing package sssd version 2.9.4-1ubuntu1 261s autopkgtest [07:24:26]: build not needed 263s autopkgtest [07:24:28]: test ldap-user-group-ldap-auth: preparing testbed 284s Reading package lists... 284s Building dependency tree... 284s Reading state information... 284s Starting pkgProblemResolver with broken count: 0 285s Starting 2 pkgProblemResolver with broken count: 0 285s Done 285s The following additional packages will be installed: 285s expect ldap-utils libavahi-client3 libavahi-common-data libavahi-common3 285s libbasicobjects0 libc-ares2 libcollection4 libcrack2 libdhash1 285s libevent-2.1-7 libini-config5 libipa-hbac-dev libipa-hbac0 libjose0 libkrad0 285s libldb2 libltdl7 libnfsidmap1 libnss-sss libnss-sudo libodbc2 285s libpam-pwquality libpam-sss libpath-utils1 libpwquality-common libpwquality1 285s libref-array1 libsmbclient libsss-certmap-dev libsss-certmap0 285s libsss-idmap-dev libsss-idmap0 libsss-nss-idmap-dev libsss-nss-idmap0 285s libsss-sudo libtalloc2 libtcl8.6 libtdb1 libtevent0 libverto-libevent1 285s libverto1 libwbclient0 python3-libipa-hbac python3-libsss-nss-idmap 285s python3-sss samba-libs slapd sssd sssd-ad sssd-ad-common sssd-common 285s sssd-dbus sssd-idp sssd-ipa sssd-kcm sssd-krb5 sssd-krb5-common sssd-ldap 285s sssd-passkey sssd-proxy sssd-tools tcl-expect tcl8.6 285s Suggested packages: 285s tk8.6 libsasl2-modules-gssapi-mit | libsasl2-modules-gssapi-heimdal 285s odbc-postgresql tdsodbc adcli libsasl2-modules-ldap tcl-tclreadline 285s Recommended packages: 285s cracklib-runtime libsasl2-modules-gssapi-mit 285s | libsasl2-modules-gssapi-heimdal 285s The following NEW packages will be installed: 285s autopkgtest-satdep expect ldap-utils libavahi-client3 libavahi-common-data 285s libavahi-common3 libbasicobjects0 libc-ares2 libcollection4 libcrack2 285s libdhash1 libevent-2.1-7 libini-config5 libipa-hbac-dev libipa-hbac0 285s libjose0 libkrad0 libldb2 libltdl7 libnfsidmap1 libnss-sss libnss-sudo 285s libodbc2 libpam-pwquality libpam-sss libpath-utils1 libpwquality-common 285s libpwquality1 libref-array1 libsmbclient libsss-certmap-dev libsss-certmap0 285s libsss-idmap-dev libsss-idmap0 libsss-nss-idmap-dev libsss-nss-idmap0 285s libsss-sudo libtalloc2 libtcl8.6 libtdb1 libtevent0 libverto-libevent1 285s libverto1 libwbclient0 python3-libipa-hbac python3-libsss-nss-idmap 285s python3-sss samba-libs slapd sssd sssd-ad sssd-ad-common sssd-common 285s sssd-dbus sssd-idp sssd-ipa sssd-kcm sssd-krb5 sssd-krb5-common sssd-ldap 285s sssd-passkey sssd-proxy sssd-tools tcl-expect tcl8.6 285s 0 upgraded, 65 newly installed, 0 to remove and 0 not upgraded. 285s Need to get 12.9 MB/12.9 MB of archives. 285s After this operation, 50.0 MB of additional disk space will be used. 285s Get:1 /tmp/autopkgtest.TZnWTb/1-autopkgtest-satdep.deb autopkgtest-satdep s390x 0 [864 B] 285s Get:2 http://ftpmaster.internal/ubuntu noble/main s390x libltdl7 s390x 2.4.7-7 [41.6 kB] 285s Get:3 http://ftpmaster.internal/ubuntu noble/main s390x libodbc2 s390x 2.3.12-1 [164 kB] 285s Get:4 http://ftpmaster.internal/ubuntu noble/main s390x slapd s390x 2.6.7+dfsg-1~exp1ubuntu1 [1617 kB] 286s Get:5 http://ftpmaster.internal/ubuntu noble/main s390x libtcl8.6 s390x 8.6.13+dfsg-2 [948 kB] 286s Get:6 http://ftpmaster.internal/ubuntu noble/main s390x tcl8.6 s390x 8.6.13+dfsg-2 [14.7 kB] 286s Get:7 http://ftpmaster.internal/ubuntu noble/universe s390x tcl-expect s390x 5.45.4-2build1 [99.7 kB] 286s Get:8 http://ftpmaster.internal/ubuntu noble/universe s390x expect s390x 5.45.4-2build1 [137 kB] 286s Get:9 http://ftpmaster.internal/ubuntu noble/main s390x ldap-utils s390x 2.6.7+dfsg-1~exp1ubuntu1 [165 kB] 286s Get:10 http://ftpmaster.internal/ubuntu noble/main s390x libavahi-common-data s390x 0.8-13ubuntu2 [29.5 kB] 286s Get:11 http://ftpmaster.internal/ubuntu noble/main s390x libavahi-common3 s390x 0.8-13ubuntu2 [23.8 kB] 286s Get:12 http://ftpmaster.internal/ubuntu noble/main s390x libavahi-client3 s390x 0.8-13ubuntu2 [26.7 kB] 286s Get:13 http://ftpmaster.internal/ubuntu noble/main s390x libcrack2 s390x 2.9.6-5.1 [29.6 kB] 286s Get:14 http://ftpmaster.internal/ubuntu noble/main s390x libevent-2.1-7 s390x 2.1.12-stable-9 [144 kB] 286s Get:15 http://ftpmaster.internal/ubuntu noble/universe s390x libjose0 s390x 11-3 [45.2 kB] 286s Get:16 http://ftpmaster.internal/ubuntu noble/main s390x libverto-libevent1 s390x 0.3.1-1ubuntu5 [5810 B] 286s Get:17 http://ftpmaster.internal/ubuntu noble/main s390x libverto1 s390x 0.3.1-1ubuntu5 [10.6 kB] 286s Get:18 http://ftpmaster.internal/ubuntu noble/main s390x libkrad0 s390x 1.20.1-5build1 [22.0 kB] 286s Get:19 http://ftpmaster.internal/ubuntu noble/main s390x libtalloc2 s390x 2.4.2-1 [28.3 kB] 286s Get:20 http://ftpmaster.internal/ubuntu noble/main s390x libtdb1 s390x 1.4.10-1 [49.9 kB] 286s Get:21 http://ftpmaster.internal/ubuntu noble/main s390x libtevent0 s390x 0.16.1-1 [43.1 kB] 286s Get:22 http://ftpmaster.internal/ubuntu noble/main s390x libldb2 s390x 2:2.8.0+samba4.19.5+dfsg-1ubuntu1 [191 kB] 286s Get:23 http://ftpmaster.internal/ubuntu noble/main s390x libnfsidmap1 s390x 1:2.6.3-3ubuntu1 [49.0 kB] 286s Get:24 http://ftpmaster.internal/ubuntu noble/universe s390x libnss-sudo all 1.9.15p5-3ubuntu1 [14.9 kB] 286s Get:25 http://ftpmaster.internal/ubuntu noble/main s390x libpwquality-common all 1.4.5-3 [7658 B] 286s Get:26 http://ftpmaster.internal/ubuntu noble/main s390x libpwquality1 s390x 1.4.5-3 [14.7 kB] 286s Get:27 http://ftpmaster.internal/ubuntu noble/main s390x libpam-pwquality s390x 1.4.5-3 [11.6 kB] 286s Get:28 http://ftpmaster.internal/ubuntu noble/main s390x libwbclient0 s390x 2:4.19.5+dfsg-1ubuntu1 [70.3 kB] 286s Get:29 http://ftpmaster.internal/ubuntu noble/main s390x samba-libs s390x 2:4.19.5+dfsg-1ubuntu1 [6231 kB] 286s Get:30 http://ftpmaster.internal/ubuntu noble/main s390x libnss-sss s390x 2.9.4-1ubuntu1 [32.6 kB] 286s Get:31 http://ftpmaster.internal/ubuntu noble/main s390x libpam-sss s390x 2.9.4-1ubuntu1 [51.9 kB] 286s Get:32 http://ftpmaster.internal/ubuntu noble/main s390x python3-sss s390x 2.9.4-1ubuntu1 [46.6 kB] 286s Get:33 http://ftpmaster.internal/ubuntu noble/main s390x libc-ares2 s390x 1.27.0-1 [79.2 kB] 286s Get:34 http://ftpmaster.internal/ubuntu noble/main s390x libdhash1 s390x 0.6.2-2 [8648 B] 286s Get:35 http://ftpmaster.internal/ubuntu noble/main s390x libbasicobjects0 s390x 0.6.2-2 [5476 B] 286s Get:36 http://ftpmaster.internal/ubuntu noble/main s390x libcollection4 s390x 0.6.2-2 [23.2 kB] 286s Get:37 http://ftpmaster.internal/ubuntu noble/main s390x libpath-utils1 s390x 0.6.2-2 [8994 B] 286s Get:38 http://ftpmaster.internal/ubuntu noble/main s390x libref-array1 s390x 0.6.2-2 [6880 B] 286s Get:39 http://ftpmaster.internal/ubuntu noble/main s390x libini-config5 s390x 0.6.2-2 [45.3 kB] 286s Get:40 http://ftpmaster.internal/ubuntu noble/main s390x libsss-certmap0 s390x 2.9.4-1ubuntu1 [46.7 kB] 286s Get:41 http://ftpmaster.internal/ubuntu noble/main s390x libsss-idmap0 s390x 2.9.4-1ubuntu1 [22.1 kB] 286s Get:42 http://ftpmaster.internal/ubuntu noble/main s390x libsss-nss-idmap0 s390x 2.9.4-1ubuntu1 [31.4 kB] 286s Get:43 http://ftpmaster.internal/ubuntu noble/main s390x sssd-common s390x 2.9.4-1ubuntu1 [1125 kB] 286s Get:44 http://ftpmaster.internal/ubuntu noble/universe s390x sssd-idp s390x 2.9.4-1ubuntu1 [27.3 kB] 286s Get:45 http://ftpmaster.internal/ubuntu noble/universe s390x sssd-passkey s390x 2.9.4-1ubuntu1 [32.3 kB] 286s Get:46 http://ftpmaster.internal/ubuntu noble/main s390x sssd-ad-common s390x 2.9.4-1ubuntu1 [74.8 kB] 286s Get:47 http://ftpmaster.internal/ubuntu noble/main s390x sssd-krb5-common s390x 2.9.4-1ubuntu1 [90.3 kB] 287s Get:48 http://ftpmaster.internal/ubuntu noble/main s390x libsmbclient s390x 2:4.19.5+dfsg-1ubuntu1 [65.1 kB] 287s Get:49 http://ftpmaster.internal/ubuntu noble/main s390x sssd-ad s390x 2.9.4-1ubuntu1 [133 kB] 287s Get:50 http://ftpmaster.internal/ubuntu noble/main s390x libipa-hbac0 s390x 2.9.4-1ubuntu1 [16.8 kB] 287s Get:51 http://ftpmaster.internal/ubuntu noble/main s390x sssd-ipa s390x 2.9.4-1ubuntu1 [215 kB] 287s Get:52 http://ftpmaster.internal/ubuntu noble/main s390x sssd-krb5 s390x 2.9.4-1ubuntu1 [14.4 kB] 287s Get:53 http://ftpmaster.internal/ubuntu noble/main s390x sssd-ldap s390x 2.9.4-1ubuntu1 [31.0 kB] 287s Get:54 http://ftpmaster.internal/ubuntu noble/main s390x sssd-proxy s390x 2.9.4-1ubuntu1 [43.9 kB] 287s Get:55 http://ftpmaster.internal/ubuntu noble/main s390x sssd s390x 2.9.4-1ubuntu1 [4120 B] 287s Get:56 http://ftpmaster.internal/ubuntu noble/main s390x sssd-dbus s390x 2.9.4-1ubuntu1 [101 kB] 287s Get:57 http://ftpmaster.internal/ubuntu noble/universe s390x sssd-kcm s390x 2.9.4-1ubuntu1 [137 kB] 287s Get:58 http://ftpmaster.internal/ubuntu noble/main s390x sssd-tools s390x 2.9.4-1ubuntu1 [97.6 kB] 287s Get:59 http://ftpmaster.internal/ubuntu noble/main s390x libipa-hbac-dev s390x 2.9.4-1ubuntu1 [6660 B] 287s Get:60 http://ftpmaster.internal/ubuntu noble/main s390x libsss-certmap-dev s390x 2.9.4-1ubuntu1 [5734 B] 287s Get:61 http://ftpmaster.internal/ubuntu noble/main s390x libsss-idmap-dev s390x 2.9.4-1ubuntu1 [8376 B] 287s Get:62 http://ftpmaster.internal/ubuntu noble/main s390x libsss-nss-idmap-dev s390x 2.9.4-1ubuntu1 [6708 B] 287s Get:63 http://ftpmaster.internal/ubuntu noble/universe s390x libsss-sudo s390x 2.9.4-1ubuntu1 [21.3 kB] 287s Get:64 http://ftpmaster.internal/ubuntu noble/universe s390x python3-libipa-hbac s390x 2.9.4-1ubuntu1 [16.9 kB] 287s Get:65 http://ftpmaster.internal/ubuntu noble/universe s390x python3-libsss-nss-idmap s390x 2.9.4-1ubuntu1 [9140 B] 287s Preconfiguring packages ... 287s Fetched 12.9 MB in 2s (7441 kB/s) 287s Selecting previously unselected package libltdl7:s390x. 287s (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 51728 files and directories currently installed.) 287s Preparing to unpack .../00-libltdl7_2.4.7-7_s390x.deb ... 287s Unpacking libltdl7:s390x (2.4.7-7) ... 287s Selecting previously unselected package libodbc2:s390x. 287s Preparing to unpack .../01-libodbc2_2.3.12-1_s390x.deb ... 287s Unpacking libodbc2:s390x (2.3.12-1) ... 287s Selecting previously unselected package slapd. 287s Preparing to unpack .../02-slapd_2.6.7+dfsg-1~exp1ubuntu1_s390x.deb ... 287s Unpacking slapd (2.6.7+dfsg-1~exp1ubuntu1) ... 287s Selecting previously unselected package libtcl8.6:s390x. 287s Preparing to unpack .../03-libtcl8.6_8.6.13+dfsg-2_s390x.deb ... 287s Unpacking libtcl8.6:s390x (8.6.13+dfsg-2) ... 288s Selecting previously unselected package tcl8.6. 288s Preparing to unpack .../04-tcl8.6_8.6.13+dfsg-2_s390x.deb ... 288s Unpacking tcl8.6 (8.6.13+dfsg-2) ... 288s Selecting previously unselected package tcl-expect:s390x. 288s Preparing to unpack .../05-tcl-expect_5.45.4-2build1_s390x.deb ... 288s Unpacking tcl-expect:s390x (5.45.4-2build1) ... 288s Selecting previously unselected package expect. 288s Preparing to unpack .../06-expect_5.45.4-2build1_s390x.deb ... 288s Unpacking expect (5.45.4-2build1) ... 288s Selecting previously unselected package ldap-utils. 288s Preparing to unpack .../07-ldap-utils_2.6.7+dfsg-1~exp1ubuntu1_s390x.deb ... 288s Unpacking ldap-utils (2.6.7+dfsg-1~exp1ubuntu1) ... 288s Selecting previously unselected package libavahi-common-data:s390x. 288s Preparing to unpack .../08-libavahi-common-data_0.8-13ubuntu2_s390x.deb ... 288s Unpacking libavahi-common-data:s390x (0.8-13ubuntu2) ... 288s Selecting previously unselected package libavahi-common3:s390x. 288s Preparing to unpack .../09-libavahi-common3_0.8-13ubuntu2_s390x.deb ... 288s Unpacking libavahi-common3:s390x (0.8-13ubuntu2) ... 288s Selecting previously unselected package libavahi-client3:s390x. 288s Preparing to unpack .../10-libavahi-client3_0.8-13ubuntu2_s390x.deb ... 288s Unpacking libavahi-client3:s390x (0.8-13ubuntu2) ... 288s Selecting previously unselected package libcrack2:s390x. 288s Preparing to unpack .../11-libcrack2_2.9.6-5.1_s390x.deb ... 288s Unpacking libcrack2:s390x (2.9.6-5.1) ... 288s Selecting previously unselected package libevent-2.1-7:s390x. 288s Preparing to unpack .../12-libevent-2.1-7_2.1.12-stable-9_s390x.deb ... 288s Unpacking libevent-2.1-7:s390x (2.1.12-stable-9) ... 288s Selecting previously unselected package libjose0:s390x. 288s Preparing to unpack .../13-libjose0_11-3_s390x.deb ... 288s Unpacking libjose0:s390x (11-3) ... 288s Selecting previously unselected package libverto-libevent1:s390x. 288s Preparing to unpack .../14-libverto-libevent1_0.3.1-1ubuntu5_s390x.deb ... 288s Unpacking libverto-libevent1:s390x (0.3.1-1ubuntu5) ... 288s Selecting previously unselected package libverto1:s390x. 288s Preparing to unpack .../15-libverto1_0.3.1-1ubuntu5_s390x.deb ... 288s Unpacking libverto1:s390x (0.3.1-1ubuntu5) ... 288s Selecting previously unselected package libkrad0:s390x. 288s Preparing to unpack .../16-libkrad0_1.20.1-5build1_s390x.deb ... 288s Unpacking libkrad0:s390x (1.20.1-5build1) ... 288s Selecting previously unselected package libtalloc2:s390x. 288s Preparing to unpack .../17-libtalloc2_2.4.2-1_s390x.deb ... 288s Unpacking libtalloc2:s390x (2.4.2-1) ... 288s Selecting previously unselected package libtdb1:s390x. 288s Preparing to unpack .../18-libtdb1_1.4.10-1_s390x.deb ... 288s Unpacking libtdb1:s390x (1.4.10-1) ... 288s Selecting previously unselected package libtevent0:s390x. 288s Preparing to unpack .../19-libtevent0_0.16.1-1_s390x.deb ... 288s Unpacking libtevent0:s390x (0.16.1-1) ... 288s Selecting previously unselected package libldb2:s390x. 288s Preparing to unpack .../20-libldb2_2%3a2.8.0+samba4.19.5+dfsg-1ubuntu1_s390x.deb ... 288s Unpacking libldb2:s390x (2:2.8.0+samba4.19.5+dfsg-1ubuntu1) ... 288s Selecting previously unselected package libnfsidmap1:s390x. 288s Preparing to unpack .../21-libnfsidmap1_1%3a2.6.3-3ubuntu1_s390x.deb ... 288s Unpacking libnfsidmap1:s390x (1:2.6.3-3ubuntu1) ... 288s Selecting previously unselected package libnss-sudo. 288s Preparing to unpack .../22-libnss-sudo_1.9.15p5-3ubuntu1_all.deb ... 288s Unpacking libnss-sudo (1.9.15p5-3ubuntu1) ... 288s Selecting previously unselected package libpwquality-common. 288s Preparing to unpack .../23-libpwquality-common_1.4.5-3_all.deb ... 288s Unpacking libpwquality-common (1.4.5-3) ... 288s Selecting previously unselected package libpwquality1:s390x. 288s Preparing to unpack .../24-libpwquality1_1.4.5-3_s390x.deb ... 288s Unpacking libpwquality1:s390x (1.4.5-3) ... 288s Selecting previously unselected package libpam-pwquality:s390x. 288s Preparing to unpack .../25-libpam-pwquality_1.4.5-3_s390x.deb ... 288s Unpacking libpam-pwquality:s390x (1.4.5-3) ... 288s Selecting previously unselected package libwbclient0:s390x. 288s Preparing to unpack .../26-libwbclient0_2%3a4.19.5+dfsg-1ubuntu1_s390x.deb ... 288s Unpacking libwbclient0:s390x (2:4.19.5+dfsg-1ubuntu1) ... 288s Selecting previously unselected package samba-libs:s390x. 288s Preparing to unpack .../27-samba-libs_2%3a4.19.5+dfsg-1ubuntu1_s390x.deb ... 288s Unpacking samba-libs:s390x (2:4.19.5+dfsg-1ubuntu1) ... 288s Selecting previously unselected package libnss-sss:s390x. 288s Preparing to unpack .../28-libnss-sss_2.9.4-1ubuntu1_s390x.deb ... 288s Unpacking libnss-sss:s390x (2.9.4-1ubuntu1) ... 288s Selecting previously unselected package libpam-sss:s390x. 288s Preparing to unpack .../29-libpam-sss_2.9.4-1ubuntu1_s390x.deb ... 288s Unpacking libpam-sss:s390x (2.9.4-1ubuntu1) ... 288s Selecting previously unselected package python3-sss. 288s Preparing to unpack .../30-python3-sss_2.9.4-1ubuntu1_s390x.deb ... 288s Unpacking python3-sss (2.9.4-1ubuntu1) ... 288s Selecting previously unselected package libc-ares2:s390x. 288s Preparing to unpack .../31-libc-ares2_1.27.0-1_s390x.deb ... 288s Unpacking libc-ares2:s390x (1.27.0-1) ... 288s Selecting previously unselected package libdhash1:s390x. 288s Preparing to unpack .../32-libdhash1_0.6.2-2_s390x.deb ... 288s Unpacking libdhash1:s390x (0.6.2-2) ... 288s Selecting previously unselected package libbasicobjects0:s390x. 288s Preparing to unpack .../33-libbasicobjects0_0.6.2-2_s390x.deb ... 288s Unpacking libbasicobjects0:s390x (0.6.2-2) ... 288s Selecting previously unselected package libcollection4:s390x. 288s Preparing to unpack .../34-libcollection4_0.6.2-2_s390x.deb ... 288s Unpacking libcollection4:s390x (0.6.2-2) ... 288s Selecting previously unselected package libpath-utils1:s390x. 288s Preparing to unpack .../35-libpath-utils1_0.6.2-2_s390x.deb ... 288s Unpacking libpath-utils1:s390x (0.6.2-2) ... 288s Selecting previously unselected package libref-array1:s390x. 288s Preparing to unpack .../36-libref-array1_0.6.2-2_s390x.deb ... 288s Unpacking libref-array1:s390x (0.6.2-2) ... 288s Selecting previously unselected package libini-config5:s390x. 288s Preparing to unpack .../37-libini-config5_0.6.2-2_s390x.deb ... 288s Unpacking libini-config5:s390x (0.6.2-2) ... 288s Selecting previously unselected package libsss-certmap0. 289s Preparing to unpack .../38-libsss-certmap0_2.9.4-1ubuntu1_s390x.deb ... 289s Unpacking libsss-certmap0 (2.9.4-1ubuntu1) ... 289s Selecting previously unselected package libsss-idmap0. 289s Preparing to unpack .../39-libsss-idmap0_2.9.4-1ubuntu1_s390x.deb ... 289s Unpacking libsss-idmap0 (2.9.4-1ubuntu1) ... 289s Selecting previously unselected package libsss-nss-idmap0. 289s Preparing to unpack .../40-libsss-nss-idmap0_2.9.4-1ubuntu1_s390x.deb ... 289s Unpacking libsss-nss-idmap0 (2.9.4-1ubuntu1) ... 289s Selecting previously unselected package sssd-common. 289s Preparing to unpack .../41-sssd-common_2.9.4-1ubuntu1_s390x.deb ... 289s Unpacking sssd-common (2.9.4-1ubuntu1) ... 289s Selecting previously unselected package sssd-idp. 289s Preparing to unpack .../42-sssd-idp_2.9.4-1ubuntu1_s390x.deb ... 289s Unpacking sssd-idp (2.9.4-1ubuntu1) ... 289s Selecting previously unselected package sssd-passkey. 289s Preparing to unpack .../43-sssd-passkey_2.9.4-1ubuntu1_s390x.deb ... 289s Unpacking sssd-passkey (2.9.4-1ubuntu1) ... 289s Selecting previously unselected package sssd-ad-common. 289s Preparing to unpack .../44-sssd-ad-common_2.9.4-1ubuntu1_s390x.deb ... 289s Unpacking sssd-ad-common (2.9.4-1ubuntu1) ... 289s Selecting previously unselected package sssd-krb5-common. 289s Preparing to unpack .../45-sssd-krb5-common_2.9.4-1ubuntu1_s390x.deb ... 289s Unpacking sssd-krb5-common (2.9.4-1ubuntu1) ... 289s Selecting previously unselected package libsmbclient:s390x. 289s Preparing to unpack .../46-libsmbclient_2%3a4.19.5+dfsg-1ubuntu1_s390x.deb ... 289s Unpacking libsmbclient:s390x (2:4.19.5+dfsg-1ubuntu1) ... 289s Selecting previously unselected package sssd-ad. 289s Preparing to unpack .../47-sssd-ad_2.9.4-1ubuntu1_s390x.deb ... 289s Unpacking sssd-ad (2.9.4-1ubuntu1) ... 289s Selecting previously unselected package libipa-hbac0. 289s Preparing to unpack .../48-libipa-hbac0_2.9.4-1ubuntu1_s390x.deb ... 289s Unpacking libipa-hbac0 (2.9.4-1ubuntu1) ... 289s Selecting previously unselected package sssd-ipa. 289s Preparing to unpack .../49-sssd-ipa_2.9.4-1ubuntu1_s390x.deb ... 289s Unpacking sssd-ipa (2.9.4-1ubuntu1) ... 289s Selecting previously unselected package sssd-krb5. 289s Preparing to unpack .../50-sssd-krb5_2.9.4-1ubuntu1_s390x.deb ... 289s Unpacking sssd-krb5 (2.9.4-1ubuntu1) ... 289s Selecting previously unselected package sssd-ldap. 289s Preparing to unpack .../51-sssd-ldap_2.9.4-1ubuntu1_s390x.deb ... 289s Unpacking sssd-ldap (2.9.4-1ubuntu1) ... 289s Selecting previously unselected package sssd-proxy. 289s Preparing to unpack .../52-sssd-proxy_2.9.4-1ubuntu1_s390x.deb ... 289s Unpacking sssd-proxy (2.9.4-1ubuntu1) ... 289s Selecting previously unselected package sssd. 289s Preparing to unpack .../53-sssd_2.9.4-1ubuntu1_s390x.deb ... 289s Unpacking sssd (2.9.4-1ubuntu1) ... 289s Selecting previously unselected package sssd-dbus. 289s Preparing to unpack .../54-sssd-dbus_2.9.4-1ubuntu1_s390x.deb ... 289s Unpacking sssd-dbus (2.9.4-1ubuntu1) ... 289s Selecting previously unselected package sssd-kcm. 289s Preparing to unpack .../55-sssd-kcm_2.9.4-1ubuntu1_s390x.deb ... 289s Unpacking sssd-kcm (2.9.4-1ubuntu1) ... 289s Selecting previously unselected package sssd-tools. 289s Preparing to unpack .../56-sssd-tools_2.9.4-1ubuntu1_s390x.deb ... 289s Unpacking sssd-tools (2.9.4-1ubuntu1) ... 289s Selecting previously unselected package libipa-hbac-dev. 289s Preparing to unpack .../57-libipa-hbac-dev_2.9.4-1ubuntu1_s390x.deb ... 289s Unpacking libipa-hbac-dev (2.9.4-1ubuntu1) ... 289s Selecting previously unselected package libsss-certmap-dev. 289s Preparing to unpack .../58-libsss-certmap-dev_2.9.4-1ubuntu1_s390x.deb ... 289s Unpacking libsss-certmap-dev (2.9.4-1ubuntu1) ... 289s Selecting previously unselected package libsss-idmap-dev. 289s Preparing to unpack .../59-libsss-idmap-dev_2.9.4-1ubuntu1_s390x.deb ... 289s Unpacking libsss-idmap-dev (2.9.4-1ubuntu1) ... 289s Selecting previously unselected package libsss-nss-idmap-dev. 289s Preparing to unpack .../60-libsss-nss-idmap-dev_2.9.4-1ubuntu1_s390x.deb ... 289s Unpacking libsss-nss-idmap-dev (2.9.4-1ubuntu1) ... 289s Selecting previously unselected package libsss-sudo. 289s Preparing to unpack .../61-libsss-sudo_2.9.4-1ubuntu1_s390x.deb ... 289s Unpacking libsss-sudo (2.9.4-1ubuntu1) ... 289s Selecting previously unselected package python3-libipa-hbac. 289s Preparing to unpack .../62-python3-libipa-hbac_2.9.4-1ubuntu1_s390x.deb ... 289s Unpacking python3-libipa-hbac (2.9.4-1ubuntu1) ... 289s Selecting previously unselected package python3-libsss-nss-idmap. 289s Preparing to unpack .../63-python3-libsss-nss-idmap_2.9.4-1ubuntu1_s390x.deb ... 289s Unpacking python3-libsss-nss-idmap (2.9.4-1ubuntu1) ... 289s Selecting previously unselected package autopkgtest-satdep. 289s Preparing to unpack .../64-1-autopkgtest-satdep.deb ... 289s Unpacking autopkgtest-satdep (0) ... 289s Setting up libpwquality-common (1.4.5-3) ... 289s Setting up libpath-utils1:s390x (0.6.2-2) ... 289s Setting up libnfsidmap1:s390x (1:2.6.3-3ubuntu1) ... 289s Setting up libsss-idmap0 (2.9.4-1ubuntu1) ... 289s Setting up libbasicobjects0:s390x (0.6.2-2) ... 289s Setting up libsss-idmap-dev (2.9.4-1ubuntu1) ... 289s Setting up libtdb1:s390x (1.4.10-1) ... 289s Setting up libc-ares2:s390x (1.27.0-1) ... 289s Setting up ldap-utils (2.6.7+dfsg-1~exp1ubuntu1) ... 289s Setting up libjose0:s390x (11-3) ... 289s Setting up libwbclient0:s390x (2:4.19.5+dfsg-1ubuntu1) ... 289s Setting up libtalloc2:s390x (2.4.2-1) ... 289s Setting up libdhash1:s390x (0.6.2-2) ... 289s Setting up libtevent0:s390x (0.16.1-1) ... 289s Setting up libavahi-common-data:s390x (0.8-13ubuntu2) ... 289s Setting up libevent-2.1-7:s390x (2.1.12-stable-9) ... 289s Setting up libtcl8.6:s390x (8.6.13+dfsg-2) ... 289s Setting up libltdl7:s390x (2.4.7-7) ... 289s Setting up libcrack2:s390x (2.9.6-5.1) ... 289s Setting up libcollection4:s390x (0.6.2-2) ... 289s Setting up libodbc2:s390x (2.3.12-1) ... 289s Setting up libipa-hbac0 (2.9.4-1ubuntu1) ... 289s Setting up python3-libipa-hbac (2.9.4-1ubuntu1) ... 289s Setting up libref-array1:s390x (0.6.2-2) ... 289s Setting up libnss-sudo (1.9.15p5-3ubuntu1) ... 289s Setting up libldb2:s390x (2:2.8.0+samba4.19.5+dfsg-1ubuntu1) ... 289s Setting up libsss-nss-idmap0 (2.9.4-1ubuntu1) ... 289s Setting up libnss-sss:s390x (2.9.4-1ubuntu1) ... 289s Setting up slapd (2.6.7+dfsg-1~exp1ubuntu1) ... 290s Creating new user openldap... done. 290s Creating initial configuration... done. 290s Creating LDAP directory... done. 290s Setting up tcl8.6 (8.6.13+dfsg-2) ... 290s Setting up libsss-sudo (2.9.4-1ubuntu1) ... 290s Setting up libsss-nss-idmap-dev (2.9.4-1ubuntu1) ... 290s Setting up libipa-hbac-dev (2.9.4-1ubuntu1) ... 290s Setting up libini-config5:s390x (0.6.2-2) ... 290s Setting up libavahi-common3:s390x (0.8-13ubuntu2) ... 290s Setting up tcl-expect:s390x (5.45.4-2build1) ... 290s Setting up python3-sss (2.9.4-1ubuntu1) ... 290s Setting up libsss-certmap0 (2.9.4-1ubuntu1) ... 290s Setting up libpwquality1:s390x (1.4.5-3) ... 290s Setting up python3-libsss-nss-idmap (2.9.4-1ubuntu1) ... 290s Setting up libavahi-client3:s390x (0.8-13ubuntu2) ... 290s Setting up expect (5.45.4-2build1) ... 290s Setting up libpam-pwquality:s390x (1.4.5-3) ... 291s Setting up samba-libs:s390x (2:4.19.5+dfsg-1ubuntu1) ... 291s Setting up libsss-certmap-dev (2.9.4-1ubuntu1) ... 291s Setting up libsmbclient:s390x (2:4.19.5+dfsg-1ubuntu1) ... 291s Setting up libpam-sss:s390x (2.9.4-1ubuntu1) ... 291s Setting up sssd-common (2.9.4-1ubuntu1) ... 291s Creating SSSD system user & group... 291s warn: The home directory `/var/lib/sss' already exists. Not touching this directory. 291s warn: Warning: The home directory `/var/lib/sss' does not belong to the user you are currently creating. 291s Warning: found usr.sbin.sssd in /etc/apparmor.d/force-complain, forcing complain mode 291s Warning from /etc/apparmor.d/usr.sbin.sssd (/etc/apparmor.d/usr.sbin.sssd line 63): Caching disabled for: 'usr.sbin.sssd' due to force complain 291s Created symlink /etc/systemd/system/sssd.service.wants/sssd-autofs.socket → /usr/lib/systemd/system/sssd-autofs.socket. 292s Created symlink /etc/systemd/system/sssd.service.wants/sssd-nss.socket → /usr/lib/systemd/system/sssd-nss.socket. 292s Created symlink /etc/systemd/system/sssd.service.wants/sssd-pam-priv.socket → /usr/lib/systemd/system/sssd-pam-priv.socket. 292s Created symlink /etc/systemd/system/sssd.service.wants/sssd-pam.socket → /usr/lib/systemd/system/sssd-pam.socket. 292s Created symlink /etc/systemd/system/sssd.service.wants/sssd-ssh.socket → /usr/lib/systemd/system/sssd-ssh.socket. 293s Created symlink /etc/systemd/system/sssd.service.wants/sssd-sudo.socket → /usr/lib/systemd/system/sssd-sudo.socket. 293s Created symlink /etc/systemd/system/multi-user.target.wants/sssd.service → /usr/lib/systemd/system/sssd.service. 293s sssd-autofs.service is a disabled or a static unit, not starting it. 293s sssd-nss.service is a disabled or a static unit, not starting it. 293s sssd-pam.service is a disabled or a static unit, not starting it. 293s sssd-ssh.service is a disabled or a static unit, not starting it. 293s sssd-sudo.service is a disabled or a static unit, not starting it. 293s Could not execute systemctl: at /usr/bin/deb-systemd-invoke line 148. 293s Setting up sssd-proxy (2.9.4-1ubuntu1) ... 293s Setting up sssd-kcm (2.9.4-1ubuntu1) ... 293s Created symlink /etc/systemd/system/sockets.target.wants/sssd-kcm.socket → /usr/lib/systemd/system/sssd-kcm.socket. 294s sssd-kcm.service is a disabled or a static unit, not starting it. 294s Setting up sssd-dbus (2.9.4-1ubuntu1) ... 294s sssd-ifp.service is a disabled or a static unit, not starting it. 294s Setting up sssd-ad-common (2.9.4-1ubuntu1) ... 294s Created symlink /etc/systemd/system/sssd.service.wants/sssd-pac.socket → /usr/lib/systemd/system/sssd-pac.socket. 295s sssd-pac.service is a disabled or a static unit, not starting it. 295s Could not execute systemctl: at /usr/bin/deb-systemd-invoke line 148. 295s Setting up sssd-krb5-common (2.9.4-1ubuntu1) ... 295s Setting up sssd-krb5 (2.9.4-1ubuntu1) ... 295s Setting up sssd-ldap (2.9.4-1ubuntu1) ... 295s Setting up sssd-ad (2.9.4-1ubuntu1) ... 295s Setting up sssd-tools (2.9.4-1ubuntu1) ... 295s Setting up sssd-ipa (2.9.4-1ubuntu1) ... 295s Setting up sssd (2.9.4-1ubuntu1) ... 295s Setting up libverto-libevent1:s390x (0.3.1-1ubuntu5) ... 295s Setting up libverto1:s390x (0.3.1-1ubuntu5) ... 295s Setting up libkrad0:s390x (1.20.1-5build1) ... 295s Setting up sssd-passkey (2.9.4-1ubuntu1) ... 295s Setting up sssd-idp (2.9.4-1ubuntu1) ... 295s Setting up autopkgtest-satdep (0) ... 295s Processing triggers for libc-bin (2.39-0ubuntu6) ... 295s Processing triggers for ufw (0.36.2-5) ... 295s Processing triggers for man-db (2.12.0-3) ... 296s Processing triggers for dbus (1.14.10-4ubuntu1) ... 308s (Reading database ... 53013 files and directories currently installed.) 308s Removing autopkgtest-satdep (0) ... 308s autopkgtest [07:25:13]: test ldap-user-group-ldap-auth: [----------------------- 309s + . debian/tests/util 309s + . debian/tests/common-tests 309s + mydomain=example.com 309s + myhostname=ldap.example.com 309s + mysuffix=dc=example,dc=com 309s + admin_dn=cn=admin,dc=example,dc=com 309s + admin_pw=secret 309s + ldap_user=testuser1 309s + ldap_user_pw=testuser1secret 309s + ldap_group=ldapusers 309s + adjust_hostname ldap.example.com 309s + local myhostname=ldap.example.com 309s + echo ldap.example.com 309s + hostname ldap.example.com 309s + grep -qE ldap.example.com /etc/hosts 309s + echo 127.0.1.10 ldap.example.com 309s + reconfigure_slapd 309s + debconf-set-selections 309s + rm -rf /var/backups/*slapd* /var/backups/unknown*ldapdb 309s + dpkg-reconfigure -fnoninteractive -pcritical slapd 309s Backing up /etc/ldap/slapd.d in /var/backups/slapd-2.6.7+dfsg-1~exp1ubuntu1... done. 309s Moving old database directory to /var/backups: 309s - directory unknown... done. 309s Creating initial configuration... done. 309s Creating LDAP directory... done. 310s + generate_certs ldap.example.com 310s + local cn=ldap.example.com 310s + local cert=/etc/ldap/server.pem 310s + local key=/etc/ldap/server.key 310s + local cnf=/etc/ldap/openssl.cnf 310s + cat 310s + openssl req -new -x509 -nodes -out /etc/ldap/server.pem -keyout /etc/ldap/server.key -config /etc/ldap/openssl.cnf 310s ......................................++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 310s .................++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 310s ----- 310s + chmod 0640 /etc/ldap/server.key 310s + chgrp openldap /etc/ldap/server.key 310s + [ ! -f /etc/ldap/server.pem ] 310s + [ ! -f /etc/ldap/server.key ] 310s + enable_ldap_ssl 310s + cat 310s + cat 310s + ldapmodify -H ldapi:/// -Y EXTERNAL -Q 310s + populate_ldap_rfc2307 310s + + catldapadd -x 310s -D cn=admin,dc=example,dc=com -w secret 310s modifying entry "cn=config" 310s 310s adding new entry "ou=People,dc=example,dc=com" 310s 310s adding new entry "ou=Group,dc=example,dc=com" 310s 310s adding new entry "uid=testuser1,ou=People,dc=example,dc=com" 310s 310s adding new entry "cn=testuser1,ou=Group,dc=example,dc=com" 310s 310s adding new entry "cn=ldapusers,ou=Group,dc=example,dc=com" 310s 310s + configure_sssd_ldap_rfc2307 310s + cat 310s + chmod 0600 /etc/sssd/sssd.conf 310s + systemctl restart sssd 310s + enable_pam_mkhomedir 310s + grep -qE ^session.*pam_mkhomedir\.so /etc/pam.d/common-session 310s + echo session optional pam_mkhomedir.so 310s + run_common_tests 310s + echo Assert local user databases do not have our LDAP test data 310s + check_local_user testuser1 310s + local local_user=testuser1 310s + grep -q ^testuser1 /etc/passwd 310s Assert local user databases do not have our LDAP test data 310s + check_local_group testuser1 310s + local local_group=testuser1 310s + grep -q ^testuser1 /etc/group 310s + check_local_group ldapusers 310s + local local_group=ldapusers 310s + grep -q ^ldapusers /etc/group 310s + The LDAP user is known to the system via getent 310s echo The LDAP user is known to the system via getent 310s + check_getent_user testuser1 310s + local getent_user=testuser1 310s + local output 310s + getent passwd testuser1 310s The LDAP user's private group is known to the system via getent 310s + output=testuser1:*:10001:10001:testuser1:/home/testuser1:/bin/bash 310s + [ -z testuser1:*:10001:10001:testuser1:/home/testuser1:/bin/bash ] 310s + echo The LDAP user's private group is known to the system via getent 310s + check_getent_group testuser1 310s + local getent_group=testuser1 310s + local output 310s + getent group testuser1 310s The LDAP group ldapusers is known to the system via getent 310s + output=testuser1:*:10001:testuser1 310s + [ -z testuser1:*:10001:testuser1 ] 310s + echo The LDAP group ldapusers is known to the system via getent 310s + check_getent_group ldapusers 310s + local getent_group=ldapusers 310s + local output 310s + getent group ldapusers 310s + output=ldapusers:*:10100:testuser1 310s + [ -z ldapusers:*:10100:testuser1 ] 310s + echo The id(1) command can resolve the group membership of the LDAP user 310s The id(1) command can resolve the group membership of the LDAP user 310s + id -Gn testuser1 310s + output=testuser1 ldapusers 310s + [ testuser1 ldapusers != testuser1 ldapusers ] 310s + echo The LDAP user can login on a terminal 310s + /usr/bin/expectThe LDAP user can login on a terminal 310s -f debian/tests/login.exp testuser1 testuser1secret 310s spawn login 310s ldap.example.com login: testuser1 310s Password: 310s Welcome to Ubuntu Noble Numbat (development branch) (GNU/Linux 6.8.0-11-generic s390x) 310s 310s * Documentation: https://help.ubuntu.com 310s * Management: https://landscape.canonical.com 310s * Support: https://ubuntu.com/pro 310s 310s 310s The programs included with the Ubuntu system are free software; 310s the exact distribution terms for each program are described in the 310s individual files in /usr/share/doc/*/copyright. 310s 310s Ubuntu comes with ABSOLUTELY NO WARRANTY, to the extent permitted by 310s applicable law. 310s 310s 310s The programs included with the Ubuntu system are free software; 310s the exact distribution terms for each program are described in the 310s individual files in /usr/share/doc/*/copyright. 310s 310s Ubuntu comes with ABSOLUTELY NO WARRANTY, to the extent permitted by 310s applicable law. 310s 310s Creating directory '/home/testuser1'. 310s testuser1@ldap:~$ id -un 310s testuser1 311s testuser1@ldap:~$ autopkgtest [07:25:16]: test ldap-user-group-ldap-auth: -----------------------] 311s autopkgtest [07:25:16]: test ldap-user-group-ldap-auth: - - - - - - - - - - results - - - - - - - - - - 311s ldap-user-group-ldap-auth PASS 312s autopkgtest [07:25:17]: test ldap-user-group-krb5-auth: preparing testbed 317s Reading package lists... 317s Building dependency tree... 317s Reading state information... 317s Starting pkgProblemResolver with broken count: 0 317s Starting 2 pkgProblemResolver with broken count: 0 317s Done 318s The following additional packages will be installed: 318s krb5-admin-server krb5-config krb5-kdc krb5-user libgssrpc4 318s libkadm5clnt-mit12 libkadm5srv-mit12 libkdb5-10 318s Suggested packages: 318s krb5-kdc-ldap krb5-kpropd krb5-k5tls krb5-doc 318s The following NEW packages will be installed: 318s autopkgtest-satdep krb5-admin-server krb5-config krb5-kdc krb5-user 318s libgssrpc4 libkadm5clnt-mit12 libkadm5srv-mit12 libkdb5-10 318s 0 upgraded, 9 newly installed, 0 to remove and 0 not upgraded. 318s Need to get 612 kB/613 kB of archives. 318s After this operation, 2067 kB of additional disk space will be used. 318s Get:1 /tmp/autopkgtest.TZnWTb/2-autopkgtest-satdep.deb autopkgtest-satdep s390x 0 [884 B] 318s Get:2 http://ftpmaster.internal/ubuntu noble/main s390x krb5-config all 2.7 [22.0 kB] 318s Get:3 http://ftpmaster.internal/ubuntu noble/main s390x libgssrpc4 s390x 1.20.1-5build1 [58.9 kB] 318s Get:4 http://ftpmaster.internal/ubuntu noble/main s390x libkadm5clnt-mit12 s390x 1.20.1-5build1 [40.5 kB] 318s Get:5 http://ftpmaster.internal/ubuntu noble/main s390x libkdb5-10 s390x 1.20.1-5build1 [41.4 kB] 318s Get:6 http://ftpmaster.internal/ubuntu noble/main s390x libkadm5srv-mit12 s390x 1.20.1-5build1 [55.2 kB] 318s Get:7 http://ftpmaster.internal/ubuntu noble/universe s390x krb5-user s390x 1.20.1-5build1 [110 kB] 318s Get:8 http://ftpmaster.internal/ubuntu noble/universe s390x krb5-kdc s390x 1.20.1-5build1 [188 kB] 318s Get:9 http://ftpmaster.internal/ubuntu noble/universe s390x krb5-admin-server s390x 1.20.1-5build1 [95.9 kB] 329s Preconfiguring packages ... 329s Fetched 612 kB in 1s (1019 kB/s) 329s Selecting previously unselected package krb5-config. 329s (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 53013 files and directories currently installed.) 329s Preparing to unpack .../0-krb5-config_2.7_all.deb ... 329s Unpacking krb5-config (2.7) ... 329s Selecting previously unselected package libgssrpc4:s390x. 329s Preparing to unpack .../1-libgssrpc4_1.20.1-5build1_s390x.deb ... 329s Unpacking libgssrpc4:s390x (1.20.1-5build1) ... 329s Selecting previously unselected package libkadm5clnt-mit12:s390x. 329s Preparing to unpack .../2-libkadm5clnt-mit12_1.20.1-5build1_s390x.deb ... 329s Unpacking libkadm5clnt-mit12:s390x (1.20.1-5build1) ... 329s Selecting previously unselected package libkdb5-10:s390x. 329s Preparing to unpack .../3-libkdb5-10_1.20.1-5build1_s390x.deb ... 329s Unpacking libkdb5-10:s390x (1.20.1-5build1) ... 329s Selecting previously unselected package libkadm5srv-mit12:s390x. 329s Preparing to unpack .../4-libkadm5srv-mit12_1.20.1-5build1_s390x.deb ... 329s Unpacking libkadm5srv-mit12:s390x (1.20.1-5build1) ... 329s Selecting previously unselected package krb5-user. 329s Preparing to unpack .../5-krb5-user_1.20.1-5build1_s390x.deb ... 329s Unpacking krb5-user (1.20.1-5build1) ... 329s Selecting previously unselected package krb5-kdc. 329s Preparing to unpack .../6-krb5-kdc_1.20.1-5build1_s390x.deb ... 329s Unpacking krb5-kdc (1.20.1-5build1) ... 329s Selecting previously unselected package krb5-admin-server. 329s Preparing to unpack .../7-krb5-admin-server_1.20.1-5build1_s390x.deb ... 329s Unpacking krb5-admin-server (1.20.1-5build1) ... 329s Selecting previously unselected package autopkgtest-satdep. 329s Preparing to unpack .../8-2-autopkgtest-satdep.deb ... 329s Unpacking autopkgtest-satdep (0) ... 329s Setting up libgssrpc4:s390x (1.20.1-5build1) ... 329s Setting up krb5-config (2.7) ... 329s Setting up libkadm5clnt-mit12:s390x (1.20.1-5build1) ... 329s Setting up libkdb5-10:s390x (1.20.1-5build1) ... 329s Setting up libkadm5srv-mit12:s390x (1.20.1-5build1) ... 329s Setting up krb5-user (1.20.1-5build1) ... 329s update-alternatives: using /usr/bin/kinit.mit to provide /usr/bin/kinit (kinit) in auto mode 329s update-alternatives: using /usr/bin/klist.mit to provide /usr/bin/klist (klist) in auto mode 329s update-alternatives: using /usr/bin/kswitch.mit to provide /usr/bin/kswitch (kswitch) in auto mode 329s update-alternatives: using /usr/bin/ksu.mit to provide /usr/bin/ksu (ksu) in auto mode 329s update-alternatives: using /usr/bin/kpasswd.mit to provide /usr/bin/kpasswd (kpasswd) in auto mode 329s update-alternatives: using /usr/bin/kdestroy.mit to provide /usr/bin/kdestroy (kdestroy) in auto mode 329s update-alternatives: using /usr/bin/kadmin.mit to provide /usr/bin/kadmin (kadmin) in auto mode 329s update-alternatives: using /usr/bin/ktutil.mit to provide /usr/bin/ktutil (ktutil) in auto mode 329s Setting up krb5-kdc (1.20.1-5build1) ... 329s Created symlink /etc/systemd/system/multi-user.target.wants/krb5-kdc.service → /usr/lib/systemd/system/krb5-kdc.service. 329s Could not execute systemctl: at /usr/bin/deb-systemd-invoke line 148. 329s Setting up krb5-admin-server (1.20.1-5build1) ... 329s Created symlink /etc/systemd/system/multi-user.target.wants/krb5-admin-server.service → /usr/lib/systemd/system/krb5-admin-server.service. 329s Setting up autopkgtest-satdep (0) ... 329s Processing triggers for man-db (2.12.0-3) ... 329s Processing triggers for libc-bin (2.39-0ubuntu6) ... 331s (Reading database ... 53106 files and directories currently installed.) 331s Removing autopkgtest-satdep (0) ... 332s autopkgtest [07:25:37]: test ldap-user-group-krb5-auth: [----------------------- 332s + . debian/tests/util 332s + . debian/tests/common-tests 332s + mydomain=example.com 332s + myhostname=ldap.example.com 332s + mysuffix=dc=example,dc=com 332s + myrealm=EXAMPLE.COM 332s + admin_dn=cn=admin,dc=example,dc=com 332s + admin_pw=secret 332s + ldap_user=testuser1 332s + ldap_user_pw=testuser1secret 332s + kerberos_principal_pw=testuser1kerberos 332s + ldap_group=ldapusers 332s + adjust_hostname ldap.example.com 332s + local myhostname=ldap.example.com 332s + echo ldap.example.com 332s + hostname ldap.example.com 332s + grep -qE ldap.example.com /etc/hosts 332s + reconfigure_slapd 332s + debconf-set-selections 332s + rm -rf /var/backups/slapd-2.6.7+dfsg-1~exp1ubuntu1 /var/backups/unknown-2.6.7+dfsg-1~exp1ubuntu1-20240324-072514.ldapdb 332s + dpkg-reconfigure -fnoninteractive -pcritical slapd 332s Backing up /etc/ldap/slapd.d in /var/backups/slapd-2.6.7+dfsg-1~exp1ubuntu1... done. 332s Moving old database directory to /var/backups: 332s - directory unknown... done. 332s Creating initial configuration... done. 332s Creating LDAP directory... done. 333s + generate_certs ldap.example.com 333s + local cn=ldap.example.com 333s + local cert=/etc/ldap/server.pem 333s + local key=/etc/ldap/server.key 333s + local cnf=/etc/ldap/openssl.cnf 333s + cat 333s + openssl req -new -x509 -nodes -out /etc/ldap/server.pem -keyout /etc/ldap/server.key -config /etc/ldap/openssl.cnf 333s .............++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 333s ...............................................++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 333s ----- 333s + chmod 0640 /etc/ldap/server.key 333s + chgrp openldap /etc/ldap/server.key 333s + [ ! -f /etc/ldap/server.pem ] 333s + [ ! -f /etc/ldap/server.key ] 333s + enable_ldap_ssl 333s + cat 333s + cat 333s + ldapmodify -H ldapi:/// -Y EXTERNAL -Q 333s + populate_ldap_rfc2307 333s + cat 333s + ldapadd -x -D cn=admin,dc=example,dc=com -w secret 333s modifying entry "cn=config" 333s 333s adding new entry "ou=People,dc=example,dc=com" 333s 333s adding new entry "ou=Group,dc=example,dc=com" 333s 333s adding new entry "uid=testuser1,ou=People,dc=example,dc=com" 333s 333s adding new entry "cn=testuser1,ou=Group,dc=example,dc=com" 333s 333s adding new entry "cn=ldapusers,ou=Group,dc=example,dc=com" 333s 333s + create_realm EXAMPLE.COM ldap.example.com 333s + local realm_name=EXAMPLE.COM 333s + local kerberos_server=ldap.example.com 333s + rm -rf /var/lib/krb5kdc/* 333s + rm -rf /etc/krb5kdc/kdc.conf 333s + rm -f /etc/krb5.keytab 333s + cat 333s + cat 333s + echo # */admin * 333s + kdb5_util create -s -P secretpassword 333s + systemctl restart krb5-kdc.service krb5-admin-server.service 333s Initializing database '/var/lib/krb5kdc/principal' for realm 'EXAMPLE.COM', 333s master key name 'K/M@EXAMPLE.COM' 333s + create_krb_principal testuser1 testuser1kerberos 333s + local principal=testuser1 333s + local password=testuser1kerberos 333s + kadmin.local -q addprinc -pw testuser1kerberos testuser1 333s No policy specified for testuser1@EXAMPLE.COM; defaulting to no policy 333s + configure_sssd_ldap_rfc2307_krb5_auth 333s + cat 333s + chmod 0600 /etc/sssd/sssd.confAuthenticating as principal root/admin@EXAMPLE.COM with password. 333s Principal "testuser1@EXAMPLE.COM" created. 333s 333s + systemctl restart sssd 333s + enable_pam_mkhomedir 333s + grep -qE ^session.*pam_mkhomedir\.so /etc/pam.d/common-session 333s + run_common_tests 333s + echo Assert local user databases do not have our LDAP test data 333s + Assert local user databases do not have our LDAP test data 333s check_local_user testuser1 333s + local local_user=testuser1 333s + grep -q ^testuser1 /etc/passwd 333s + check_local_group testuser1 333s + local local_group=testuser1 333s + grep -q ^testuser1 /etc/group 333s + check_local_group ldapusers 333s + local local_group=ldapusers 333s + grep -q ^ldapusers /etc/group 333s + echo The LDAP user is known to the system via getent 333s + The LDAP user is known to the system via getent 333s check_getent_user testuser1 333s + local getent_user=testuser1 334s + local output 334s + getent passwd testuser1 334s + output=testuser1:*:10001:10001:testuser1:/home/testuser1:/bin/bash 334s + [ -z testuser1:*:10001:10001:testuser1:/home/testuser1:/bin/bash ] 334s + echo The LDAP user's private group is known to the system via getent 334s + check_getent_group testuser1 334s + local getent_group=testuser1 334s + local output 334s + getent group testuser1 334s The LDAP user's private group is known to the system via getent 334s The LDAP group ldapusers is known to the system via getent 334s + output=testuser1:*:10001:testuser1 334s + [ -z testuser1:*:10001:testuser1 ] 334s + echo The LDAP group ldapusers is known to the system via getent 334s + check_getent_group ldapusers 334s + local getent_group=ldapusers 334s + local output 334s + getent group ldapusers 334s + output=ldapusers:*:10100:testuser1 334s + [ -z ldapusers:*:10100:testuser1 ] 334s + echo The id(1) command can resolve the group membership of the LDAP user 334s + id -Gn testuser1 334s The id(1) command can resolve the group membership of the LDAP user 334s + output=testuser1 ldapusers 334s + [ testuser1 ldapusers != testuser1 ldapusers ] 334s + echo The Kerberos principal can login on a terminal 334s The Kerberos principal can login on a terminal 334s + kdestroy 334s + /usr/bin/expect -f debian/tests/login.exp testuser1 testuser1kerberos testuser1@EXAMPLE.COM 334s spawn login 334s ldap.example.com login: testuser1 334s Password: 334s Welcome to Ubuntu Noble Numbat (development branch) (GNU/Linux 6.8.0-11-generic s390x) 334s 334s * Documentation: https://help.ubuntu.com 334s * Management: https://landscape.canonical.com 334s * Support: https://ubuntu.com/pro 334s 334s 334s The programs included with the Ubuntu system are free software; 334s the exact distribution terms for each program are described in the 334s individual files in /usr/share/doc/*/copyright. 334s 334s Ubuntu comes with ABSOLUTELY NO WARRANTY, to the extent permitted by 334s applicable law. 334s 334s Last login: Sun Mar 24 07:25:15 UTC 2024 on pts/0 334s testuser1@ldap:~$ id -un 334s testuser1 334s testuser1@ldap:~$ klist 334s Ticket cache: FILE:/tmp/krb5cc_10001_aXltXk 334s Default principal: testuser1@EXAMPLE.COM 334s autopkgtest [07:25:39]: test ldap-user-group-krb5-auth: -----------------------] 335s ldap-user-group-krb5-auth PASS 335s autopkgtest [07:25:40]: test ldap-user-group-krb5-auth: - - - - - - - - - - results - - - - - - - - - - 335s autopkgtest [07:25:40]: test sssd-softhism2-certificates-tests.sh: preparing testbed 437s autopkgtest [07:27:22]: testbed dpkg architecture: s390x 437s autopkgtest [07:27:22]: testbed apt version: 2.7.12 437s autopkgtest [07:27:22]: @@@@@@@@@@@@@@@@@@@@ test bed setup 438s Get:1 http://ftpmaster.internal/ubuntu noble-proposed InRelease [117 kB] 439s Get:2 http://ftpmaster.internal/ubuntu noble-proposed/universe Sources [4004 kB] 439s Get:3 http://ftpmaster.internal/ubuntu noble-proposed/restricted Sources [6540 B] 439s Get:4 http://ftpmaster.internal/ubuntu noble-proposed/main Sources [494 kB] 439s Get:5 http://ftpmaster.internal/ubuntu noble-proposed/multiverse Sources [56.9 kB] 439s Get:6 http://ftpmaster.internal/ubuntu noble-proposed/main s390x Packages [690 kB] 439s Get:7 http://ftpmaster.internal/ubuntu noble-proposed/main s390x c-n-f Metadata [3032 B] 439s Get:8 http://ftpmaster.internal/ubuntu noble-proposed/restricted s390x Packages [1372 B] 439s Get:9 http://ftpmaster.internal/ubuntu noble-proposed/restricted s390x c-n-f Metadata [116 B] 439s Get:10 http://ftpmaster.internal/ubuntu noble-proposed/universe s390x Packages [4161 kB] 439s Get:11 http://ftpmaster.internal/ubuntu noble-proposed/universe s390x c-n-f Metadata [7292 B] 439s Get:12 http://ftpmaster.internal/ubuntu noble-proposed/multiverse s390x Packages [46.8 kB] 439s Get:13 http://ftpmaster.internal/ubuntu noble-proposed/multiverse s390x c-n-f Metadata [116 B] 441s Fetched 9588 kB in 2s (4011 kB/s) 442s Reading package lists... 448s Reading package lists...Unknown architecture, assuming PC-style ttyS0 448s 448s Building dependency tree... 448s Reading state information... 448s Calculating upgrade... 448s The following packages will be REMOVED: 448s libssl3 448s The following NEW packages will be installed: 448s libssl3t64 448s The following packages have been kept back: 448s curl 448s The following packages will be upgraded: 448s openssl 448s 1 upgraded, 1 newly installed, 1 to remove and 1 not upgraded. 448s Need to get 2685 kB of archives. 448s After this operation, 239 kB of additional disk space will be used. 448s Get:1 http://ftpmaster.internal/ubuntu noble-proposed/main s390x openssl s390x 3.0.13-0ubuntu2 [1010 kB] 448s Get:2 http://ftpmaster.internal/ubuntu noble-proposed/main s390x libssl3t64 s390x 3.0.13-0ubuntu2 [1675 kB] 448s Fetched 2685 kB in 1s (4004 kB/s) 448s (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 52170 files and directories currently installed.) 448s Preparing to unpack .../openssl_3.0.13-0ubuntu2_s390x.deb ... 448s Unpacking openssl (3.0.13-0ubuntu2) over (3.0.10-1ubuntu4) ... 448s dpkg: libssl3:s390x: dependency problems, but removing anyway as you requested: 448s wget depends on libssl3 (>= 3.0.0). 448s tnftp depends on libssl3 (>= 3.0.0). 448s tcpdump depends on libssl3 (>= 3.0.0). 448s systemd-resolved depends on libssl3 (>= 3.0.0). 448s systemd depends on libssl3 (>= 3.0.0). 448s sudo depends on libssl3 (>= 3.0.0). 448s s390-tools depends on libssl3 (>= 3.0.0). 448s rsync depends on libssl3 (>= 3.0.0). 448s python3-cryptography depends on libssl3 (>= 3.0.0). 448s openssh-server depends on libssl3 (>= 3.0.10). 448s openssh-client depends on libssl3 (>= 3.0.10). 448s linux-headers-6.8.0-11-generic depends on libssl3 (>= 3.0.0). 448s libsystemd-shared:s390x depends on libssl3 (>= 3.0.0). 448s libssh-4:s390x depends on libssl3 (>= 3.0.0). 448s libsasl2-modules:s390x depends on libssl3 (>= 3.0.0). 448s libsasl2-2:s390x depends on libssl3 (>= 3.0.0). 448s libpython3.12-minimal:s390x depends on libssl3 (>= 3.0.0). 448s libpython3.11-minimal:s390x depends on libssl3 (>= 3.0.0). 448s libnvme1 depends on libssl3 (>= 3.0.0). 448s libkrb5-3:s390x depends on libssl3 (>= 3.0.0). 448s libkmod2:s390x depends on libssl3 (>= 3.0.0). 448s libfido2-1:s390x depends on libssl3 (>= 3.0.0). 448s libcurl4:s390x depends on libssl3 (>= 3.0.0). 448s libcryptsetup12:s390x depends on libssl3 (>= 3.0.0). 448s kmod depends on libssl3 (>= 3.0.0). 448s dhcpcd-base depends on libssl3 (>= 3.0.0). 448s bind9-libs:s390x depends on libssl3 (>= 3.0.0). 448s 448s (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 52170 files and directories currently installed.) 448s Removing libssl3:s390x (3.0.10-1ubuntu4) ... 448s Selecting previously unselected package libssl3t64:s390x. 448s (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 52159 files and directories currently installed.) 448s Preparing to unpack .../libssl3t64_3.0.13-0ubuntu2_s390x.deb ... 448s Unpacking libssl3t64:s390x (3.0.13-0ubuntu2) ... 448s Setting up libssl3t64:s390x (3.0.13-0ubuntu2) ... 448s Setting up openssl (3.0.13-0ubuntu2) ... 448s Processing triggers for man-db (2.12.0-3) ... 448s Processing triggers for libc-bin (2.39-0ubuntu6) ... 448s Reading package lists... 448s Building dependency tree... 448s Reading state information... 448s 0 upgraded, 0 newly installed, 0 to remove and 1 not upgraded. 448s Reading package lists... 448s Building dependency tree...sh: Attempting to set up Debian/Ubuntu apt sources automatically 448s sh: Distribution appears to be Ubuntu 448s 448s Reading state information... 448s eatmydata is already the newest version (131-1). 448s 0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded. 448s Reading package lists... 448s Building dependency tree... 448s Reading state information... 448s dbus is already the newest version (1.14.10-4ubuntu1). 448s 0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded. 449s Reading package lists... 449s Building dependency tree... 449s Reading state information... 449s rng-tools-debian is already the newest version (2.4). 449s 0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded. 449s Reading package lists... 449s Building dependency tree... 449s Reading state information... 449s The following packages will be REMOVED: 449s cloud-init* python3-configobj* python3-debconf* 449s 0 upgraded, 0 newly installed, 3 to remove and 0 not upgraded. 449s After this operation, 3256 kB disk space will be freed. 449s (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 52172 files and directories currently installed.) 449s Removing cloud-init (24.1.2-0ubuntu1) ... 450s Removing python3-configobj (5.0.8-3) ... 450s Removing python3-debconf (1.5.86) ... 450s Processing triggers for man-db (2.12.0-3) ... 450s (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 51783 files and directories currently installed.) 450s Purging configuration files for cloud-init (24.1.2-0ubuntu1) ... 451s dpkg: warning: while removing cloud-init, directory '/etc/cloud/cloud.cfg.d' not empty so not removed 451s Processing triggers for rsyslog (8.2312.0-3ubuntu3) ... 451s invoke-rc.d: policy-rc.d denied execution of try-restart. 451s Reading package lists... 451s Building dependency tree... 451s Reading state information... 451s linux-generic is already the newest version (6.8.0-11.11+1). 451s 0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded. 452s Hit:1 http://ftpmaster.internal/ubuntu noble InRelease 452s Hit:2 http://ftpmaster.internal/ubuntu noble-updates InRelease 452s Hit:3 http://ftpmaster.internal/ubuntu noble-security InRelease 454s Reading package lists... 454s Reading package lists... 454s Building dependency tree... 454s Reading state information... 454s Calculating upgrade... 454s 0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded. 454s Reading package lists... 454s Building dependency tree... 454s Reading state information... 454s 0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded. 455s autopkgtest [07:27:40]: rebooting testbed after setup commands that affected boot 484s Reading package lists... 484s Building dependency tree... 484s Reading state information... 484s Starting pkgProblemResolver with broken count: 0 484s Starting 2 pkgProblemResolver with broken count: 0 484s Done 484s The following additional packages will be installed: 484s gnutls-bin libavahi-client3 libavahi-common-data libavahi-common3 484s libbasicobjects0 libc-ares2 libcollection4 libcrack2 libdhash1 484s libevent-2.1-7 libgnutls-dane0 libini-config5 libipa-hbac0 libldb2 484s libnfsidmap1 libnss-sss libpam-pwquality libpam-sss libpath-utils1 484s libpwquality-common libpwquality1 libref-array1 libsmbclient libsofthsm2 484s libsss-certmap0 libsss-idmap0 libsss-nss-idmap0 libtalloc2 libtdb1 484s libtevent0 libunbound8 libwbclient0 python3-sss samba-libs softhsm2 484s softhsm2-common sssd sssd-ad sssd-ad-common sssd-common sssd-ipa sssd-krb5 484s sssd-krb5-common sssd-ldap sssd-proxy 484s Suggested packages: 484s dns-root-data adcli libsss-sudo sssd-tools libsasl2-modules-ldap 484s Recommended packages: 484s cracklib-runtime libsasl2-modules-gssapi-mit 484s | libsasl2-modules-gssapi-heimdal ldap-utils 484s The following NEW packages will be installed: 484s autopkgtest-satdep gnutls-bin libavahi-client3 libavahi-common-data 484s libavahi-common3 libbasicobjects0 libc-ares2 libcollection4 libcrack2 484s libdhash1 libevent-2.1-7 libgnutls-dane0 libini-config5 libipa-hbac0 libldb2 484s libnfsidmap1 libnss-sss libpam-pwquality libpam-sss libpath-utils1 484s libpwquality-common libpwquality1 libref-array1 libsmbclient libsofthsm2 484s libsss-certmap0 libsss-idmap0 libsss-nss-idmap0 libtalloc2 libtdb1 484s libtevent0 libunbound8 libwbclient0 python3-sss samba-libs softhsm2 484s softhsm2-common sssd sssd-ad sssd-ad-common sssd-common sssd-ipa sssd-krb5 484s sssd-krb5-common sssd-ldap sssd-proxy 484s 0 upgraded, 46 newly installed, 0 to remove and 0 not upgraded. 484s Need to get 10.4 MB/10.4 MB of archives. 484s After this operation, 40.5 MB of additional disk space will be used. 484s Get:1 /tmp/autopkgtest.TZnWTb/3-autopkgtest-satdep.deb autopkgtest-satdep s390x 0 [744 B] 484s Get:2 http://ftpmaster.internal/ubuntu noble/main s390x libevent-2.1-7 s390x 2.1.12-stable-9 [144 kB] 484s Get:3 http://ftpmaster.internal/ubuntu noble/main s390x libunbound8 s390x 1.19.1-1ubuntu1 [453 kB] 484s Get:4 http://ftpmaster.internal/ubuntu noble/main s390x libgnutls-dane0 s390x 3.8.3-1ubuntu1 [23.6 kB] 484s Get:5 http://ftpmaster.internal/ubuntu noble/universe s390x gnutls-bin s390x 3.8.3-1ubuntu1 [284 kB] 484s Get:6 http://ftpmaster.internal/ubuntu noble/main s390x libavahi-common-data s390x 0.8-13ubuntu2 [29.5 kB] 484s Get:7 http://ftpmaster.internal/ubuntu noble/main s390x libavahi-common3 s390x 0.8-13ubuntu2 [23.8 kB] 484s Get:8 http://ftpmaster.internal/ubuntu noble/main s390x libavahi-client3 s390x 0.8-13ubuntu2 [26.7 kB] 484s Get:9 http://ftpmaster.internal/ubuntu noble/main s390x libcrack2 s390x 2.9.6-5.1 [29.6 kB] 484s Get:10 http://ftpmaster.internal/ubuntu noble/main s390x libtalloc2 s390x 2.4.2-1 [28.3 kB] 484s Get:11 http://ftpmaster.internal/ubuntu noble/main s390x libtdb1 s390x 1.4.10-1 [49.9 kB] 484s Get:12 http://ftpmaster.internal/ubuntu noble/main s390x libtevent0 s390x 0.16.1-1 [43.1 kB] 484s Get:13 http://ftpmaster.internal/ubuntu noble/main s390x libldb2 s390x 2:2.8.0+samba4.19.5+dfsg-1ubuntu1 [191 kB] 484s Get:14 http://ftpmaster.internal/ubuntu noble/main s390x libnfsidmap1 s390x 1:2.6.3-3ubuntu1 [49.0 kB] 484s Get:15 http://ftpmaster.internal/ubuntu noble/main s390x libpwquality-common all 1.4.5-3 [7658 B] 484s Get:16 http://ftpmaster.internal/ubuntu noble/main s390x libpwquality1 s390x 1.4.5-3 [14.7 kB] 484s Get:17 http://ftpmaster.internal/ubuntu noble/main s390x libpam-pwquality s390x 1.4.5-3 [11.6 kB] 484s Get:18 http://ftpmaster.internal/ubuntu noble/main s390x libwbclient0 s390x 2:4.19.5+dfsg-1ubuntu1 [70.3 kB] 484s Get:19 http://ftpmaster.internal/ubuntu noble/main s390x samba-libs s390x 2:4.19.5+dfsg-1ubuntu1 [6231 kB] 485s Get:20 http://ftpmaster.internal/ubuntu noble/universe s390x softhsm2-common s390x 2.6.1-2.2 [5808 B] 485s Get:21 http://ftpmaster.internal/ubuntu noble/universe s390x libsofthsm2 s390x 2.6.1-2.2 [265 kB] 485s Get:22 http://ftpmaster.internal/ubuntu noble/universe s390x softhsm2 s390x 2.6.1-2.2 [174 kB] 485s Get:23 http://ftpmaster.internal/ubuntu noble/main s390x python3-sss s390x 2.9.4-1ubuntu1 [46.6 kB] 485s Get:24 http://ftpmaster.internal/ubuntu noble/main s390x libsss-idmap0 s390x 2.9.4-1ubuntu1 [22.1 kB] 485s Get:25 http://ftpmaster.internal/ubuntu noble/main s390x libnss-sss s390x 2.9.4-1ubuntu1 [32.6 kB] 485s Get:26 http://ftpmaster.internal/ubuntu noble/main s390x libpam-sss s390x 2.9.4-1ubuntu1 [51.9 kB] 485s Get:27 http://ftpmaster.internal/ubuntu noble/main s390x libc-ares2 s390x 1.27.0-1 [79.2 kB] 485s Get:28 http://ftpmaster.internal/ubuntu noble/main s390x libdhash1 s390x 0.6.2-2 [8648 B] 485s Get:29 http://ftpmaster.internal/ubuntu noble/main s390x libbasicobjects0 s390x 0.6.2-2 [5476 B] 485s Get:30 http://ftpmaster.internal/ubuntu noble/main s390x libcollection4 s390x 0.6.2-2 [23.2 kB] 485s Get:31 http://ftpmaster.internal/ubuntu noble/main s390x libpath-utils1 s390x 0.6.2-2 [8994 B] 485s Get:32 http://ftpmaster.internal/ubuntu noble/main s390x libref-array1 s390x 0.6.2-2 [6880 B] 485s Get:33 http://ftpmaster.internal/ubuntu noble/main s390x libini-config5 s390x 0.6.2-2 [45.3 kB] 485s Get:34 http://ftpmaster.internal/ubuntu noble/main s390x libsss-certmap0 s390x 2.9.4-1ubuntu1 [46.7 kB] 485s Get:35 http://ftpmaster.internal/ubuntu noble/main s390x libsss-nss-idmap0 s390x 2.9.4-1ubuntu1 [31.4 kB] 485s Get:36 http://ftpmaster.internal/ubuntu noble/main s390x sssd-common s390x 2.9.4-1ubuntu1 [1125 kB] 485s Get:37 http://ftpmaster.internal/ubuntu noble/main s390x sssd-ad-common s390x 2.9.4-1ubuntu1 [74.8 kB] 485s Get:38 http://ftpmaster.internal/ubuntu noble/main s390x sssd-krb5-common s390x 2.9.4-1ubuntu1 [90.3 kB] 485s Get:39 http://ftpmaster.internal/ubuntu noble/main s390x libsmbclient s390x 2:4.19.5+dfsg-1ubuntu1 [65.1 kB] 485s Get:40 http://ftpmaster.internal/ubuntu noble/main s390x sssd-ad s390x 2.9.4-1ubuntu1 [133 kB] 485s Get:41 http://ftpmaster.internal/ubuntu noble/main s390x libipa-hbac0 s390x 2.9.4-1ubuntu1 [16.8 kB] 485s Get:42 http://ftpmaster.internal/ubuntu noble/main s390x sssd-ipa s390x 2.9.4-1ubuntu1 [215 kB] 485s Get:43 http://ftpmaster.internal/ubuntu noble/main s390x sssd-krb5 s390x 2.9.4-1ubuntu1 [14.4 kB] 485s Get:44 http://ftpmaster.internal/ubuntu noble/main s390x sssd-ldap s390x 2.9.4-1ubuntu1 [31.0 kB] 485s Get:45 http://ftpmaster.internal/ubuntu noble/main s390x sssd-proxy s390x 2.9.4-1ubuntu1 [43.9 kB] 485s Get:46 http://ftpmaster.internal/ubuntu noble/main s390x sssd s390x 2.9.4-1ubuntu1 [4120 B] 485s Fetched 10.4 MB in 1s (8092 kB/s) 485s Selecting previously unselected package libevent-2.1-7:s390x. 485s (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 51728 files and directories currently installed.) 485s Preparing to unpack .../00-libevent-2.1-7_2.1.12-stable-9_s390x.deb ... 485s Unpacking libevent-2.1-7:s390x (2.1.12-stable-9) ... 485s Selecting previously unselected package libunbound8:s390x. 485s Preparing to unpack .../01-libunbound8_1.19.1-1ubuntu1_s390x.deb ... 485s Unpacking libunbound8:s390x (1.19.1-1ubuntu1) ... 485s Selecting previously unselected package libgnutls-dane0:s390x. 485s Preparing to unpack .../02-libgnutls-dane0_3.8.3-1ubuntu1_s390x.deb ... 485s Unpacking libgnutls-dane0:s390x (3.8.3-1ubuntu1) ... 485s Selecting previously unselected package gnutls-bin. 485s Preparing to unpack .../03-gnutls-bin_3.8.3-1ubuntu1_s390x.deb ... 485s Unpacking gnutls-bin (3.8.3-1ubuntu1) ... 