0s autopkgtest [12:40:57]: starting date and time: 2024-03-26 12:40:57+0000 0s autopkgtest [12:40:57]: git checkout: 4a1cd702 l/adt_testbed: don't blame the testbed for unsolvable build deps 0s autopkgtest [12:40:57]: host juju-7f2275-prod-proposed-migration-environment-2; command line: /home/ubuntu/autopkgtest/runner/autopkgtest --output-dir /tmp/autopkgtest-work.zmsc_3gs/out --timeout-copy=6000 --setup-commands /home/ubuntu/autopkgtest-cloud/worker-config-production/setup-canonical.sh --setup-commands /home/ubuntu/autopkgtest/setup-commands/setup-testbed --apt-pocket=proposed --apt-upgrade sssd --timeout-short=300 --timeout-copy=20000 --timeout-build=20000 '--env=ADT_TEST_TRIGGERS=systemd/255.4-1ubuntu5 openldap/2.6.7+dfsg-1~exp1ubuntu6 python3-defaults/3.12.2-0ubuntu1' -- ssh -s /home/ubuntu/autopkgtest/ssh-setup/nova -- --flavor autopkgtest --security-groups autopkgtest-juju-7f2275-prod-proposed-migration-environment-2@bos02-s390x-15.secgroup --name adt-noble-s390x-sssd-20240326-124056-juju-7f2275-prod-proposed-migration-environment-2-da4e4e7f-2d29-4b10-ab76-8173b6a7841d --image adt/ubuntu-noble-s390x-server --keyname testbed-juju-7f2275-prod-proposed-migration-environment-2 --net-id=net_prod-proposed-migration -e TERM=linux -e ''"'"'http_proxy=http://squid.internal:3128'"'"'' -e ''"'"'https_proxy=http://squid.internal:3128'"'"'' -e ''"'"'no_proxy=127.0.0.1,127.0.1.1,login.ubuntu.com,localhost,localdomain,novalocal,internal,archive.ubuntu.com,ports.ubuntu.com,security.ubuntu.com,ddebs.ubuntu.com,changelogs.ubuntu.com,launchpadlibrarian.net,launchpadcontent.net,launchpad.net,10.24.0.0/24,keystone.ps5.canonical.com,objectstorage.prodstack5.canonical.com'"'"'' --mirror=http://ftpmaster.internal/ubuntu/ 191s autopkgtest [12:44:08]: testbed dpkg architecture: s390x 191s autopkgtest [12:44:08]: testbed apt version: 2.7.12 191s autopkgtest [12:44:08]: @@@@@@@@@@@@@@@@@@@@ test bed setup 192s Get:1 http://ftpmaster.internal/ubuntu noble-proposed InRelease [117 kB] 192s Get:2 http://ftpmaster.internal/ubuntu noble-proposed/restricted Sources [8504 B] 192s Get:3 http://ftpmaster.internal/ubuntu noble-proposed/multiverse Sources [56.0 kB] 192s Get:4 http://ftpmaster.internal/ubuntu noble-proposed/main Sources [496 kB] 192s Get:5 http://ftpmaster.internal/ubuntu noble-proposed/universe Sources [4019 kB] 192s Get:6 http://ftpmaster.internal/ubuntu noble-proposed/main s390x Packages [690 kB] 192s Get:7 http://ftpmaster.internal/ubuntu noble-proposed/main s390x c-n-f Metadata [3032 B] 192s Get:8 http://ftpmaster.internal/ubuntu noble-proposed/restricted s390x Packages [1372 B] 192s Get:9 http://ftpmaster.internal/ubuntu noble-proposed/restricted s390x c-n-f Metadata [116 B] 192s Get:10 http://ftpmaster.internal/ubuntu noble-proposed/universe s390x Packages [4128 kB] 193s Get:11 http://ftpmaster.internal/ubuntu noble-proposed/universe s390x c-n-f Metadata [7292 B] 193s Get:12 http://ftpmaster.internal/ubuntu noble-proposed/multiverse s390x Packages [47.8 kB] 193s Get:13 http://ftpmaster.internal/ubuntu noble-proposed/multiverse s390x c-n-f Metadata [116 B] 195s Fetched 9575 kB in 2s (3921 kB/s) 195s Reading package lists... 197s Reading package lists... 197s Building dependency tree... 197s Reading state information... 198s Calculating upgrade... 198s 0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded. 198s Reading package lists... 198s Building dependency tree... 198s Reading state information... 198s 0 upgraded, 0 newly installed, 0 to remove and 244 not upgraded. 198s Unknown architecture, assuming PC-style ttyS0 199s sh: Attempting to set up Debian/Ubuntu apt sources automatically 199s sh: Distribution appears to be Ubuntu 199s Reading package lists... 200s Building dependency tree... 200s Reading state information... 200s eatmydata is already the newest version (131-1). 200s 0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded. 200s Reading package lists... 200s Building dependency tree... 200s Reading state information... 200s dbus is already the newest version (1.14.10-4ubuntu1). 200s 0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded. 200s Reading package lists... 200s Building dependency tree... 200s Reading state information... 201s rng-tools-debian is already the newest version (2.4). 201s 0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded. 201s Reading package lists... 201s Building dependency tree... 201s Reading state information... 201s The following packages will be REMOVED: 201s cloud-init* python3-configobj* python3-debconf* 201s 0 upgraded, 0 newly installed, 3 to remove and 0 not upgraded. 201s After this operation, 3256 kB disk space will be freed. 201s (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 52170 files and directories currently installed.) 201s Removing cloud-init (24.1.2-0ubuntu1) ... 202s Removing python3-configobj (5.0.8-3) ... 202s Removing python3-debconf (1.5.86) ... 202s Processing triggers for man-db (2.12.0-3) ... 202s (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 51781 files and directories currently installed.) 202s Purging configuration files for cloud-init (24.1.2-0ubuntu1) ... 203s dpkg: warning: while removing cloud-init, directory '/etc/cloud/cloud.cfg.d' not empty so not removed 203s Processing triggers for rsyslog (8.2312.0-3ubuntu3) ... 203s invoke-rc.d: policy-rc.d denied execution of try-restart. 203s Reading package lists... 203s Building dependency tree... 203s Reading state information... 203s linux-generic is already the newest version (6.8.0-11.11+1). 203s 0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded. 204s Hit:1 http://ftpmaster.internal/ubuntu noble InRelease 204s Hit:2 http://ftpmaster.internal/ubuntu noble-updates InRelease 204s Hit:3 http://ftpmaster.internal/ubuntu noble-security InRelease 205s Reading package lists... 206s Reading package lists... 206s Building dependency tree... 206s Reading state information... 206s Calculating upgrade... 206s 0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded. 206s Reading package lists... 206s Building dependency tree... 206s Reading state information... 206s 0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded. 206s autopkgtest [12:44:23]: rebooting testbed after setup commands that affected boot 225s autopkgtest [12:44:42]: testbed running kernel: Linux 6.8.0-11-generic #11-Ubuntu SMP Tue Feb 13 23:45:46 UTC 2024 227s autopkgtest [12:44:44]: @@@@@@@@@@@@@@@@@@@@ apt-source sssd 241s Get:1 http://ftpmaster.internal/ubuntu noble/main sssd 2.9.4-1ubuntu1 (dsc) [5269 B] 241s Get:2 http://ftpmaster.internal/ubuntu noble/main sssd 2.9.4-1ubuntu1 (tar) [7983 kB] 241s Get:3 http://ftpmaster.internal/ubuntu noble/main sssd 2.9.4-1ubuntu1 (asc) [833 B] 241s Get:4 http://ftpmaster.internal/ubuntu noble/main sssd 2.9.4-1ubuntu1 (diff) [48.4 kB] 241s gpgv: Signature made Mon Feb 26 21:56:54 2024 UTC 241s gpgv: using RSA key E92FD0B36B14F1F4D8E0EB2F106DA1C8C3CBBF14 241s gpgv: Can't check signature: No public key 241s dpkg-source: warning: cannot verify inline signature for ./sssd_2.9.4-1ubuntu1.dsc: no acceptable signature found 242s autopkgtest [12:44:59]: testing package sssd version 2.9.4-1ubuntu1 242s autopkgtest [12:44:59]: build not needed 245s autopkgtest [12:45:02]: test ldap-user-group-ldap-auth: preparing testbed 246s Reading package lists... 246s Building dependency tree... 246s Reading state information... 246s Starting pkgProblemResolver with broken count: 0 246s Starting 2 pkgProblemResolver with broken count: 0 246s Done 247s The following additional packages will be installed: 247s expect ldap-utils libavahi-client3 libavahi-common-data libavahi-common3 247s libbasicobjects0 libc-ares2 libcollection4 libcrack2 libdhash1 247s libevent-2.1-7 libini-config5 libipa-hbac-dev libipa-hbac0 libjose0 libkrad0 247s libldb2 libltdl7 libnfsidmap1 libnss-sss libnss-sudo libodbc2 247s libpam-pwquality libpam-sss libpath-utils1 libpwquality-common libpwquality1 247s libref-array1 libsmbclient libsss-certmap-dev libsss-certmap0 247s libsss-idmap-dev libsss-idmap0 libsss-nss-idmap-dev libsss-nss-idmap0 247s libsss-sudo libtalloc2 libtcl8.6 libtdb1 libtevent0 libverto-libevent1 247s libverto1 libwbclient0 python3-libipa-hbac python3-libsss-nss-idmap 247s python3-sss samba-libs slapd sssd sssd-ad sssd-ad-common sssd-common 247s sssd-dbus sssd-idp sssd-ipa sssd-kcm sssd-krb5 sssd-krb5-common sssd-ldap 247s sssd-passkey sssd-proxy sssd-tools tcl-expect tcl8.6 247s Suggested packages: 247s tk8.6 libsasl2-modules-gssapi-mit | libsasl2-modules-gssapi-heimdal 247s odbc-postgresql tdsodbc adcli libsasl2-modules-ldap tcl-tclreadline 247s Recommended packages: 247s cracklib-runtime libsasl2-modules-gssapi-mit 247s | libsasl2-modules-gssapi-heimdal 247s The following NEW packages will be installed: 247s autopkgtest-satdep expect ldap-utils libavahi-client3 libavahi-common-data 247s libavahi-common3 libbasicobjects0 libc-ares2 libcollection4 libcrack2 247s libdhash1 libevent-2.1-7 libini-config5 libipa-hbac-dev libipa-hbac0 247s libjose0 libkrad0 libldb2 libltdl7 libnfsidmap1 libnss-sss libnss-sudo 247s libodbc2 libpam-pwquality libpam-sss libpath-utils1 libpwquality-common 247s libpwquality1 libref-array1 libsmbclient libsss-certmap-dev libsss-certmap0 247s libsss-idmap-dev libsss-idmap0 libsss-nss-idmap-dev libsss-nss-idmap0 247s libsss-sudo libtalloc2 libtcl8.6 libtdb1 libtevent0 libverto-libevent1 247s libverto1 libwbclient0 python3-libipa-hbac python3-libsss-nss-idmap 247s python3-sss samba-libs slapd sssd sssd-ad sssd-ad-common sssd-common 247s sssd-dbus sssd-idp sssd-ipa sssd-kcm sssd-krb5 sssd-krb5-common sssd-ldap 247s sssd-passkey sssd-proxy sssd-tools tcl-expect tcl8.6 247s 0 upgraded, 65 newly installed, 0 to remove and 0 not upgraded. 247s Need to get 12.9 MB/12.9 MB of archives. 247s After this operation, 50.0 MB of additional disk space will be used. 247s Get:1 /tmp/autopkgtest.6h4hhi/1-autopkgtest-satdep.deb autopkgtest-satdep s390x 0 [864 B] 247s Get:2 http://ftpmaster.internal/ubuntu noble/main s390x libltdl7 s390x 2.4.7-7 [41.6 kB] 247s Get:3 http://ftpmaster.internal/ubuntu noble/main s390x libodbc2 s390x 2.3.12-1 [164 kB] 247s Get:4 http://ftpmaster.internal/ubuntu noble/main s390x slapd s390x 2.6.7+dfsg-1~exp1ubuntu1 [1617 kB] 247s Get:5 http://ftpmaster.internal/ubuntu noble/main s390x libtcl8.6 s390x 8.6.13+dfsg-2 [948 kB] 247s Get:6 http://ftpmaster.internal/ubuntu noble/main s390x tcl8.6 s390x 8.6.13+dfsg-2 [14.7 kB] 247s Get:7 http://ftpmaster.internal/ubuntu noble/universe s390x tcl-expect s390x 5.45.4-2build1 [99.7 kB] 247s Get:8 http://ftpmaster.internal/ubuntu noble/universe s390x expect s390x 5.45.4-2build1 [137 kB] 247s Get:9 http://ftpmaster.internal/ubuntu noble/main s390x ldap-utils s390x 2.6.7+dfsg-1~exp1ubuntu1 [165 kB] 247s Get:10 http://ftpmaster.internal/ubuntu noble/main s390x libavahi-common-data s390x 0.8-13ubuntu2 [29.5 kB] 247s Get:11 http://ftpmaster.internal/ubuntu noble/main s390x libavahi-common3 s390x 0.8-13ubuntu2 [23.8 kB] 247s Get:12 http://ftpmaster.internal/ubuntu noble/main s390x libavahi-client3 s390x 0.8-13ubuntu2 [26.7 kB] 247s Get:13 http://ftpmaster.internal/ubuntu noble/main s390x libcrack2 s390x 2.9.6-5.1build1 [29.9 kB] 247s Get:14 http://ftpmaster.internal/ubuntu noble/main s390x libevent-2.1-7 s390x 2.1.12-stable-9 [144 kB] 247s Get:15 http://ftpmaster.internal/ubuntu noble/universe s390x libjose0 s390x 11-3 [45.2 kB] 247s Get:16 http://ftpmaster.internal/ubuntu noble/main s390x libverto-libevent1 s390x 0.3.1-1ubuntu5 [5810 B] 247s Get:17 http://ftpmaster.internal/ubuntu noble/main s390x libverto1 s390x 0.3.1-1ubuntu5 [10.6 kB] 247s Get:18 http://ftpmaster.internal/ubuntu noble/main s390x libkrad0 s390x 1.20.1-5build1 [22.0 kB] 247s Get:19 http://ftpmaster.internal/ubuntu noble/main s390x libtalloc2 s390x 2.4.2-1 [28.3 kB] 247s Get:20 http://ftpmaster.internal/ubuntu noble/main s390x libtdb1 s390x 1.4.10-1 [49.9 kB] 247s Get:21 http://ftpmaster.internal/ubuntu noble/main s390x libtevent0 s390x 0.16.1-1 [43.1 kB] 247s Get:22 http://ftpmaster.internal/ubuntu noble/main s390x libldb2 s390x 2:2.8.0+samba4.19.5+dfsg-1ubuntu1 [191 kB] 247s Get:23 http://ftpmaster.internal/ubuntu noble/main s390x libnfsidmap1 s390x 1:2.6.3-3ubuntu1 [49.0 kB] 248s Get:24 http://ftpmaster.internal/ubuntu noble/universe s390x libnss-sudo all 1.9.15p5-3ubuntu1 [14.9 kB] 248s Get:25 http://ftpmaster.internal/ubuntu noble/main s390x libpwquality-common all 1.4.5-3 [7658 B] 248s Get:26 http://ftpmaster.internal/ubuntu noble/main s390x libpwquality1 s390x 1.4.5-3 [14.7 kB] 248s Get:27 http://ftpmaster.internal/ubuntu noble/main s390x libpam-pwquality s390x 1.4.5-3 [11.6 kB] 248s Get:28 http://ftpmaster.internal/ubuntu noble/main s390x libwbclient0 s390x 2:4.19.5+dfsg-1ubuntu1 [70.3 kB] 248s Get:29 http://ftpmaster.internal/ubuntu noble/main s390x samba-libs s390x 2:4.19.5+dfsg-1ubuntu1 [6231 kB] 248s Get:30 http://ftpmaster.internal/ubuntu noble/main s390x libnss-sss s390x 2.9.4-1ubuntu1 [32.6 kB] 248s Get:31 http://ftpmaster.internal/ubuntu noble/main s390x libpam-sss s390x 2.9.4-1ubuntu1 [51.9 kB] 248s Get:32 http://ftpmaster.internal/ubuntu noble/main s390x python3-sss s390x 2.9.4-1ubuntu1 [46.6 kB] 248s Get:33 http://ftpmaster.internal/ubuntu noble/main s390x libc-ares2 s390x 1.27.0-1 [79.2 kB] 248s Get:34 http://ftpmaster.internal/ubuntu noble/main s390x libdhash1 s390x 0.6.2-2 [8648 B] 248s Get:35 http://ftpmaster.internal/ubuntu noble/main s390x libbasicobjects0 s390x 0.6.2-2 [5476 B] 248s Get:36 http://ftpmaster.internal/ubuntu noble/main s390x libcollection4 s390x 0.6.2-2 [23.2 kB] 248s Get:37 http://ftpmaster.internal/ubuntu noble/main s390x libpath-utils1 s390x 0.6.2-2 [8994 B] 248s Get:38 http://ftpmaster.internal/ubuntu noble/main s390x libref-array1 s390x 0.6.2-2 [6880 B] 248s Get:39 http://ftpmaster.internal/ubuntu noble/main s390x libini-config5 s390x 0.6.2-2 [45.3 kB] 248s Get:40 http://ftpmaster.internal/ubuntu noble/main s390x libsss-certmap0 s390x 2.9.4-1ubuntu1 [46.7 kB] 248s Get:41 http://ftpmaster.internal/ubuntu noble/main s390x libsss-idmap0 s390x 2.9.4-1ubuntu1 [22.1 kB] 248s Get:42 http://ftpmaster.internal/ubuntu noble/main s390x libsss-nss-idmap0 s390x 2.9.4-1ubuntu1 [31.4 kB] 248s Get:43 http://ftpmaster.internal/ubuntu noble/main s390x sssd-common s390x 2.9.4-1ubuntu1 [1125 kB] 248s Get:44 http://ftpmaster.internal/ubuntu noble/universe s390x sssd-idp s390x 2.9.4-1ubuntu1 [27.3 kB] 248s Get:45 http://ftpmaster.internal/ubuntu noble/universe s390x sssd-passkey s390x 2.9.4-1ubuntu1 [32.3 kB] 248s Get:46 http://ftpmaster.internal/ubuntu noble/main s390x sssd-ad-common s390x 2.9.4-1ubuntu1 [74.8 kB] 248s Get:47 http://ftpmaster.internal/ubuntu noble/main s390x sssd-krb5-common s390x 2.9.4-1ubuntu1 [90.3 kB] 248s Get:48 http://ftpmaster.internal/ubuntu noble/main s390x libsmbclient s390x 2:4.19.5+dfsg-1ubuntu1 [65.1 kB] 248s Get:49 http://ftpmaster.internal/ubuntu noble/main s390x sssd-ad s390x 2.9.4-1ubuntu1 [133 kB] 248s Get:50 http://ftpmaster.internal/ubuntu noble/main s390x libipa-hbac0 s390x 2.9.4-1ubuntu1 [16.8 kB] 248s Get:51 http://ftpmaster.internal/ubuntu noble/main s390x sssd-ipa s390x 2.9.4-1ubuntu1 [215 kB] 248s Get:52 http://ftpmaster.internal/ubuntu noble/main s390x sssd-krb5 s390x 2.9.4-1ubuntu1 [14.4 kB] 248s Get:53 http://ftpmaster.internal/ubuntu noble/main s390x sssd-ldap s390x 2.9.4-1ubuntu1 [31.0 kB] 248s Get:54 http://ftpmaster.internal/ubuntu noble/main s390x sssd-proxy s390x 2.9.4-1ubuntu1 [43.9 kB] 248s Get:55 http://ftpmaster.internal/ubuntu noble/main s390x sssd s390x 2.9.4-1ubuntu1 [4120 B] 248s Get:56 http://ftpmaster.internal/ubuntu noble/main s390x sssd-dbus s390x 2.9.4-1ubuntu1 [101 kB] 248s Get:57 http://ftpmaster.internal/ubuntu noble/universe s390x sssd-kcm s390x 2.9.4-1ubuntu1 [137 kB] 248s Get:58 http://ftpmaster.internal/ubuntu noble/main s390x sssd-tools s390x 2.9.4-1ubuntu1 [97.6 kB] 248s Get:59 http://ftpmaster.internal/ubuntu noble/main s390x libipa-hbac-dev s390x 2.9.4-1ubuntu1 [6660 B] 248s Get:60 http://ftpmaster.internal/ubuntu noble/main s390x libsss-certmap-dev s390x 2.9.4-1ubuntu1 [5734 B] 248s Get:61 http://ftpmaster.internal/ubuntu noble/main s390x libsss-idmap-dev s390x 2.9.4-1ubuntu1 [8376 B] 248s Get:62 http://ftpmaster.internal/ubuntu noble/main s390x libsss-nss-idmap-dev s390x 2.9.4-1ubuntu1 [6708 B] 248s Get:63 http://ftpmaster.internal/ubuntu noble/universe s390x libsss-sudo s390x 2.9.4-1ubuntu1 [21.3 kB] 248s Get:64 http://ftpmaster.internal/ubuntu noble/universe s390x python3-libipa-hbac s390x 2.9.4-1ubuntu1 [16.9 kB] 248s Get:65 http://ftpmaster.internal/ubuntu noble/universe s390x python3-libsss-nss-idmap s390x 2.9.4-1ubuntu1 [9140 B] 248s Preconfiguring packages ... 249s Fetched 12.9 MB in 1s (8737 kB/s) 249s Selecting previously unselected package libltdl7:s390x. 249s (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 51726 files and directories currently installed.) 249s Preparing to unpack .../00-libltdl7_2.4.7-7_s390x.deb ... 249s Unpacking libltdl7:s390x (2.4.7-7) ... 249s Selecting previously unselected package libodbc2:s390x. 249s Preparing to unpack .../01-libodbc2_2.3.12-1_s390x.deb ... 249s Unpacking libodbc2:s390x (2.3.12-1) ... 249s Selecting previously unselected package slapd. 249s Preparing to unpack .../02-slapd_2.6.7+dfsg-1~exp1ubuntu1_s390x.deb ... 249s Unpacking slapd (2.6.7+dfsg-1~exp1ubuntu1) ... 249s Selecting previously unselected package libtcl8.6:s390x. 249s Preparing to unpack .../03-libtcl8.6_8.6.13+dfsg-2_s390x.deb ... 249s Unpacking libtcl8.6:s390x (8.6.13+dfsg-2) ... 249s Selecting previously unselected package tcl8.6. 249s Preparing to unpack .../04-tcl8.6_8.6.13+dfsg-2_s390x.deb ... 249s Unpacking tcl8.6 (8.6.13+dfsg-2) ... 249s Selecting previously unselected package tcl-expect:s390x. 249s Preparing to unpack .../05-tcl-expect_5.45.4-2build1_s390x.deb ... 249s Unpacking tcl-expect:s390x (5.45.4-2build1) ... 249s Selecting previously unselected package expect. 249s Preparing to unpack .../06-expect_5.45.4-2build1_s390x.deb ... 249s Unpacking expect (5.45.4-2build1) ... 249s Selecting previously unselected package ldap-utils. 249s Preparing to unpack .../07-ldap-utils_2.6.7+dfsg-1~exp1ubuntu1_s390x.deb ... 249s Unpacking ldap-utils (2.6.7+dfsg-1~exp1ubuntu1) ... 249s Selecting previously unselected package libavahi-common-data:s390x. 249s Preparing to unpack .../08-libavahi-common-data_0.8-13ubuntu2_s390x.deb ... 249s Unpacking libavahi-common-data:s390x (0.8-13ubuntu2) ... 249s Selecting previously unselected package libavahi-common3:s390x. 249s Preparing to unpack .../09-libavahi-common3_0.8-13ubuntu2_s390x.deb ... 249s Unpacking libavahi-common3:s390x (0.8-13ubuntu2) ... 249s Selecting previously unselected package libavahi-client3:s390x. 249s Preparing to unpack .../10-libavahi-client3_0.8-13ubuntu2_s390x.deb ... 249s Unpacking libavahi-client3:s390x (0.8-13ubuntu2) ... 249s Selecting previously unselected package libcrack2:s390x. 249s Preparing to unpack .../11-libcrack2_2.9.6-5.1build1_s390x.deb ... 249s Unpacking libcrack2:s390x (2.9.6-5.1build1) ... 249s Selecting previously unselected package libevent-2.1-7:s390x. 249s Preparing to unpack .../12-libevent-2.1-7_2.1.12-stable-9_s390x.deb ... 249s Unpacking libevent-2.1-7:s390x (2.1.12-stable-9) ... 249s Selecting previously unselected package libjose0:s390x. 249s Preparing to unpack .../13-libjose0_11-3_s390x.deb ... 249s Unpacking libjose0:s390x (11-3) ... 249s Selecting previously unselected package libverto-libevent1:s390x. 249s Preparing to unpack .../14-libverto-libevent1_0.3.1-1ubuntu5_s390x.deb ... 249s Unpacking libverto-libevent1:s390x (0.3.1-1ubuntu5) ... 249s Selecting previously unselected package libverto1:s390x. 249s Preparing to unpack .../15-libverto1_0.3.1-1ubuntu5_s390x.deb ... 249s Unpacking libverto1:s390x (0.3.1-1ubuntu5) ... 249s Selecting previously unselected package libkrad0:s390x. 249s Preparing to unpack .../16-libkrad0_1.20.1-5build1_s390x.deb ... 249s Unpacking libkrad0:s390x (1.20.1-5build1) ... 249s Selecting previously unselected package libtalloc2:s390x. 249s Preparing to unpack .../17-libtalloc2_2.4.2-1_s390x.deb ... 249s Unpacking libtalloc2:s390x (2.4.2-1) ... 249s Selecting previously unselected package libtdb1:s390x. 249s Preparing to unpack .../18-libtdb1_1.4.10-1_s390x.deb ... 249s Unpacking libtdb1:s390x (1.4.10-1) ... 249s Selecting previously unselected package libtevent0:s390x. 249s Preparing to unpack .../19-libtevent0_0.16.1-1_s390x.deb ... 249s Unpacking libtevent0:s390x (0.16.1-1) ... 249s Selecting previously unselected package libldb2:s390x. 249s Preparing to unpack .../20-libldb2_2%3a2.8.0+samba4.19.5+dfsg-1ubuntu1_s390x.deb ... 249s Unpacking libldb2:s390x (2:2.8.0+samba4.19.5+dfsg-1ubuntu1) ... 249s Selecting previously unselected package libnfsidmap1:s390x. 249s Preparing to unpack .../21-libnfsidmap1_1%3a2.6.3-3ubuntu1_s390x.deb ... 249s Unpacking libnfsidmap1:s390x (1:2.6.3-3ubuntu1) ... 249s Selecting previously unselected package libnss-sudo. 249s Preparing to unpack .../22-libnss-sudo_1.9.15p5-3ubuntu1_all.deb ... 249s Unpacking libnss-sudo (1.9.15p5-3ubuntu1) ... 249s Selecting previously unselected package libpwquality-common. 249s Preparing to unpack .../23-libpwquality-common_1.4.5-3_all.deb ... 249s Unpacking libpwquality-common (1.4.5-3) ... 249s Selecting previously unselected package libpwquality1:s390x. 249s Preparing to unpack .../24-libpwquality1_1.4.5-3_s390x.deb ... 249s Unpacking libpwquality1:s390x (1.4.5-3) ... 249s Selecting previously unselected package libpam-pwquality:s390x. 249s Preparing to unpack .../25-libpam-pwquality_1.4.5-3_s390x.deb ... 249s Unpacking libpam-pwquality:s390x (1.4.5-3) ... 249s Selecting previously unselected package libwbclient0:s390x. 249s Preparing to unpack .../26-libwbclient0_2%3a4.19.5+dfsg-1ubuntu1_s390x.deb ... 249s Unpacking libwbclient0:s390x (2:4.19.5+dfsg-1ubuntu1) ... 249s Selecting previously unselected package samba-libs:s390x. 249s Preparing to unpack .../27-samba-libs_2%3a4.19.5+dfsg-1ubuntu1_s390x.deb ... 249s Unpacking samba-libs:s390x (2:4.19.5+dfsg-1ubuntu1) ... 250s Selecting previously unselected package libnss-sss:s390x. 250s Preparing to unpack .../28-libnss-sss_2.9.4-1ubuntu1_s390x.deb ... 250s Unpacking libnss-sss:s390x (2.9.4-1ubuntu1) ... 250s Selecting previously unselected package libpam-sss:s390x. 250s Preparing to unpack .../29-libpam-sss_2.9.4-1ubuntu1_s390x.deb ... 250s Unpacking libpam-sss:s390x (2.9.4-1ubuntu1) ... 250s Selecting previously unselected package python3-sss. 250s Preparing to unpack .../30-python3-sss_2.9.4-1ubuntu1_s390x.deb ... 250s Unpacking python3-sss (2.9.4-1ubuntu1) ... 250s Selecting previously unselected package libc-ares2:s390x. 250s Preparing to unpack .../31-libc-ares2_1.27.0-1_s390x.deb ... 250s Unpacking libc-ares2:s390x (1.27.0-1) ... 250s Selecting previously unselected package libdhash1:s390x. 250s Preparing to unpack .../32-libdhash1_0.6.2-2_s390x.deb ... 250s Unpacking libdhash1:s390x (0.6.2-2) ... 250s Selecting previously unselected package libbasicobjects0:s390x. 250s Preparing to unpack .../33-libbasicobjects0_0.6.2-2_s390x.deb ... 250s Unpacking libbasicobjects0:s390x (0.6.2-2) ... 250s Selecting previously unselected package libcollection4:s390x. 250s Preparing to unpack .../34-libcollection4_0.6.2-2_s390x.deb ... 250s Unpacking libcollection4:s390x (0.6.2-2) ... 250s Selecting previously unselected package libpath-utils1:s390x. 250s Preparing to unpack .../35-libpath-utils1_0.6.2-2_s390x.deb ... 250s Unpacking libpath-utils1:s390x (0.6.2-2) ... 250s Selecting previously unselected package libref-array1:s390x. 250s Preparing to unpack .../36-libref-array1_0.6.2-2_s390x.deb ... 250s Unpacking libref-array1:s390x (0.6.2-2) ... 250s Selecting previously unselected package libini-config5:s390x. 250s Preparing to unpack .../37-libini-config5_0.6.2-2_s390x.deb ... 250s Unpacking libini-config5:s390x (0.6.2-2) ... 250s Selecting previously unselected package libsss-certmap0. 250s Preparing to unpack .../38-libsss-certmap0_2.9.4-1ubuntu1_s390x.deb ... 250s Unpacking libsss-certmap0 (2.9.4-1ubuntu1) ... 250s Selecting previously unselected package libsss-idmap0. 250s Preparing to unpack .../39-libsss-idmap0_2.9.4-1ubuntu1_s390x.deb ... 250s Unpacking libsss-idmap0 (2.9.4-1ubuntu1) ... 250s Selecting previously unselected package libsss-nss-idmap0. 250s Preparing to unpack .../40-libsss-nss-idmap0_2.9.4-1ubuntu1_s390x.deb ... 250s Unpacking libsss-nss-idmap0 (2.9.4-1ubuntu1) ... 250s Selecting previously unselected package sssd-common. 250s Preparing to unpack .../41-sssd-common_2.9.4-1ubuntu1_s390x.deb ... 250s Unpacking sssd-common (2.9.4-1ubuntu1) ... 250s Selecting previously unselected package sssd-idp. 250s Preparing to unpack .../42-sssd-idp_2.9.4-1ubuntu1_s390x.deb ... 250s Unpacking sssd-idp (2.9.4-1ubuntu1) ... 250s Selecting previously unselected package sssd-passkey. 250s Preparing to unpack .../43-sssd-passkey_2.9.4-1ubuntu1_s390x.deb ... 250s Unpacking sssd-passkey (2.9.4-1ubuntu1) ... 250s Selecting previously unselected package sssd-ad-common. 250s Preparing to unpack .../44-sssd-ad-common_2.9.4-1ubuntu1_s390x.deb ... 250s Unpacking sssd-ad-common (2.9.4-1ubuntu1) ... 250s Selecting previously unselected package sssd-krb5-common. 250s Preparing to unpack .../45-sssd-krb5-common_2.9.4-1ubuntu1_s390x.deb ... 250s Unpacking sssd-krb5-common (2.9.4-1ubuntu1) ... 250s Selecting previously unselected package libsmbclient:s390x. 250s Preparing to unpack .../46-libsmbclient_2%3a4.19.5+dfsg-1ubuntu1_s390x.deb ... 250s Unpacking libsmbclient:s390x (2:4.19.5+dfsg-1ubuntu1) ... 250s Selecting previously unselected package sssd-ad. 250s Preparing to unpack .../47-sssd-ad_2.9.4-1ubuntu1_s390x.deb ... 250s Unpacking sssd-ad (2.9.4-1ubuntu1) ... 250s Selecting previously unselected package libipa-hbac0. 250s Preparing to unpack .../48-libipa-hbac0_2.9.4-1ubuntu1_s390x.deb ... 250s Unpacking libipa-hbac0 (2.9.4-1ubuntu1) ... 250s Selecting previously unselected package sssd-ipa. 250s Preparing to unpack .../49-sssd-ipa_2.9.4-1ubuntu1_s390x.deb ... 250s Unpacking sssd-ipa (2.9.4-1ubuntu1) ... 250s Selecting previously unselected package sssd-krb5. 250s Preparing to unpack .../50-sssd-krb5_2.9.4-1ubuntu1_s390x.deb ... 250s Unpacking sssd-krb5 (2.9.4-1ubuntu1) ... 250s Selecting previously unselected package sssd-ldap. 250s Preparing to unpack .../51-sssd-ldap_2.9.4-1ubuntu1_s390x.deb ... 250s Unpacking sssd-ldap (2.9.4-1ubuntu1) ... 250s Selecting previously unselected package sssd-proxy. 250s Preparing to unpack .../52-sssd-proxy_2.9.4-1ubuntu1_s390x.deb ... 250s Unpacking sssd-proxy (2.9.4-1ubuntu1) ... 250s Selecting previously unselected package sssd. 250s Preparing to unpack .../53-sssd_2.9.4-1ubuntu1_s390x.deb ... 250s Unpacking sssd (2.9.4-1ubuntu1) ... 250s Selecting previously unselected package sssd-dbus. 250s Preparing to unpack .../54-sssd-dbus_2.9.4-1ubuntu1_s390x.deb ... 250s Unpacking sssd-dbus (2.9.4-1ubuntu1) ... 250s Selecting previously unselected package sssd-kcm. 250s Preparing to unpack .../55-sssd-kcm_2.9.4-1ubuntu1_s390x.deb ... 250s Unpacking sssd-kcm (2.9.4-1ubuntu1) ... 250s Selecting previously unselected package sssd-tools. 250s Preparing to unpack .../56-sssd-tools_2.9.4-1ubuntu1_s390x.deb ... 250s Unpacking sssd-tools (2.9.4-1ubuntu1) ... 250s Selecting previously unselected package libipa-hbac-dev. 250s Preparing to unpack .../57-libipa-hbac-dev_2.9.4-1ubuntu1_s390x.deb ... 250s Unpacking libipa-hbac-dev (2.9.4-1ubuntu1) ... 250s Selecting previously unselected package libsss-certmap-dev. 250s Preparing to unpack .../58-libsss-certmap-dev_2.9.4-1ubuntu1_s390x.deb ... 250s Unpacking libsss-certmap-dev (2.9.4-1ubuntu1) ... 250s Selecting previously unselected package libsss-idmap-dev. 250s Preparing to unpack .../59-libsss-idmap-dev_2.9.4-1ubuntu1_s390x.deb ... 250s Unpacking libsss-idmap-dev (2.9.4-1ubuntu1) ... 250s Selecting previously unselected package libsss-nss-idmap-dev. 250s Preparing to unpack .../60-libsss-nss-idmap-dev_2.9.4-1ubuntu1_s390x.deb ... 250s Unpacking libsss-nss-idmap-dev (2.9.4-1ubuntu1) ... 250s Selecting previously unselected package libsss-sudo. 250s Preparing to unpack .../61-libsss-sudo_2.9.4-1ubuntu1_s390x.deb ... 250s Unpacking libsss-sudo (2.9.4-1ubuntu1) ... 250s Selecting previously unselected package python3-libipa-hbac. 250s Preparing to unpack .../62-python3-libipa-hbac_2.9.4-1ubuntu1_s390x.deb ... 250s Unpacking python3-libipa-hbac (2.9.4-1ubuntu1) ... 250s Selecting previously unselected package python3-libsss-nss-idmap. 250s Preparing to unpack .../63-python3-libsss-nss-idmap_2.9.4-1ubuntu1_s390x.deb ... 250s Unpacking python3-libsss-nss-idmap (2.9.4-1ubuntu1) ... 250s Selecting previously unselected package autopkgtest-satdep. 250s Preparing to unpack .../64-1-autopkgtest-satdep.deb ... 250s Unpacking autopkgtest-satdep (0) ... 250s Setting up libpwquality-common (1.4.5-3) ... 250s Setting up libpath-utils1:s390x (0.6.2-2) ... 250s Setting up libnfsidmap1:s390x (1:2.6.3-3ubuntu1) ... 250s Setting up libsss-idmap0 (2.9.4-1ubuntu1) ... 250s Setting up libbasicobjects0:s390x (0.6.2-2) ... 250s Setting up libsss-idmap-dev (2.9.4-1ubuntu1) ... 250s Setting up libtdb1:s390x (1.4.10-1) ... 250s Setting up libc-ares2:s390x (1.27.0-1) ... 250s Setting up ldap-utils (2.6.7+dfsg-1~exp1ubuntu1) ... 250s Setting up libjose0:s390x (11-3) ... 250s Setting up libwbclient0:s390x (2:4.19.5+dfsg-1ubuntu1) ... 250s Setting up libtalloc2:s390x (2.4.2-1) ... 250s Setting up libdhash1:s390x (0.6.2-2) ... 