485s Selecting previously unselected package libavahi-common-data:s390x. 485s Preparing to unpack .../04-libavahi-common-data_0.8-13ubuntu2_s390x.deb ... 485s Unpacking libavahi-common-data:s390x (0.8-13ubuntu2) ... 485s Selecting previously unselected package libavahi-common3:s390x. 485s Preparing to unpack .../05-libavahi-common3_0.8-13ubuntu2_s390x.deb ... 485s Unpacking libavahi-common3:s390x (0.8-13ubuntu2) ... 485s Selecting previously unselected package libavahi-client3:s390x. 485s Preparing to unpack .../06-libavahi-client3_0.8-13ubuntu2_s390x.deb ... 485s Unpacking libavahi-client3:s390x (0.8-13ubuntu2) ... 485s Selecting previously unselected package libcrack2:s390x. 485s Preparing to unpack .../07-libcrack2_2.9.6-5.1_s390x.deb ... 485s Unpacking libcrack2:s390x (2.9.6-5.1) ... 485s Selecting previously unselected package libtalloc2:s390x. 485s Preparing to unpack .../08-libtalloc2_2.4.2-1_s390x.deb ... 485s Unpacking libtalloc2:s390x (2.4.2-1) ... 485s Selecting previously unselected package libtdb1:s390x. 485s Preparing to unpack .../09-libtdb1_1.4.10-1_s390x.deb ... 485s Unpacking libtdb1:s390x (1.4.10-1) ... 485s Selecting previously unselected package libtevent0:s390x. 485s Preparing to unpack .../10-libtevent0_0.16.1-1_s390x.deb ... 485s Unpacking libtevent0:s390x (0.16.1-1) ... 485s Selecting previously unselected package libldb2:s390x. 485s Preparing to unpack .../11-libldb2_2%3a2.8.0+samba4.19.5+dfsg-1ubuntu1_s390x.deb ... 485s Unpacking libldb2:s390x (2:2.8.0+samba4.19.5+dfsg-1ubuntu1) ... 485s Selecting previously unselected package libnfsidmap1:s390x. 485s Preparing to unpack .../12-libnfsidmap1_1%3a2.6.3-3ubuntu1_s390x.deb ... 485s Unpacking libnfsidmap1:s390x (1:2.6.3-3ubuntu1) ... 485s Selecting previously unselected package libpwquality-common. 485s Preparing to unpack .../13-libpwquality-common_1.4.5-3_all.deb ... 485s Unpacking libpwquality-common (1.4.5-3) ... 485s Selecting previously unselected package libpwquality1:s390x. 485s Preparing to unpack .../14-libpwquality1_1.4.5-3_s390x.deb ... 485s Unpacking libpwquality1:s390x (1.4.5-3) ... 486s Selecting previously unselected package libpam-pwquality:s390x. 486s Preparing to unpack .../15-libpam-pwquality_1.4.5-3_s390x.deb ... 486s Unpacking libpam-pwquality:s390x (1.4.5-3) ... 486s Selecting previously unselected package libwbclient0:s390x. 486s Preparing to unpack .../16-libwbclient0_2%3a4.19.5+dfsg-1ubuntu1_s390x.deb ... 486s Unpacking libwbclient0:s390x (2:4.19.5+dfsg-1ubuntu1) ... 486s Selecting previously unselected package samba-libs:s390x. 486s Preparing to unpack .../17-samba-libs_2%3a4.19.5+dfsg-1ubuntu1_s390x.deb ... 486s Unpacking samba-libs:s390x (2:4.19.5+dfsg-1ubuntu1) ... 486s Selecting previously unselected package softhsm2-common. 486s Preparing to unpack .../18-softhsm2-common_2.6.1-2.2_s390x.deb ... 486s Unpacking softhsm2-common (2.6.1-2.2) ... 486s Selecting previously unselected package libsofthsm2. 486s Preparing to unpack .../19-libsofthsm2_2.6.1-2.2_s390x.deb ... 486s Unpacking libsofthsm2 (2.6.1-2.2) ... 486s Selecting previously unselected package softhsm2. 486s Preparing to unpack .../20-softhsm2_2.6.1-2.2_s390x.deb ... 486s Unpacking softhsm2 (2.6.1-2.2) ... 486s Selecting previously unselected package python3-sss. 486s Preparing to unpack .../21-python3-sss_2.9.4-1ubuntu1_s390x.deb ... 486s Unpacking python3-sss (2.9.4-1ubuntu1) ... 486s Selecting previously unselected package libsss-idmap0. 486s Preparing to unpack .../22-libsss-idmap0_2.9.4-1ubuntu1_s390x.deb ... 486s Unpacking libsss-idmap0 (2.9.4-1ubuntu1) ... 486s Selecting previously unselected package libnss-sss:s390x. 486s Preparing to unpack .../23-libnss-sss_2.9.4-1ubuntu1_s390x.deb ... 486s Unpacking libnss-sss:s390x (2.9.4-1ubuntu1) ... 486s Selecting previously unselected package libpam-sss:s390x. 486s Preparing to unpack .../24-libpam-sss_2.9.4-1ubuntu1_s390x.deb ... 486s Unpacking libpam-sss:s390x (2.9.4-1ubuntu1) ... 486s Selecting previously unselected package libc-ares2:s390x. 486s Preparing to unpack .../25-libc-ares2_1.27.0-1_s390x.deb ... 486s Unpacking libc-ares2:s390x (1.27.0-1) ... 486s Selecting previously unselected package libdhash1:s390x. 486s Preparing to unpack .../26-libdhash1_0.6.2-2_s390x.deb ... 486s Unpacking libdhash1:s390x (0.6.2-2) ... 486s Selecting previously unselected package libbasicobjects0:s390x. 486s Preparing to unpack .../27-libbasicobjects0_0.6.2-2_s390x.deb ... 486s Unpacking libbasicobjects0:s390x (0.6.2-2) ... 486s Selecting previously unselected package libcollection4:s390x. 486s Preparing to unpack .../28-libcollection4_0.6.2-2_s390x.deb ... 486s Unpacking libcollection4:s390x (0.6.2-2) ... 486s Selecting previously unselected package libpath-utils1:s390x. 486s Preparing to unpack .../29-libpath-utils1_0.6.2-2_s390x.deb ... 486s Unpacking libpath-utils1:s390x (0.6.2-2) ... 486s Selecting previously unselected package libref-array1:s390x. 486s Preparing to unpack .../30-libref-array1_0.6.2-2_s390x.deb ... 486s Unpacking libref-array1:s390x (0.6.2-2) ... 486s Selecting previously unselected package libini-config5:s390x. 486s Preparing to unpack .../31-libini-config5_0.6.2-2_s390x.deb ... 486s Unpacking libini-config5:s390x (0.6.2-2) ... 486s Selecting previously unselected package libsss-certmap0. 486s Preparing to unpack .../32-libsss-certmap0_2.9.4-1ubuntu1_s390x.deb ... 486s Unpacking libsss-certmap0 (2.9.4-1ubuntu1) ... 486s Selecting previously unselected package libsss-nss-idmap0. 486s Preparing to unpack .../33-libsss-nss-idmap0_2.9.4-1ubuntu1_s390x.deb ... 486s Unpacking libsss-nss-idmap0 (2.9.4-1ubuntu1) ... 486s Selecting previously unselected package sssd-common. 486s Preparing to unpack .../34-sssd-common_2.9.4-1ubuntu1_s390x.deb ... 486s Unpacking sssd-common (2.9.4-1ubuntu1) ... 486s Selecting previously unselected package sssd-ad-common. 486s Preparing to unpack .../35-sssd-ad-common_2.9.4-1ubuntu1_s390x.deb ... 486s Unpacking sssd-ad-common (2.9.4-1ubuntu1) ... 486s Selecting previously unselected package sssd-krb5-common. 486s Preparing to unpack .../36-sssd-krb5-common_2.9.4-1ubuntu1_s390x.deb ... 486s Unpacking sssd-krb5-common (2.9.4-1ubuntu1) ... 486s Selecting previously unselected package libsmbclient:s390x. 486s Preparing to unpack .../37-libsmbclient_2%3a4.19.5+dfsg-1ubuntu1_s390x.deb ... 486s Unpacking libsmbclient:s390x (2:4.19.5+dfsg-1ubuntu1) ... 486s Selecting previously unselected package sssd-ad. 486s Preparing to unpack .../38-sssd-ad_2.9.4-1ubuntu1_s390x.deb ... 486s Unpacking sssd-ad (2.9.4-1ubuntu1) ... 486s Selecting previously unselected package libipa-hbac0. 486s Preparing to unpack .../39-libipa-hbac0_2.9.4-1ubuntu1_s390x.deb ... 486s Unpacking libipa-hbac0 (2.9.4-1ubuntu1) ... 486s Selecting previously unselected package sssd-ipa. 486s Preparing to unpack .../40-sssd-ipa_2.9.4-1ubuntu1_s390x.deb ... 486s Unpacking sssd-ipa (2.9.4-1ubuntu1) ... 486s Selecting previously unselected package sssd-krb5. 486s Preparing to unpack .../41-sssd-krb5_2.9.4-1ubuntu1_s390x.deb ... 486s Unpacking sssd-krb5 (2.9.4-1ubuntu1) ... 486s Selecting previously unselected package sssd-ldap. 486s Preparing to unpack .../42-sssd-ldap_2.9.4-1ubuntu1_s390x.deb ... 486s Unpacking sssd-ldap (2.9.4-1ubuntu1) ... 486s Selecting previously unselected package sssd-proxy. 486s Preparing to unpack .../43-sssd-proxy_2.9.4-1ubuntu1_s390x.deb ... 486s Unpacking sssd-proxy (2.9.4-1ubuntu1) ... 486s Selecting previously unselected package sssd. 486s Preparing to unpack .../44-sssd_2.9.4-1ubuntu1_s390x.deb ... 486s Unpacking sssd (2.9.4-1ubuntu1) ... 486s Selecting previously unselected package autopkgtest-satdep. 486s Preparing to unpack .../45-3-autopkgtest-satdep.deb ... 486s Unpacking autopkgtest-satdep (0) ... 486s Setting up libpwquality-common (1.4.5-3) ... 486s Setting up libpath-utils1:s390x (0.6.2-2) ... 486s Setting up softhsm2-common (2.6.1-2.2) ... 486s 486s Creating config file /etc/softhsm/softhsm2.conf with new version 486s Setting up libnfsidmap1:s390x (1:2.6.3-3ubuntu1) ... 486s Setting up libsss-idmap0 (2.9.4-1ubuntu1) ... 486s Setting up libbasicobjects0:s390x (0.6.2-2) ... 486s Setting up libtdb1:s390x (1.4.10-1) ... 486s Setting up libc-ares2:s390x (1.27.0-1) ... 486s Setting up libwbclient0:s390x (2:4.19.5+dfsg-1ubuntu1) ... 486s Setting up libtalloc2:s390x (2.4.2-1) ... 486s Setting up libdhash1:s390x (0.6.2-2) ... 486s Setting up libtevent0:s390x (0.16.1-1) ... 486s Setting up libavahi-common-data:s390x (0.8-13ubuntu2) ... 486s Setting up libevent-2.1-7:s390x (2.1.12-stable-9) ... 486s Setting up libcrack2:s390x (2.9.6-5.1) ... 486s Setting up libcollection4:s390x (0.6.2-2) ... 486s Setting up libipa-hbac0 (2.9.4-1ubuntu1) ... 486s Setting up libref-array1:s390x (0.6.2-2) ... 486s Setting up libldb2:s390x (2:2.8.0+samba4.19.5+dfsg-1ubuntu1) ... 486s Setting up libsss-nss-idmap0 (2.9.4-1ubuntu1) ... 486s Setting up libnss-sss:s390x (2.9.4-1ubuntu1) ... 486s Setting up libsofthsm2 (2.6.1-2.2) ... 486s Setting up softhsm2 (2.6.1-2.2) ... 486s Setting up libini-config5:s390x (0.6.2-2) ... 486s Setting up libavahi-common3:s390x (0.8-13ubuntu2) ... 486s Setting up python3-sss (2.9.4-1ubuntu1) ... 487s Setting up libsss-certmap0 (2.9.4-1ubuntu1) ... 487s Setting up libunbound8:s390x (1.19.1-1ubuntu1) ... 487s Setting up libpwquality1:s390x (1.4.5-3) ... 487s Setting up libavahi-client3:s390x (0.8-13ubuntu2) ... 487s Setting up libgnutls-dane0:s390x (3.8.3-1ubuntu1) ... 487s Setting up libpam-pwquality:s390x (1.4.5-3) ... 487s Setting up samba-libs:s390x (2:4.19.5+dfsg-1ubuntu1) ... 487s Setting up libsmbclient:s390x (2:4.19.5+dfsg-1ubuntu1) ... 487s Setting up libpam-sss:s390x (2.9.4-1ubuntu1) ... 487s Setting up gnutls-bin (3.8.3-1ubuntu1) ... 487s Setting up sssd-common (2.9.4-1ubuntu1) ... 487s Creating SSSD system user & group... 487s warn: The home directory `/var/lib/sss' already exists. Not touching this directory. 487s warn: Warning: The home directory `/var/lib/sss' does not belong to the user you are currently creating. 487s Warning: found usr.sbin.sssd in /etc/apparmor.d/force-complain, forcing complain mode 487s Warning from /etc/apparmor.d/usr.sbin.sssd (/etc/apparmor.d/usr.sbin.sssd line 63): Caching disabled for: 'usr.sbin.sssd' due to force complain 487s Created symlink /etc/systemd/system/sssd.service.wants/sssd-autofs.socket → /usr/lib/systemd/system/sssd-autofs.socket. 488s Created symlink /etc/systemd/system/sssd.service.wants/sssd-nss.socket → /usr/lib/systemd/system/sssd-nss.socket. 488s Created symlink /etc/systemd/system/sssd.service.wants/sssd-pam-priv.socket → /usr/lib/systemd/system/sssd-pam-priv.socket. 488s Created symlink /etc/systemd/system/sssd.service.wants/sssd-pam.socket → /usr/lib/systemd/system/sssd-pam.socket. 488s Created symlink /etc/systemd/system/sssd.service.wants/sssd-ssh.socket → /usr/lib/systemd/system/sssd-ssh.socket. 488s Created symlink /etc/systemd/system/sssd.service.wants/sssd-sudo.socket → /usr/lib/systemd/system/sssd-sudo.socket. 489s Created symlink /etc/systemd/system/multi-user.target.wants/sssd.service → /usr/lib/systemd/system/sssd.service. 489s sssd-autofs.service is a disabled or a static unit, not starting it. 489s sssd-nss.service is a disabled or a static unit, not starting it. 489s sssd-pam.service is a disabled or a static unit, not starting it. 489s sssd-ssh.service is a disabled or a static unit, not starting it. 489s sssd-sudo.service is a disabled or a static unit, not starting it. 489s Could not execute systemctl: at /usr/bin/deb-systemd-invoke line 148. 489s Setting up sssd-proxy (2.9.4-1ubuntu1) ... 489s Setting up sssd-ad-common (2.9.4-1ubuntu1) ... 489s Created symlink /etc/systemd/system/sssd.service.wants/sssd-pac.socket → /usr/lib/systemd/system/sssd-pac.socket. 490s sssd-pac.service is a disabled or a static unit, not starting it. 490s Could not execute systemctl: at /usr/bin/deb-systemd-invoke line 148. 490s Setting up sssd-krb5-common (2.9.4-1ubuntu1) ... 490s Setting up sssd-krb5 (2.9.4-1ubuntu1) ... 490s Setting up sssd-ldap (2.9.4-1ubuntu1) ... 490s Setting up sssd-ad (2.9.4-1ubuntu1) ... 490s Setting up sssd-ipa (2.9.4-1ubuntu1) ... 490s Setting up sssd (2.9.4-1ubuntu1) ... 490s Setting up autopkgtest-satdep (0) ... 490s Processing triggers for man-db (2.12.0-3) ... 490s Processing triggers for libc-bin (2.39-0ubuntu6) ... 493s (Reading database ... 52316 files and directories currently installed.) 493s Removing autopkgtest-satdep (0) ... 503s autopkgtest [07:28:28]: test sssd-softhism2-certificates-tests.sh: [----------------------- 504s + '[' -z ubuntu ']' 504s + required_tools=(p11tool openssl softhsm2-util) 504s + for cmd in "${required_tools[@]}" 504s + command -v p11tool 504s + for cmd in "${required_tools[@]}" 504s + command -v openssl 504s + for cmd in "${required_tools[@]}" 504s + command -v softhsm2-util 504s + PIN=053350 504s +++ find /usr/lib/softhsm/libsofthsm2.so 504s +++ head -n 1 504s ++ realpath /usr/lib/softhsm/libsofthsm2.so 504s + SOFTHSM2_MODULE=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so 504s + SSSD_P11_CHILD=/usr/libexec/sssd/p11_child 504s + TOKEN_ID=00112233445566778899FFAABBCCDDEEFF012345 504s + '[' '!' -v NO_SSSD_TESTS ']' 504s + '[' '!' -x /usr/libexec/sssd/p11_child ']' 504s + ca_db_arg=ca_db 504s ++ /usr/libexec/sssd/p11_child --help 504s + p11_child_help='Usage: p11_child [OPTION...] 504s -d, --debug-level=INT Debug level 504s --debug-timestamps=INT Add debug timestamps 504s --debug-microseconds=INT Show timestamps with microseconds 504s --dumpable=INT Allow core dumps 504s --debug-fd=INT An open file descriptor for the debug 504s logs 504s --logger=stderr|files|journald Set logger 504s --auth Run in auth mode 504s --pre Run in pre-auth mode 504s --wait_for_card Wait until card is available 504s --verification Run in verification mode 504s --pin Expect PIN on stdin 504s --keypad Expect PIN on keypad 504s --verify=STRING Tune validation 504s --ca_db=STRING CA DB to use 504s --module_name=STRING Module name for authentication 504s --token_name=STRING Token name for authentication 504s --key_id=STRING Key ID for authentication 504s --label=STRING Label for authentication 504s --certificate=STRING certificate to verify, base64 encoded 504s --uri=STRING PKCS#11 URI to restrict selection 504s --chain-id=LONG Tevent chain ID used for logging 504s purposes 504s 504s Help options: 504s -?, --help Show this help message 504s --usage Display brief usage message' 504s + echo 'Usage: p11_child [OPTION...] 504s -d, --debug-level=INT Debug level 504s + grep nssdb -qs 504s --debug-timestamps=INT Add debug timestamps 504s --debug-microseconds=INT Show timestamps with microseconds 504s --dumpable=INT Allow core dumps 504s --debug-fd=INT An open file descriptor for the debug 504s logs 504s --logger=stderr|files|journald Set logger 504s --auth Run in auth mode 504s --pre Run in pre-auth mode 504s --wait_for_card Wait until card is available 504s --verification Run in verification mode 504s --pin Expect PIN on stdin 504s --keypad Expect PIN on keypad 504s --verify=STRING Tune validation 504s --ca_db=STRING CA DB to use 504s --module_name=STRING Module name for authentication 504s --token_name=STRING Token name for authentication 504s --key_id=STRING Key ID for authentication 504s --label=STRING Label for authentication 504s --certificate=STRING certificate to verify, base64 encoded 504s --uri=STRING PKCS#11 URI to restrict selection 504s --chain-id=LONG Tevent chain ID used for logging 504s purposes 504s 504s Help options: 504s -?, --help Show this help message 504s --usage Display brief usage message' 504s + echo 'Usage: p11_child [OPTION...] 504s -d, --debug-level=INT Debug level 504s --debug-timestamps=INT Add debug timestamps 504s --debug-microseconds=INT Show timestamps with microseconds 504s --dumpable=INT Allow core dumps 504s --debug-fd=INT An open file descriptor for the debug 504s logs 504s --logger=stderr|files|journald Set logger 504s --auth Run in auth mode 504s --pre Run in pre-auth mode 504s --wait_for_card Wait until card is available 504s --verification Run in verification mode 504s --pin Expect PIN on stdin 504s --keypad Expect PIN on keypad 504s --verify=STRING Tune validation 504s --ca_db=STRING CA DB to use 504s --module_name=STRING Module name for authentication 504s --token_name=STRING Token name for authentication 504s --key_id=STRING Key ID for authentication 504s --label=STRING Label for authentication 504s --certificate=STRING certificate to verify, base64 encoded 504s --uri=STRING PKCS#11 URI to restrict selection 504s --chain-id=LONG Tevent chain ID used for logging 504s purposes 504s 504s Help options: 504s -?, --help Show this help message 504s --usage Display brief usage message' 504s + grep -qs -- --ca_db 504s + '[' '!' -e /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so ']' 504s ++ mktemp -d -t sssd-softhsm2-XXXXXX 504s + tmpdir=/tmp/sssd-softhsm2-vlpXTn 504s + keys_size=1024 504s + [[ ! -v KEEP_TEMPORARY_FILES ]] 504s + trap 'rm -rf "$tmpdir"' EXIT 504s + trap 'set +x; echo -e "\nUnexpected failure!!!"' ERR 504s + echo -n 01 504s + touch /tmp/sssd-softhsm2-vlpXTn/index.txt 504s + mkdir -p /tmp/sssd-softhsm2-vlpXTn/new_certs 504s + cat 504s + root_ca_key_pass=pass:random-root-CA-password-155 504s + openssl genrsa -aes256 -out /tmp/sssd-softhsm2-vlpXTn/test-root-CA-key.pem -passout pass:random-root-CA-password-155 1024 504s + openssl req -passin pass:random-root-CA-password-155 -batch -config /tmp/sssd-softhsm2-vlpXTn/test-root-CA.config -x509 -new -nodes -key /tmp/sssd-softhsm2-vlpXTn/test-root-CA-key.pem -sha256 -days 1024 -set_serial 0 -extensions v3_ca -out /tmp/sssd-softhsm2-vlpXTn/test-root-CA.pem 504s + openssl x509 -noout -in /tmp/sssd-softhsm2-vlpXTn/test-root-CA.pem 504s + cat 504s + intermediate_ca_key_pass=pass:random-intermediate-CA-password-27420 504s + openssl genrsa -aes256 -out /tmp/sssd-softhsm2-vlpXTn/test-intermediate-CA-key.pem -passout pass:random-intermediate-CA-password-27420 1024 504s + openssl req -batch -new -nodes -passin pass:random-intermediate-CA-password-27420 -config /tmp/sssd-softhsm2-vlpXTn/test-intermediate-CA.config -key /tmp/sssd-softhsm2-vlpXTn/test-intermediate-CA-key.pem -passout pass:random-root-CA-password-155 -sha256 -extensions v3_ca -out /tmp/sssd-softhsm2-vlpXTn/test-intermediate-CA-certificate-request.pem 504s + openssl req -text -noout -in /tmp/sssd-softhsm2-vlpXTn/test-intermediate-CA-certificate-request.pem 504s Certificate Request: 504s Data: 504s Version: 1 (0x0) 504s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate CA 504s Subject Public Key Info: 504s Public Key Algorithm: rsaEncryption 504s Public-Key: (1024 bit) 504s Modulus: 504s 00:9e:a8:0d:b7:da:26:3e:44:6a:b4:a8:a2:02:83: 504s fc:13:9f:91:21:79:07:d5:1a:bf:65:1c:e5:3e:c1: 504s 37:c5:28:fa:3c:af:b3:4d:60:66:da:12:a9:97:f3: 504s 2d:fd:89:57:ab:2c:53:1d:b6:f8:c0:a8:96:dd:81: 504s db:1e:52:bc:e0:1f:e5:9a:16:5b:f3:db:8d:92:20: 504s 7f:96:e2:f2:19:7a:15:87:d6:12:ee:30:af:a1:48: 504s 7a:2b:43:b6:27:51:e2:ca:56:56:1f:86:98:89:5e: 504s 98:d3:12:22:2c:19:b9:f2:9c:eb:38:10:b4:57:8f: 504s 73:27:a9:cd:12:1e:c3:e9:81 504s Exponent: 65537 (0x10001) 504s Attributes: 504s (none) 504s Requested Extensions: 504s Signature Algorithm: sha256WithRSAEncryption 504s Signature Value: 504s 44:92:07:c8:2c:69:6b:9b:f3:a6:65:69:54:13:a3:c9:df:8f: 504s 11:51:5a:7d:f8:5f:89:7d:a1:72:a1:04:cf:4e:54:1c:aa:a3: 504s 76:d0:ff:16:c4:12:d1:0c:02:53:b9:84:a9:79:84:a2:5c:f4: 504s 9c:23:40:28:04:6f:08:81:1f:4f:ea:df:0a:fa:aa:e6:50:2e: 504s 5c:8f:d6:18:9d:91:61:fc:7a:c3:d0:e7:a9:df:9a:48:02:55: 504s 48:dd:72:8e:ea:2f:c1:41:e3:3a:a2:63:0d:cd:b8:89:a7:a9: 504s 0a:b5:d2:dc:bb:ee:93:a8:ed:37:59:16:bd:7a:dc:51:41:66: 504s 05:13 504s + openssl ca -batch -notext -config /tmp/sssd-softhsm2-vlpXTn/test-root-CA.config -passin pass:random-root-CA-password-155 -keyfile /tmp/sssd-softhsm2-vlpXTn/test-root-CA-key.pem -in /tmp/sssd-softhsm2-vlpXTn/test-intermediate-CA-certificate-request.pem -days 365 -extensions v3_intermediate_ca -out /tmp/sssd-softhsm2-vlpXTn/test-intermediate-CA.pem 504s Using configuration from /tmp/sssd-softhsm2-vlpXTn/test-root-CA.config 504s Check that the request matches the signature 504s Signature ok 504s Certificate Details: 504s Serial Number: 1 (0x1) 504s Validity 504s Not Before: Mar 24 07:28:29 2024 GMT 504s Not After : Mar 24 07:28:29 2025 GMT 504s Subject: 504s organizationName = Test Organization 504s organizationalUnitName = Test Organization Unit 504s commonName = Test Organization Intermediate CA 504s X509v3 extensions: 504s X509v3 Subject Key Identifier: 504s 67:0B:FE:DA:12:B8:64:88:B8:D3:46:EA:CE:9B:FC:46:E0:4B:0B:04 504s X509v3 Authority Key Identifier: 504s keyid:49:66:8D:6C:A3:D2:34:7C:99:D9:2A:D4:A3:56:07:EB:23:A3:64:22 504s /tmp/sssd-softhsm2-vlpXTn/test-intermediate-CA.pem: OK 504s DirName:/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root CA 504s serial:00 504s X509v3 Basic Constraints: 504s CA:TRUE 504s X509v3 Key Usage: critical 504s Digital Signature, Certificate Sign, CRL Sign 504s Certificate is to be certified until Mar 24 07:28:29 2025 GMT (365 days) 504s 504s Write out database with 1 new entries 504s Database updated 504s + openssl x509 -noout -in /tmp/sssd-softhsm2-vlpXTn/test-intermediate-CA.pem 504s + openssl verify -CAfile /tmp/sssd-softhsm2-vlpXTn/test-root-CA.pem /tmp/sssd-softhsm2-vlpXTn/test-intermediate-CA.pem 504s + cat 504s + sub_intermediate_ca_key_pass=pass:random-sub-intermediate-CA-password-2134 504s + openssl genrsa -aes256 -out /tmp/sssd-softhsm2-vlpXTn/test-sub-intermediate-CA-key.pem -passout pass:random-sub-intermediate-CA-password-2134 1024 504s + openssl req -batch -new -nodes -passin pass:random-sub-intermediate-CA-password-2134 -config /tmp/sssd-softhsm2-vlpXTn/test-sub-intermediate-CA.config -key /tmp/sssd-softhsm2-vlpXTn/test-sub-intermediate-CA-key.pem -passout pass:random-intermediate-CA-password-27420 -sha256 -extensions v3_ca -out /tmp/sssd-softhsm2-vlpXTn/test-sub-intermediate-CA-certificate-request.pem 504s + openssl req -text -noout -in /tmp/sssd-softhsm2-vlpXTn/test-sub-intermediate-CA-certificate-request.pem 504s Certificate Request: 504s Data: 504s Version: 1 (0x0) 504s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate CA 504s Subject Public Key Info: 504s Public Key Algorithm: rsaEncryption 504s Public-Key: (1024 bit) 504s Modulus: 504s 00:bb:6c:ae:74:b7:37:2c:ca:e7:2c:ff:6d:bd:f9: 504s d1:d9:02:ef:de:dc:c1:10:69:d2:54:cc:56:f8:c4: 504s b3:72:d5:1a:1d:16:09:79:2e:ab:d1:cb:5d:be:ee: 504s a3:4b:93:42:f9:f3:b3:fe:73:8e:ba:6c:0f:76:e3: 504s 03:76:5b:5c:3b:e7:13:8b:4a:ee:a9:b1:11:aa:90: 504s e0:fe:84:14:ce:09:fc:ee:aa:65:3c:ac:86:41:77: 504s de:e4:23:08:1b:1a:9a:a5:77:61:36:79:3b:b8:e6: 504s 28:79:d9:5d:e5:40:c1:b8:d5:7b:e6:21:2b:d4:78: 504s db:5f:16:1f:9c:c5:2b:a1:a7 504s Exponent: 65537 (0x10001) 504s Attributes: 504s (none) 504s Requested Extensions: 504s Signature Algorithm: sha256WithRSAEncryption 504s Signature Value: 504s 35:7a:d8:b1:26:34:15:4b:10:71:f6:db:73:a5:b6:b1:b2:04: 504s 20:78:26:d3:9c:ac:ab:01:7f:ed:81:72:94:c3:c6:61:30:7f: 504s 7b:2c:c0:22:9e:32:b2:12:c3:62:7d:7f:41:92:83:3c:4b:63: 504s 55:9f:56:e5:16:60:c6:f4:00:e2:b1:9e:ec:46:04:ec:7a:28: 504s fd:35:87:0b:a0:01:09:e0:84:23:34:60:87:70:ee:57:35:0c: 504s 36:2f:83:be:0b:ce:0d:5f:56:13:5c:cc:da:c4:fc:02:c1:1d: 504s 13:df:15:74:16:ab:a7:aa:48:73:a9:6d:4d:0f:ef:87:16:7c: 504s f2:e1 504s + openssl ca -batch -notext -config /tmp/sssd-softhsm2-vlpXTn/test-intermediate-CA.config -passin pass:random-intermediate-CA-password-27420 -keyfile /tmp/sssd-softhsm2-vlpXTn/test-intermediate-CA-key.pem -in /tmp/sssd-softhsm2-vlpXTn/test-sub-intermediate-CA-certificate-request.pem -days 365 -extensions v3_intermediate_ca -out /tmp/sssd-softhsm2-vlpXTn/test-sub-intermediate-CA.pem 504s Using configuration from /tmp/sssd-softhsm2-vlpXTn/test-intermediate-CA.config 504s Check that the request matches the signature 504s Signature ok 504s Certificate Details: 504s Serial Number: 2 (0x2) 504s Validity 504s Not Before: Mar 24 07:28:29 2024 GMT 504s Not After : Mar 24 07:28:29 2025 GMT 504s Subject: 504s organizationName = Test Organization 504s organizationalUnitName = Test Organization Unit 504s commonName = Test Organization Sub Intermediate CA 504s X509v3 extensions: 504s X509v3 Subject Key Identifier: 504s A8:F9:07:D1:43:8C:59:11:17:86:26:23:2A:46:80:94:FC:84:75:0B 504s X509v3 Authority Key Identifier: 504s keyid:67:0B:FE:DA:12:B8:64:88:B8:D3:46:EA:CE:9B:FC:46:E0:4B:0B:04 504s DirName:/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root CA 504s serial:01 504s X509v3 Basic Constraints: 504s CA:TRUE 504s X509v3 Key Usage: critical 504s Digital Signature, Certificate Sign, CRL Sign 504s Certificate is to be certified until Mar 24 07:28:29 2025 GMT (365 days) 504s 504s Write out database with 1 new entries 504s Database updated 504s + openssl x509 -noout -in /tmp/sssd-softhsm2-vlpXTn/test-sub-intermediate-CA.pem 504s + openssl verify -partial_chain -CAfile /tmp/sssd-softhsm2-vlpXTn/test-intermediate-CA.pem /tmp/sssd-softhsm2-vlpXTn/test-sub-intermediate-CA.pem 504s /tmp/sssd-softhsm2-vlpXTn/test-sub-intermediate-CA.pem: OK 504s + expect_fail openssl verify -CAfile /tmp/sssd-softhsm2-vlpXTn/test-root-CA.pem /tmp/sssd-softhsm2-vlpXTn/test-sub-intermediate-CA.pem 504s + local cmd=openssl 504s + shift 504s + openssl verify -CAfile /tmp/sssd-softhsm2-vlpXTn/test-root-CA.pem /tmp/sssd-softhsm2-vlpXTn/test-sub-intermediate-CA.pem 504s O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate CA 504s error 20 at 0 depth lookup: unable to get local issuer certificate 504s error /tmp/sssd-softhsm2-vlpXTn/test-sub-intermediate-CA.pem: verification failed 504s + cat 504s + root_ca_trusted_cert_0001_key_pass=pass:random-root-ca-trusted-cert-0001-19912 504s + openssl genrsa -aes256 -out /tmp/sssd-softhsm2-vlpXTn/test-root-CA-trusted-certificate-0001-key.pem -passout pass:random-root-ca-trusted-cert-0001-19912 1024 504s + openssl req -new -nodes -reqexts req_exts -passin pass:random-root-ca-trusted-cert-0001-19912 -key /tmp/sssd-softhsm2-vlpXTn/test-root-CA-trusted-certificate-0001-key.pem -config /tmp/sssd-softhsm2-vlpXTn/test-root-CA-trusted-certificate-0001.config -out /tmp/sssd-softhsm2-vlpXTn/test-root-CA-trusted-certificate-0001-request.pem 504s + openssl req -text -noout -in /tmp/sssd-softhsm2-vlpXTn/test-root-CA-trusted-certificate-0001-request.pem 504s Certificate Request: 504s Data: 504s Version: 1 (0x0) 504s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root Trusted Certificate 0001 504s Subject Public Key Info: 504s Public Key Algorithm: rsaEncryption 504s Public-Key: (1024 bit) 504s Modulus: 504s 00:d6:4c:55:fe:3c:f2:b1:56:e2:69:78:e2:fe:e8: 504s 34:a0:98:fc:e4:9b:93:fa:ed:eb:f9:1f:64:24:83: 504s cd:f7:b8:ff:d9:ec:78:58:0d:26:28:0d:0d:0d:7b: 504s 92:0d:a5:32:30:59:c2:da:bc:01:db:df:64:d6:b1: 504s 92:4f:33:8c:f3:a7:81:2a:eb:a4:13:be:73:eb:c6: 504s f0:18:cd:29:d9:06:1d:dc:3c:13:ac:2f:1a:fb:dc: 504s bd:b1:df:15:fb:5d:6f:fb:6f:d2:7f:56:ab:06:0f: 504s 2a:5a:82:c6:b6:25:e1:4d:09:e2:a2:01:11:7e:81: 504s 2d:8b:34:33:e4:d4:b7:2f:3b 504s Exponent: 65537 (0x10001) 504s Attributes: 504s Requested Extensions: 504s X509v3 Basic Constraints: 504s CA:FALSE 504s Netscape Cert Type: 504s SSL Client, S/MIME 504s Netscape Comment: 504s Test Organization Root CA trusted Certificate 504s X509v3 Subject Key Identifier: 504s 61:12:EF:79:42:32:FB:EC:CD:D2:27:04:1E:0F:3C:30:3D:7C:7D:4E 504s X509v3 Key Usage: critical 504s Digital Signature, Non Repudiation, Key Encipherment 504s X509v3 Extended Key Usage: 504s TLS Web Client Authentication, E-mail Protection 504s X509v3 Subject Alternative Name: 504s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 504s Signature Algorithm: sha256WithRSAEncryption 504s Signature Value: 504s a0:48:1a:b5:ca:43:ed:67:74:47:77:93:58:ff:4d:4d:3d:fa: 504s ae:fa:32:88:c5:e7:a7:1e:d9:86:0a:b8:51:98:dc:b9:28:3a: 504s 22:77:1f:38:37:6e:fc:97:93:d3:24:2f:30:56:cd:c1:fd:80: 504s 03:07:46:93:78:ed:e6:bb:55:f4:a4:05:ef:c8:2d:94:50:eb: 504s fb:30:fc:be:df:e5:2e:ab:60:1f:37:6e:b9:83:0e:7e:a8:f9: 504s 0c:f1:44:00:b1:13:85:35:29:57:2a:23:e5:e1:91:2a:0b:53: 504s 7f:7e:77:21:66:95:64:1d:be:b3:33:79:e1:34:85:13:09:fa: 504s ed:a9 504s + openssl ca -batch -notext -config /tmp/sssd-softhsm2-vlpXTn/test-root-CA.config -passin pass:random-root-CA-password-155 -keyfile /tmp/sssd-softhsm2-vlpXTn/test-root-CA-key.pem -in /tmp/sssd-softhsm2-vlpXTn/test-root-CA-trusted-certificate-0001-request.pem -days 365 -extensions usr_cert -out /tmp/sssd-softhsm2-vlpXTn/test-root-CA-trusted-certificate-0001.pem 504s Using configuration from /tmp/sssd-softhsm2-vlpXTn/test-root-CA.config 504s Check that the request matches the signature 504s Signature ok 504s Certificate Details: 504s Serial Number: 3 (0x3) 504s Validity 504s Not Before: Mar 24 07:28:29 2024 GMT 504s Not After : Mar 24 07:28:29 2025 GMT 504s Subject: 504s organizationName = Test Organization 504s organizationalUnitName = Test Organization Unit 504s commonName = Test Organization Root Trusted Certificate 0001 504s X509v3 extensions: 504s X509v3 Authority Key Identifier: 504s 49:66:8D:6C:A3:D2:34:7C:99:D9:2A:D4:A3:56:07:EB:23:A3:64:22 504s X509v3 Basic Constraints: 504s CA:FALSE 504s Netscape Cert Type: 504s SSL Client, S/MIME 504s Netscape Comment: 504s Test Organization Root CA trusted Certificate 504s X509v3 Subject Key Identifier: 504s 61:12:EF:79:42:32:FB:EC:CD:D2:27:04:1E:0F:3C:30:3D:7C:7D:4E 504s X509v3 Key Usage: critical 504s Digital Signature, Non Repudiation, Key Encipherment 504s X509v3 Extended Key Usage: 504s TLS Web Client Authentication, E-mail Protection 504s X509v3 Subject Alternative Name: 504s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 504s Certificate is to be certified until Mar 24 07:28:29 2025 GMT (365 days) 504s 504s Write out database with 1 new entries 504s Database updated 504s + openssl x509 -noout -in /tmp/sssd-softhsm2-vlpXTn/test-root-CA-trusted-certificate-0001.pem 504s + openssl verify -CAfile /tmp/sssd-softhsm2-vlpXTn/test-root-CA.pem /tmp/sssd-softhsm2-vlpXTn/test-root-CA-trusted-certificate-0001.pem 504s + expect_fail openssl verify -CAfile /tmp/sssd-softhsm2-vlpXTn/test-intermediate-CA.pem /tmp/sssd-softhsm2-vlpXTn/test-root-CA-trusted-certificate-0001.pem 504s + local cmd=openssl 504s + shift 504s + openssl verify -CAfile /tmp/sssd-softhsm2-vlpXTn/test-intermediate-CA.pem /tmp/sssd-softhsm2-vlpXTn/test-root-CA-trusted-certificate-0001.pem 504s O = Test Organi/tmp/sssd-softhsm2-vlpXTn/test-root-CA-trusted-certificate-0001.pem: OK 504s zation, OU = Test Organization Unit, CN = Test Organization Root Trusted Certificate 0001 504s error 20 at 0 depth lookup: unable to get local issuer certificate 504s error /tmp/sssd-softhsm2-vlpXTn/test-root-CA-trusted-certificate-0001.pem: verification failed 504s + cat 504s + intermediate_ca_trusted_cert_0001_key_pass=pass:random-intermediate-ca-trusted-cert-0001-13536 504s + openssl genrsa -aes256 -out /tmp/sssd-softhsm2-vlpXTn/test-intermediate-CA-trusted-certificate-0001-key.pem -passout pass:random-intermediate-ca-trusted-cert-0001-13536 1024 504s + openssl req -new -nodes -reqexts req_exts -passin pass:random-intermediate-ca-trusted-cert-0001-13536 -key /tmp/sssd-softhsm2-vlpXTn/test-intermediate-CA-trusted-certificate-0001-key.pem -config /tmp/sssd-softhsm2-vlpXTn/test-intermediate-CA-trusted-certificate-0001.config -out /tmp/sssd-softhsm2-vlpXTn/test-intermediate-CA-trusted-certificate-0001-request.pem 504s + openssl req -text -noout -in /tmp/sssd-softhsm2-vlpXTn/test-intermediate-CA-trusted-certificate-0001-request.pem 504s Certificate Request: 504s Data: 504s Version: 1 (0x0) 504s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate Trusted Certificate 0001 504s Subject Public Key Info: 504s Public Key Algorithm: rsaEncryption 504s Public-Key: (1024 bit) 504s Modulus: 504s 00:93:d7:24:42:04:c4:8d:0d:74:9a:c7:a6:98:9e: 504s 41:32:a6:65:28:1c:f1:c7:8c:e7:14:ca:17:3e:f6: 504s b6:b4:dc:2e:bb:bd:31:ac:c0:be:d3:6b:86:9c:41: 504s 25:96:3c:2a:d3:d8:a7:6e:fb:e1:cd:54:c8:61:45: 504s 23:a6:5d:4e:ec:de:0b:9f:48:60:76:e4:23:42:86: 504s b7:52:fd:0c:e6:96:3f:d1:73:e3:b8:8b:ae:f3:3e: 504s a3:8c:e3:31:c6:f1:72:a4:f0:70:84:04:90:35:95: 504s 08:3b:fd:b7:82:22:a3:38:36:20:39:89:94:dc:d2: 504s 6b:e0:55:22:c3:ef:86:7e:e1 504s Exponent: 65537 (0x10001) 504s Attributes: 504s Requested Extensions: 504s X509v3 Basic Constraints: 504s CA:FALSE 504s Netscape Cert Type: 504s SSL Client, S/MIME 504s Netscape Comment: 504s Test Organization Intermediate CA trusted Certificate 504s X509v3 Subject Key Identifier: 504s 5F:5E:43:C7:B0:36:27:5A:EC:43:ED:E3:B9:80:4F:13:FB:81:F0:A1 504s X509v3 Key Usage: critical 504s Digital Signature, Non Repudiation, Key Encipherment 504s X509v3 Extended Key Usage: 504s TLS Web Client Authentication, E-mail Protection 504s X509v3 Subject Alternative Name: 504s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 504s Signature Algorithm: sha256WithRSAEncryption 504s Signature Value: 504s 81:30:93:9f:12:55:1d:9d:12:56:ca:05:88:cd:fa:db:57:45: 504s c6:1b:fe:fe:e6:ad:94:52:f6:fa:5c:db:4e:3b:b8:c8:4d:60: 504s ed:88:85:9a:a8:18:3a:e8:e7:d1:ae:b5:7d:89:00:65:e7:54: 504s 4a:90:7e:d5:39:3d:a4:e3:76:fd:e9:09:a0:d2:d2:98:9a:75: 504s c8:40:c7:4e:d2:ce:2c:75:93:bc:52:16:6b:71:c6:3d:93:ad: 504s 09:1f:c9:28:b9:65:83:a8:3d:c1:62:cb:ee:8c:e7:10:77:a6: 504s 01:2c:01:87:9b:6c:6d:e5:fa:83:a5:ad:b1:60:64:59:f5:43: 504s 25:24 504s + openssl ca -passin pass:random-intermediate-CA-password-27420 -config /tmp/sssd-softhsm2-vlpXTn/test-intermediate-CA.config -batch -notext -keyfile /tmp/sssd-softhsm2-vlpXTn/test-intermediate-CA-key.pem -in /tmp/sssd-softhsm2-vlpXTn/test-intermediate-CA-trusted-certificate-0001-request.pem -days 365 -extensions usr_cert -out /tmp/sssd-softhsm2-vlpXTn/test-intermediate-CA-trusted-certificate-0001.pem 504s Using configuration from /tmp/sssd-softhsm2-vlpXTn/test-intermediate-CA.config 504s Check that the request matches the signature 504s Signature ok 504s Certificate Details: 504s Serial Number: 4 (0x4) 504s Validity 504s Not Before: Mar 24 07:28:29 2024 GMT 504s Not After : Mar 24 07:28:29 2025 GMT 504s Subject: 504s organizationName = Test Organization 504s organizationalUnitName = Test Organization Unit 504s commonName = Test Organization Intermediate Trusted Certificate 0001 504s X509v3 extensions: 504s X509v3 Authority Key Identifier: 504s 67:0B:FE:DA:12:B8:64:88:B8:D3:46:EA:CE:9B:FC:46:E0:4B:0B:04 504s X509v3 Basic Constraints: 504s CA:FALSE 504s Netscape Cert Type: 504s SSL Client, S/MIME 504s Netscape Comment: 504s Test Organization Intermediate CA trusted Certificate 504s X509v3 Subject Key Identifier: 504s 5F:5E:43:C7:B0:36:27:5A:EC:43:ED:E3:B9:80:4F:13:FB:81:F0:A1 504s X509v3 Key Usage: critical 504s Digital Signature, Non Repudiation, Key Encipherment 504s X509v3 Extended Key Usage: 504s TLS Web Client Authentication, E-mail Protection 504s X509v3 Subject Alternative Name: 504s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 504s Certificate is to be certified until Mar 24 07:28:29 2025 GMT (365 days) 504s 504s Write out database with 1 new entries 504s Database updated 504s + openssl x509 -noout -in /tmp/sssd-softhsm2-vlpXTn/test-intermediate-CA-trusted-certificate-0001.pem 504s This certificate should not be trusted fully 504s + echo 'This certificate should not be trusted fully' 504s + expect_fail openssl verify -CAfile /tmp/sssd-softhsm2-vlpXTn/test-intermediate-CA.pem /tmp/sssd-softhsm2-vlpXTn/test-intermediate-CA-trusted-certificate-0001.pem 504s + local cmd=openssl 504s + shift 504s + openssl verify -CAfile /tmp/sssd-softhsm2-vlpXTn/test-intermediate-CA.pem /tmp/sssd-softhsm2-vlpXTn/test-intermediate-CA-trusted-certificate-0001.pem 504s O = Test Organization, OU = Test Organization Unit, CN = Test Organization Inter/tmp/sssd-softhsm2-vlpXTn/test-intermediate-CA-trusted-certificate-0001.pem: OK 504s mediate CA 504s error 2 at 1 depth lookup: unable to get issuer certificate 504s error /tmp/sssd-softhsm2-vlpXTn/test-intermediate-CA-trusted-certificate-0001.pem: verification failed 504s + openssl verify -partial_chain -CAfile /tmp/sssd-softhsm2-vlpXTn/test-intermediate-CA.pem /tmp/sssd-softhsm2-vlpXTn/test-intermediate-CA-trusted-certificate-0001.pem 504s + cat 504s + sub_intermediate_ca_trusted_cert_0001_key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-13742 504s + openssl genrsa -aes256 -out /tmp/sssd-softhsm2-vlpXTn/test-sub-intermediate-CA-trusted-certificate-0001-key.pem -passout pass:random-sub-intermediate-ca-trusted-cert-0001-13742 1024 504s + openssl req -new -nodes -reqexts req_exts -passin pass:random-sub-intermediate-ca-trusted-cert-0001-13742 -key /tmp/sssd-softhsm2-vlpXTn/test-sub-intermediate-CA-trusted-certificate-0001-key.pem -config /tmp/sssd-softhsm2-vlpXTn/test-sub-intermediate-CA-trusted-certificate-0001.config -out /tmp/sssd-softhsm2-vlpXTn/test-sub-intermediate-CA-trusted-certificate-0001-request.pem 504s + openssl req -text -noout -in /tmp/sssd-softhsm2-vlpXTn/test-sub-intermediate-CA-trusted-certificate-0001-request.pem 504s Certificate Request: 504s Data: 504s Version: 1 (0x0) 504s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate Trusted Certificate 0001 504s Subject Public Key Info: 504s Public Key Algorithm: rsaEncryption 504s Public-Key: (1024 bit) 504s Modulus: 504s 00:e4:4a:83:d2:41:3e:70:8a:76:97:9b:ed:86:be: 504s 70:5a:3e:14:31:e8:46:93:41:4b:e6:da:f7:d2:9b: 504s a3:66:0b:59:b1:91:56:19:11:6a:78:42:ed:1c:43: 504s 6c:4a:f1:09:9f:e1:48:80:74:2b:5c:eb:68:15:29: 504s 8a:e3:63:9f:59:57:ad:ab:95:ca:da:55:b2:3d:1d: 504s 4a:7a:59:76:94:8a:f1:5f:e6:57:42:c6:c3:8b:3d: 504s 6f:b8:3c:85:04:d4:2c:7b:13:05:9e:fb:d5:84:11: 504s 28:1f:01:92:0e:3d:d2:19:e9:f1:5f:cd:5a:f3:f5: 504s ac:60:67:25:fc:d4:11:05:e9 504s Exponent: 65537 (0x10001) 504s Attributes: 504s Requested Extensions: 504s X509v3 Basic Constraints: 504s CA:FALSE 504s Netscape Cert Type: 504s SSL Client, S/MIME 504s Netscape Comment: 504s Test Organization Sub Intermediate CA trusted Certificate 504s X509v3 Subject Key Identifier: 504s EC:00:82:86:7A:AD:E5:0A:4F:51:BF:2E:E1:9B:F0:7E:43:07:0B:CC 504s X509v3 Key Usage: critical 504s Digital Signature, Non Repudiation, Key Encipherment 504s X509v3 Extended Key Usage: 504s TLS Web Client Authentication, E-mail Protection 504s X509v3 Subject Alternative Name: 504s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 504s Signature Algorithm: sha256WithRSAEncryption 504s Signature Value: 504s ba:71:59:7e:34:2e:f8:6c:fd:b0:46:5c:ce:5f:06:76:35:09: 504s ac:06:c3:a4:68:42:3c:01:8d:63:73:c7:74:89:8a:6a:2e:db: 504s 2d:b9:c2:4b:b1:0d:91:3d:ec:2d:ff:ae:6e:6c:31:61:2f:fd: 504s 23:25:bd:6f:b7:fc:b5:a6:96:58:3a:5a:9c:13:2d:93:c0:db: 504s e4:55:2d:73:26:4e:4d:80:92:9d:ff:ee:34:8a:69:63:3e:68: 504s f1:8d:35:8a:68:02:e1:a5:a1:64:a8:8c:0a:20:04:b1:98:be: 504s f6:0a:3b:c3:35:fc:c5:6b:b4:7a:d0:4c:4d:c8:c8:85:40:79: 504s 27:6d 504s + openssl ca -passin pass:random-sub-intermediate-CA-password-2134 -config /tmp/sssd-softhsm2-vlpXTn/test-sub-intermediate-CA.config -batch -notext -keyfile /tmp/sssd-softhsm2-vlpXTn/test-sub-intermediate-CA-key.pem -in /tmp/sssd-softhsm2-vlpXTn/test-sub-intermediate-CA-trusted-certificate-0001-request.pem -days 365 -extensions usr_cert -out /tmp/sssd-softhsm2-vlpXTn/test-sub-intermediate-CA-trusted-certificate-0001.pem 504s Using configuration from /tmp/sssd-softhsm2-vlpXTn/test-sub-intermediate-CA.config 504s Check that the request matches the signature 504s Signature ok 504s Certificate Details: 504s Serial Number: 5 (0x5) 504s Validity 504s Not Before: Mar 24 07:28:29 2024 GMT 504s Not After : Mar 24 07:28:29 2025 GMT 504s Subject: 504s organizationName = Test Organization 504s organizationalUnitName = Test Organization Unit 504s commonName = Test Organization Sub Intermediate Trusted Certificate 0001 504s X509v3 extensions: 504s X509v3 Authority Key Identifier: 504s A8:F9:07:D1:43:8C:59:11:17:86:26:23:2A:46:80:94:FC:84:75:0B 504s X509v3 Basic Constraints: 504s CA:FALSE 504s Netscape Cert Type: 504s SSL Client, S/MIME 504s Netscape Comment: 504s Test Organization Sub Intermediate CA trusted Certificate 504s X509v3 Subject Key Identifier: 504s EC:00:82:86:7A:AD:E5:0A:4F:51:BF:2E:E1:9B:F0:7E:43:07:0B:CC 504s X509v3 Key Usage: critical 504s Digital Signature, Non Repudiation, Key Encipherment 504s X509v3 Extended Key Usage: 504s TLS Web Client Authentication, E-mail Protection 504s X509v3 Subject Alternative Name: 504s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 504s Certificate is to be certified until Mar 24 07:28:29 2025 GMT (365 days) 504s 504s Write out database with 1 new entries 504s Database updated 504s + openssl x509 -noout -in /tmp/sssd-softhsm2-vlpXTn/test-sub-intermediate-CA-trusted-certificate-0001.pem 504s This certificate should not be trusted fully 504s + echo 'This certificate should not be trusted fully' 504s + expect_fail openssl verify -CAfile /tmp/sssd-softhsm2-vlpXTn/test-sub-intermediate-CA.pem /tmp/sssd-softhsm2-vlpXTn/test-sub-intermediate-CA-trusted-certificate-0001.pem 504s + local cmd=openssl 504s + shift 504s + openssl verify -CAfile /tmp/sssd-softhsm2-vlpXTn/test-sub-intermediate-CA.pem /tmp/sssd-softhsm2-vlpXTn/test-sub-intermediate-CA-trusted-certificate-0001.pem 504s O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate CA 504s error 2 at 1 depth lookup: unable to get issuer certificate 504s error /tmp/sssd-softhsm2-vlpXTn/test-sub-intermediate-CA-trusted-certificate-0001.pem: verification failed 504s + expect_fail openssl verify -CAfile /tmp/sssd-softhsm2-vlpXTn/test-intermediate-CA.pem /tmp/sssd-softhsm2-vlpXTn/test-sub-intermediate-CA-trusted-certificate-0001.pem 504s + local cmd=openssl 504s + shift 504s + openssl verify -CAfile /tmp/sssd-softhsm2-vlpXTn/test-intermediate-CA.pem /tmp/sssd-softhsm2-vlpXTn/test-sub-intermediate-CA-trusted-certificate-0001.pem 504s O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate Trusted Certificate 0001 504s error 20 at 0 depth lookup: unable to get local issuer certificate 504s error /tmp/sssd-softhsm2-vlpXTn/test-sub-intermediate-CA-trusted-certificate-0001.pem: verification failed 504s + openssl verify -partial_chain -CAfile /tmp/sssd-softhsm2-vlpXTn/test-sub-intermediate-CA.pem /tmp/sssd-softhsm2-vlpXTn/test-sub-intermediate-CA-trusted-certificate-0001.pem 504s + expect_fail openssl verify -partial_chain -CAfile /tmp/sssd-softhsm2-vlpXTn/test-intermediate-CA.pem /tmp/sssd-softhsm2-vlpXTn/test-sub-intermediate-CA-trusted-certificate-0001.pem 504s + local cmd=openssl 504s + shift 504s /tmp/sssd-softhsm2-vlpXTn/test-sub-intermediate-CA-trusted-certificate-0001.pem: OK 504s + openssl verify -partial_chain -CAfile /tmp/sssd-softhsm2-vlpXTn/test-intermediate-CA.pem /tmp/sssd-softhsm2-vlpXTn/test-sub-intermediate-CA-trusted-certificate-0001.pem 504s O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate Trusted Certificate 0001 504s error 20 at 0 depth lookup: unable to get local issuer certificate 504s error /tmp/sssd-softhsm2-vlpXTn/test-sub-intermediate-CA-trusted-certificate-0001.pem: verification failed 504s + echo 'Building a the full-chain CA file...' 504s + cat /tmp/sssd-softhsm2-vlpXTn/test-root-CA.pem /tmp/sssd-softhsm2-vlpXTn/test-intermediate-CA.pem /tmp/sssd-softhsm2-vlpXTn/test-sub-intermediate-CA.pem 504s Building a the full-chain CA file... 504s + cat /tmp/sssd-softhsm2-vlpXTn/test-root-CA.pem /tmp/sssd-softhsm2-vlpXTn/test-intermediate-CA.pem 504s + cat /tmp/sssd-softhsm2-vlpXTn/test-intermediate-CA.pem /tmp/sssd-softhsm2-vlpXTn/test-sub-intermediate-CA.pem 504s + openssl crl2pkcs7 -nocrl -certfile /tmp/sssd-softhsm2-vlpXTn/test-full-chain-CA.pem 504s + openssl pkcs7 -print_certs -noout 504s + openssl verify -CAfile /tmp/sssd-softhsm2-vlpXTn/test-full-chain-CA.pem /tmp/sssd-softhsm2-vlpXTn/test-intermediate-CA.pem 504s + openssl verify -CAfile /tmp/sssd-softhsm2-vlpXTn/test-full-chain-CA.pem /tmp/sssd-softhsm2-vlpXTn/test-root-CA-trusted-certificate-0001.pem 504s + openssl verify -CAfile /tmp/sssd-softhsm2-vlpXTn/test-full-chain-CA.pem /tmp/sssd-softhsm2-vlpXTn/test-intermediate-CA-trusted-certificate-0001.pem 504s + openssl verify -CAfile /tmp/sssd-softhsm2-vlpXTn/test-full-chain-CA.pem /tmp/sssd-softhsm2-vlpXTn/test-root-intermediate-chain-CA.pem 504s + openssl verify -CAfile /tmp/sssd-softhsm2-vlpXTn/test-full-chain-CA.pem /tmp/sssd-softhsm2-vlpXTn/test-sub-intermediate-CA-trusted-certificate-0001.pem 504s + echo 'Certificates generation completed!' 504s + [[ -v NO_SSSD_TESTS ]] 504s + invalid_certificate /tmp/sssd-softhsm2-vlpXTn/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-19912 /dev/null 504s + check_certificate /tmp/sssd-softhsm2-vlpXTn/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-19912 /dev/null 504s + local certificate=/tmp/sssd-softhsm2-vlpXTn/test-root-CA-trusted-certificate-0001.pem 504s + local key_pass=pass:random-root-ca-trusted-cert-0001-19912 504s + local key_ring=/dev/null 504s + local verify_option= 504s + prepare_softhsm2_card /tmp/sssd-softhsm2-vlpXTn/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-19912 504s + local certificate=/tmp/sssd-softhsm2-vlpXTn/test-root-CA-trusted-certificate-0001.pem 504s + local key_pass=pass:random-root-ca-trusted-cert-0001-19912 504s + local key_cn 504s + local key_name 504s + local tokens_dir 504s + local output_cert_file 504s + token_name= 504s ++ basename /tmp/sssd-softhsm2-vlpXTn/test-root-CA-trusted-certificate-0001.pem .pem 504s + key_name=test-root-CA-trusted-certificate-0001 504s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-vlpXTn/test-root-CA-trusted-certificate-0001.pem 504s ++ sed -n 's/ *commonName *= //p' 504s subject=O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root CA 504s issuer=O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root CA 504s 504s subject=O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate CA 504s issuer=O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root CA 504s 504s subject=O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate CA 504s issuer=O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate CA 504s 504s /tmp/sssd-softhsm2-vlpXTn/test-intermediate-CA.pem: OK 504s /tmp/sssd-softhsm2-vlpXTn/test-root-CA-trusted-certificate-0001.pem: OK 504s /tmp/sssd-softhsm2-vlpXTn/test-intermediate-CA-trusted-certificate-0001.pem: OK 504s /tmp/sssd-softhsm2-vlpXTn/test-root-intermediate-chain-CA.pem: OK 504s /tmp/sssd-softhsm2-vlpXTn/test-sub-intermediate-CA-trusted-certificate-0001.pem: OK 504s Certificates generation completed! 504s + key_cn='Test Organization Root Trusted Certificate 0001' 504s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 504s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-vlpXTn/softhsm2-test-root-CA-trusted-certificate-0001.conf 504s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-vlpXTn/softhsm2-test-root-CA-trusted-certificate-0001.conf 504s ++ basename /tmp/sssd-softhsm2-vlpXTn/softhsm2-test-root-CA-trusted-certificate-0001.conf .conf 504s + tokens_dir=/tmp/sssd-softhsm2-vlpXTn/softhsm2-test-root-CA-trusted-certificate-0001 504s + token_name='Test Organization Root Tr Token' 504s + '[' '!' -e /tmp/sssd-softhsm2-vlpXTn/softhsm2-test-root-CA-trusted-certificate-0001.conf ']' 504s + local key_file 504s + local decrypted_key 504s + mkdir -p /tmp/sssd-softhsm2-vlpXTn/softhsm2-test-root-CA-trusted-certificate-0001 504s + key_file=/tmp/sssd-softhsm2-vlpXTn/test-root-CA-trusted-certificate-0001-key.pem 504s + decrypted_key=/tmp/sssd-softhsm2-vlpXTn/test-root-CA-trusted-certificate-0001-key-decrypted.pem 504s + cat 504s + softhsm2-util --init-token --label 'Test Organization Root Tr Token' --pin 053350 --so-pin 053350 --free 504s Slot 0 has a free/uninitialized token. 504s The token has been initialized and is reassigned to slot 924798195 504s + softhsm2-util --show-slots 504s + p11tool --provider=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so --write --no-mark-private --load-certificate=/tmp/sssd-softhsm2-vlpXTn/test-root-CA-trusted-certificate-0001.pem --login --set-pin=053350 --label 'Test Organization Root Trusted Certificate 0001' --id 00112233445566778899FFAABBCCDDEEFF012345 504s Available slots: 504s Slot 924798195 504s Slot info: 504s Description: SoftHSM slot ID 0x371f4cf3 504s Manufacturer ID: SoftHSM project 504s Hardware version: 2.6 504s Firmware version: 2.6 504s Token present: yes 504s Token info: 504s Manufacturer ID: SoftHSM project 504s Model: SoftHSM v2 504s Hardware version: 2.6 504s Firmware version: 2.6 504s Serial number: adb40941b71f4cf3 504s Initialized: yes 504s User PIN init.: yes 504s Label: Test Organization Root Tr Token 504s Slot 1 504s Slot info: 504s Description: SoftHSM slot ID 0x1 504s Manufacturer ID: SoftHSM project 504s Hardware version: 2.6 504s Firmware version: 2.6 504s Token present: yes 504s Token info: 504s Manufacturer ID: SoftHSM project 504s Model: SoftHSM v2 504s Hardware version: 2.6 504s Firmware version: 2.6 504s Serial number: 504s Initialized: no 504s User PIN init.: no 504s Label: 504s + openssl rsa -passin pass:random-root-ca-trusted-cert-0001-19912 -in /tmp/sssd-softhsm2-vlpXTn/test-root-CA-trusted-certificate-0001-key.pem -out /tmp/sssd-softhsm2-vlpXTn/test-root-CA-trusted-certificate-0001-key-decrypted.pem 504s writing RSA key 504s + p11tool --provider=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so --write --load-privkey=/tmp/sssd-softhsm2-vlpXTn/test-root-CA-trusted-certificate-0001-key-decrypted.pem --login --set-pin=053350 --label 'Test Organization Root Trusted Certificate 0001 Key' --id 00112233445566778899FFAABBCCDDEEFF012345 504s + rm /tmp/sssd-softhsm2-vlpXTn/test-root-CA-trusted-certificate-0001-key-decrypted.pem 504s + p11tool --provider=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so --list-all 504s + echo 'Test Organization Root Tr Token' 504s + '[' -n '' ']' 504s + local output_base_name=SSSD-child-24688 504s + local output_file=/tmp/sssd-softhsm2-vlpXTn/SSSD-child-24688.output 504s + output_cert_file=/tmp/sssd-softhsm2-vlpXTn/SSSD-child-24688.pem 504s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so '' --ca_db=/dev/null 504s Object 0: 504s URL: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=adb40941b71f4cf3;token=Test%20Organization%20Root%20Tr%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Root%20Trusted%20Certificate%200001;type=cert 504s Type: X.509 Certificate (RSA-1024) 504s Expires: Mon Mar 24 07:28:29 2025 504s Label: Test Organization Root Trusted Certificate 0001 504s ID: 00:11:22:33:44:55:66:77:88:99:ff:aa:bb:cc:dd:ee:ff:01:23:45 504s 504s Test Organization Root Tr Token 504s [p11_child[2051]] [main] (0x0400): p11_child started. 504s [p11_child[2051]] [main] (0x2000): Running in [pre-auth] mode. 504s [p11_child[2051]] [main] (0x2000): Running with effective IDs: [0][0]. 504s [p11_child[2051]] [main] (0x2000): Running with real IDs [0][0]. 504s [p11_child[2051]] [init_verification] (0x0040): X509_LOOKUP_load_file [/dev/null] failed [92274824][error:05800088:x509 certificate routines::no certificate or crl found]. 504s [p11_child[2051]] [do_work] (0x0040): init_verification failed. 504s [p11_child[2051]] [main] (0x0020): p11_child failed (5) 504s + return 2 504s + valid_certificate /tmp/sssd-softhsm2-vlpXTn/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-19912 /dev/null no_verification 504s + check_certificate /tmp/sssd-softhsm2-vlpXTn/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-19912 /dev/null no_verification 504s + local certificate=/tmp/sssd-softhsm2-vlpXTn/test-root-CA-trusted-certificate-0001.pem 504s + local key_pass=pass:random-root-ca-trusted-cert-0001-19912 504s + local key_ring=/dev/null 504s + local verify_option=no_verification 504s + prepare_softhsm2_card /tmp/sssd-softhsm2-vlpXTn/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-19912 504s + local certificate=/tmp/sssd-softhsm2-vlpXTn/test-root-CA-trusted-certificate-0001.pem 504s + local key_pass=pass:random-root-ca-trusted-cert-0001-19912 504s + local key_cn 504s + local key_name 504s + local tokens_dir 504s + local output_cert_file 504s + token_name= 504s ++ basename /tmp/sssd-softhsm2-vlpXTn/test-root-CA-trusted-certificate-0001.pem .pem 504s + key_name=test-root-CA-trusted-certificate-0001 504s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-vlpXTn/test-root-CA-trusted-certificate-0001.pem 504s ++ sed -n 's/ *commonName *= //p' 504s + key_cn='Test Organization Root Trusted Certificate 0001' 504s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 504s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-vlpXTn/softhsm2-test-root-CA-trusted-certificate-0001.conf 504s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-vlpXTn/softhsm2-test-root-CA-trusted-certificate-0001.conf 504s ++ basename /tmp/sssd-softhsm2-vlpXTn/softhsm2-test-root-CA-trusted-certificate-0001.conf .conf 504s + tokens_dir=/tmp/sssd-softhsm2-vlpXTn/softhsm2-test-root-CA-trusted-certificate-0001 504s + token_name='Test Organization Root Tr Token' 504s + '[' '!' -e /tmp/sssd-softhsm2-vlpXTn/softhsm2-test-root-CA-trusted-certificate-0001.conf ']' 504s + '[' '!' -d /tmp/sssd-softhsm2-vlpXTn/softhsm2-test-root-CA-trusted-certificate-0001 ']' 504s + echo 'Test Organization Root Tr Token' 504s Test Organization Root Tr Token 504s + '[' -n no_verification ']' 504s + local verify_arg=--verify=no_verification 504s + local output_base_name=SSSD-child-25510 504s + local output_file=/tmp/sssd-softhsm2-vlpXTn/SSSD-child-25510.output 504s + output_cert_file=/tmp/sssd-softhsm2-vlpXTn/SSSD-child-25510.pem 504s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so --verify=no_verification --ca_db=/dev/null 504s [p11_child[2057]] [main] (0x0400): p11_child started. 504s [p11_child[2057]] [main] (0x2000): Running in [pre-auth] mode. 504s [p11_child[2057]] [main] (0x2000): Running with effective IDs: [0][0]. 504s [p11_child[2057]] [main] (0x2000): Running with real IDs [0][0]. 504s [p11_child[2057]] [parse_cert_verify_opts] (0x0020): Found 'no_verification' option, disabling verification completely. This should not be used in production. 504s [p11_child[2057]] [do_card] (0x4000): Module List: 504s [p11_child[2057]] [do_card] (0x4000): common name: [softhsm2]. 504s [p11_child[2057]] [do_card] (0x4000): dll name: [/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 504s [p11_child[2057]] [do_card] (0x4000): Description [SoftHSM slot ID 0x371f4cf3] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 504s [p11_child[2057]] [do_card] (0x4000): Token label [Test Organization Root Tr Token]. 504s [p11_child[2057]] [do_card] (0x4000): Found [Test Organization Root Tr Token] in slot [SoftHSM slot ID 0x371f4cf3][924798195] of module [0][/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 504s [p11_child[2057]] [do_card] (0x4000): Login NOT required. 504s [p11_child[2057]] [read_certs] (0x4000): found cert[Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] 504s [p11_child[2057]] [do_card] (0x4000): /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so (null) Test Organization Root Tr Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 504s [p11_child[2057]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x371f4cf3;slot-manufacturer=SoftHSM%20project;slot-id=924798195;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=adb40941b71f4cf3;token=Test%20Organization%20Root%20Tr%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Root%20Trusted%20Certificate%200001;type=cert. 504s [p11_child[2057]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 504s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-vlpXTn/SSSD-child-25510.output 504s + echo '-----BEGIN CERTIFICATE-----' 504s + tail -n1 /tmp/sssd-softhsm2-vlpXTn/SSSD-child-25510.output 504s + echo '-----END CERTIFICATE-----' 504s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-vlpXTn/SSSD-child-25510.pem 505s + local found_md5 expected_md5 505s Certificate: 505s Data: 505s Version: 3 (0x2) 505s Serial Number: 3 (0x3) 505s Signature Algorithm: sha256WithRSAEncryption 505s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root CA 505s Validity 505s Not Before: Mar 24 07:28:29 2024 GMT 505s Not After : Mar 24 07:28:29 2025 GMT 505s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root Trusted Certificate 0001 505s Subject Public Key Info: 505s Public Key Algorithm: rsaEncryption 505s Public-Key: (1024 bit) 505s Modulus: 505s 00:d6:4c:55:fe:3c:f2:b1:56:e2:69:78:e2:fe:e8: 505s 34:a0:98:fc:e4:9b:93:fa:ed:eb:f9:1f:64:24:83: 505s cd:f7:b8:ff:d9:ec:78:58:0d:26:28:0d:0d:0d:7b: 505s 92:0d:a5:32:30:59:c2:da:bc:01:db:df:64:d6:b1: 505s 92:4f:33:8c:f3:a7:81:2a:eb:a4:13:be:73:eb:c6: 505s f0:18:cd:29:d9:06:1d:dc:3c:13:ac:2f:1a:fb:dc: 505s bd:b1:df:15:fb:5d:6f:fb:6f:d2:7f:56:ab:06:0f: 505s 2a:5a:82:c6:b6:25:e1:4d:09:e2:a2:01:11:7e:81: 505s 2d:8b:34:33:e4:d4:b7:2f:3b 505s Exponent: 65537 (0x10001) 505s X509v3 extensions: 505s X509v3 Authority Key Identifier: 505s 49:66:8D:6C:A3:D2:34:7C:99:D9:2A:D4:A3:56:07:EB:23:A3:64:22 505s X509v3 Basic Constraints: 505s CA:FALSE 505s Netscape Cert Type: 505s SSL Client, S/MIME 505s Netscape Comment: 505s Test Organization Root CA trusted Certificate 505s X509v3 Subject Key Identifier: 505s 61:12:EF:79:42:32:FB:EC:CD:D2:27:04:1E:0F:3C:30:3D:7C:7D:4E 505s X509v3 Key Usage: critical 505s Digital Signature, Non Repudiation, Key Encipherment 505s X509v3 Extended Key Usage: 505s TLS Web Client Authentication, E-mail Protection 505s X509v3 Subject Alternative Name: 505s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 505s Signature Algorithm: sha256WithRSAEncryption 505s Signature Value: 505s 63:11:dc:bd:4e:70:5f:1a:d8:45:ba:57:4c:82:60:2c:77:54: 505s a2:87:3d:70:89:6b:c1:86:1d:ba:cd:ec:e6:e7:6a:20:7d:d0: 505s 5b:fe:a9:b4:e9:a2:90:18:18:e5:96:0c:21:d1:27:4c:cd:c5: 505s 1b:ec:79:95:85:14:5c:b2:1b:7a:0d:01:c8:bf:ed:a2:30:92: 505s 56:45:5d:81:13:66:ca:b0:a3:29:24:d6:8a:0e:91:5e:c5:c7: 505s fc:a1:00:9d:c3:e4:43:ad:cf:85:2f:63:c6:1a:e1:f5:f5:dd: 505s 7b:07:18:4b:8a:82:32:d9:4d:c1:df:2d:98:0c:5d:0c:5b:1c: 505s 45:4a 505s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-vlpXTn/test-root-CA-trusted-certificate-0001.pem 505s + expected_md5=Modulus=D64C55FE3CF2B156E26978E2FEE834A098FCE49B93FAEDEBF91F642483CDF7B8FFD9EC78580D26280D0D0D7B920DA5323059C2DABC01DBDF64D6B1924F338CF3A7812AEBA413BE73EBC6F018CD29D9061DDC3C13AC2F1AFBDCBDB1DF15FB5D6FFB6FD27F56AB060F2A5A82C6B625E14D09E2A201117E812D8B3433E4D4B72F3B 505s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-vlpXTn/SSSD-child-25510.pem 505s + found_md5=Modulus=D64C55FE3CF2B156E26978E2FEE834A098FCE49B93FAEDEBF91F642483CDF7B8FFD9EC78580D26280D0D0D7B920DA5323059C2DABC01DBDF64D6B1924F338CF3A7812AEBA413BE73EBC6F018CD29D9061DDC3C13AC2F1AFBDCBDB1DF15FB5D6FFB6FD27F56AB060F2A5A82C6B625E14D09E2A201117E812D8B3433E4D4B72F3B 505s + '[' Modulus=D64C55FE3CF2B156E26978E2FEE834A098FCE49B93FAEDEBF91F642483CDF7B8FFD9EC78580D26280D0D0D7B920DA5323059C2DABC01DBDF64D6B1924F338CF3A7812AEBA413BE73EBC6F018CD29D9061DDC3C13AC2F1AFBDCBDB1DF15FB5D6FFB6FD27F56AB060F2A5A82C6B625E14D09E2A201117E812D8B3433E4D4B72F3B '!=' Modulus=D64C55FE3CF2B156E26978E2FEE834A098FCE49B93FAEDEBF91F642483CDF7B8FFD9EC78580D26280D0D0D7B920DA5323059C2DABC01DBDF64D6B1924F338CF3A7812AEBA413BE73EBC6F018CD29D9061DDC3C13AC2F1AFBDCBDB1DF15FB5D6FFB6FD27F56AB060F2A5A82C6B625E14D09E2A201117E812D8B3433E4D4B72F3B ']' 505s + output_file=/tmp/sssd-softhsm2-vlpXTn/SSSD-child-25510-auth.output 505s ++ basename /tmp/sssd-softhsm2-vlpXTn/SSSD-child-25510-auth.output .output 505s + output_cert_file=/tmp/sssd-softhsm2-vlpXTn/SSSD-child-25510-auth.pem 505s + echo -n 053350 505s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/dev/null --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 --verify=no_verification --token_name 'Test Organization Root Tr Token' --module_name /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so 505s [p11_child[2065]] [main] (0x0400): p11_child started. 505s [p11_child[2065]] [main] (0x2000): Running in [auth] mode. 505s [p11_child[2065]] [main] (0x2000): Running with effective IDs: [0][0]. 505s [p11_child[2065]] [main] (0x2000): Running with real IDs [0][0]. 505s [p11_child[2065]] [parse_cert_verify_opts] (0x0020): Found 'no_verification' option, disabling verification completely. This should not be used in production. 505s [p11_child[2065]] [do_card] (0x4000): Module List: 505s [p11_child[2065]] [do_card] (0x4000): common name: [softhsm2]. 505s [p11_child[2065]] [do_card] (0x4000): dll name: [/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 505s [p11_child[2065]] [do_card] (0x4000): Description [SoftHSM slot ID 0x371f4cf3] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 505s [p11_child[2065]] [do_card] (0x4000): Token label [Test Organization Root Tr Token]. 505s [p11_child[2065]] [do_card] (0x4000): Found [Test Organization Root Tr Token] in slot [SoftHSM slot ID 0x371f4cf3][924798195] of module [0][/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 505s [p11_child[2065]] [do_card] (0x4000): Login required. 505s [p11_child[2065]] [read_certs] (0x4000): found cert[Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] 505s [p11_child[2065]] [do_card] (0x4000): /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so Test Organization Root Tr Token Test Organization Root Tr Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 505s [p11_child[2065]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x371f4cf3;slot-manufacturer=SoftHSM%20project;slot-id=924798195;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=adb40941b71f4cf3;token=Test%20Organization%20Root%20Tr%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Root%20Trusted%20Certificate%200001;type=cert. 505s [p11_child[2065]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 505s [p11_child[2065]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 505s [p11_child[2065]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 505s [p11_child[2065]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 505s [p11_child[2065]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 505s [p11_child[2065]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 505s [p11_child[2065]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 505s [p11_child[2065]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 505s [p11_child[2065]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 505s [p11_child[2065]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 505s [p11_child[2065]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 505s [p11_child[2065]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 505s [p11_child[2065]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 505s [p11_child[2065]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 505s [p11_child[2065]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 505s [p11_child[2065]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 505s [p11_child[2065]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 505s [p11_child[2065]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 505s [p11_child[2065]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 505s [p11_child[2065]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 505s [p11_child[2065]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 505s [p11_child[2065]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 505s [p11_child[2065]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 505s [p11_child[2065]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 505s [p11_child[2065]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 505s [p11_child[2065]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 505s [p11_child[2065]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 505s [p11_child[2065]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 505s [p11_child[2065]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 505s [p11_child[2065]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 505s [p11_child[2065]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 505s [p11_child[2065]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 505s [p11_child[2065]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 505s [p11_child[2065]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 505s [p11_child[2065]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 505s [p11_child[2065]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 505s [p11_child[2065]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 505s [p11_child[2065]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 505s [p11_child[2065]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 505s [p11_child[2065]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 505s [p11_child[2065]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 505s [p11_child[2065]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 505s [p11_child[2065]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 505s [p11_child[2065]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 505s [p11_child[2065]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 505s [p11_child[2065]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 505s [p11_child[2065]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 505s [p11_child[2065]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 505s [p11_child[2065]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 505s [p11_child[2065]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 505s [p11_child[2065]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 505s [p11_child[2065]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 505s [p11_child[2065]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 505s [p11_child[2065]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 505s [p11_child[2065]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 505s [p11_child[2065]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 505s [p11_child[2065]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 505s [p11_child[2065]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 505s [p11_child[2065]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 505s [p11_child[2065]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 505s [p11_child[2065]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 505s [p11_child[2065]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 505s [p11_child[2065]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 505s [p11_child[2065]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 505s [p11_child[2065]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 505s [p11_child[2065]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 505s [p11_child[2065]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 505s [p11_child[2065]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 505s [p11_child[2065]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 505s [p11_child[2065]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 505s [p11_child[2065]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 505s [p11_child[2065]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 505s [p11_child[2065]] [do_card] (0x4000): Certificate verified and validated. 505s [p11_child[2065]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 505s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-vlpXTn/SSSD-child-25510-auth.output 505s + echo '-----BEGIN CERTIFICATE-----' 505s + tail -n1 /tmp/sssd-softhsm2-vlpXTn/SSSD-child-25510-auth.output 505s + echo '-----END CERTIFICATE-----' 505s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-vlpXTn/SSSD-child-25510-auth.pem 505s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-vlpXTn/SSSD-child-25510-auth.pem 505s Certificate: 505s Data: 505s Version: 3 (0x2) 505s Serial Number: 3 (0x3) 505s Signature Algorithm: sha256WithRSAEncryption 505s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root CA 505s Validity 505s Not Before: Mar 24 07:28:29 2024 GMT 505s Not After : Mar 24 07:28:29 2025 GMT 505s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root Trusted Certificate 0001 505s Subject Public Key Info: 505s Public Key Algorithm: rsaEncryption 505s Public-Key: (1024 bit) 505s Modulus: 505s 00:d6:4c:55:fe:3c:f2:b1:56:e2:69:78:e2:fe:e8: 505s 34:a0:98:fc:e4:9b:93:fa:ed:eb:f9:1f:64:24:83: 505s cd:f7:b8:ff:d9:ec:78:58:0d:26:28:0d:0d:0d:7b: 505s 92:0d:a5:32:30:59:c2:da:bc:01:db:df:64:d6:b1: 505s 92:4f:33:8c:f3:a7:81:2a:eb:a4:13:be:73:eb:c6: 505s f0:18:cd:29:d9:06:1d:dc:3c:13:ac:2f:1a:fb:dc: 505s bd:b1:df:15:fb:5d:6f:fb:6f:d2:7f:56:ab:06:0f: 505s 2a:5a:82:c6:b6:25:e1:4d:09:e2:a2:01:11:7e:81: 505s 2d:8b:34:33:e4:d4:b7:2f:3b 505s Exponent: 65537 (0x10001) 505s X509v3 extensions: 505s X509v3 Authority Key Identifier: 505s 49:66:8D:6C:A3:D2:34:7C:99:D9:2A:D4:A3:56:07:EB:23:A3:64:22 505s X509v3 Basic Constraints: 505s CA:FALSE 505s Netscape Cert Type: 505s SSL Client, S/MIME 505s Netscape Comment: 505s Test Organization Root CA trusted Certificate 505s X509v3 Subject Key Identifier: 505s 61:12:EF:79:42:32:FB:EC:CD:D2:27:04:1E:0F:3C:30:3D:7C:7D:4E 505s X509v3 Key Usage: critical 505s Digital Signature, Non Repudiation, Key Encipherment 505s X509v3 Extended Key Usage: 505s TLS Web Client Authentication, E-mail Protection 505s X509v3 Subject Alternative Name: 505s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 505s Signature Algorithm: sha256WithRSAEncryption 505s Signature Value: 505s 63:11:dc:bd:4e:70:5f:1a:d8:45:ba:57:4c:82:60:2c:77:54: 505s a2:87:3d:70:89:6b:c1:86:1d:ba:cd:ec:e6:e7:6a:20:7d:d0: 505s 5b:fe:a9:b4:e9:a2:90:18:18:e5:96:0c:21:d1:27:4c:cd:c5: 505s 1b:ec:79:95:85:14:5c:b2:1b:7a:0d:01:c8:bf:ed:a2:30:92: 505s 56:45:5d:81:13:66:ca:b0:a3:29:24:d6:8a:0e:91:5e:c5:c7: 505s fc:a1:00:9d:c3:e4:43:ad:cf:85:2f:63:c6:1a:e1:f5:f5:dd: 505s 7b:07:18:4b:8a:82:32:d9:4d:c1:df:2d:98:0c:5d:0c:5b:1c: 505s 45:4a 505s + found_md5=Modulus=D64C55FE3CF2B156E26978E2FEE834A098FCE49B93FAEDEBF91F642483CDF7B8FFD9EC78580D26280D0D0D7B920DA5323059C2DABC01DBDF64D6B1924F338CF3A7812AEBA413BE73EBC6F018CD29D9061DDC3C13AC2F1AFBDCBDB1DF15FB5D6FFB6FD27F56AB060F2A5A82C6B625E14D09E2A201117E812D8B3433E4D4B72F3B 505s + '[' Modulus=D64C55FE3CF2B156E26978E2FEE834A098FCE49B93FAEDEBF91F642483CDF7B8FFD9EC78580D26280D0D0D7B920DA5323059C2DABC01DBDF64D6B1924F338CF3A7812AEBA413BE73EBC6F018CD29D9061DDC3C13AC2F1AFBDCBDB1DF15FB5D6FFB6FD27F56AB060F2A5A82C6B625E14D09E2A201117E812D8B3433E4D4B72F3B '!=' Modulus=D64C55FE3CF2B156E26978E2FEE834A098FCE49B93FAEDEBF91F642483CDF7B8FFD9EC78580D26280D0D0D7B920DA5323059C2DABC01DBDF64D6B1924F338CF3A7812AEBA413BE73EBC6F018CD29D9061DDC3C13AC2F1AFBDCBDB1DF15FB5D6FFB6FD27F56AB060F2A5A82C6B625E14D09E2A201117E812D8B3433E4D4B72F3B ']' 505s + valid_certificate /tmp/sssd-softhsm2-vlpXTn/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-19912 /tmp/sssd-softhsm2-vlpXTn/test-root-CA.pem 505s + check_certificate /tmp/sssd-softhsm2-vlpXTn/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-19912 /tmp/sssd-softhsm2-vlpXTn/test-root-CA.pem 505s + local certificate=/tmp/sssd-softhsm2-vlpXTn/test-root-CA-trusted-certificate-0001.pem 505s + local key_pass=pass:random-root-ca-trusted-cert-0001-19912 505s + local key_ring=/tmp/sssd-softhsm2-vlpXTn/test-root-CA.pem 505s + local verify_option= 505s + prepare_softhsm2_card /tmp/sssd-softhsm2-vlpXTn/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-19912 505s + local certificate=/tmp/sssd-softhsm2-vlpXTn/test-root-CA-trusted-certificate-0001.pem 505s + local key_pass=pass:random-root-ca-trusted-cert-0001-19912 505s + local key_cn 505s + local key_name 505s + local tokens_dir 505s + local output_cert_file 505s + token_name= 505s ++ basename /tmp/sssd-softhsm2-vlpXTn/test-root-CA-trusted-certificate-0001.pem .pem 505s + key_name=test-root-CA-trusted-certificate-0001 505s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-vlpXTn/test-root-CA-trusted-certificate-0001.pem 505s ++ sed -n 's/ *commonName *= //p' 505s + key_cn='Test Organization Root Trusted Certificate 0001' 505s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 505s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-vlpXTn/softhsm2-test-root-CA-trusted-certificate-0001.conf 505s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-vlpXTn/softhsm2-test-root-CA-trusted-certificate-0001.conf 505s ++ basename /tmp/sssd-softhsm2-vlpXTn/softhsm2-test-root-CA-trusted-certificate-0001.conf .conf 505s + tokens_dir=/tmp/sssd-softhsm2-vlpXTn/softhsm2-test-root-CA-trusted-certificate-0001 505s + token_name='Test Organization Root Tr Token' 505s + '[' '!' -e /tmp/sssd-softhsm2-vlpXTn/softhsm2-test-root-CA-trusted-certificate-0001.conf ']' 505s + '[' '!' -d /tmp/sssd-softhsm2-vlpXTn/softhsm2-test-root-CA-trusted-certificate-0001 ']' 505s + echo 'Test Organization Root Tr Token' 505s + '[' -n '' ']' 505s Test Organization Root Tr Token 505s + local output_base_name=SSSD-child-26548 505s + local output_file=/tmp/sssd-softhsm2-vlpXTn/SSSD-child-26548.output 505s + output_cert_file=/tmp/sssd-softhsm2-vlpXTn/SSSD-child-26548.pem 505s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so '' --ca_db=/tmp/sssd-softhsm2-vlpXTn/test-root-CA.pem 505s [p11_child[2075]] [main] (0x0400): p11_child started. 505s [p11_child[2075]] [main] (0x2000): Running in [pre-auth] mode. 505s [p11_child[2075]] [main] (0x2000): Running with effective IDs: [0][0]. 505s [p11_child[2075]] [main] (0x2000): Running with real IDs [0][0]. 505s [p11_child[2075]] [do_card] (0x4000): Module List: 505s [p11_child[2075]] [do_card] (0x4000): common name: [softhsm2]. 505s [p11_child[2075]] [do_card] (0x4000): dll name: [/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 505s [p11_child[2075]] [do_card] (0x4000): Description [SoftHSM slot ID 0x371f4cf3] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 505s [p11_child[2075]] [do_card] (0x4000): Token label [Test Organization Root Tr Token]. 505s [p11_child[2075]] [do_card] (0x4000): Found [Test Organization Root Tr Token] in slot [SoftHSM slot ID 0x371f4cf3][924798195] of module [0][/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 505s [p11_child[2075]] [do_card] (0x4000): Login NOT required. 505s [p11_child[2075]] [read_certs] (0x4000): found cert[Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] 505s [p11_child[2075]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 505s [p11_child[2075]] [do_card] (0x4000): /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so (null) Test Organization Root Tr Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 505s [p11_child[2075]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x371f4cf3;slot-manufacturer=SoftHSM%20project;slot-id=924798195;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=adb40941b71f4cf3;token=Test%20Organization%20Root%20Tr%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Root%20Trusted%20Certificate%200001;type=cert. 505s [p11_child[2075]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 505s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-vlpXTn/SSSD-child-26548.output 505s + echo '-----BEGIN CERTIFICATE-----' 505s + tail -n1 /tmp/sssd-softhsm2-vlpXTn/SSSD-child-26548.output 505s + echo '-----END CERTIFICATE-----' 505s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-vlpXTn/SSSD-child-26548.pem 505s Certificate: 505s Data: 505s Version: 3 (0x2) 505s Serial Number: 3 (0x3) 505s Signature Algorithm: sha256WithRSAEncryption 505s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root CA 505s Validity 505s Not Before: Mar 24 07:28:29 2024 GMT 505s Not After : Mar 24 07:28:29 2025 GMT 505s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root Trusted Certificate 0001 505s Subject Public Key Info: 505s Public Key Algorithm: rsaEncryption 505s Public-Key: (1024 bit) 505s Modulus: 505s 00:d6:4c:55:fe:3c:f2:b1:56:e2:69:78:e2:fe:e8: 505s 34:a0:98:fc:e4:9b:93:fa:ed:eb:f9:1f:64:24:83: 505s cd:f7:b8:ff:d9:ec:78:58:0d:26:28:0d:0d:0d:7b: 505s 92:0d:a5:32:30:59:c2:da:bc:01:db:df:64:d6:b1: 505s 92:4f:33:8c:f3:a7:81:2a:eb:a4:13:be:73:eb:c6: 505s f0:18:cd:29:d9:06:1d:dc:3c:13:ac:2f:1a:fb:dc: 505s bd:b1:df:15:fb:5d:6f:fb:6f:d2:7f:56:ab:06:0f: 505s 2a:5a:82:c6:b6:25:e1:4d:09:e2:a2:01:11:7e:81: 505s 2d:8b:34:33:e4:d4:b7:2f:3b 505s Exponent: 65537 (0x10001) 505s X509v3 extensions: 505s X509v3 Authority Key Identifier: 505s 49:66:8D:6C:A3:D2:34:7C:99:D9:2A:D4:A3:56:07:EB:23:A3:64:22 505s X509v3 Basic Constraints: 505s CA:FALSE 505s Netscape Cert Type: 505s SSL Client, S/MIME 505s Netscape Comment: 505s Test Organization Root CA trusted Certificate 505s X509v3 Subject Key Identifier: 505s 61:12:EF:79:42:32:FB:EC:CD:D2:27:04:1E:0F:3C:30:3D:7C:7D:4E 505s X509v3 Key Usage: critical 505s Digital Signature, Non Repudiation, Key Encipherment 505s X509v3 Extended Key Usage: 505s TLS Web Client Authentication, E-mail Protection 505s X509v3 Subject Alternative Name: 505s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 505s Signature Algorithm: sha256WithRSAEncryption 505s Signature Value: 505s 63:11:dc:bd:4e:70:5f:1a:d8:45:ba:57:4c:82:60:2c:77:54: 505s a2:87:3d:70:89:6b:c1:86:1d:ba:cd:ec:e6:e7:6a:20:7d:d0: 505s 5b:fe:a9:b4:e9:a2:90:18:18:e5:96:0c:21:d1:27:4c:cd:c5: 505s 1b:ec:79:95:85:14:5c:b2:1b:7a:0d:01:c8:bf:ed:a2:30:92: 505s 56:45:5d:81:13:66:ca:b0:a3:29:24:d6:8a:0e:91:5e:c5:c7: 505s fc:a1:00:9d:c3:e4:43:ad:cf:85:2f:63:c6:1a:e1:f5:f5:dd: 505s 7b:07:18:4b:8a:82:32:d9:4d:c1:df:2d:98:0c:5d:0c:5b:1c: 505s 45:4a 505s + local found_md5 expected_md5 505s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-vlpXTn/test-root-CA-trusted-certificate-0001.pem 505s + expected_md5=Modulus=D64C55FE3CF2B156E26978E2FEE834A098FCE49B93FAEDEBF91F642483CDF7B8FFD9EC78580D26280D0D0D7B920DA5323059C2DABC01DBDF64D6B1924F338CF3A7812AEBA413BE73EBC6F018CD29D9061DDC3C13AC2F1AFBDCBDB1DF15FB5D6FFB6FD27F56AB060F2A5A82C6B625E14D09E2A201117E812D8B3433E4D4B72F3B 505s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-vlpXTn/SSSD-child-26548.pem 505s + found_md5=Modulus=D64C55FE3CF2B156E26978E2FEE834A098FCE49B93FAEDEBF91F642483CDF7B8FFD9EC78580D26280D0D0D7B920DA5323059C2DABC01DBDF64D6B1924F338CF3A7812AEBA413BE73EBC6F018CD29D9061DDC3C13AC2F1AFBDCBDB1DF15FB5D6FFB6FD27F56AB060F2A5A82C6B625E14D09E2A201117E812D8B3433E4D4B72F3B 505s + '[' Modulus=D64C55FE3CF2B156E26978E2FEE834A098FCE49B93FAEDEBF91F642483CDF7B8FFD9EC78580D26280D0D0D7B920DA5323059C2DABC01DBDF64D6B1924F338CF3A7812AEBA413BE73EBC6F018CD29D9061DDC3C13AC2F1AFBDCBDB1DF15FB5D6FFB6FD27F56AB060F2A5A82C6B625E14D09E2A201117E812D8B3433E4D4B72F3B '!=' Modulus=D64C55FE3CF2B156E26978E2FEE834A098FCE49B93FAEDEBF91F642483CDF7B8FFD9EC78580D26280D0D0D7B920DA5323059C2DABC01DBDF64D6B1924F338CF3A7812AEBA413BE73EBC6F018CD29D9061DDC3C13AC2F1AFBDCBDB1DF15FB5D6FFB6FD27F56AB060F2A5A82C6B625E14D09E2A201117E812D8B3433E4D4B72F3B ']' 505s + output_file=/tmp/sssd-softhsm2-vlpXTn/SSSD-child-26548-auth.output 505s ++ basename /tmp/sssd-softhsm2-vlpXTn/SSSD-child-26548-auth.output .output 505s + output_cert_file=/tmp/sssd-softhsm2-vlpXTn/SSSD-child-26548-auth.pem 505s + echo -n 053350 505s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/tmp/sssd-softhsm2-vlpXTn/test-root-CA.pem --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 '' --token_name 'Test Organization Root Tr Token' --module_name /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so 505s [p11_child[2083]] [main] (0x0400): p11_child started. 505s [p11_child[2083]] [main] (0x2000): Running in [auth] mode. 505s [p11_child[2083]] [main] (0x2000): Running with effective IDs: [0][0]. 505s [p11_child[2083]] [main] (0x2000): Running with real IDs [0][0]. 505s [p11_child[2083]] [do_card] (0x4000): Module List: 505s [p11_child[2083]] [do_card] (0x4000): common name: [softhsm2]. 505s [p11_child[2083]] [do_card] (0x4000): dll name: [/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 505s [p11_child[2083]] [do_card] (0x4000): Description [SoftHSM slot ID 0x371f4cf3] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 505s [p11_child[2083]] [do_card] (0x4000): Token label [Test Organization Root Tr Token]. 505s [p11_child[2083]] [do_card] (0x4000): Found [Test Organization Root Tr Token] in slot [SoftHSM slot ID 0x371f4cf3][924798195] of module [0][/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 505s [p11_child[2083]] [do_card] (0x4000): Login required. 505s [p11_child[2083]] [read_certs] (0x4000): found cert[Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] 505s [p11_child[2083]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 505s [p11_child[2083]] [do_card] (0x4000): /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so Test Organization Root Tr Token Test Organization Root Tr Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 505s [p11_child[2083]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x371f4cf3;slot-manufacturer=SoftHSM%20project;slot-id=924798195;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=adb40941b71f4cf3;token=Test%20Organization%20Root%20Tr%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Root%20Trusted%20Certificate%200001;type=cert. 505s [p11_child[2083]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 505s [p11_child[2083]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 505s [p11_child[2083]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 505s [p11_child[2083]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 505s [p11_child[2083]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 505s [p11_child[2083]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 505s [p11_child[2083]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 505s [p11_child[2083]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 505s [p11_child[2083]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 505s [p11_child[2083]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 505s [p11_child[2083]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 505s [p11_child[2083]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 505s [p11_child[2083]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 505s [p11_child[2083]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 505s [p11_child[2083]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 505s [p11_child[2083]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 505s [p11_child[2083]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 505s [p11_child[2083]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 505s [p11_child[2083]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 505s [p11_child[2083]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 505s [p11_child[2083]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 505s [p11_child[2083]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 505s [p11_child[2083]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 505s [p11_child[2083]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 505s [p11_child[2083]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 505s [p11_child[2083]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 505s [p11_child[2083]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 505s [p11_child[2083]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 505s [p11_child[2083]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 505s [p11_child[2083]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 505s [p11_child[2083]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 505s [p11_child[2083]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 505s [p11_child[2083]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 505s [p11_child[2083]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 505s [p11_child[2083]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 505s [p11_child[2083]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 505s [p11_child[2083]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 505s [p11_child[2083]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 505s [p11_child[2083]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 505s [p11_child[2083]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 505s [p11_child[2083]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 505s [p11_child[2083]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 505s [p11_child[2083]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 505s [p11_child[2083]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 505s [p11_child[2083]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 505s [p11_child[2083]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 505s [p11_child[2083]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 505s [p11_child[2083]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 505s [p11_child[2083]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 505s [p11_child[2083]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 505s [p11_child[2083]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 505s [p11_child[2083]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 505s [p11_child[2083]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 505s [p11_child[2083]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 505s [p11_child[2083]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 505s [p11_child[2083]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 505s [p11_child[2083]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 505s [p11_child[2083]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 505s [p11_child[2083]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 505s [p11_child[2083]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 505s [p11_child[2083]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 505s [p11_child[2083]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 505s [p11_child[2083]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 505s [p11_child[2083]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 505s [p11_child[2083]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 505s [p11_child[2083]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 505s [p11_child[2083]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 505s [p11_child[2083]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 505s [p11_child[2083]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 505s [p11_child[2083]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 505s [p11_child[2083]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 505s [p11_child[2083]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 505s [p11_child[2083]] [do_card] (0x4000): Certificate verified and validated. 505s [p11_child[2083]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 505s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-vlpXTn/SSSD-child-26548-auth.output 505s + echo '-----BEGIN CERTIFICATE-----' 505s + tail -n1 /tmp/sssd-softhsm2-vlpXTn/SSSD-child-26548-auth.output 505s + echo '-----END CERTIFICATE-----' 505s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-vlpXTn/SSSD-child-26548-auth.pem 505s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-vlpXTn/SSSD-child-26548-auth.pem 505s Certificate: 505s Data: 505s Version: 3 (0x2) 505s Serial Number: 3 (0x3) 505s Signature Algorithm: sha256WithRSAEncryption 505s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root CA 505s Validity 505s Not Before: Mar 24 07:28:29 2024 GMT 505s Not After : Mar 24 07:28:29 2025 GMT 505s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root Trusted Certificate 0001 505s Subject Public Key Info: 505s Public Key Algorithm: rsaEncryption 505s Public-Key: (1024 bit) 505s Modulus: 505s 00:d6:4c:55:fe:3c:f2:b1:56:e2:69:78:e2:fe:e8: 505s 34:a0:98:fc:e4:9b:93:fa:ed:eb:f9:1f:64:24:83: 505s cd:f7:b8:ff:d9:ec:78:58:0d:26:28:0d:0d:0d:7b: 505s 92:0d:a5:32:30:59:c2:da:bc:01:db:df:64:d6:b1: 505s 92:4f:33:8c:f3:a7:81:2a:eb:a4:13:be:73:eb:c6: 505s f0:18:cd:29:d9:06:1d:dc:3c:13:ac:2f:1a:fb:dc: 505s bd:b1:df:15:fb:5d:6f:fb:6f:d2:7f:56:ab:06:0f: 505s 2a:5a:82:c6:b6:25:e1:4d:09:e2:a2:01:11:7e:81: 505s 2d:8b:34:33:e4:d4:b7:2f:3b 505s Exponent: 65537 (0x10001) 505s X509v3 extensions: 505s X509v3 Authority Key Identifier: 505s 49:66:8D:6C:A3:D2:34:7C:99:D9:2A:D4:A3:56:07:EB:23:A3:64:22 505s X509v3 Basic Constraints: 505s CA:FALSE 505s Netscape Cert Type: 505s SSL Client, S/MIME 505s Netscape Comment: 505s Test Organization Root CA trusted Certificate 505s X509v3 Subject Key Identifier: 505s 61:12:EF:79:42:32:FB:EC:CD:D2:27:04:1E:0F:3C:30:3D:7C:7D:4E 505s X509v3 Key Usage: critical 505s Digital Signature, Non Repudiation, Key Encipherment 505s X509v3 Extended Key Usage: 505s TLS Web Client Authentication, E-mail Protection 505s X509v3 Subject Alternative Name: 505s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 505s Signature Algorithm: sha256WithRSAEncryption 505s Signature Value: 505s 63:11:dc:bd:4e:70:5f:1a:d8:45:ba:57:4c:82:60:2c:77:54: 505s a2:87:3d:70:89:6b:c1:86:1d:ba:cd:ec:e6:e7:6a:20:7d:d0: 505s 5b:fe:a9:b4:e9:a2:90:18:18:e5:96:0c:21:d1:27:4c:cd:c5: 505s 1b:ec:79:95:85:14:5c:b2:1b:7a:0d:01:c8:bf:ed:a2:30:92: 505s 56:45:5d:81:13:66:ca:b0:a3:29:24:d6:8a:0e:91:5e:c5:c7: 505s fc:a1:00:9d:c3:e4:43:ad:cf:85:2f:63:c6:1a:e1:f5:f5:dd: 505s 7b:07:18:4b:8a:82:32:d9:4d:c1:df:2d:98:0c:5d:0c:5b:1c: 505s 45:4a 505s + found_md5=Modulus=D64C55FE3CF2B156E26978E2FEE834A098FCE49B93FAEDEBF91F642483CDF7B8FFD9EC78580D26280D0D0D7B920DA5323059C2DABC01DBDF64D6B1924F338CF3A7812AEBA413BE73EBC6F018CD29D9061DDC3C13AC2F1AFBDCBDB1DF15FB5D6FFB6FD27F56AB060F2A5A82C6B625E14D09E2A201117E812D8B3433E4D4B72F3B 505s + '[' Modulus=D64C55FE3CF2B156E26978E2FEE834A098FCE49B93FAEDEBF91F642483CDF7B8FFD9EC78580D26280D0D0D7B920DA5323059C2DABC01DBDF64D6B1924F338CF3A7812AEBA413BE73EBC6F018CD29D9061DDC3C13AC2F1AFBDCBDB1DF15FB5D6FFB6FD27F56AB060F2A5A82C6B625E14D09E2A201117E812D8B3433E4D4B72F3B '!=' Modulus=D64C55FE3CF2B156E26978E2FEE834A098FCE49B93FAEDEBF91F642483CDF7B8FFD9EC78580D26280D0D0D7B920DA5323059C2DABC01DBDF64D6B1924F338CF3A7812AEBA413BE73EBC6F018CD29D9061DDC3C13AC2F1AFBDCBDB1DF15FB5D6FFB6FD27F56AB060F2A5A82C6B625E14D09E2A201117E812D8B3433E4D4B72F3B ']' 505s + valid_certificate /tmp/sssd-softhsm2-vlpXTn/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-19912 /tmp/sssd-softhsm2-vlpXTn/test-root-CA.pem partial_chain 505s + check_certificate /tmp/sssd-softhsm2-vlpXTn/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-19912 /tmp/sssd-softhsm2-vlpXTn/test-root-CA.pem partial_chain 505s + local certificate=/tmp/sssd-softhsm2-vlpXTn/test-root-CA-trusted-certificate-0001.pem 505s + local key_pass=pass:random-root-ca-trusted-cert-0001-19912 505s + local key_ring=/tmp/sssd-softhsm2-vlpXTn/test-root-CA.pem 505s + local verify_option=partial_chain 505s + prepare_softhsm2_card /tmp/sssd-softhsm2-vlpXTn/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-19912 505s + local certificate=/tmp/sssd-softhsm2-vlpXTn/test-root-CA-trusted-certificate-0001.pem 505s + local key_pass=pass:random-root-ca-trusted-cert-0001-19912 505s + local key_cn 505s + local key_name 505s + local tokens_dir 505s + local output_cert_file 505s + token_name= 505s ++ basename /tmp/sssd-softhsm2-vlpXTn/test-root-CA-trusted-certificate-0001.pem .pem 505s + key_name=test-root-CA-trusted-certificate-0001 505s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-vlpXTn/test-root-CA-trusted-certificate-0001.pem 505s ++ sed -n 's/ *commonName *= //p' 505s Test Organization Root Tr Token 505s + key_cn='Test Organization Root Trusted Certificate 0001' 505s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 505s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-vlpXTn/softhsm2-test-root-CA-trusted-certificate-0001.conf 505s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-vlpXTn/softhsm2-test-root-CA-trusted-certificate-0001.conf 505s ++ basename /tmp/sssd-softhsm2-vlpXTn/softhsm2-test-root-CA-trusted-certificate-0001.conf .conf 505s + tokens_dir=/tmp/sssd-softhsm2-vlpXTn/softhsm2-test-root-CA-trusted-certificate-0001 505s + token_name='Test Organization Root Tr Token' 505s + '[' '!' -e /tmp/sssd-softhsm2-vlpXTn/softhsm2-test-root-CA-trusted-certificate-0001.conf ']' 505s + '[' '!' -d /tmp/sssd-softhsm2-vlpXTn/softhsm2-test-root-CA-trusted-certificate-0001 ']' 505s + echo 'Test Organization Root Tr Token' 505s + '[' -n partial_chain ']' 505s + local verify_arg=--verify=partial_chain 505s + local output_base_name=SSSD-child-18841 505s + local output_file=/tmp/sssd-softhsm2-vlpXTn/SSSD-child-18841.output 505s + output_cert_file=/tmp/sssd-softhsm2-vlpXTn/SSSD-child-18841.pem 505s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so --verify=partial_chain --ca_db=/tmp/sssd-softhsm2-vlpXTn/test-root-CA.pem 505s [p11_child[2093]] [main] (0x0400): p11_child started. 505s [p11_child[2093]] [main] (0x2000): Running in [pre-auth] mode. 505s [p11_child[2093]] [main] (0x2000): Running with effective IDs: [0][0]. 505s [p11_child[2093]] [main] (0x2000): Running with real IDs [0][0]. 505s [p11_child[2093]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 505s [p11_child[2093]] [do_card] (0x4000): Module List: 505s [p11_child[2093]] [do_card] (0x4000): common name: [softhsm2]. 505s [p11_child[2093]] [do_card] (0x4000): dll name: [/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 505s [p11_child[2093]] [do_card] (0x4000): Description [SoftHSM slot ID 0x371f4cf3] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 505s [p11_child[2093]] [do_card] (0x4000): Token label [Test Organization Root Tr Token]. 505s [p11_child[2093]] [do_card] (0x4000): Found [Test Organization Root Tr Token] in slot [SoftHSM slot ID 0x371f4cf3][924798195] of module [0][/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 505s [p11_child[2093]] [do_card] (0x4000): Login NOT required. 505s [p11_child[2093]] [read_certs] (0x4000): found cert[Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] 505s [p11_child[2093]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 505s [p11_child[2093]] [do_card] (0x4000): /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so (null) Test Organization Root Tr Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 505s [p11_child[2093]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x371f4cf3;slot-manufacturer=SoftHSM%20project;slot-id=924798195;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=adb40941b71f4cf3;token=Test%20Organization%20Root%20Tr%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Root%20Trusted%20Certificate%200001;type=cert. 505s [p11_child[2093]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 505s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-vlpXTn/SSSD-child-18841.output 505s + echo '-----BEGIN CERTIFICATE-----' 505s + tail -n1 /tmp/sssd-softhsm2-vlpXTn/SSSD-child-18841.output 505s + echo '-----END CERTIFICATE-----' 505s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-vlpXTn/SSSD-child-18841.pem 505s Certificate: 505s Data: 505s Version: 3 (0x2) 505s Serial Number: 3 (0x3) 505s Signature Algorithm: sha256WithRSAEncryption 505s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root CA 505s Validity 505s Not Before: Mar 24 07:28:29 2024 GMT 505s Not After : Mar 24 07:28:29 2025 GMT 505s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root Trusted Certificate 0001 505s Subject Public Key Info: 505s Public Key Algorithm: rsaEncryption 505s Public-Key: (1024 bit) 505s Modulus: 505s 00:d6:4c:55:fe:3c:f2:b1:56:e2:69:78:e2:fe:e8: 505s 34:a0:98:fc:e4:9b:93:fa:ed:eb:f9:1f:64:24:83: 505s cd:f7:b8:ff:d9:ec:78:58:0d:26:28:0d:0d:0d:7b: 505s 92:0d:a5:32:30:59:c2:da:bc:01:db:df:64:d6:b1: 505s 92:4f:33:8c:f3:a7:81:2a:eb:a4:13:be:73:eb:c6: 505s f0:18:cd:29:d9:06:1d:dc:3c:13:ac:2f:1a:fb:dc: 505s bd:b1:df:15:fb:5d:6f:fb:6f:d2:7f:56:ab:06:0f: 505s 2a:5a:82:c6:b6:25:e1:4d:09:e2:a2:01:11:7e:81: 505s 2d:8b:34:33:e4:d4:b7:2f:3b 505s Exponent: 65537 (0x10001) 505s X509v3 extensions: 505s X509v3 Authority Key Identifier: 505s 49:66:8D:6C:A3:D2:34:7C:99:D9:2A:D4:A3:56:07:EB:23:A3:64:22 505s X509v3 Basic Constraints: 505s CA:FALSE 505s Netscape Cert Type: 505s SSL Client, S/MIME 505s Netscape Comment: 505s Test Organization Root CA trusted Certificate 505s X509v3 Subject Key Identifier: 505s 61:12:EF:79:42:32:FB:EC:CD:D2:27:04:1E:0F:3C:30:3D:7C:7D:4E 505s X509v3 Key Usage: critical 505s Digital Signature, Non Repudiation, Key Encipherment 505s X509v3 Extended Key Usage: 505s TLS Web Client Authentication, E-mail Protection 505s X509v3 Subject Alternative Name: 505s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 505s Signature Algorithm: sha256WithRSAEncryption 505s Signature Value: 505s 63:11:dc:bd:4e:70:5f:1a:d8:45:ba:57:4c:82:60:2c:77:54: 505s a2:87:3d:70:89:6b:c1:86:1d:ba:cd:ec:e6:e7:6a:20:7d:d0: 505s 5b:fe:a9:b4:e9:a2:90:18:18:e5:96:0c:21:d1:27:4c:cd:c5: 505s 1b:ec:79:95:85:14:5c:b2:1b:7a:0d:01:c8:bf:ed:a2:30:92: 505s 56:45:5d:81:13:66:ca:b0:a3:29:24:d6:8a:0e:91:5e:c5:c7: 505s fc:a1:00:9d:c3:e4:43:ad:cf:85:2f:63:c6:1a:e1:f5:f5:dd: 505s 7b:07:18:4b:8a:82:32:d9:4d:c1:df:2d:98:0c:5d:0c:5b:1c: 505s 45:4a 505s + local found_md5 expected_md5 505s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-vlpXTn/test-root-CA-trusted-certificate-0001.pem 505s + expected_md5=Modulus=D64C55FE3CF2B156E26978E2FEE834A098FCE49B93FAEDEBF91F642483CDF7B8FFD9EC78580D26280D0D0D7B920DA5323059C2DABC01DBDF64D6B1924F338CF3A7812AEBA413BE73EBC6F018CD29D9061DDC3C13AC2F1AFBDCBDB1DF15FB5D6FFB6FD27F56AB060F2A5A82C6B625E14D09E2A201117E812D8B3433E4D4B72F3B 505s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-vlpXTn/SSSD-child-18841.pem 505s + found_md5=Modulus=D64C55FE3CF2B156E26978E2FEE834A098FCE49B93FAEDEBF91F642483CDF7B8FFD9EC78580D26280D0D0D7B920DA5323059C2DABC01DBDF64D6B1924F338CF3A7812AEBA413BE73EBC6F018CD29D9061DDC3C13AC2F1AFBDCBDB1DF15FB5D6FFB6FD27F56AB060F2A5A82C6B625E14D09E2A201117E812D8B3433E4D4B72F3B 505s + '[' Modulus=D64C55FE3CF2B156E26978E2FEE834A098FCE49B93FAEDEBF91F642483CDF7B8FFD9EC78580D26280D0D0D7B920DA5323059C2DABC01DBDF64D6B1924F338CF3A7812AEBA413BE73EBC6F018CD29D9061DDC3C13AC2F1AFBDCBDB1DF15FB5D6FFB6FD27F56AB060F2A5A82C6B625E14D09E2A201117E812D8B3433E4D4B72F3B '!=' Modulus=D64C55FE3CF2B156E26978E2FEE834A098FCE49B93FAEDEBF91F642483CDF7B8FFD9EC78580D26280D0D0D7B920DA5323059C2DABC01DBDF64D6B1924F338CF3A7812AEBA413BE73EBC6F018CD29D9061DDC3C13AC2F1AFBDCBDB1DF15FB5D6FFB6FD27F56AB060F2A5A82C6B625E14D09E2A201117E812D8B3433E4D4B72F3B ']' 505s + output_file=/tmp/sssd-softhsm2-vlpXTn/SSSD-child-18841-auth.output 505s ++ basename /tmp/sssd-softhsm2-vlpXTn/SSSD-child-18841-auth.output .output 505s + output_cert_file=/tmp/sssd-softhsm2-vlpXTn/SSSD-child-18841-auth.pem 505s + echo -n 053350 505s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/tmp/sssd-softhsm2-vlpXTn/test-root-CA.pem --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 --verify=partial_chain --token_name 'Test Organization Root Tr Token' --module_name /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so 505s [p11_child[2101]] [main] (0x0400): p11_child started. 505s [p11_child[2101]] [main] (0x2000): Running in [auth] mode. 505s [p11_child[2101]] [main] (0x2000): Running with effective IDs: [0][0]. 505s [p11_child[2101]] [main] (0x2000): Running with real IDs [0][0]. 505s [p11_child[2101]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 505s [p11_child[2101]] [do_card] (0x4000): Module List: 505s [p11_child[2101]] [do_card] (0x4000): common name: [softhsm2]. 505s [p11_child[2101]] [do_card] (0x4000): dll name: [/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 505s [p11_child[2101]] [do_card] (0x4000): Description [SoftHSM slot ID 0x371f4cf3] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 505s [p11_child[2101]] [do_card] (0x4000): Token label [Test Organization Root Tr Token]. 505s [p11_child[2101]] [do_card] (0x4000): Found [Test Organization Root Tr Token] in slot [SoftHSM slot ID 0x371f4cf3][924798195] of module [0][/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 505s [p11_child[2101]] [do_card] (0x4000): Login required. 505s [p11_child[2101]] [read_certs] (0x4000): found cert[Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] 505s [p11_child[2101]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 505s [p11_child[2101]] [do_card] (0x4000): /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so Test Organization Root Tr Token Test Organization Root Tr Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 505s [p11_child[2101]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x371f4cf3;slot-manufacturer=SoftHSM%20project;slot-id=924798195;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=adb40941b71f4cf3;token=Test%20Organization%20Root%20Tr%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Root%20Trusted%20Certificate%200001;type=cert. 505s [p11_child[2101]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 505s [p11_child[2101]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 505s [p11_child[2101]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 505s [p11_child[2101]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 505s [p11_child[2101]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 505s [p11_child[2101]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 505s [p11_child[2101]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 505s [p11_child[2101]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 505s [p11_child[2101]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 505s [p11_child[2101]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 505s [p11_child[2101]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 505s [p11_child[2101]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 505s [p11_child[2101]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 505s [p11_child[2101]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 505s [p11_child[2101]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 505s [p11_child[2101]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 505s [p11_child[2101]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 505s [p11_child[2101]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 505s [p11_child[2101]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 505s [p11_child[2101]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 505s [p11_child[2101]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 505s [p11_child[2101]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 505s [p11_child[2101]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 505s [p11_child[2101]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 505s [p11_child[2101]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 505s [p11_child[2101]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 505s [p11_child[2101]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 505s [p11_child[2101]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 505s [p11_child[2101]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 505s [p11_child[2101]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 505s [p11_child[2101]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 505s [p11_child[2101]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 505s [p11_child[2101]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 505s [p11_child[2101]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 505s [p11_child[2101]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 505s [p11_child[2101]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 505s [p11_child[2101]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 505s [p11_child[2101]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 505s [p11_child[2101]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 505s [p11_child[2101]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 505s [p11_child[2101]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 505s [p11_child[2101]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 505s [p11_child[2101]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 505s [p11_child[2101]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 505s [p11_child[2101]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 505s [p11_child[2101]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 505s [p11_child[2101]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 505s [p11_child[2101]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 505s [p11_child[2101]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 505s [p11_child[2101]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 505s [p11_child[2101]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 505s [p11_child[2101]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 505s [p11_child[2101]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 505s [p11_child[2101]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 505s [p11_child[2101]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 505s [p11_child[2101]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 505s [p11_child[2101]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 505s [p11_child[2101]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 505s [p11_child[2101]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 505s [p11_child[2101]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 505s [p11_child[2101]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 505s [p11_child[2101]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 505s [p11_child[2101]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 505s [p11_child[2101]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 505s [p11_child[2101]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 505s [p11_child[2101]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 505s [p11_child[2101]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 505s [p11_child[2101]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 505s [p11_child[2101]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 505s [p11_child[2101]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 505s [p11_child[2101]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 505s [p11_child[2101]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 505s [p11_child[2101]] [do_card] (0x4000): Certificate verified and validated. 505s [p11_child[2101]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 505s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-vlpXTn/SSSD-child-18841-auth.output 505s + echo '-----BEGIN CERTIFICATE-----' 505s + tail -n1 /tmp/sssd-softhsm2-vlpXTn/SSSD-child-18841-auth.output 505s + echo '-----END CERTIFICATE-----' 505s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-vlpXTn/SSSD-child-18841-auth.pem 505s Certificate: 505s Data: 505s Version: 3 (0x2) 505s Serial Number: 3 (0x3) 505s Signature Algorithm: sha256WithRSAEncryption 505s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root CA 505s Validity 505s Not Before: Mar 24 07:28:29 2024 GMT 505s Not After : Mar 24 07:28:29 2025 GMT 505s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root Trusted Certificate 0001 505s Subject Public Key Info: 505s Public Key Algorithm: rsaEncryption 505s Public-Key: (1024 bit) 505s Modulus: 505s 00:d6:4c:55:fe:3c:f2:b1:56:e2:69:78:e2:fe:e8: 505s 34:a0:98:fc:e4:9b:93:fa:ed:eb:f9:1f:64:24:83: 505s cd:f7:b8:ff:d9:ec:78:58:0d:26:28:0d:0d:0d:7b: 505s 92:0d:a5:32:30:59:c2:da:bc:01:db:df:64:d6:b1: 505s 92:4f:33:8c:f3:a7:81:2a:eb:a4:13:be:73:eb:c6: 505s f0:18:cd:29:d9:06:1d:dc:3c:13:ac:2f:1a:fb:dc: 505s bd:b1:df:15:fb:5d:6f:fb:6f:d2:7f:56:ab:06:0f: 505s 2a:5a:82:c6:b6:25:e1:4d:09:e2:a2:01:11:7e:81: 505s 2d:8b:34:33:e4:d4:b7:2f:3b 505s Exponent: 65537 (0x10001) 505s X509v3 extensions: 505s X509v3 Authority Key Identifier: 505s 49:66:8D:6C:A3:D2:34:7C:99:D9:2A:D4:A3:56:07:EB:23:A3:64:22 505s X509v3 Basic Constraints: 505s CA:FALSE 505s Netscape Cert Type: 505s SSL Client, S/MIME 505s Netscape Comment: 505s Test Organization Root CA trusted Certificate 505s X509v3 Subject Key Identifier: 505s 61:12:EF:79:42:32:FB:EC:CD:D2:27:04:1E:0F:3C:30:3D:7C:7D:4E 505s X509v3 Key Usage: critical 505s Digital Signature, Non Repudiation, Key Encipherment 505s X509v3 Extended Key Usage: 505s TLS Web Client Authentication, E-mail Protection 505s X509v3 Subject Alternative Name: 505s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 505s Signature Algorithm: sha256WithRSAEncryption 505s Signature Value: 505s 63:11:dc:bd:4e:70:5f:1a:d8:45:ba:57:4c:82:60:2c:77:54: 505s a2:87:3d:70:89:6b:c1:86:1d:ba:cd:ec:e6:e7:6a:20:7d:d0: 505s 5b:fe:a9:b4:e9:a2:90:18:18:e5:96:0c:21:d1:27:4c:cd:c5: 505s 1b:ec:79:95:85:14:5c:b2:1b:7a:0d:01:c8:bf:ed:a2:30:92: 505s 56:45:5d:81:13:66:ca:b0:a3:29:24:d6:8a:0e:91:5e:c5:c7: 505s fc:a1:00:9d:c3:e4:43:ad:cf:85:2f:63:c6:1a:e1:f5:f5:dd: 505s 7b:07:18:4b:8a:82:32:d9:4d:c1:df:2d:98:0c:5d:0c:5b:1c: 505s 45:4a 505s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-vlpXTn/SSSD-child-18841-auth.pem 505s + found_md5=Modulus=D64C55FE3CF2B156E26978E2FEE834A098FCE49B93FAEDEBF91F642483CDF7B8FFD9EC78580D26280D0D0D7B920DA5323059C2DABC01DBDF64D6B1924F338CF3A7812AEBA413BE73EBC6F018CD29D9061DDC3C13AC2F1AFBDCBDB1DF15FB5D6FFB6FD27F56AB060F2A5A82C6B625E14D09E2A201117E812D8B3433E4D4B72F3B 505s + '[' Modulus=D64C55FE3CF2B156E26978E2FEE834A098FCE49B93FAEDEBF91F642483CDF7B8FFD9EC78580D26280D0D0D7B920DA5323059C2DABC01DBDF64D6B1924F338CF3A7812AEBA413BE73EBC6F018CD29D9061DDC3C13AC2F1AFBDCBDB1DF15FB5D6FFB6FD27F56AB060F2A5A82C6B625E14D09E2A201117E812D8B3433E4D4B72F3B '!=' Modulus=D64C55FE3CF2B156E26978E2FEE834A098FCE49B93FAEDEBF91F642483CDF7B8FFD9EC78580D26280D0D0D7B920DA5323059C2DABC01DBDF64D6B1924F338CF3A7812AEBA413BE73EBC6F018CD29D9061DDC3C13AC2F1AFBDCBDB1DF15FB5D6FFB6FD27F56AB060F2A5A82C6B625E14D09E2A201117E812D8B3433E4D4B72F3B ']' 505s + valid_certificate /tmp/sssd-softhsm2-vlpXTn/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-19912 /tmp/sssd-softhsm2-vlpXTn/test-full-chain-CA.pem 505s + check_certificate /tmp/sssd-softhsm2-vlpXTn/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-19912 /tmp/sssd-softhsm2-vlpXTn/test-full-chain-CA.pem 505s + local certificate=/tmp/sssd-softhsm2-vlpXTn/test-root-CA-trusted-certificate-0001.pem 505s + local key_pass=pass:random-root-ca-trusted-cert-0001-19912 505s + local key_ring=/tmp/sssd-softhsm2-vlpXTn/test-full-chain-CA.pem 505s + local verify_option= 505s + prepare_softhsm2_card /tmp/sssd-softhsm2-vlpXTn/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-19912 505s + local certificate=/tmp/sssd-softhsm2-vlpXTn/test-root-CA-trusted-certificate-0001.pem 505s + local key_pass=pass:random-root-ca-trusted-cert-0001-19912 505s + local key_cn 505s + local key_name 505s + local tokens_dir 505s + local output_cert_file 505s + token_name= 505s ++ basename /tmp/sssd-softhsm2-vlpXTn/test-root-CA-trusted-certificate-0001.pem .pem 505s + key_name=test-root-CA-trusted-certificate-0001 505s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-vlpXTn/test-root-CA-trusted-certificate-0001.pem 505s ++ sed -n 's/ *commonName *= //p' 505s + key_cn='Test Organization Root Trusted Certificate 0001' 505s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 505s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-vlpXTn/softhsm2-test-root-CA-trusted-certificate-0001.conf 505s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-vlpXTn/softhsm2-test-root-CA-trusted-certificate-0001.conf 505s ++ basename /tmp/sssd-softhsm2-vlpXTn/softhsm2-test-root-CA-trusted-certificate-0001.conf .conf 505s + tokens_dir=/tmp/sssd-softhsm2-vlpXTn/softhsm2-test-root-CA-trusted-certificate-0001 505s + token_name='Test Organization Root Tr Token' 505s + '[' '!' -e /tmp/sssd-softhsm2-vlpXTn/softhsm2-test-root-CA-trusted-certificate-0001.conf ']' 505s + '[' '!' -d /tmp/sssd-softhsm2-vlpXTn/softhsm2-test-root-CA-trusted-certificate-0001 ']' 505s + echo 'Test Organization Root Tr Token' 505s Test Organization Root Tr Token 505s + '[' -n '' ']' 505s + local output_base_name=SSSD-child-24096 505s + local output_file=/tmp/sssd-softhsm2-vlpXTn/SSSD-child-24096.output 505s + output_cert_file=/tmp/sssd-softhsm2-vlpXTn/SSSD-child-24096.pem 505s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so '' --ca_db=/tmp/sssd-softhsm2-vlpXTn/test-full-chain-CA.pem 505s [p11_child[2111]] [main] (0x0400): p11_child started. 505s [p11_child[2111]] [main] (0x2000): Running in [pre-auth] mode. 505s [p11_child[2111]] [main] (0x2000): Running with effective IDs: [0][0]. 505s [p11_child[2111]] [main] (0x2000): Running with real IDs [0][0]. 505s [p11_child[2111]] [do_card] (0x4000): Module List: 505s [p11_child[2111]] [do_card] (0x4000): common name: [softhsm2]. 505s [p11_child[2111]] [do_card] (0x4000): dll name: [/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 505s [p11_child[2111]] [do_card] (0x4000): Description [SoftHSM slot ID 0x371f4cf3] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 505s [p11_child[2111]] [do_card] (0x4000): Token label [Test Organization Root Tr Token]. 505s [p11_child[2111]] [do_card] (0x4000): Found [Test Organization Root Tr Token] in slot [SoftHSM slot ID 0x371f4cf3][924798195] of module [0][/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 505s [p11_child[2111]] [do_card] (0x4000): Login NOT required. 505s [p11_child[2111]] [read_certs] (0x4000): found cert[Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] 505s [p11_child[2111]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 505s [p11_child[2111]] [do_card] (0x4000): /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so (null) Test Organization Root Tr Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 505s [p11_child[2111]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x371f4cf3;slot-manufacturer=SoftHSM%20project;slot-id=924798195;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=adb40941b71f4cf3;token=Test%20Organization%20Root%20Tr%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Root%20Trusted%20Certificate%200001;type=cert. 505s [p11_child[2111]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 505s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-vlpXTn/SSSD-child-24096.output 505s + echo '-----BEGIN CERTIFICATE-----' 505s + tail -n1 /tmp/sssd-softhsm2-vlpXTn/SSSD-child-24096.output 505s + echo '-----END CERTIFICATE-----' 505s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-vlpXTn/SSSD-child-24096.pem 505s Certificate: 505s Data: 505s Version: 3 (0x2) 505s Serial Number: 3 (0x3) 505s Signature Algorithm: sha256WithRSAEncryption 505s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root CA 505s Validity 505s Not Before: Mar 24 07:28:29 2024 GMT 505s Not After : Mar 24 07:28:29 2025 GMT 505s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root Trusted Certificate 0001 505s Subject Public Key Info: 505s Public Key Algorithm: rsaEncryption 505s Public-Key: (1024 bit) 505s Modulus: 505s 00:d6:4c:55:fe:3c:f2:b1:56:e2:69:78:e2:fe:e8: 505s 34:a0:98:fc:e4:9b:93:fa:ed:eb:f9:1f:64:24:83: 505s cd:f7:b8:ff:d9:ec:78:58:0d:26:28:0d:0d:0d:7b: 505s 92:0d:a5:32:30:59:c2:da:bc:01:db:df:64:d6:b1: 505s 92:4f:33:8c:f3:a7:81:2a:eb:a4:13:be:73:eb:c6: 505s f0:18:cd:29:d9:06:1d:dc:3c:13:ac:2f:1a:fb:dc: 505s bd:b1:df:15:fb:5d:6f:fb:6f:d2:7f:56:ab:06:0f: 505s 2a:5a:82:c6:b6:25:e1:4d:09:e2:a2:01:11:7e:81: 505s 2d:8b:34:33:e4:d4:b7:2f:3b 505s Exponent: 65537 (0x10001) 505s X509v3 extensions: 505s X509v3 Authority Key Identifier: 505s 49:66:8D:6C:A3:D2:34:7C:99:D9:2A:D4:A3:56:07:EB:23:A3:64:22 505s X509v3 Basic Constraints: 505s CA:FALSE 505s Netscape Cert Type: 505s SSL Client, S/MIME 505s Netscape Comment: 505s Test Organization Root CA trusted Certificate 505s X509v3 Subject Key Identifier: 505s 61:12:EF:79:42:32:FB:EC:CD:D2:27:04:1E:0F:3C:30:3D:7C:7D:4E 505s X509v3 Key Usage: critical 505s Digital Signature, Non Repudiation, Key Encipherment 505s X509v3 Extended Key Usage: 505s TLS Web Client Authentication, E-mail Protection 505s X509v3 Subject Alternative Name: 505s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 505s Signature Algorithm: sha256WithRSAEncryption 505s Signature Value: 505s 63:11:dc:bd:4e:70:5f:1a:d8:45:ba:57:4c:82:60:2c:77:54: 505s a2:87:3d:70:89:6b:c1:86:1d:ba:cd:ec:e6:e7:6a:20:7d:d0: 505s 5b:fe:a9:b4:e9:a2:90:18:18:e5:96:0c:21:d1:27:4c:cd:c5: 505s 1b:ec:79:95:85:14:5c:b2:1b:7a:0d:01:c8:bf:ed:a2:30:92: 505s 56:45:5d:81:13:66:ca:b0:a3:29:24:d6:8a:0e:91:5e:c5:c7: 505s fc:a1:00:9d:c3:e4:43:ad:cf:85:2f:63:c6:1a:e1:f5:f5:dd: 505s 7b:07:18:4b:8a:82:32:d9:4d:c1:df:2d:98:0c:5d:0c:5b:1c: 505s 45:4a 505s + local found_md5 expected_md5 505s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-vlpXTn/test-root-CA-trusted-certificate-0001.pem 505s + expected_md5=Modulus=D64C55FE3CF2B156E26978E2FEE834A098FCE49B93FAEDEBF91F642483CDF7B8FFD9EC78580D26280D0D0D7B920DA5323059C2DABC01DBDF64D6B1924F338CF3A7812AEBA413BE73EBC6F018CD29D9061DDC3C13AC2F1AFBDCBDB1DF15FB5D6FFB6FD27F56AB060F2A5A82C6B625E14D09E2A201117E812D8B3433E4D4B72F3B 505s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-vlpXTn/SSSD-child-24096.pem 505s + found_md5=Modulus=D64C55FE3CF2B156E26978E2FEE834A098FCE49B93FAEDEBF91F642483CDF7B8FFD9EC78580D26280D0D0D7B920DA5323059C2DABC01DBDF64D6B1924F338CF3A7812AEBA413BE73EBC6F018CD29D9061DDC3C13AC2F1AFBDCBDB1DF15FB5D6FFB6FD27F56AB060F2A5A82C6B625E14D09E2A201117E812D8B3433E4D4B72F3B 505s + '[' Modulus=D64C55FE3CF2B156E26978E2FEE834A098FCE49B93FAEDEBF91F642483CDF7B8FFD9EC78580D26280D0D0D7B920DA5323059C2DABC01DBDF64D6B1924F338CF3A7812AEBA413BE73EBC6F018CD29D9061DDC3C13AC2F1AFBDCBDB1DF15FB5D6FFB6FD27F56AB060F2A5A82C6B625E14D09E2A201117E812D8B3433E4D4B72F3B '!=' Modulus=D64C55FE3CF2B156E26978E2FEE834A098FCE49B93FAEDEBF91F642483CDF7B8FFD9EC78580D26280D0D0D7B920DA5323059C2DABC01DBDF64D6B1924F338CF3A7812AEBA413BE73EBC6F018CD29D9061DDC3C13AC2F1AFBDCBDB1DF15FB5D6FFB6FD27F56AB060F2A5A82C6B625E14D09E2A201117E812D8B3433E4D4B72F3B ']' 505s + output_file=/tmp/sssd-softhsm2-vlpXTn/SSSD-child-24096-auth.output 505s ++ basename /tmp/sssd-softhsm2-vlpXTn/SSSD-child-24096-auth.output .output 505s + output_cert_file=/tmp/sssd-softhsm2-vlpXTn/SSSD-child-24096-auth.pem 505s + echo -n 053350 505s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/tmp/sssd-softhsm2-vlpXTn/test-full-chain-CA.pem --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 '' --token_name 'Test Organization Root Tr Token' --module_name /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so 505s [p11_child[2119]] [main] (0x0400): p11_child started. 505s [p11_child[2119]] [main] (0x2000): Running in [auth] mode. 505s [p11_child[2119]] [main] (0x2000): Running with effective IDs: [0][0]. 505s [p11_child[2119]] [main] (0x2000): Running with real IDs [0][0]. 505s [p11_child[2119]] [do_card] (0x4000): Module List: 505s [p11_child[2119]] [do_card] (0x4000): common name: [softhsm2]. 505s [p11_child[2119]] [do_card] (0x4000): dll name: [/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 505s [p11_child[2119]] [do_card] (0x4000): Description [SoftHSM slot ID 0x371f4cf3] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 505s [p11_child[2119]] [do_card] (0x4000): Token label [Test Organization Root Tr Token]. 505s [p11_child[2119]] [do_card] (0x4000): Found [Test Organization Root Tr Token] in slot [SoftHSM slot ID 0x371f4cf3][924798195] of module [0][/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 505s [p11_child[2119]] [do_card] (0x4000): Login required. 505s [p11_child[2119]] [read_certs] (0x4000): found cert[Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] 505s [p11_child[2119]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 505s [p11_child[2119]] [do_card] (0x4000): /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so Test Organization Root Tr Token Test Organization Root Tr Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 505s [p11_child[2119]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x371f4cf3;slot-manufacturer=SoftHSM%20project;slot-id=924798195;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=adb40941b71f4cf3;token=Test%20Organization%20Root%20Tr%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Root%20Trusted%20Certificate%200001;type=cert. 505s [p11_child[2119]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 505s [p11_child[2119]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 505s [p11_child[2119]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 505s [p11_child[2119]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 505s [p11_child[2119]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 505s [p11_child[2119]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 505s [p11_child[2119]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 505s [p11_child[2119]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 505s [p11_child[2119]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 505s [p11_child[2119]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 505s [p11_child[2119]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 505s [p11_child[2119]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 505s [p11_child[2119]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 505s [p11_child[2119]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 505s [p11_child[2119]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 505s [p11_child[2119]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 505s [p11_child[2119]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 505s [p11_child[2119]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 505s [p11_child[2119]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 505s [p11_child[2119]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 505s [p11_child[2119]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 505s [p11_child[2119]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 505s [p11_child[2119]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 505s [p11_child[2119]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 505s [p11_child[2119]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 505s [p11_child[2119]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 505s [p11_child[2119]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 505s [p11_child[2119]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 505s [p11_child[2119]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 505s [p11_child[2119]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 505s [p11_child[2119]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 505s [p11_child[2119]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 505s [p11_child[2119]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 505s [p11_child[2119]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 505s [p11_child[2119]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 505s [p11_child[2119]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 505s [p11_child[2119]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 505s [p11_child[2119]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 505s [p11_child[2119]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 505s [p11_child[2119]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 505s [p11_child[2119]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 505s [p11_child[2119]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 505s [p11_child[2119]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 505s [p11_child[2119]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 505s [p11_child[2119]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 505s [p11_child[2119]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 505s [p11_child[2119]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 505s [p11_child[2119]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 505s [p11_child[2119]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 505s [p11_child[2119]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 505s [p11_child[2119]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 505s [p11_child[2119]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 505s [p11_child[2119]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 505s [p11_child[2119]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 505s [p11_child[2119]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 505s [p11_child[2119]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 505s [p11_child[2119]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 505s [p11_child[2119]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 505s [p11_child[2119]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 505s [p11_child[2119]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 505s [p11_child[2119]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 505s [p11_child[2119]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 505s [p11_child[2119]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 505s [p11_child[2119]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 505s [p11_child[2119]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 505s [p11_child[2119]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 505s [p11_child[2119]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 505s [p11_child[2119]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 505s [p11_child[2119]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 505s [p11_child[2119]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 505s [p11_child[2119]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 505s [p11_child[2119]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 505s [p11_child[2119]] [do_card] (0x4000): Certificate verified and validated. 