250s Setting up libtevent0:s390x (0.16.1-1) ... 250s Setting up libavahi-common-data:s390x (0.8-13ubuntu2) ... 250s Setting up libevent-2.1-7:s390x (2.1.12-stable-9) ... 250s Setting up libtcl8.6:s390x (8.6.13+dfsg-2) ... 250s Setting up libltdl7:s390x (2.4.7-7) ... 250s Setting up libcrack2:s390x (2.9.6-5.1build1) ... 250s Setting up libcollection4:s390x (0.6.2-2) ... 250s Setting up libodbc2:s390x (2.3.12-1) ... 250s Setting up libipa-hbac0 (2.9.4-1ubuntu1) ... 250s Setting up python3-libipa-hbac (2.9.4-1ubuntu1) ... 250s Setting up libref-array1:s390x (0.6.2-2) ... 250s Setting up libnss-sudo (1.9.15p5-3ubuntu1) ... 250s Setting up libldb2:s390x (2:2.8.0+samba4.19.5+dfsg-1ubuntu1) ... 250s Setting up libsss-nss-idmap0 (2.9.4-1ubuntu1) ... 250s Setting up libnss-sss:s390x (2.9.4-1ubuntu1) ... 250s Setting up slapd (2.6.7+dfsg-1~exp1ubuntu1) ... 251s Creating new user openldap... done. 251s Creating initial configuration... done. 251s Creating LDAP directory... done. 251s Setting up tcl8.6 (8.6.13+dfsg-2) ... 251s Setting up libsss-sudo (2.9.4-1ubuntu1) ... 251s Setting up libsss-nss-idmap-dev (2.9.4-1ubuntu1) ... 251s Setting up libipa-hbac-dev (2.9.4-1ubuntu1) ... 251s Setting up libini-config5:s390x (0.6.2-2) ... 251s Setting up libavahi-common3:s390x (0.8-13ubuntu2) ... 251s Setting up tcl-expect:s390x (5.45.4-2build1) ... 251s Setting up python3-sss (2.9.4-1ubuntu1) ... 251s Setting up libsss-certmap0 (2.9.4-1ubuntu1) ... 251s Setting up libpwquality1:s390x (1.4.5-3) ... 251s Setting up python3-libsss-nss-idmap (2.9.4-1ubuntu1) ... 251s Setting up libavahi-client3:s390x (0.8-13ubuntu2) ... 251s Setting up expect (5.45.4-2build1) ... 251s Setting up libpam-pwquality:s390x (1.4.5-3) ... 251s Setting up samba-libs:s390x (2:4.19.5+dfsg-1ubuntu1) ... 251s Setting up libsss-certmap-dev (2.9.4-1ubuntu1) ... 251s Setting up libsmbclient:s390x (2:4.19.5+dfsg-1ubuntu1) ... 251s Setting up libpam-sss:s390x (2.9.4-1ubuntu1) ... 251s Setting up sssd-common (2.9.4-1ubuntu1) ... 251s Creating SSSD system user & group... 252s warn: The home directory `/var/lib/sss' already exists. Not touching this directory. 252s warn: Warning: The home directory `/var/lib/sss' does not belong to the user you are currently creating. 252s Warning: found usr.sbin.sssd in /etc/apparmor.d/force-complain, forcing complain mode 252s Warning from /etc/apparmor.d/usr.sbin.sssd (/etc/apparmor.d/usr.sbin.sssd line 63): Caching disabled for: 'usr.sbin.sssd' due to force complain 252s Created symlink /etc/systemd/system/sssd.service.wants/sssd-autofs.socket → /usr/lib/systemd/system/sssd-autofs.socket. 252s Created symlink /etc/systemd/system/sssd.service.wants/sssd-nss.socket → /usr/lib/systemd/system/sssd-nss.socket. 253s Created symlink /etc/systemd/system/sssd.service.wants/sssd-pam-priv.socket → /usr/lib/systemd/system/sssd-pam-priv.socket. 253s Created symlink /etc/systemd/system/sssd.service.wants/sssd-pam.socket → /usr/lib/systemd/system/sssd-pam.socket. 253s Created symlink /etc/systemd/system/sssd.service.wants/sssd-ssh.socket → /usr/lib/systemd/system/sssd-ssh.socket. 253s Created symlink /etc/systemd/system/sssd.service.wants/sssd-sudo.socket → /usr/lib/systemd/system/sssd-sudo.socket. 253s Created symlink /etc/systemd/system/multi-user.target.wants/sssd.service → /usr/lib/systemd/system/sssd.service. 254s sssd-autofs.service is a disabled or a static unit, not starting it. 254s sssd-nss.service is a disabled or a static unit, not starting it. 254s sssd-pam.service is a disabled or a static unit, not starting it. 254s sssd-ssh.service is a disabled or a static unit, not starting it. 254s sssd-sudo.service is a disabled or a static unit, not starting it. 254s Could not execute systemctl: at /usr/bin/deb-systemd-invoke line 148. 254s Setting up sssd-proxy (2.9.4-1ubuntu1) ... 254s Setting up sssd-kcm (2.9.4-1ubuntu1) ... 254s Created symlink /etc/systemd/system/sockets.target.wants/sssd-kcm.socket → /usr/lib/systemd/system/sssd-kcm.socket. 254s sssd-kcm.service is a disabled or a static unit, not starting it. 254s Setting up sssd-dbus (2.9.4-1ubuntu1) ... 255s sssd-ifp.service is a disabled or a static unit, not starting it. 255s Setting up sssd-ad-common (2.9.4-1ubuntu1) ... 255s Created symlink /etc/systemd/system/sssd.service.wants/sssd-pac.socket → /usr/lib/systemd/system/sssd-pac.socket. 255s sssd-pac.service is a disabled or a static unit, not starting it. 255s Could not execute systemctl: at /usr/bin/deb-systemd-invoke line 148. 255s Setting up sssd-krb5-common (2.9.4-1ubuntu1) ... 255s Setting up sssd-krb5 (2.9.4-1ubuntu1) ... 255s Setting up sssd-ldap (2.9.4-1ubuntu1) ... 255s Setting up sssd-ad (2.9.4-1ubuntu1) ... 255s Setting up sssd-tools (2.9.4-1ubuntu1) ... 255s Setting up sssd-ipa (2.9.4-1ubuntu1) ... 255s Setting up sssd (2.9.4-1ubuntu1) ... 255s Setting up libverto-libevent1:s390x (0.3.1-1ubuntu5) ... 255s Setting up libverto1:s390x (0.3.1-1ubuntu5) ... 255s Setting up libkrad0:s390x (1.20.1-5build1) ... 255s Setting up sssd-passkey (2.9.4-1ubuntu1) ... 255s Setting up sssd-idp (2.9.4-1ubuntu1) ... 255s Setting up autopkgtest-satdep (0) ... 255s Processing triggers for libc-bin (2.39-0ubuntu6) ... 255s Processing triggers for ufw (0.36.2-5) ... 255s Processing triggers for man-db (2.12.0-3) ... 256s Processing triggers for dbus (1.14.10-4ubuntu1) ... 265s (Reading database ... 53011 files and directories currently installed.) 265s Removing autopkgtest-satdep (0) ... 265s autopkgtest [12:45:22]: test ldap-user-group-ldap-auth: [----------------------- 265s + . debian/tests/util 265s + . debian/tests/common-tests 265s + mydomain=example.com 265s + myhostname=ldap.example.com 265s + mysuffix=dc=example,dc=com 265s + admin_dn=cn=admin,dc=example,dc=com 265s + admin_pw=secret 265s + ldap_user=testuser1 265s + ldap_user_pw=testuser1secret 265s + ldap_group=ldapusers 265s + adjust_hostname ldap.example.com 265s + local myhostname=ldap.example.com 265s + echo ldap.example.com 265s + hostname ldap.example.com 265s + grep -qE ldap.example.com /etc/hosts 265s + echo 127.0.1.10 ldap.example.com 265s + reconfigure_slapd 265s + debconf-set-selections 265s + rm -rf /var/backups/*slapd* /var/backups/unknown*ldapdb 265s + dpkg-reconfigure -fnoninteractive -pcritical slapd 266s Backing up /etc/ldap/slapd.d in /var/backups/slapd-2.6.7+dfsg-1~exp1ubuntu1... done. 266s Moving old database directory to /var/backups: 266s - directory unknown... done. 266s Creating initial configuration... done. 266s Creating LDAP directory... done. 266s + generate_certs ldap.example.com 266s + local cn=ldap.example.com 266s + local cert=/etc/ldap/server.pem 266s + local key=/etc/ldap/server.key 266s + local cnf=/etc/ldap/openssl.cnf 266s + cat 266s + openssl req -new -x509 -nodes -out /etc/ldap/server.pem -keyout /etc/ldap/server.key -config /etc/ldap/openssl.cnf 266s .........................................................................................................................................................++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 266s ...++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 266s ----- 266s + chmod 0640 /etc/ldap/server.key 266s + chgrp openldap /etc/ldap/server.key 266s + [ ! -f /etc/ldap/server.pem ] 266s + [ ! -f /etc/ldap/server.key ] 266s + enable_ldap_ssl 266s + cat 266s + + cat 266s ldapmodify -H ldapi:/// -Y EXTERNAL -Q 266s + populate_ldap_rfc2307 266s + cat 266s modifying entry "cn=config" 266s 266s + ldapadd -x -D cn=admin,dc=example,dc=com -w secret 266s adding new entry "ou=People,dc=example,dc=com" 266s 266s adding new entry "ou=Group,dc=example,dc=com" 266s 266s adding new entry "uid=testuser1,ou=People,dc=example,dc=com" 266s 266s adding new entry "cn=testuser1,ou=Group,dc=example,dc=com" 266s 266s adding new entry "cn=ldapusers,ou=Group,dc=example,dc=com" 266s 266s + configure_sssd_ldap_rfc2307 266s + cat 266s + chmod 0600 /etc/sssd/sssd.conf 266s + systemctl restart sssd 266s + enable_pam_mkhomedir 266s + grep -qE ^session.*pam_mkhomedir\.so /etc/pam.d/common-session 266s + echo session optional pam_mkhomedir.soAssert local user databases do not have our LDAP test data 266s 266s + run_common_tests 266s + echo Assert local user databases do not have our LDAP test data 266s + check_local_user testuser1 266s + local local_user=testuser1 266s + grep -q ^testuser1 /etc/passwd 266s + check_local_group testuser1 266s + local local_group=testuser1 266s + grep -q ^testuser1 /etc/group 266s + check_local_group ldapusers 266s + local local_group=ldapusers 266s + grep -q ^ldapusers /etc/group 266s The LDAP user is known to the system via getent 266s + echo The LDAP user is known to the system via getent 266s + check_getent_user testuser1 266s + local getent_user=testuser1 266s + local output 266s + getent passwd testuser1 266s The LDAP user's private group is known to the system via getent 266s + output=testuser1:*:10001:10001:testuser1:/home/testuser1:/bin/bash 266s + [ -z testuser1:*:10001:10001:testuser1:/home/testuser1:/bin/bash ] 266s + echo The LDAP user's private group is known to the system via getent 266s + check_getent_group testuser1 266s + local getent_group=testuser1 266s + local output 266s + getent group testuser1 267s + output=testuser1:*:10001:testuser1 267s + [ -z testuser1:*:10001:testuser1 ] 267s + echo The LDAP group ldapusers is known to the system via getent 267s The LDAP group ldapusers is known to the system via getent 267s + check_getent_group ldapusers 267s + local getent_group=ldapusers 267s + local output 267s + getent group ldapusers 267s + output=ldapusers:*:10100:testuser1 267s + [ -z ldapusers:*:10100:testuser1 ] 267s The id(1) command can resolve the group membership of the LDAP user 267s + echo The id(1) command can resolve the group membership of the LDAP user 267s + id -Gn testuser1 267s The LDAP user can login on a terminal 267s + output=testuser1 ldapusers 267s + [ testuser1 ldapusers != testuser1 ldapusers ] 267s + echo The LDAP user can login on a terminal 267s + /usr/bin/expect -f debian/tests/login.exp testuser1 testuser1secret 267s spawn login 267s ldap.example.com login: testuser1 267s Password: 267s Welcome to Ubuntu Noble Numbat (development branch) (GNU/Linux 6.8.0-11-generic s390x) 267s 267s * Documentation: https://help.ubuntu.com 267s * Management: https://landscape.canonical.com 267s * Support: https://ubuntu.com/pro 267s 267s 267s The programs included with the Ubuntu system are free software; 267s the exact distribution terms for each program are described in the 267s individual files in /usr/share/doc/*/copyright. 267s 267s Ubuntu comes with ABSOLUTELY NO WARRANTY, to the extent permitted by 267s applicable law. 267s 267s 267s The programs included with the Ubuntu system are free software; 267s the exact distribution terms for each program are described in the 267s individual files in /usr/share/doc/*/copyright. 267s 267s Ubuntu comes with ABSOLUTELY NO WARRANTY, to the extent permitted by 267s applicable law. 267s 267s Creating directory '/home/testuser1'. 267s [?2004htestuser1@ldap:~$ id -un 267s [?2004l testuser1 267s [?2004htestuser1@ldap:~$ autopkgtest [12:45:24]: test ldap-user-group-ldap-auth: -----------------------] 268s ldap-user-group-ldap-auth PASS 268s autopkgtest [12:45:25]: test ldap-user-group-ldap-auth: - - - - - - - - - - results - - - - - - - - - - 268s autopkgtest [12:45:25]: test ldap-user-group-krb5-auth: preparing testbed 269s Reading package lists... 269s Building dependency tree... 269s Reading state information... 269s Starting pkgProblemResolver with broken count: 0 270s Starting 2 pkgProblemResolver with broken count: 0 270s Done 270s The following additional packages will be installed: 270s krb5-admin-server krb5-config krb5-kdc krb5-user libgssrpc4 270s libkadm5clnt-mit12 libkadm5srv-mit12 libkdb5-10 270s Suggested packages: 270s krb5-kdc-ldap krb5-kpropd krb5-k5tls krb5-doc 270s The following NEW packages will be installed: 270s autopkgtest-satdep krb5-admin-server krb5-config krb5-kdc krb5-user 270s libgssrpc4 libkadm5clnt-mit12 libkadm5srv-mit12 libkdb5-10 270s 0 upgraded, 9 newly installed, 0 to remove and 0 not upgraded. 270s Need to get 612 kB/613 kB of archives. 270s After this operation, 2067 kB of additional disk space will be used. 270s Get:1 /tmp/autopkgtest.6h4hhi/2-autopkgtest-satdep.deb autopkgtest-satdep s390x 0 [884 B] 270s Get:2 http://ftpmaster.internal/ubuntu noble/main s390x krb5-config all 2.7 [22.0 kB] 270s Get:3 http://ftpmaster.internal/ubuntu noble/main s390x libgssrpc4 s390x 1.20.1-5build1 [58.9 kB] 270s Get:4 http://ftpmaster.internal/ubuntu noble/main s390x libkadm5clnt-mit12 s390x 1.20.1-5build1 [40.5 kB] 270s Get:5 http://ftpmaster.internal/ubuntu noble/main s390x libkdb5-10 s390x 1.20.1-5build1 [41.4 kB] 270s Get:6 http://ftpmaster.internal/ubuntu noble/main s390x libkadm5srv-mit12 s390x 1.20.1-5build1 [55.2 kB] 270s Get:7 http://ftpmaster.internal/ubuntu noble/universe s390x krb5-user s390x 1.20.1-5build1 [110 kB] 270s Get:8 http://ftpmaster.internal/ubuntu noble/universe s390x krb5-kdc s390x 1.20.1-5build1 [188 kB] 270s Get:9 http://ftpmaster.internal/ubuntu noble/universe s390x krb5-admin-server s390x 1.20.1-5build1 [95.9 kB] 271s Preconfiguring packages ... 272s Fetched 612 kB in 1s (1020 kB/s) 272s Selecting previously unselected package krb5-config. 272s (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 53011 files and directories currently installed.) 272s Preparing to unpack .../0-krb5-config_2.7_all.deb ... 272s Unpacking krb5-config (2.7) ... 272s Selecting previously unselected package libgssrpc4:s390x. 272s Preparing to unpack .../1-libgssrpc4_1.20.1-5build1_s390x.deb ... 272s Unpacking libgssrpc4:s390x (1.20.1-5build1) ... 272s Selecting previously unselected package libkadm5clnt-mit12:s390x. 272s Preparing to unpack .../2-libkadm5clnt-mit12_1.20.1-5build1_s390x.deb ... 272s Unpacking libkadm5clnt-mit12:s390x (1.20.1-5build1) ... 272s Selecting previously unselected package libkdb5-10:s390x. 272s Preparing to unpack .../3-libkdb5-10_1.20.1-5build1_s390x.deb ... 272s Unpacking libkdb5-10:s390x (1.20.1-5build1) ... 272s Selecting previously unselected package libkadm5srv-mit12:s390x. 272s Preparing to unpack .../4-libkadm5srv-mit12_1.20.1-5build1_s390x.deb ... 272s Unpacking libkadm5srv-mit12:s390x (1.20.1-5build1) ... 272s Selecting previously unselected package krb5-user. 272s Preparing to unpack .../5-krb5-user_1.20.1-5build1_s390x.deb ... 272s Unpacking krb5-user (1.20.1-5build1) ... 272s Selecting previously unselected package krb5-kdc. 272s Preparing to unpack .../6-krb5-kdc_1.20.1-5build1_s390x.deb ... 272s Unpacking krb5-kdc (1.20.1-5build1) ... 272s Selecting previously unselected package krb5-admin-server. 272s Preparing to unpack .../7-krb5-admin-server_1.20.1-5build1_s390x.deb ... 