505s [p11_child[2119]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 505s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-vlpXTn/SSSD-child-24096-auth.output 505s + echo '-----BEGIN CERTIFICATE-----' 505s + tail -n1 /tmp/sssd-softhsm2-vlpXTn/SSSD-child-24096-auth.output 505s + echo '-----END CERTIFICATE-----' 505s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-vlpXTn/SSSD-child-24096-auth.pem 505s Certificate: 505s Data: 505s Version: 3 (0x2) 505s Serial Number: 3 (0x3) 505s Signature Algorithm: sha256WithRSAEncryption 505s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root CA 505s Validity 505s Not Before: Mar 24 07:28:29 2024 GMT 505s Not After : Mar 24 07:28:29 2025 GMT 505s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root Trusted Certificate 0001 505s Subject Public Key Info: 505s Public Key Algorithm: rsaEncryption 505s Public-Key: (1024 bit) 505s Modulus: 505s 00:d6:4c:55:fe:3c:f2:b1:56:e2:69:78:e2:fe:e8: 505s 34:a0:98:fc:e4:9b:93:fa:ed:eb:f9:1f:64:24:83: 505s cd:f7:b8:ff:d9:ec:78:58:0d:26:28:0d:0d:0d:7b: 505s 92:0d:a5:32:30:59:c2:da:bc:01:db:df:64:d6:b1: 505s 92:4f:33:8c:f3:a7:81:2a:eb:a4:13:be:73:eb:c6: 505s f0:18:cd:29:d9:06:1d:dc:3c:13:ac:2f:1a:fb:dc: 505s bd:b1:df:15:fb:5d:6f:fb:6f:d2:7f:56:ab:06:0f: 505s 2a:5a:82:c6:b6:25:e1:4d:09:e2:a2:01:11:7e:81: 505s 2d:8b:34:33:e4:d4:b7:2f:3b 505s Exponent: 65537 (0x10001) 505s X509v3 extensions: 505s X509v3 Authority Key Identifier: 505s 49:66:8D:6C:A3:D2:34:7C:99:D9:2A:D4:A3:56:07:EB:23:A3:64:22 505s X509v3 Basic Constraints: 505s CA:FALSE 505s Netscape Cert Type: 505s SSL Client, S/MIME 505s Netscape Comment: 505s Test Organization Root CA trusted Certificate 505s X509v3 Subject Key Identifier: 505s 61:12:EF:79:42:32:FB:EC:CD:D2:27:04:1E:0F:3C:30:3D:7C:7D:4E 505s X509v3 Key Usage: critical 505s Digital Signature, Non Repudiation, Key Encipherment 505s X509v3 Extended Key Usage: 505s TLS Web Client Authentication, E-mail Protection 505s X509v3 Subject Alternative Name: 505s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 505s Signature Algorithm: sha256WithRSAEncryption 505s Signature Value: 505s 63:11:dc:bd:4e:70:5f:1a:d8:45:ba:57:4c:82:60:2c:77:54: 505s a2:87:3d:70:89:6b:c1:86:1d:ba:cd:ec:e6:e7:6a:20:7d:d0: 505s 5b:fe:a9:b4:e9:a2:90:18:18:e5:96:0c:21:d1:27:4c:cd:c5: 505s 1b:ec:79:95:85:14:5c:b2:1b:7a:0d:01:c8:bf:ed:a2:30:92: 505s 56:45:5d:81:13:66:ca:b0:a3:29:24:d6:8a:0e:91:5e:c5:c7: 505s fc:a1:00:9d:c3:e4:43:ad:cf:85:2f:63:c6:1a:e1:f5:f5:dd: 505s 7b:07:18:4b:8a:82:32:d9:4d:c1:df:2d:98:0c:5d:0c:5b:1c: 505s 45:4a 505s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-vlpXTn/SSSD-child-24096-auth.pem 505s + found_md5=Modulus=D64C55FE3CF2B156E26978E2FEE834A098FCE49B93FAEDEBF91F642483CDF7B8FFD9EC78580D26280D0D0D7B920DA5323059C2DABC01DBDF64D6B1924F338CF3A7812AEBA413BE73EBC6F018CD29D9061DDC3C13AC2F1AFBDCBDB1DF15FB5D6FFB6FD27F56AB060F2A5A82C6B625E14D09E2A201117E812D8B3433E4D4B72F3B 505s + '[' Modulus=D64C55FE3CF2B156E26978E2FEE834A098FCE49B93FAEDEBF91F642483CDF7B8FFD9EC78580D26280D0D0D7B920DA5323059C2DABC01DBDF64D6B1924F338CF3A7812AEBA413BE73EBC6F018CD29D9061DDC3C13AC2F1AFBDCBDB1DF15FB5D6FFB6FD27F56AB060F2A5A82C6B625E14D09E2A201117E812D8B3433E4D4B72F3B '!=' Modulus=D64C55FE3CF2B156E26978E2FEE834A098FCE49B93FAEDEBF91F642483CDF7B8FFD9EC78580D26280D0D0D7B920DA5323059C2DABC01DBDF64D6B1924F338CF3A7812AEBA413BE73EBC6F018CD29D9061DDC3C13AC2F1AFBDCBDB1DF15FB5D6FFB6FD27F56AB060F2A5A82C6B625E14D09E2A201117E812D8B3433E4D4B72F3B ']' 505s + valid_certificate /tmp/sssd-softhsm2-vlpXTn/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-19912 /tmp/sssd-softhsm2-vlpXTn/test-full-chain-CA.pem partial_chain 505s + check_certificate /tmp/sssd-softhsm2-vlpXTn/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-19912 /tmp/sssd-softhsm2-vlpXTn/test-full-chain-CA.pem partial_chain 505s + local certificate=/tmp/sssd-softhsm2-vlpXTn/test-root-CA-trusted-certificate-0001.pem 505s + local key_pass=pass:random-root-ca-trusted-cert-0001-19912 505s + local key_ring=/tmp/sssd-softhsm2-vlpXTn/test-full-chain-CA.pem 505s + local verify_option=partial_chain 505s + prepare_softhsm2_card /tmp/sssd-softhsm2-vlpXTn/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-19912 505s + local certificate=/tmp/sssd-softhsm2-vlpXTn/test-root-CA-trusted-certificate-0001.pem 505s + local key_pass=pass:random-root-ca-trusted-cert-0001-19912 505s + local key_cn 505s + local key_name 505s + local tokens_dir 505s + local output_cert_file 505s + token_name= 505s ++ basename /tmp/sssd-softhsm2-vlpXTn/test-root-CA-trusted-certificate-0001.pem .pem 505s + key_name=test-root-CA-trusted-certificate-0001 505s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-vlpXTn/test-root-CA-trusted-certificate-0001.pem 505s ++ sed -n 's/ *commonName *= //p' 505s + key_cn='Test Organization Root Trusted Certificate 0001' 505s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 505s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-vlpXTn/softhsm2-test-root-CA-trusted-certificate-0001.conf 505s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-vlpXTn/softhsm2-test-root-CA-trusted-certificate-0001.conf 505s ++ basename /tmp/sssd-softhsm2-vlpXTn/softhsm2-test-root-CA-trusted-certificate-0001.conf .conf 505s + tokens_dir=/tmp/sssd-softhsm2-vlpXTn/softhsm2-test-root-CA-trusted-certificate-0001 505s + token_name='Test Organization Root Tr Token' 505s Test Organization Root Tr Token 505s + '[' '!' -e /tmp/sssd-softhsm2-vlpXTn/softhsm2-test-root-CA-trusted-certificate-0001.conf ']' 505s + '[' '!' -d /tmp/sssd-softhsm2-vlpXTn/softhsm2-test-root-CA-trusted-certificate-0001 ']' 505s + echo 'Test Organization Root Tr Token' 505s + '[' -n partial_chain ']' 505s + local verify_arg=--verify=partial_chain 505s + local output_base_name=SSSD-child-21052 505s + local output_file=/tmp/sssd-softhsm2-vlpXTn/SSSD-child-21052.output 505s + output_cert_file=/tmp/sssd-softhsm2-vlpXTn/SSSD-child-21052.pem 505s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so --verify=partial_chain --ca_db=/tmp/sssd-softhsm2-vlpXTn/test-full-chain-CA.pem 505s [p11_child[2129]] [main] (0x0400): p11_child started. 505s [p11_child[2129]] [main] (0x2000): Running in [pre-auth] mode. 505s [p11_child[2129]] [main] (0x2000): Running with effective IDs: [0][0]. 505s [p11_child[2129]] [main] (0x2000): Running with real IDs [0][0]. 505s [p11_child[2129]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 505s [p11_child[2129]] [do_card] (0x4000): Module List: 505s [p11_child[2129]] [do_card] (0x4000): common name: [softhsm2]. 505s [p11_child[2129]] [do_card] (0x4000): dll name: [/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 505s [p11_child[2129]] [do_card] (0x4000): Description [SoftHSM slot ID 0x371f4cf3] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 505s [p11_child[2129]] [do_card] (0x4000): Token label [Test Organization Root Tr Token]. 505s [p11_child[2129]] [do_card] (0x4000): Found [Test Organization Root Tr Token] in slot [SoftHSM slot ID 0x371f4cf3][924798195] of module [0][/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 505s [p11_child[2129]] [do_card] (0x4000): Login NOT required. 505s [p11_child[2129]] [read_certs] (0x4000): found cert[Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] 505s [p11_child[2129]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 505s [p11_child[2129]] [do_card] (0x4000): /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so (null) Test Organization Root Tr Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 505s [p11_child[2129]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x371f4cf3;slot-manufacturer=SoftHSM%20project;slot-id=924798195;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=adb40941b71f4cf3;token=Test%20Organization%20Root%20Tr%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Root%20Trusted%20Certificate%200001;type=cert. 505s [p11_child[2129]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 505s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-vlpXTn/SSSD-child-21052.output 505s + echo '-----BEGIN CERTIFICATE-----' 505s + tail -n1 /tmp/sssd-softhsm2-vlpXTn/SSSD-child-21052.output 505s + echo '-----END CERTIFICATE-----' 505s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-vlpXTn/SSSD-child-21052.pem 505s Certificate: 505s Data: 505s Version: 3 (0x2) 505s Serial Number: 3 (0x3) 505s Signature Algorithm: sha256WithRSAEncryption 505s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root CA 505s Validity 505s Not Before: Mar 24 07:28:29 2024 GMT 505s Not After : Mar 24 07:28:29 2025 GMT 505s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root Trusted Certificate 0001 505s Subject Public Key Info: 505s Public Key Algorithm: rsaEncryption 505s Public-Key: (1024 bit) 505s Modulus: 505s 00:d6:4c:55:fe:3c:f2:b1:56:e2:69:78:e2:fe:e8: 505s 34:a0:98:fc:e4:9b:93:fa:ed:eb:f9:1f:64:24:83: 505s cd:f7:b8:ff:d9:ec:78:58:0d:26:28:0d:0d:0d:7b: 505s 92:0d:a5:32:30:59:c2:da:bc:01:db:df:64:d6:b1: 505s 92:4f:33:8c:f3:a7:81:2a:eb:a4:13:be:73:eb:c6: 505s f0:18:cd:29:d9:06:1d:dc:3c:13:ac:2f:1a:fb:dc: 505s bd:b1:df:15:fb:5d:6f:fb:6f:d2:7f:56:ab:06:0f: 505s 2a:5a:82:c6:b6:25:e1:4d:09:e2:a2:01:11:7e:81: 505s 2d:8b:34:33:e4:d4:b7:2f:3b 505s Exponent: 65537 (0x10001) 505s X509v3 extensions: 505s X509v3 Authority Key Identifier: 505s 49:66:8D:6C:A3:D2:34:7C:99:D9:2A:D4:A3:56:07:EB:23:A3:64:22 505s X509v3 Basic Constraints: 505s CA:FALSE 505s Netscape Cert Type: 505s SSL Client, S/MIME 505s Netscape Comment: 505s Test Organization Root CA trusted Certificate 505s X509v3 Subject Key Identifier: 505s 61:12:EF:79:42:32:FB:EC:CD:D2:27:04:1E:0F:3C:30:3D:7C:7D:4E 505s X509v3 Key Usage: critical 505s Digital Signature, Non Repudiation, Key Encipherment 505s X509v3 Extended Key Usage: 505s TLS Web Client Authentication, E-mail Protection 505s X509v3 Subject Alternative Name: 505s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 505s Signature Algorithm: sha256WithRSAEncryption 505s Signature Value: 505s 63:11:dc:bd:4e:70:5f:1a:d8:45:ba:57:4c:82:60:2c:77:54: 505s a2:87:3d:70:89:6b:c1:86:1d:ba:cd:ec:e6:e7:6a:20:7d:d0: 505s 5b:fe:a9:b4:e9:a2:90:18:18:e5:96:0c:21:d1:27:4c:cd:c5: 505s 1b:ec:79:95:85:14:5c:b2:1b:7a:0d:01:c8:bf:ed:a2:30:92: 505s 56:45:5d:81:13:66:ca:b0:a3:29:24:d6:8a:0e:91:5e:c5:c7: 505s fc:a1:00:9d:c3:e4:43:ad:cf:85:2f:63:c6:1a:e1:f5:f5:dd: 505s 7b:07:18:4b:8a:82:32:d9:4d:c1:df:2d:98:0c:5d:0c:5b:1c: 505s 45:4a 505s + local found_md5 expected_md5 505s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-vlpXTn/test-root-CA-trusted-certificate-0001.pem 506s + expected_md5=Modulus=D64C55FE3CF2B156E26978E2FEE834A098FCE49B93FAEDEBF91F642483CDF7B8FFD9EC78580D26280D0D0D7B920DA5323059C2DABC01DBDF64D6B1924F338CF3A7812AEBA413BE73EBC6F018CD29D9061DDC3C13AC2F1AFBDCBDB1DF15FB5D6FFB6FD27F56AB060F2A5A82C6B625E14D09E2A201117E812D8B3433E4D4B72F3B 506s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-vlpXTn/SSSD-child-21052.pem 506s + found_md5=Modulus=D64C55FE3CF2B156E26978E2FEE834A098FCE49B93FAEDEBF91F642483CDF7B8FFD9EC78580D26280D0D0D7B920DA5323059C2DABC01DBDF64D6B1924F338CF3A7812AEBA413BE73EBC6F018CD29D9061DDC3C13AC2F1AFBDCBDB1DF15FB5D6FFB6FD27F56AB060F2A5A82C6B625E14D09E2A201117E812D8B3433E4D4B72F3B 506s + '[' Modulus=D64C55FE3CF2B156E26978E2FEE834A098FCE49B93FAEDEBF91F642483CDF7B8FFD9EC78580D26280D0D0D7B920DA5323059C2DABC01DBDF64D6B1924F338CF3A7812AEBA413BE73EBC6F018CD29D9061DDC3C13AC2F1AFBDCBDB1DF15FB5D6FFB6FD27F56AB060F2A5A82C6B625E14D09E2A201117E812D8B3433E4D4B72F3B '!=' Modulus=D64C55FE3CF2B156E26978E2FEE834A098FCE49B93FAEDEBF91F642483CDF7B8FFD9EC78580D26280D0D0D7B920DA5323059C2DABC01DBDF64D6B1924F338CF3A7812AEBA413BE73EBC6F018CD29D9061DDC3C13AC2F1AFBDCBDB1DF15FB5D6FFB6FD27F56AB060F2A5A82C6B625E14D09E2A201117E812D8B3433E4D4B72F3B ']' 506s + output_file=/tmp/sssd-softhsm2-vlpXTn/SSSD-child-21052-auth.output 506s ++ basename /tmp/sssd-softhsm2-vlpXTn/SSSD-child-21052-auth.output .output 506s + output_cert_file=/tmp/sssd-softhsm2-vlpXTn/SSSD-child-21052-auth.pem 506s + echo -n 053350 506s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/tmp/sssd-softhsm2-vlpXTn/test-full-chain-CA.pem --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 --verify=partial_chain --token_name 'Test Organization Root Tr Token' --module_name /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so 506s [p11_child[2137]] [main] (0x0400): p11_child started. 506s [p11_child[2137]] [main] (0x2000): Running in [auth] mode. 506s [p11_child[2137]] [main] (0x2000): Running with effective IDs: [0][0]. 506s [p11_child[2137]] [main] (0x2000): Running with real IDs [0][0]. 506s [p11_child[2137]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 506s [p11_child[2137]] [do_card] (0x4000): Module List: 506s [p11_child[2137]] [do_card] (0x4000): common name: [softhsm2]. 506s [p11_child[2137]] [do_card] (0x4000): dll name: [/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 506s [p11_child[2137]] [do_card] (0x4000): Description [SoftHSM slot ID 0x371f4cf3] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 506s [p11_child[2137]] [do_card] (0x4000): Token label [Test Organization Root Tr Token]. 506s [p11_child[2137]] [do_card] (0x4000): Found [Test Organization Root Tr Token] in slot [SoftHSM slot ID 0x371f4cf3][924798195] of module [0][/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 506s [p11_child[2137]] [do_card] (0x4000): Login required. 506s [p11_child[2137]] [read_certs] (0x4000): found cert[Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] 506s [p11_child[2137]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 506s [p11_child[2137]] [do_card] (0x4000): /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so Test Organization Root Tr Token Test Organization Root Tr Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 506s [p11_child[2137]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x371f4cf3;slot-manufacturer=SoftHSM%20project;slot-id=924798195;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=adb40941b71f4cf3;token=Test%20Organization%20Root%20Tr%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Root%20Trusted%20Certificate%200001;type=cert. 506s [p11_child[2137]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 506s [p11_child[2137]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 506s [p11_child[2137]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 506s [p11_child[2137]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 506s [p11_child[2137]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 506s [p11_child[2137]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 506s [p11_child[2137]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 506s [p11_child[2137]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 506s [p11_child[2137]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 506s [p11_child[2137]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 506s [p11_child[2137]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 506s [p11_child[2137]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 506s [p11_child[2137]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 506s [p11_child[2137]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 506s [p11_child[2137]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 506s [p11_child[2137]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 506s [p11_child[2137]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 506s [p11_child[2137]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 506s [p11_child[2137]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 506s [p11_child[2137]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 506s [p11_child[2137]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 506s [p11_child[2137]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 506s [p11_child[2137]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 506s [p11_child[2137]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 506s [p11_child[2137]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 506s [p11_child[2137]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 506s [p11_child[2137]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 506s [p11_child[2137]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 506s [p11_child[2137]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 506s [p11_child[2137]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 506s [p11_child[2137]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 506s [p11_child[2137]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 506s [p11_child[2137]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 506s [p11_child[2137]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 506s [p11_child[2137]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 506s [p11_child[2137]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 506s [p11_child[2137]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 506s [p11_child[2137]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 506s [p11_child[2137]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 506s [p11_child[2137]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 506s [p11_child[2137]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 506s [p11_child[2137]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 506s [p11_child[2137]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 506s [p11_child[2137]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 506s [p11_child[2137]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 506s [p11_child[2137]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 506s [p11_child[2137]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 506s [p11_child[2137]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 506s [p11_child[2137]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 506s [p11_child[2137]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 506s [p11_child[2137]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 506s [p11_child[2137]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 506s [p11_child[2137]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 506s [p11_child[2137]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 506s [p11_child[2137]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 506s [p11_child[2137]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 506s [p11_child[2137]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 506s [p11_child[2137]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 506s [p11_child[2137]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 506s [p11_child[2137]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 506s [p11_child[2137]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 506s [p11_child[2137]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 506s [p11_child[2137]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 506s [p11_child[2137]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 506s [p11_child[2137]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 506s [p11_child[2137]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 506s [p11_child[2137]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 506s [p11_child[2137]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 506s [p11_child[2137]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 506s [p11_child[2137]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 506s [p11_child[2137]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 506s [p11_child[2137]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 506s [p11_child[2137]] [do_card] (0x4000): Certificate verified and validated. 506s [p11_child[2137]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 506s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-vlpXTn/SSSD-child-21052-auth.output 506s + echo '-----BEGIN CERTIFICATE-----' 506s + tail -n1 /tmp/sssd-softhsm2-vlpXTn/SSSD-child-21052-auth.output 506s + echo '-----END CERTIFICATE-----' 506s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-vlpXTn/SSSD-child-21052-auth.pem 506s Certificate: 506s Data: 506s Version: 3 (0x2) 506s Serial Number: 3 (0x3) 506s Signature Algorithm: sha256WithRSAEncryption 506s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root CA 506s Validity 506s Not Before: Mar 24 07:28:29 2024 GMT 506s Not After : Mar 24 07:28:29 2025 GMT 506s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root Trusted Certificate 0001 506s Subject Public Key Info: 506s Public Key Algorithm: rsaEncryption 506s Public-Key: (1024 bit) 506s Modulus: 506s 00:d6:4c:55:fe:3c:f2:b1:56:e2:69:78:e2:fe:e8: 506s 34:a0:98:fc:e4:9b:93:fa:ed:eb:f9:1f:64:24:83: 506s cd:f7:b8:ff:d9:ec:78:58:0d:26:28:0d:0d:0d:7b: 506s 92:0d:a5:32:30:59:c2:da:bc:01:db:df:64:d6:b1: 506s 92:4f:33:8c:f3:a7:81:2a:eb:a4:13:be:73:eb:c6: 506s f0:18:cd:29:d9:06:1d:dc:3c:13:ac:2f:1a:fb:dc: 506s bd:b1:df:15:fb:5d:6f:fb:6f:d2:7f:56:ab:06:0f: 506s 2a:5a:82:c6:b6:25:e1:4d:09:e2:a2:01:11:7e:81: 506s 2d:8b:34:33:e4:d4:b7:2f:3b 506s Exponent: 65537 (0x10001) 506s X509v3 extensions: 506s X509v3 Authority Key Identifier: 506s 49:66:8D:6C:A3:D2:34:7C:99:D9:2A:D4:A3:56:07:EB:23:A3:64:22 506s X509v3 Basic Constraints: 506s CA:FALSE 506s Netscape Cert Type: 506s SSL Client, S/MIME 506s Netscape Comment: 506s Test Organization Root CA trusted Certificate 506s X509v3 Subject Key Identifier: 506s 61:12:EF:79:42:32:FB:EC:CD:D2:27:04:1E:0F:3C:30:3D:7C:7D:4E 506s X509v3 Key Usage: critical 506s Digital Signature, Non Repudiation, Key Encipherment 506s X509v3 Extended Key Usage: 506s TLS Web Client Authentication, E-mail Protection 506s X509v3 Subject Alternative Name: 506s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 506s Signature Algorithm: sha256WithRSAEncryption 506s Signature Value: 506s 63:11:dc:bd:4e:70:5f:1a:d8:45:ba:57:4c:82:60:2c:77:54: 506s a2:87:3d:70:89:6b:c1:86:1d:ba:cd:ec:e6:e7:6a:20:7d:d0: 506s 5b:fe:a9:b4:e9:a2:90:18:18:e5:96:0c:21:d1:27:4c:cd:c5: 506s 1b:ec:79:95:85:14:5c:b2:1b:7a:0d:01:c8:bf:ed:a2:30:92: 506s 56:45:5d:81:13:66:ca:b0:a3:29:24:d6:8a:0e:91:5e:c5:c7: 506s fc:a1:00:9d:c3:e4:43:ad:cf:85:2f:63:c6:1a:e1:f5:f5:dd: 506s 7b:07:18:4b:8a:82:32:d9:4d:c1:df:2d:98:0c:5d:0c:5b:1c: 506s 45:4a 506s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-vlpXTn/SSSD-child-21052-auth.pem 506s + found_md5=Modulus=D64C55FE3CF2B156E26978E2FEE834A098FCE49B93FAEDEBF91F642483CDF7B8FFD9EC78580D26280D0D0D7B920DA5323059C2DABC01DBDF64D6B1924F338CF3A7812AEBA413BE73EBC6F018CD29D9061DDC3C13AC2F1AFBDCBDB1DF15FB5D6FFB6FD27F56AB060F2A5A82C6B625E14D09E2A201117E812D8B3433E4D4B72F3B 506s + '[' Modulus=D64C55FE3CF2B156E26978E2FEE834A098FCE49B93FAEDEBF91F642483CDF7B8FFD9EC78580D26280D0D0D7B920DA5323059C2DABC01DBDF64D6B1924F338CF3A7812AEBA413BE73EBC6F018CD29D9061DDC3C13AC2F1AFBDCBDB1DF15FB5D6FFB6FD27F56AB060F2A5A82C6B625E14D09E2A201117E812D8B3433E4D4B72F3B '!=' Modulus=D64C55FE3CF2B156E26978E2FEE834A098FCE49B93FAEDEBF91F642483CDF7B8FFD9EC78580D26280D0D0D7B920DA5323059C2DABC01DBDF64D6B1924F338CF3A7812AEBA413BE73EBC6F018CD29D9061DDC3C13AC2F1AFBDCBDB1DF15FB5D6FFB6FD27F56AB060F2A5A82C6B625E14D09E2A201117E812D8B3433E4D4B72F3B ']' 506s + invalid_certificate /tmp/sssd-softhsm2-vlpXTn/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-19912 /tmp/sssd-softhsm2-vlpXTn/test-intermediate-CA.pem 506s + check_certificate /tmp/sssd-softhsm2-vlpXTn/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-19912 /tmp/sssd-softhsm2-vlpXTn/test-intermediate-CA.pem 506s + local certificate=/tmp/sssd-softhsm2-vlpXTn/test-root-CA-trusted-certificate-0001.pem 506s + local key_pass=pass:random-root-ca-trusted-cert-0001-19912 506s + local key_ring=/tmp/sssd-softhsm2-vlpXTn/test-intermediate-CA.pem 506s + local verify_option= 506s + prepare_softhsm2_card /tmp/sssd-softhsm2-vlpXTn/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-19912 506s + local certificate=/tmp/sssd-softhsm2-vlpXTn/test-root-CA-trusted-certificate-0001.pem 506s + local key_pass=pass:random-root-ca-trusted-cert-0001-19912 506s + local key_cn 506s + local key_name 506s + local tokens_dir 506s + local output_cert_file 506s + token_name= 506s ++ basename /tmp/sssd-softhsm2-vlpXTn/test-root-CA-trusted-certificate-0001.pem .pem 506s + key_name=test-root-CA-trusted-certificate-0001 506s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-vlpXTn/test-root-CA-trusted-certificate-0001.pem 506s ++ sed -n 's/ *commonName *= //p' 506s + key_cn='Test Organization Root Trusted Certificate 0001' 506s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 506s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-vlpXTn/softhsm2-test-root-CA-trusted-certificate-0001.conf 506s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-vlpXTn/softhsm2-test-root-CA-trusted-certificate-0001.conf 506s ++ basename /tmp/sssd-softhsm2-vlpXTn/softhsm2-test-root-CA-trusted-certificate-0001.conf .conf 506s + tokens_dir=/tmp/sssd-softhsm2-vlpXTn/softhsm2-test-root-CA-trusted-certificate-0001 506s + token_name='Test Organization Root Tr Token' 506s + '[' '!' -e /tmp/sssd-softhsm2-vlpXTn/softhsm2-test-root-CA-trusted-certificate-0001.conf ']' 506s + '[' '!' -d /tmp/sssd-softhsm2-vlpXTn/softhsm2-test-root-CA-trusted-certificate-0001 ']' 506s + echo 'Test Organization Root Tr Token' 506s Test Organization Root Tr Token 506s + '[' -n '' ']' 506s + local output_base_name=SSSD-child-10696 506s + local output_file=/tmp/sssd-softhsm2-vlpXTn/SSSD-child-10696.output 506s + output_cert_file=/tmp/sssd-softhsm2-vlpXTn/SSSD-child-10696.pem 506s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so '' --ca_db=/tmp/sssd-softhsm2-vlpXTn/test-intermediate-CA.pem 506s [p11_child[2147]] [main] (0x0400): p11_child started. 506s [p11_child[2147]] [main] (0x2000): Running in [pre-auth] mode. 506s [p11_child[2147]] [main] (0x2000): Running with effective IDs: [0][0]. 506s [p11_child[2147]] [main] (0x2000): Running with real IDs [0][0]. 506s [p11_child[2147]] [do_card] (0x4000): Module List: 506s [p11_child[2147]] [do_card] (0x4000): common name: [softhsm2]. 506s [p11_child[2147]] [do_card] (0x4000): dll name: [/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 506s [p11_child[2147]] [do_card] (0x4000): Description [SoftHSM slot ID 0x371f4cf3] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 506s [p11_child[2147]] [do_card] (0x4000): Token label [Test Organization Root Tr Token]. 506s [p11_child[2147]] [do_card] (0x4000): Found [Test Organization Root Tr Token] in slot [SoftHSM slot ID 0x371f4cf3][924798195] of module [0][/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 506s [p11_child[2147]] [do_card] (0x4000): Login NOT required. 506s [p11_child[2147]] [read_certs] (0x4000): found cert[Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] 506s [p11_child[2147]] [do_verification] (0x0040): X509_verify_cert failed [0]. 506s [p11_child[2147]] [do_verification] (0x0040): X509_verify_cert failed [20][unable to get local issuer certificate]. 506s [p11_child[2147]] [read_certs] (0x0040): Certificate [Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] not valid, skipping. 506s [p11_child[2147]] [do_card] (0x4000): No certificate found. 506s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-vlpXTn/SSSD-child-10696.output 506s + return 2 506s + invalid_certificate /tmp/sssd-softhsm2-vlpXTn/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-19912 /tmp/sssd-softhsm2-vlpXTn/test-intermediate-CA.pem partial_chain 506s + check_certificate /tmp/sssd-softhsm2-vlpXTn/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-19912 /tmp/sssd-softhsm2-vlpXTn/test-intermediate-CA.pem partial_chain 506s + local certificate=/tmp/sssd-softhsm2-vlpXTn/test-root-CA-trusted-certificate-0001.pem 506s + local key_pass=pass:random-root-ca-trusted-cert-0001-19912 506s + local key_ring=/tmp/sssd-softhsm2-vlpXTn/test-intermediate-CA.pem 506s + local verify_option=partial_chain 506s + prepare_softhsm2_card /tmp/sssd-softhsm2-vlpXTn/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-19912 506s + local certificate=/tmp/sssd-softhsm2-vlpXTn/test-root-CA-trusted-certificate-0001.pem 506s + local key_pass=pass:random-root-ca-trusted-cert-0001-19912 506s + local key_cn 506s + local key_name 506s + local tokens_dir 506s + local output_cert_file 506s + token_name= 506s ++ basename /tmp/sssd-softhsm2-vlpXTn/test-root-CA-trusted-certificate-0001.pem .pem 506s + key_name=test-root-CA-trusted-certificate-0001 506s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-vlpXTn/test-root-CA-trusted-certificate-0001.pem 506s ++ sed -n 's/ *commonName *= //p' 506s + key_cn='Test Organization Root Trusted Certificate 0001' 506s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 506s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-vlpXTn/softhsm2-test-root-CA-trusted-certificate-0001.conf 506s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-vlpXTn/softhsm2-test-root-CA-trusted-certificate-0001.conf 506s ++ basename /tmp/sssd-softhsm2-vlpXTn/softhsm2-test-root-CA-trusted-certificate-0001.conf .conf 506s + tokens_dir=/tmp/sssd-softhsm2-vlpXTn/softhsm2-test-root-CA-trusted-certificate-0001 506s + token_name='Test Organization Root Tr Token' 506s + '[' '!' -e /tmp/sssd-softhsm2-vlpXTn/softhsm2-test-root-CA-trusted-certificate-0001.conf ']' 506s + '[' '!' -d /tmp/sssd-softhsm2-vlpXTn/softhsm2-test-root-CA-trusted-certificate-0001 ']' 506s + echo 'Test Organization Root Tr Token' 506s Test Organization Root Tr Token 506s + '[' -n partial_chain ']' 506s + local verify_arg=--verify=partial_chain 506s + local output_base_name=SSSD-child-8589 506s + local output_file=/tmp/sssd-softhsm2-vlpXTn/SSSD-child-8589.output 506s + output_cert_file=/tmp/sssd-softhsm2-vlpXTn/SSSD-child-8589.pem 506s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so --verify=partial_chain --ca_db=/tmp/sssd-softhsm2-vlpXTn/test-intermediate-CA.pem 506s [p11_child[2154]] [main] (0x0400): p11_child started. 506s [p11_child[2154]] [main] (0x2000): Running in [pre-auth] mode. 506s [p11_child[2154]] [main] (0x2000): Running with effective IDs: [0][0]. 506s [p11_child[2154]] [main] (0x2000): Running with real IDs [0][0]. 506s [p11_child[2154]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 506s [p11_child[2154]] [do_card] (0x4000): Module List: 506s [p11_child[2154]] [do_card] (0x4000): common name: [softhsm2]. 506s [p11_child[2154]] [do_card] (0x4000): dll name: [/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 506s [p11_child[2154]] [do_card] (0x4000): Description [SoftHSM slot ID 0x371f4cf3] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 506s [p11_child[2154]] [do_card] (0x4000): Token label [Test Organization Root Tr Token]. 506s [p11_child[2154]] [do_card] (0x4000): Found [Test Organization Root Tr Token] in slot [SoftHSM slot ID 0x371f4cf3][924798195] of module [0][/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 506s [p11_child[2154]] [do_card] (0x4000): Login NOT required. 506s [p11_child[2154]] [read_certs] (0x4000): found cert[Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] 506s [p11_child[2154]] [do_verification] (0x0040): X509_verify_cert failed [0]. 506s [p11_child[2154]] [do_verification] (0x0040): X509_verify_cert failed [20][unable to get local issuer certificate]. 506s [p11_child[2154]] [read_certs] (0x0040): Certificate [Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] not valid, skipping. 506s [p11_child[2154]] [do_card] (0x4000): No certificate found. 506s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-vlpXTn/SSSD-child-8589.output 506s + return 2 506s + invalid_certificate /tmp/sssd-softhsm2-vlpXTn/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-13536 /dev/null 506s + check_certificate /tmp/sssd-softhsm2-vlpXTn/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-13536 /dev/null 506s + local certificate=/tmp/sssd-softhsm2-vlpXTn/test-intermediate-CA-trusted-certificate-0001.pem 506s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-13536 506s + local key_ring=/dev/null 506s + local verify_option= 506s + prepare_softhsm2_card /tmp/sssd-softhsm2-vlpXTn/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-13536 506s + local certificate=/tmp/sssd-softhsm2-vlpXTn/test-intermediate-CA-trusted-certificate-0001.pem 506s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-13536 506s + local key_cn 506s + local key_name 506s + local tokens_dir 506s + local output_cert_file 506s + token_name= 506s ++ basename /tmp/sssd-softhsm2-vlpXTn/test-intermediate-CA-trusted-certificate-0001.pem .pem 506s + key_name=test-intermediate-CA-trusted-certificate-0001 506s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-vlpXTn/test-intermediate-CA-trusted-certificate-0001.pem 506s ++ sed -n 's/ *commonName *= //p' 506s + key_cn='Test Organization Intermediate Trusted Certificate 0001' 506s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 506s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-vlpXTn/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 506s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-vlpXTn/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 506s ++ basename /tmp/sssd-softhsm2-vlpXTn/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf .conf 506s + tokens_dir=/tmp/sssd-softhsm2-vlpXTn/softhsm2-test-intermediate-CA-trusted-certificate-0001 506s + token_name='Test Organization Interme Token' 506s + '[' '!' -e /tmp/sssd-softhsm2-vlpXTn/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf ']' 506s + local key_file 506s + local decrypted_key 506s + mkdir -p /tmp/sssd-softhsm2-vlpXTn/softhsm2-test-intermediate-CA-trusted-certificate-0001 506s + key_file=/tmp/sssd-softhsm2-vlpXTn/test-intermediate-CA-trusted-certificate-0001-key.pem 506s + decrypted_key=/tmp/sssd-softhsm2-vlpXTn/test-intermediate-CA-trusted-certificate-0001-key-decrypted.pem 506s + cat 506s + softhsm2-util --init-token --label 'Test Organization Interme Token' --pin 053350 --so-pin 053350 --free 506s Slot 0 has a free/uninitialized token. 506s The token has been initialized and is reassigned to slot 454553126 506s + softhsm2-util --show-slots 506s Available slots: 506s Slot 454553126 506s Slot info: 506s Description: SoftHSM slot ID 0x1b17ee26 506s Manufacturer ID: SoftHSM project 506s Hardware version: 2.6 506s Firmware version: 2.6 506s Token present: yes 506s Token info: 506s Manufacturer ID: SoftHSM project 506s Model: SoftHSM v2 506s Hardware version: 2.6 506s Firmware version: 2.6 506s Serial number: 6449adc99b17ee26 506s Initialized: yes 506s User PIN init.: yes 506s Label: Test Organization Interme Token 506s Slot 1 506s Slot info: 506s Description: SoftHSM slot ID 0x1 506s Manufacturer ID: SoftHSM project 506s Hardware version: 2.6 506s Firmware version: 2.6 506s Token present: yes 506s Token info: 506s Manufacturer ID: SoftHSM project 506s Model: SoftHSM v2 506s Hardware version: 2.6 506s Firmware version: 2.6 506s Serial number: 506s Initialized: no 506s User PIN init.: no 506s Label: 506s + p11tool --provider=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so --write --no-mark-private --load-certificate=/tmp/sssd-softhsm2-vlpXTn/test-intermediate-CA-trusted-certificate-0001.pem --login --set-pin=053350 --label 'Test Organization Intermediate Trusted Certificate 0001' --id 00112233445566778899FFAABBCCDDEEFF012345 506s + openssl rsa -passin pass:random-intermediate-ca-trusted-cert-0001-13536 -in /tmp/sssd-softhsm2-vlpXTn/test-intermediate-CA-trusted-certificate-0001-key.pem -out /tmp/sssd-softhsm2-vlpXTn/test-intermediate-CA-trusted-certificate-0001-key-decrypted.pem 506s writing RSA key 506s + p11tool --provider=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so --write --load-privkey=/tmp/sssd-softhsm2-vlpXTn/test-intermediate-CA-trusted-certificate-0001-key-decrypted.pem --login --set-pin=053350 --label 'Test Organization Intermediate Trusted Certificate 0001 Key' --id 00112233445566778899FFAABBCCDDEEFF012345 506s + rm /tmp/sssd-softhsm2-vlpXTn/test-intermediate-CA-trusted-certificate-0001-key-decrypted.pem 506s + p11tool --provider=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so --list-all 506s Object 0: 506s URL: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=6449adc99b17ee26;token=Test%20Organization%20Interme%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Intermediate%20Trusted%20Certificate%200001;type=cert 506s Type: X.509 Certificate (RSA-1024) 506s Expires: Mon Mar 24 07:28:29 2025 506s Label: Test Organization Intermediate Trusted Certificate 0001 506s ID: 00:11:22:33:44:55:66:77:88:99:ff:aa:bb:cc:dd:ee:ff:01:23:45 506s 506s + echo 'Test Organization Interme Token' 506s + '[' -n '' ']' 506s + local output_base_name=SSSD-child-699 506s + local output_file=/tmp/sssd-softhsm2-vlpXTn/SSSD-child-699.output 506s Test Organization Interme Token 506s + output_cert_file=/tmp/sssd-softhsm2-vlpXTn/SSSD-child-699.pem 506s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so '' --ca_db=/dev/null 506s [p11_child[2170]] [main] (0x0400): p11_child started. 506s [p11_child[2170]] [main] (0x2000): Running in [pre-auth] mode. 506s [p11_child[2170]] [main] (0x2000): Running with effective IDs: [0][0]. 506s [p11_child[2170]] [main] (0x2000): Running with real IDs [0][0]. 506s [p11_child[2170]] [init_verification] (0x0040): X509_LOOKUP_load_file [/dev/null] failed [92274824][error:05800088:x509 certificate routines::no certificate or crl found]. 506s [p11_child[2170]] [do_work] (0x0040): init_verification failed. 506s [p11_child[2170]] [main] (0x0020): p11_child failed (5) 506s + return 2 506s + valid_certificate /tmp/sssd-softhsm2-vlpXTn/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-13536 /dev/null no_verification 506s + check_certificate /tmp/sssd-softhsm2-vlpXTn/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-13536 /dev/null no_verification 506s + local certificate=/tmp/sssd-softhsm2-vlpXTn/test-intermediate-CA-trusted-certificate-0001.pem 506s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-13536 506s + local key_ring=/dev/null 506s + local verify_option=no_verification 506s + prepare_softhsm2_card /tmp/sssd-softhsm2-vlpXTn/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-13536 506s + local certificate=/tmp/sssd-softhsm2-vlpXTn/test-intermediate-CA-trusted-certificate-0001.pem 506s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-13536 506s + local key_cn 506s + local key_name 506s + local tokens_dir 506s + local output_cert_file 506s + token_name= 506s ++ basename /tmp/sssd-softhsm2-vlpXTn/test-intermediate-CA-trusted-certificate-0001.pem .pem 506s + key_name=test-intermediate-CA-trusted-certificate-0001 506s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-vlpXTn/test-intermediate-CA-trusted-certificate-0001.pem 506s ++ sed -n 's/ *commonName *= //p' 506s + key_cn='Test Organization Intermediate Trusted Certificate 0001' 506s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 506s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-vlpXTn/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 506s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-vlpXTn/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 506s ++ basename /tmp/sssd-softhsm2-vlpXTn/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf .conf 506s + tokens_dir=/tmp/sssd-softhsm2-vlpXTn/softhsm2-test-intermediate-CA-trusted-certificate-0001 506s + token_name='Test Organization Interme Token' 506s + '[' '!' -e /tmp/sssd-softhsm2-vlpXTn/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf ']' 506s + '[' '!' -d /tmp/sssd-softhsm2-vlpXTn/softhsm2-test-intermediate-CA-trusted-certificate-0001 ']' 506s + echo 'Test Organization Interme Token' 506s + '[' -n no_verification ']' 506s + local verify_arg=--verify=no_verification 506s + local output_base_name=SSSD-child-18036 506s + local output_file=/tmp/sssd-softhsm2-vlpXTn/SSSD-child-18036.output 506s + output_cert_file=/tmp/sssd-softhsm2-vlpXTn/SSSD-child-18036.pem 506s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so --verify=no_verification --ca_db=/dev/null 506s Test Organization Interme Token 506s [p11_child[2176]] [main] (0x0400): p11_child started. 506s [p11_child[2176]] [main] (0x2000): Running in [pre-auth] mode. 506s [p11_child[2176]] [main] (0x2000): Running with effective IDs: [0][0]. 506s [p11_child[2176]] [main] (0x2000): Running with real IDs [0][0]. 506s [p11_child[2176]] [parse_cert_verify_opts] (0x0020): Found 'no_verification' option, disabling verification completely. This should not be used in production. 506s [p11_child[2176]] [do_card] (0x4000): Module List: 506s [p11_child[2176]] [do_card] (0x4000): common name: [softhsm2]. 506s [p11_child[2176]] [do_card] (0x4000): dll name: [/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 506s [p11_child[2176]] [do_card] (0x4000): Description [SoftHSM slot ID 0x1b17ee26] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 506s [p11_child[2176]] [do_card] (0x4000): Token label [Test Organization Interme Token]. 506s [p11_child[2176]] [do_card] (0x4000): Found [Test Organization Interme Token] in slot [SoftHSM slot ID 0x1b17ee26][454553126] of module [0][/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 506s [p11_child[2176]] [do_card] (0x4000): Login NOT required. 506s [p11_child[2176]] [read_certs] (0x4000): found cert[Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] 506s [p11_child[2176]] [do_card] (0x4000): /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so (null) Test Organization Interme Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 506s [p11_child[2176]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x1b17ee26;slot-manufacturer=SoftHSM%20project;slot-id=454553126;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=6449adc99b17ee26;token=Test%20Organization%20Interme%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Intermediate%20Trusted%20Certificate%200001;type=cert. 506s [p11_child[2176]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 506s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-vlpXTn/SSSD-child-18036.output 506s + echo '-----BEGIN CERTIFICATE-----' 506s + tail -n1 /tmp/sssd-softhsm2-vlpXTn/SSSD-child-18036.output 506s + echo '-----END CERTIFICATE-----' 506s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-vlpXTn/SSSD-child-18036.pem 506s Certificate: 506s Data: 506s Version: 3 (0x2) 506s Serial Number: 4 (0x4) 506s Signature Algorithm: sha256WithRSAEncryption 506s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate CA 506s Validity 506s Not Before: Mar 24 07:28:29 2024 GMT 506s Not After : Mar 24 07:28:29 2025 GMT 506s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate Trusted Certificate 0001 506s Subject Public Key Info: 506s Public Key Algorithm: rsaEncryption 506s Public-Key: (1024 bit) 506s Modulus: 506s 00:93:d7:24:42:04:c4:8d:0d:74:9a:c7:a6:98:9e: 506s 41:32:a6:65:28:1c:f1:c7:8c:e7:14:ca:17:3e:f6: 506s b6:b4:dc:2e:bb:bd:31:ac:c0:be:d3:6b:86:9c:41: 506s 25:96:3c:2a:d3:d8:a7:6e:fb:e1:cd:54:c8:61:45: 506s 23:a6:5d:4e:ec:de:0b:9f:48:60:76:e4:23:42:86: 506s b7:52:fd:0c:e6:96:3f:d1:73:e3:b8:8b:ae:f3:3e: 506s a3:8c:e3:31:c6:f1:72:a4:f0:70:84:04:90:35:95: 506s 08:3b:fd:b7:82:22:a3:38:36:20:39:89:94:dc:d2: 506s 6b:e0:55:22:c3:ef:86:7e:e1 506s Exponent: 65537 (0x10001) 506s X509v3 extensions: 506s X509v3 Authority Key Identifier: 506s 67:0B:FE:DA:12:B8:64:88:B8:D3:46:EA:CE:9B:FC:46:E0:4B:0B:04 506s X509v3 Basic Constraints: 506s CA:FALSE 506s Netscape Cert Type: 506s SSL Client, S/MIME 506s Netscape Comment: 506s Test Organization Intermediate CA trusted Certificate 506s X509v3 Subject Key Identifier: 506s 5F:5E:43:C7:B0:36:27:5A:EC:43:ED:E3:B9:80:4F:13:FB:81:F0:A1 506s X509v3 Key Usage: critical 506s Digital Signature, Non Repudiation, Key Encipherment 506s X509v3 Extended Key Usage: 506s TLS Web Client Authentication, E-mail Protection 506s X509v3 Subject Alternative Name: 506s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 506s Signature Algorithm: sha256WithRSAEncryption 506s Signature Value: 506s 69:39:34:8b:d8:38:07:99:24:3b:d9:14:4e:4c:de:e3:97:7e: 506s 95:9d:b2:1a:cc:fc:b5:3a:af:9f:f3:94:b5:69:a6:7c:69:1d: 506s 4a:61:03:bd:e6:84:34:ce:85:70:bc:05:07:b2:4e:5b:b2:04: 506s 60:df:b6:d2:80:6f:e7:e0:1e:61:18:a7:b9:1a:70:60:98:e6: 506s 1d:5c:91:8c:e1:9a:5a:d3:a4:a6:0d:2e:e8:2d:a9:30:7c:46: 506s a2:6a:60:b4:6c:0b:f7:b4:50:1f:e0:2e:3a:85:10:8e:dc:ab: 506s 01:26:38:4e:64:78:cd:34:b5:ef:69:d1:2d:a9:38:f7:fc:6e: 506s fd:2d 506s + local found_md5 expected_md5 506s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-vlpXTn/test-intermediate-CA-trusted-certificate-0001.pem 506s + expected_md5=Modulus=93D7244204C48D0D749AC7A6989E4132A665281CF1C78CE714CA173EF6B6B4DC2EBBBD31ACC0BED36B869C4125963C2AD3D8A76EFBE1CD54C8614523A65D4EECDE0B9F486076E4234286B752FD0CE6963FD173E3B88BAEF33EA38CE331C6F172A4F0708404903595083BFDB78222A3383620398994DCD26BE05522C3EF867EE1 506s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-vlpXTn/SSSD-child-18036.pem 506s + found_md5=Modulus=93D7244204C48D0D749AC7A6989E4132A665281CF1C78CE714CA173EF6B6B4DC2EBBBD31ACC0BED36B869C4125963C2AD3D8A76EFBE1CD54C8614523A65D4EECDE0B9F486076E4234286B752FD0CE6963FD173E3B88BAEF33EA38CE331C6F172A4F0708404903595083BFDB78222A3383620398994DCD26BE05522C3EF867EE1 506s + '[' Modulus=93D7244204C48D0D749AC7A6989E4132A665281CF1C78CE714CA173EF6B6B4DC2EBBBD31ACC0BED36B869C4125963C2AD3D8A76EFBE1CD54C8614523A65D4EECDE0B9F486076E4234286B752FD0CE6963FD173E3B88BAEF33EA38CE331C6F172A4F0708404903595083BFDB78222A3383620398994DCD26BE05522C3EF867EE1 '!=' Modulus=93D7244204C48D0D749AC7A6989E4132A665281CF1C78CE714CA173EF6B6B4DC2EBBBD31ACC0BED36B869C4125963C2AD3D8A76EFBE1CD54C8614523A65D4EECDE0B9F486076E4234286B752FD0CE6963FD173E3B88BAEF33EA38CE331C6F172A4F0708404903595083BFDB78222A3383620398994DCD26BE05522C3EF867EE1 ']' 506s + output_file=/tmp/sssd-softhsm2-vlpXTn/SSSD-child-18036-auth.output 506s ++ basename /tmp/sssd-softhsm2-vlpXTn/SSSD-child-18036-auth.output .output 506s + output_cert_file=/tmp/sssd-softhsm2-vlpXTn/SSSD-child-18036-auth.pem 506s + echo -n 053350 506s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/dev/null --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 --verify=no_verification --token_name 'Test Organization Interme Token' --module_name /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so 506s [p11_child[2184]] [main] (0x0400): p11_child started. 506s [p11_child[2184]] [main] (0x2000): Running in [auth] mode. 506s [p11_child[2184]] [main] (0x2000): Running with effective IDs: [0][0]. 506s [p11_child[2184]] [main] (0x2000): Running with real IDs [0][0]. 506s [p11_child[2184]] [parse_cert_verify_opts] (0x0020): Found 'no_verification' option, disabling verification completely. This should not be used in production. 506s [p11_child[2184]] [do_card] (0x4000): Module List: 506s [p11_child[2184]] [do_card] (0x4000): common name: [softhsm2]. 506s [p11_child[2184]] [do_card] (0x4000): dll name: [/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 506s [p11_child[2184]] [do_card] (0x4000): Description [SoftHSM slot ID 0x1b17ee26] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 506s [p11_child[2184]] [do_card] (0x4000): Token label [Test Organization Interme Token]. 506s [p11_child[2184]] [do_card] (0x4000): Found [Test Organization Interme Token] in slot [SoftHSM slot ID 0x1b17ee26][454553126] of module [0][/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 506s [p11_child[2184]] [do_card] (0x4000): Login required. 506s [p11_child[2184]] [read_certs] (0x4000): found cert[Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] 506s [p11_child[2184]] [do_card] (0x4000): /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so Test Organization Interme Token Test Organization Interme Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 506s [p11_child[2184]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x1b17ee26;slot-manufacturer=SoftHSM%20project;slot-id=454553126;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=6449adc99b17ee26;token=Test%20Organization%20Interme%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Intermediate%20Trusted%20Certificate%200001;type=cert. 506s [p11_child[2184]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 506s [p11_child[2184]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 506s [p11_child[2184]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 506s [p11_child[2184]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 506s [p11_child[2184]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 506s [p11_child[2184]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 506s [p11_child[2184]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 506s [p11_child[2184]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 506s [p11_child[2184]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 506s [p11_child[2184]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 506s [p11_child[2184]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 506s [p11_child[2184]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 506s [p11_child[2184]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 506s [p11_child[2184]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 506s [p11_child[2184]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 506s [p11_child[2184]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 506s [p11_child[2184]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 506s [p11_child[2184]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 506s [p11_child[2184]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 506s [p11_child[2184]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 506s [p11_child[2184]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 506s [p11_child[2184]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 506s [p11_child[2184]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 506s [p11_child[2184]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 506s [p11_child[2184]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 506s [p11_child[2184]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 506s [p11_child[2184]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 506s [p11_child[2184]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 506s [p11_child[2184]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 506s [p11_child[2184]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 506s [p11_child[2184]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 506s [p11_child[2184]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 506s [p11_child[2184]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 506s [p11_child[2184]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 506s [p11_child[2184]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 506s [p11_child[2184]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 506s [p11_child[2184]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 506s [p11_child[2184]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 506s [p11_child[2184]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 506s [p11_child[2184]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 506s [p11_child[2184]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 506s [p11_child[2184]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 506s [p11_child[2184]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 506s [p11_child[2184]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 506s [p11_child[2184]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 506s [p11_child[2184]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 506s [p11_child[2184]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 506s [p11_child[2184]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 506s [p11_child[2184]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 506s [p11_child[2184]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 506s [p11_child[2184]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 506s [p11_child[2184]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 506s [p11_child[2184]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 506s [p11_child[2184]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 506s [p11_child[2184]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 506s [p11_child[2184]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 506s [p11_child[2184]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 506s [p11_child[2184]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 506s [p11_child[2184]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 506s [p11_child[2184]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 506s [p11_child[2184]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 506s [p11_child[2184]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 506s [p11_child[2184]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 506s [p11_child[2184]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 506s Certificate: 506s Data: 506s Version: 3 (0x2) 506s Serial Number: 4 (0x4) 506s Signature Algorithm: sha256WithRSAEncryption 506s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate CA 506s Validity 506s Not Before: Mar 24 07:28:29 2024 GMT 506s Not After : Mar 24 07:28:29 2025 GMT 506s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate Trusted Certificate 0001 506s Subject Public Key Info: 506s Public Key Algorithm: rsaEncryption 506s Public-Key: (1024 bit) 506s Modulus: 506s 00:93:d7:24:42:04:c4:8d:0d:74:9a:c7:a6:98:9e: 506s 41:32:a6:65:28:1c:f1:c7:8c:e7:14:ca:17:3e:f6: 506s b6:b4:dc:2e:bb:bd:31:ac:c0:be:d3:6b:86:9c:41: 506s 25:96:3c:2a:d3:d8:a7:6e:fb:e1:cd:54:c8:61:45: 506s 23:a6:5d:4e:ec:de:0b:9f:48:60:76:e4:23:42:86: 506s b7:52:fd:0c:e6:96:3f:d1:73:e3:b8:8b:ae:f3:3e: 506s a3:8c:e3:31:c6:f1:72:a4:f0:70:84:04:90:35:95: 506s 08:3b:fd:b7:82:22:a3:38:36:20:39:89:94:dc:d2: 506s 6b:e0:55:22:c3:ef:86:7e:e1 506s Exponent: 65537 (0x10001) 506s X509v3 extensions: 506s X509v3 Authority Key Identifier: 506s 67:0B:FE:DA:12:B8:64:88:B8:D3:46:EA:CE:9B:FC:46:E0:4B:0B:04 506s X509v3 Basic Constraints: 506s CA:FALSE 506s Netscape Cert Type: 506s SSL Client, S/MIME 506s Netscape Comment: 506s Test Organization Intermediate CA trusted Certificate 506s X509v3 Subject Key Identifier: 506s 5F:5E:43:C7:B0:36:27:5A:EC:43:ED:E3:B9:80:4F:13:FB:81:F0:A1 506s X509v3 Key Usage: critical 506s Digital Signature, Non Repudiation, Key Encipherment 506s X509v3 Extended Key Usage: 506s TLS Web Client Authentication, E-mail Protection 506s X509v3 Subject Alternative Name: 506s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 506s Signature Algorithm: sha256WithRSAEncryption 506s Signature Value: 506s 69:39:34:8b:d8:38:07:99:24:3b:d9:14:4e:4c:de:e3:97:7e: 506s 95:9d:b2:1a:cc:fc:b5:3a:af:9f:f3:94:b5:69:a6:7c:69:1d: 506s 4a:61:03:bd:e6:84:34:ce:85:70:bc:05:07:b2:4e:5b:b2:04: 506s 60:df:b6:d2:80:6f:e7:e0:1e:61:18:a7:b9:1a:70:60:98:e6: 506s 1d:5c:91:8c:e1:9a:5a:d3:a4:a6:0d:2e:e8:2d:a9:30:7c:46: 506s a2:6a:60:b4:6c:0b:f7:b4:50:1f:e0:2e:3a:85:10:8e:dc:ab: 506s 01:26:38:4e:64:78:cd:34:b5:ef:69:d1:2d:a9:38:f7:fc:6e: 506s fd:2d 506s [p11_child[2184]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 506s [p11_child[2184]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 506s [p11_child[2184]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 506s [p11_child[2184]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 506s [p11_child[2184]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 506s [p11_child[2184]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 506s [p11_child[2184]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 506s [p11_child[2184]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 506s [p11_child[2184]] [do_card] (0x4000): Certificate verified and validated. 506s [p11_child[2184]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 506s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-vlpXTn/SSSD-child-18036-auth.output 506s + echo '-----BEGIN CERTIFICATE-----' 506s + tail -n1 /tmp/sssd-softhsm2-vlpXTn/SSSD-child-18036-auth.output 506s + echo '-----END CERTIFICATE-----' 506s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-vlpXTn/SSSD-child-18036-auth.pem 506s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-vlpXTn/SSSD-child-18036-auth.pem 506s + found_md5=Modulus=93D7244204C48D0D749AC7A6989E4132A665281CF1C78CE714CA173EF6B6B4DC2EBBBD31ACC0BED36B869C4125963C2AD3D8A76EFBE1CD54C8614523A65D4EECDE0B9F486076E4234286B752FD0CE6963FD173E3B88BAEF33EA38CE331C6F172A4F0708404903595083BFDB78222A3383620398994DCD26BE05522C3EF867EE1 506s + '[' Modulus=93D7244204C48D0D749AC7A6989E4132A665281CF1C78CE714CA173EF6B6B4DC2EBBBD31ACC0BED36B869C4125963C2AD3D8A76EFBE1CD54C8614523A65D4EECDE0B9F486076E4234286B752FD0CE6963FD173E3B88BAEF33EA38CE331C6F172A4F0708404903595083BFDB78222A3383620398994DCD26BE05522C3EF867EE1 '!=' Modulus=93D7244204C48D0D749AC7A6989E4132A665281CF1C78CE714CA173EF6B6B4DC2EBBBD31ACC0BED36B869C4125963C2AD3D8A76EFBE1CD54C8614523A65D4EECDE0B9F486076E4234286B752FD0CE6963FD173E3B88BAEF33EA38CE331C6F172A4F0708404903595083BFDB78222A3383620398994DCD26BE05522C3EF867EE1 ']' 506s + invalid_certificate /tmp/sssd-softhsm2-vlpXTn/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-13536 /tmp/sssd-softhsm2-vlpXTn/test-root-CA.pem 506s + check_certificate /tmp/sssd-softhsm2-vlpXTn/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-13536 /tmp/sssd-softhsm2-vlpXTn/test-root-CA.pem 506s + local certificate=/tmp/sssd-softhsm2-vlpXTn/test-intermediate-CA-trusted-certificate-0001.pem 506s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-13536 506s + local key_ring=/tmp/sssd-softhsm2-vlpXTn/test-root-CA.pem 506s + local verify_option= 506s + prepare_softhsm2_card /tmp/sssd-softhsm2-vlpXTn/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-13536 506s + local certificate=/tmp/sssd-softhsm2-vlpXTn/test-intermediate-CA-trusted-certificate-0001.pem 506s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-13536 506s + local key_cn 506s + local key_name 506s + local tokens_dir 506s + local output_cert_file 506s + token_name= 506s ++ basename /tmp/sssd-softhsm2-vlpXTn/test-intermediate-CA-trusted-certificate-0001.pem .pem 506s + key_name=test-intermediate-CA-trusted-certificate-0001 506s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-vlpXTn/test-intermediate-CA-trusted-certificate-0001.pem 506s ++ sed -n 's/ *commonName *= //p' 506s + key_cn='Test Organization Intermediate Trusted Certificate 0001' 506s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 506s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-vlpXTn/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 506s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-vlpXTn/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 506s ++ basename /tmp/sssd-softhsm2-vlpXTn/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf .conf 506s + tokens_dir=/tmp/sssd-softhsm2-vlpXTn/softhsm2-test-intermediate-CA-trusted-certificate-0001 506s + token_name='Test Organization Interme Token' 506s + '[' '!' -e /tmp/sssd-softhsm2-vlpXTn/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf ']' 506s + '[' '!' -d /tmp/sssd-softhsm2-vlpXTn/softhsm2-test-intermediate-CA-trusted-certificate-0001 ']' 506s Test Organization Interme Token 506s + echo 'Test Organization Interme Token' 506s + '[' -n '' ']' 506s + local output_base_name=SSSD-child-16604 506s + local output_file=/tmp/sssd-softhsm2-vlpXTn/SSSD-child-16604.output 506s + output_cert_file=/tmp/sssd-softhsm2-vlpXTn/SSSD-child-16604.pem 506s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so '' --ca_db=/tmp/sssd-softhsm2-vlpXTn/test-root-CA.pem 506s [p11_child[2194]] [main] (0x0400): p11_child started. 506s [p11_child[2194]] [main] (0x2000): Running in [pre-auth] mode. 506s [p11_child[2194]] [main] (0x2000): Running with effective IDs: [0][0]. 506s [p11_child[2194]] [main] (0x2000): Running with real IDs [0][0]. 506s [p11_child[2194]] [do_card] (0x4000): Module List: 506s [p11_child[2194]] [do_card] (0x4000): common name: [softhsm2]. 506s [p11_child[2194]] [do_card] (0x4000): dll name: [/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 506s [p11_child[2194]] [do_card] (0x4000): Description [SoftHSM slot ID 0x1b17ee26] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 506s [p11_child[2194]] [do_card] (0x4000): Token label [Test Organization Interme Token]. 506s [p11_child[2194]] [do_card] (0x4000): Found [Test Organization Interme Token] in slot [SoftHSM slot ID 0x1b17ee26][454553126] of module [0][/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 506s [p11_child[2194]] [do_card] (0x4000): Login NOT required. 506s [p11_child[2194]] [read_certs] (0x4000): found cert[Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] 506s [p11_child[2194]] [do_verification] (0x0040): X509_verify_cert failed [0]. 506s [p11_child[2194]] [do_verification] (0x0040): X509_verify_cert failed [20][unable to get local issuer certificate]. 506s [p11_child[2194]] [read_certs] (0x0040): Certificate [Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] not valid, skipping. 506s [p11_child[2194]] [do_card] (0x4000): No certificate found. 506s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-vlpXTn/SSSD-child-16604.output 506s + return 2 506s + invalid_certificate /tmp/sssd-softhsm2-vlpXTn/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-13536 /tmp/sssd-softhsm2-vlpXTn/test-root-CA.pem partial_chain 506s + check_certificate /tmp/sssd-softhsm2-vlpXTn/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-13536 /tmp/sssd-softhsm2-vlpXTn/test-root-CA.pem partial_chain 506s + local certificate=/tmp/sssd-softhsm2-vlpXTn/test-intermediate-CA-trusted-certificate-0001.pem 506s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-13536 506s + local key_ring=/tmp/sssd-softhsm2-vlpXTn/test-root-CA.pem 506s + local verify_option=partial_chain 506s + prepare_softhsm2_card /tmp/sssd-softhsm2-vlpXTn/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-13536 506s + local certificate=/tmp/sssd-softhsm2-vlpXTn/test-intermediate-CA-trusted-certificate-0001.pem 506s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-13536 506s + local key_cn 506s + local key_name 506s + local tokens_dir 506s + local output_cert_file 506s + token_name= 506s ++ basename /tmp/sssd-softhsm2-vlpXTn/test-intermediate-CA-trusted-certificate-0001.pem .pem 506s + key_name=test-intermediate-CA-trusted-certificate-0001 506s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-vlpXTn/test-intermediate-CA-trusted-certificate-0001.pem 506s ++ sed -n 's/ *commonName *= //p' 506s + key_cn='Test Organization Intermediate Trusted Certificate 0001' 506s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 506s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-vlpXTn/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 506s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-vlpXTn/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 506s ++ basename /tmp/sssd-softhsm2-vlpXTn/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf .conf 506s + tokens_dir=/tmp/sssd-softhsm2-vlpXTn/softhsm2-test-intermediate-CA-trusted-certificate-0001 506s + token_name='Test Organization Interme Token' 506s + '[' '!' -e /tmp/sssd-softhsm2-vlpXTn/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf ']' 506s + '[' '!' -d /tmp/sssd-softhsm2-vlpXTn/softhsm2-test-intermediate-CA-trusted-certificate-0001 ']' 506s + echo 'Test Organization Interme Token' 506s Test Organization Interme Token 506s + '[' -n partial_chain ']' 506s + local verify_arg=--verify=partial_chain 506s + local output_base_name=SSSD-child-26839 506s + local output_file=/tmp/sssd-softhsm2-vlpXTn/SSSD-child-26839.output 506s + output_cert_file=/tmp/sssd-softhsm2-vlpXTn/SSSD-child-26839.pem 506s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so --verify=partial_chain --ca_db=/tmp/sssd-softhsm2-vlpXTn/test-root-CA.pem 506s [p11_child[2201]] [main] (0x0400): p11_child started. 506s [p11_child[2201]] [main] (0x2000): Running in [pre-auth] mode. 506s [p11_child[2201]] [main] (0x2000): Running with effective IDs: [0][0]. 506s [p11_child[2201]] [main] (0x2000): Running with real IDs [0][0]. 506s [p11_child[2201]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 506s [p11_child[2201]] [do_card] (0x4000): Module List: 506s [p11_child[2201]] [do_card] (0x4000): common name: [softhsm2]. 506s [p11_child[2201]] [do_card] (0x4000): dll name: [/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 506s [p11_child[2201]] [do_card] (0x4000): Description [SoftHSM slot ID 0x1b17ee26] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 506s [p11_child[2201]] [do_card] (0x4000): Token label [Test Organization Interme Token]. 506s [p11_child[2201]] [do_card] (0x4000): Found [Test Organization Interme Token] in slot [SoftHSM slot ID 0x1b17ee26][454553126] of module [0][/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 506s [p11_child[2201]] [do_card] (0x4000): Login NOT required. 506s [p11_child[2201]] [read_certs] (0x4000): found cert[Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] 506s [p11_child[2201]] [do_verification] (0x0040): X509_verify_cert failed [0]. 506s [p11_child[2201]] [do_verification] (0x0040): X509_verify_cert failed [20][unable to get local issuer certificate]. 506s [p11_child[2201]] [read_certs] (0x0040): Certificate [Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] not valid, skipping. 506s [p11_child[2201]] [do_card] (0x4000): No certificate found. 506s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-vlpXTn/SSSD-child-26839.output 506s + return 2 506s + valid_certificate /tmp/sssd-softhsm2-vlpXTn/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-13536 /tmp/sssd-softhsm2-vlpXTn/test-full-chain-CA.pem 506s + check_certificate /tmp/sssd-softhsm2-vlpXTn/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-13536 /tmp/sssd-softhsm2-vlpXTn/test-full-chain-CA.pem 506s + local certificate=/tmp/sssd-softhsm2-vlpXTn/test-intermediate-CA-trusted-certificate-0001.pem 506s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-13536 506s + local key_ring=/tmp/sssd-softhsm2-vlpXTn/test-full-chain-CA.pem 506s + local verify_option= 506s + prepare_softhsm2_card /tmp/sssd-softhsm2-vlpXTn/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-13536 506s + local certificate=/tmp/sssd-softhsm2-vlpXTn/test-intermediate-CA-trusted-certificate-0001.pem 506s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-13536 506s + local key_cn 506s + local key_name 506s + local tokens_dir 506s + local output_cert_file 506s + token_name= 506s ++ basename /tmp/sssd-softhsm2-vlpXTn/test-intermediate-CA-trusted-certificate-0001.pem .pem 506s + key_name=test-intermediate-CA-trusted-certificate-0001 506s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-vlpXTn/test-intermediate-CA-trusted-certificate-0001.pem 506s ++ sed -n 's/ *commonName *= //p' 506s + key_cn='Test Organization Intermediate Trusted Certificate 0001' 506s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 506s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-vlpXTn/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 506s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-vlpXTn/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 506s ++ basename /tmp/sssd-softhsm2-vlpXTn/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf .conf 506s + tokens_dir=/tmp/sssd-softhsm2-vlpXTn/softhsm2-test-intermediate-CA-trusted-certificate-0001 506s + token_name='Test Organization Interme Token' 506s + '[' '!' -e /tmp/sssd-softhsm2-vlpXTn/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf ']' 506s + '[' '!' -d /tmp/sssd-softhsm2-vlpXTn/softhsm2-test-intermediate-CA-trusted-certificate-0001 ']' 506s + echo 'Test Organization Interme Token' 506s Test Organization Interme Token 506s + '[' -n '' ']' 506s + local output_base_name=SSSD-child-2886 506s + local output_file=/tmp/sssd-softhsm2-vlpXTn/SSSD-child-2886.output 506s + output_cert_file=/tmp/sssd-softhsm2-vlpXTn/SSSD-child-2886.pem 506s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so '' --ca_db=/tmp/sssd-softhsm2-vlpXTn/test-full-chain-CA.pem 506s [p11_child[2208]] [main] (0x0400): p11_child started. 506s [p11_child[2208]] [main] (0x2000): Running in [pre-auth] mode. 506s [p11_child[2208]] [main] (0x2000): Running with effective IDs: [0][0]. 506s [p11_child[2208]] [main] (0x2000): Running with real IDs [0][0]. 506s [p11_child[2208]] [do_card] (0x4000): Module List: 506s [p11_child[2208]] [do_card] (0x4000): common name: [softhsm2]. 506s [p11_child[2208]] [do_card] (0x4000): dll name: [/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 506s [p11_child[2208]] [do_card] (0x4000): Description [SoftHSM slot ID 0x1b17ee26] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 506s [p11_child[2208]] [do_card] (0x4000): Token label [Test Organization Interme Token]. 506s [p11_child[2208]] [do_card] (0x4000): Found [Test Organization Interme Token] in slot [SoftHSM slot ID 0x1b17ee26][454553126] of module [0][/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 506s [p11_child[2208]] [do_card] (0x4000): Login NOT required. 506s [p11_child[2208]] [read_certs] (0x4000): found cert[Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] 506s [p11_child[2208]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 506s [p11_child[2208]] [do_card] (0x4000): /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so (null) Test Organization Interme Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 506s [p11_child[2208]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x1b17ee26;slot-manufacturer=SoftHSM%20project;slot-id=454553126;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=6449adc99b17ee26;token=Test%20Organization%20Interme%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Intermediate%20Trusted%20Certificate%200001;type=cert. 506s [p11_child[2208]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 506s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-vlpXTn/SSSD-child-2886.output 506s + echo '-----BEGIN CERTIFICATE-----' 506s + tail -n1 /tmp/sssd-softhsm2-vlpXTn/SSSD-child-2886.output 506s + echo '-----END CERTIFICATE-----' 506s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-vlpXTn/SSSD-child-2886.pem 506s Certificate: 506s Data: 506s Version: 3 (0x2) 506s Serial Number: 4 (0x4) 506s Signature Algorithm: sha256WithRSAEncryption 506s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate CA 506s Validity 506s Not Before: Mar 24 07:28:29 2024 GMT 506s Not After : Mar 24 07:28:29 2025 GMT 506s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate Trusted Certificate 0001 506s Subject Public Key Info: 506s Public Key Algorithm: rsaEncryption 506s Public-Key: (1024 bit) 506s Modulus: 506s 00:93:d7:24:42:04:c4:8d:0d:74:9a:c7:a6:98:9e: 506s 41:32:a6:65:28:1c:f1:c7:8c:e7:14:ca:17:3e:f6: 506s b6:b4:dc:2e:bb:bd:31:ac:c0:be:d3:6b:86:9c:41: 506s 25:96:3c:2a:d3:d8:a7:6e:fb:e1:cd:54:c8:61:45: 506s 23:a6:5d:4e:ec:de:0b:9f:48:60:76:e4:23:42:86: 506s b7:52:fd:0c:e6:96:3f:d1:73:e3:b8:8b:ae:f3:3e: 506s a3:8c:e3:31:c6:f1:72:a4:f0:70:84:04:90:35:95: 506s 08:3b:fd:b7:82:22:a3:38:36:20:39:89:94:dc:d2: 506s 6b:e0:55:22:c3:ef:86:7e:e1 506s Exponent: 65537 (0x10001) 506s X509v3 extensions: 506s X509v3 Authority Key Identifier: 506s 67:0B:FE:DA:12:B8:64:88:B8:D3:46:EA:CE:9B:FC:46:E0:4B:0B:04 506s X509v3 Basic Constraints: 506s CA:FALSE 506s Netscape Cert Type: 506s SSL Client, S/MIME 506s Netscape Comment: 506s Test Organization Intermediate CA trusted Certificate 506s X509v3 Subject Key Identifier: 506s 5F:5E:43:C7:B0:36:27:5A:EC:43:ED:E3:B9:80:4F:13:FB:81:F0:A1 506s X509v3 Key Usage: critical 506s Digital Signature, Non Repudiation, Key Encipherment 506s X509v3 Extended Key Usage: 506s TLS Web Client Authentication, E-mail Protection 506s X509v3 Subject Alternative Name: 506s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 506s Signature Algorithm: sha256WithRSAEncryption 506s Signature Value: 506s 69:39:34:8b:d8:38:07:99:24:3b:d9:14:4e:4c:de:e3:97:7e: 506s 95:9d:b2:1a:cc:fc:b5:3a:af:9f:f3:94:b5:69:a6:7c:69:1d: 506s 4a:61:03:bd:e6:84:34:ce:85:70:bc:05:07:b2:4e:5b:b2:04: 506s 60:df:b6:d2:80:6f:e7:e0:1e:61:18:a7:b9:1a:70:60:98:e6: 506s 1d:5c:91:8c:e1:9a:5a:d3:a4:a6:0d:2e:e8:2d:a9:30:7c:46: 506s a2:6a:60:b4:6c:0b:f7:b4:50:1f:e0:2e:3a:85:10:8e:dc:ab: 506s 01:26:38:4e:64:78:cd:34:b5:ef:69:d1:2d:a9:38:f7:fc:6e: 506s fd:2d 506s + local found_md5 expected_md5 506s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-vlpXTn/test-intermediate-CA-trusted-certificate-0001.pem 506s + expected_md5=Modulus=93D7244204C48D0D749AC7A6989E4132A665281CF1C78CE714CA173EF6B6B4DC2EBBBD31ACC0BED36B869C4125963C2AD3D8A76EFBE1CD54C8614523A65D4EECDE0B9F486076E4234286B752FD0CE6963FD173E3B88BAEF33EA38CE331C6F172A4F0708404903595083BFDB78222A3383620398994DCD26BE05522C3EF867EE1 506s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-vlpXTn/SSSD-child-2886.pem 506s + found_md5=Modulus=93D7244204C48D0D749AC7A6989E4132A665281CF1C78CE714CA173EF6B6B4DC2EBBBD31ACC0BED36B869C4125963C2AD3D8A76EFBE1CD54C8614523A65D4EECDE0B9F486076E4234286B752FD0CE6963FD173E3B88BAEF33EA38CE331C6F172A4F0708404903595083BFDB78222A3383620398994DCD26BE05522C3EF867EE1 506s + '[' Modulus=93D7244204C48D0D749AC7A6989E4132A665281CF1C78CE714CA173EF6B6B4DC2EBBBD31ACC0BED36B869C4125963C2AD3D8A76EFBE1CD54C8614523A65D4EECDE0B9F486076E4234286B752FD0CE6963FD173E3B88BAEF33EA38CE331C6F172A4F0708404903595083BFDB78222A3383620398994DCD26BE05522C3EF867EE1 '!=' Modulus=93D7244204C48D0D749AC7A6989E4132A665281CF1C78CE714CA173EF6B6B4DC2EBBBD31ACC0BED36B869C4125963C2AD3D8A76EFBE1CD54C8614523A65D4EECDE0B9F486076E4234286B752FD0CE6963FD173E3B88BAEF33EA38CE331C6F172A4F0708404903595083BFDB78222A3383620398994DCD26BE05522C3EF867EE1 ']' 506s + output_file=/tmp/sssd-softhsm2-vlpXTn/SSSD-child-2886-auth.output 506s ++ basename /tmp/sssd-softhsm2-vlpXTn/SSSD-child-2886-auth.output .output 506s + output_cert_file=/tmp/sssd-softhsm2-vlpXTn/SSSD-child-2886-auth.pem 506s + echo -n 053350 506s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/tmp/sssd-softhsm2-vlpXTn/test-full-chain-CA.pem --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 '' --token_name 'Test Organization Interme Token' --module_name /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so 506s [p11_child[2216]] [main] (0x0400): p11_child started. 506s [p11_child[2216]] [main] (0x2000): Running in [auth] mode. 506s [p11_child[2216]] [main] (0x2000): Running with effective IDs: [0][0]. 506s [p11_child[2216]] [main] (0x2000): Running with real IDs [0][0]. 506s [p11_child[2216]] [do_card] (0x4000): Module List: 506s [p11_child[2216]] [do_card] (0x4000): common name: [softhsm2]. 506s [p11_child[2216]] [do_card] (0x4000): dll name: [/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 506s [p11_child[2216]] [do_card] (0x4000): Description [SoftHSM slot ID 0x1b17ee26] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 506s [p11_child[2216]] [do_card] (0x4000): Token label [Test Organization Interme Token]. 506s [p11_child[2216]] [do_card] (0x4000): Found [Test Organization Interme Token] in slot [SoftHSM slot ID 0x1b17ee26][454553126] of module [0][/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 506s [p11_child[2216]] [do_card] (0x4000): Login required. 506s [p11_child[2216]] [read_certs] (0x4000): found cert[Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] 506s [p11_child[2216]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 506s [p11_child[2216]] [do_card] (0x4000): /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so Test Organization Interme Token Test Organization Interme Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 506s [p11_child[2216]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x1b17ee26;slot-manufacturer=SoftHSM%20project;slot-id=454553126;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=6449adc99b17ee26;token=Test%20Organization%20Interme%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Intermediate%20Trusted%20Certificate%200001;type=cert. 506s [p11_child[2216]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 506s [p11_child[2216]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 506s [p11_child[2216]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 506s [p11_child[2216]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 506s [p11_child[2216]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 506s [p11_child[2216]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 506s [p11_child[2216]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 506s [p11_child[2216]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 506s [p11_child[2216]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 506s [p11_child[2216]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 506s [p11_child[2216]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 506s [p11_child[2216]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 506s [p11_child[2216]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 506s [p11_child[2216]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 506s [p11_child[2216]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 506s [p11_child[2216]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 506s [p11_child[2216]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 506s [p11_child[2216]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 506s [p11_child[2216]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 506s [p11_child[2216]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 506s [p11_child[2216]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 506s [p11_child[2216]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 506s [p11_child[2216]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 506s [p11_child[2216]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 506s [p11_child[2216]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 506s [p11_child[2216]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 506s [p11_child[2216]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 506s [p11_child[2216]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 506s [p11_child[2216]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 506s [p11_child[2216]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 506s [p11_child[2216]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 506s [p11_child[2216]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 506s [p11_child[2216]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 506s [p11_child[2216]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 506s [p11_child[2216]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 506s [p11_child[2216]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 506s [p11_child[2216]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 506s [p11_child[2216]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 506s [p11_child[2216]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 506s [p11_child[2216]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 506s [p11_child[2216]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 506s [p11_child[2216]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 506s [p11_child[2216]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 506s [p11_child[2216]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 506s [p11_child[2216]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 506s [p11_child[2216]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 506s [p11_child[2216]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 506s [p11_child[2216]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 506s [p11_child[2216]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 506s [p11_child[2216]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 506s [p11_child[2216]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 506s [p11_child[2216]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 506s [p11_child[2216]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 506s [p11_child[2216]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 506s [p11_child[2216]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 506s [p11_child[2216]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 506s [p11_child[2216]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 506s [p11_child[2216]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 506s [p11_child[2216]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 506s [p11_child[2216]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 506s [p11_child[2216]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 506s [p11_child[2216]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 506s [p11_child[2216]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 506s [p11_child[2216]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 506s [p11_child[2216]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 506s [p11_child[2216]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 506s [p11_child[2216]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 506s [p11_child[2216]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 506s [p11_child[2216]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 506s [p11_child[2216]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 506s [p11_child[2216]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 506s [p11_child[2216]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 506s [p11_child[2216]] [do_card] (0x4000): Certificate verified and validated. 506s [p11_child[2216]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 506s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-vlpXTn/SSSD-child-2886-auth.output 506s + echo '-----BEGIN CERTIFICATE-----' 506s + tail -n1 /tmp/sssd-softhsm2-vlpXTn/SSSD-child-2886-auth.output 506s + echo '-----END CERTIFICATE-----' 506s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-vlpXTn/SSSD-child-2886-auth.pem 506s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-vlpXTn/SSSD-child-2886-auth.pem 506s Certificate: 506s Data: 506s Version: 3 (0x2) 506s Serial Number: 4 (0x4) 506s Signature Algorithm: sha256WithRSAEncryption 506s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate CA 506s Validity 506s Not Before: Mar 24 07:28:29 2024 GMT 506s Not After : Mar 24 07:28:29 2025 GMT 506s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate Trusted Certificate 0001 506s Subject Public Key Info: 506s Public Key Algorithm: rsaEncryption 506s Public-Key: (1024 bit) 506s Modulus: 506s 00:93:d7:24:42:04:c4:8d:0d:74:9a:c7:a6:98:9e: 506s 41:32:a6:65:28:1c:f1:c7:8c:e7:14:ca:17:3e:f6: 506s b6:b4:dc:2e:bb:bd:31:ac:c0:be:d3:6b:86:9c:41: 506s 25:96:3c:2a:d3:d8:a7:6e:fb:e1:cd:54:c8:61:45: 506s 23:a6:5d:4e:ec:de:0b:9f:48:60:76:e4:23:42:86: 506s b7:52:fd:0c:e6:96:3f:d1:73:e3:b8:8b:ae:f3:3e: 506s a3:8c:e3:31:c6:f1:72:a4:f0:70:84:04:90:35:95: 506s 08:3b:fd:b7:82:22:a3:38:36:20:39:89:94:dc:d2: 506s 6b:e0:55:22:c3:ef:86:7e:e1 506s Exponent: 65537 (0x10001) 506s X509v3 extensions: 506s X509v3 Authority Key Identifier: 506s 67:0B:FE:DA:12:B8:64:88:B8:D3:46:EA:CE:9B:FC:46:E0:4B:0B:04 506s X509v3 Basic Constraints: 506s CA:FALSE 506s Netscape Cert Type: 506s SSL Client, S/MIME 506s Netscape Comment: 506s Test Organization Intermediate CA trusted Certificate 506s X509v3 Subject Key Identifier: 506s 5F:5E:43:C7:B0:36:27:5A:EC:43:ED:E3:B9:80:4F:13:FB:81:F0:A1 506s X509v3 Key Usage: critical 506s Digital Signature, Non Repudiation, Key Encipherment 506s X509v3 Extended Key Usage: 506s TLS Web Client Authentication, E-mail Protection 506s X509v3 Subject Alternative Name: 506s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 506s Signature Algorithm: sha256WithRSAEncryption 506s Signature Value: 506s 69:39:34:8b:d8:38:07:99:24:3b:d9:14:4e:4c:de:e3:97:7e: 506s 95:9d:b2:1a:cc:fc:b5:3a:af:9f:f3:94:b5:69:a6:7c:69:1d: 506s 4a:61:03:bd:e6:84:34:ce:85:70:bc:05:07:b2:4e:5b:b2:04: 506s 60:df:b6:d2:80:6f:e7:e0:1e:61:18:a7:b9:1a:70:60:98:e6: 506s 1d:5c:91:8c:e1:9a:5a:d3:a4:a6:0d:2e:e8:2d:a9:30:7c:46: 506s a2:6a:60:b4:6c:0b:f7:b4:50:1f:e0:2e:3a:85:10:8e:dc:ab: 506s 01:26:38:4e:64:78:cd:34:b5:ef:69:d1:2d:a9:38:f7:fc:6e: 506s fd:2d 506s + found_md5=Modulus=93D7244204C48D0D749AC7A6989E4132A665281CF1C78CE714CA173EF6B6B4DC2EBBBD31ACC0BED36B869C4125963C2AD3D8A76EFBE1CD54C8614523A65D4EECDE0B9F486076E4234286B752FD0CE6963FD173E3B88BAEF33EA38CE331C6F172A4F0708404903595083BFDB78222A3383620398994DCD26BE05522C3EF867EE1 506s + '[' Modulus=93D7244204C48D0D749AC7A6989E4132A665281CF1C78CE714CA173EF6B6B4DC2EBBBD31ACC0BED36B869C4125963C2AD3D8A76EFBE1CD54C8614523A65D4EECDE0B9F486076E4234286B752FD0CE6963FD173E3B88BAEF33EA38CE331C6F172A4F0708404903595083BFDB78222A3383620398994DCD26BE05522C3EF867EE1 '!=' Modulus=93D7244204C48D0D749AC7A6989E4132A665281CF1C78CE714CA173EF6B6B4DC2EBBBD31ACC0BED36B869C4125963C2AD3D8A76EFBE1CD54C8614523A65D4EECDE0B9F486076E4234286B752FD0CE6963FD173E3B88BAEF33EA38CE331C6F172A4F0708404903595083BFDB78222A3383620398994DCD26BE05522C3EF867EE1 ']' 506s + valid_certificate /tmp/sssd-softhsm2-vlpXTn/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-13536 /tmp/sssd-softhsm2-vlpXTn/test-full-chain-CA.pem partial_chain 506s + check_certificate /tmp/sssd-softhsm2-vlpXTn/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-13536 /tmp/sssd-softhsm2-vlpXTn/test-full-chain-CA.pem partial_chain 506s + local certificate=/tmp/sssd-softhsm2-vlpXTn/test-intermediate-CA-trusted-certificate-0001.pem 506s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-13536 506s + local key_ring=/tmp/sssd-softhsm2-vlpXTn/test-full-chain-CA.pem 506s + local verify_option=partial_chain 506s + prepare_softhsm2_card /tmp/sssd-softhsm2-vlpXTn/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-13536 506s + local certificate=/tmp/sssd-softhsm2-vlpXTn/test-intermediate-CA-trusted-certificate-0001.pem 506s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-13536 506s + local key_cn 506s + local key_name 506s + local tokens_dir 506s + local output_cert_file 506s + token_name= 506s ++ basename /tmp/sssd-softhsm2-vlpXTn/test-intermediate-CA-trusted-certificate-0001.pem .pem 506s + key_name=test-intermediate-CA-trusted-certificate-0001 506s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-vlpXTn/test-intermediate-CA-trusted-certificate-0001.pem 506s ++ sed -n 's/ *commonName *= //p' 506s + key_cn='Test Organization Intermediate Trusted Certificate 0001' 506s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 506s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-vlpXTn/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 506s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-vlpXTn/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 506s ++ basename /tmp/sssd-softhsm2-vlpXTn/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf .conf 506s + tokens_dir=/tmp/sssd-softhsm2-vlpXTn/softhsm2-test-intermediate-CA-trusted-certificate-0001 506s + token_name='Test Organization Interme Token' 506s + '[' '!' -e /tmp/sssd-softhsm2-vlpXTn/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf ']' 506s + '[' '!' -d /tmp/sssd-softhsm2-vlpXTn/softhsm2-test-intermediate-CA-trusted-certificate-0001 ']' 506s + echo 'Test Organization Interme Token' 506s Test Organization Interme Token 506s + '[' -n partial_chain ']' 506s + local verify_arg=--verify=partial_chain 506s + local output_base_name=SSSD-child-30344 506s + local output_file=/tmp/sssd-softhsm2-vlpXTn/SSSD-child-30344.output 506s + output_cert_file=/tmp/sssd-softhsm2-vlpXTn/SSSD-child-30344.pem 506s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so --verify=partial_chain --ca_db=/tmp/sssd-softhsm2-vlpXTn/test-full-chain-CA.pem 506s [p11_child[2226]] [main] (0x0400): p11_child started. 506s [p11_child[2226]] [main] (0x2000): Running in [pre-auth] mode. 506s [p11_child[2226]] [main] (0x2000): Running with effective IDs: [0][0]. 506s [p11_child[2226]] [main] (0x2000): Running with real IDs [0][0]. 506s [p11_child[2226]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 506s [p11_child[2226]] [do_card] (0x4000): Module List: 506s [p11_child[2226]] [do_card] (0x4000): common name: [softhsm2]. 506s [p11_child[2226]] [do_card] (0x4000): dll name: [/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 506s [p11_child[2226]] [do_card] (0x4000): Description [SoftHSM slot ID 0x1b17ee26] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 506s [p11_child[2226]] [do_card] (0x4000): Token label [Test Organization Interme Token]. 506s [p11_child[2226]] [do_card] (0x4000): Found [Test Organization Interme Token] in slot [SoftHSM slot ID 0x1b17ee26][454553126] of module [0][/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 506s [p11_child[2226]] [do_card] (0x4000): Login NOT required. 506s [p11_child[2226]] [read_certs] (0x4000): found cert[Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] 506s [p11_child[2226]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 506s [p11_child[2226]] [do_card] (0x4000): /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so (null) Test Organization Interme Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 506s [p11_child[2226]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x1b17ee26;slot-manufacturer=SoftHSM%20project;slot-id=454553126;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=6449adc99b17ee26;token=Test%20Organization%20Interme%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Intermediate%20Trusted%20Certificate%200001;type=cert. 506s [p11_child[2226]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 506s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-vlpXTn/SSSD-child-30344.output 506s + echo '-----BEGIN CERTIFICATE-----' 506s + tail -n1 /tmp/sssd-softhsm2-vlpXTn/SSSD-child-30344.output 506s + echo '-----END CERTIFICATE-----' 506s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-vlpXTn/SSSD-child-30344.pem 506s + local found_md5 expected_md5 506s Certificate: 506s Data: 506s Version: 3 (0x2) 506s Serial Number: 4 (0x4) 506s Signature Algorithm: sha256WithRSAEncryption 506s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate CA 506s Validity 506s Not Before: Mar 24 07:28:29 2024 GMT 506s Not After : Mar 24 07:28:29 2025 GMT 506s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate Trusted Certificate 0001 506s Subject Public Key Info: 506s Public Key Algorithm: rsaEncryption 506s Public-Key: (1024 bit) 506s Modulus: 506s 00:93:d7:24:42:04:c4:8d:0d:74:9a:c7:a6:98:9e: 506s 41:32:a6:65:28:1c:f1:c7:8c:e7:14:ca:17:3e:f6: 506s b6:b4:dc:2e:bb:bd:31:ac:c0:be:d3:6b:86:9c:41: 506s 25:96:3c:2a:d3:d8:a7:6e:fb:e1:cd:54:c8:61:45: 506s 23:a6:5d:4e:ec:de:0b:9f:48:60:76:e4:23:42:86: 506s b7:52:fd:0c:e6:96:3f:d1:73:e3:b8:8b:ae:f3:3e: 506s a3:8c:e3:31:c6:f1:72:a4:f0:70:84:04:90:35:95: 506s 08:3b:fd:b7:82:22:a3:38:36:20:39:89:94:dc:d2: 506s 6b:e0:55:22:c3:ef:86:7e:e1 506s Exponent: 65537 (0x10001) 506s X509v3 extensions: 506s X509v3 Authority Key Identifier: 506s 67:0B:FE:DA:12:B8:64:88:B8:D3:46:EA:CE:9B:FC:46:E0:4B:0B:04 506s X509v3 Basic Constraints: 506s CA:FALSE 506s Netscape Cert Type: 506s SSL Client, S/MIME 506s Netscape Comment: 506s Test Organization Intermediate CA trusted Certificate 506s X509v3 Subject Key Identifier: 506s 5F:5E:43:C7:B0:36:27:5A:EC:43:ED:E3:B9:80:4F:13:FB:81:F0:A1 506s X509v3 Key Usage: critical 506s Digital Signature, Non Repudiation, Key Encipherment 506s X509v3 Extended Key Usage: 506s TLS Web Client Authentication, E-mail Protection 506s X509v3 Subject Alternative Name: 506s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 506s Signature Algorithm: sha256WithRSAEncryption 506s Signature Value: 506s 69:39:34:8b:d8:38:07:99:24:3b:d9:14:4e:4c:de:e3:97:7e: 506s 95:9d:b2:1a:cc:fc:b5:3a:af:9f:f3:94:b5:69:a6:7c:69:1d: 506s 4a:61:03:bd:e6:84:34:ce:85:70:bc:05:07:b2:4e:5b:b2:04: 506s 60:df:b6:d2:80:6f:e7:e0:1e:61:18:a7:b9:1a:70:60:98:e6: 506s 1d:5c:91:8c:e1:9a:5a:d3:a4:a6:0d:2e:e8:2d:a9:30:7c:46: 506s a2:6a:60:b4:6c:0b:f7:b4:50:1f:e0:2e:3a:85:10:8e:dc:ab: 506s 01:26:38:4e:64:78:cd:34:b5:ef:69:d1:2d:a9:38:f7:fc:6e: 506s fd:2d 506s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-vlpXTn/test-intermediate-CA-trusted-certificate-0001.pem 507s + expected_md5=Modulus=93D7244204C48D0D749AC7A6989E4132A665281CF1C78CE714CA173EF6B6B4DC2EBBBD31ACC0BED36B869C4125963C2AD3D8A76EFBE1CD54C8614523A65D4EECDE0B9F486076E4234286B752FD0CE6963FD173E3B88BAEF33EA38CE331C6F172A4F0708404903595083BFDB78222A3383620398994DCD26BE05522C3EF867EE1 507s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-vlpXTn/SSSD-child-30344.pem 507s + found_md5=Modulus=93D7244204C48D0D749AC7A6989E4132A665281CF1C78CE714CA173EF6B6B4DC2EBBBD31ACC0BED36B869C4125963C2AD3D8A76EFBE1CD54C8614523A65D4EECDE0B9F486076E4234286B752FD0CE6963FD173E3B88BAEF33EA38CE331C6F172A4F0708404903595083BFDB78222A3383620398994DCD26BE05522C3EF867EE1 507s + '[' Modulus=93D7244204C48D0D749AC7A6989E4132A665281CF1C78CE714CA173EF6B6B4DC2EBBBD31ACC0BED36B869C4125963C2AD3D8A76EFBE1CD54C8614523A65D4EECDE0B9F486076E4234286B752FD0CE6963FD173E3B88BAEF33EA38CE331C6F172A4F0708404903595083BFDB78222A3383620398994DCD26BE05522C3EF867EE1 '!=' Modulus=93D7244204C48D0D749AC7A6989E4132A665281CF1C78CE714CA173EF6B6B4DC2EBBBD31ACC0BED36B869C4125963C2AD3D8A76EFBE1CD54C8614523A65D4EECDE0B9F486076E4234286B752FD0CE6963FD173E3B88BAEF33EA38CE331C6F172A4F0708404903595083BFDB78222A3383620398994DCD26BE05522C3EF867EE1 ']' 507s + output_file=/tmp/sssd-softhsm2-vlpXTn/SSSD-child-30344-auth.output 507s ++ basename /tmp/sssd-softhsm2-vlpXTn/SSSD-child-30344-auth.output .output 507s + output_cert_file=/tmp/sssd-softhsm2-vlpXTn/SSSD-child-30344-auth.pem 507s + echo -n 053350 507s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/tmp/sssd-softhsm2-vlpXTn/test-full-chain-CA.pem --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 --verify=partial_chain --token_name 'Test Organization Interme Token' --module_name /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so 507s [p11_child[2234]] [main] (0x0400): p11_child started. 507s [p11_child[2234]] [main] (0x2000): Running in [auth] mode. 507s [p11_child[2234]] [main] (0x2000): Running with effective IDs: [0][0]. 507s [p11_child[2234]] [main] (0x2000): Running with real IDs [0][0]. 507s [p11_child[2234]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 507s [p11_child[2234]] [do_card] (0x4000): Module List: 507s [p11_child[2234]] [do_card] (0x4000): common name: [softhsm2]. 507s [p11_child[2234]] [do_card] (0x4000): dll name: [/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 507s [p11_child[2234]] [do_card] (0x4000): Description [SoftHSM slot ID 0x1b17ee26] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 507s [p11_child[2234]] [do_card] (0x4000): Token label [Test Organization Interme Token]. 507s [p11_child[2234]] [do_card] (0x4000): Found [Test Organization Interme Token] in slot [SoftHSM slot ID 0x1b17ee26][454553126] of module [0][/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 507s [p11_child[2234]] [do_card] (0x4000): Login required. 507s [p11_child[2234]] [read_certs] (0x4000): found cert[Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] 507s [p11_child[2234]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 507s [p11_child[2234]] [do_card] (0x4000): /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so Test Organization Interme Token Test Organization Interme Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 507s [p11_child[2234]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x1b17ee26;slot-manufacturer=SoftHSM%20project;slot-id=454553126;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=6449adc99b17ee26;token=Test%20Organization%20Interme%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Intermediate%20Trusted%20Certificate%200001;type=cert. 507s [p11_child[2234]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 507s [p11_child[2234]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 507s [p11_child[2234]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 507s [p11_child[2234]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 507s [p11_child[2234]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 507s [p11_child[2234]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 507s [p11_child[2234]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 507s [p11_child[2234]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 507s [p11_child[2234]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 507s [p11_child[2234]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 507s [p11_child[2234]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 507s [p11_child[2234]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 507s [p11_child[2234]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 507s [p11_child[2234]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 507s [p11_child[2234]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 507s [p11_child[2234]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 507s [p11_child[2234]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 507s [p11_child[2234]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 507s [p11_child[2234]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 507s [p11_child[2234]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 507s [p11_child[2234]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 507s [p11_child[2234]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 507s [p11_child[2234]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 507s [p11_child[2234]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 507s [p11_child[2234]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 507s [p11_child[2234]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 507s [p11_child[2234]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 507s [p11_child[2234]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 507s [p11_child[2234]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 507s [p11_child[2234]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 507s [p11_child[2234]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 507s [p11_child[2234]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 507s [p11_child[2234]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 507s [p11_child[2234]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 507s [p11_child[2234]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 507s [p11_child[2234]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 507s [p11_child[2234]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 507s [p11_child[2234]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 507s [p11_child[2234]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 507s [p11_child[2234]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 507s [p11_child[2234]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 507s [p11_child[2234]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 507s [p11_child[2234]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 507s [p11_child[2234]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 507s [p11_child[2234]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 507s [p11_child[2234]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 507s [p11_child[2234]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 507s [p11_child[2234]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 507s [p11_child[2234]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 507s [p11_child[2234]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 507s [p11_child[2234]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 507s [p11_child[2234]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 507s [p11_child[2234]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 507s [p11_child[2234]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 507s [p11_child[2234]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 507s [p11_child[2234]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 507s [p11_child[2234]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 507s [p11_child[2234]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 507s [p11_child[2234]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 507s [p11_child[2234]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 507s [p11_child[2234]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 507s [p11_child[2234]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 507s [p11_child[2234]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 507s [p11_child[2234]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 507s [p11_child[2234]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 507s [p11_child[2234]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 507s [p11_child[2234]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 507s [p11_child[2234]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 507s [p11_child[2234]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 507s [p11_child[2234]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 507s [p11_child[2234]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 507s [p11_child[2234]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 507s [p11_child[2234]] [do_card] (0x4000): Certificate verified and validated. 507s [p11_child[2234]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 507s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-vlpXTn/SSSD-child-30344-auth.output 507s + echo '-----BEGIN CERTIFICATE-----' 507s + tail -n1 /tmp/sssd-softhsm2-vlpXTn/SSSD-child-30344-auth.output 507s + echo '-----END CERTIFICATE-----' 507s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-vlpXTn/SSSD-child-30344-auth.pem 507s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-vlpXTn/SSSD-child-30344-auth.pem 507s Certificate: 507s Data: 507s Version: 3 (0x2) 507s Serial Number: 4 (0x4) 507s Signature Algorithm: sha256WithRSAEncryption 507s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate CA 507s Validity 507s Not Before: Mar 24 07:28:29 2024 GMT 507s Not After : Mar 24 07:28:29 2025 GMT 507s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate Trusted Certificate 0001 507s Subject Public Key Info: 507s Public Key Algorithm: rsaEncryption 507s Public-Key: (1024 bit) 507s Modulus: 507s 00:93:d7:24:42:04:c4:8d:0d:74:9a:c7:a6:98:9e: 507s 41:32:a6:65:28:1c:f1:c7:8c:e7:14:ca:17:3e:f6: 507s b6:b4:dc:2e:bb:bd:31:ac:c0:be:d3:6b:86:9c:41: 507s 25:96:3c:2a:d3:d8:a7:6e:fb:e1:cd:54:c8:61:45: 507s 23:a6:5d:4e:ec:de:0b:9f:48:60:76:e4:23:42:86: 507s b7:52:fd:0c:e6:96:3f:d1:73:e3:b8:8b:ae:f3:3e: 507s a3:8c:e3:31:c6:f1:72:a4:f0:70:84:04:90:35:95: 507s 08:3b:fd:b7:82:22:a3:38:36:20:39:89:94:dc:d2: 507s 6b:e0:55:22:c3:ef:86:7e:e1 507s Exponent: 65537 (0x10001) 507s X509v3 extensions: 507s X509v3 Authority Key Identifier: 507s 67:0B:FE:DA:12:B8:64:88:B8:D3:46:EA:CE:9B:FC:46:E0:4B:0B:04 507s X509v3 Basic Constraints: 507s CA:FALSE 507s Netscape Cert Type: 507s SSL Client, S/MIME 507s Netscape Comment: 507s Test Organization Intermediate CA trusted Certificate 507s X509v3 Subject Key Identifier: 507s 5F:5E:43:C7:B0:36:27:5A:EC:43:ED:E3:B9:80:4F:13:FB:81:F0:A1 507s X509v3 Key Usage: critical 507s Digital Signature, Non Repudiation, Key Encipherment 507s X509v3 Extended Key Usage: 507s TLS Web Client Authentication, E-mail Protection 507s X509v3 Subject Alternative Name: 507s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 507s Signature Algorithm: sha256WithRSAEncryption 507s Signature Value: 507s 69:39:34:8b:d8:38:07:99:24:3b:d9:14:4e:4c:de:e3:97:7e: 507s 95:9d:b2:1a:cc:fc:b5:3a:af:9f:f3:94:b5:69:a6:7c:69:1d: 507s 4a:61:03:bd:e6:84:34:ce:85:70:bc:05:07:b2:4e:5b:b2:04: 507s 60:df:b6:d2:80:6f:e7:e0:1e:61:18:a7:b9:1a:70:60:98:e6: 507s 1d:5c:91:8c:e1:9a:5a:d3:a4:a6:0d:2e:e8:2d:a9:30:7c:46: 507s a2:6a:60:b4:6c:0b:f7:b4:50:1f:e0:2e:3a:85:10:8e:dc:ab: 507s 01:26:38:4e:64:78:cd:34:b5:ef:69:d1:2d:a9:38:f7:fc:6e: 507s fd:2d 507s + found_md5=Modulus=93D7244204C48D0D749AC7A6989E4132A665281CF1C78CE714CA173EF6B6B4DC2EBBBD31ACC0BED36B869C4125963C2AD3D8A76EFBE1CD54C8614523A65D4EECDE0B9F486076E4234286B752FD0CE6963FD173E3B88BAEF33EA38CE331C6F172A4F0708404903595083BFDB78222A3383620398994DCD26BE05522C3EF867EE1 507s + '[' Modulus=93D7244204C48D0D749AC7A6989E4132A665281CF1C78CE714CA173EF6B6B4DC2EBBBD31ACC0BED36B869C4125963C2AD3D8A76EFBE1CD54C8614523A65D4EECDE0B9F486076E4234286B752FD0CE6963FD173E3B88BAEF33EA38CE331C6F172A4F0708404903595083BFDB78222A3383620398994DCD26BE05522C3EF867EE1 '!=' Modulus=93D7244204C48D0D749AC7A6989E4132A665281CF1C78CE714CA173EF6B6B4DC2EBBBD31ACC0BED36B869C4125963C2AD3D8A76EFBE1CD54C8614523A65D4EECDE0B9F486076E4234286B752FD0CE6963FD173E3B88BAEF33EA38CE331C6F172A4F0708404903595083BFDB78222A3383620398994DCD26BE05522C3EF867EE1 ']' 507s + invalid_certificate /tmp/sssd-softhsm2-vlpXTn/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-13536 /tmp/sssd-softhsm2-vlpXTn/test-intermediate-CA.pem 507s + check_certificate /tmp/sssd-softhsm2-vlpXTn/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-13536 /tmp/sssd-softhsm2-vlpXTn/test-intermediate-CA.pem 507s + local certificate=/tmp/sssd-softhsm2-vlpXTn/test-intermediate-CA-trusted-certificate-0001.pem 507s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-13536 507s + local key_ring=/tmp/sssd-softhsm2-vlpXTn/test-intermediate-CA.pem 507s + local verify_option= 507s + prepare_softhsm2_card /tmp/sssd-softhsm2-vlpXTn/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-13536 507s + local certificate=/tmp/sssd-softhsm2-vlpXTn/test-intermediate-CA-trusted-certificate-0001.pem 507s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-13536 507s + local key_cn 507s + local key_name 507s + local tokens_dir 507s + local output_cert_file 507s + token_name= 507s ++ basename /tmp/sssd-softhsm2-vlpXTn/test-intermediate-CA-trusted-certificate-0001.pem .pem 507s + key_name=test-intermediate-CA-trusted-certificate-0001 507s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-vlpXTn/test-intermediate-CA-trusted-certificate-0001.pem 507s ++ sed -n 's/ *commonName *= //p' 507s + key_cn='Test Organization Intermediate Trusted Certificate 0001' 507s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 507s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-vlpXTn/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 507s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-vlpXTn/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 507s ++ basename /tmp/sssd-softhsm2-vlpXTn/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf .conf 507s + tokens_dir=/tmp/sssd-softhsm2-vlpXTn/softhsm2-test-intermediate-CA-trusted-certificate-0001 507s + token_name='Test Organization Interme Token' 507s + '[' '!' -e /tmp/sssd-softhsm2-vlpXTn/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf ']' 507s + '[' '!' -d /tmp/sssd-softhsm2-vlpXTn/softhsm2-test-intermediate-CA-trusted-certificate-0001 ']' 507s + echo 'Test Organization Interme Token' 507s + '[' -n '' ']' 507s + local output_base_name=SSSD-child-22238 507s + local output_file=/tmp/sssd-softhsm2-vlpXTn/SSSD-child-22238.output 507s + output_cert_file=/tmp/sssd-softhsm2-vlpXTn/SSSD-child-22238.pem 507s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so '' --ca_db=/tmp/sssd-softhsm2-vlpXTn/test-intermediate-CA.pem 507s [p11_child[2244]] [main] (0x0400): p11_child started. 507s [p11_child[2244]] [main] (0x2000): Running in [pre-auth] mode. 507s [p11_child[2244]] [main] (0x2000): Running with effective IDs: [0][0]. 507s [p11_child[2244]] [main] (0x2000): Running with real IDs [0][0]. 507s Test Organization Interme Token 507s [p11_child[2244]] [do_card] (0x4000): Module List: 507s [p11_child[2244]] [do_card] (0x4000): common name: [softhsm2]. 507s [p11_child[2244]] [do_card] (0x4000): dll name: [/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 507s [p11_child[2244]] [do_card] (0x4000): Description [SoftHSM slot ID 0x1b17ee26] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 507s [p11_child[2244]] [do_card] (0x4000): Token label [Test Organization Interme Token]. 507s [p11_child[2244]] [do_card] (0x4000): Found [Test Organization Interme Token] in slot [SoftHSM slot ID 0x1b17ee26][454553126] of module [0][/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 507s [p11_child[2244]] [do_card] (0x4000): Login NOT required. 507s [p11_child[2244]] [read_certs] (0x4000): found cert[Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] 507s [p11_child[2244]] [do_verification] (0x0040): X509_verify_cert failed [0]. 507s [p11_child[2244]] [do_verification] (0x0040): X509_verify_cert failed [2][unable to get issuer certificate]. 507s [p11_child[2244]] [read_certs] (0x0040): Certificate [Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] not valid, skipping. 507s [p11_child[2244]] [do_card] (0x4000): No certificate found. 507s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-vlpXTn/SSSD-child-22238.output 507s + return 2 507s + valid_certificate /tmp/sssd-softhsm2-vlpXTn/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-13536 /tmp/sssd-softhsm2-vlpXTn/test-intermediate-CA.pem partial_chain 507s + check_certificate /tmp/sssd-softhsm2-vlpXTn/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-13536 /tmp/sssd-softhsm2-vlpXTn/test-intermediate-CA.pem partial_chain 507s + local certificate=/tmp/sssd-softhsm2-vlpXTn/test-intermediate-CA-trusted-certificate-0001.pem 507s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-13536 507s + local key_ring=/tmp/sssd-softhsm2-vlpXTn/test-intermediate-CA.pem 507s + local verify_option=partial_chain 507s + prepare_softhsm2_card /tmp/sssd-softhsm2-vlpXTn/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-13536 507s + local certificate=/tmp/sssd-softhsm2-vlpXTn/test-intermediate-CA-trusted-certificate-0001.pem 507s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-13536 507s + local key_cn 507s + local key_name 507s + local tokens_dir 507s + local output_cert_file 507s + token_name= 507s ++ basename /tmp/sssd-softhsm2-vlpXTn/test-intermediate-CA-trusted-certificate-0001.pem .pem 507s + key_name=test-intermediate-CA-trusted-certificate-0001 507s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-vlpXTn/test-intermediate-CA-trusted-certificate-0001.pem 507s ++ sed -n 's/ *commonName *= //p' 507s + key_cn='Test Organization Intermediate Trusted Certificate 0001' 507s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 507s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-vlpXTn/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 507s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-vlpXTn/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 507s ++ basename /tmp/sssd-softhsm2-vlpXTn/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf .conf 507s + tokens_dir=/tmp/sssd-softhsm2-vlpXTn/softhsm2-test-intermediate-CA-trusted-certificate-0001 507s + token_name='Test Organization Interme Token' 507s + '[' '!' -e /tmp/sssd-softhsm2-vlpXTn/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf ']' 507s + '[' '!' -d /tmp/sssd-softhsm2-vlpXTn/softhsm2-test-intermediate-CA-trusted-certificate-0001 ']' 507s + echo 'Test Organization Interme Token' 507s + '[' -n partial_chain ']' 507s Test Organization Interme Token 507s + local verify_arg=--verify=partial_chain 507s + local output_base_name=SSSD-child-30611 507s + local output_file=/tmp/sssd-softhsm2-vlpXTn/SSSD-child-30611.output 507s + output_cert_file=/tmp/sssd-softhsm2-vlpXTn/SSSD-child-30611.pem 507s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so --verify=partial_chain --ca_db=/tmp/sssd-softhsm2-vlpXTn/test-intermediate-CA.pem 507s [p11_child[2251]] [main] (0x0400): p11_child started. 507s [p11_child[2251]] [main] (0x2000): Running in [pre-auth] mode. 507s [p11_child[2251]] [main] (0x2000): Running with effective IDs: [0][0]. 507s [p11_child[2251]] [main] (0x2000): Running with real IDs [0][0]. 507s [p11_child[2251]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 507s [p11_child[2251]] [do_card] (0x4000): Module List: 507s [p11_child[2251]] [do_card] (0x4000): common name: [softhsm2]. 507s [p11_child[2251]] [do_card] (0x4000): dll name: [/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 507s [p11_child[2251]] [do_card] (0x4000): Description [SoftHSM slot ID 0x1b17ee26] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 507s [p11_child[2251]] [do_card] (0x4000): Token label [Test Organization Interme Token]. 507s [p11_child[2251]] [do_card] (0x4000): Found [Test Organization Interme Token] in slot [SoftHSM slot ID 0x1b17ee26][454553126] of module [0][/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 507s [p11_child[2251]] [do_card] (0x4000): Login NOT required. 507s [p11_child[2251]] [read_certs] (0x4000): found cert[Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] 507s [p11_child[2251]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 507s [p11_child[2251]] [do_card] (0x4000): /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so (null) Test Organization Interme Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 507s [p11_child[2251]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x1b17ee26;slot-manufacturer=SoftHSM%20project;slot-id=454553126;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=6449adc99b17ee26;token=Test%20Organization%20Interme%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Intermediate%20Trusted%20Certificate%200001;type=cert. 507s [p11_child[2251]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 507s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-vlpXTn/SSSD-child-30611.output 507s + echo '-----BEGIN CERTIFICATE-----' 507s + tail -n1 /tmp/sssd-softhsm2-vlpXTn/SSSD-child-30611.output 507s + echo '-----END CERTIFICATE-----' 507s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-vlpXTn/SSSD-child-30611.pem 507s Certificate: 507s Data: 507s Version: 3 (0x2) 507s Serial Number: 4 (0x4) 507s Signature Algorithm: sha256WithRSAEncryption 507s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate CA 507s Validity 507s Not Before: Mar 24 07:28:29 2024 GMT 507s Not After : Mar 24 07:28:29 2025 GMT 507s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate Trusted Certificate 0001 507s Subject Public Key Info: 507s Public Key Algorithm: rsaEncryption 507s Public-Key: (1024 bit) 507s Modulus: 507s 00:93:d7:24:42:04:c4:8d:0d:74:9a:c7:a6:98:9e: 507s 41:32:a6:65:28:1c:f1:c7:8c:e7:14:ca:17:3e:f6: 507s b6:b4:dc:2e:bb:bd:31:ac:c0:be:d3:6b:86:9c:41: 507s 25:96:3c:2a:d3:d8:a7:6e:fb:e1:cd:54:c8:61:45: 507s 23:a6:5d:4e:ec:de:0b:9f:48:60:76:e4:23:42:86: 507s b7:52:fd:0c:e6:96:3f:d1:73:e3:b8:8b:ae:f3:3e: 507s a3:8c:e3:31:c6:f1:72:a4:f0:70:84:04:90:35:95: 507s 08:3b:fd:b7:82:22:a3:38:36:20:39:89:94:dc:d2: 507s 6b:e0:55:22:c3:ef:86:7e:e1 507s Exponent: 65537 (0x10001) 507s X509v3 extensions: 507s X509v3 Authority Key Identifier: 507s 67:0B:FE:DA:12:B8:64:88:B8:D3:46:EA:CE:9B:FC:46:E0:4B:0B:04 507s X509v3 Basic Constraints: 507s CA:FALSE 507s Netscape Cert Type: 507s SSL Client, S/MIME 507s Netscape Comment: 507s Test Organization Intermediate CA trusted Certificate 507s X509v3 Subject Key Identifier: 507s 5F:5E:43:C7:B0:36:27:5A:EC:43:ED:E3:B9:80:4F:13:FB:81:F0:A1 507s X509v3 Key Usage: critical 507s Digital Signature, Non Repudiation, Key Encipherment 507s X509v3 Extended Key Usage: 507s TLS Web Client Authentication, E-mail Protection 507s X509v3 Subject Alternative Name: 507s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 507s Signature Algorithm: sha256WithRSAEncryption 507s Signature Value: 507s 69:39:34:8b:d8:38:07:99:24:3b:d9:14:4e:4c:de:e3:97:7e: 507s 95:9d:b2:1a:cc:fc:b5:3a:af:9f:f3:94:b5:69:a6:7c:69:1d: 507s 4a:61:03:bd:e6:84:34:ce:85:70:bc:05:07:b2:4e:5b:b2:04: 507s 60:df:b6:d2:80:6f:e7:e0:1e:61:18:a7:b9:1a:70:60:98:e6: 507s 1d:5c:91:8c:e1:9a:5a:d3:a4:a6:0d:2e:e8:2d:a9:30:7c:46: 507s a2:6a:60:b4:6c:0b:f7:b4:50:1f:e0:2e:3a:85:10:8e:dc:ab: 507s 01:26:38:4e:64:78:cd:34:b5:ef:69:d1:2d:a9:38:f7:fc:6e: 507s fd:2d 507s + local found_md5 expected_md5 507s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-vlpXTn/test-intermediate-CA-trusted-certificate-0001.pem 507s + expected_md5=Modulus=93D7244204C48D0D749AC7A6989E4132A665281CF1C78CE714CA173EF6B6B4DC2EBBBD31ACC0BED36B869C4125963C2AD3D8A76EFBE1CD54C8614523A65D4EECDE0B9F486076E4234286B752FD0CE6963FD173E3B88BAEF33EA38CE331C6F172A4F0708404903595083BFDB78222A3383620398994DCD26BE05522C3EF867EE1 507s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-vlpXTn/SSSD-child-30611.pem 507s + found_md5=Modulus=93D7244204C48D0D749AC7A6989E4132A665281CF1C78CE714CA173EF6B6B4DC2EBBBD31ACC0BED36B869C4125963C2AD3D8A76EFBE1CD54C8614523A65D4EECDE0B9F486076E4234286B752FD0CE6963FD173E3B88BAEF33EA38CE331C6F172A4F0708404903595083BFDB78222A3383620398994DCD26BE05522C3EF867EE1 507s + '[' Modulus=93D7244204C48D0D749AC7A6989E4132A665281CF1C78CE714CA173EF6B6B4DC2EBBBD31ACC0BED36B869C4125963C2AD3D8A76EFBE1CD54C8614523A65D4EECDE0B9F486076E4234286B752FD0CE6963FD173E3B88BAEF33EA38CE331C6F172A4F0708404903595083BFDB78222A3383620398994DCD26BE05522C3EF867EE1 '!=' Modulus=93D7244204C48D0D749AC7A6989E4132A665281CF1C78CE714CA173EF6B6B4DC2EBBBD31ACC0BED36B869C4125963C2AD3D8A76EFBE1CD54C8614523A65D4EECDE0B9F486076E4234286B752FD0CE6963FD173E3B88BAEF33EA38CE331C6F172A4F0708404903595083BFDB78222A3383620398994DCD26BE05522C3EF867EE1 ']' 507s + output_file=/tmp/sssd-softhsm2-vlpXTn/SSSD-child-30611-auth.output 507s ++ basename /tmp/sssd-softhsm2-vlpXTn/SSSD-child-30611-auth.output .output 507s + output_cert_file=/tmp/sssd-softhsm2-vlpXTn/SSSD-child-30611-auth.pem 507s + echo -n 053350 507s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/tmp/sssd-softhsm2-vlpXTn/test-intermediate-CA.pem --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 --verify=partial_chain --token_name 'Test Organization Interme Token' --module_name /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so 507s [p11_child[2259]] [main] (0x0400): p11_child started. 507s [p11_child[2259]] [main] (0x2000): Running in [auth] mode. 507s [p11_child[2259]] [main] (0x2000): Running with effective IDs: [0][0]. 507s [p11_child[2259]] [main] (0x2000): Running with real IDs [0][0]. 507s [p11_child[2259]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 507s [p11_child[2259]] [do_card] (0x4000): Module List: 507s [p11_child[2259]] [do_card] (0x4000): common name: [softhsm2]. 507s [p11_child[2259]] [do_card] (0x4000): dll name: [/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 507s [p11_child[2259]] [do_card] (0x4000): Description [SoftHSM slot ID 0x1b17ee26] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 507s [p11_child[2259]] [do_card] (0x4000): Token label [Test Organization Interme Token]. 507s [p11_child[2259]] [do_card] (0x4000): Found [Test Organization Interme Token] in slot [SoftHSM slot ID 0x1b17ee26][454553126] of module [0][/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 507s [p11_child[2259]] [do_card] (0x4000): Login required. 