272s Unpacking krb5-admin-server (1.20.1-5build1) ... 272s Selecting previously unselected package autopkgtest-satdep. 272s Preparing to unpack .../8-2-autopkgtest-satdep.deb ... 272s Unpacking autopkgtest-satdep (0) ... 272s Setting up libgssrpc4:s390x (1.20.1-5build1) ... 272s Setting up krb5-config (2.7) ... 272s Setting up libkadm5clnt-mit12:s390x (1.20.1-5build1) ... 272s Setting up libkdb5-10:s390x (1.20.1-5build1) ... 272s Setting up libkadm5srv-mit12:s390x (1.20.1-5build1) ... 272s Setting up krb5-user (1.20.1-5build1) ... 272s update-alternatives: using /usr/bin/kinit.mit to provide /usr/bin/kinit (kinit) in auto mode 272s update-alternatives: using /usr/bin/klist.mit to provide /usr/bin/klist (klist) in auto mode 272s update-alternatives: using /usr/bin/kswitch.mit to provide /usr/bin/kswitch (kswitch) in auto mode 272s update-alternatives: using /usr/bin/ksu.mit to provide /usr/bin/ksu (ksu) in auto mode 272s update-alternatives: using /usr/bin/kpasswd.mit to provide /usr/bin/kpasswd (kpasswd) in auto mode 272s update-alternatives: using /usr/bin/kdestroy.mit to provide /usr/bin/kdestroy (kdestroy) in auto mode 272s update-alternatives: using /usr/bin/kadmin.mit to provide /usr/bin/kadmin (kadmin) in auto mode 272s update-alternatives: using /usr/bin/ktutil.mit to provide /usr/bin/ktutil (ktutil) in auto mode 272s Setting up krb5-kdc (1.20.1-5build1) ... 273s Created symlink /etc/systemd/system/multi-user.target.wants/krb5-kdc.service → /usr/lib/systemd/system/krb5-kdc.service. 273s Could not execute systemctl: at /usr/bin/deb-systemd-invoke line 148. 273s Setting up krb5-admin-server (1.20.1-5build1) ... 274s Created symlink /etc/systemd/system/multi-user.target.wants/krb5-admin-server.service → /usr/lib/systemd/system/krb5-admin-server.service. 274s Setting up autopkgtest-satdep (0) ... 274s Processing triggers for man-db (2.12.0-3) ... 275s Processing triggers for libc-bin (2.39-0ubuntu6) ... 282s (Reading database ... 53104 files and directories currently installed.) 282s Removing autopkgtest-satdep (0) ... 283s autopkgtest [12:45:40]: test ldap-user-group-krb5-auth: [----------------------- 283s + . debian/tests/util 283s + . debian/tests/common-tests 283s + mydomain=example.com 283s + myhostname=ldap.example.com 283s + mysuffix=dc=example,dc=com 283s + myrealm=EXAMPLE.COM 283s + admin_dn=cn=admin,dc=example,dc=com 283s + admin_pw=secret 283s + ldap_user=testuser1 283s + ldap_user_pw=testuser1secret 283s + kerberos_principal_pw=testuser1kerberos 283s + ldap_group=ldapusers 283s + adjust_hostname ldap.example.com 283s + local myhostname=ldap.example.com 283s + echo ldap.example.com 283s + hostname ldap.example.com 283s + grep -qE ldap.example.com /etc/hosts 283s + reconfigure_slapd 283s + debconf-set-selections 283s + rm -rf /var/backups/slapd-2.6.7+dfsg-1~exp1ubuntu1 /var/backups/unknown-2.6.7+dfsg-1~exp1ubuntu1-20240326-124523.ldapdb 283s + dpkg-reconfigure -fnoninteractive -pcritical slapd 283s Backing up /etc/ldap/slapd.d in /var/backups/slapd-2.6.7+dfsg-1~exp1ubuntu1... done. 283s Moving old database directory to /var/backups: 283s - directory unknown... done. 283s Creating initial configuration... done. 283s Creating LDAP directory... done. 284s + generate_certs ldap.example.com 284s + local cn=ldap.example.com 284s + local cert=/etc/ldap/server.pem 284s + local key=/etc/ldap/server.key 284s + local cnf=/etc/ldap/openssl.cnf 284s + cat 284s + openssl req -new -x509 -nodes -out /etc/ldap/server.pem -keyout /etc/ldap/server.key -config /etc/ldap/openssl.cnf 284s ............................++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 284s .............................++++++++++++++++++++++++++++++modifying entry "cn=config" 284s 284s ++++++++++++++++++++++++++++++++++ 284s ----- 284s + chmod 0640 /etc/ldap/server.key 284s + chgrp openldap /etc/ldap/server.key 284s + [ ! -f /etc/ldap/server.pem ] 284s + [ ! -f /etc/ldap/server.key ] 284s + enable_ldap_ssl 284s + cat 284s + cat 284s + ldapmodify -H ldapi:/// -Y EXTERNAL -Q 284s + populate_ldap_rfc2307 284s + + catldapadd 284s -x -D cn=admin,dc=example,dc=com -w secret 284s adding new entry "ou=People,dc=example,dc=com" 284s 284s adding new entry "ou=Group,dc=example,dc=com" 284s 284s adding new entry "uid=testuser1,ou=People,dc=example,dc=com" 284s 284s adding new entry "cn=testuser1,ou=Group,dc=example,dc=com" 284s 284s adding new entry "cn=ldapusers,ou=Group,dc=example,dc=com" 284s 284s + create_realm EXAMPLE.COM ldap.example.com 284s + local realm_name=EXAMPLE.COM 284s + local kerberos_server=ldap.example.com 284s + rm -rf /var/lib/krb5kdc/* 284s + rm -rf /etc/krb5kdc/kdc.conf 284s + rm -f /etc/krb5.keytab 284s + cat 284s + cat 284s + echo # */admin * 284s + kdb5_utilInitializing database '/var/lib/krb5kdc/principal' for realm 'EXAMPLE.COM', 284s master key name 'K/M@EXAMPLE.COM' 284s create -s -P secretpassword 284s + systemctl restart krb5-kdc.service krb5-admin-server.service 284s + create_krb_principal testuser1 testuser1kerberos 284s + local principal=testuser1 284s + local password=testuser1kerberos 284s + kadmin.local -q addprinc -pw testuser1kerberos testuser1 284s No policy specified for testuser1@EXAMPLE.COM; defaulting to no policy 284s Authenticating as principal root/admin@EXAMPLE.COM with password. 284s Principal "testuser1@EXAMPLE.COM" created. 284s + configure_sssd_ldap_rfc2307_krb5_auth 284s + cat 284s + chmod 0600 /etc/sssd/sssd.conf 284s + systemctl restart sssd 284s + enable_pam_mkhomedir 284s + grep -qE ^session.*pam_mkhomedir\.so /etc/pam.d/common-session 284s Assert local user databases do not have our LDAP test data 284s + run_common_tests 284s + echo Assert local user databases do not have our LDAP test data 284s + check_local_user testuser1 284s + local local_user=testuser1 284s + grep -q ^testuser1 /etc/passwd 284s + check_local_group testuser1 284s + local local_group=testuser1 284s + grep -q ^testuser1 /etc/group 284s + check_local_group ldapusers 284s + local local_group=ldapusers 284s + grep -q ^ldapusers /etc/group 284s The LDAP user is known to the system via getent 284s + echo The LDAP user is known to the system via getent 284s + check_getent_user testuser1 284s + local getent_user=testuser1 284s + local output 284s + getent passwd testuser1 284s The LDAP user's private group is known to the system via getent 284s + output=testuser1:*:10001:10001:testuser1:/home/testuser1:/bin/bash 284s + [ -z testuser1:*:10001:10001:testuser1:/home/testuser1:/bin/bash ] 284s + echo The LDAP user's private group is known to the system via getent 284s + check_getent_group testuser1 284s + local getent_group=testuser1 284s + local output 284s + getent group testuser1 284s + output=testuser1:*:10001:testuser1 284s + [ -z testuser1:*:10001:testuser1 ] 284s + echo The LDAP group ldapusers is known to the system via getentThe LDAP group ldapusers is known to the system via getent 284s 284s + check_getent_group ldapusers 284s + local getent_group=ldapusers 284s + local output 284s + getent group ldapusers 284s + output=ldapusers:*:10100:testuser1The id(1) command can resolve the group membership of the LDAP user 284s 284s + [ -z ldapusers:*:10100:testuser1 ] 284s + echo The id(1) command can resolve the group membership of the LDAP user 284s + id -Gn testuser1 284s + output=testuser1 ldapusers 284s + [ testuser1 ldapusers != testuser1 ldapusers ] 284s + echo The Kerberos principal can login on a terminalThe Kerberos principal can login on a terminal 284s 284s + kdestroy 284s + /usr/bin/expect -f debian/tests/login.exp testuser1 testuser1kerberos testuser1@EXAMPLE.COM 284s spawn login 284s ldap.example.com login: testuser1 284s Password: 285s Welcome to Ubuntu Noble Numbat (development branch) (GNU/Linux 6.8.0-11-generic s390x) 285s 285s * Documentation: https://help.ubuntu.com 285s * Management: https://landscape.canonical.com 285s * Support: https://ubuntu.com/pro 285s 285s 285s The programs included with the Ubuntu system are free software; 285s the exact distribution terms for each program are described in the 285s individual files in /usr/share/doc/*/copyright. 285s 285s Ubuntu comes with ABSOLUTELY NO WARRANTY, to the extent permitted by 285s applicable law. 285s 285s Last login: Tue Mar 26 12:45:24 UTC 2024 on pts/0 285s [?2004htestuser1@ldap:~$ id -un 285s [?2004l testuser1 285s [?2004htestuser1@ldap:~$ klist 285s [?2004l Ticket cache: FILE:/tmp/krb5cc_10001_600jSf 285s Default principal: testuser1@EXAMPLE.COM 285s autopkgtest [12:45:42]: test ldap-user-group-krb5-auth: -----------------------] 285s autopkgtest [12:45:42]: test ldap-user-group-krb5-auth: - - - - - - - - - - results - - - - - - - - - - 285s ldap-user-group-krb5-auth PASS 286s autopkgtest [12:45:43]: test sssd-softhism2-certificates-tests.sh: preparing testbed 461s autopkgtest [12:48:38]: testbed dpkg architecture: s390x 461s autopkgtest [12:48:38]: testbed apt version: 2.7.12 461s autopkgtest [12:48:38]: @@@@@@@@@@@@@@@@@@@@ test bed setup 462s Get:1 http://ftpmaster.internal/ubuntu noble-proposed InRelease [117 kB] 462s Get:2 http://ftpmaster.internal/ubuntu noble-proposed/main Sources [496 kB] 462s Get:3 http://ftpmaster.internal/ubuntu noble-proposed/multiverse Sources [56.0 kB] 462s Get:4 http://ftpmaster.internal/ubuntu noble-proposed/restricted Sources [8504 B] 462s Get:5 http://ftpmaster.internal/ubuntu noble-proposed/universe Sources [4019 kB] 463s Get:6 http://ftpmaster.internal/ubuntu noble-proposed/main s390x Packages [690 kB] 463s Get:7 http://ftpmaster.internal/ubuntu noble-proposed/main s390x c-n-f Metadata [3032 B] 463s Get:8 http://ftpmaster.internal/ubuntu noble-proposed/restricted s390x Packages [1372 B] 463s Get:9 http://ftpmaster.internal/ubuntu noble-proposed/restricted s390x c-n-f Metadata [116 B] 463s Get:10 http://ftpmaster.internal/ubuntu noble-proposed/universe s390x Packages [4128 kB] 464s Get:11 http://ftpmaster.internal/ubuntu noble-proposed/universe s390x c-n-f Metadata [7292 B] 464s Get:12 http://ftpmaster.internal/ubuntu noble-proposed/multiverse s390x Packages [47.8 kB] 464s Get:13 http://ftpmaster.internal/ubuntu noble-proposed/multiverse s390x c-n-f Metadata [116 B] 465s Fetched 9575 kB in 3s (3288 kB/s) 466s Reading package lists... 467s Reading package lists... 468s Building dependency tree... 468s Reading state information... 468s Calculating upgrade... 468s 0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded. 468s Reading package lists... 468s Building dependency tree... 468s Reading state information... 468s 0 upgraded, 0 newly installed, 0 to remove and 244 not upgraded. 469s Unknown architecture, assuming PC-style ttyS0 469s sh: Attempting to set up Debian/Ubuntu apt sources automatically 469s sh: Distribution appears to be Ubuntu 469s Reading package lists... 470s Building dependency tree... 470s Reading state information... 470s eatmydata is already the newest version (131-1). 470s 0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded. 470s Reading package lists... 470s Building dependency tree... 470s Reading state information... 470s dbus is already the newest version (1.14.10-4ubuntu1). 470s 0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded. 470s Reading package lists... 470s Building dependency tree... 470s Reading state information... 471s rng-tools-debian is already the newest version (2.4). 471s 0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded. 471s Reading package lists... 471s Building dependency tree... 471s Reading state information... 471s The following packages will be REMOVED: 471s cloud-init* python3-configobj* python3-debconf* 471s 0 upgraded, 0 newly installed, 3 to remove and 0 not upgraded. 471s After this operation, 3256 kB disk space will be freed. 471s (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 52170 files and directories currently installed.) 471s Removing cloud-init (24.1.2-0ubuntu1) ... 472s Removing python3-configobj (5.0.8-3) ... 472s Removing python3-debconf (1.5.86) ... 472s Processing triggers for man-db (2.12.0-3) ... 472s (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 51781 files and directories currently installed.) 472s Purging configuration files for cloud-init (24.1.2-0ubuntu1) ... 473s dpkg: warning: while removing cloud-init, directory '/etc/cloud/cloud.cfg.d' not empty so not removed 473s Processing triggers for rsyslog (8.2312.0-3ubuntu3) ... 473s invoke-rc.d: policy-rc.d denied execution of try-restart. 473s Reading package lists... 473s Building dependency tree... 473s Reading state information... 473s linux-generic is already the newest version (6.8.0-11.11+1). 473s 0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded. 474s Hit:1 http://ftpmaster.internal/ubuntu noble InRelease 474s Hit:2 http://ftpmaster.internal/ubuntu noble-updates InRelease 474s Hit:3 http://ftpmaster.internal/ubuntu noble-security InRelease 475s Reading package lists... 476s Reading package lists... 476s Building dependency tree... 476s Reading state information... 476s Calculating upgrade... 476s 0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded. 476s Reading package lists... 476s Building dependency tree... 476s Reading state information... 476s 0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded. 477s autopkgtest [12:48:54]: rebooting testbed after setup commands that affected boot 513s Reading package lists... 514s Building dependency tree... 514s Reading state information... 514s Starting pkgProblemResolver with broken count: 0 514s Starting 2 pkgProblemResolver with broken count: 0 514s Done 514s The following additional packages will be installed: 514s gnutls-bin libavahi-client3 libavahi-common-data libavahi-common3 514s libbasicobjects0 libc-ares2 libcollection4 libcrack2 libdhash1 514s libevent-2.1-7 libgnutls-dane0 libini-config5 libipa-hbac0 libldb2 514s libnfsidmap1 libnss-sss libpam-pwquality libpam-sss libpath-utils1 514s libpwquality-common libpwquality1 libref-array1 libsmbclient libsofthsm2 514s libsss-certmap0 libsss-idmap0 libsss-nss-idmap0 libtalloc2 libtdb1 514s libtevent0 libunbound8 libwbclient0 python3-sss samba-libs softhsm2 514s softhsm2-common sssd sssd-ad sssd-ad-common sssd-common sssd-ipa sssd-krb5 514s sssd-krb5-common sssd-ldap sssd-proxy 514s Suggested packages: 514s dns-root-data adcli libsss-sudo sssd-tools libsasl2-modules-ldap 514s Recommended packages: 514s cracklib-runtime libsasl2-modules-gssapi-mit 514s | libsasl2-modules-gssapi-heimdal ldap-utils 514s The following NEW packages will be installed: 514s autopkgtest-satdep gnutls-bin libavahi-client3 libavahi-common-data 514s libavahi-common3 libbasicobjects0 libc-ares2 libcollection4 libcrack2 514s libdhash1 libevent-2.1-7 libgnutls-dane0 libini-config5 libipa-hbac0 libldb2 514s libnfsidmap1 libnss-sss libpam-pwquality libpam-sss libpath-utils1 514s libpwquality-common libpwquality1 libref-array1 libsmbclient libsofthsm2 514s libsss-certmap0 libsss-idmap0 libsss-nss-idmap0 libtalloc2 libtdb1 514s libtevent0 libunbound8 libwbclient0 python3-sss samba-libs softhsm2 514s softhsm2-common sssd sssd-ad sssd-ad-common sssd-common sssd-ipa sssd-krb5 514s sssd-krb5-common sssd-ldap sssd-proxy 514s 0 upgraded, 46 newly installed, 0 to remove and 0 not upgraded. 