507s [p11_child[2259]] [read_certs] (0x4000): found cert[Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] 507s [p11_child[2259]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 507s [p11_child[2259]] [do_card] (0x4000): /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so Test Organization Interme Token Test Organization Interme Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 507s [p11_child[2259]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x1b17ee26;slot-manufacturer=SoftHSM%20project;slot-id=454553126;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=6449adc99b17ee26;token=Test%20Organization%20Interme%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Intermediate%20Trusted%20Certificate%200001;type=cert. 507s [p11_child[2259]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 507s [p11_child[2259]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 507s [p11_child[2259]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 507s [p11_child[2259]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 507s [p11_child[2259]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 507s [p11_child[2259]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 507s [p11_child[2259]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 507s [p11_child[2259]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 507s [p11_child[2259]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 507s [p11_child[2259]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 507s [p11_child[2259]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 507s [p11_child[2259]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 507s [p11_child[2259]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 507s [p11_child[2259]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 507s [p11_child[2259]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 507s [p11_child[2259]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 507s [p11_child[2259]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 507s [p11_child[2259]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 507s [p11_child[2259]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 507s [p11_child[2259]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 507s [p11_child[2259]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 507s [p11_child[2259]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 507s [p11_child[2259]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 507s [p11_child[2259]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 507s [p11_child[2259]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 507s [p11_child[2259]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 507s [p11_child[2259]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 507s [p11_child[2259]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 507s [p11_child[2259]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 507s [p11_child[2259]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 507s [p11_child[2259]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 507s [p11_child[2259]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 507s [p11_child[2259]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 507s [p11_child[2259]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 507s [p11_child[2259]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 507s [p11_child[2259]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 507s [p11_child[2259]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 507s [p11_child[2259]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 507s [p11_child[2259]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 507s [p11_child[2259]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 507s [p11_child[2259]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 507s [p11_child[2259]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 507s [p11_child[2259]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 507s [p11_child[2259]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 507s [p11_child[2259]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 507s [p11_child[2259]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 507s [p11_child[2259]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 507s [p11_child[2259]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 507s [p11_child[2259]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 507s [p11_child[2259]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 507s [p11_child[2259]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 507s [p11_child[2259]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 507s [p11_child[2259]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 507s [p11_child[2259]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 507s [p11_child[2259]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 507s [p11_child[2259]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 507s [p11_child[2259]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 507s [p11_child[2259]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 507s [p11_child[2259]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 507s [p11_child[2259]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 507s [p11_child[2259]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 507s [p11_child[2259]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 507s [p11_child[2259]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 507s [p11_child[2259]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 507s [p11_child[2259]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 507s [p11_child[2259]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 507s [p11_child[2259]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 507s [p11_child[2259]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 507s [p11_child[2259]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 507s [p11_child[2259]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 507s [p11_child[2259]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 507s [p11_child[2259]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 507s [p11_child[2259]] [do_card] (0x4000): Certificate verified and validated. 507s [p11_child[2259]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 507s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-vlpXTn/SSSD-child-30611-auth.output 507s + echo '-----BEGIN CERTIFICATE-----' 507s + tail -n1 /tmp/sssd-softhsm2-vlpXTn/SSSD-child-30611-auth.output 507s + echo '-----END CERTIFICATE-----' 507s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-vlpXTn/SSSD-child-30611-auth.pem 507s Certificate: 507s Data: 507s Version: 3 (0x2) 507s Serial Number: 4 (0x4) 507s Signature Algorithm: sha256WithRSAEncryption 507s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate CA 507s Validity 507s Not Before: Mar 24 07:28:29 2024 GMT 507s Not After : Mar 24 07:28:29 2025 GMT 507s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate Trusted Certificate 0001 507s Subject Public Key Info: 507s Public Key Algorithm: rsaEncryption 507s Public-Key: (1024 bit) 507s Modulus: 507s 00:93:d7:24:42:04:c4:8d:0d:74:9a:c7:a6:98:9e: 507s 41:32:a6:65:28:1c:f1:c7:8c:e7:14:ca:17:3e:f6: 507s b6:b4:dc:2e:bb:bd:31:ac:c0:be:d3:6b:86:9c:41: 507s 25:96:3c:2a:d3:d8:a7:6e:fb:e1:cd:54:c8:61:45: 507s 23:a6:5d:4e:ec:de:0b:9f:48:60:76:e4:23:42:86: 507s b7:52:fd:0c:e6:96:3f:d1:73:e3:b8:8b:ae:f3:3e: 507s a3:8c:e3:31:c6:f1:72:a4:f0:70:84:04:90:35:95: 507s 08:3b:fd:b7:82:22:a3:38:36:20:39:89:94:dc:d2: 507s 6b:e0:55:22:c3:ef:86:7e:e1 507s Exponent: 65537 (0x10001) 507s X509v3 extensions: 507s X509v3 Authority Key Identifier: 507s 67:0B:FE:DA:12:B8:64:88:B8:D3:46:EA:CE:9B:FC:46:E0:4B:0B:04 507s X509v3 Basic Constraints: 507s CA:FALSE 507s Netscape Cert Type: 507s SSL Client, S/MIME 507s Netscape Comment: 507s Test Organization Intermediate CA trusted Certificate 507s X509v3 Subject Key Identifier: 507s 5F:5E:43:C7:B0:36:27:5A:EC:43:ED:E3:B9:80:4F:13:FB:81:F0:A1 507s X509v3 Key Usage: critical 507s Digital Signature, Non Repudiation, Key Encipherment 507s X509v3 Extended Key Usage: 507s TLS Web Client Authentication, E-mail Protection 507s X509v3 Subject Alternative Name: 507s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 507s Signature Algorithm: sha256WithRSAEncryption 507s Signature Value: 507s 69:39:34:8b:d8:38:07:99:24:3b:d9:14:4e:4c:de:e3:97:7e: 507s 95:9d:b2:1a:cc:fc:b5:3a:af:9f:f3:94:b5:69:a6:7c:69:1d: 507s 4a:61:03:bd:e6:84:34:ce:85:70:bc:05:07:b2:4e:5b:b2:04: 507s 60:df:b6:d2:80:6f:e7:e0:1e:61:18:a7:b9:1a:70:60:98:e6: 507s 1d:5c:91:8c:e1:9a:5a:d3:a4:a6:0d:2e:e8:2d:a9:30:7c:46: 507s a2:6a:60:b4:6c:0b:f7:b4:50:1f:e0:2e:3a:85:10:8e:dc:ab: 507s 01:26:38:4e:64:78:cd:34:b5:ef:69:d1:2d:a9:38:f7:fc:6e: 507s fd:2d 507s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-vlpXTn/SSSD-child-30611-auth.pem 507s + found_md5=Modulus=93D7244204C48D0D749AC7A6989E4132A665281CF1C78CE714CA173EF6B6B4DC2EBBBD31ACC0BED36B869C4125963C2AD3D8A76EFBE1CD54C8614523A65D4EECDE0B9F486076E4234286B752FD0CE6963FD173E3B88BAEF33EA38CE331C6F172A4F0708404903595083BFDB78222A3383620398994DCD26BE05522C3EF867EE1 507s + '[' Modulus=93D7244204C48D0D749AC7A6989E4132A665281CF1C78CE714CA173EF6B6B4DC2EBBBD31ACC0BED36B869C4125963C2AD3D8A76EFBE1CD54C8614523A65D4EECDE0B9F486076E4234286B752FD0CE6963FD173E3B88BAEF33EA38CE331C6F172A4F0708404903595083BFDB78222A3383620398994DCD26BE05522C3EF867EE1 '!=' Modulus=93D7244204C48D0D749AC7A6989E4132A665281CF1C78CE714CA173EF6B6B4DC2EBBBD31ACC0BED36B869C4125963C2AD3D8A76EFBE1CD54C8614523A65D4EECDE0B9F486076E4234286B752FD0CE6963FD173E3B88BAEF33EA38CE331C6F172A4F0708404903595083BFDB78222A3383620398994DCD26BE05522C3EF867EE1 ']' 507s + invalid_certificate /tmp/sssd-softhsm2-vlpXTn/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-13742 /tmp/sssd-softhsm2-vlpXTn/test-root-CA.pem 507s + check_certificate /tmp/sssd-softhsm2-vlpXTn/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-13742 /tmp/sssd-softhsm2-vlpXTn/test-root-CA.pem 507s + local certificate=/tmp/sssd-softhsm2-vlpXTn/test-sub-intermediate-CA-trusted-certificate-0001.pem 507s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-13742 507s + local key_ring=/tmp/sssd-softhsm2-vlpXTn/test-root-CA.pem 507s + local verify_option= 507s + prepare_softhsm2_card /tmp/sssd-softhsm2-vlpXTn/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-13742 507s + local certificate=/tmp/sssd-softhsm2-vlpXTn/test-sub-intermediate-CA-trusted-certificate-0001.pem 507s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-13742 507s + local key_cn 507s + local key_name 507s + local tokens_dir 507s + local output_cert_file 507s + token_name= 507s ++ basename /tmp/sssd-softhsm2-vlpXTn/test-sub-intermediate-CA-trusted-certificate-0001.pem .pem 507s + key_name=test-sub-intermediate-CA-trusted-certificate-0001 507s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-vlpXTn/test-sub-intermediate-CA-trusted-certificate-0001.pem 507s ++ sed -n 's/ *commonName *= //p' 507s + key_cn='Test Organization Sub Intermediate Trusted Certificate 0001' 507s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 507s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-vlpXTn/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 507s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-vlpXTn/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 507s ++ basename /tmp/sssd-softhsm2-vlpXTn/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf .conf 507s + tokens_dir=/tmp/sssd-softhsm2-vlpXTn/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 507s + token_name='Test Organization Sub Int Token' 507s + '[' '!' -e /tmp/sssd-softhsm2-vlpXTn/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf ']' 507s + local key_file 507s + local decrypted_key 507s + mkdir -p /tmp/sssd-softhsm2-vlpXTn/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 507s + key_file=/tmp/sssd-softhsm2-vlpXTn/test-sub-intermediate-CA-trusted-certificate-0001-key.pem 507s + decrypted_key=/tmp/sssd-softhsm2-vlpXTn/test-sub-intermediate-CA-trusted-certificate-0001-key-decrypted.pem 507s + cat 507s + softhsm2-util --init-token --label 'Test Organization Sub Int Token' --pin 053350 --so-pin 053350 --free 507s Slot 0 has a free/uninitialized token. 507s The token has been initialized and is reassigned to slot 301487192 507s + softhsm2-util --show-slots 507s Available slots: 507s Slot 301487192 507s Slot info: 507s Description: SoftHSM slot ID 0x11f85458 507s Manufacturer ID: SoftHSM project 507s Hardware version: 2.6 507s Firmware version: 2.6 507s Token present: yes 507s Token info: 507s Manufacturer ID: SoftHSM project 507s Model: SoftHSM v2 507s Hardware version: 2.6 507s Firmware version: 2.6 507s Serial number: ab94459d91f85458 507s Initialized: yes 507s User PIN init.: yes 507s Label: Test Organization Sub Int Token 507s Slot 1 507s Slot info: 507s Description: SoftHSM slot ID 0x1 507s Manufacturer ID: SoftHSM project 507s Hardware version: 2.6 507s Firmware version: 2.6 507s Token present: yes 507s Token info: 507s Manufacturer ID: SoftHSM project 507s Model: SoftHSM v2 507s Hardware version: 2.6 507s Firmware version: 2.6 507s Serial number: 507s Initialized: no 507s User PIN init.: no 507s Label: 507s + p11tool --provider=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so --write --no-mark-private --load-certificate=/tmp/sssd-softhsm2-vlpXTn/test-sub-intermediate-CA-trusted-certificate-0001.pem --login --set-pin=053350 --label 'Test Organization Sub Intermediate Trusted Certificate 0001' --id 00112233445566778899FFAABBCCDDEEFF012345 507s + openssl rsa -passin pass:random-sub-intermediate-ca-trusted-cert-0001-13742 -in /tmp/sssd-softhsm2-vlpXTn/test-sub-intermediate-CA-trusted-certificate-0001-key.pem -out /tmp/sssd-softhsm2-vlpXTn/test-sub-intermediate-CA-trusted-certificate-0001-key-decrypted.pem 507s writing RSA key 507s + p11tool --provider=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so --write --load-privkey=/tmp/sssd-softhsm2-vlpXTn/test-sub-intermediate-CA-trusted-certificate-0001-key-decrypted.pem --login --set-pin=053350 --label 'Test Organization Sub Intermediate Trusted Certificate 0001 Key' --id 00112233445566778899FFAABBCCDDEEFF012345 507s + rm /tmp/sssd-softhsm2-vlpXTn/test-sub-intermediate-CA-trusted-certificate-0001-key-decrypted.pem 507s + p11tool --provider=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so --list-all 507s Object 0: 507s URL: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=ab94459d91f85458;token=Test%20Organization%20Sub%20Int%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Sub%20Intermediate%20Trusted%20Certificate%200001;type=cert 507s Type: X.509 Certificate (RSA-1024) 507s Expires: Mon Mar 24 07:28:29 2025 507s Label: Test Organization Sub Intermediate Trusted Certificate 0001 507s ID: 00:11:22:33:44:55:66:77:88:99:ff:aa:bb:cc:dd:ee:ff:01:23:45 507s 507s + echo 'Test Organization Sub Int Token' 507s Test Organization Sub Int Token 507s + '[' -n '' ']' 507s + local output_base_name=SSSD-child-23528 507s + local output_file=/tmp/sssd-softhsm2-vlpXTn/SSSD-child-23528.output 507s + output_cert_file=/tmp/sssd-softhsm2-vlpXTn/SSSD-child-23528.pem 507s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so '' --ca_db=/tmp/sssd-softhsm2-vlpXTn/test-root-CA.pem 507s [p11_child[2278]] [main] (0x0400): p11_child started. 507s [p11_child[2278]] [main] (0x2000): Running in [pre-auth] mode. 507s [p11_child[2278]] [main] (0x2000): Running with effective IDs: [0][0]. 507s [p11_child[2278]] [main] (0x2000): Running with real IDs [0][0]. 507s [p11_child[2278]] [do_card] (0x4000): Module List: 507s [p11_child[2278]] [do_card] (0x4000): common name: [softhsm2]. 507s [p11_child[2278]] [do_card] (0x4000): dll name: [/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 507s [p11_child[2278]] [do_card] (0x4000): Description [SoftHSM slot ID 0x11f85458] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 507s [p11_child[2278]] [do_card] (0x4000): Token label [Test Organization Sub Int Token]. 507s [p11_child[2278]] [do_card] (0x4000): Found [Test Organization Sub Int Token] in slot [SoftHSM slot ID 0x11f85458][301487192] of module [0][/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 507s [p11_child[2278]] [do_card] (0x4000): Login NOT required. 507s [p11_child[2278]] [read_certs] (0x4000): found cert[Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] 507s [p11_child[2278]] [do_verification] (0x0040): X509_verify_cert failed [0]. 507s [p11_child[2278]] [do_verification] (0x0040): X509_verify_cert failed [20][unable to get local issuer certificate]. 507s [p11_child[2278]] [read_certs] (0x0040): Certificate [Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] not valid, skipping. 507s [p11_child[2278]] [do_card] (0x4000): No certificate found. 507s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-vlpXTn/SSSD-child-23528.output 507s + return 2 507s + invalid_certificate /tmp/sssd-softhsm2-vlpXTn/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-13742 /tmp/sssd-softhsm2-vlpXTn/test-root-CA.pem partial_chain 507s + check_certificate /tmp/sssd-softhsm2-vlpXTn/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-13742 /tmp/sssd-softhsm2-vlpXTn/test-root-CA.pem partial_chain 507s + local certificate=/tmp/sssd-softhsm2-vlpXTn/test-sub-intermediate-CA-trusted-certificate-0001.pem 507s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-13742 507s + local key_ring=/tmp/sssd-softhsm2-vlpXTn/test-root-CA.pem 507s + local verify_option=partial_chain 507s + prepare_softhsm2_card /tmp/sssd-softhsm2-vlpXTn/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-13742 507s + local certificate=/tmp/sssd-softhsm2-vlpXTn/test-sub-intermediate-CA-trusted-certificate-0001.pem 507s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-13742 507s + local key_cn 507s + local key_name 507s + local tokens_dir 507s + local output_cert_file 507s + token_name= 507s ++ basename /tmp/sssd-softhsm2-vlpXTn/test-sub-intermediate-CA-trusted-certificate-0001.pem .pem 507s + key_name=test-sub-intermediate-CA-trusted-certificate-0001 507s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-vlpXTn/test-sub-intermediate-CA-trusted-certificate-0001.pem 507s ++ sed -n 's/ *commonName *= //p' 507s + key_cn='Test Organization Sub Intermediate Trusted Certificate 0001' 507s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 507s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-vlpXTn/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 507s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-vlpXTn/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 507s ++ basename /tmp/sssd-softhsm2-vlpXTn/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf .conf 507s Test Organization Sub Int Token 507s + tokens_dir=/tmp/sssd-softhsm2-vlpXTn/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 507s + token_name='Test Organization Sub Int Token' 507s + '[' '!' -e /tmp/sssd-softhsm2-vlpXTn/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf ']' 507s + '[' '!' -d /tmp/sssd-softhsm2-vlpXTn/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 ']' 507s + echo 'Test Organization Sub Int Token' 507s + '[' -n partial_chain ']' 507s + local verify_arg=--verify=partial_chain 507s + local output_base_name=SSSD-child-7851 507s + local output_file=/tmp/sssd-softhsm2-vlpXTn/SSSD-child-7851.output 507s + output_cert_file=/tmp/sssd-softhsm2-vlpXTn/SSSD-child-7851.pem 507s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so --verify=partial_chain --ca_db=/tmp/sssd-softhsm2-vlpXTn/test-root-CA.pem 507s [p11_child[2285]] [main] (0x0400): p11_child started. 507s [p11_child[2285]] [main] (0x2000): Running in [pre-auth] mode. 507s [p11_child[2285]] [main] (0x2000): Running with effective IDs: [0][0]. 507s [p11_child[2285]] [main] (0x2000): Running with real IDs [0][0]. 507s [p11_child[2285]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 507s [p11_child[2285]] [do_card] (0x4000): Module List: 507s [p11_child[2285]] [do_card] (0x4000): common name: [softhsm2]. 507s [p11_child[2285]] [do_card] (0x4000): dll name: [/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 507s [p11_child[2285]] [do_card] (0x4000): Description [SoftHSM slot ID 0x11f85458] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 507s [p11_child[2285]] [do_card] (0x4000): Token label [Test Organization Sub Int Token]. 507s [p11_child[2285]] [do_card] (0x4000): Found [Test Organization Sub Int Token] in slot [SoftHSM slot ID 0x11f85458][301487192] of module [0][/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 507s [p11_child[2285]] [do_card] (0x4000): Login NOT required. 507s [p11_child[2285]] [read_certs] (0x4000): found cert[Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] 507s [p11_child[2285]] [do_verification] (0x0040): X509_verify_cert failed [0]. 507s [p11_child[2285]] [do_verification] (0x0040): X509_verify_cert failed [20][unable to get local issuer certificate]. 507s [p11_child[2285]] [read_certs] (0x0040): Certificate [Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] not valid, skipping. 507s [p11_child[2285]] [do_card] (0x4000): No certificate found. 507s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-vlpXTn/SSSD-child-7851.output 507s + return 2 507s + valid_certificate /tmp/sssd-softhsm2-vlpXTn/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-13742 /tmp/sssd-softhsm2-vlpXTn/test-full-chain-CA.pem 507s + check_certificate /tmp/sssd-softhsm2-vlpXTn/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-13742 /tmp/sssd-softhsm2-vlpXTn/test-full-chain-CA.pem 507s + local certificate=/tmp/sssd-softhsm2-vlpXTn/test-sub-intermediate-CA-trusted-certificate-0001.pem 507s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-13742 507s + local key_ring=/tmp/sssd-softhsm2-vlpXTn/test-full-chain-CA.pem 507s + local verify_option= 507s + prepare_softhsm2_card /tmp/sssd-softhsm2-vlpXTn/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-13742 507s + local certificate=/tmp/sssd-softhsm2-vlpXTn/test-sub-intermediate-CA-trusted-certificate-0001.pem 507s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-13742 507s + local key_cn 507s + local key_name 507s + local tokens_dir 507s + local output_cert_file 507s + token_name= 507s ++ basename /tmp/sssd-softhsm2-vlpXTn/test-sub-intermediate-CA-trusted-certificate-0001.pem .pem 507s + key_name=test-sub-intermediate-CA-trusted-certificate-0001 507s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-vlpXTn/test-sub-intermediate-CA-trusted-certificate-0001.pem 507s ++ sed -n 's/ *commonName *= //p' 507s + key_cn='Test Organization Sub Intermediate Trusted Certificate 0001' 507s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 507s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-vlpXTn/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 507s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-vlpXTn/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 507s ++ basename /tmp/sssd-softhsm2-vlpXTn/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf .conf 507s Test Organization Sub Int Token 507s + tokens_dir=/tmp/sssd-softhsm2-vlpXTn/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 507s + token_name='Test Organization Sub Int Token' 507s + '[' '!' -e /tmp/sssd-softhsm2-vlpXTn/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf ']' 507s + '[' '!' -d /tmp/sssd-softhsm2-vlpXTn/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 ']' 507s + echo 'Test Organization Sub Int Token' 507s + '[' -n '' ']' 507s + local output_base_name=SSSD-child-1527 507s + local output_file=/tmp/sssd-softhsm2-vlpXTn/SSSD-child-1527.output 507s + output_cert_file=/tmp/sssd-softhsm2-vlpXTn/SSSD-child-1527.pem 507s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so '' --ca_db=/tmp/sssd-softhsm2-vlpXTn/test-full-chain-CA.pem 507s [p11_child[2292]] [main] (0x0400): p11_child started. 507s [p11_child[2292]] [main] (0x2000): Running in [pre-auth] mode. 507s [p11_child[2292]] [main] (0x2000): Running with effective IDs: [0][0]. 507s [p11_child[2292]] [main] (0x2000): Running with real IDs [0][0]. 507s [p11_child[2292]] [do_card] (0x4000): Module List: 507s [p11_child[2292]] [do_card] (0x4000): common name: [softhsm2]. 507s [p11_child[2292]] [do_card] (0x4000): dll name: [/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 507s [p11_child[2292]] [do_card] (0x4000): Description [SoftHSM slot ID 0x11f85458] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 507s [p11_child[2292]] [do_card] (0x4000): Token label [Test Organization Sub Int Token]. 507s [p11_child[2292]] [do_card] (0x4000): Found [Test Organization Sub Int Token] in slot [SoftHSM slot ID 0x11f85458][301487192] of module [0][/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 507s [p11_child[2292]] [do_card] (0x4000): Login NOT required. 507s [p11_child[2292]] [read_certs] (0x4000): found cert[Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] 507s [p11_child[2292]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 507s [p11_child[2292]] [do_card] (0x4000): /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so (null) Test Organization Sub Int Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 507s [p11_child[2292]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x11f85458;slot-manufacturer=SoftHSM%20project;slot-id=301487192;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=ab94459d91f85458;token=Test%20Organization%20Sub%20Int%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Sub%20Intermediate%20Trusted%20Certificate%200001;type=cert. 507s [p11_child[2292]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 507s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-vlpXTn/SSSD-child-1527.output 507s + echo '-----BEGIN CERTIFICATE-----' 507s + tail -n1 /tmp/sssd-softhsm2-vlpXTn/SSSD-child-1527.output 507s + echo '-----END CERTIFICATE-----' 507s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-vlpXTn/SSSD-child-1527.pem 507s Certificate: 507s Data: 507s Version: 3 (0x2) 507s Serial Number: 5 (0x5) 507s Signature Algorithm: sha256WithRSAEncryption 507s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate CA 507s Validity 507s Not Before: Mar 24 07:28:29 2024 GMT 507s Not After : Mar 24 07:28:29 2025 GMT 507s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate Trusted Certificate 0001 507s Subject Public Key Info: 507s Public Key Algorithm: rsaEncryption 507s Public-Key: (1024 bit) 507s Modulus: 507s 00:e4:4a:83:d2:41:3e:70:8a:76:97:9b:ed:86:be: 507s 70:5a:3e:14:31:e8:46:93:41:4b:e6:da:f7:d2:9b: 507s a3:66:0b:59:b1:91:56:19:11:6a:78:42:ed:1c:43: 507s 6c:4a:f1:09:9f:e1:48:80:74:2b:5c:eb:68:15:29: 507s 8a:e3:63:9f:59:57:ad:ab:95:ca:da:55:b2:3d:1d: 507s 4a:7a:59:76:94:8a:f1:5f:e6:57:42:c6:c3:8b:3d: 507s 6f:b8:3c:85:04:d4:2c:7b:13:05:9e:fb:d5:84:11: 507s 28:1f:01:92:0e:3d:d2:19:e9:f1:5f:cd:5a:f3:f5: 507s ac:60:67:25:fc:d4:11:05:e9 507s Exponent: 65537 (0x10001) 507s X509v3 extensions: 507s X509v3 Authority Key Identifier: 507s A8:F9:07:D1:43:8C:59:11:17:86:26:23:2A:46:80:94:FC:84:75:0B 507s X509v3 Basic Constraints: 507s CA:FALSE 507s Netscape Cert Type: 507s SSL Client, S/MIME 507s Netscape Comment: 507s Test Organization Sub Intermediate CA trusted Certificate 507s X509v3 Subject Key Identifier: 507s EC:00:82:86:7A:AD:E5:0A:4F:51:BF:2E:E1:9B:F0:7E:43:07:0B:CC 507s X509v3 Key Usage: critical 507s Digital Signature, Non Repudiation, Key Encipherment 507s X509v3 Extended Key Usage: 507s TLS Web Client Authentication, E-mail Protection 507s X509v3 Subject Alternative Name: 507s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 507s Signature Algorithm: sha256WithRSAEncryption 507s Signature Value: 507s 82:8c:8a:73:26:ca:02:ea:16:8e:cf:1b:a8:f2:e5:2c:6c:4d: 507s 19:56:6c:23:40:ad:c1:3f:20:fa:91:21:ab:da:8b:1a:43:ae: 507s 0d:f8:1d:ad:d3:5e:16:df:a1:b2:d8:73:f2:69:62:ca:dd:62: 507s 72:f1:d3:b3:8a:ce:23:bb:9c:ee:84:00:ac:9c:29:93:42:b2: 507s ca:67:a4:10:75:67:cb:be:07:ec:39:6b:d6:f9:d9:48:7b:c5: 507s 02:7c:a0:bb:a4:8c:cf:6d:ad:b7:2b:22:c5:3e:d2:ff:8a:da: 507s fc:f4:b5:28:eb:76:71:af:65:e1:52:e8:a8:0d:aa:53:2f:87: 507s 0c:01 507s + local found_md5 expected_md5 507s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-vlpXTn/test-sub-intermediate-CA-trusted-certificate-0001.pem 507s + expected_md5=Modulus=E44A83D2413E708A76979BED86BE705A3E1431E84693414BE6DAF7D29BA3660B59B1915619116A7842ED1C436C4AF1099FE14880742B5CEB6815298AE3639F5957ADAB95CADA55B23D1D4A7A5976948AF15FE65742C6C38B3D6FB83C8504D42C7B13059EFBD58411281F01920E3DD219E9F15FCD5AF3F5AC606725FCD41105E9 507s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-vlpXTn/SSSD-child-1527.pem 507s + found_md5=Modulus=E44A83D2413E708A76979BED86BE705A3E1431E84693414BE6DAF7D29BA3660B59B1915619116A7842ED1C436C4AF1099FE14880742B5CEB6815298AE3639F5957ADAB95CADA55B23D1D4A7A5976948AF15FE65742C6C38B3D6FB83C8504D42C7B13059EFBD58411281F01920E3DD219E9F15FCD5AF3F5AC606725FCD41105E9 507s + '[' Modulus=E44A83D2413E708A76979BED86BE705A3E1431E84693414BE6DAF7D29BA3660B59B1915619116A7842ED1C436C4AF1099FE14880742B5CEB6815298AE3639F5957ADAB95CADA55B23D1D4A7A5976948AF15FE65742C6C38B3D6FB83C8504D42C7B13059EFBD58411281F01920E3DD219E9F15FCD5AF3F5AC606725FCD41105E9 '!=' Modulus=E44A83D2413E708A76979BED86BE705A3E1431E84693414BE6DAF7D29BA3660B59B1915619116A7842ED1C436C4AF1099FE14880742B5CEB6815298AE3639F5957ADAB95CADA55B23D1D4A7A5976948AF15FE65742C6C38B3D6FB83C8504D42C7B13059EFBD58411281F01920E3DD219E9F15FCD5AF3F5AC606725FCD41105E9 ']' 507s + output_file=/tmp/sssd-softhsm2-vlpXTn/SSSD-child-1527-auth.output 507s ++ basename /tmp/sssd-softhsm2-vlpXTn/SSSD-child-1527-auth.output .output 507s + output_cert_file=/tmp/sssd-softhsm2-vlpXTn/SSSD-child-1527-auth.pem 507s + echo -n 053350 507s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/tmp/sssd-softhsm2-vlpXTn/test-full-chain-CA.pem --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 '' --token_name 'Test Organization Sub Int Token' --module_name /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so 507s [p11_child[2300]] [main] (0x0400): p11_child started. 507s [p11_child[2300]] [main] (0x2000): Running in [auth] mode. 507s [p11_child[2300]] [main] (0x2000): Running with effective IDs: [0][0]. 507s [p11_child[2300]] [main] (0x2000): Running with real IDs [0][0]. 507s [p11_child[2300]] [do_card] (0x4000): Module List: 507s [p11_child[2300]] [do_card] (0x4000): common name: [softhsm2]. 507s [p11_child[2300]] [do_card] (0x4000): dll name: [/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 507s [p11_child[2300]] [do_card] (0x4000): Description [SoftHSM slot ID 0x11f85458] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 507s [p11_child[2300]] [do_card] (0x4000): Token label [Test Organization Sub Int Token]. 507s [p11_child[2300]] [do_card] (0x4000): Found [Test Organization Sub Int Token] in slot [SoftHSM slot ID 0x11f85458][301487192] of module [0][/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 507s [p11_child[2300]] [do_card] (0x4000): Login required. 507s [p11_child[2300]] [read_certs] (0x4000): found cert[Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] 507s [p11_child[2300]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 507s [p11_child[2300]] [do_card] (0x4000): /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so Test Organization Sub Int Token Test Organization Sub Int Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 507s [p11_child[2300]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x11f85458;slot-manufacturer=SoftHSM%20project;slot-id=301487192;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=ab94459d91f85458;token=Test%20Organization%20Sub%20Int%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Sub%20Intermediate%20Trusted%20Certificate%200001;type=cert. 507s [p11_child[2300]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 507s [p11_child[2300]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 507s [p11_child[2300]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 507s [p11_child[2300]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 507s [p11_child[2300]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 507s [p11_child[2300]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 507s [p11_child[2300]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 507s [p11_child[2300]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 507s [p11_child[2300]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 507s [p11_child[2300]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 507s [p11_child[2300]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 507s [p11_child[2300]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 507s [p11_child[2300]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 507s [p11_child[2300]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 507s [p11_child[2300]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 507s [p11_child[2300]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 507s [p11_child[2300]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 507s [p11_child[2300]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 507s [p11_child[2300]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 507s [p11_child[2300]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 507s [p11_child[2300]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 507s [p11_child[2300]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 507s [p11_child[2300]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 507s [p11_child[2300]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 507s [p11_child[2300]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 507s [p11_child[2300]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 507s [p11_child[2300]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 507s [p11_child[2300]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 507s [p11_child[2300]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 507s [p11_child[2300]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 507s [p11_child[2300]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 507s [p11_child[2300]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 507s [p11_child[2300]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 507s [p11_child[2300]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 507s [p11_child[2300]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 507s [p11_child[2300]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 507s [p11_child[2300]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 507s [p11_child[2300]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 507s [p11_child[2300]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 507s [p11_child[2300]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 507s [p11_child[2300]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 507s [p11_child[2300]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 507s [p11_child[2300]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 507s [p11_child[2300]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 507s [p11_child[2300]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 507s [p11_child[2300]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 507s [p11_child[2300]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 507s [p11_child[2300]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 507s [p11_child[2300]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 507s [p11_child[2300]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 507s [p11_child[2300]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 507s [p11_child[2300]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 507s [p11_child[2300]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 507s [p11_child[2300]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 507s [p11_child[2300]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 507s [p11_child[2300]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 507s [p11_child[2300]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 507s [p11_child[2300]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 507s [p11_child[2300]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 507s [p11_child[2300]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 507s [p11_child[2300]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 507s [p11_child[2300]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 507s [p11_child[2300]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 507s [p11_child[2300]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 507s [p11_child[2300]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 507s [p11_child[2300]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 507s [p11_child[2300]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 507s [p11_child[2300]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 507s [p11_child[2300]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 507s [p11_child[2300]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 507s [p11_child[2300]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 507s [p11_child[2300]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 507s [p11_child[2300]] [do_card] (0x4000): Certificate verified and validated. 507s [p11_child[2300]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 507s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-vlpXTn/SSSD-child-1527-auth.output 507s + echo '-----BEGIN CERTIFICATE-----' 507s + tail -n1 /tmp/sssd-softhsm2-vlpXTn/SSSD-child-1527-auth.output 507s + echo '-----END CERTIFICATE-----' 507s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-vlpXTn/SSSD-child-1527-auth.pem 507s Certificate: 507s Data: 507s Version: 3 (0x2) 507s Serial Number: 5 (0x5) 507s Signature Algorithm: sha256WithRSAEncryption 507s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate CA 507s Validity 507s Not Before: Mar 24 07:28:29 2024 GMT 507s Not After : Mar 24 07:28:29 2025 GMT 507s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate Trusted Certificate 0001 507s Subject Public Key Info: 507s Public Key Algorithm: rsaEncryption 507s Public-Key: (1024 bit) 507s Modulus: 507s 00:e4:4a:83:d2:41:3e:70:8a:76:97:9b:ed:86:be: 507s 70:5a:3e:14:31:e8:46:93:41:4b:e6:da:f7:d2:9b: 507s a3:66:0b:59:b1:91:56:19:11:6a:78:42:ed:1c:43: 507s 6c:4a:f1:09:9f:e1:48:80:74:2b:5c:eb:68:15:29: 507s 8a:e3:63:9f:59:57:ad:ab:95:ca:da:55:b2:3d:1d: 507s 4a:7a:59:76:94:8a:f1:5f:e6:57:42:c6:c3:8b:3d: 507s 6f:b8:3c:85:04:d4:2c:7b:13:05:9e:fb:d5:84:11: 507s 28:1f:01:92:0e:3d:d2:19:e9:f1:5f:cd:5a:f3:f5: 507s ac:60:67:25:fc:d4:11:05:e9 507s Exponent: 65537 (0x10001) 507s X509v3 extensions: 507s X509v3 Authority Key Identifier: 507s A8:F9:07:D1:43:8C:59:11:17:86:26:23:2A:46:80:94:FC:84:75:0B 507s X509v3 Basic Constraints: 507s CA:FALSE 507s Netscape Cert Type: 507s SSL Client, S/MIME 507s Netscape Comment: 507s Test Organization Sub Intermediate CA trusted Certificate 507s X509v3 Subject Key Identifier: 507s EC:00:82:86:7A:AD:E5:0A:4F:51:BF:2E:E1:9B:F0:7E:43:07:0B:CC 507s X509v3 Key Usage: critical 507s Digital Signature, Non Repudiation, Key Encipherment 507s X509v3 Extended Key Usage: 507s TLS Web Client Authentication, E-mail Protection 507s X509v3 Subject Alternative Name: 507s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 507s Signature Algorithm: sha256WithRSAEncryption 507s Signature Value: 507s 82:8c:8a:73:26:ca:02:ea:16:8e:cf:1b:a8:f2:e5:2c:6c:4d: 507s 19:56:6c:23:40:ad:c1:3f:20:fa:91:21:ab:da:8b:1a:43:ae: 507s 0d:f8:1d:ad:d3:5e:16:df:a1:b2:d8:73:f2:69:62:ca:dd:62: 507s 72:f1:d3:b3:8a:ce:23:bb:9c:ee:84:00:ac:9c:29:93:42:b2: 507s ca:67:a4:10:75:67:cb:be:07:ec:39:6b:d6:f9:d9:48:7b:c5: 507s 02:7c:a0:bb:a4:8c:cf:6d:ad:b7:2b:22:c5:3e:d2:ff:8a:da: 507s fc:f4:b5:28:eb:76:71:af:65:e1:52:e8:a8:0d:aa:53:2f:87: 507s 0c:01 507s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-vlpXTn/SSSD-child-1527-auth.pem 507s + found_md5=Modulus=E44A83D2413E708A76979BED86BE705A3E1431E84693414BE6DAF7D29BA3660B59B1915619116A7842ED1C436C4AF1099FE14880742B5CEB6815298AE3639F5957ADAB95CADA55B23D1D4A7A5976948AF15FE65742C6C38B3D6FB83C8504D42C7B13059EFBD58411281F01920E3DD219E9F15FCD5AF3F5AC606725FCD41105E9 507s + '[' Modulus=E44A83D2413E708A76979BED86BE705A3E1431E84693414BE6DAF7D29BA3660B59B1915619116A7842ED1C436C4AF1099FE14880742B5CEB6815298AE3639F5957ADAB95CADA55B23D1D4A7A5976948AF15FE65742C6C38B3D6FB83C8504D42C7B13059EFBD58411281F01920E3DD219E9F15FCD5AF3F5AC606725FCD41105E9 '!=' Modulus=E44A83D2413E708A76979BED86BE705A3E1431E84693414BE6DAF7D29BA3660B59B1915619116A7842ED1C436C4AF1099FE14880742B5CEB6815298AE3639F5957ADAB95CADA55B23D1D4A7A5976948AF15FE65742C6C38B3D6FB83C8504D42C7B13059EFBD58411281F01920E3DD219E9F15FCD5AF3F5AC606725FCD41105E9 ']' 507s + valid_certificate /tmp/sssd-softhsm2-vlpXTn/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-13742 /tmp/sssd-softhsm2-vlpXTn/test-full-chain-CA.pem partial_chain 507s + check_certificate /tmp/sssd-softhsm2-vlpXTn/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-13742 /tmp/sssd-softhsm2-vlpXTn/test-full-chain-CA.pem partial_chain 507s + local certificate=/tmp/sssd-softhsm2-vlpXTn/test-sub-intermediate-CA-trusted-certificate-0001.pem 507s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-13742 507s + local key_ring=/tmp/sssd-softhsm2-vlpXTn/test-full-chain-CA.pem 507s + local verify_option=partial_chain 507s + prepare_softhsm2_card /tmp/sssd-softhsm2-vlpXTn/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-13742 507s + local certificate=/tmp/sssd-softhsm2-vlpXTn/test-sub-intermediate-CA-trusted-certificate-0001.pem 507s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-13742 507s + local key_cn 507s + local key_name 507s + local tokens_dir 507s + local output_cert_file 507s + token_name= 507s ++ basename /tmp/sssd-softhsm2-vlpXTn/test-sub-intermediate-CA-trusted-certificate-0001.pem .pem 507s + key_name=test-sub-intermediate-CA-trusted-certificate-0001 507s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-vlpXTn/test-sub-intermediate-CA-trusted-certificate-0001.pem 507s ++ sed -n 's/ *commonName *= //p' 507s + key_cn='Test Organization Sub Intermediate Trusted Certificate 0001' 507s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 507s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-vlpXTn/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 507s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-vlpXTn/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 507s ++ basename /tmp/sssd-softhsm2-vlpXTn/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf .conf 507s + tokens_dir=/tmp/sssd-softhsm2-vlpXTn/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 507s + token_name='Test Organization Sub Int Token' 507s + '[' '!' -e /tmp/sssd-softhsm2-vlpXTn/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf ']' 507s + '[' '!' -d /tmp/sssd-softhsm2-vlpXTn/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 ']' 507s + echo 'Test Organization Sub Int Token' 507s + '[' -n partial_chain ']' 507s + local verify_arg=--verify=partial_chain 507s + local output_base_name=SSSD-child-20958 507s + local output_file=/tmp/sssd-softhsm2-vlpXTn/SSSD-child-20958.output 507s + output_cert_file=/tmp/sssd-softhsm2-vlpXTn/SSSD-child-20958.pem 507s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so --verify=partial_chain --ca_db=/tmp/sssd-softhsm2-vlpXTn/test-full-chain-CA.pem 507s Test Organization Sub Int Token 507s [p11_child[2310]] [main] (0x0400): p11_child started. 507s [p11_child[2310]] [main] (0x2000): Running in [pre-auth] mode. 507s [p11_child[2310]] [main] (0x2000): Running with effective IDs: [0][0]. 507s [p11_child[2310]] [main] (0x2000): Running with real IDs [0][0]. 507s [p11_child[2310]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 507s [p11_child[2310]] [do_card] (0x4000): Module List: 507s [p11_child[2310]] [do_card] (0x4000): common name: [softhsm2]. 507s [p11_child[2310]] [do_card] (0x4000): dll name: [/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 507s [p11_child[2310]] [do_card] (0x4000): Description [SoftHSM slot ID 0x11f85458] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 507s [p11_child[2310]] [do_card] (0x4000): Token label [Test Organization Sub Int Token]. 507s [p11_child[2310]] [do_card] (0x4000): Found [Test Organization Sub Int Token] in slot [SoftHSM slot ID 0x11f85458][301487192] of module [0][/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 507s [p11_child[2310]] [do_card] (0x4000): Login NOT required. 507s [p11_child[2310]] [read_certs] (0x4000): found cert[Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] 507s [p11_child[2310]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 507s [p11_child[2310]] [do_card] (0x4000): /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so (null) Test Organization Sub Int Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 507s [p11_child[2310]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x11f85458;slot-manufacturer=SoftHSM%20project;slot-id=301487192;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=ab94459d91f85458;token=Test%20Organization%20Sub%20Int%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Sub%20Intermediate%20Trusted%20Certificate%200001;type=cert. 507s [p11_child[2310]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 507s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-vlpXTn/SSSD-child-20958.output 507s + echo '-----BEGIN CERTIFICATE-----' 507s + tail -n1 /tmp/sssd-softhsm2-vlpXTn/SSSD-child-20958.output 507s + echo '-----END CERTIFICATE-----' 507s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-vlpXTn/SSSD-child-20958.pem 507s Certificate: 507s Data: 507s Version: 3 (0x2) 507s Serial Number: 5 (0x5) 507s Signature Algorithm: sha256WithRSAEncryption 507s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate CA 507s Validity 507s Not Before: Mar 24 07:28:29 2024 GMT 507s Not After : Mar 24 07:28:29 2025 GMT 507s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate Trusted Certificate 0001 507s Subject Public Key Info: 507s Public Key Algorithm: rsaEncryption 507s Public-Key: (1024 bit) 507s Modulus: 507s 00:e4:4a:83:d2:41:3e:70:8a:76:97:9b:ed:86:be: 507s 70:5a:3e:14:31:e8:46:93:41:4b:e6:da:f7:d2:9b: 507s a3:66:0b:59:b1:91:56:19:11:6a:78:42:ed:1c:43: 507s 6c:4a:f1:09:9f:e1:48:80:74:2b:5c:eb:68:15:29: 507s 8a:e3:63:9f:59:57:ad:ab:95:ca:da:55:b2:3d:1d: 507s 4a:7a:59:76:94:8a:f1:5f:e6:57:42:c6:c3:8b:3d: 507s 6f:b8:3c:85:04:d4:2c:7b:13:05:9e:fb:d5:84:11: 507s 28:1f:01:92:0e:3d:d2:19:e9:f1:5f:cd:5a:f3:f5: 507s ac:60:67:25:fc:d4:11:05:e9 507s Exponent: 65537 (0x10001) 507s X509v3 extensions: 507s X509v3 Authority Key Identifier: 507s A8:F9:07:D1:43:8C:59:11:17:86:26:23:2A:46:80:94:FC:84:75:0B 507s X509v3 Basic Constraints: 507s CA:FALSE 507s Netscape Cert Type: 507s SSL Client, S/MIME 507s Netscape Comment: 507s Test Organization Sub Intermediate CA trusted Certificate 507s X509v3 Subject Key Identifier: 507s EC:00:82:86:7A:AD:E5:0A:4F:51:BF:2E:E1:9B:F0:7E:43:07:0B:CC 507s X509v3 Key Usage: critical 507s Digital Signature, Non Repudiation, Key Encipherment 507s X509v3 Extended Key Usage: 507s TLS Web Client Authentication, E-mail Protection 507s X509v3 Subject Alternative Name: 507s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 507s Signature Algorithm: sha256WithRSAEncryption 507s Signature Value: 507s 82:8c:8a:73:26:ca:02:ea:16:8e:cf:1b:a8:f2:e5:2c:6c:4d: 507s 19:56:6c:23:40:ad:c1:3f:20:fa:91:21:ab:da:8b:1a:43:ae: 507s 0d:f8:1d:ad:d3:5e:16:df:a1:b2:d8:73:f2:69:62:ca:dd:62: 507s 72:f1:d3:b3:8a:ce:23:bb:9c:ee:84:00:ac:9c:29:93:42:b2: 507s ca:67:a4:10:75:67:cb:be:07:ec:39:6b:d6:f9:d9:48:7b:c5: 507s 02:7c:a0:bb:a4:8c:cf:6d:ad:b7:2b:22:c5:3e:d2:ff:8a:da: 507s fc:f4:b5:28:eb:76:71:af:65:e1:52:e8:a8:0d:aa:53:2f:87: 507s 0c:01 507s + local found_md5 expected_md5 507s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-vlpXTn/test-sub-intermediate-CA-trusted-certificate-0001.pem 507s + expected_md5=Modulus=E44A83D2413E708A76979BED86BE705A3E1431E84693414BE6DAF7D29BA3660B59B1915619116A7842ED1C436C4AF1099FE14880742B5CEB6815298AE3639F5957ADAB95CADA55B23D1D4A7A5976948AF15FE65742C6C38B3D6FB83C8504D42C7B13059EFBD58411281F01920E3DD219E9F15FCD5AF3F5AC606725FCD41105E9 507s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-vlpXTn/SSSD-child-20958.pem 507s + found_md5=Modulus=E44A83D2413E708A76979BED86BE705A3E1431E84693414BE6DAF7D29BA3660B59B1915619116A7842ED1C436C4AF1099FE14880742B5CEB6815298AE3639F5957ADAB95CADA55B23D1D4A7A5976948AF15FE65742C6C38B3D6FB83C8504D42C7B13059EFBD58411281F01920E3DD219E9F15FCD5AF3F5AC606725FCD41105E9 507s + '[' Modulus=E44A83D2413E708A76979BED86BE705A3E1431E84693414BE6DAF7D29BA3660B59B1915619116A7842ED1C436C4AF1099FE14880742B5CEB6815298AE3639F5957ADAB95CADA55B23D1D4A7A5976948AF15FE65742C6C38B3D6FB83C8504D42C7B13059EFBD58411281F01920E3DD219E9F15FCD5AF3F5AC606725FCD41105E9 '!=' Modulus=E44A83D2413E708A76979BED86BE705A3E1431E84693414BE6DAF7D29BA3660B59B1915619116A7842ED1C436C4AF1099FE14880742B5CEB6815298AE3639F5957ADAB95CADA55B23D1D4A7A5976948AF15FE65742C6C38B3D6FB83C8504D42C7B13059EFBD58411281F01920E3DD219E9F15FCD5AF3F5AC606725FCD41105E9 ']' 507s + output_file=/tmp/sssd-softhsm2-vlpXTn/SSSD-child-20958-auth.output 507s ++ basename /tmp/sssd-softhsm2-vlpXTn/SSSD-child-20958-auth.output .output 508s + output_cert_file=/tmp/sssd-softhsm2-vlpXTn/SSSD-child-20958-auth.pem 508s + echo -n 053350 508s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/tmp/sssd-softhsm2-vlpXTn/test-full-chain-CA.pem --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 --verify=partial_chain --token_name 'Test Organization Sub Int Token' --module_name /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so 508s [p11_child[2318]] [main] (0x0400): p11_child started. 508s [p11_child[2318]] [main] (0x2000): Running in [auth] mode. 508s [p11_child[2318]] [main] (0x2000): Running with effective IDs: [0][0]. 508s [p11_child[2318]] [main] (0x2000): Running with real IDs [0][0]. 508s [p11_child[2318]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 508s [p11_child[2318]] [do_card] (0x4000): Module List: 508s [p11_child[2318]] [do_card] (0x4000): common name: [softhsm2]. 508s [p11_child[2318]] [do_card] (0x4000): dll name: [/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 508s [p11_child[2318]] [do_card] (0x4000): Description [SoftHSM slot ID 0x11f85458] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 508s [p11_child[2318]] [do_card] (0x4000): Token label [Test Organization Sub Int Token]. 508s [p11_child[2318]] [do_card] (0x4000): Found [Test Organization Sub Int Token] in slot [SoftHSM slot ID 0x11f85458][301487192] of module [0][/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 508s [p11_child[2318]] [do_card] (0x4000): Login required. 508s [p11_child[2318]] [read_certs] (0x4000): found cert[Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] 508s [p11_child[2318]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 508s [p11_child[2318]] [do_card] (0x4000): /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so Test Organization Sub Int Token Test Organization Sub Int Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 508s [p11_child[2318]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x11f85458;slot-manufacturer=SoftHSM%20project;slot-id=301487192;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=ab94459d91f85458;token=Test%20Organization%20Sub%20Int%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Sub%20Intermediate%20Trusted%20Certificate%200001;type=cert. 508s [p11_child[2318]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 508s [p11_child[2318]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 508s [p11_child[2318]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 508s [p11_child[2318]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 508s [p11_child[2318]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 508s [p11_child[2318]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 508s [p11_child[2318]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 508s [p11_child[2318]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 508s [p11_child[2318]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 508s [p11_child[2318]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 508s [p11_child[2318]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 508s [p11_child[2318]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 508s [p11_child[2318]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 508s [p11_child[2318]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 508s [p11_child[2318]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 508s [p11_child[2318]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 508s [p11_child[2318]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 508s [p11_child[2318]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 508s [p11_child[2318]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 508s [p11_child[2318]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 508s [p11_child[2318]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 508s [p11_child[2318]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 508s [p11_child[2318]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 508s [p11_child[2318]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 508s [p11_child[2318]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 508s [p11_child[2318]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 508s [p11_child[2318]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 508s [p11_child[2318]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 508s [p11_child[2318]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 508s [p11_child[2318]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 508s [p11_child[2318]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 508s [p11_child[2318]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 508s [p11_child[2318]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 508s [p11_child[2318]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 508s [p11_child[2318]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 508s [p11_child[2318]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 508s [p11_child[2318]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 508s [p11_child[2318]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 508s [p11_child[2318]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 508s [p11_child[2318]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 508s [p11_child[2318]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 508s [p11_child[2318]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 508s [p11_child[2318]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 508s [p11_child[2318]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 508s [p11_child[2318]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 508s [p11_child[2318]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 508s [p11_child[2318]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 508s [p11_child[2318]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 508s [p11_child[2318]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 508s [p11_child[2318]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 508s [p11_child[2318]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 508s [p11_child[2318]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 508s [p11_child[2318]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 508s [p11_child[2318]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 508s [p11_child[2318]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 508s [p11_child[2318]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 508s [p11_child[2318]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 508s [p11_child[2318]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 508s [p11_child[2318]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 508s [p11_child[2318]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 508s [p11_child[2318]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 508s [p11_child[2318]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 508s [p11_child[2318]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 508s [p11_child[2318]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 508s [p11_child[2318]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 508s [p11_child[2318]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 508s [p11_child[2318]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 508s [p11_child[2318]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 508s [p11_child[2318]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 508s [p11_child[2318]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 508s [p11_child[2318]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 508s [p11_child[2318]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 508s [p11_child[2318]] [do_card] (0x4000): Certificate verified and validated. 508s [p11_child[2318]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 508s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-vlpXTn/SSSD-child-20958-auth.output 508s + echo '-----BEGIN CERTIFICATE-----' 508s + tail -n1 /tmp/sssd-softhsm2-vlpXTn/SSSD-child-20958-auth.output 508s + echo '-----END CERTIFICATE-----' 508s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-vlpXTn/SSSD-child-20958-auth.pem 508s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-vlpXTn/SSSD-child-20958-auth.pem 508s Certificate: 508s Data: 508s Version: 3 (0x2) 508s Serial Number: 5 (0x5) 508s Signature Algorithm: sha256WithRSAEncryption 508s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate CA 508s Validity 508s Not Before: Mar 24 07:28:29 2024 GMT 508s Not After : Mar 24 07:28:29 2025 GMT 508s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate Trusted Certificate 0001 508s Subject Public Key Info: 508s Public Key Algorithm: rsaEncryption 508s Public-Key: (1024 bit) 508s Modulus: 508s 00:e4:4a:83:d2:41:3e:70:8a:76:97:9b:ed:86:be: 508s 70:5a:3e:14:31:e8:46:93:41:4b:e6:da:f7:d2:9b: 508s a3:66:0b:59:b1:91:56:19:11:6a:78:42:ed:1c:43: 508s 6c:4a:f1:09:9f:e1:48:80:74:2b:5c:eb:68:15:29: 508s 8a:e3:63:9f:59:57:ad:ab:95:ca:da:55:b2:3d:1d: 508s 4a:7a:59:76:94:8a:f1:5f:e6:57:42:c6:c3:8b:3d: 508s 6f:b8:3c:85:04:d4:2c:7b:13:05:9e:fb:d5:84:11: 508s 28:1f:01:92:0e:3d:d2:19:e9:f1:5f:cd:5a:f3:f5: 508s ac:60:67:25:fc:d4:11:05:e9 508s Exponent: 65537 (0x10001) 508s X509v3 extensions: 508s X509v3 Authority Key Identifier: 508s A8:F9:07:D1:43:8C:59:11:17:86:26:23:2A:46:80:94:FC:84:75:0B 508s X509v3 Basic Constraints: 508s CA:FALSE 508s Netscape Cert Type: 508s SSL Client, S/MIME 508s Netscape Comment: 508s Test Organization Sub Intermediate CA trusted Certificate 508s X509v3 Subject Key Identifier: 508s EC:00:82:86:7A:AD:E5:0A:4F:51:BF:2E:E1:9B:F0:7E:43:07:0B:CC 508s X509v3 Key Usage: critical 508s Digital Signature, Non Repudiation, Key Encipherment 508s X509v3 Extended Key Usage: 508s TLS Web Client Authentication, E-mail Protection 508s X509v3 Subject Alternative Name: 508s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 508s Signature Algorithm: sha256WithRSAEncryption 508s Signature Value: 508s 82:8c:8a:73:26:ca:02:ea:16:8e:cf:1b:a8:f2:e5:2c:6c:4d: 508s 19:56:6c:23:40:ad:c1:3f:20:fa:91:21:ab:da:8b:1a:43:ae: 508s 0d:f8:1d:ad:d3:5e:16:df:a1:b2:d8:73:f2:69:62:ca:dd:62: 508s 72:f1:d3:b3:8a:ce:23:bb:9c:ee:84:00:ac:9c:29:93:42:b2: 508s ca:67:a4:10:75:67:cb:be:07:ec:39:6b:d6:f9:d9:48:7b:c5: 508s 02:7c:a0:bb:a4:8c:cf:6d:ad:b7:2b:22:c5:3e:d2:ff:8a:da: 508s fc:f4:b5:28:eb:76:71:af:65:e1:52:e8:a8:0d:aa:53:2f:87: 508s 0c:01 508s + found_md5=Modulus=E44A83D2413E708A76979BED86BE705A3E1431E84693414BE6DAF7D29BA3660B59B1915619116A7842ED1C436C4AF1099FE14880742B5CEB6815298AE3639F5957ADAB95CADA55B23D1D4A7A5976948AF15FE65742C6C38B3D6FB83C8504D42C7B13059EFBD58411281F01920E3DD219E9F15FCD5AF3F5AC606725FCD41105E9 508s + '[' Modulus=E44A83D2413E708A76979BED86BE705A3E1431E84693414BE6DAF7D29BA3660B59B1915619116A7842ED1C436C4AF1099FE14880742B5CEB6815298AE3639F5957ADAB95CADA55B23D1D4A7A5976948AF15FE65742C6C38B3D6FB83C8504D42C7B13059EFBD58411281F01920E3DD219E9F15FCD5AF3F5AC606725FCD41105E9 '!=' Modulus=E44A83D2413E708A76979BED86BE705A3E1431E84693414BE6DAF7D29BA3660B59B1915619116A7842ED1C436C4AF1099FE14880742B5CEB6815298AE3639F5957ADAB95CADA55B23D1D4A7A5976948AF15FE65742C6C38B3D6FB83C8504D42C7B13059EFBD58411281F01920E3DD219E9F15FCD5AF3F5AC606725FCD41105E9 ']' 508s + invalid_certificate /tmp/sssd-softhsm2-vlpXTn/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-13742 /tmp/sssd-softhsm2-vlpXTn/test-sub-intermediate-CA.pem 508s + check_certificate /tmp/sssd-softhsm2-vlpXTn/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-13742 /tmp/sssd-softhsm2-vlpXTn/test-sub-intermediate-CA.pem 508s + local certificate=/tmp/sssd-softhsm2-vlpXTn/test-sub-intermediate-CA-trusted-certificate-0001.pem 508s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-13742 508s + local key_ring=/tmp/sssd-softhsm2-vlpXTn/test-sub-intermediate-CA.pem 508s + local verify_option= 508s + prepare_softhsm2_card /tmp/sssd-softhsm2-vlpXTn/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-13742 508s + local certificate=/tmp/sssd-softhsm2-vlpXTn/test-sub-intermediate-CA-trusted-certificate-0001.pem 508s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-13742 508s + local key_cn 508s + local key_name 508s + local tokens_dir 508s + local output_cert_file 508s + token_name= 508s ++ basename /tmp/sssd-softhsm2-vlpXTn/test-sub-intermediate-CA-trusted-certificate-0001.pem .pem 508s + key_name=test-sub-intermediate-CA-trusted-certificate-0001 508s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-vlpXTn/test-sub-intermediate-CA-trusted-certificate-0001.pem 508s ++ sed -n 's/ *commonName *= //p' 508s + key_cn='Test Organization Sub Intermediate Trusted Certificate 0001' 508s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 508s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-vlpXTn/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 508s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-vlpXTn/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 508s ++ basename /tmp/sssd-softhsm2-vlpXTn/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf .conf 508s + tokens_dir=/tmp/sssd-softhsm2-vlpXTn/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 508s + token_name='Test Organization Sub Int Token' 508s + '[' '!' -e /tmp/sssd-softhsm2-vlpXTn/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf ']' 508s + '[' '!' -d /tmp/sssd-softhsm2-vlpXTn/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 ']' 508s + echo 'Test Organization Sub Int Token' 508s + '[' -n '' ']' 508s + local output_base_name=SSSD-child-18589 508s + local output_file=/tmp/sssd-softhsm2-vlpXTn/SSSD-child-18589.output 508s + output_cert_file=/tmp/sssd-softhsm2-vlpXTn/SSSD-child-18589.pem 508s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so '' --ca_db=/tmp/sssd-softhsm2-vlpXTn/test-sub-intermediate-CA.pem 508s [p11_child[2328]] [main] (0x0400): p11_child started. 508s [p11_child[2328]] [main] (0x2000): Running in [pre-auth] mode. 508s [p11_child[2328]] [main] (0x2000): Running with effective IDs: [0][0]. 508s [p11_child[2328]] [main] (0x2000): Running with real IDs [0][0]. 508s Test Organization Sub Int Token 508s [p11_child[2328]] [do_card] (0x4000): Module List: 508s [p11_child[2328]] [do_card] (0x4000): common name: [softhsm2]. 508s [p11_child[2328]] [do_card] (0x4000): dll name: [/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 508s [p11_child[2328]] [do_card] (0x4000): Description [SoftHSM slot ID 0x11f85458] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 508s [p11_child[2328]] [do_card] (0x4000): Token label [Test Organization Sub Int Token]. 508s [p11_child[2328]] [do_card] (0x4000): Found [Test Organization Sub Int Token] in slot [SoftHSM slot ID 0x11f85458][301487192] of module [0][/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 508s [p11_child[2328]] [do_card] (0x4000): Login NOT required. 508s [p11_child[2328]] [read_certs] (0x4000): found cert[Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] 508s [p11_child[2328]] [do_verification] (0x0040): X509_verify_cert failed [0]. 508s [p11_child[2328]] [do_verification] (0x0040): X509_verify_cert failed [2][unable to get issuer certificate]. 508s [p11_child[2328]] [read_certs] (0x0040): Certificate [Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] not valid, skipping. 508s [p11_child[2328]] [do_card] (0x4000): No certificate found. 508s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-vlpXTn/SSSD-child-18589.output 508s + return 2 508s + invalid_certificate /tmp/sssd-softhsm2-vlpXTn/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-13742 /tmp/sssd-softhsm2-vlpXTn/test-root-intermediate-chain-CA.pem partial_chain 508s + check_certificate /tmp/sssd-softhsm2-vlpXTn/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-13742 /tmp/sssd-softhsm2-vlpXTn/test-root-intermediate-chain-CA.pem partial_chain 508s + local certificate=/tmp/sssd-softhsm2-vlpXTn/test-sub-intermediate-CA-trusted-certificate-0001.pem 508s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-13742 508s + local key_ring=/tmp/sssd-softhsm2-vlpXTn/test-root-intermediate-chain-CA.pem 508s + local verify_option=partial_chain 508s + prepare_softhsm2_card /tmp/sssd-softhsm2-vlpXTn/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-13742 508s + local certificate=/tmp/sssd-softhsm2-vlpXTn/test-sub-intermediate-CA-trusted-certificate-0001.pem 508s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-13742 508s + local key_cn 508s + local key_name 508s + local tokens_dir 508s + local output_cert_file 508s + token_name= 508s ++ basename /tmp/sssd-softhsm2-vlpXTn/test-sub-intermediate-CA-trusted-certificate-0001.pem .pem 508s + key_name=test-sub-intermediate-CA-trusted-certificate-0001 508s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-vlpXTn/test-sub-intermediate-CA-trusted-certificate-0001.pem 508s ++ sed -n 's/ *commonName *= //p' 508s + key_cn='Test Organization Sub Intermediate Trusted Certificate 0001' 508s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 508s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-vlpXTn/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 508s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-vlpXTn/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 508s ++ basename /tmp/sssd-softhsm2-vlpXTn/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf .conf 508s + tokens_dir=/tmp/sssd-softhsm2-vlpXTn/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 508s + token_name='Test Organization Sub Int Token' 508s + '[' '!' -e /tmp/sssd-softhsm2-vlpXTn/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf ']' 508s + '[' '!' -d /tmp/sssd-softhsm2-vlpXTn/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 ']' 508s + echo 'Test Organization Sub Int Token' 508s + '[' -n partial_chain ']' 508s + local verify_arg=--verify=partial_chain 508s Test Organization Sub Int Token 508s + local output_base_name=SSSD-child-13972 508s + local output_file=/tmp/sssd-softhsm2-vlpXTn/SSSD-child-13972.output 508s + output_cert_file=/tmp/sssd-softhsm2-vlpXTn/SSSD-child-13972.pem 508s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so --verify=partial_chain --ca_db=/tmp/sssd-softhsm2-vlpXTn/test-root-intermediate-chain-CA.pem 508s [p11_child[2335]] [main] (0x0400): p11_child started. 508s [p11_child[2335]] [main] (0x2000): Running in [pre-auth] mode. 508s [p11_child[2335]] [main] (0x2000): Running with effective IDs: [0][0]. 508s [p11_child[2335]] [main] (0x2000): Running with real IDs [0][0]. 508s [p11_child[2335]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 508s [p11_child[2335]] [do_card] (0x4000): Module List: 508s [p11_child[2335]] [do_card] (0x4000): common name: [softhsm2]. 508s [p11_child[2335]] [do_card] (0x4000): dll name: [/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 508s [p11_child[2335]] [do_card] (0x4000): Description [SoftHSM slot ID 0x11f85458] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 508s [p11_child[2335]] [do_card] (0x4000): Token label [Test Organization Sub Int Token]. 508s [p11_child[2335]] [do_card] (0x4000): Found [Test Organization Sub Int Token] in slot [SoftHSM slot ID 0x11f85458][301487192] of module [0][/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 508s [p11_child[2335]] [do_card] (0x4000): Login NOT required. 508s [p11_child[2335]] [read_certs] (0x4000): found cert[Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] 508s [p11_child[2335]] [do_verification] (0x0040): X509_verify_cert failed [0]. 508s [p11_child[2335]] [do_verification] (0x0040): X509_verify_cert failed [20][unable to get local issuer certificate]. 508s [p11_child[2335]] [read_certs] (0x0040): Certificate [Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] not valid, skipping. 508s [p11_child[2335]] [do_card] (0x4000): No certificate found. 508s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-vlpXTn/SSSD-child-13972.output 508s + return 2 508s + valid_certificate /tmp/sssd-softhsm2-vlpXTn/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-13742 /tmp/sssd-softhsm2-vlpXTn/test-sub-intermediate-CA.pem partial_chain 508s + check_certificate /tmp/sssd-softhsm2-vlpXTn/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-13742 /tmp/sssd-softhsm2-vlpXTn/test-sub-intermediate-CA.pem partial_chain 508s + local certificate=/tmp/sssd-softhsm2-vlpXTn/test-sub-intermediate-CA-trusted-certificate-0001.pem 508s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-13742 508s + local key_ring=/tmp/sssd-softhsm2-vlpXTn/test-sub-intermediate-CA.pem 508s + local verify_option=partial_chain 508s + prepare_softhsm2_card /tmp/sssd-softhsm2-vlpXTn/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-13742 508s + local certificate=/tmp/sssd-softhsm2-vlpXTn/test-sub-intermediate-CA-trusted-certificate-0001.pem 508s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-13742 508s + local key_cn 508s + local key_name 508s + local tokens_dir 508s + local output_cert_file 508s + token_name= 508s ++ basename /tmp/sssd-softhsm2-vlpXTn/test-sub-intermediate-CA-trusted-certificate-0001.pem .pem 508s + key_name=test-sub-intermediate-CA-trusted-certificate-0001 508s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-vlpXTn/test-sub-intermediate-CA-trusted-certificate-0001.pem 508s ++ sed -n 's/ *commonName *= //p' 508s + key_cn='Test Organization Sub Intermediate Trusted Certificate 0001' 508s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 508s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-vlpXTn/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 508s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-vlpXTn/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 508s ++ basename /tmp/sssd-softhsm2-vlpXTn/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf .conf 508s + tokens_dir=/tmp/sssd-softhsm2-vlpXTn/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 508s + token_name='Test Organization Sub Int Token' 508s + '[' '!' -e /tmp/sssd-softhsm2-vlpXTn/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf ']' 508s + '[' '!' -d /tmp/sssd-softhsm2-vlpXTn/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 ']' 508s + echo 'Test Organization Sub Int Token' 508s Test Organization Sub Int Token 508s + '[' -n partial_chain ']' 508s + local verify_arg=--verify=partial_chain 508s + local output_base_name=SSSD-child-3566 508s + local output_file=/tmp/sssd-softhsm2-vlpXTn/SSSD-child-3566.output 508s + output_cert_file=/tmp/sssd-softhsm2-vlpXTn/SSSD-child-3566.pem 508s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so --verify=partial_chain --ca_db=/tmp/sssd-softhsm2-vlpXTn/test-sub-intermediate-CA.pem 508s [p11_child[2342]] [main] (0x0400): p11_child started. 508s [p11_child[2342]] [main] (0x2000): Running in [pre-auth] mode. 508s [p11_child[2342]] [main] (0x2000): Running with effective IDs: [0][0]. 508s [p11_child[2342]] [main] (0x2000): Running with real IDs [0][0]. 508s [p11_child[2342]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 508s [p11_child[2342]] [do_card] (0x4000): Module List: 508s [p11_child[2342]] [do_card] (0x4000): common name: [softhsm2]. 508s [p11_child[2342]] [do_card] (0x4000): dll name: [/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 508s [p11_child[2342]] [do_card] (0x4000): Description [SoftHSM slot ID 0x11f85458] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 508s [p11_child[2342]] [do_card] (0x4000): Token label [Test Organization Sub Int Token]. 508s [p11_child[2342]] [do_card] (0x4000): Found [Test Organization Sub Int Token] in slot [SoftHSM slot ID 0x11f85458][301487192] of module [0][/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 508s [p11_child[2342]] [do_card] (0x4000): Login NOT required. 508s [p11_child[2342]] [read_certs] (0x4000): found cert[Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] 508s [p11_child[2342]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 508s [p11_child[2342]] [do_card] (0x4000): /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so (null) Test Organization Sub Int Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 508s [p11_child[2342]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x11f85458;slot-manufacturer=SoftHSM%20project;slot-id=301487192;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=ab94459d91f85458;token=Test%20Organization%20Sub%20Int%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Sub%20Intermediate%20Trusted%20Certificate%200001;type=cert. 508s [p11_child[2342]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 508s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-vlpXTn/SSSD-child-3566.output 508s + echo '-----BEGIN CERTIFICATE-----' 508s + tail -n1 /tmp/sssd-softhsm2-vlpXTn/SSSD-child-3566.output 508s + echo '-----END CERTIFICATE-----' 508s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-vlpXTn/SSSD-child-3566.pem 508s + local found_md5 expected_md5 508s Certificate: 508s Data: 508s Version: 3 (0x2) 508s Serial Number: 5 (0x5) 508s Signature Algorithm: sha256WithRSAEncryption 508s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate CA 508s Validity 508s Not Before: Mar 24 07:28:29 2024 GMT 508s Not After : Mar 24 07:28:29 2025 GMT 508s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate Trusted Certificate 0001 508s Subject Public Key Info: 508s Public Key Algorithm: rsaEncryption 508s Public-Key: (1024 bit) 508s Modulus: 508s 00:e4:4a:83:d2:41:3e:70:8a:76:97:9b:ed:86:be: 508s 70:5a:3e:14:31:e8:46:93:41:4b:e6:da:f7:d2:9b: 508s a3:66:0b:59:b1:91:56:19:11:6a:78:42:ed:1c:43: 508s 6c:4a:f1:09:9f:e1:48:80:74:2b:5c:eb:68:15:29: 508s 8a:e3:63:9f:59:57:ad:ab:95:ca:da:55:b2:3d:1d: 508s 4a:7a:59:76:94:8a:f1:5f:e6:57:42:c6:c3:8b:3d: 508s 6f:b8:3c:85:04:d4:2c:7b:13:05:9e:fb:d5:84:11: 508s 28:1f:01:92:0e:3d:d2:19:e9:f1:5f:cd:5a:f3:f5: 508s ac:60:67:25:fc:d4:11:05:e9 508s Exponent: 65537 (0x10001) 508s X509v3 extensions: 508s X509v3 Authority Key Identifier: 508s A8:F9:07:D1:43:8C:59:11:17:86:26:23:2A:46:80:94:FC:84:75:0B 508s X509v3 Basic Constraints: 508s CA:FALSE 508s Netscape Cert Type: 508s SSL Client, S/MIME 508s Netscape Comment: 508s Test Organization Sub Intermediate CA trusted Certificate 508s X509v3 Subject Key Identifier: 508s EC:00:82:86:7A:AD:E5:0A:4F:51:BF:2E:E1:9B:F0:7E:43:07:0B:CC 508s X509v3 Key Usage: critical 508s Digital Signature, Non Repudiation, Key Encipherment 508s X509v3 Extended Key Usage: 508s TLS Web Client Authentication, E-mail Protection 508s X509v3 Subject Alternative Name: 508s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 508s Signature Algorithm: sha256WithRSAEncryption 508s Signature Value: 508s 82:8c:8a:73:26:ca:02:ea:16:8e:cf:1b:a8:f2:e5:2c:6c:4d: 508s 19:56:6c:23:40:ad:c1:3f:20:fa:91:21:ab:da:8b:1a:43:ae: 508s 0d:f8:1d:ad:d3:5e:16:df:a1:b2:d8:73:f2:69:62:ca:dd:62: 508s 72:f1:d3:b3:8a:ce:23:bb:9c:ee:84:00:ac:9c:29:93:42:b2: 508s ca:67:a4:10:75:67:cb:be:07:ec:39:6b:d6:f9:d9:48:7b:c5: 508s 02:7c:a0:bb:a4:8c:cf:6d:ad:b7:2b:22:c5:3e:d2:ff:8a:da: 508s fc:f4:b5:28:eb:76:71:af:65:e1:52:e8:a8:0d:aa:53:2f:87: 508s 0c:01 508s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-vlpXTn/test-sub-intermediate-CA-trusted-certificate-0001.pem 508s + expected_md5=Modulus=E44A83D2413E708A76979BED86BE705A3E1431E84693414BE6DAF7D29BA3660B59B1915619116A7842ED1C436C4AF1099FE14880742B5CEB6815298AE3639F5957ADAB95CADA55B23D1D4A7A5976948AF15FE65742C6C38B3D6FB83C8504D42C7B13059EFBD58411281F01920E3DD219E9F15FCD5AF3F5AC606725FCD41105E9 508s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-vlpXTn/SSSD-child-3566.pem 508s + found_md5=Modulus=E44A83D2413E708A76979BED86BE705A3E1431E84693414BE6DAF7D29BA3660B59B1915619116A7842ED1C436C4AF1099FE14880742B5CEB6815298AE3639F5957ADAB95CADA55B23D1D4A7A5976948AF15FE65742C6C38B3D6FB83C8504D42C7B13059EFBD58411281F01920E3DD219E9F15FCD5AF3F5AC606725FCD41105E9 508s + '[' Modulus=E44A83D2413E708A76979BED86BE705A3E1431E84693414BE6DAF7D29BA3660B59B1915619116A7842ED1C436C4AF1099FE14880742B5CEB6815298AE3639F5957ADAB95CADA55B23D1D4A7A5976948AF15FE65742C6C38B3D6FB83C8504D42C7B13059EFBD58411281F01920E3DD219E9F15FCD5AF3F5AC606725FCD41105E9 '!=' Modulus=E44A83D2413E708A76979BED86BE705A3E1431E84693414BE6DAF7D29BA3660B59B1915619116A7842ED1C436C4AF1099FE14880742B5CEB6815298AE3639F5957ADAB95CADA55B23D1D4A7A5976948AF15FE65742C6C38B3D6FB83C8504D42C7B13059EFBD58411281F01920E3DD219E9F15FCD5AF3F5AC606725FCD41105E9 ']' 508s + output_file=/tmp/sssd-softhsm2-vlpXTn/SSSD-child-3566-auth.output 508s ++ basename /tmp/sssd-softhsm2-vlpXTn/SSSD-child-3566-auth.output .output 508s + output_cert_file=/tmp/sssd-softhsm2-vlpXTn/SSSD-child-3566-auth.pem 508s + echo -n 053350 508s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/tmp/sssd-softhsm2-vlpXTn/test-sub-intermediate-CA.pem --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 --verify=partial_chain --token_name 'Test Organization Sub Int Token' --module_name /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so 508s [p11_child[2350]] [main] (0x0400): p11_child started. 508s [p11_child[2350]] [main] (0x2000): Running in [auth] mode. 508s [p11_child[2350]] [main] (0x2000): Running with effective IDs: [0][0]. 508s [p11_child[2350]] [main] (0x2000): Running with real IDs [0][0]. 508s [p11_child[2350]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 508s [p11_child[2350]] [do_card] (0x4000): Module List: 508s [p11_child[2350]] [do_card] (0x4000): common name: [softhsm2]. 508s [p11_child[2350]] [do_card] (0x4000): dll name: [/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 508s [p11_child[2350]] [do_card] (0x4000): Description [SoftHSM slot ID 0x11f85458] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 508s [p11_child[2350]] [do_card] (0x4000): Token label [Test Organization Sub Int Token]. 508s [p11_child[2350]] [do_card] (0x4000): Found [Test Organization Sub Int Token] in slot [SoftHSM slot ID 0x11f85458][301487192] of module [0][/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 508s [p11_child[2350]] [do_card] (0x4000): Login required. 508s [p11_child[2350]] [read_certs] (0x4000): found cert[Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] 508s [p11_child[2350]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 508s [p11_child[2350]] [do_card] (0x4000): /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so Test Organization Sub Int Token Test Organization Sub Int Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 508s [p11_child[2350]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x11f85458;slot-manufacturer=SoftHSM%20project;slot-id=301487192;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=ab94459d91f85458;token=Test%20Organization%20Sub%20Int%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Sub%20Intermediate%20Trusted%20Certificate%200001;type=cert. 508s [p11_child[2350]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 508s [p11_child[2350]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 508s [p11_child[2350]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 508s [p11_child[2350]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 508s [p11_child[2350]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 508s [p11_child[2350]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 508s [p11_child[2350]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 508s [p11_child[2350]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 508s [p11_child[2350]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 508s [p11_child[2350]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 508s [p11_child[2350]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 508s [p11_child[2350]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 508s [p11_child[2350]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 508s [p11_child[2350]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 508s [p11_child[2350]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 508s [p11_child[2350]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 508s [p11_child[2350]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 508s [p11_child[2350]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 508s [p11_child[2350]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 508s [p11_child[2350]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 508s [p11_child[2350]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 508s [p11_child[2350]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 508s [p11_child[2350]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 508s [p11_child[2350]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 508s [p11_child[2350]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 508s [p11_child[2350]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 508s [p11_child[2350]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 508s [p11_child[2350]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 508s [p11_child[2350]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 508s [p11_child[2350]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 508s [p11_child[2350]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 508s [p11_child[2350]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 508s [p11_child[2350]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 508s [p11_child[2350]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 508s [p11_child[2350]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 508s [p11_child[2350]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 508s [p11_child[2350]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 508s [p11_child[2350]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 508s [p11_child[2350]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 508s [p11_child[2350]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 508s [p11_child[2350]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 508s [p11_child[2350]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 508s [p11_child[2350]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 508s [p11_child[2350]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 508s [p11_child[2350]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 508s [p11_child[2350]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 508s [p11_child[2350]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 508s [p11_child[2350]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 508s [p11_child[2350]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 508s [p11_child[2350]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 508s [p11_child[2350]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 508s [p11_child[2350]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 508s [p11_child[2350]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 508s [p11_child[2350]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 508s [p11_child[2350]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 508s [p11_child[2350]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 508s [p11_child[2350]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 508s [p11_child[2350]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 508s [p11_child[2350]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 508s [p11_child[2350]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 508s [p11_child[2350]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 508s [p11_child[2350]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 508s [p11_child[2350]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 508s [p11_child[2350]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 508s [p11_child[2350]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 508s [p11_child[2350]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 508s [p11_child[2350]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 508s [p11_child[2350]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 508s [p11_child[2350]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 508s [p11_child[2350]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 508s [p11_child[2350]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 508s [p11_child[2350]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 508s [p11_child[2350]] [do_card] (0x4000): Certificate verified and validated. 508s [p11_child[2350]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 508s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-vlpXTn/SSSD-child-3566-auth.output 508s + echo '-----BEGIN CERTIFICATE-----' 508s + tail -n1 /tmp/sssd-softhsm2-vlpXTn/SSSD-child-3566-auth.output 508s + echo '-----END CERTIFICATE-----' 508s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-vlpXTn/SSSD-child-3566-auth.pem 508s Certificate: 508s Data: 508s Version: 3 (0x2) 508s Serial Number: 5 (0x5) 508s Signature Algorithm: sha256WithRSAEncryption 508s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate CA 508s Validity 508s Not Before: Mar 24 07:28:29 2024 GMT 508s Not After : Mar 24 07:28:29 2025 GMT 508s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate Trusted Certificate 0001 508s Subject Public Key Info: 508s Public Key Algorithm: rsaEncryption 508s Public-Key: (1024 bit) 508s Modulus: 508s 00:e4:4a:83:d2:41:3e:70:8a:76:97:9b:ed:86:be: 508s 70:5a:3e:14:31:e8:46:93:41:4b:e6:da:f7:d2:9b: 508s a3:66:0b:59:b1:91:56:19:11:6a:78:42:ed:1c:43: 508s 6c:4a:f1:09:9f:e1:48:80:74:2b:5c:eb:68:15:29: 508s 8a:e3:63:9f:59:57:ad:ab:95:ca:da:55:b2:3d:1d: 508s 4a:7a:59:76:94:8a:f1:5f:e6:57:42:c6:c3:8b:3d: 508s 6f:b8:3c:85:04:d4:2c:7b:13:05:9e:fb:d5:84:11: 508s 28:1f:01:92:0e:3d:d2:19:e9:f1:5f:cd:5a:f3:f5: 508s ac:60:67:25:fc:d4:11:05:e9 508s Exponent: 65537 (0x10001) 508s X509v3 extensions: 508s X509v3 Authority Key Identifier: 508s A8:F9:07:D1:43:8C:59:11:17:86:26:23:2A:46:80:94:FC:84:75:0B 508s X509v3 Basic Constraints: 508s CA:FALSE 508s Netscape Cert Type: 508s SSL Client, S/MIME 508s Netscape Comment: 508s Test Organization Sub Intermediate CA trusted Certificate 508s X509v3 Subject Key Identifier: 508s EC:00:82:86:7A:AD:E5:0A:4F:51:BF:2E:E1:9B:F0:7E:43:07:0B:CC 508s X509v3 Key Usage: critical 508s Digital Signature, Non Repudiation, Key Encipherment 508s X509v3 Extended Key Usage: 508s TLS Web Client Authentication, E-mail Protection 508s X509v3 Subject Alternative Name: 508s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 508s Signature Algorithm: sha256WithRSAEncryption 508s Signature Value: 508s 82:8c:8a:73:26:ca:02:ea:16:8e:cf:1b:a8:f2:e5:2c:6c:4d: 508s 19:56:6c:23:40:ad:c1:3f:20:fa:91:21:ab:da:8b:1a:43:ae: 508s 0d:f8:1d:ad:d3:5e:16:df:a1:b2:d8:73:f2:69:62:ca:dd:62: 508s 72:f1:d3:b3:8a:ce:23:bb:9c:ee:84:00:ac:9c:29:93:42:b2: 508s ca:67:a4:10:75:67:cb:be:07:ec:39:6b:d6:f9:d9:48:7b:c5: 508s 02:7c:a0:bb:a4:8c:cf:6d:ad:b7:2b:22:c5:3e:d2:ff:8a:da: 508s fc:f4:b5:28:eb:76:71:af:65:e1:52:e8:a8:0d:aa:53:2f:87: 508s 0c:01 508s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-vlpXTn/SSSD-child-3566-auth.pem 508s + found_md5=Modulus=E44A83D2413E708A76979BED86BE705A3E1431E84693414BE6DAF7D29BA3660B59B1915619116A7842ED1C436C4AF1099FE14880742B5CEB6815298AE3639F5957ADAB95CADA55B23D1D4A7A5976948AF15FE65742C6C38B3D6FB83C8504D42C7B13059EFBD58411281F01920E3DD219E9F15FCD5AF3F5AC606725FCD41105E9 508s + '[' Modulus=E44A83D2413E708A76979BED86BE705A3E1431E84693414BE6DAF7D29BA3660B59B1915619116A7842ED1C436C4AF1099FE14880742B5CEB6815298AE3639F5957ADAB95CADA55B23D1D4A7A5976948AF15FE65742C6C38B3D6FB83C8504D42C7B13059EFBD58411281F01920E3DD219E9F15FCD5AF3F5AC606725FCD41105E9 '!=' Modulus=E44A83D2413E708A76979BED86BE705A3E1431E84693414BE6DAF7D29BA3660B59B1915619116A7842ED1C436C4AF1099FE14880742B5CEB6815298AE3639F5957ADAB95CADA55B23D1D4A7A5976948AF15FE65742C6C38B3D6FB83C8504D42C7B13059EFBD58411281F01920E3DD219E9F15FCD5AF3F5AC606725FCD41105E9 ']' 508s + valid_certificate /tmp/sssd-softhsm2-vlpXTn/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-13742 /tmp/sssd-softhsm2-vlpXTn/test-intermediate-sub-chain-CA.pem partial_chain 508s + check_certificate /tmp/sssd-softhsm2-vlpXTn/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-13742 /tmp/sssd-softhsm2-vlpXTn/test-intermediate-sub-chain-CA.pem partial_chain 508s + local certificate=/tmp/sssd-softhsm2-vlpXTn/test-sub-intermediate-CA-trusted-certificate-0001.pem 508s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-13742 508s + local key_ring=/tmp/sssd-softhsm2-vlpXTn/test-intermediate-sub-chain-CA.pem 508s + local verify_option=partial_chain 508s + prepare_softhsm2_card /tmp/sssd-softhsm2-vlpXTn/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-13742 508s + local certificate=/tmp/sssd-softhsm2-vlpXTn/test-sub-intermediate-CA-trusted-certificate-0001.pem 508s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-13742 508s + local key_cn 508s + local key_name 508s + local tokens_dir 508s + local output_cert_file 508s + token_name= 508s ++ basename /tmp/sssd-softhsm2-vlpXTn/test-sub-intermediate-CA-trusted-certificate-0001.pem .pem 508s + key_name=test-sub-intermediate-CA-trusted-certificate-0001 508s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-vlpXTn/test-sub-intermediate-CA-trusted-certificate-0001.pem 508s ++ sed -n 's/ *commonName *= //p' 508s Test Organization Sub Int Token 508s + key_cn='Test Organization Sub Intermediate Trusted Certificate 0001' 508s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 508s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-vlpXTn/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 508s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-vlpXTn/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 508s ++ basename /tmp/sssd-softhsm2-vlpXTn/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf .conf 508s + tokens_dir=/tmp/sssd-softhsm2-vlpXTn/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 508s + token_name='Test Organization Sub Int Token' 508s + '[' '!' -e /tmp/sssd-softhsm2-vlpXTn/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf ']' 508s + '[' '!' -d /tmp/sssd-softhsm2-vlpXTn/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 ']' 508s + echo 'Test Organization Sub Int Token' 508s + '[' -n partial_chain ']' 508s + local verify_arg=--verify=partial_chain 508s + local output_base_name=SSSD-child-19826 508s + local output_file=/tmp/sssd-softhsm2-vlpXTn/SSSD-child-19826.output 508s + output_cert_file=/tmp/sssd-softhsm2-vlpXTn/SSSD-child-19826.pem 508s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so --verify=partial_chain --ca_db=/tmp/sssd-softhsm2-vlpXTn/test-intermediate-sub-chain-CA.pem 508s [p11_child[2360]] [main] (0x0400): p11_child started. 508s [p11_child[2360]] [main] (0x2000): Running in [pre-auth] mode. 508s [p11_child[2360]] [main] (0x2000): Running with effective IDs: [0][0]. 508s [p11_child[2360]] [main] (0x2000): Running with real IDs [0][0]. 508s [p11_child[2360]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 508s [p11_child[2360]] [do_card] (0x4000): Module List: 508s [p11_child[2360]] [do_card] (0x4000): common name: [softhsm2]. 508s [p11_child[2360]] [do_card] (0x4000): dll name: [/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 508s [p11_child[2360]] [do_card] (0x4000): Description [SoftHSM slot ID 0x11f85458] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 508s [p11_child[2360]] [do_card] (0x4000): Token label [Test Organization Sub Int Token]. 508s [p11_child[2360]] [do_card] (0x4000): Found [Test Organization Sub Int Token] in slot [SoftHSM slot ID 0x11f85458][301487192] of module [0][/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 508s [p11_child[2360]] [do_card] (0x4000): Login NOT required. 508s [p11_child[2360]] [read_certs] (0x4000): found cert[Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] 508s [p11_child[2360]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 508s [p11_child[2360]] [do_card] (0x4000): /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so (null) Test Organization Sub Int Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 508s [p11_child[2360]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x11f85458;slot-manufacturer=SoftHSM%20project;slot-id=301487192;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=ab94459d91f85458;token=Test%20Organization%20Sub%20Int%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Sub%20Intermediate%20Trusted%20Certificate%200001;type=cert. 508s [p11_child[2360]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 508s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-vlpXTn/SSSD-child-19826.output 508s + echo '-----BEGIN CERTIFICATE-----' 508s + tail -n1 /tmp/sssd-softhsm2-vlpXTn/SSSD-child-19826.output 508s + echo '-----END CERTIFICATE-----' 508s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-vlpXTn/SSSD-child-19826.pem 508s Certificate: 508s Data: 508s Version: 3 (0x2) 508s Serial Number: 5 (0x5) 508s Signature Algorithm: sha256WithRSAEncryption 508s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate CA 508s Validity 508s Not Before: Mar 24 07:28:29 2024 GMT 508s Not After : Mar 24 07:28:29 2025 GMT 508s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate Trusted Certificate 0001 508s Subject Public Key Info: 508s Public Key Algorithm: rsaEncryption 508s Public-Key: (1024 bit) 508s Modulus: 508s 00:e4:4a:83:d2:41:3e:70:8a:76:97:9b:ed:86:be: 508s 70:5a:3e:14:31:e8:46:93:41:4b:e6:da:f7:d2:9b: 508s a3:66:0b:59:b1:91:56:19:11:6a:78:42:ed:1c:43: 508s 6c:4a:f1:09:9f:e1:48:80:74:2b:5c:eb:68:15:29: 508s 8a:e3:63:9f:59:57:ad:ab:95:ca:da:55:b2:3d:1d: 508s 4a:7a:59:76:94:8a:f1:5f:e6:57:42:c6:c3:8b:3d: 508s 6f:b8:3c:85:04:d4:2c:7b:13:05:9e:fb:d5:84:11: 508s 28:1f:01:92:0e:3d:d2:19:e9:f1:5f:cd:5a:f3:f5: 508s ac:60:67:25:fc:d4:11:05:e9 508s Exponent: 65537 (0x10001) 508s X509v3 extensions: 508s X509v3 Authority Key Identifier: 508s A8:F9:07:D1:43:8C:59:11:17:86:26:23:2A:46:80:94:FC:84:75:0B 508s X509v3 Basic Constraints: 508s CA:FALSE 508s Netscape Cert Type: 508s SSL Client, S/MIME 508s Netscape Comment: 508s Test Organization Sub Intermediate CA trusted Certificate 508s X509v3 Subject Key Identifier: 508s EC:00:82:86:7A:AD:E5:0A:4F:51:BF:2E:E1:9B:F0:7E:43:07:0B:CC 508s X509v3 Key Usage: critical 508s Digital Signature, Non Repudiation, Key Encipherment 508s X509v3 Extended Key Usage: 508s TLS Web Client Authentication, E-mail Protection 508s X509v3 Subject Alternative Name: 508s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 508s Signature Algorithm: sha256WithRSAEncryption 508s Signature Value: 508s 82:8c:8a:73:26:ca:02:ea:16:8e:cf:1b:a8:f2:e5:2c:6c:4d: 508s 19:56:6c:23:40:ad:c1:3f:20:fa:91:21:ab:da:8b:1a:43:ae: 508s 0d:f8:1d:ad:d3:5e:16:df:a1:b2:d8:73:f2:69:62:ca:dd:62: 508s 72:f1:d3:b3:8a:ce:23:bb:9c:ee:84:00:ac:9c:29:93:42:b2: 508s ca:67:a4:10:75:67:cb:be:07:ec:39:6b:d6:f9:d9:48:7b:c5: 508s 02:7c:a0:bb:a4:8c:cf:6d:ad:b7:2b:22:c5:3e:d2:ff:8a:da: 508s fc:f4:b5:28:eb:76:71:af:65:e1:52:e8:a8:0d:aa:53:2f:87: 508s 0c:01 508s + local found_md5 expected_md5 508s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-vlpXTn/test-sub-intermediate-CA-trusted-certificate-0001.pem 508s + expected_md5=Modulus=E44A83D2413E708A76979BED86BE705A3E1431E84693414BE6DAF7D29BA3660B59B1915619116A7842ED1C436C4AF1099FE14880742B5CEB6815298AE3639F5957ADAB95CADA55B23D1D4A7A5976948AF15FE65742C6C38B3D6FB83C8504D42C7B13059EFBD58411281F01920E3DD219E9F15FCD5AF3F5AC606725FCD41105E9 508s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-vlpXTn/SSSD-child-19826.pem 508s + found_md5=Modulus=E44A83D2413E708A76979BED86BE705A3E1431E84693414BE6DAF7D29BA3660B59B1915619116A7842ED1C436C4AF1099FE14880742B5CEB6815298AE3639F5957ADAB95CADA55B23D1D4A7A5976948AF15FE65742C6C38B3D6FB83C8504D42C7B13059EFBD58411281F01920E3DD219E9F15FCD5AF3F5AC606725FCD41105E9 508s + '[' Modulus=E44A83D2413E708A76979BED86BE705A3E1431E84693414BE6DAF7D29BA3660B59B1915619116A7842ED1C436C4AF1099FE14880742B5CEB6815298AE3639F5957ADAB95CADA55B23D1D4A7A5976948AF15FE65742C6C38B3D6FB83C8504D42C7B13059EFBD58411281F01920E3DD219E9F15FCD5AF3F5AC606725FCD41105E9 '!=' Modulus=E44A83D2413E708A76979BED86BE705A3E1431E84693414BE6DAF7D29BA3660B59B1915619116A7842ED1C436C4AF1099FE14880742B5CEB6815298AE3639F5957ADAB95CADA55B23D1D4A7A5976948AF15FE65742C6C38B3D6FB83C8504D42C7B13059EFBD58411281F01920E3DD219E9F15FCD5AF3F5AC606725FCD41105E9 ']' 508s + output_file=/tmp/sssd-softhsm2-vlpXTn/SSSD-child-19826-auth.output 508s ++ basename /tmp/sssd-softhsm2-vlpXTn/SSSD-child-19826-auth.output .output 508s + output_cert_file=/tmp/sssd-softhsm2-vlpXTn/SSSD-child-19826-auth.pem 508s + echo -n 053350 508s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/tmp/sssd-softhsm2-vlpXTn/test-intermediate-sub-chain-CA.pem --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 --verify=partial_chain --token_name 'Test Organization Sub Int Token' --module_name /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so 508s [p11_child[2368]] [main] (0x0400): p11_child started. 508s [p11_child[2368]] [main] (0x2000): Running in [auth] mode. 508s [p11_child[2368]] [main] (0x2000): Running with effective IDs: [0][0]. 508s [p11_child[2368]] [main] (0x2000): Running with real IDs [0][0]. 508s [p11_child[2368]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 508s [p11_child[2368]] [do_card] (0x4000): Module List: 508s [p11_child[2368]] [do_card] (0x4000): common name: [softhsm2]. 508s [p11_child[2368]] [do_card] (0x4000): dll name: [/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 508s [p11_child[2368]] [do_card] (0x4000): Description [SoftHSM slot ID 0x11f85458] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 508s [p11_child[2368]] [do_card] (0x4000): Token label [Test Organization Sub Int Token]. 508s [p11_child[2368]] [do_card] (0x4000): Found [Test Organization Sub Int Token] in slot [SoftHSM slot ID 0x11f85458][301487192] of module [0][/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 508s [p11_child[2368]] [do_card] (0x4000): Login required. 508s [p11_child[2368]] [read_certs] (0x4000): found cert[Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] 508s [p11_child[2368]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 508s [p11_child[2368]] [do_card] (0x4000): /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so Test Organization Sub Int Token Test Organization Sub Int Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 508s [p11_child[2368]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x11f85458;slot-manufacturer=SoftHSM%20project;slot-id=301487192;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=ab94459d91f85458;token=Test%20Organization%20Sub%20Int%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Sub%20Intermediate%20Trusted%20Certificate%200001;type=cert. 508s [p11_child[2368]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 508s [p11_child[2368]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 508s [p11_child[2368]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 508s [p11_child[2368]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 508s [p11_child[2368]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 508s [p11_child[2368]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 508s [p11_child[2368]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 508s [p11_child[2368]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 508s [p11_child[2368]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 508s [p11_child[2368]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 508s [p11_child[2368]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 508s [p11_child[2368]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 508s [p11_child[2368]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 508s [p11_child[2368]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 508s [p11_child[2368]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 508s [p11_child[2368]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 508s [p11_child[2368]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 508s [p11_child[2368]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 508s [p11_child[2368]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 508s [p11_child[2368]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 508s [p11_child[2368]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 508s [p11_child[2368]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 508s [p11_child[2368]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 508s [p11_child[2368]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 508s [p11_child[2368]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 508s [p11_child[2368]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 508s [p11_child[2368]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 508s [p11_child[2368]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 508s [p11_child[2368]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 508s [p11_child[2368]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 508s [p11_child[2368]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 508s [p11_child[2368]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 508s [p11_child[2368]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 508s [p11_child[2368]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 508s [p11_child[2368]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 508s [p11_child[2368]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 508s [p11_child[2368]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 508s [p11_child[2368]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 508s [p11_child[2368]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 508s [p11_child[2368]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 508s [p11_child[2368]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 508s [p11_child[2368]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 508s [p11_child[2368]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 508s [p11_child[2368]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 508s [p11_child[2368]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 508s [p11_child[2368]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 508s [p11_child[2368]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 508s [p11_child[2368]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 508s [p11_child[2368]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 508s [p11_child[2368]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 508s [p11_child[2368]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 508s [p11_child[2368]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 508s [p11_child[2368]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 508s [p11_child[2368]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 508s [p11_child[2368]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 508s [p11_child[2368]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 508s [p11_child[2368]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 508s [p11_child[2368]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 508s [p11_child[2368]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 508s [p11_child[2368]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 508s [p11_child[2368]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 508s [p11_child[2368]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 508s [p11_child[2368]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 508s [p11_child[2368]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 508s [p11_child[2368]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 508s [p11_child[2368]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 508s [p11_child[2368]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 508s [p11_child[2368]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 508s [p11_child[2368]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 508s [p11_child[2368]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 508s [p11_child[2368]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 508s [p11_child[2368]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 508s [p11_child[2368]] [do_card] (0x4000): Certificate verified and validated. 508s [p11_child[2368]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 508s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-vlpXTn/SSSD-child-19826-auth.output 508s + echo '-----BEGIN CERTIFICATE-----' 508s + tail -n1 /tmp/sssd-softhsm2-vlpXTn/SSSD-child-19826-auth.output 508s + echo '-----END CERTIFICATE-----' 508s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-vlpXTn/SSSD-child-19826-auth.pem 508s Certificate: 508s Data: 508s Version: 3 (0x2) 508s Serial Number: 5 (0x5) 508s Signature Algorithm: sha256WithRSAEncryption 508s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate CA 508s Validity 508s Not Before: Mar 24 07:28:29 2024 GMT 508s Not After : Mar 24 07:28:29 2025 GMT 508s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate Trusted Certificate 0001 508s Subject Public Key Info: 508s Public Key Algorithm: rsaEncryption 508s Public-Key: (1024 bit) 508s Modulus: 508s 00:e4:4a:83:d2:41:3e:70:8a:76:97:9b:ed:86:be: 508s 70:5a:3e:14:31:e8:46:93:41:4b:e6:da:f7:d2:9b: 508s a3:66:0b:59:b1:91:56:19:11:6a:78:42:ed:1c:43: 508s 6c:4a:f1:09:9f:e1:48:80:74:2b:5c:eb:68:15:29: 508s 8a:e3:63:9f:59:57:ad:ab:95:ca:da:55:b2:3d:1d: 508s 4a:7a:59:76:94:8a:f1:5f:e6:57:42:c6:c3:8b:3d: 508s 6f:b8:3c:85:04:d4:2c:7b:13:05:9e:fb:d5:84:11: 508s 28:1f:01:92:0e:3d:d2:19:e9:f1:5f:cd:5a:f3:f5: 508s ac:60:67:25:fc:d4:11:05:e9 508s Exponent: 65537 (0x10001) 508s X509v3 extensions: 508s X509v3 Authority Key Identifier: 508s A8:F9:07:D1:43:8C:59:11:17:86:26:23:2A:46:80:94:FC:84:75:0B 508s X509v3 Basic Constraints: 508s CA:FALSE 508s Netscape Cert Type: 508s SSL Client, S/MIME 508s Netscape Comment: 508s Test Organization Sub Intermediate CA trusted Certificate 508s X509v3 Subject Key Identifier: 508s EC:00:82:86:7A:AD:E5:0A:4F:51:BF:2E:E1:9B:F0:7E:43:07:0B:CC 508s X509v3 Key Usage: critical 508s Digital Signature, Non Repudiation, Key Encipherment 508s X509v3 Extended Key Usage: 508s TLS Web Client Authentication, E-mail Protection 508s X509v3 Subject Alternative Name: 508s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 508s Signature Algorithm: sha256WithRSAEncryption 508s Signature Value: 508s 82:8c:8a:73:26:ca:02:ea:16:8e:cf:1b:a8:f2:e5:2c:6c:4d: 508s 19:56:6c:23:40:ad:c1:3f:20:fa:91:21:ab:da:8b:1a:43:ae: 508s 0d:f8:1d:ad:d3:5e:16:df:a1:b2:d8:73:f2:69:62:ca:dd:62: 508s 72:f1:d3:b3:8a:ce:23:bb:9c:ee:84:00:ac:9c:29:93:42:b2: 508s ca:67:a4:10:75:67:cb:be:07:ec:39:6b:d6:f9:d9:48:7b:c5: 508s 02:7c:a0:bb:a4:8c:cf:6d:ad:b7:2b:22:c5:3e:d2:ff:8a:da: 508s fc:f4:b5:28:eb:76:71:af:65:e1:52:e8:a8:0d:aa:53:2f:87: 508s 0c:01 508s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-vlpXTn/SSSD-child-19826-auth.pem 508s + found_md5=Modulus=E44A83D2413E708A76979BED86BE705A3E1431E84693414BE6DAF7D29BA3660B59B1915619116A7842ED1C436C4AF1099FE14880742B5CEB6815298AE3639F5957ADAB95CADA55B23D1D4A7A5976948AF15FE65742C6C38B3D6FB83C8504D42C7B13059EFBD58411281F01920E3DD219E9F15FCD5AF3F5AC606725FCD41105E9 508s + '[' Modulus=E44A83D2413E708A76979BED86BE705A3E1431E84693414BE6DAF7D29BA3660B59B1915619116A7842ED1C436C4AF1099FE14880742B5CEB6815298AE3639F5957ADAB95CADA55B23D1D4A7A5976948AF15FE65742C6C38B3D6FB83C8504D42C7B13059EFBD58411281F01920E3DD219E9F15FCD5AF3F5AC606725FCD41105E9 '!=' Modulus=E44A83D2413E708A76979BED86BE705A3E1431E84693414BE6DAF7D29BA3660B59B1915619116A7842ED1C436C4AF1099FE14880742B5CEB6815298AE3639F5957ADAB95CADA55B23D1D4A7A5976948AF15FE65742C6C38B3D6FB83C8504D42C7B13059EFBD58411281F01920E3DD219E9F15FCD5AF3F5AC606725FCD41105E9 ']' 508s + set +x 508s 508s Test completed, Root CA and intermediate issued certificates verified! 509s autopkgtest [07:28:34]: test sssd-softhism2-certificates-tests.sh: -----------------------] 509s autopkgtest [07:28:34]: test sssd-softhism2-certificates-tests.sh: - - - - - - - - - - results - - - - - - - - - - 509s sssd-softhism2-certificates-tests.sh PASS 510s autopkgtest [07:28:35]: test sssd-smart-card-pam-auth-configs: preparing testbed 514s Reading package lists... 514s Building dependency tree... 514s Reading state information... 514s Starting pkgProblemResolver with broken count: 0 514s Starting 2 pkgProblemResolver with broken count: 0 514s Done 514s The following additional packages will be installed: 514s pamtester 514s The following NEW packages will be installed: 514s autopkgtest-satdep pamtester 514s 0 upgraded, 2 newly installed, 0 to remove and 0 not upgraded. 514s Need to get 12.2 kB/13.0 kB of archives. 514s After this operation, 36.9 kB of additional disk space will be used. 514s Get:1 /tmp/autopkgtest.TZnWTb/4-autopkgtest-satdep.deb autopkgtest-satdep s390x 0 [760 B] 514s Get:2 http://ftpmaster.internal/ubuntu noble/universe s390x pamtester s390x 0.1.2-4 [12.2 kB] 515s Fetched 12.2 kB in 0s (51.3 kB/s) 515s Selecting previously unselected package pamtester. 515s (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 52317 files and directories currently installed.) 515s Preparing to unpack .../pamtester_0.1.2-4_s390x.deb ... 515s Unpacking pamtester (0.1.2-4) ... 515s Selecting previously unselected package autopkgtest-satdep. 515s Preparing to unpack .../4-autopkgtest-satdep.deb ... 515s Unpacking autopkgtest-satdep (0) ... 515s Setting up pamtester (0.1.2-4) ... 515s Setting up autopkgtest-satdep (0) ... 515s Processing triggers for man-db (2.12.0-3) ... 517s (Reading database ... 52323 files and directories currently installed.) 517s Removing autopkgtest-satdep (0) ... 518s autopkgtest [07:28:43]: test sssd-smart-card-pam-auth-configs: env OFFLINE_MODE=1 bash debian/tests/sssd-smart-card-pam-auth-configs-tester.sh 518s autopkgtest [07:28:43]: test sssd-smart-card-pam-auth-configs: [----------------------- 518s + '[' -z ubuntu ']' 518s + export DEBIAN_FRONTEND=noninteractive 518s + DEBIAN_FRONTEND=noninteractive 518s + required_tools=(pamtester softhsm2-util sssd) 518s + [[ ! -v OFFLINE_MODE ]] 518s + for cmd in "${required_tools[@]}" 518s + command -v pamtester 518s + for cmd in "${required_tools[@]}" 518s + command -v softhsm2-util 518s + for cmd in "${required_tools[@]}" 518s + command -v sssd 518s + PIN=123456 518s ++ mktemp -d -t sssd-softhsm2-certs-XXXXXX 518s + tmpdir=/tmp/sssd-softhsm2-certs-OlfYaK 518s + backupsdir= 518s + alternative_pam_configs=(sss-smart-card-optional sss-smart-card-required) 518s + declare -a restore_paths 518s + declare -a delete_paths 518s + trap handle_exit EXIT 518s ++ dirname debian/tests/sssd-smart-card-pam-auth-configs-tester.sh 518s + tester=debian/tests/sssd-softhism2-certificates-tests.sh 518s + '[' '!' -e debian/tests/sssd-softhism2-certificates-tests.sh ']' 518s + '[' '!' -e debian/tests/sssd-softhism2-certificates-tests.sh ']' 518s + export PIN TEST_TMPDIR=/tmp/sssd-softhsm2-certs-OlfYaK GENERATE_SMART_CARDS=1 KEEP_TEMPORARY_FILES=1 NO_SSSD_TESTS=1 518s + TEST_TMPDIR=/tmp/sssd-softhsm2-certs-OlfYaK 518s + GENERATE_SMART_CARDS=1 518s + KEEP_TEMPORARY_FILES=1 518s + NO_SSSD_TESTS=1 518s + bash debian/tests/sssd-softhism2-certificates-tests.sh 518s + '[' -z ubuntu ']' 518s + required_tools=(p11tool openssl softhsm2-util) 518s + for cmd in "${required_tools[@]}" 518s + command -v p11tool 518s + for cmd in "${required_tools[@]}" 518s + command -v openssl 518s + for cmd in "${required_tools[@]}" 518s + command -v softhsm2-util 518s + PIN=123456 518s +++ find /usr/lib/softhsm/libsofthsm2.so 518s +++ head -n 1 518s ++ realpath /usr/lib/softhsm/libsofthsm2.so 518s + SOFTHSM2_MODULE=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so 518s + SSSD_P11_CHILD=/usr/libexec/sssd/p11_child 518s + TOKEN_ID=00112233445566778899FFAABBCCDDEEFF012345 518s + '[' '!' -v NO_SSSD_TESTS ']' 518s + '[' '!' -e /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so ']' 518s + tmpdir=/tmp/sssd-softhsm2-certs-OlfYaK 518s + keys_size=1024 518s + [[ ! -v KEEP_TEMPORARY_FILES ]] 518s + trap 'set +x; echo -e "\nUnexpected failure!!!"' ERR 518s + echo -n 01 518s + touch /tmp/sssd-softhsm2-certs-OlfYaK/index.txt 518s + mkdir -p /tmp/sssd-softhsm2-certs-OlfYaK/new_certs 518s + cat 518s + root_ca_key_pass=pass:random-root-CA-password-13366 518s + openssl genrsa -aes256 -out /tmp/sssd-softhsm2-certs-OlfYaK/test-root-CA-key.pem -passout pass:random-root-CA-password-13366 1024 518s + openssl req -passin pass:random-root-CA-password-13366 -batch -config /tmp/sssd-softhsm2-certs-OlfYaK/test-root-CA.config -x509 -new -nodes -key /tmp/sssd-softhsm2-certs-OlfYaK/test-root-CA-key.pem -sha256 -days 1024 -set_serial 0 -extensions v3_ca -out /tmp/sssd-softhsm2-certs-OlfYaK/test-root-CA.pem 518s + openssl x509 -noout -in /tmp/sssd-softhsm2-certs-OlfYaK/test-root-CA.pem 518s + cat 518s + intermediate_ca_key_pass=pass:random-intermediate-CA-password-27404 518s + openssl genrsa -aes256 -out /tmp/sssd-softhsm2-certs-OlfYaK/test-intermediate-CA-key.pem -passout pass:random-intermediate-CA-password-27404 1024 519s + openssl req -batch -new -nodes -passin pass:random-intermediate-CA-password-27404 -config /tmp/sssd-softhsm2-certs-OlfYaK/test-intermediate-CA.config -key /tmp/sssd-softhsm2-certs-OlfYaK/test-intermediate-CA-key.pem -passout pass:random-root-CA-password-13366 -sha256 -extensions v3_ca -out /tmp/sssd-softhsm2-certs-OlfYaK/test-intermediate-CA-certificate-request.pem 519s + openssl req -text -noout -in /tmp/sssd-softhsm2-certs-OlfYaK/test-intermediate-CA-certificate-request.pem 519s + openssl ca -batch -notext -config /tmp/sssd-softhsm2-certs-OlfYaK/test-root-CA.config -passin pass:random-root-CA-password-13366 -keyfile /tmp/sssd-softhsm2-certs-OlfYaK/test-root-CA-key.pem -in /tmp/sssd-softhsm2-certs-OlfYaK/test-intermediate-CA-certificate-request.pem -days 365 -extensions v3_intermediate_ca -out /tmp/sssd-softhsm2-certs-OlfYaK/test-intermediate-CA.pem 519s Certificate Request: 519s Data: 519s Version: 1 (0x0) 519s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate CA 519s Subject Public Key Info: 519s Public Key Algorithm: rsaEncryption 519s Public-Key: (1024 bit) 519s Modulus: 519s 00:bc:b2:95:a0:1c:8a:95:94:94:3f:66:93:26:53: 519s 9a:32:60:e7:4d:8b:13:e4:fe:2e:53:9e:6a:16:c8: 519s 03:25:47:b0:0f:eb:b4:c8:54:f8:c0:ec:b2:67:30: 519s 15:b7:35:e7:36:65:28:d0:be:a5:ca:3c:dd:0e:47: 519s a5:94:13:f2:31:dc:a4:99:2a:73:a3:b9:dd:84:e1: 519s fa:a6:a8:01:0f:bb:1f:be:b4:0e:01:7e:43:1f:3e: 519s 58:79:9d:18:92:0c:73:e3:24:8d:5e:17:04:fc:fa: 519s 5c:76:97:60:9c:a2:37:5a:fa:f8:0a:53:5b:fe:6a: 519s 47:56:30:bc:bc:0a:21:8a:15 519s Exponent: 65537 (0x10001) 519s Attributes: 519s (none) 519s Requested Extensions: 519s Signature Algorithm: sha256WithRSAEncryption 519s Signature Value: 519s 35:37:98:e4:2e:52:88:f4:d4:8c:74:a6:c2:1a:e1:69:de:ee: 519s 4d:ae:5d:2a:37:ec:ae:31:df:19:49:e7:40:a9:73:50:fd:a5: 519s 38:ce:2b:38:e3:97:c5:f7:92:d3:a6:04:35:91:11:54:c3:9b: 519s 76:d1:50:d7:74:9a:bc:a7:9a:3c:de:d4:3f:8c:52:3d:64:79: 519s a0:ae:a0:18:36:56:68:62:96:ea:81:a9:78:9c:65:b8:a2:25: 519s da:ca:80:ca:08:ab:db:72:42:10:73:ea:48:c4:21:b8:85:07: 519s 6a:99:50:52:4b:a5:e4:dd:4f:0d:05:87:94:4d:b4:c9:5e:16: 519s 13:e2 519s Using configuration from /tmp/sssd-softhsm2-certs-OlfYaK/test-root-CA.config 519s Check that the request matches the signature 519s Signature ok 519s Certificate Details: 519s Serial Number: 1 (0x1) 519s Validity 519s Not Before: Mar 24 07:28:44 2024 GMT 519s Not After : Mar 24 07:28:44 2025 GMT 519s Subject: 519s organizationName = Test Organization 519s organizationalUnitName = Test Organization Unit 519s commonName = Test Organization Intermediate CA 519s X509v3 extensions: 519s X509v3 Subject Key Identifier: 519s 69:71:14:79:DB:16:8B:98:88:31:94:CB:C4:C7:93:D3:DA:1A:74:95 519s X509v3 Authority Key Identifier: 519s keyid:9A:03:A7:CD:54:DF:B3:AF:3C:19:59:C9:75:76:0C:17:BD:12:20:54 519s DirName:/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root CA 519s serial:00 519s X509v3 Basic Constraints: 519s CA:TRUE 519s X509v3 Key Usage: critical 519s Digital Signature, Certificate Sign, CRL Sign 519s Certificate is to be certified until Mar 24 07:28:44 2025 GMT (365 days) 519s 519s Write out database with 1 new entries 519s Database updated 519s + openssl x509 -noout -in /tmp/sssd-softhsm2-certs-OlfYaK/test-intermediate-CA.pem 519s + openssl verify -CAfile /tmp/sssd-softhsm2-certs-OlfYaK/test-root-CA.pem /tmp/sssd-softhsm2-certs-OlfYaK/test-intermediate-CA.pem 519s /tmp/sssd-softhsm2-certs-OlfYaK/test-intermediate-CA.pem: OK 519s + cat 519s + sub_intermediate_ca_key_pass=pass:random-sub-intermediate-CA-password-29827 519s + openssl genrsa -aes256 -out /tmp/sssd-softhsm2-certs-OlfYaK/test-sub-intermediate-CA-key.pem -passout pass:random-sub-intermediate-CA-password-29827 1024 519s + openssl req -batch -new -nodes -passin pass:random-sub-intermediate-CA-password-29827 -config /tmp/sssd-softhsm2-certs-OlfYaK/test-sub-intermediate-CA.config -key /tmp/sssd-softhsm2-certs-OlfYaK/test-sub-intermediate-CA-key.pem -passout pass:random-intermediate-CA-password-27404 -sha256 -extensions v3_ca -out /tmp/sssd-softhsm2-certs-OlfYaK/test-sub-intermediate-CA-certificate-request.pem 519s Certificate Request: 519s Data: 519s Version: 1 (0x0) 519s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate CA 519s Subject Public Key Info: 519s Public Key Algorithm: rsaEncryption 519s Public-Key: (1024 bit) 519s Modulus: 519s 00:c3:d6:9c:2c:02:04:64:75:fe:a1:76:1e:de:da: 519s 8a:67:f9:3f:da:93:99:4a:b5:09:0b:39:73:06:14: 519s ab:85:29:fc:aa:57:e4:80:b9:59:64:a3:3f:79:fd: 519s 07:61:49:f9:ff:31:34:df:62:d8:e4:79:0a:07:25: 519s 39:65:23:91:6c:65:20:2f:91:45:06:9f:c2:14:4d: 519s 5c:dd:c7:5b:58:da:e1:64:72:ed:85:c7:a5:54:ea: 519s aa:8e:c3:6a:b4:5e:cd:30:f9:e9:07:d8:8e:cb:1b: 519s 47:4c:50:32:ad:ec:75:1a:c4:5c:3a:de:11:b0:ad: 519s ff:89:80:19:7d:77:4a:74:ab 519s Exponent: 65537 (0x10001) 519s Attributes: 519s (none) 519s Requested Extensions: 519s Signature Algorithm: sha256WithRSAEncryption 519s Signature Value: 519s c1:ad:f9:88:54:b9:e1:0f:d4:4e:a0:90:83:a4:a8:50:89:f2: 519s 86:66:64:7f:25:b5:09:7e:45:f2:ec:8f:18:18:21:a0:aa:bd: 519s fb:62:4b:64:e5:cf:97:31:4f:6b:88:ef:e8:4b:44:38:83:7d: 519s 75:c2:7f:53:51:91:82:28:0e:28:78:bb:b7:9c:db:a4:45:e0: 519s b8:1c:6d:da:b2:45:0f:49:b5:85:62:b0:a4:5a:f7:e1:a6:78: 519s 9e:3d:70:34:c8:12:d7:5c:d7:5b:54:d8:18:74:d0:f4:24:48: 519s db:97:ca:f6:d6:7a:e5:7b:2a:9e:2b:aa:e8:56:6a:21:42:ed: 519s 73:30 519s + openssl req -text -noout -in /tmp/sssd-softhsm2-certs-OlfYaK/test-sub-intermediate-CA-certificate-request.pem 519s + openssl ca -batch -notext -config /tmp/sssd-softhsm2-certs-OlfYaK/test-intermediate-CA.config -passin pass:random-intermediate-CA-password-27404 -keyfile /tmp/sssd-softhsm2-certs-OlfYaK/test-intermediate-CA-key.pem -in /tmp/sssd-softhsm2-certs-OlfYaK/test-sub-intermediate-CA-certificate-request.pem -days 365 -extensions v3_intermediate_ca -out /tmp/sssd-softhsm2-certs-OlfYaK/test-sub-intermediate-CA.pem 519s Using configuration from /tmp/sssd-softhsm2-certs-OlfYaK/test-intermediate-CA.config 519s Check that the request matches the signature 519s Signature ok 519s Certificate Details: 519s Serial Number: 2 (0x2) 519s Validity 519s Not Before: Mar 24 07:28:44 2024 GMT 519s Not After : Mar 24 07:28:44 2025 GMT 519s Subject: 519s organizationName = Test Organization 519s organizationalUnitName = Test Organization Unit 519s commonName = Test Organization Sub Intermediate CA 519s X509v3 extensions: 519s X509v3 Subject Key Identifier: 519s 00:3E:C0:B7:6D:68:64:3F:D0:2D:94:A4:64:C6:72:85:6D:CE:30:6D 519s X509v3 Authority Key Identifier: 519s keyid:69:71:14:79:DB:16:8B:98:88:31:94:CB:C4:C7:93:D3:DA:1A:74:95 519s DirName:/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root CA 519s serial:01 519s X509v3 Basic Constraints: 519s CA:TRUE 519s X509v3 Key Usage: critical 519s Digital Signature, Certificate Sign, CRL Sign 519s Certificate is to be certified until Mar 24 07:28:44 2025 GMT (365 days) 519s 519s Write out database with 1 new entries 519s Database updated 519s + openssl x509 -noout -in /tmp/sssd-softhsm2-certs-OlfYaK/test-sub-intermediate-CA.pem 519s + openssl verify -partial_chain -CAfile /tmp/sssd-softhsm2-certs-OlfYaK/test-intermediate-CA.pem /tmp/sssd-softhsm2-certs-OlfYaK/test-sub-intermediate-CA.pem 519s /tmp/sssd-softhsm2-certs-OlfYaK/test-sub-intermediate-CA.pem: OK 519s + expect_fail openssl verify -CAfile /tmp/sssd-softhsm2-certs-OlfYaK/test-root-CA.pem /tmp/sssd-softhsm2-certs-OlfYaK/test-sub-intermediate-CA.pem 519s + local cmd=openssl 519s + shift 519s + openssl verify -CAfile /tmp/sssd-softhsm2-certs-OlfYaK/test-root-CA.pem /tmp/sssd-softhsm2-certs-OlfYaK/test-sub-intermediate-CA.pem 519s O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate CA 519s error 20 at 0 depth lookup: unable to get local issuer certificate 519s error /tmp/sssd-softhsm2-certs-OlfYaK/test-sub-intermediate-CA.pem: verification failed 519s + cat 519s + root_ca_trusted_cert_0001_key_pass=pass:random-root-ca-trusted-cert-0001-31710 519s + openssl genrsa -aes256 -out /tmp/sssd-softhsm2-certs-OlfYaK/test-root-CA-trusted-certificate-0001-key.pem -passout pass:random-root-ca-trusted-cert-0001-31710 1024 519s + openssl req -new -nodes -reqexts req_exts -passin pass:random-root-ca-trusted-cert-0001-31710 -key /tmp/sssd-softhsm2-certs-OlfYaK/test-root-CA-trusted-certificate-0001-key.pem -config /tmp/sssd-softhsm2-certs-OlfYaK/test-root-CA-trusted-certificate-0001.config -out /tmp/sssd-softhsm2-certs-OlfYaK/test-root-CA-trusted-certificate-0001-request.pem 519s + openssl req -text -noout -in /tmp/sssd-softhsm2-certs-OlfYaK/test-root-CA-trusted-certificate-0001-request.pem 519s Certificate Request: 519s Data: 519s Version: 1 (0x0) 519s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root Trusted Certificate 0001 519s Subject Public Key Info: 519s Public Key Algorithm: rsaEncryption 519s Public-Key: (1024 bit) 519s Modulus: 519s 00:dd:dd:e3:1d:91:78:1f:f5:54:84:e6:ae:c1:87: 519s 56:35:c3:45:fd:fb:d5:d6:41:02:ca:2f:c6:df:67: 519s 25:d7:44:4d:a0:e7:9c:4a:cb:f1:46:5f:66:fb:4b: 519s 65:f0:04:da:46:56:16:e0:48:f6:96:02:37:5e:01: 519s 93:f2:db:49:a4:70:72:f4:71:b9:be:5f:c0:51:ed: 519s 61:7d:51:90:fd:19:d9:4a:d4:32:75:cd:cb:1b:ad: 519s b7:23:ed:03:8d:cb:19:37:4c:a1:7b:bc:cd:9f:d8: 519s 8f:f1:a9:5b:29:c0:86:a3:2f:2b:94:c8:5a:8d:ca: 519s c3:05:5b:21:78:a7:d8:c5:a5 519s Exponent: 65537 (0x10001) 519s Attributes: 519s Requested Extensions: 519s X509v3 Basic Constraints: 519s CA:FALSE 519s Netscape Cert Type: 519s SSL Client, S/MIME 519s Netscape Comment: 519s Test Organization Root CA trusted Certificate 519s X509v3 Subject Key Identifier: 519s 14:B3:D9:EC:04:C8:AA:F9:36:EC:92:F0:1E:7D:37:1C:06:EF:5A:25 519s X509v3 Key Usage: critical 519s Digital Signature, Non Repudiation, Key Encipherment 519s X509v3 Extended Key Usage: 519s TLS Web Client Authentication, E-mail Protection 519s X509v3 Subject Alternative Name: 519s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 519s Signature Algorithm: sha256WithRSAEncryption 519s Signature Value: 519s b8:0d:3b:97:22:97:9d:88:62:86:53:d9:cd:b6:b7:f2:e9:3b: 