514s Need to get 10.4 MB/10.4 MB of archives. 514s After this operation, 40.5 MB of additional disk space will be used. 514s Get:1 /tmp/autopkgtest.6h4hhi/3-autopkgtest-satdep.deb autopkgtest-satdep s390x 0 [744 B] 514s Get:2 http://ftpmaster.internal/ubuntu noble/main s390x libevent-2.1-7 s390x 2.1.12-stable-9 [144 kB] 515s Get:3 http://ftpmaster.internal/ubuntu noble/main s390x libunbound8 s390x 1.19.1-1ubuntu1 [453 kB] 515s Get:4 http://ftpmaster.internal/ubuntu noble/main s390x libgnutls-dane0 s390x 3.8.3-1ubuntu1 [23.6 kB] 515s Get:5 http://ftpmaster.internal/ubuntu noble/universe s390x gnutls-bin s390x 3.8.3-1ubuntu1 [284 kB] 515s Get:6 http://ftpmaster.internal/ubuntu noble/main s390x libavahi-common-data s390x 0.8-13ubuntu2 [29.5 kB] 515s Get:7 http://ftpmaster.internal/ubuntu noble/main s390x libavahi-common3 s390x 0.8-13ubuntu2 [23.8 kB] 515s Get:8 http://ftpmaster.internal/ubuntu noble/main s390x libavahi-client3 s390x 0.8-13ubuntu2 [26.7 kB] 515s Get:9 http://ftpmaster.internal/ubuntu noble/main s390x libcrack2 s390x 2.9.6-5.1build1 [29.9 kB] 515s Get:10 http://ftpmaster.internal/ubuntu noble/main s390x libtalloc2 s390x 2.4.2-1 [28.3 kB] 515s Get:11 http://ftpmaster.internal/ubuntu noble/main s390x libtdb1 s390x 1.4.10-1 [49.9 kB] 515s Get:12 http://ftpmaster.internal/ubuntu noble/main s390x libtevent0 s390x 0.16.1-1 [43.1 kB] 515s Get:13 http://ftpmaster.internal/ubuntu noble/main s390x libldb2 s390x 2:2.8.0+samba4.19.5+dfsg-1ubuntu1 [191 kB] 515s Get:14 http://ftpmaster.internal/ubuntu noble/main s390x libnfsidmap1 s390x 1:2.6.3-3ubuntu1 [49.0 kB] 515s Get:15 http://ftpmaster.internal/ubuntu noble/main s390x libpwquality-common all 1.4.5-3 [7658 B] 515s Get:16 http://ftpmaster.internal/ubuntu noble/main s390x libpwquality1 s390x 1.4.5-3 [14.7 kB] 515s Get:17 http://ftpmaster.internal/ubuntu noble/main s390x libpam-pwquality s390x 1.4.5-3 [11.6 kB] 515s Get:18 http://ftpmaster.internal/ubuntu noble/main s390x libwbclient0 s390x 2:4.19.5+dfsg-1ubuntu1 [70.3 kB] 515s Get:19 http://ftpmaster.internal/ubuntu noble/main s390x samba-libs s390x 2:4.19.5+dfsg-1ubuntu1 [6231 kB] 515s Get:20 http://ftpmaster.internal/ubuntu noble/universe s390x softhsm2-common s390x 2.6.1-2.2 [5808 B] 515s Get:21 http://ftpmaster.internal/ubuntu noble/universe s390x libsofthsm2 s390x 2.6.1-2.2 [265 kB] 515s Get:22 http://ftpmaster.internal/ubuntu noble/universe s390x softhsm2 s390x 2.6.1-2.2 [174 kB] 515s Get:23 http://ftpmaster.internal/ubuntu noble/main s390x python3-sss s390x 2.9.4-1ubuntu1 [46.6 kB] 515s Get:24 http://ftpmaster.internal/ubuntu noble/main s390x libsss-idmap0 s390x 2.9.4-1ubuntu1 [22.1 kB] 515s Get:25 http://ftpmaster.internal/ubuntu noble/main s390x libnss-sss s390x 2.9.4-1ubuntu1 [32.6 kB] 515s Get:26 http://ftpmaster.internal/ubuntu noble/main s390x libpam-sss s390x 2.9.4-1ubuntu1 [51.9 kB] 515s Get:27 http://ftpmaster.internal/ubuntu noble/main s390x libc-ares2 s390x 1.27.0-1 [79.2 kB] 515s Get:28 http://ftpmaster.internal/ubuntu noble/main s390x libdhash1 s390x 0.6.2-2 [8648 B] 515s Get:29 http://ftpmaster.internal/ubuntu noble/main s390x libbasicobjects0 s390x 0.6.2-2 [5476 B] 516s Get:30 http://ftpmaster.internal/ubuntu noble/main s390x libcollection4 s390x 0.6.2-2 [23.2 kB] 516s Get:31 http://ftpmaster.internal/ubuntu noble/main s390x libpath-utils1 s390x 0.6.2-2 [8994 B] 516s Get:32 http://ftpmaster.internal/ubuntu noble/main s390x libref-array1 s390x 0.6.2-2 [6880 B] 516s Get:33 http://ftpmaster.internal/ubuntu noble/main s390x libini-config5 s390x 0.6.2-2 [45.3 kB] 516s Get:34 http://ftpmaster.internal/ubuntu noble/main s390x libsss-certmap0 s390x 2.9.4-1ubuntu1 [46.7 kB] 516s Get:35 http://ftpmaster.internal/ubuntu noble/main s390x libsss-nss-idmap0 s390x 2.9.4-1ubuntu1 [31.4 kB] 516s Get:36 http://ftpmaster.internal/ubuntu noble/main s390x sssd-common s390x 2.9.4-1ubuntu1 [1125 kB] 516s Get:37 http://ftpmaster.internal/ubuntu noble/main s390x sssd-ad-common s390x 2.9.4-1ubuntu1 [74.8 kB] 516s Get:38 http://ftpmaster.internal/ubuntu noble/main s390x sssd-krb5-common s390x 2.9.4-1ubuntu1 [90.3 kB] 516s Get:39 http://ftpmaster.internal/ubuntu noble/main s390x libsmbclient s390x 2:4.19.5+dfsg-1ubuntu1 [65.1 kB] 516s Get:40 http://ftpmaster.internal/ubuntu noble/main s390x sssd-ad s390x 2.9.4-1ubuntu1 [133 kB] 516s Get:41 http://ftpmaster.internal/ubuntu noble/main s390x libipa-hbac0 s390x 2.9.4-1ubuntu1 [16.8 kB] 516s Get:42 http://ftpmaster.internal/ubuntu noble/main s390x sssd-ipa s390x 2.9.4-1ubuntu1 [215 kB] 516s Get:43 http://ftpmaster.internal/ubuntu noble/main s390x sssd-krb5 s390x 2.9.4-1ubuntu1 [14.4 kB] 516s Get:44 http://ftpmaster.internal/ubuntu noble/main s390x sssd-ldap s390x 2.9.4-1ubuntu1 [31.0 kB] 516s Get:45 http://ftpmaster.internal/ubuntu noble/main s390x sssd-proxy s390x 2.9.4-1ubuntu1 [43.9 kB] 516s Get:46 http://ftpmaster.internal/ubuntu noble/main s390x sssd s390x 2.9.4-1ubuntu1 [4120 B] 516s Fetched 10.4 MB in 2s (6118 kB/s) 516s Selecting previously unselected package libevent-2.1-7:s390x. 516s (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 51726 files and directories currently installed.) 516s Preparing to unpack .../00-libevent-2.1-7_2.1.12-stable-9_s390x.deb ... 516s Unpacking libevent-2.1-7:s390x (2.1.12-stable-9) ... 516s Selecting previously unselected package libunbound8:s390x. 516s Preparing to unpack .../01-libunbound8_1.19.1-1ubuntu1_s390x.deb ... 516s Unpacking libunbound8:s390x (1.19.1-1ubuntu1) ... 516s Selecting previously unselected package libgnutls-dane0:s390x. 516s Preparing to unpack .../02-libgnutls-dane0_3.8.3-1ubuntu1_s390x.deb ... 516s Unpacking libgnutls-dane0:s390x (3.8.3-1ubuntu1) ... 516s Selecting previously unselected package gnutls-bin. 516s Preparing to unpack .../03-gnutls-bin_3.8.3-1ubuntu1_s390x.deb ... 516s Unpacking gnutls-bin (3.8.3-1ubuntu1) ... 516s Selecting previously unselected package libavahi-common-data:s390x. 516s Preparing to unpack .../04-libavahi-common-data_0.8-13ubuntu2_s390x.deb ... 516s Unpacking libavahi-common-data:s390x (0.8-13ubuntu2) ... 516s Selecting previously unselected package libavahi-common3:s390x. 516s Preparing to unpack .../05-libavahi-common3_0.8-13ubuntu2_s390x.deb ... 516s Unpacking libavahi-common3:s390x (0.8-13ubuntu2) ... 516s Selecting previously unselected package libavahi-client3:s390x. 516s Preparing to unpack .../06-libavahi-client3_0.8-13ubuntu2_s390x.deb ... 516s Unpacking libavahi-client3:s390x (0.8-13ubuntu2) ... 516s Selecting previously unselected package libcrack2:s390x. 516s Preparing to unpack .../07-libcrack2_2.9.6-5.1build1_s390x.deb ... 516s Unpacking libcrack2:s390x (2.9.6-5.1build1) ... 516s Selecting previously unselected package libtalloc2:s390x. 516s Preparing to unpack .../08-libtalloc2_2.4.2-1_s390x.deb ... 516s Unpacking libtalloc2:s390x (2.4.2-1) ... 516s Selecting previously unselected package libtdb1:s390x. 516s Preparing to unpack .../09-libtdb1_1.4.10-1_s390x.deb ... 516s Unpacking libtdb1:s390x (1.4.10-1) ... 516s Selecting previously unselected package libtevent0:s390x. 516s Preparing to unpack .../10-libtevent0_0.16.1-1_s390x.deb ... 516s Unpacking libtevent0:s390x (0.16.1-1) ... 516s Selecting previously unselected package libldb2:s390x. 516s Preparing to unpack .../11-libldb2_2%3a2.8.0+samba4.19.5+dfsg-1ubuntu1_s390x.deb ... 516s Unpacking libldb2:s390x (2:2.8.0+samba4.19.5+dfsg-1ubuntu1) ... 516s Selecting previously unselected package libnfsidmap1:s390x. 516s Preparing to unpack .../12-libnfsidmap1_1%3a2.6.3-3ubuntu1_s390x.deb ... 516s Unpacking libnfsidmap1:s390x (1:2.6.3-3ubuntu1) ... 516s Selecting previously unselected package libpwquality-common. 516s Preparing to unpack .../13-libpwquality-common_1.4.5-3_all.deb ... 516s Unpacking libpwquality-common (1.4.5-3) ... 516s Selecting previously unselected package libpwquality1:s390x. 516s Preparing to unpack .../14-libpwquality1_1.4.5-3_s390x.deb ... 516s Unpacking libpwquality1:s390x (1.4.5-3) ... 516s Selecting previously unselected package libpam-pwquality:s390x. 516s Preparing to unpack .../15-libpam-pwquality_1.4.5-3_s390x.deb ... 516s Unpacking libpam-pwquality:s390x (1.4.5-3) ... 516s Selecting previously unselected package libwbclient0:s390x. 516s Preparing to unpack .../16-libwbclient0_2%3a4.19.5+dfsg-1ubuntu1_s390x.deb ... 516s Unpacking libwbclient0:s390x (2:4.19.5+dfsg-1ubuntu1) ... 516s Selecting previously unselected package samba-libs:s390x. 516s Preparing to unpack .../17-samba-libs_2%3a4.19.5+dfsg-1ubuntu1_s390x.deb ... 516s Unpacking samba-libs:s390x (2:4.19.5+dfsg-1ubuntu1) ... 517s Selecting previously unselected package softhsm2-common. 517s Preparing to unpack .../18-softhsm2-common_2.6.1-2.2_s390x.deb ... 517s Unpacking softhsm2-common (2.6.1-2.2) ... 517s Selecting previously unselected package libsofthsm2. 517s Preparing to unpack .../19-libsofthsm2_2.6.1-2.2_s390x.deb ... 517s Unpacking libsofthsm2 (2.6.1-2.2) ... 517s Selecting previously unselected package softhsm2. 517s Preparing to unpack .../20-softhsm2_2.6.1-2.2_s390x.deb ... 517s Unpacking softhsm2 (2.6.1-2.2) ... 517s Selecting previously unselected package python3-sss. 517s Preparing to unpack .../21-python3-sss_2.9.4-1ubuntu1_s390x.deb ... 517s Unpacking python3-sss (2.9.4-1ubuntu1) ... 517s Selecting previously unselected package libsss-idmap0. 517s Preparing to unpack .../22-libsss-idmap0_2.9.4-1ubuntu1_s390x.deb ... 517s Unpacking libsss-idmap0 (2.9.4-1ubuntu1) ... 517s Selecting previously unselected package libnss-sss:s390x. 517s Preparing to unpack .../23-libnss-sss_2.9.4-1ubuntu1_s390x.deb ... 517s Unpacking libnss-sss:s390x (2.9.4-1ubuntu1) ... 517s Selecting previously unselected package libpam-sss:s390x. 517s Preparing to unpack .../24-libpam-sss_2.9.4-1ubuntu1_s390x.deb ... 517s Unpacking libpam-sss:s390x (2.9.4-1ubuntu1) ... 517s Selecting previously unselected package libc-ares2:s390x. 517s Preparing to unpack .../25-libc-ares2_1.27.0-1_s390x.deb ... 517s Unpacking libc-ares2:s390x (1.27.0-1) ... 517s Selecting previously unselected package libdhash1:s390x. 517s Preparing to unpack .../26-libdhash1_0.6.2-2_s390x.deb ... 517s Unpacking libdhash1:s390x (0.6.2-2) ... 517s Selecting previously unselected package libbasicobjects0:s390x. 517s Preparing to unpack .../27-libbasicobjects0_0.6.2-2_s390x.deb ... 517s Unpacking libbasicobjects0:s390x (0.6.2-2) ... 517s Selecting previously unselected package libcollection4:s390x. 517s Preparing to unpack .../28-libcollection4_0.6.2-2_s390x.deb ... 517s Unpacking libcollection4:s390x (0.6.2-2) ... 517s Selecting previously unselected package libpath-utils1:s390x. 517s Preparing to unpack .../29-libpath-utils1_0.6.2-2_s390x.deb ... 517s Unpacking libpath-utils1:s390x (0.6.2-2) ... 517s Selecting previously unselected package libref-array1:s390x. 517s Preparing to unpack .../30-libref-array1_0.6.2-2_s390x.deb ... 517s Unpacking libref-array1:s390x (0.6.2-2) ... 517s Selecting previously unselected package libini-config5:s390x. 517s Preparing to unpack .../31-libini-config5_0.6.2-2_s390x.deb ... 517s Unpacking libini-config5:s390x (0.6.2-2) ... 517s Selecting previously unselected package libsss-certmap0. 517s Preparing to unpack .../32-libsss-certmap0_2.9.4-1ubuntu1_s390x.deb ... 517s Unpacking libsss-certmap0 (2.9.4-1ubuntu1) ... 517s Selecting previously unselected package libsss-nss-idmap0. 517s Preparing to unpack .../33-libsss-nss-idmap0_2.9.4-1ubuntu1_s390x.deb ... 517s Unpacking libsss-nss-idmap0 (2.9.4-1ubuntu1) ... 517s Selecting previously unselected package sssd-common. 517s Preparing to unpack .../34-sssd-common_2.9.4-1ubuntu1_s390x.deb ... 517s Unpacking sssd-common (2.9.4-1ubuntu1) ... 517s Selecting previously unselected package sssd-ad-common. 517s Preparing to unpack .../35-sssd-ad-common_2.9.4-1ubuntu1_s390x.deb ... 517s Unpacking sssd-ad-common (2.9.4-1ubuntu1) ... 517s Selecting previously unselected package sssd-krb5-common. 517s Preparing to unpack .../36-sssd-krb5-common_2.9.4-1ubuntu1_s390x.deb ... 517s Unpacking sssd-krb5-common (2.9.4-1ubuntu1) ... 517s Selecting previously unselected package libsmbclient:s390x. 517s Preparing to unpack .../37-libsmbclient_2%3a4.19.5+dfsg-1ubuntu1_s390x.deb ... 517s Unpacking libsmbclient:s390x (2:4.19.5+dfsg-1ubuntu1) ... 517s Selecting previously unselected package sssd-ad. 517s Preparing to unpack .../38-sssd-ad_2.9.4-1ubuntu1_s390x.deb ... 517s Unpacking sssd-ad (2.9.4-1ubuntu1) ... 517s Selecting previously unselected package libipa-hbac0. 517s Preparing to unpack .../39-libipa-hbac0_2.9.4-1ubuntu1_s390x.deb ... 517s Unpacking libipa-hbac0 (2.9.4-1ubuntu1) ... 517s Selecting previously unselected package sssd-ipa. 517s Preparing to unpack .../40-sssd-ipa_2.9.4-1ubuntu1_s390x.deb ... 517s Unpacking sssd-ipa (2.9.4-1ubuntu1) ... 517s Selecting previously unselected package sssd-krb5. 517s Preparing to unpack .../41-sssd-krb5_2.9.4-1ubuntu1_s390x.deb ... 517s Unpacking sssd-krb5 (2.9.4-1ubuntu1) ... 517s Selecting previously unselected package sssd-ldap. 517s Preparing to unpack .../42-sssd-ldap_2.9.4-1ubuntu1_s390x.deb ... 517s Unpacking sssd-ldap (2.9.4-1ubuntu1) ... 517s Selecting previously unselected package sssd-proxy. 517s Preparing to unpack .../43-sssd-proxy_2.9.4-1ubuntu1_s390x.deb ... 517s Unpacking sssd-proxy (2.9.4-1ubuntu1) ... 517s Selecting previously unselected package sssd. 517s Preparing to unpack .../44-sssd_2.9.4-1ubuntu1_s390x.deb ... 517s Unpacking sssd (2.9.4-1ubuntu1) ... 517s Selecting previously unselected package autopkgtest-satdep. 517s Preparing to unpack .../45-3-autopkgtest-satdep.deb ... 517s Unpacking autopkgtest-satdep (0) ... 517s Setting up libpwquality-common (1.4.5-3) ... 517s Setting up libpath-utils1:s390x (0.6.2-2) ... 517s Setting up softhsm2-common (2.6.1-2.2) ... 517s 517s Creating config file /etc/softhsm/softhsm2.conf with new version 517s Setting up libnfsidmap1:s390x (1:2.6.3-3ubuntu1) ... 517s Setting up libsss-idmap0 (2.9.4-1ubuntu1) ... 517s Setting up libbasicobjects0:s390x (0.6.2-2) ... 517s Setting up libtdb1:s390x (1.4.10-1) ... 517s Setting up libc-ares2:s390x (1.27.0-1) ... 517s Setting up libwbclient0:s390x (2:4.19.5+dfsg-1ubuntu1) ... 517s Setting up libtalloc2:s390x (2.4.2-1) ... 517s Setting up libdhash1:s390x (0.6.2-2) ... 517s Setting up libtevent0:s390x (0.16.1-1) ... 517s Setting up libavahi-common-data:s390x (0.8-13ubuntu2) ... 517s Setting up libevent-2.1-7:s390x (2.1.12-stable-9) ... 