519s a7:ac:ca:58:f5:6c:15:e4:b7:05:5d:c4:7d:b7:bc:d6:e1:60: 519s 87:4e:d3:5b:51:16:0e:32:64:a3:7b:e8:15:70:dc:54:c2:fe: 519s 00:bc:27:2f:f9:77:56:29:ba:03:c3:32:d5:17:c7:f4:3d:5b: 519s 93:07:69:7e:e5:3d:e8:3e:54:83:c0:90:c9:8c:08:df:1e:b4: 519s c8:54:5e:29:90:37:18:ef:a8:5f:d6:60:d4:c9:d1:a2:b8:7c: 519s 3b:69:d9:9e:2c:f5:f7:9e:80:1d:e9:a5:15:eb:81:12:c3:d5: 519s 7f:e4 519s + openssl ca -batch -notext -config /tmp/sssd-softhsm2-certs-OlfYaK/test-root-CA.config -passin pass:random-root-CA-password-13366 -keyfile /tmp/sssd-softhsm2-certs-OlfYaK/test-root-CA-key.pem -in /tmp/sssd-softhsm2-certs-OlfYaK/test-root-CA-trusted-certificate-0001-request.pem -days 365 -extensions usr_cert -out /tmp/sssd-softhsm2-certs-OlfYaK/test-root-CA-trusted-certificate-0001.pem 519s Using configuration from /tmp/sssd-softhsm2-certs-OlfYaK/test-root-CA.config 519s Check that the request matches the signature 519s Signature ok 519s Certificate Details: 519s Serial Number: 3 (0x3) 519s Validity 519s Not Before: Mar 24 07:28:44 2024 GMT 519s Not After : Mar 24 07:28:44 2025 GMT 519s Subject: 519s organizationName = Test Organization 519s organizationalUnitName = Test Organization Unit 519s commonName = Test Organization Root Trusted Certificate 0001 519s X509v3 extensions: 519s X509v3 Authority Key Identifier: 519s 9A:03:A7:CD:54:DF:B3:AF:3C:19:59:C9:75:76:0C:17:BD:12:20:54 519s X509v3 Basic Constraints: 519s CA:FALSE 519s Netscape Cert Type: 519s SSL Client, S/MIME 519s Netscape Comment: 519s Test Organization Root CA trusted Certificate 519s X509v3 Subject Key Identifier: 519s 14:B3:D9:EC:04:C8:AA:F9:36:EC:92:F0:1E:7D:37:1C:06:EF:5A:25 519s X509v3 Key Usage: critical 519s Digital Signature, Non Repudiation, Key Encipherment 519s X509v3 Extended Key Usage: 519s TLS Web Client Authentication, E-mail Protection 519s X509v3 Subject Alternative Name: 519s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 519s Certificate is to be certified until Mar 24 07:28:44 2025 GMT (365 days) 519s 519s Write out database with 1 new entries 519s Database updated 519s + openssl x509 -noout -in /tmp/sssd-softhsm2-certs-OlfYaK/test-root-CA-trusted-certificate-0001.pem 519s + openssl verify -CAfile /tmp/sssd-softhsm2-certs-OlfYaK/test-root-CA.pem /tmp/sssd-softhsm2-certs-OlfYaK/test-root-CA-trusted-certificate-0001.pem 519s /tmp/sssd-softhsm2-certs-OlfYaK/test-root-CA-trusted-certificate-0001.pem: OK 519s + expect_fail openssl verify -CAfile /tmp/sssd-softhsm2-certs-OlfYaK/test-intermediate-CA.pem /tmp/sssd-softhsm2-certs-OlfYaK/test-root-CA-trusted-certificate-0001.pem 519s + local cmd=openssl 519s + shift 519s + openssl verify -CAfile /tmp/sssd-softhsm2-certs-OlfYaK/test-intermediate-CA.pem /tmp/sssd-softhsm2-certs-OlfYaK/test-root-CA-trusted-certificate-0001.pem 519s O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root Trusted Certificate 0001 519s error 20 at 0 depth lookup: unable to get local issuer certificate 519s error /tmp/sssd-softhsm2-certs-OlfYaK/test-root-CA-trusted-certificate-0001.pem: verification failed 519s + cat 519s + intermediate_ca_trusted_cert_0001_key_pass=pass:random-intermediate-ca-trusted-cert-0001-7001 519s + openssl genrsa -aes256 -out /tmp/sssd-softhsm2-certs-OlfYaK/test-intermediate-CA-trusted-certificate-0001-key.pem -passout pass:random-intermediate-ca-trusted-cert-0001-7001 1024 519s + openssl req -new -nodes -reqexts req_exts -passin pass:random-intermediate-ca-trusted-cert-0001-7001 -key /tmp/sssd-softhsm2-certs-OlfYaK/test-intermediate-CA-trusted-certificate-0001-key.pem -config /tmp/sssd-softhsm2-certs-OlfYaK/test-intermediate-CA-trusted-certificate-0001.config -out /tmp/sssd-softhsm2-certs-OlfYaK/test-intermediate-CA-trusted-certificate-0001-request.pem 519s + openssl req -text -noout -in /tmp/sssd-softhsm2-certs-OlfYaK/test-intermediate-CA-trusted-certificate-0001-request.pem 519s Certificate Request: 519s Data: 519s Version: 1 (0x0) 519s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate Trusted Certificate 0001 519s Subject Public Key Info: 519s Public Key Algorithm: rsaEncryption 519s Public-Key: (1024 bit) 519s Modulus: 519s 00:d4:77:6e:5d:ef:4d:e0:f7:c2:43:ec:a1:b6:4a: 519s 86:84:12:21:87:57:98:1b:17:3b:83:97:d0:fb:c0: 519s 49:d9:df:fb:0f:10:d6:af:a3:c5:b1:b9:19:c2:34: 519s cf:33:41:f5:4f:12:67:21:79:6a:db:c9:0e:6f:fb: 519s 72:15:3c:a9:f9:70:d5:15:64:b2:7a:30:cd:23:91: 519s ff:c6:2c:dc:9c:73:d6:03:12:70:da:e2:1c:0d:d9: 519s 61:64:4a:f8:c0:89:4a:f5:9c:be:31:0a:28:a4:63: 519s d6:7b:73:6b:c7:7e:1c:2f:51:b7:d8:94:2d:2d:c0: 519s 6a:84:03:d5:55:1f:9b:a3:53 519s Exponent: 65537 (0x10001) 519s Attributes: 519s Requested Extensions: 519s X509v3 Basic Constraints: 519s CA:FALSE 519s Netscape Cert Type: 519s SSL Client, S/MIME 519s Netscape Comment: 519s Test Organization Intermediate CA trusted Certificate 519s X509v3 Subject Key Identifier: 519s A3:B0:AE:F0:B2:53:E4:C5:43:EB:85:88:2A:9E:8C:7D:C7:7E:11:8C 519s X509v3 Key Usage: critical 519s Digital Signature, Non Repudiation, Key Encipherment 519s X509v3 Extended Key Usage: 519s TLS Web Client Authentication, E-mail Protection 519s X509v3 Subject Alternative Name: 519s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 519s Signature Algorithm: sha256WithRSAEncryption 519s Signature Value: 519s 8c:e2:06:ad:6c:8b:27:28:79:86:0e:06:2a:31:25:67:96:d5: 519s 24:8d:d3:63:07:a6:bb:9c:79:09:ab:80:5b:13:f0:d5:24:e8: 519s 53:b5:27:5d:bf:a0:da:75:1e:5e:20:d6:c7:66:0f:9e:72:17: 519s e1:04:31:12:7a:c1:82:97:9c:f4:b0:70:47:0c:90:5c:d2:40: 519s a5:f6:d8:13:01:ae:72:a3:80:94:0b:4e:ae:bb:54:59:3f:62: 519s f0:f3:08:72:65:69:f1:7e:f4:5e:91:bf:0e:65:e2:01:82:67: 519s 4b:05:c2:02:e1:8d:71:c8:4c:ef:64:8b:0e:87:6c:97:cd:7f: 519s 5b:31 519s + openssl ca -passin pass:random-intermediate-CA-password-27404 -config /tmp/sssd-softhsm2-certs-OlfYaK/test-intermediate-CA.config -batch -notext -keyfile /tmp/sssd-softhsm2-certs-OlfYaK/test-intermediate-CA-key.pem -in /tmp/sssd-softhsm2-certs-OlfYaK/test-intermediate-CA-trusted-certificate-0001-request.pem -days 365 -extensions usr_cert -out /tmp/sssd-softhsm2-certs-OlfYaK/test-intermediate-CA-trusted-certificate-0001.pem 519s Using configuration from /tmp/sssd-softhsm2-certs-OlfYaK/test-intermediate-CA.config 519s Check that the request matches the signature 519s Signature ok 519s Certificate Details: 519s Serial Number: 4 (0x4) 519s Validity 519s Not Before: Mar 24 07:28:44 2024 GMT 519s Not After : Mar 24 07:28:44 2025 GMT 519s Subject: 519s organizationName = Test Organization 519s organizationalUnitName = Test Organization Unit 519s commonName = Test Organization Intermediate Trusted Certificate 0001 519s X509v3 extensions: 519s X509v3 Authority Key Identifier: 519s 69:71:14:79:DB:16:8B:98:88:31:94:CB:C4:C7:93:D3:DA:1A:74:95 519s X509v3 Basic Constraints: 519s CA:FALSE 519s Netscape Cert Type: 519s SSL Client, S/MIME 519s Netscape Comment: 519s Test Organization Intermediate CA trusted Certificate 519s X509v3 Subject Key Identifier: 519s A3:B0:AE:F0:B2:53:E4:C5:43:EB:85:88:2A:9E:8C:7D:C7:7E:11:8C 519s X509v3 Key Usage: critical 519s Digital Signature, Non Repudiation, Key Encipherment 519s X509v3 Extended Key Usage: 519s TLS Web Client Authentication, E-mail Protection 519s X509v3 Subject Alternative Name: 519s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 519s Certificate is to be certified until Mar 24 07:28:44 2025 GMT (365 days) 519s 519s Write out database with 1 new entries 519s Database updated 519s + openssl x509 -noout -in /tmp/sssd-softhsm2-certs-OlfYaK/test-intermediate-CA-trusted-certificate-0001.pem 519s This certificate should not be trusted fully 519s + echo 'This certificate should not be trusted fully' 519s + expect_fail openssl verify -CAfile /tmp/sssd-softhsm2-certs-OlfYaK/test-intermediate-CA.pem /tmp/sssd-softhsm2-certs-OlfYaK/test-intermediate-CA-trusted-certificate-0001.pem 519s + local cmd=openssl 519s + shift 519s + openssl verify -CAfile /tmp/sssd-softhsm2-certs-OlfYaK/test-intermediate-CA.pem /tmp/sssd-softhsm2-certs-OlfYaK/test-intermediate-CA-trusted-certificate-0001.pem 519s O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate CA 519s error 2 at 1 depth lookup: unable to get issuer certificate 519s error /tmp/sssd-softhsm2-certs-OlfYaK/test-intermediate-CA-trusted-certificate-0001.pem: verification failed 519s + openssl verify -partial_chain -CAfile /tmp/sssd-softhsm2-certs-OlfYaK/test-intermediate-CA.pem /tmp/sssd-softhsm2-certs-OlfYaK/test-intermediate-CA-trusted-certificate-0001.pem 519s /tmp/sssd-softhsm2-certs-OlfYaK/test-intermediate-CA-trusted-certificate-0001.pem: OK 519s + cat 519s + sub_intermediate_ca_trusted_cert_0001_key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-5742 519s + openssl genrsa -aes256 -out /tmp/sssd-softhsm2-certs-OlfYaK/test-sub-intermediate-CA-trusted-certificate-0001-key.pem -passout pass:random-sub-intermediate-ca-trusted-cert-0001-5742 1024 519s + openssl req -new -nodes -reqexts req_exts -passin pass:random-sub-intermediate-ca-trusted-cert-0001-5742 -key /tmp/sssd-softhsm2-certs-OlfYaK/test-sub-intermediate-CA-trusted-certificate-0001-key.pem -config /tmp/sssd-softhsm2-certs-OlfYaK/test-sub-intermediate-CA-trusted-certificate-0001.config -out /tmp/sssd-softhsm2-certs-OlfYaK/test-sub-intermediate-CA-trusted-certificate-0001-request.pem 519s + openssl req -text -noout -in /tmp/sssd-softhsm2-certs-OlfYaK/test-sub-intermediate-CA-trusted-certificate-0001-request.pem 519s Certificate Request: 519s Data: 519s Version: 1 (0x0) 519s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate Trusted Certificate 0001 519s Subject Public Key Info: 519s Public Key Algorithm: rsaEncryption 519s Public-Key: (1024 bit) 519s Modulus: 519s 00:e9:08:f5:fd:64:ba:ec:fa:dc:f4:72:ab:d3:c3: 519s dd:7f:61:58:8d:22:cd:b6:a2:0a:00:51:7a:c2:1c: 519s 12:1e:0f:63:2e:97:a5:38:1a:c0:88:f5:16:cd:3c: 519s 1d:ef:c7:6a:74:f8:3e:af:25:f1:73:00:ea:e5:a0: 519s 90:61:4c:2d:17:de:75:9b:2d:cf:14:03:de:b4:ac: 519s ac:9f:7a:2e:bd:ad:24:12:8b:44:d8:8c:d6:ab:03: 519s 28:85:ef:8a:7e:05:b0:ce:be:d3:4a:51:32:ad:3d: 519s fe:f9:11:d6:b7:17:46:17:67:d5:a6:5a:6f:1f:d6: 519s 1c:30:18:b6:41:f6:c0:fe:23 519s Exponent: 65537 (0x10001) 519s Attributes: 519s Requested Extensions: 519s X509v3 Basic Constraints: 519s CA:FALSE 519s Netscape Cert Type: 519s SSL Client, S/MIME 519s Netscape Comment: 519s Test Organization Sub Intermediate CA trusted Certificate 519s X509v3 Subject Key Identifier: 519s 88:CE:DC:82:63:99:32:52:AB:B9:6A:44:AD:F1:E2:E5:BE:EB:61:EC 519s X509v3 Key Usage: critical 519s Digital Signature, Non Repudiation, Key Encipherment 519s X509v3 Extended Key Usage: 519s TLS Web Client Authentication, E-mail Protection 519s X509v3 Subject Alternative Name: 519s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 519s Signature Algorithm: sha256WithRSAEncryption 519s Signature Value: 519s 6c:3b:f2:e1:a7:b3:d9:25:b7:52:c9:82:d4:7f:31:b0:85:69: 519s a3:30:1e:f7:06:99:50:a2:09:ef:cb:16:37:63:79:8a:4f:b1: 519s 67:98:e1:a6:f2:7f:09:5d:bf:7b:77:e3:7c:c7:11:2a:1a:22: 519s 6a:24:05:05:fe:48:a7:d6:d4:cc:cb:86:cd:86:b7:53:67:47: 519s a0:50:80:71:ec:04:37:6f:b8:22:4d:ac:6e:7d:1c:44:d1:c3: 519s a2:6b:f0:ff:c3:d8:49:b8:ae:3c:bb:e6:7d:cb:2f:f2:1b:38: 519s 05:61:21:75:29:69:68:2c:ab:dc:05:9d:4f:0f:d6:9f:f8:85: 519s f8:3a 519s + openssl ca -passin pass:random-sub-intermediate-CA-password-29827 -config /tmp/sssd-softhsm2-certs-OlfYaK/test-sub-intermediate-CA.config -batch -notext -keyfile /tmp/sssd-softhsm2-certs-OlfYaK/test-sub-intermediate-CA-key.pem -in /tmp/sssd-softhsm2-certs-OlfYaK/test-sub-intermediate-CA-trusted-certificate-0001-request.pem -days 365 -extensions usr_cert -out /tmp/sssd-softhsm2-certs-OlfYaK/test-sub-intermediate-CA-trusted-certificate-0001.pem 519s Using configuration from /tmp/sssd-softhsm2-certs-OlfYaK/test-sub-intermediate-CA.config 519s Check that the request matches the signature 519s Signature ok 519s Certificate Details: 519s Serial Number: 5 (0x5) 519s Validity 519s Not Before: Mar 24 07:28:44 2024 GMT 519s Not After : Mar 24 07:28:44 2025 GMT 519s Subject: 519s organizationName = Test Organization 519s organizationalUnitName = Test Organization Unit 519s commonName = Test Organization Sub Intermediate Trusted Certificate 0001 519s X509v3 extensions: 519s X509v3 Authority Key Identifier: 519s 00:3E:C0:B7:6D:68:64:3F:D0:2D:94:A4:64:C6:72:85:6D:CE:30:6D 519s X509v3 Basic Constraints: 519s CA:FALSE 519s Netscape Cert Type: 519s SSL Client, S/MIME 519s Netscape Comment: 519s Test Organization Sub Intermediate CA trusted Certificate 519s X509v3 Subject Key Identifier: 519s 88:CE:DC:82:63:99:32:52:AB:B9:6A:44:AD:F1:E2:E5:BE:EB:61:EC 519s X509v3 Key Usage: critical 519s Digital Signature, Non Repudiation, Key Encipherment 519s X509v3 Extended Key Usage: 519s TLS Web Client Authentication, E-mail Protection 519s X509v3 Subject Alternative Name: 519s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 519s Certificate is to be certified until Mar 24 07:28:44 2025 GMT (365 days) 519s 519s Write out database with 1 new entries 519s Database updated 519s + openssl x509 -noout -in /tmp/sssd-softhsm2-certs-OlfYaK/test-sub-intermediate-CA-trusted-certificate-0001.pem 519s This certificate should not be trusted fully 519s + echo 'This certificate should not be trusted fully' 519s + expect_fail openssl verify -CAfile /tmp/sssd-softhsm2-certs-OlfYaK/test-sub-intermediate-CA.pem /tmp/sssd-softhsm2-certs-OlfYaK/test-sub-intermediate-CA-trusted-certificate-0001.pem 519s + local cmd=openssl 519s + shift 519s + openssl verify -CAfile /tmp/sssd-softhsm2-certs-OlfYaK/test-sub-intermediate-CA.pem /tmp/sssd-softhsm2-certs-OlfYaK/test-sub-intermediate-CA-trusted-certificate-0001.pem 519s O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate CA 519s error 2 at 1 depth lookup: unable to get issuer certificate 519s error /tmp/sssd-softhsm2-certs-OlfYaK/test-sub-intermediate-CA-trusted-certificate-0001.pem: verification failed 519s + expect_fail openssl verify -CAfile /tmp/sssd-softhsm2-certs-OlfYaK/test-intermediate-CA.pem /tmp/sssd-softhsm2-certs-OlfYaK/test-sub-intermediate-CA-trusted-certificate-0001.pem 519s + local cmd=openssl 519s + shift 519s + openssl verify -CAfile /tmp/sssd-softhsm2-certs-OlfYaK/test-intermediate-CA.pem /tmp/sssd-softhsm2-certs-OlfYaK/test-sub-intermediate-CA-trusted-certificate-0001.pem 519s O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermed/tmp/sssd-softhsm2-certs-OlfYaK/test-sub-intermediate-CA-trusted-certificate-0001.pem: OK 519s iate Trusted Certificate 0001 519s error 20 at 0 depth lookup: unable to get local issuer certificate 519s error /tmp/sssd-softhsm2-certs-OlfYaK/test-sub-intermediate-CA-trusted-certificate-0001.pem: verification failed 519s + openssl verify -partial_chain -CAfile /tmp/sssd-softhsm2-certs-OlfYaK/test-sub-intermediate-CA.pem /tmp/sssd-softhsm2-certs-OlfYaK/test-sub-intermediate-CA-trusted-certificate-0001.pem 519s + expect_fail openssl verify -partial_chain -CAfile /tmp/sssd-softhsm2-certs-OlfYaK/test-intermediate-CA.pem /tmp/sssd-softhsm2-certs-OlfYaK/test-sub-intermediate-CA-trusted-certificate-0001.pem 519s + local cmd=openssl 519s + shift 519s + openssl verify -partial_chain -CAfile /tmp/sssd-softhsm2-certs-OlfYaK/test-intermediate-CA.pem /tmp/sssd-softhsm2-certs-OlfYaK/test-sub-intermediate-CA-trusted-certificate-0001.pem 519s O = Test Organization, OU = Test OrganizatiBuilding a the full-chain CA file... 519s subject=O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root CA 519s issuer=O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root CA 519s 519s subject=O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate CA 519s issuer=O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root CA 519s 519s subject=O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate CA 519s issuer=O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate CA 519s 519s on Unit, CN = Test Organization Sub Intermediate Trusted Certificate 0001 519s error 20 at 0 depth lookup: unable to get local issuer certificate 519s error /tmp/sssd-softhsm2-certs-OlfYaK/test-sub-intermediate-CA-trusted-certificate-0001.pem: verification failed 519s + echo 'Building a the full-chain CA file...' 519s + cat /tmp/sssd-softhsm2-certs-OlfYaK/test-root-CA.pem /tmp/sssd-softhsm2-certs-OlfYaK/test-intermediate-CA.pem /tmp/sssd-softhsm2-certs-OlfYaK/test-sub-intermediate-CA.pem 519s + cat /tmp/sssd-softhsm2-certs-OlfYaK/test-root-CA.pem /tmp/sssd-softhsm2-certs-OlfYaK/test-intermediate-CA.pem 519s + cat /tmp/sssd-softhsm2-certs-OlfYaK/test-intermediate-CA.pem /tmp/sssd-softhsm2-certs-OlfYaK/test-sub-intermediate-CA.pem 519s + openssl crl2pkcs7 -nocrl -certfile /tmp/sssd-softhsm2-certs-OlfYaK/test-full-chain-CA.pem 519s + openssl pkcs7 -print_certs -noout 519s + openssl verify -CAfile /tmp/sssd-softhsm2-certs-OlfYaK/test-full-chain-CA.pem /tmp/sssd-softhsm2-certs-OlfYaK/test-intermediate-CA.pem 519s /tmp/sssd-softhsm2-certs-OlfYaK/test-intermediate-CA.pem: OK 519s + openssl verify -CAfile /tmp/sssd-softhsm2-certs-OlfYaK/test-full-chain-CA.pem /tmp/sssd-softhsm2-certs-OlfYaK/test-root-CA-trusted-certificate-0001.pem 519s /tmp/sssd-softhsm2-certs-OlfYaK/test-root-CA-trusted-certificate-0001.pem: OK 519s /tmp/sssd-softhsm2-certs-OlfYaK/test-intermediate-CA-trusted-certificate-0001.pem: OK 519s /tmp/sssd-softhsm2-certs-OlfYaK/test-root-intermediate-chain-CA.pem: OK 519s /tmp/sssd-softhsm2-certs-OlfYaK/test-sub-intermediate-CA-trusted-certificate-0001.pem: OK 519s Certificates generation completed! 519s + openssl verify -CAfile /tmp/sssd-softhsm2-certs-OlfYaK/test-full-chain-CA.pem /tmp/sssd-softhsm2-certs-OlfYaK/test-intermediate-CA-trusted-certificate-0001.pem 519s + openssl verify -CAfile /tmp/sssd-softhsm2-certs-OlfYaK/test-full-chain-CA.pem /tmp/sssd-softhsm2-certs-OlfYaK/test-root-intermediate-chain-CA.pem 519s + openssl verify -CAfile /tmp/sssd-softhsm2-certs-OlfYaK/test-full-chain-CA.pem /tmp/sssd-softhsm2-certs-OlfYaK/test-sub-intermediate-CA-trusted-certificate-0001.pem 519s + echo 'Certificates generation completed!' 519s + [[ -v NO_SSSD_TESTS ]] 519s + [[ -v GENERATE_SMART_CARDS ]] 519s + prepare_softhsm2_card /tmp/sssd-softhsm2-certs-OlfYaK/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-31710 519s + local certificate=/tmp/sssd-softhsm2-certs-OlfYaK/test-root-CA-trusted-certificate-0001.pem 519s + local key_pass=pass:random-root-ca-trusted-cert-0001-31710 519s + local key_cn 519s + local key_name 519s + local tokens_dir 519s + local output_cert_file 519s + token_name= 519s ++ basename /tmp/sssd-softhsm2-certs-OlfYaK/test-root-CA-trusted-certificate-0001.pem .pem 519s + key_name=test-root-CA-trusted-certificate-0001 519s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-certs-OlfYaK/test-root-CA-trusted-certificate-0001.pem 519s ++ sed -n 's/ *commonName *= //p' 519s + key_cn='Test Organization Root Trusted Certificate 0001' 519s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 519s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-certs-OlfYaK/softhsm2-test-root-CA-trusted-certificate-0001.conf 519s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-certs-OlfYaK/softhsm2-test-root-CA-trusted-certificate-0001.conf 519s ++ basename /tmp/sssd-softhsm2-certs-OlfYaK/softhsm2-test-root-CA-trusted-certificate-0001.conf .conf 519s + tokens_dir=/tmp/sssd-softhsm2-certs-OlfYaK/softhsm2-test-root-CA-trusted-certificate-0001 519s + token_name='Test Organization Root Tr Token' 519s + '[' '!' -e /tmp/sssd-softhsm2-certs-OlfYaK/softhsm2-test-root-CA-trusted-certificate-0001.conf ']' 519s + local key_file 519s + local decrypted_key 519s + mkdir -p /tmp/sssd-softhsm2-certs-OlfYaK/softhsm2-test-root-CA-trusted-certificate-0001 519s + key_file=/tmp/sssd-softhsm2-certs-OlfYaK/test-root-CA-trusted-certificate-0001-key.pem 519s + decrypted_key=/tmp/sssd-softhsm2-certs-OlfYaK/test-root-CA-trusted-certificate-0001-key-decrypted.pem 519s + cat 519s + softhsm2-util --init-token --label 'Test Organization Root Tr Token' --pin 123456 --so-pin 123456 --free 519s Slot 0 has a free/uninitialized token. 519s The token has been initialized and is reassigned to slot 1737594508 519s + softhsm2-util --show-slots 519s Available slots: 519s Slot 1737594508 519s Slot info: 519s Description: SoftHSM slot ID 0x6791968c 519s Manufacturer ID: SoftHSM project 519s Hardware version: 2.6 519s Firmware version: 2.6 519s Token present: yes 519s Token info: 519s Manufacturer ID: SoftHSM project 519s Model: SoftHSM v2 519s Hardware version: 2.6 519s Firmware version: 2.6 519s Serial number: 08f91caae791968c 519s Initialized: yes 519s User PIN init.: yes 519s Label: Test Organization Root Tr Token 519s Slot 1 519s Slot info: 519s Description: SoftHSM slot ID 0x1 519s Manufacturer ID: SoftHSM project 519s Hardware version: 2.6 519s Firmware version: 2.6 519s Token present: yes 519s Token info: 519s Manufacturer ID: SoftHSM project 519s Model: SoftHSM v2 519s Hardware version: 2.6 519s Firmware version: 2.6 519s Serial number: 519s Initialized: no 519s User PIN init.: no 519s Label: 519s + p11tool --provider=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so --write --no-mark-private --load-certificate=/tmp/sssd-softhsm2-certs-OlfYaK/test-root-CA-trusted-certificate-0001.pem --login --set-pin=123456 --label 'Test Organization Root Trusted Certificate 0001' --id 00112233445566778899FFAABBCCDDEEFF012345 519s + openssl rsa -passin pass:random-root-ca-trusted-cert-0001-31710 -in /tmp/sssd-softhsm2-certs-OlfYaK/test-root-CA-trusted-certificate-0001-key.pem -out /tmp/sssd-softhsm2-certs-OlfYaK/test-root-CA-trusted-certificate-0001-key-decrypted.pem 519s writing RSA key 519s + p11tool --provider=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so --write --load-privkey=/tmp/sssd-softhsm2-certs-OlfYaK/test-root-CA-trusted-certificate-0001-key-decrypted.pem --login --set-pin=123456 --label 'Test Organization Root Trusted Certificate 0001 Key' --id 00112233445566778899FFAABBCCDDEEFF012345 519s + rm /tmp/sssd-softhsm2-certs-OlfYaK/test-root-CA-trusted-certificate-0001-key-decrypted.pem 519s + p11tool --provider=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so --list-all 519s Object 0: 519s URL: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=08f91caae791968c;token=Test%20Organization%20Root%20Tr%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Root%20Trusted%20Certificate%200001;type=cert 519s Type: X.509 Certificate (RSA-1024) 519s Expires: Mon Mar 24 07:28:44 2025 519s Label: Test Organization Root Trusted Certificate 0001 519s ID: 00:11:22:33:44:55:66:77:88:99:ff:aa:bb:cc:dd:ee:ff:01:23:45 519s 519s Test Organization Root Tr Token 519s + echo 'Test Organization Root Tr Token' 519s + prepare_softhsm2_card /tmp/sssd-softhsm2-certs-OlfYaK/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-7001 519s + local certificate=/tmp/sssd-softhsm2-certs-OlfYaK/test-intermediate-CA-trusted-certificate-0001.pem 519s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-7001 519s + local key_cn 519s + local key_name 519s + local tokens_dir 519s + local output_cert_file 519s + token_name= 519s ++ basename /tmp/sssd-softhsm2-certs-OlfYaK/test-intermediate-CA-trusted-certificate-0001.pem .pem 519s + key_name=test-intermediate-CA-trusted-certificate-0001 519s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-certs-OlfYaK/test-intermediate-CA-trusted-certificate-0001.pem 519s ++ sed -n 's/ *commonName *= //p' 519s + key_cn='Test Organization Intermediate Trusted Certificate 0001' 519s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 519s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-certs-OlfYaK/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 519s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-certs-OlfYaK/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 519s ++ basename /tmp/sssd-softhsm2-certs-OlfYaK/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf .conf 519s + tokens_dir=/tmp/sssd-softhsm2-certs-OlfYaK/softhsm2-test-intermediate-CA-trusted-certificate-0001 519s + token_name='Test Organization Interme Token' 519s + '[' '!' -e /tmp/sssd-softhsm2-certs-OlfYaK/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf ']' 519s + local key_file 519s + local decrypted_key 519s + mkdir -p /tmp/sssd-softhsm2-certs-OlfYaK/softhsm2-test-intermediate-CA-trusted-certificate-0001 519s + key_file=/tmp/sssd-softhsm2-certs-OlfYaK/test-intermediate-CA-trusted-certificate-0001-key.pem 519s + decrypted_key=/tmp/sssd-softhsm2-certs-OlfYaK/test-intermediate-CA-trusted-certificate-0001-key-decrypted.pem 519s + cat 519s + softhsm2-util --init-token --label 'Test Organization Interme Token' --pin 123456 --so-pin 123456 --free 519s Slot 0 has a free/uninitialized token. 519s The token has been initialized and is reassigned to slot 748333523 519s + softhsm2-util --show-slots 519s Available slots: 519s Slot 748333523 519s Slot info: 519s Description: SoftHSM slot ID 0x2c9aa9d3 519s Manufacturer ID: SoftHSM project 519s Hardware version: 2.6 519s Firmware version: 2.6 519s Token present: yes 519s Token info: 519s Manufacturer ID: SoftHSM project 519s Model: SoftHSM v2 519s Hardware version: 2.6 519s Firmware version: 2.6 519s Serial number: c6802698ac9aa9d3 519s Initialized: yes 519s User PIN init.: yes 519s Label: Test Organization Interme Token 519s Slot 1 519s Slot info: 519s Description: SoftHSM slot ID 0x1 519s Manufacturer ID: SoftHSM project 519s Hardware version: 2.6 519s Firmware version: 2.6 519s Token present: yes 519s Token info: 519s Manufacturer ID: SoftHSM project 519s Model: SoftHSM v2 519s Hardware version: 2.6 519s Firmware version: 2.6 519s Serial number: 519s Initialized: no 519s User PIN init.: no 519s Label: 519s + p11tool --provider=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so --write --no-mark-private --load-certificate=/tmp/sssd-softhsm2-certs-OlfYaK/test-intermediate-CA-trusted-certificate-0001.pem --login --set-pin=123456 --label 'Test Organization Intermediate Trusted Certificate 0001' --id 00112233445566778899FFAABBCCDDEEFF012345 519s + openssl rsa -passin pass:random-intermediate-ca-trusted-cert-0001-7001 -in /tmp/sssd-softhsm2-certs-OlfYaK/test-intermediate-CA-trusted-certificate-0001-key.pem -out /tmp/sssd-softhsm2-certs-OlfYaK/test-intermediate-CA-trusted-certificate-0001-key-decrypted.pem 519s writing RSA key 519s + p11tool --provider=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so --write --load-privkey=/tmp/sssd-softhsm2-certs-OlfYaK/test-intermediate-CA-trusted-certificate-0001-key-decrypted.pem --login --set-pin=123456 --label 'Test Organization Intermediate Trusted Certificate 0001 Key' --id 00112233445566778899FFAABBCCDDEEFF012345 519s + rm /tmp/sssd-softhsm2-certs-OlfYaK/test-intermediate-CA-trusted-certificate-0001-key-decrypted.pem 519s + p11tool --provider=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so --list-all 519s + echo 'Test Organization Interme Token' 519s + prepare_softhsm2_card /tmp/sssd-softhsm2-certs-OlfYaK/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-5742 519s + local certificate=/tmp/sssd-softhsm2-certs-OlfYaK/test-sub-intermediate-CA-trusted-certificate-0001.pem 519s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-5742 519s + local key_cn 519s + local key_name 519s + local tokens_dir 519s + local output_cert_file 519s + token_name= 519s ++ basename /tmp/sssd-softhsm2-certs-OlfYaK/test-sub-intermediate-CA-trusted-certificate-0001.pem .pem 519s Object 0: 519s URL: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=c6802698ac9aa9d3;token=Test%20Organization%20Interme%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Intermediate%20Trusted%20Certificate%200001;type=cert 519s Type: X.509 Certificate (RSA-1024) 519s Expires: Mon Mar 24 07:28:44 2025 519s Label: Test Organization Intermediate Trusted Certificate 0001 519s ID: 00:11:22:33:44:55:66:77:88:99:ff:aa:bb:cc:dd:ee:ff:01:23:45 519s 519s Test Organization Interme Token 519s + key_name=test-sub-intermediate-CA-trusted-certificate-0001 519s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-certs-OlfYaK/test-sub-intermediate-CA-trusted-certificate-0001.pem 519s ++ sed -n 's/ *commonName *= //p' 519s + key_cn='Test Organization Sub Intermediate Trusted Certificate 0001' 519s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 519s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-certs-OlfYaK/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 519s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-certs-OlfYaK/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 519s ++ basename /tmp/sssd-softhsm2-certs-OlfYaK/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf .conf 519s + tokens_dir=/tmp/sssd-softhsm2-certs-OlfYaK/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 519s + token_name='Test Organization Sub Int Token' 519s + '[' '!' -e /tmp/sssd-softhsm2-certs-OlfYaK/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf ']' 519s + local key_file 519s + local decrypted_key 519s + mkdir -p /tmp/sssd-softhsm2-certs-OlfYaK/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 519s + key_file=/tmp/sssd-softhsm2-certs-OlfYaK/test-sub-intermediate-CA-trusted-certificate-0001-key.pem 519s + decrypted_key=/tmp/sssd-softhsm2-certs-OlfYaK/test-sub-intermediate-CA-trusted-certificate-0001-key-decrypted.pem 519s + cat 519s + softhsm2-util --init-token --label 'Test Organization Sub Int Token' --pin 123456 --so-pin 123456 --free 519s Slot 0 has a free/uninitialized token. 519s The token has been initialized and is reassigned to slot 348444947 519s + softhsm2-util --show-slots 519s Available slots: 519s Slot 348444947 519s Slot info: 519s Description: SoftHSM slot ID 0x14c4d913 519s Manufacturer ID: SoftHSM project 519s Hardware version: 2.6 519s Firmware version: 2.6 519s Token present: yes 519s Token info: 519s Manufacturer ID: SoftHSM project 519s Model: SoftHSM v2 519s Hardware version: 2.6 519s Firmware version: 2.6 519s Serial number: 58a060a114c4d913 519s Initialized: yes 519s User PIN init.: yes 519s Label: Test Organization Sub Int Token 519s Slot 1 519s Slot info: 519s Description: SoftHSM slot ID 0x1 519s Manufacturer ID: SoftHSM project 519s Hardware version: 2.6 519s Firmware version: 2.6 519s Token present: yes 519s Token info: 519s Manufacturer ID: SoftHSM project 519s Model: SoftHSM v2 519s Hardware version: 2.6 519s Firmware version: 2.6 519s Serial number: 519s Initialized: no 519s User PIN init.: no 519s Label: 519s + p11tool --provider=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so --write --no-mark-private --load-certificate=/tmp/sssd-softhsm2-certs-OlfYaK/test-sub-intermediate-CA-trusted-certificate-0001.pem --login --set-pin=123456 --label 'Test Organization Sub Intermediate Trusted Certificate 0001' --id 00112233445566778899FFAABBCCDDEEFF012345 519s + openssl rsa -passin pass:random-sub-intermediate-ca-trusted-cert-0001-5742 -in /tmp/sssd-softhsm2-certs-OlfYaK/test-sub-intermediate-CA-trusted-certificate-0001-key.pem -out /tmp/sssd-softhsm2-certs-OlfYaK/test-sub-intermediate-CA-trusted-certificate-0001-key-decrypted.pem 519s writing RSA key 519s + p11tool --provider=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so --write --load-privkey=/tmp/sssd-softhsm2-certs-OlfYaK/test-sub-intermediate-CA-trusted-certificate-0001-key-decrypted.pem --login --set-pin=123456 --label 'Test Organization Sub Intermediate Trusted Certificate 0001 Key' --id 00112233445566778899FFAABBCCDDEEFF012345 519s + rm /tmp/sssd-softhsm2-certs-OlfYaK/test-sub-intermediate-CA-trusted-certificate-0001-key-decrypted.pem 519s + p11tool --provider=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so --list-all 519s Object 0: 519s URL: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=58a060a114c4d913;token=Test%20Organization%20Sub%20Int%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Sub%20Intermediate%20Trusted%20Certificate%200001;type=cert 519s Type: X.509 Certificate (RSA-1024) 519s Expires: Mon Mar 24 07:28:44 2025 519s Label: Test Organization Sub Intermediate Trusted Certificate 0001 519s ID: 00:11:22:33:44:55:66:77:88:99:ff:aa:bb:cc:dd:ee:ff:01:23:45 519s 519s Test Organization Sub Int Token 519s Certificates generation completed! 519s + echo 'Test Organization Sub Int Token' 519s + echo 'Certificates generation completed!' 519s + exit 0 519s + find /tmp/sssd-softhsm2-certs-OlfYaK -type d -exec chmod 777 '{}' ';' 519s + find /tmp/sssd-softhsm2-certs-OlfYaK -type f -exec chmod 666 '{}' ';' 520s + backup_file /etc/sssd/sssd.conf 520s + '[' -z '' ']' 520s ++ mktemp -d -t sssd-softhsm2-backups-XXXXXX 520s + backupsdir=/tmp/sssd-softhsm2-backups-M9hIjw 520s + '[' -e /etc/sssd/sssd.conf ']' 520s + delete_paths+=("$1") 520s + rm -f /etc/sssd/sssd.conf 520s ++ runuser -u ubuntu -- sh -c 'echo ~' 520s + user_home=/home/ubuntu 520s + mkdir -p /home/ubuntu 520s + chown ubuntu:ubuntu /home/ubuntu 520s ++ runuser -u ubuntu -- sh -c 'echo ${XDG_CONFIG_HOME:-~/.config}' 520s + user_config=/home/ubuntu/.config 520s + system_config=/etc 520s + softhsm2_conf_paths=("${AUTOPKGTEST_NORMAL_USER}:$user_config/softhsm2/softhsm2.conf" "root:$system_config/softhsm/softhsm2.conf") 520s + for path_pair in "${softhsm2_conf_paths[@]}" 520s + IFS=: 520s + read -r -a path 520s + path=/home/ubuntu/.config/softhsm2/softhsm2.conf 520s + backup_file /home/ubuntu/.config/softhsm2/softhsm2.conf 520s + '[' -z /tmp/sssd-softhsm2-backups-M9hIjw ']' 520s + '[' -e /home/ubuntu/.config/softhsm2/softhsm2.conf ']' 520s + delete_paths+=("$1") 520s + rm -f /home/ubuntu/.config/softhsm2/softhsm2.conf 520s + for path_pair in "${softhsm2_conf_paths[@]}" 520s + IFS=: 520s + read -r -a path 520s + path=/etc/softhsm/softhsm2.conf 520s + backup_file /etc/softhsm/softhsm2.conf 520s + '[' -z /tmp/sssd-softhsm2-backups-M9hIjw ']' 520s + '[' -e /etc/softhsm/softhsm2.conf ']' 520s ++ dirname /etc/softhsm/softhsm2.conf 520s + local back_dir=/tmp/sssd-softhsm2-backups-M9hIjw//etc/softhsm 520s ++ basename /etc/softhsm/softhsm2.conf 520s + local back_path=/tmp/sssd-softhsm2-backups-M9hIjw//etc/softhsm/softhsm2.conf 520s + '[' '!' -e /tmp/sssd-softhsm2-backups-M9hIjw//etc/softhsm/softhsm2.conf ']' 520s + mkdir -p /tmp/sssd-softhsm2-backups-M9hIjw//etc/softhsm 520s + cp -a /etc/softhsm/softhsm2.conf /tmp/sssd-softhsm2-backups-M9hIjw//etc/softhsm/softhsm2.conf 520s + restore_paths+=("$back_path") 520s + rm -f /etc/softhsm/softhsm2.conf 520s + test_authentication login /tmp/sssd-softhsm2-certs-OlfYaK/softhsm2-test-root-CA-trusted-certificate-0001.conf /tmp/sssd-softhsm2-certs-OlfYaK/test-full-chain-CA.pem 520s + pam_service=login 520s + certificate_config=/tmp/sssd-softhsm2-certs-OlfYaK/softhsm2-test-root-CA-trusted-certificate-0001.conf 520s + ca_db=/tmp/sssd-softhsm2-certs-OlfYaK/test-full-chain-CA.pem 520s + verification_options= 520s + mkdir -p -m 700 /etc/sssd 520s + echo 'Using CA DB '\''/tmp/sssd-softhsm2-certs-OlfYaK/test-full-chain-CA.pem'\'' with verification options: '\'''\''' 520s + cat 520s Using CA DB '/tmp/sssd-softhsm2-certs-OlfYaK/test-full-chain-CA.pem' with verification options: '' 520s + chmod 600 /etc/sssd/sssd.conf 520s + for path_pair in "${softhsm2_conf_paths[@]}" 520s + IFS=: 520s + read -r -a path 520s + user=ubuntu 520s + path=/home/ubuntu/.config/softhsm2/softhsm2.conf 520s ++ dirname /home/ubuntu/.config/softhsm2/softhsm2.conf 520s + runuser -u ubuntu -- mkdir -p /home/ubuntu/.config/softhsm2 520s Label: Test Organization Root Tr Token 520s + runuser -u ubuntu -- ln -sf /tmp/sssd-softhsm2-certs-OlfYaK/softhsm2-test-root-CA-trusted-certificate-0001.conf /home/ubuntu/.config/softhsm2/softhsm2.conf 520s + runuser -u ubuntu -- softhsm2-util --show-slots 520s + grep 'Test Organization' 520s + for path_pair in "${softhsm2_conf_paths[@]}" 520s + IFS=: 520s + read -r -a path 520s + user=root 520s + path=/etc/softhsm/softhsm2.conf 520s ++ dirname /etc/softhsm/softhsm2.conf 520s + runuser -u root -- mkdir -p /etc/softhsm 520s + runuser -u root -- ln -sf /tmp/sssd-softhsm2-certs-OlfYaK/softhsm2-test-root-CA-trusted-certificate-0001.conf /etc/softhsm/softhsm2.conf 520s + runuser -u root -- softhsm2-util --show-slots 520s + grep 'Test Organization' 520s Label: Test Organization Root Tr Token 520s + systemctl restart sssd 520s + pam-auth-update --disable sss-smart-card-optional sss-smart-card-required 520s + for alternative in "${alternative_pam_configs[@]}" 520s + pam-auth-update --enable sss-smart-card-optional 520s + cat /etc/pam.d/common-auth 520s # 520s # /etc/pam.d/common-auth - authentication settings common to all services 520s # 520s # This file is included from other service-specific PAM config files, 520s # and should contain a list of the authentication modules that define 520s # the central authentication scheme for use on the system 520s # (e.g., /etc/shadow, LDAP, Kerberos, etc.). The default is to use the 520s # traditional Unix authentication mechanisms. 520s # 520s # As of pam 1.0.1-6, this file is managed by pam-auth-update by default. 520s # To take advantage of this, it is recommended that you configure any 520s # local modules either before or after the default block, and use 520s # pam-auth-update to manage selection of other modules. See 520s # pam-auth-update(8) for details. 520s 520s # here are the per-package modules (the "Primary" block) 520s auth [success=3 default=ignore] pam_sss.so allow_missing_name try_cert_auth 520s auth [success=2 default=ignore] pam_unix.so nullok try_first_pass 520s auth [success=1 default=ignore] pam_sss.so use_first_pass 520s # here's the fallback if no module succeeds 520s auth requisite pam_deny.so 520s # prime the stack with a positive return value if there isn't one already; 520s # this avoids us returning an error just because nothing sets a success code 520s # since the modules above will each just jump around 520s auth required pam_permit.so 520s # and here are more per-package modules (the "Additional" block) 520s auth optional pam_cap.so 520s # end of pam-auth-update config 520s + echo -n -e 123456 520s + runuser -u ubuntu -- pamtester -v login ubuntu authenticate 520s pamtester: invoking pam_start(login, ubuntu, ...) 520s pamtester: performing operation - authenticate 520s PIN for Test Organization Root Tr Token: pamtester: successfully authenticated 520s + echo -n -e 123456 520s + runuser -u ubuntu -- pamtester -v login '' authenticate 520s pamtester: invoking pam_start(login, , ...) 520s pamtester: performing operation - authenticate 520s PIN for Test Organization Root Tr Token: pamtester: successfully authenticated 520s + echo -n -e wrong123456 520s + runuser -u ubuntu -- pamtester -v login ubuntu authenticate 520s pamtester: invoking pam_start(login, ubuntu, ...) 520s pamtester: performing operation - authenticate 524s PIN for Test Organization Root Tr Token: Password: pamtester: Authentication failure 524s + echo -n -e wrong123456 524s + runuser -u ubuntu -- pamtester -v login '' authenticate 524s pamtester: invoking pam_start(login, , ...) 524s pamtester: performing operation - authenticate 527s PIN for Test Organization Root Tr Token: Password: pamtester: Authentication failure 527s + echo -n -e 123456 527s + pamtester -v login root authenticate 527s pamtester: invoking pam_start(login, root, ...) 527s pamtester: performing operation - authenticate 529s Password: pamtester: Authentication failure 529s + for alternative in "${alternative_pam_configs[@]}" 529s + pam-auth-update --enable sss-smart-card-required 529s PAM configuration 529s ----------------- 529s 529s Incompatible PAM profiles selected. 529s 529s The following PAM profiles cannot be used together: 529s 529s SSS required smart card authentication, SSS optional smart card 529s authentication 529s 529s Please select a different set of modules to enable. 529s 529s + cat /etc/pam.d/common-auth 529s + echo -n -e 123456 529s # 529s # /etc/pam.d/common-auth - authentication settings common to all services 529s # 529s # This file is included from other service-specific PAM config files, 529s # and should contain a list of the authentication modules that define 529s # the central authentication scheme for use on the system 529s # (e.g., /etc/shadow, LDAP, Kerberos, etc.). The default is to use the 529s # traditional Unix authentication mechanisms. 529s # 529s # As of pam 1.0.1-6, this file is managed by pam-auth-update by default. 529s # To take advantage of this, it is recommended that you configure any 529s # local modules either before or after the default block, and use 529s # pam-auth-update to manage selection of other modules. See 529s # pam-auth-update(8) for details. 529s 529s # here are the per-package modules (the "Primary" block) 529s auth [success=3 ignore=ignore default=die] pam_sss.so allow_missing_name require_cert_auth 529s auth [success=2 default=ignore] pam_unix.so nullok try_first_pass 529s auth [success=1 default=ignore] pam_sss.so use_first_pass 529s # here's the fallback if no module succeeds 529s auth requisite pam_deny.so 529s # prime the stack with a positive return value if there isn't one already; 529s # this avoids us returning an error just because nothing sets a success code 529s # since the modules above will each just jump around 529s auth required pam_permit.so 529s # and here are more per-package modules (the "Additional" block) 529s auth optional pam_cap.so 529s # end of pam-auth-update config 529s + runuser -u ubuntu -- pamtester -v login ubuntu authenticate 529s pamtester: invoking pam_start(login, ubuntu, ...) 529s pamtester: performing operation - authenticate 529s PIN for Test Organization Root Tr Token: pamtester: successfully authenticated 529s + echo -n -e 123456 529s + runuser -u ubuntu -- pamtester -v login '' authenticate 529s pamtester: invoking pam_start(login, , ...) 529s pamtester: performing operation - authenticate 529s PIN for Test Organization Root Tr Token: pamtester: successfully authenticated 529s + echo -n -e wrong123456 529s + runuser -u ubuntu -- pamtester -v login ubuntu authenticate 529s pamtester: invoking pam_start(login, ubuntu, ...) 529s pamtester: performing operation - authenticate 532s PIN for Test Organization Root Tr Token: pamtester: Authentication failure 532s + echo -n -e wrong123456 532s + runuser -u ubuntu -- pamtester -v login '' authenticate 532s pamtester: invoking pam_start(login, , ...) 532s pamtester: performing operation - authenticate 536s PIN for Test Organization Root Tr Token: pamtester: Authentication failure 536s + echo -n -e 123456 536s + pamtester -v login root authenticate 536s pamtester: invoking pam_start(login, root, ...) 536s pamtester: performing operation - authenticate 539s pamtester: Authentication service cannot retrieve authentication info 539s + test_authentication login /tmp/sssd-softhsm2-certs-OlfYaK/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf /tmp/sssd-softhsm2-certs-OlfYaK/test-full-chain-CA.pem 539s + pam_service=login 539s + certificate_config=/tmp/sssd-softhsm2-certs-OlfYaK/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 539s + ca_db=/tmp/sssd-softhsm2-certs-OlfYaK/test-full-chain-CA.pem 539s + verification_options= 539s + mkdir -p -m 700 /etc/sssd 539s Using CA DB '/tmp/sssd-softhsm2-certs-OlfYaK/test-full-chain-CA.pem' with verification options: '' 539s + echo 'Using CA DB '\''/tmp/sssd-softhsm2-certs-OlfYaK/test-full-chain-CA.pem'\'' with verification options: '\'''\''' 539s + cat 539s Label: Test Organization Sub Int Token 539s Label: Test Organization Sub Int Token 539s + chmod 600 /etc/sssd/sssd.conf 539s + for path_pair in "${softhsm2_conf_paths[@]}" 539s + IFS=: 539s + read -r -a path 539s + user=ubuntu 539s + path=/home/ubuntu/.config/softhsm2/softhsm2.conf 539s ++ dirname /home/ubuntu/.config/softhsm2/softhsm2.conf 539s + runuser -u ubuntu -- mkdir -p /home/ubuntu/.config/softhsm2 539s + runuser -u ubuntu -- ln -sf /tmp/sssd-softhsm2-certs-OlfYaK/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf /home/ubuntu/.config/softhsm2/softhsm2.conf 539s + runuser -u ubuntu -- softhsm2-util --show-slots 539s + grep 'Test Organization' 539s + for path_pair in "${softhsm2_conf_paths[@]}" 539s + IFS=: 539s + read -r -a path 539s + user=root 539s + path=/etc/softhsm/softhsm2.conf 539s ++ dirname /etc/softhsm/softhsm2.conf 539s + runuser -u root -- mkdir -p /etc/softhsm 539s + runuser -u root -- ln -sf /tmp/sssd-softhsm2-certs-OlfYaK/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf /etc/softhsm/softhsm2.conf 539s + runuser -u root -- softhsm2-util --show-slots 539s + grep 'Test Organization' 539s + systemctl restart sssd 539s + pam-auth-update --disable sss-smart-card-optional sss-smart-card-required 539s + for alternative in "${alternative_pam_configs[@]}" 539s + pam-auth-update --enable sss-smart-card-optional 539s # 539s # /etc/pam.d/common-auth - authentication settings common to all services 539s # 539s # This file is included from other service-specific PAM config files, 539s # and should contain a list of the authentication modules that define 539s # the central authentication scheme for use on the system 539s # (e.g., /etc/shadow, LDAP, Kerberos, etc.). The default is to use the 539s # traditional Unix authentication mechanisms. 539s # 539s # As of pam 1.0.1-6, this file is managed by pam-auth-update by default. 539s # To take advantage of this, it is recommended that you configure any 539s # local modules either before or after the default block, and use 539s # pam-auth-update to manage selection of other modules. See 539s # pam-auth-update(8) for details. 539s 539s # here are the per-package modules (the "Primary" block) 539s auth [success=3 default=ignore] pam_sss.so allow_missing_name try_cert_auth 539s auth [success=2 default=ignore] pam_unix.so nullok try_first_pass 539s auth [success=1 default=ignore] pam_sss.so use_first_pass 539s # here's the fallback if no module succeeds 539s auth requisite pam_deny.so 539s # prime the stack with a positive return value if there isn't one already; 539s # this avoids us returning an error just because nothing sets a success code 539s # since the modules above will each just jump around 539s auth required pam_permit.so 539s # and here are more per-package modules (the "Additional" block) 539s auth optional pam_cap.so 539s # end of pam-auth-update config 539s + cat /etc/pam.d/common-auth 539s + echo -n -e 123456 539s + runuser -u ubuntu -- pamtester -v login ubuntu authenticate 539s pamtester: invoking pam_start(login, ubuntu, ...) 539s pamtester: performing operation - authenticate 539s PIN for Test Organization Sub Int Token: pamtester: successfully authenticated 539s + echo -n -e 123456 539s + runuser -u ubuntu -- pamtester -v login '' authenticate 539s pamtester: invoking pam_start(login, , ...) 539s pamtester: performing operation - authenticate 539s PIN for Test Organization Sub Int Token: pamtester: successfully authenticated 539s + echo -n -e wrong123456 539s + runuser -u ubuntu -- pamtester -v login ubuntu authenticate 539s pamtester: invoking pam_start(login, ubuntu, ...) 539s pamtester: performing operation - authenticate 542s PIN for Test Organization Sub Int Token: Password: pamtester: Authentication failure 542s + echo -n -e wrong123456 542s + runuser -u ubuntu -- pamtester -v login '' authenticate 542s pamtester: invoking pam_start(login, , ...) 542s pamtester: performing operation - authenticate 545s PIN for Test Organization Sub Int Token: Password: pamtester: Authentication failure 545s + echo -n -e 123456 545s + pamtester -v login root authenticate 545s pamtester: invoking pam_start(login, root, ...) 545s pamtester: performing operation - authenticate 548s Password: pamtester: Authentication failure 548s + for alternative in "${alternative_pam_configs[@]}" 548s + pam-auth-update --enable sss-smart-card-required 548s PAM configuration 548s ----------------- 548s 548s Incompatible PAM profiles selected. 548s 548s The following PAM profiles cannot be used together: 548s 548s SSS required smart card authentication, SSS optional smart card 548s authentication 548s 548s Please select a different set of modules to enable. 548s 548s + cat /etc/pam.d/common-auth 548s # 548s # /etc/pam.d/common-auth - authentication settings common to all services 548s # 548s # This file is included from other service-specific PAM config files, 548s # and should contain a list of the authentication modules that define 548s # the central authentication scheme for use on the system 548s # (e.g., /etc/shadow, LDAP, Kerberos, etc.). The default is to use the 548s # traditional Unix authentication mechanisms. 548s # 548s # As of pam 1.0.1-6, this file is managed by pam-auth-update by default. 548s # To take advantage of this, it is recommended that you configure any 548s # local modules either before or after the default block, and use 548s # pam-auth-update to manage selection of other modules. See 548s # pam-auth-update(8) for details. 548s 548s # here are the per-package modules (the "Primary" block) 548s auth [success=3 ignore=ignore default=die] pam_sss.so allow_missing_name require_cert_auth 548s auth [success=2 default=ignore] pam_unix.so nullok try_first_pass 548s auth [success=1 default=ignore] pam_sss.so use_first_pass 548s # here's the fallback if no module succeeds 548s auth requisite pam_deny.so 548s # prime the stack with a positive return value if there isn't one already; 548s # this avoids us returning an error just because nothing sets a success code 548s # since the modules above will each just jump around 548s auth required pam_permit.so 548s # and here are more per-package modules (the "Additional" block) 548s auth optional pam_cap.so 548s # end of pam-auth-update config 548s + echo -n -e 123456 548s + runuser -u ubuntu -- pamtester -v login ubuntu authenticate 548s pamtester: invoking pam_start(login, ubuntu, ...) 548s pamtester: performing operation - authenticate 548s PIN for Test Organization Sub Int Token: pamtester: successfully authenticated 548s + echo -n -e 123456 548s + runuser -u ubuntu -- pamtester -v login '' authenticate 548s pamtester: invoking pam_start(login, , ...) 548s pamtester: performing operation - authenticate 548s PIN for Test Organization Sub Int Token: pamtester: successfully authenticated 548s + echo -n -e wrong123456 548s + runuser -u ubuntu -- pamtester -v login ubuntu authenticate 548s pamtester: invoking pam_start(login, ubuntu, ...) 548s pamtester: performing operation - authenticate 551s PIN for Test Organization Sub Int Token: pamtester: Authentication failure 551s + echo -n -e wrong123456 551s + runuser -u ubuntu -- pamtester -v login '' authenticate 551s pamtester: invoking pam_start(login, , ...) 551s pamtester: performing operation - authenticate 553s PIN for Test Organization Sub Int Token: pamtester: Authentication failure 553s + echo -n -e 123456 553s + pamtester -v login root authenticate 553s pamtester: invoking pam_start(login, root, ...) 553s pamtester: performing operation - authenticate 556s pamtester: Authentication service cannot retrieve authentication info 556s + test_authentication login /tmp/sssd-softhsm2-certs-OlfYaK/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf /tmp/sssd-softhsm2-certs-OlfYaK/test-sub-intermediate-CA.pem partial_chain 556s + pam_service=login 556s + certificate_config=/tmp/sssd-softhsm2-certs-OlfYaK/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 556s + ca_db=/tmp/sssd-softhsm2-certs-OlfYaK/test-sub-intermediate-CA.pem 556s + verification_options=partial_chain 556s + mkdir -p -m 700 /etc/sssd 556s + echo 'Using CA DB '\''/tmp/sssd-softhsm2-certs-OlfYaK/test-sub-intermediate-CA.pem'\'' with verification options: '\''partial_chain'\''' 556s + cat 556s Using CA DB '/tmp/sssd-softhsm2-certs-OlfYaK/test-sub-intermediate-CA.pem' with verification options: 'partial_chain' 556s Label: Test Organization Sub Int Token 556s Label: Test Organization Sub Int Token 556s + chmod 600 /etc/sssd/sssd.conf 556s + for path_pair in "${softhsm2_conf_paths[@]}" 556s + IFS=: 556s + read -r -a path 556s + user=ubuntu 556s + path=/home/ubuntu/.config/softhsm2/softhsm2.conf 556s ++ dirname /home/ubuntu/.config/softhsm2/softhsm2.conf 556s + runuser -u ubuntu -- mkdir -p /home/ubuntu/.config/softhsm2 556s + runuser -u ubuntu -- ln -sf /tmp/sssd-softhsm2-certs-OlfYaK/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf /home/ubuntu/.config/softhsm2/softhsm2.conf 556s + runuser -u ubuntu -- softhsm2-util --show-slots 556s + grep 'Test Organization' 556s + for path_pair in "${softhsm2_conf_paths[@]}" 556s + IFS=: 556s + read -r -a path 556s + user=root 556s + path=/etc/softhsm/softhsm2.conf 556s ++ dirname /etc/softhsm/softhsm2.conf 556s + runuser -u root -- mkdir -p /etc/softhsm 556s + runuser -u root -- ln -sf /tmp/sssd-softhsm2-certs-OlfYaK/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf /etc/softhsm/softhsm2.conf 556s + runuser -u root -- softhsm2-util --show-slots 556s + grep 'Test Organization' 556s + systemctl restart sssd 556s + pam-auth-update --disable sss-smart-card-optional sss-smart-card-required 557s + for alternative in "${alternative_pam_configs[@]}" 557s + pam-auth-update --enable sss-smart-card-optional 557s # 557s # /etc/pam.d/common-auth - authentication settings common to all services 557s # 557s # This file is included from other service-specific PAM config files, 557s # and should contain a list of the authentication modules that define 557s # the central authentication scheme for use on the system 557s # (e.g., /etc/shadow, LDAP, Kerberos, etc.). The default is to use the 557s # traditional Unix authentication mechanisms. 557s # 557s # As of pam 1.0.1-6, this file is managed by pam-auth-update by default. 557s # To take advantage of this, it is recommended that you configure any 557s # local modules either before or after the default block, and use 557s # pam-auth-update to manage selection of other modules. See 557s # pam-auth-update(8) for details. 557s 557s # here are the per-package modules (the "Primary" block) 557s auth [success=3 default=ignore] pam_sss.so allow_missing_name try_cert_auth 557s auth [success=2 default=ignore] pam_unix.so nullok try_first_pass 557s auth [success=1 default=ignore] pam_sss.so use_first_pass 557s # here's the fallback if no module succeeds 557s auth requisite pam_deny.so 557s # prime the stack with a positive return value if there isn't one already; 557s # this avoids us returning an error just because nothing sets a success code 557s # since the modules above will each just jump around 557s auth required pam_permit.so 557s # and here are more per-package modules (the "Additional" block) 557s auth optional pam_cap.so 557s # end of pam-auth-update config 557s + cat /etc/pam.d/common-auth 557s + echo -n -e 123456 557s + runuser -u ubuntu -- pamtester -v login ubuntu authenticate 557s pamtester: invoking pam_start(login, ubuntu, ...) 557s pamtester: performing operation - authenticate 557s PIN for Test Organization Sub Int Token: pamtester: successfully authenticated 557s + echo -n -e 123456 557s + runuser -u ubuntu -- pamtester -v login '' authenticate 557s pamtester: invoking pam_start(login, , ...) 557s pamtester: performing operation - authenticate 557s PIN for Test Organization Sub Int Token: pamtester: successfully authenticated 557s + echo -n -e wrong123456 557s + runuser -u ubuntu -- pamtester -v login ubuntu authenticate 557s pamtester: invoking pam_start(login, ubuntu, ...) 557s pamtester: performing operation - authenticate 560s PIN for Test Organization Sub Int Token: Password: pamtester: Authentication failure 560s + echo -n -e wrong123456 560s + runuser -u ubuntu -- pamtester -v login '' authenticate 560s pamtester: invoking pam_start(login, , ...) 560s pamtester: performing operation - authenticate 562s PIN for Test Organization Sub Int Token: Password: pamtester: Authentication failure 562s + echo -n -e 123456 562s + pamtester -v login root authenticate 562s pamtester: invoking pam_start(login, root, ...) 562s pamtester: performing operation - authenticate 565s Password: pamtester: Authentication failure 565s + for alternative in "${alternative_pam_configs[@]}" 565s + pam-auth-update --enable sss-smart-card-required 565s PAM configuration 565s ----------------- 565s 565s Incompatible PAM profiles selected. 565s 565s The following PAM profiles cannot be used together: 565s 565s SSS required smart card authentication, SSS optional smart card 565s authentication 565s 565s Please select a different set of modules to enable. 565s 565s + cat /etc/pam.d/common-auth 565s # 565s # /etc/pam.d/common-auth - authentication settings common to all services 565s # 565s # This file is included from other service-specific PAM config files, 565s # and should contain a list of the authentication modules that define 565s # the central authentication scheme for use on the system 565s # (e.g., /etc/shadow, LDAP, Kerberos, etc.). The default is to use the 565s # traditional Unix authentication mechanisms. 565s # 565s # As of pam 1.0.1-6, this file is managed by pam-auth-update by default. 565s # To take advantage of this, it is recommended that you configure any 565s # local modules either before or after the default block, and use 565s # pam-auth-update to manage selection of other modules. See 565s # pam-auth-update(8) for details. 565s 565s # here are the per-package modules (the "Primary" block) 565s auth [success=3 ignore=ignore default=die] pam_sss.so allow_missing_name require_cert_auth 565s auth [success=2 default=ignore] pam_unix.so nullok try_first_pass 565s auth [success=1 default=ignore] pam_sss.so use_first_pass 565s # here's the fallback if no module succeeds 565s auth requisite pam_deny.so 565s # prime the stack with a positive return value if there isn't one already; 565s # this avoids us returning an error just because nothing sets a success code 565s # since the modules above will each just jump around 565s auth required pam_permit.so 565s # and here are more per-package modules (the "Additional" block) 565s auth optional pam_cap.so 565s # end of pam-auth-update config 565s + echo -n -e 123456 565s + runuser -u ubuntu -- pamtester -v login ubuntu authenticate 565s pamtester: invoking pam_start(login, ubuntu, ...) 565s pamtester: performing operation - authenticate 567s PIN for Test Organization Sub Int Token: pamtester: successfully authenticated 567s + echo -n -e 123456 567s + runuser -u ubuntu -- pamtester -v login '' authenticate 567s pamtester: invoking pam_start(login, , ...) 567s pamtester: performing operation - authenticate 567s pamtester: successfully authenticated 567s PIN for Test Organization Sub Int Token: + echo -n -e wrong123456 567s + runuser -u ubuntu -- pamtester -v login ubuntu authenticate 567s pamtester: invoking pam_start(login, ubuntu, ...) 567s pamtester: performing operation - authenticate 568s PIN for Test Organization Sub Int Token: pamtester: Authentication failure 568s + echo -n -e wrong123456 568s + runuser -u ubuntu -- pamtester -v login '' authenticate 568s pamtester: invoking pam_start(login, , ...) 568s pamtester: performing operation - authenticate 572s PIN for Test Organization Sub Int Token: pamtester: Authentication failure 572s + echo -n -e 123456 572s + pamtester -v login root authenticate 572s pamtester: invoking pam_start(login, root, ...) 572s pamtester: performing operation - authenticate 575s pamtester: Authentication service cannot retrieve authentication info 575s + handle_exit 575s + exit_code=0 575s + restore_changes 575s + for path in "${restore_paths[@]}" 575s + local original_path 575s ++ realpath --strip --relative-base=/tmp/sssd-softhsm2-backups-M9hIjw /tmp/sssd-softhsm2-backups-M9hIjw//etc/softhsm/softhsm2.conf 575s + original_path=/etc/softhsm/softhsm2.conf 575s + rm /etc/softhsm/softhsm2.conf 575s + mv /tmp/sssd-softhsm2-backups-M9hIjw//etc/softhsm/softhsm2.conf /etc/softhsm/softhsm2.conf 575s + for path in "${delete_paths[@]}" 575s + rm -f /etc/sssd/sssd.conf 575s + for path in "${delete_paths[@]}" 575s + rm -f /home/ubuntu/.config/softhsm2/softhsm2.conf 575s + pam-auth-update --disable sss-smart-card-optional sss-smart-card-required 575s + '[' -e /etc/sssd/sssd.conf ']' 575s + systemctl stop sssd 575s + '[' -e /etc/softhsm/softhsm2.conf ']' 575s + chmod 600 /etc/softhsm/softhsm2.conf 575s + rm -rf /tmp/sssd-softhsm2-certs-OlfYaK 575s + '[' 0 = 0 ']' 575s + rm -rf /tmp/sssd-softhsm2-backups-M9hIjw 575s + set +x 575s Script completed successfully! 575s autopkgtest [07:29:40]: test sssd-smart-card-pam-auth-configs: -----------------------] 576s autopkgtest [07:29:41]: test sssd-smart-card-pam-auth-configs: - - - - - - - - - - results - - - - - - - - - - 576s sssd-smart-card-pam-auth-configs PASS 576s autopkgtest [07:29:41]: @@@@@@@@@@@@@@@@@@@@ summary 576s ldap-user-group-ldap-auth PASS 576s ldap-user-group-krb5-auth PASS 576s sssd-softhism2-certificates-tests.sh PASS 576s sssd-smart-card-pam-auth-configs PASS 591s Creating nova instance adt-noble-s390x-sssd-20240324-072005-juju-7f2275-prod-proposed-migration-environment-2 from image adt/ubuntu-noble-s390x-server-20240324.img (UUID e13d5247-1289-46d4-b3a9-3aa9fa45fdc9)... 591s Creating nova instance adt-noble-s390x-sssd-20240324-072005-juju-7f2275-prod-proposed-migration-environment-2 from image adt/ubuntu-noble-s390x-server-20240324.img (UUID e13d5247-1289-46d4-b3a9-3aa9fa45fdc9)...