517s Setting up libcrack2:s390x (2.9.6-5.1build1) ... 517s Setting up libcollection4:s390x (0.6.2-2) ... 517s Setting up libipa-hbac0 (2.9.4-1ubuntu1) ... 517s Setting up libref-array1:s390x (0.6.2-2) ... 517s Setting up libldb2:s390x (2:2.8.0+samba4.19.5+dfsg-1ubuntu1) ... 517s Setting up libsss-nss-idmap0 (2.9.4-1ubuntu1) ... 517s Setting up libnss-sss:s390x (2.9.4-1ubuntu1) ... 517s Setting up libsofthsm2 (2.6.1-2.2) ... 517s Setting up softhsm2 (2.6.1-2.2) ... 517s Setting up libini-config5:s390x (0.6.2-2) ... 517s Setting up libavahi-common3:s390x (0.8-13ubuntu2) ... 517s Setting up python3-sss (2.9.4-1ubuntu1) ... 517s Setting up libsss-certmap0 (2.9.4-1ubuntu1) ... 517s Setting up libunbound8:s390x (1.19.1-1ubuntu1) ... 517s Setting up libpwquality1:s390x (1.4.5-3) ... 517s Setting up libavahi-client3:s390x (0.8-13ubuntu2) ... 517s Setting up libgnutls-dane0:s390x (3.8.3-1ubuntu1) ... 517s Setting up libpam-pwquality:s390x (1.4.5-3) ... 517s Setting up samba-libs:s390x (2:4.19.5+dfsg-1ubuntu1) ... 517s Setting up libsmbclient:s390x (2:4.19.5+dfsg-1ubuntu1) ... 517s Setting up libpam-sss:s390x (2.9.4-1ubuntu1) ... 518s Setting up gnutls-bin (3.8.3-1ubuntu1) ... 518s Setting up sssd-common (2.9.4-1ubuntu1) ... 518s Creating SSSD system user & group... 518s warn: The home directory `/var/lib/sss' already exists. Not touching this directory. 518s warn: Warning: The home directory `/var/lib/sss' does not belong to the user you are currently creating. 518s Warning: found usr.sbin.sssd in /etc/apparmor.d/force-complain, forcing complain mode 518s Warning from /etc/apparmor.d/usr.sbin.sssd (/etc/apparmor.d/usr.sbin.sssd line 63): Caching disabled for: 'usr.sbin.sssd' due to force complain 518s Created symlink /etc/systemd/system/sssd.service.wants/sssd-autofs.socket → /usr/lib/systemd/system/sssd-autofs.socket. 518s Created symlink /etc/systemd/system/sssd.service.wants/sssd-nss.socket → /usr/lib/systemd/system/sssd-nss.socket. 519s Created symlink /etc/systemd/system/sssd.service.wants/sssd-pam-priv.socket → /usr/lib/systemd/system/sssd-pam-priv.socket. 519s Created symlink /etc/systemd/system/sssd.service.wants/sssd-pam.socket → /usr/lib/systemd/system/sssd-pam.socket. 519s Created symlink /etc/systemd/system/sssd.service.wants/sssd-ssh.socket → /usr/lib/systemd/system/sssd-ssh.socket. 519s Created symlink /etc/systemd/system/sssd.service.wants/sssd-sudo.socket → /usr/lib/systemd/system/sssd-sudo.socket. 519s Created symlink /etc/systemd/system/multi-user.target.wants/sssd.service → /usr/lib/systemd/system/sssd.service. 520s sssd-autofs.service is a disabled or a static unit, not starting it. 520s sssd-nss.service is a disabled or a static unit, not starting it. 520s sssd-pam.service is a disabled or a static unit, not starting it. 520s sssd-ssh.service is a disabled or a static unit, not starting it. 520s sssd-sudo.service is a disabled or a static unit, not starting it. 520s Could not execute systemctl: at /usr/bin/deb-systemd-invoke line 148. 520s Setting up sssd-proxy (2.9.4-1ubuntu1) ... 520s Setting up sssd-ad-common (2.9.4-1ubuntu1) ... 520s Created symlink /etc/systemd/system/sssd.service.wants/sssd-pac.socket → /usr/lib/systemd/system/sssd-pac.socket. 520s sssd-pac.service is a disabled or a static unit, not starting it. 520s Could not execute systemctl: at /usr/bin/deb-systemd-invoke line 148. 520s Setting up sssd-krb5-common (2.9.4-1ubuntu1) ... 520s Setting up sssd-krb5 (2.9.4-1ubuntu1) ... 520s Setting up sssd-ldap (2.9.4-1ubuntu1) ... 520s Setting up sssd-ad (2.9.4-1ubuntu1) ... 520s Setting up sssd-ipa (2.9.4-1ubuntu1) ... 520s Setting up sssd (2.9.4-1ubuntu1) ... 520s Setting up autopkgtest-satdep (0) ... 520s Processing triggers for man-db (2.12.0-3) ... 521s Processing triggers for libc-bin (2.39-0ubuntu6) ... 524s (Reading database ... 52314 files and directories currently installed.) 524s Removing autopkgtest-satdep (0) ... 535s autopkgtest [12:49:52]: test sssd-softhism2-certificates-tests.sh: [----------------------- 535s + '[' -z ubuntu ']' 535s + required_tools=(p11tool openssl softhsm2-util) 535s + for cmd in "${required_tools[@]}" 535s + command -v p11tool 535s + for cmd in "${required_tools[@]}" 535s + command -v openssl 535s + for cmd in "${required_tools[@]}" 535s + command -v softhsm2-util 535s + PIN=053350 535s +++ find /usr/lib/softhsm/libsofthsm2.so 535s +++ head -n 1 535s ++ realpath /usr/lib/softhsm/libsofthsm2.so 535s + SOFTHSM2_MODULE=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so 535s + SSSD_P11_CHILD=/usr/libexec/sssd/p11_child 535s + TOKEN_ID=00112233445566778899FFAABBCCDDEEFF012345 535s + '[' '!' -v NO_SSSD_TESTS ']' 535s + '[' '!' -x /usr/libexec/sssd/p11_child ']' 535s + ca_db_arg=ca_db 535s ++ /usr/libexec/sssd/p11_child --help 535s + p11_child_help='Usage: p11_child [OPTION...] 535s -d, --debug-level=INT Debug level 535s --debug-timestamps=INT Add debug timestamps 535s --debug-microseconds=INT Show timestamps with microseconds 535s --dumpable=INT Allow core dumps 535s --debug-fd=INT An open file descriptor for the debug 535s logs 535s --logger=stderr|files|journald Set logger 535s --auth Run in auth mode 535s --pre Run in pre-auth mode 535s --wait_for_card Wait until card is available 535s --verification Run in verification mode 535s --pin Expect PIN on stdin 535s --keypad Expect PIN on keypad 535s --verify=STRING Tune validation 535s --ca_db=STRING CA DB to use 535s --module_name=STRING Module name for authentication 535s --token_name=STRING Token name for authentication 535s --key_id=STRING Key ID for authentication 535s --label=STRING Label for authentication 535s --certificate=STRING certificate to verify, base64 encoded 535s --uri=STRING PKCS#11 URI to restrict selection 535s --chain-id=LONG Tevent chain ID used for logging 535s purposes 535s 535s Help options: 535s -?, --help Show this help message 535s --usage Display brief usage message' 535s + echo 'Usage: p11_child [OPTION...] 535s -d, --debug-level=INT Debug level 535s --debug-timestamps=INT Add debug timestamps 535s --debug-microseconds=INT Show timestamps with microseconds 535s --dumpable=INT Allow core dumps 535s --debug-fd=INT An open file descriptor for the debug 535s logs 535s --logger=stderr|files|journald Set logger 535s --auth Run in auth mode 535s --pre Run in pre-auth mode 535s --wait_for_card Wait until card is available 535s --verification Run in verification mode 535s --pin Expect PIN on stdin 535s --keypad Expect PIN on keypad 535s --verify=STRING Tune validation 535s --ca_db=STRING CA DB to use 535s --module_name=STRING Module name for authentication 535s --token_name=STRING Token name for authentication 535s --key_id=STRING Key ID for authentication 535s --label=STRING Label for authentication 535s --certificate=STRING certificate to verify, base64 encoded 535s --uri=STRING PKCS#11 URI to restrict selection 535s --chain-id=LONG Tevent chain ID used for logging 535s purposes 535s 535s Help options: 535s -?, --help Show this help message 535s --usage Display brief usage message' 535s + grep nssdb -qs 535s + echo 'Usage: p11_child [OPTION...] 535s -d, --debug-level=INT Debug level 535s --debug-timestamps=INT Add debug timestamps 535s --debug-microseconds=INT Show timestamps with microseconds 535s --dumpable=INT Allow core dumps 535s --debug-fd=INT An open file descriptor for the debug 535s logs 535s --logger=stderr|files|journald Set logger 535s --auth Run in auth mode 535s --pre Run in pre-auth mode 535s --wait_for_card Wait until card is available 535s --verification Run in verification mode 535s --pin Expect PIN on stdin 535s --keypad Expect PIN on keypad 535s --verify=STRING Tune validation 535s --ca_db=STRING CA DB to use 535s --module_name=STRING Module name for authentication 535s --token_name=STRING Token name for authentication 535s --key_id=STRING Key ID for authentication 535s --label=STRING Label for authentication 535s --certificate=STRING certificate to verify, base64 encoded 535s --uri=STRING PKCS#11 URI to restrict selection 535s --chain-id=LONG Tevent chain ID used for logging 535s purposes 535s 535s Help options: 535s -?, --help Show this help message 535s --usage Display brief usage message' 535s + grep -qs -- --ca_db 535s + '[' '!' -e /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so ']' 535s ++ mktemp -d -t sssd-softhsm2-XXXXXX 535s + tmpdir=/tmp/sssd-softhsm2-npKDtO 535s + keys_size=1024 535s + [[ ! -v KEEP_TEMPORARY_FILES ]] 535s + trap 'rm -rf "$tmpdir"' EXIT 535s + trap 'set +x; echo -e "\nUnexpected failure!!!"' ERR 535s + echo -n 01 535s + touch /tmp/sssd-softhsm2-npKDtO/index.txt 535s + mkdir -p /tmp/sssd-softhsm2-npKDtO/new_certs 535s + cat 535s + root_ca_key_pass=pass:random-root-CA-password-10389 535s + openssl genrsa -aes256 -out /tmp/sssd-softhsm2-npKDtO/test-root-CA-key.pem -passout pass:random-root-CA-password-10389 1024 535s + openssl req -passin pass:random-root-CA-password-10389 -batch -config /tmp/sssd-softhsm2-npKDtO/test-root-CA.config -x509 -new -nodes -key /tmp/sssd-softhsm2-npKDtO/test-root-CA-key.pem -sha256 -days 1024 -set_serial 0 -extensions v3_ca -out /tmp/sssd-softhsm2-npKDtO/test-root-CA.pem 535s + openssl x509 -noout -in /tmp/sssd-softhsm2-npKDtO/test-root-CA.pem 535s + cat 535s + intermediate_ca_key_pass=pass:random-intermediate-CA-password-23325 535s + openssl genrsa -aes256 -out /tmp/sssd-softhsm2-npKDtO/test-intermediate-CA-key.pem -passout pass:random-intermediate-CA-password-23325 1024 535s + openssl req -batch -new -nodes -passin pass:random-intermediate-CA-password-23325 -config /tmp/sssd-softhsm2-npKDtO/test-intermediate-CA.config -key /tmp/sssd-softhsm2-npKDtO/test-intermediate-CA-key.pem -passout pass:random-root-CA-password-10389 -sha256 -extensions v3_ca -out /tmp/sssd-softhsm2-npKDtO/test-intermediate-CA-certificate-request.pem 535s + openssl req -text -noout -in /tmp/sssd-softhsm2-npKDtO/test-intermediate-CA-certificate-request.pem 535s Certificate Request: 535s Data: 535s Version: 1 (0x0) 535s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate CA 535s Subject Public Key Info: 535s Public Key Algorithm: rsaEncryption 535s Public-Key: (1024 bit) 535s Modulus: 535s 00:d6:b3:5b:f2:74:8f:fa:49:1c:cf:3e:73:f8:43: 535s 65:35:53:3f:af:57:a3:87:69:21:1b:6b:58:59:67: 535s 9f:fd:eb:88:5d:57:f9:01:3c:00:67:e9:ae:5f:29: 535s f5:f9:c4:b4:88:6b:c1:24:de:93:ee:41:ce:8f:5d: 535s f0:87:31:ae:11:ef:88:de:1a:cf:b4:9f:c9:81:4b: 535s 1f:b9:09:e8:ee:ab:e7:45:a3:90:b8:cd:7a:62:cb: 535s 18:97:ec:d5:ef:c2:47:d1:2e:03:2a:f4:69:6c:e1: 535s 97:e6:f7:cc:16:e0:8c:ee:2c:31:4e:97:b3:2b:27: 535s d5:9f:a2:64:ff:56:0f:02:19 535s Exponent: 65537 (0x10001) 535s Attributes: 535s (none) 535s Requested Extensions: 535s Signature Algorithm: sha256WithRSAEncryption 535s Signature Value: 535s 74:64:e0:00:c2:62:19:78:73:0c:e8:b1:1b:69:69:29:89:f1: 535s 4a:3b:f8:23:43:b9:6e:91:d8:43:ad:8a:d8:e8:87:c8:b3:ad: 535s 87:99:4a:8b:da:b5:ea:85:c9:f3:dc:2a:25:8e:aa:77:51:ef: 535s 07:2f:02:4a:82:a1:34:8e:f5:6f:a7:37:05:e3:53:7b:e3:d5: 535s 88:1e:4f:27:54:a1:d0:a3:80:f0:f3:17:9f:16:ea:ed:f1:29: 535s d7:44:43:f1:93:df:00:f3:ec:b6:92:bf:3e:f7:04:32:90:f6: 535s dd:20:75:b4:c8:70:9c:26:cb:72:f8:6f:91:89:14:17:b0:98: 535s c5:69 535s + openssl ca -batch -notext -config /tmp/sssd-softhsm2-npKDtO/test-root-CA.config -passin pass:random-root-CA-password-10389 -keyfile /tmp/sssd-softhsm2-npKDtO/test-root-CA-key.pem -in /tmp/sssd-softhsm2-npKDtO/test-intermediate-CA-certificate-request.pem -days 365 -extensions v3_intermediate_ca -out /tmp/sssd-softhsm2-npKDtO/test-intermediate-CA.pem 535s Using configuration from /tmp/sssd-softhsm2-npKDtO/test-root-CA.config 535s Check that the request matches the signature 535s Signature ok 535s Certificate Details: 535s Serial Number: 1 (0x1) 535s Validity 535s Not Before: Mar 26 12:49:52 2024 GMT 535s Not After : Mar 26 12:49:52 2025 GMT 535s Subject: 535s organizationName = Test Organization 535s organizationalUnitName = Test Organization Unit 535s commonName = Test Organization Intermediate CA 535s X509v3 extensions: 535s X509v3 Subject Key Identifier: 535s 69:96:63:2F:1F:40:22:FE:44:67:43:50:D7:82:20:3B:98:D4:E5:B6 535s X509v3 Authority Key Identifier: 535s keyid:5B:FC:E1:E9:13:3C:7E:99:64:5F:B0:82:EA:40:CD:8B:51:12:6B:7E 535s DirName:/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root CA 535s serial:00 535s X509v3 Basic Constraints: 535s CA:TRUE 535s X509v3 Key Usage: critical 535s Digital Signature, Certificate Sign, CRL Sign 535s Certificate is to be certified until Mar 26 12:49:52 2025 GMT (365 days) 535s 535s Write out database with 1 new entries 535s Database updated 535s + openssl x509 -noout -in /tmp/sssd-softhsm2-npKDtO/test-intermediate-CA.pem 535s + openssl verify -CAfile /tmp/sssd-softhsm2-npKDtO/test-root-CA.pem /tmp/sssd-softhsm2-npKDtO/test-intermediate-CA.pem 535s /tmp/sssd-softhsm2-npKDtO/test-intermediate-CA.pem: OK 535s + cat 535s + sub_intermediate_ca_key_pass=pass:random-sub-intermediate-CA-password-32151 535s + openssl genrsa -aes256 -out /tmp/sssd-softhsm2-npKDtO/test-sub-intermediate-CA-key.pem -passout pass:random-sub-intermediate-CA-password-32151 1024 535s + openssl req -batch -new -nodes -passin pass:random-sub-intermediate-CA-password-32151 -config /tmp/sssd-softhsm2-npKDtO/test-sub-intermediate-CA.config -key /tmp/sssd-softhsm2-npKDtO/test-sub-intermediate-CA-key.pem -passout pass:random-intermediate-CA-password-23325 -sha256 -extensions v3_ca -out /tmp/sssd-softhsm2-npKDtO/test-sub-intermediate-CA-certificate-request.pem 535s + openssl req -text -noout -in /tmp/sssd-softhsm2-npKDtO/test-sub-intermediate-CA-certificate-request.pem 535s Certificate Request: 535s Data: 535s Version: 1 (0x0) 535s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate CA 535s Subject Public Key Info: 535s Public Key Algorithm: rsaEncryption 535s Public-Key: (1024 bit) 535s Modulus: 535s 00:e4:07:b5:d1:dd:a0:8c:83:a3:26:04:16:bc:0f: 535s b8:d8:d4:64:37:af:12:6c:20:cc:6f:29:da:95:02: 535s ba:19:3d:2e:3c:44:a8:3c:cb:72:1a:c2:47:b0:a1: 535s 44:66:76:9e:b5:b9:ff:8f:7a:69:6d:ce:a2:56:6f: 535s cd:30:c0:b1:d7:84:00:03:98:f0:71:a0:ef:a6:62: 535s 8e:99:73:a7:28:b6:1f:31:73:f7:72:f0:db:14:c3: 535s 91:03:13:7f:4b:68:de:49:e6:d4:0e:6e:8b:1a:aa: 535s 2f:ce:83:06:c2:a6:6f:d2:35:85:d9:3d:12:e5:5f: 535s 73:f3:c8:5e:64:09:2f:ad:03 535s Exponent: 65537 (0x10001) 535s Attributes: 535s (none) 535s Requested Extensions: 535s Signature Algorithm: sha256WithRSAEncryption 535s Signature Value: 535s 01:66:bf:8f:68:1e:3d:fe:60:fe:4f:f1:97:a1:bc:f3:12:17: 535s 22:65:6a:45:22:1d:d8:e0:fa:01:43:4f:50:b7:84:15:2a:b7: 535s bf:cc:92:e0:9c:8c:1c:67:51:ee:31:c2:27:1f:e4:27:bb:c4: 535s 90:0e:5b:ee:d4:25:08:3f:2a:b0:a1:a3:24:e2:70:bb:63:d5: 535s d4:19:a2:d8:06:34:6a:87:27:f0:02:31:fc:54:48:67:31:bd: 535s cc:7a:f9:7e:52:d8:83:f8:4a:68:0f:33:2f:f5:8c:88:0a:3b: 535s d5:55:ba:07:d7:b1:f5:77:31:c9:a5:5e:b4:73:41:30:3e:b8: 535s 59:8d 535s + openssl ca -batch -notext -config /tmp/sssd-softhsm2-npKDtO/test-intermediate-CA.config -passin pass:random-intermediate-CA-password-23325 -keyfile /tmp/sssd-softhsm2-npKDtO/test-intermediate-CA-key.pem -in /tmp/sssd-softhsm2-npKDtO/test-sub-intermediate-CA-certificate-request.pem -days 365 -extensions v3_intermediate_ca -out /tmp/sssd-softhsm2-npKDtO/test-sub-intermediate-CA.pem 535s Using configuration from /tmp/sssd-softhsm2-npKDtO/test-intermediate-CA.config 535s Check that the request matches the signature 535s Signature ok 535s Certificate Details: 535s Serial Number: 2 (0x2) 535s Validity 535s Not Before: Mar 26 12:49:52 2024 GMT 535s Not After : Mar 26 12:49:52 2025 GMT 535s Subject: 535s organizationName = Test Organization 535s organizationalUnitName = Test Organization Unit 535s commonName = Test Organization Sub Intermediate CA 535s X509v3 extensions: 535s X509v3 Subject Key Identifier: 535s 06:C6:E9:59:39:40:4C:C8:91:72:38:58:CE:35:97:D8:7C:8A:AD:58 535s X509v3 Authority Key Identifier: 535s keyid:69:96:63:2F:1F:40:22:FE:44:67:43:50:D7:82:20:3B:98:D4:E5:B6 535s DirName:/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root CA 535s serial:01 535s X509v3 Basic Constraints: 535s CA:TRUE 535s X509v3 Key Usage: critical 535s Digital Signature, Certificate Sign, CRL Sign 535s Certificate is to be certified until Mar 26 12:49:52 2025 GMT (365 days) 535s 535s Write out database with 1 new entries 535s Database updated 535s + openssl x509 -noout -in /tmp/sssd-softhsm2-npKDtO/test-sub-intermediate-CA.pem 535s + openssl verify -partial_chain -CAfile /tmp/sssd-softhsm2-npKDtO/test-intermediate-CA.pem /tmp/sssd-softhsm2-npKDtO/test-sub-intermediate-CA.pem 535s /tmp/sssd-softhsm2-npKDtO/test-sub-intermediate-CA.pem: OK 535s + expect_fail openssl verify -CAfile /tmp/sssd-softhsm2-npKDtO/test-root-CA.pem /tmp/sssd-softhsm2-npKDtO/test-sub-intermediate-CA.pem 535s + local cmd=openssl 535s + shift 535s + openssl verify -CAfile /tmp/sssd-softhsm2-npKDtO/test-root-CA.pem /tmp/sssd-softhsm2-npKDtO/test-sub-intermediate-CA.pem 535s O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate CA 535s error 20 at 0 depth lookup: unable to get local issuer certificate 535s error /tmp/sssd-softhsm2-npKDtO/test-sub-intermediate-CA.pem: verification failed 535s + cat 535s + root_ca_trusted_cert_0001_key_pass=pass:random-root-ca-trusted-cert-0001-18537 535s + openssl genrsa -aes256 -out /tmp/sssd-softhsm2-npKDtO/test-root-CA-trusted-certificate-0001-key.pem -passout pass:random-root-ca-trusted-cert-0001-18537 1024 535s + openssl req -new -nodes -reqexts req_exts -passin pass:random-root-ca-trusted-cert-0001-18537 -key /tmp/sssd-softhsm2-npKDtO/test-root-CA-trusted-certificate-0001-key.pem -config /tmp/sssd-softhsm2-npKDtO/test-root-CA-trusted-certificate-0001.config -out /tmp/sssd-softhsm2-npKDtO/test-root-CA-trusted-certificate-0001-request.pem 535s + openssl req -text -noout -in /tmp/sssd-softhsm2-npKDtO/test-root-CA-trusted-certificate-0001-request.pem 535s Certificate Request: 535s Data: 535s Version: 1 (0x0) 535s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root Trusted Certificate 0001 535s Subject Public Key Info: 535s Public Key Algorithm: rsaEncryption 535s Public-Key: (1024 bit) 535s Modulus: 535s 00:a1:86:89:9e:f9:20:68:bf:0d:d6:b2:7d:b6:c5: 535s c6:36:2a:a8:dd:f1:1e:d5:d7:ed:98:1a:21:e0:fb: 535s 4e:7f:3a:35:3f:75:10:df:40:8a:9e:dc:7a:40:27: 535s f2:de:6c:05:78:3e:c9:71:80:1f:1a:af:93:0c:96: 535s 53:c2:72:be:b7:f0:be:6b:54:ac:d1:b3:5f:d8:a0: 535s e6:8c:dd:51:27:d3:50:80:11:28:e8:74:31:72:aa: 535s ae:96:af:6c:55:86:12:cc:7f:f3:1a:a4:d7:72:cd: 535s 36:50:c5:b5:ae:32:22:4b:f0:0d:a6:80:19:b0:5d: 535s f7:d3:f8:8b:ce:78:1d:8c:5f 535s Exponent: 65537 (0x10001) 535s Attributes: 535s Requested Extensions: 535s X509v3 Basic Constraints: 535s CA:FALSE 535s Netscape Cert Type: 535s SSL Client, S/MIME 535s Netscape Comment: 535s Test Organization Root CA trusted Certificate 535s X509v3 Subject Key Identifier: 535s 14:34:F9:5F:F0:4D:4C:F2:9B:9F:52:21:20:FE:F3:AA:A8:CA:A2:64 535s X509v3 Key Usage: critical 535s Digital Signature, Non Repudiation, Key Encipherment 535s X509v3 Extended Key Usage: 535s TLS Web Client Authentication, E-mail Protection 535s X509v3 Subject Alternative Name: 535s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 535s Signature Algorithm: sha256WithRSAEncryption 535s Signature Value: 535s 35:d2:28:40:fc:78:5d:1d:65:9b:d9:9a:34:42:68:01:2c:e4: 535s 71:43:56:c5:9c:88:ae:02:78:7a:5a:ba:a9:f2:23:69:2d:6d: 535s 2f:2b:5f:ae:8c:6f:ad:f8:2a:2e:8d:e1:f4:b3:b9:c4:01:d1: 535s 76:6f:ec:8d:15:21:a6:d9:c3:42:61:b7:e0:5e:84:1e:03:c4: 535s d4:c4:39:fc:b4:49:21:60:fd:b7:96:e4:59:a8:ee:ed:f3:56: 535s bf:a7:4b:12:c6:70:f1:c3:73:26:3e:5a:0e:dd:fb:a1:fc:62: 535s 03:2c:07:6c:58:3d:4a:ad:ce:de:ab:1d:0e:07:96:84:eb:b4: 535s d1:97 535s + openssl ca -batch -notext -config /tmp/sssd-softhsm2-npKDtO/test-root-CA.config -passin pass:random-root-CA-password-10389 -keyfile /tmp/sssd-softhsm2-npKDtO/test-root-CA-key.pem -in /tmp/sssd-softhsm2-npKDtO/test-root-CA-trusted-certificate-0001-request.pem -days 365 -extensions usr_cert -out /tmp/sssd-softhsm2-npKDtO/test-root-CA-trusted-certificate-0001.pem 535s Using configuration from /tmp/sssd-softhsm2-npKDtO/test-root-CA.config 535s Check that the request matches the signature 535s Signature ok 535s Certificate Details: 535s Serial Number: 3 (0x3) 535s Validity 535s Not Before: Mar 26 12:49:52 2024 GMT 535s Not After : Mar 26 12:49:52 2025 GMT 535s Subject: 535s organizationName = Test Organization 535s organizationalUnitName = Test Organization Unit 535s commonName = Test Organization Root Trusted Certificate 0001 535s X509v3 extensions: 535s X509v3 Authority Key Identifier: 535s 5B:FC:E1:E9:13:3C:7E:99:64:5F:B0:82:EA:40:CD:8B:51:12:6B:7E 535s X509v3 Basic Constraints: 535s CA:FALSE 535s Netscape Cert Type: 535s SSL Client, S/MIME 535s Netscape Comment: 535s Test Organization Root CA trusted Certificate 535s X509v3 Subject Key Identifier: 535s 14:34:F9:5F:F0:4D:4C:F2:9B:9F:52:21:20:FE:F3:AA:A8:CA:A2:64 535s X509v3 Key Usage: critical 535s Digital Signature, Non Repudiation, Key Encipherment 535s X509v3 Extended Key Usage: 535s TLS Web Client Authentication, E-mail Protection 535s X509v3 Subject Alternative Name: 535s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 535s Certificate is to be certified until Mar 26 12:49:52 2025 GMT (365 days) 535s 535s Write out database with 1 new entries 535s Database updated 535s + openssl x509 -noout -in /tmp/sssd-softhsm2-npKDtO/test-root-CA-trusted-certificate-0001.pem 535s + openssl verify -CAfile /tmp/sssd-softhsm2-npKDtO/test-root-CA.pem /tmp/sssd-softhsm2-npKDtO/test-root-CA-trusted-certificate-0001.pem 535s /tmp/sssd-softhsm2-npKDtO/test-root-CA-trusted-certificate-0001.pem: OK 535s + expect_fail openssl verify -CAfile /tmp/sssd-softhsm2-npKDtO/test-intermediate-CA.pem /tmp/sssd-softhsm2-npKDtO/test-root-CA-trusted-certificate-0001.pem 535s + local cmd=openssl 535s + shift 535s + openssl verify -CAfile /tmp/sssd-softhsm2-npKDtO/test-intermediate-CA.pem /tmp/sssd-softhsm2-npKDtO/test-root-CA-trusted-certificate-0001.pem 535s O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root Trusted Certificate 0001 535s error 20 at 0 depth lookup: unable to get local issuer certificate 535s error /tmp/sssd-softhsm2-npKDtO/test-root-CA-trusted-certificate-0001.pem: verification failed 535s + cat 535s + intermediate_ca_trusted_cert_0001_key_pass=pass:random-intermediate-ca-trusted-cert-0001-755 535s + openssl genrsa -aes256 -out /tmp/sssd-softhsm2-npKDtO/test-intermediate-CA-trusted-certificate-0001-key.pem -passout pass:random-intermediate-ca-trusted-cert-0001-755 1024 535s + openssl req -new -nodes -reqexts req_exts -passin pass:random-intermediate-ca-trusted-cert-0001-755 -key /tmp/sssd-softhsm2-npKDtO/test-intermediate-CA-trusted-certificate-0001-key.pem -config /tmp/sssd-softhsm2-npKDtO/test-intermediate-CA-trusted-certificate-0001.config -out /tmp/sssd-softhsm2-npKDtO/test-intermediate-CA-trusted-certificate-0001-request.pem 535s + openssl req -text -noout -in /tmp/sssd-softhsm2-npKDtO/test-intermediate-CA-trusted-certificate-0001-request.pem 535s Certificate Request: 535s Data: 535s Version: 1 (0x0) 535s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate Trusted Certificate 0001 535s Subject Public Key Info: 535s Public Key Algorithm: rsaEncryption 535s Public-Key: (1024 bit) 535s Modulus: 535s 00:b2:66:76:5a:ac:45:8a:ce:c8:e4:2f:c2:f5:f9: 535s 20:67:7e:ba:f3:2d:9b:d1:08:0f:d2:83:c7:c5:ce: 535s 94:fd:71:90:67:66:12:6b:57:3d:d6:3d:cd:b1:08: 535s 1b:a2:26:ef:4c:d3:eb:7f:d6:0a:c0:f3:60:15:e4: 535s 7c:67:b2:dd:e9:48:ad:46:57:39:25:c2:13:02:be: 535s 5d:32:65:cb:a9:d2:24:9d:7d:5f:20:50:bc:81:03: 535s 11:0c:a1:a2:54:4c:09:a8:e9:21:7c:03:d9:6d:44: 535s aa:15:ea:a0:e3:5c:2e:92:f0:9c:00:86:41:12:57: 535s 30:dd:bf:da:02:55:6f:74:85 535s Exponent: 65537 (0x10001) 535s Attributes: 535s Requested Extensions: 535s X509v3 Basic Constraints: 535s CA:FALSE 535s Netscape Cert Type: 535s SSL Client, S/MIME 535s Netscape Comment: 535s Test Organization Intermediate CA trusted Certificate 535s X509v3 Subject Key Identifier: 535s AF:F7:A1:17:A2:AF:CB:FA:32:FA:BE:AA:58:1C:DD:B8:70:B6:E9:B7 535s X509v3 Key Usage: critical 535s Digital Signature, Non Repudiation, Key Encipherment 535s X509v3 Extended Key Usage: 535s TLS Web Client Authentication, E-mail Protection 535s X509v3 Subject Alternative Name: 535s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 535s Signature Algorithm: sha256WithRSAEncryption 535s Signature Value: 535s 78:c7:bf:88:cb:25:e7:7d:37:58:48:12:db:05:25:61:a1:70: 535s 53:bb:67:c0:f1:36:4a:75:90:82:96:73:1a:19:de:64:33:77: 535s 93:b2:3d:49:d3:de:48:14:30:f5:45:c2:a3:c7:bf:06:ad:b3: 535s 22:5f:87:36:33:3b:0b:45:3c:65:c2:f0:61:5d:67:57:e1:77: 535s c1:b4:b3:64:bc:ce:49:18:eb:e9:d1:7d:f1:ea:74:85:d0:98: 535s 92:3d:f6:78:76:80:c2:d8:4c:f0:02:df:ca:ae:51:39:b0:72: 535s 0f:dc:98:1d:4e:14:0e:d9:a1:f0:92:14:4c:39:cd:94:ef:eb: 535s 7f:ad 535s + openssl ca -passin pass:random-intermediate-CA-password-23325 -config /tmp/sssd-softhsm2-npKDtO/test-intermediate-CA.config -batch -notext -keyfile /tmp/sssd-softhsm2-npKDtO/test-intermediate-CA-key.pem -in /tmp/sssd-softhsm2-npKDtO/test-intermediate-CA-trusted-certificate-0001-request.pem -days 365 -extensions usr_cert -out /tmp/sssd-softhsm2-npKDtO/test-intermediate-CA-trusted-certificate-0001.pem 535s Using configuration from /tmp/sssd-softhsm2-npKDtO/test-intermediate-CA.config 535s Check that the request matches the signature 535s Signature ok 535s Certificate Details: 535s Serial Number: 4 (0x4) 535s Validity 535s Not Before: Mar 26 12:49:52 2024 GMT 535s Not After : Mar 26 12:49:52 2025 GMT 535s Subject: 535s organizationName = Test Organization 535s organizationalUnitName = Test Organization Unit 535s commonName = Test Organization Intermediate Trusted Certificate 0001 535s X509v3 extensions: 535s X509v3 Authority Key Identifier: 535s 69:96:63:2F:1F:40:22:FE:44:67:43:50:D7:82:20:3B:98:D4:E5:B6 535s X509v3 Basic Constraints: 535s CA:FALSE 535s Netscape Cert Type: 535s SSL Client, S/MIME 535s Netscape Comment: 535s Test Organization Intermediate CA trusted Certificate 535s X509v3 Subject Key Identifier: 535s AF:F7:A1:17:A2:AF:CB:FA:32:FA:BE:AA:58:1C:DD:B8:70:B6:E9:B7 535s X509v3 Key Usage: critical 535s Digital Signature, Non Repudiation, Key Encipherment 535s X509v3 Extended Key Usage: 535s TLS Web Client Authentication, E-mail Protection 535s X509v3 Subject Alternative Name: 535s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 535s Certificate is to be certified until Mar 26 12:49:52 2025 GMT (365 days) 535s 535s Write out database with 1 new entries 535s Database updated 535s + openssl x509 -noout -in /tmp/sssd-softhsm2-npKDtO/test-intermediate-CA-trusted-certificate-0001.pem 535s This certificate should not be trusted fully 535s + echo 'This certificate should not be trusted fully' 535s + expect_fail openssl verify -CAfile /tmp/sssd-softhsm2-npKDtO/test-intermediate-CA.pem /tmp/sssd-softhsm2-npKDtO/test-intermediate-CA-trusted-certificate-0001.pem 535s + local cmd=openssl 535s + shift 535s + openssl verify -CAfile /tmp/sssd-softhsm2-npKDtO/test-intermediate-CA.pem /tmp/sssd-softhsm2-npKDtO/test-intermediate-CA-trusted-certificate-0001.pem 535s O = Test Organization/tmp/sssd-softhsm2-npKDtO/test-intermediate-CA-trusted-certificate-0001.pem: OK 535s , OU = Test Organization Unit, CN = Test Organization Intermediate CA 535s error 2 at 1 depth lookup: unable to get issuer certificate 535s error /tmp/sssd-softhsm2-npKDtO/test-intermediate-CA-trusted-certificate-0001.pem: verification failed 535s + openssl verify -partial_chain -CAfile /tmp/sssd-softhsm2-npKDtO/test-intermediate-CA.pem /tmp/sssd-softhsm2-npKDtO/test-intermediate-CA-trusted-certificate-0001.pem 535s + cat 535s + sub_intermediate_ca_trusted_cert_0001_key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-6197 535s + openssl genrsa -aes256 -out /tmp/sssd-softhsm2-npKDtO/test-sub-intermediate-CA-trusted-certificate-0001-key.pem -passout pass:random-sub-intermediate-ca-trusted-cert-0001-6197 1024 535s + openssl req -new -nodes -reqexts req_exts -passin pass:random-sub-intermediate-ca-trusted-cert-0001-6197 -key /tmp/sssd-softhsm2-npKDtO/test-sub-intermediate-CA-trusted-certificate-0001-key.pem -config /tmp/sssd-softhsm2-npKDtO/test-sub-intermediate-CA-trusted-certificate-0001.config -out /tmp/sssd-softhsm2-npKDtO/test-sub-intermediate-CA-trusted-certificate-0001-request.pem 535s + openssl req -text -noout -in /tmp/sssd-softhsm2-npKDtO/test-sub-intermediate-CA-trusted-certificate-0001-request.pem 535s Certificate Request: 535s Data: 535s Version: 1 (0x0) 535s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate Trusted Certificate 0001 535s Subject Public Key Info: 535s Public Key Algorithm: rsaEncryption 535s Public-Key: (1024 bit) 535s Modulus: 535s 00:bb:73:d6:62:89:2c:58:05:7d:fa:ab:86:4a:da: 535s b3:8c:92:01:8c:6d:81:6d:26:c0:ee:8f:cb:25:f4: 535s f4:61:26:e3:11:70:c7:3f:f4:6b:0b:bd:62:0d:0a: 535s 0f:c7:bc:07:24:aa:c7:66:d4:5e:b5:cb:60:9e:3a: 535s ce:44:0b:ac:57:98:c7:1d:d3:a7:e5:4c:9d:cd:05: 535s 45:e4:14:69:0e:36:95:51:c8:26:8a:ff:09:7e:59: 535s 2a:8f:be:e3:67:d3:8b:c1:34:7a:35:8a:c5:a8:d3: 535s a5:b4:04:ae:60:95:25:83:51:7d:9a:de:cf:79:db: 535s 62:bc:29:cd:b2:cb:7f:d7:77 535s Exponent: 65537 (0x10001) 535s Attributes: 535s Requested Extensions: 535s X509v3 Basic Constraints: 535s CA:FALSE 535s Netscape Cert Type: 535s SSL Client, S/MIME 535s Netscape Comment: 535s Test Organization Sub Intermediate CA trusted Certificate 535s X509v3 Subject Key Identifier: 535s 19:7F:4C:47:4B:B5:EB:8E:C4:12:70:A0:0D:C7:11:3F:8C:B9:B2:7A 535s X509v3 Key Usage: critical 535s Digital Signature, Non Repudiation, Key Encipherment 535s X509v3 Extended Key Usage: 535s TLS Web Client Authentication, E-mail Protection 535s X509v3 Subject Alternative Name: 535s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 535s Signature Algorithm: sha256WithRSAEncryption 535s Signature Value: 535s 2b:3c:e6:5f:2b:b3:e7:1d:c8:24:bb:95:6a:30:5d:71:b5:b5: 535s 78:7a:a1:a2:1d:1d:0b:2e:21:20:c4:68:3d:72:c6:1d:1d:c0: 535s d2:9e:56:14:f1:bf:da:82:f2:0d:35:13:d8:53:1f:de:f0:f1: 535s 71:57:09:50:83:2a:d1:70:7d:57:54:63:93:8b:b4:63:31:53: 535s 87:98:54:24:ef:0b:23:6c:27:df:1f:32:80:11:3d:61:48:e1: 535s c2:cf:6d:2f:f3:54:ac:0c:2d:f4:4e:45:c0:bd:d1:9e:fe:f6: 535s da:1f:ce:0b:1c:c7:97:a7:fd:6b:3c:ae:ed:c5:b8:72:ae:01: 535s a1:0f 535s + openssl ca -passin pass:random-sub-intermediate-CA-password-32151 -config /tmp/sssd-softhsm2-npKDtO/test-sub-intermediate-CA.config -batch -notext -keyfile /tmp/sssd-softhsm2-npKDtO/test-sub-intermediate-CA-key.pem -in /tmp/sssd-softhsm2-npKDtO/test-sub-intermediate-CA-trusted-certificate-0001-request.pem -days 365 -extensions usr_cert -out /tmp/sssd-softhsm2-npKDtO/test-sub-intermediate-CA-trusted-certificate-0001.pem 535s Using configuration from /tmp/sssd-softhsm2-npKDtO/test-sub-intermediate-CA.config 535s Check that the request matches the signature 535s Signature ok 535s Certificate Details: 535s Serial Number: 5 (0x5) 535s Validity 535s Not Before: Mar 26 12:49:52 2024 GMT 535s Not After : Mar 26 12:49:52 2025 GMT 535s Subject: 535s organizationName = Test Organization 535s organizationalUnitName = Test Organization Unit 535s commonName = Test Organization Sub Intermediate Trusted Certificate 0001 535s X509v3 extensions: 535s X509v3 Authority Key Identifier: 535s 06:C6:E9:59:39:40:4C:C8:91:72:38:58:CE:35:97:D8:7C:8A:AD:58 535s X509v3 Basic Constraints: 535s CA:FALSE 535s Netscape Cert Type: 535s SSL Client, S/MIME 535s Netscape Comment: 535s Test Organization Sub Intermediate CA trusted Certificate 535s X509v3 Subject Key Identifier: 535s 19:7F:4C:47:4B:B5:EB:8E:C4:12:70:A0:0D:C7:11:3F:8C:B9:B2:7A 535s X509v3 Key Usage: critical 535s Digital Signature, Non Repudiation, Key Encipherment 535s X509v3 Extended Key Usage: 535s TLS Web Client Authentication, E-mail Protection 535s X509v3 Subject Alternative Name: 535s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 535s Certificate is to be certified until Mar 26 12:49:52 2025 GMT (365 days) 535s 535s Write out database with 1 new entries 535s Database updated 535s + openssl x509 -noout -in /tmp/sssd-softhsm2-npKDtO/test-sub-intermediate-CA-trusted-certificate-0001.pem 536s This certificate should not be trusted fully 536s + echo 'This certificate should not be trusted fully' 536s + expect_fail openssl verify -CAfile /tmp/sssd-softhsm2-npKDtO/test-sub-intermediate-CA.pem /tmp/sssd-softhsm2-npKDtO/test-sub-intermediate-CA-trusted-certificate-0001.pem 536s + local cmd=openssl 536s + shift 536s + openssl verify -CAfile /tmp/sssd-softhsm2-npKDtO/test-sub-intermediate-CA.pem /tmp/sssd-softhsm2-npKDtO/test-sub-intermediate-CA-trusted-certificate-0001.pem 536s O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate CA 536s error 2 at 1 depth lookup: unable to get issuer certificate 536s error /tmp/sssd-softhsm2-npKDtO/test-sub-intermediate-CA-trusted-certificate-0001.pem: verification failed 536s + expect_fail openssl verify -CAfile /tmp/sssd-softhsm2-npKDtO/test-intermediate-CA.pem /tmp/sssd-softhsm2-npKDtO/test-sub-intermediate-CA-trusted-certificate-0001.pem 536s + local cmd=openssl 536s + shift 536s + openssl verify -CAfile /tmp/sssd-softhsm2-npKDtO/test-intermediate-CA.pem /tmp/sssd-softhsm2-npKDtO/test-sub-intermediate-CA-trusted-certificate-0001.pem 536s O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate Trusted Certificate 0001 536s error 20 at 0 depth lookup: unable to get local issuer certificate 536s error /tmp/sssd-softhsm2-npKDtO/test-sub-intermediate-CA-trusted-certificate-0001.pem: verification failed 536s + openssl verify -partial_chain -CAfile /tmp/sssd-softhsm2-npKDtO/test-sub-intermediate-CA.pem /tmp/sssd-softhsm2-npKDtO/test-sub-intermediate-CA-trusted-certificate-0001.pem 536s /tmp/sssd-softhsm2-npKDtO/test-sub-intermediate-CA-trusted-certificate-0001.pem: OK 536s + expect_fail openssl verify -partial_chain -CAfile /tmp/sssd-softhsm2-npKDtO/test-intermediate-CA.pem /tmp/sssd-softhsm2-npKDtO/test-sub-intermediate-CA-trusted-certificate-0001.pem 536s + local cmd=openssl 536s + shift 536s + openssl verify -partial_chain -CAfile /tmp/sssd-softhsm2-npKDtO/test-intermediate-CA.pem /tmp/sssd-softhsm2-npKDtO/test-sub-intermediate-CA-trusted-certificate-0001.pem 536s O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate Trusted Certificate 0001 536s error 20 at 0 depth lookup: unable to get local issuer certificate 536s error /tmp/sssd-softhsm2-npKDtO/test-sub-intermediate-CA-trusted-certificate-0001.pem: verification failed 536s + echo 'Building a the full-chain CA file...' 536s + cat /tmp/sssd-softhsm2-npKDtO/test-root-CA.pem /tmp/sssd-softhsm2-npKDtO/test-intermediate-CA.pem /tmp/sssd-softhsm2-npKDtO/test-sub-intermediate-CA.pem 536s + cat /tmp/sssd-softhsm2-npKDtO/test-root-CA.pem /tmp/sssd-softhsm2-npKDtO/test-intermediate-CA.pem 536s + cat /tmp/sssd-softhsm2-npKDtO/test-intermediate-CA.pem /tmp/sssd-softhsm2-npKDtO/test-sub-intermediate-CA.pem 536s + openssl crl2pkcs7 -nocrl -certfile /tmp/sssd-softhsm2-npKDtO/test-full-chain-CA.pem 536s + openssl pkcs7 -print_certs -noout 536s Building a the full-chain CA file... 536s subject=O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root CA 536s issuer=O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root CA 536s 536s subject=O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate CA 536s issuer=O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root CA 536s 536s subject=O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate CA 536s issuer=O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate CA 536s 536s + openssl verify -CAfile /tmp/sssd-softhsm2-npKDtO/test-full-chain-CA.pem /tmp/sssd-softhsm2-npKDtO/test-intermediate-CA.pem 536s + openssl verify -CAfile /tmp/sssd-softhsm2-npKDtO/test-full-chain-CA.pem /tmp/sssd-softhsm2-npKDtO/test-root-CA-trusted-certificate-0001.pem 536s + openssl verify -CAfile /tmp/sssd-softhsm2-npKDtO/test-full-chain-CA.pem /tmp/sssd-softhsm2-npKDtO/test-intermediate-CA-trusted-certificate-0001.pem 536s + openssl verify -CAfile /tmp/sssd-softhsm2-npKDtO/test-full-chain-CA.pem /tmp/sssd-softhsm2-npKDtO/test-root-intermediate-chain-CA.pem 536s + openssl verify -CAfile /tmp/sssd-softhsm2-npKDtO/test-full-chain-CA.pem /tmp/sssd-softhsm2-npKDtO/test-sub-intermediate-CA-trusted-certificate-0001.pem 536s + echo 'Certificates generation completed!' 536s + [[ -v NO_SSSD_TESTS ]] 536s + invalid_certificate /tmp/sssd-softhsm2-npKDtO/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-18537 /dev/null 536s + check_certificate /tmp/sssd-softhsm2-npKDtO/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-18537 /dev/null 536s + local certificate=/tmp/sssd-softhsm2-npKDtO/test-root-CA-trusted-certificate-0001.pem 536s + local key_pass=pass:random-root-ca-trusted-cert-0001-18537 536s + local key_ring=/dev/null 536s + local verify_option= 536s + prepare_softhsm2_card /tmp/sssd-softhsm2-npKDtO/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-18537 536s + local certificate=/tmp/sssd-softhsm2-npKDtO/test-root-CA-trusted-certificate-0001.pem 536s + local key_pass=pass:random-root-ca-trusted-cert-0001-18537 536s + local key_cn 536s + local key_name 536s + local tokens_dir 536s + local output_cert_file 536s + token_name= 536s ++ basename /tmp/sssd-softhsm2-npKDtO/test-root-CA-trusted-certificate-0001.pem .pem 536s + key_name=test-root-CA-trusted-certificate-0001 536s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-npKDtO/test-root-CA-trusted-certificate-0001.pem 536s ++ sed -n 's/ *commonName *= //p' 536s /tmp/sssd-softhsm2-npKDtO/test-intermediate-CA.pem: OK 536s /tmp/sssd-softhsm2-npKDtO/test-root-CA-trusted-certificate-0001.pem: OK 536s /tmp/sssd-softhsm2-npKDtO/test-intermediate-CA-trusted-certificate-0001.pem: OK 536s /tmp/sssd-softhsm2-npKDtO/test-root-intermediate-chain-CA.pem: OK 536s /tmp/sssd-softhsm2-npKDtO/test-sub-intermediate-CA-trusted-certificate-0001.pem: OK 536s Certificates generation completed! 536s + key_cn='Test Organization Root Trusted Certificate 0001' 536s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 536s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-npKDtO/softhsm2-test-root-CA-trusted-certificate-0001.conf 536s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-npKDtO/softhsm2-test-root-CA-trusted-certificate-0001.conf 536s ++ basename /tmp/sssd-softhsm2-npKDtO/softhsm2-test-root-CA-trusted-certificate-0001.conf .conf 536s + tokens_dir=/tmp/sssd-softhsm2-npKDtO/softhsm2-test-root-CA-trusted-certificate-0001 536s + token_name='Test Organization Root Tr Token' 536s + '[' '!' -e /tmp/sssd-softhsm2-npKDtO/softhsm2-test-root-CA-trusted-certificate-0001.conf ']' 536s + local key_file 536s + local decrypted_key 536s + mkdir -p /tmp/sssd-softhsm2-npKDtO/softhsm2-test-root-CA-trusted-certificate-0001 536s + key_file=/tmp/sssd-softhsm2-npKDtO/test-root-CA-trusted-certificate-0001-key.pem 536s + decrypted_key=/tmp/sssd-softhsm2-npKDtO/test-root-CA-trusted-certificate-0001-key-decrypted.pem 536s + cat 536s + softhsm2-util --init-token --label 'Test Organization Root Tr Token' --pin 053350 --so-pin 053350 --free 536s Slot 0 has a free/uninitialized token. 536s The token has been initialized and is reassigned to slot 2056970718 536s + softhsm2-util --show-slots 536s + p11tool --provider=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so --write --no-mark-private --load-certificate=/tmp/sssd-softhsm2-npKDtO/test-root-CA-trusted-certificate-0001.pem --login --set-pin=053350 --label 'Test Organization Root Trusted Certificate 0001' --id 00112233445566778899FFAABBCCDDEEFF012345 536s Available slots: 536s Slot 2056970718 536s Slot info: 536s Description: SoftHSM slot ID 0x7a9ae1de 536s Manufacturer ID: SoftHSM project 536s Hardware version: 2.6 536s Firmware version: 2.6 536s Token present: yes 536s Token info: 536s Manufacturer ID: SoftHSM project 536s Model: SoftHSM v2 536s Hardware version: 2.6 536s Firmware version: 2.6 536s Serial number: 80e115aefa9ae1de 536s Initialized: yes 536s User PIN init.: yes 536s Label: Test Organization Root Tr Token 536s Slot 1 536s Slot info: 536s Description: SoftHSM slot ID 0x1 536s Manufacturer ID: SoftHSM project 536s Hardware version: 2.6 536s Firmware version: 2.6 536s Token present: yes 536s Token info: 536s Manufacturer ID: SoftHSM project 536s Model: SoftHSM v2 536s Hardware version: 2.6 536s Firmware version: 2.6 536s Serial number: 536s Initialized: no 536s User PIN init.: no 536s Label: 536s + openssl rsa -passin pass:random-root-ca-trusted-cert-0001-18537 -in /tmp/sssd-softhsm2-npKDtO/test-root-CA-trusted-certificate-0001-key.pem -out /tmp/sssd-softhsm2-npKDtO/test-root-CA-trusted-certificate-0001-key-decrypted.pem 536s writing RSA key 536s + p11tool --provider=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so --write --load-privkey=/tmp/sssd-softhsm2-npKDtO/test-root-CA-trusted-certificate-0001-key-decrypted.pem --login --set-pin=053350 --label 'Test Organization Root Trusted Certificate 0001 Key' --id 00112233445566778899FFAABBCCDDEEFF012345 536s + rm /tmp/sssd-softhsm2-npKDtO/test-root-CA-trusted-certificate-0001-key-decrypted.pem 536s + p11tool --provider=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so --list-all 536s Object 0: 536s URL: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=80e115aefa9ae1de;token=Test%20Organization%20Root%20Tr%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Root%20Trusted%20Certificate%200001;type=cert 536s Type: X.509 Certificate (RSA-1024) 536s Expires: Wed Mar 26 12:49:52 2025 536s Label: Test Organization Root Trusted Certificate 0001 536s ID: 00:11:22:33:44:55:66:77:88:99:ff:aa:bb:cc:dd:ee:ff:01:23:45 536s 536s Test Organization Root Tr Token 536s + echo 'Test Organization Root Tr Token' 536s + '[' -n '' ']' 536s + local output_base_name=SSSD-child-4847 536s + local output_file=/tmp/sssd-softhsm2-npKDtO/SSSD-child-4847.output 536s + output_cert_file=/tmp/sssd-softhsm2-npKDtO/SSSD-child-4847.pem 536s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so '' --ca_db=/dev/null 536s [p11_child[2029]] [main] (0x0400): p11_child started. 536s [p11_child[2029]] [main] (0x2000): Running in [pre-auth] mode. 536s [p11_child[2029]] [main] (0x2000): Running with effective IDs: [0][0]. 536s [p11_child[2029]] [main] (0x2000): Running with real IDs [0][0]. 536s [p11_child[2029]] [init_verification] (0x0040): X509_LOOKUP_load_file [/dev/null] failed [92274824][error:05800088:x509 certificate routines::no certificate or crl found]. 536s [p11_child[2029]] [do_work] (0x0040): init_verification failed. 536s [p11_child[2029]] [main] (0x0020): p11_child failed (5) 536s + return 2 536s + valid_certificate /tmp/sssd-softhsm2-npKDtO/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-18537 /dev/null no_verification 536s + check_certificate /tmp/sssd-softhsm2-npKDtO/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-18537 /dev/null no_verification 536s + local certificate=/tmp/sssd-softhsm2-npKDtO/test-root-CA-trusted-certificate-0001.pem 536s + local key_pass=pass:random-root-ca-trusted-cert-0001-18537 536s + local key_ring=/dev/null 536s + local verify_option=no_verification 536s + prepare_softhsm2_card /tmp/sssd-softhsm2-npKDtO/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-18537 536s + local certificate=/tmp/sssd-softhsm2-npKDtO/test-root-CA-trusted-certificate-0001.pem 536s + local key_pass=pass:random-root-ca-trusted-cert-0001-18537 536s + local key_cn 536s + local key_name 536s + local tokens_dir 536s + local output_cert_file 536s + token_name= 536s ++ basename /tmp/sssd-softhsm2-npKDtO/test-root-CA-trusted-certificate-0001.pem .pem 536s + key_name=test-root-CA-trusted-certificate-0001 536s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-npKDtO/test-root-CA-trusted-certificate-0001.pem 536s ++ sed -n 's/ *commonName *= //p' 536s + key_cn='Test Organization Root Trusted Certificate 0001' 536s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 536s Test Organization Root Tr Token 536s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-npKDtO/softhsm2-test-root-CA-trusted-certificate-0001.conf 536s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-npKDtO/softhsm2-test-root-CA-trusted-certificate-0001.conf 536s ++ basename /tmp/sssd-softhsm2-npKDtO/softhsm2-test-root-CA-trusted-certificate-0001.conf .conf 536s + tokens_dir=/tmp/sssd-softhsm2-npKDtO/softhsm2-test-root-CA-trusted-certificate-0001 536s + token_name='Test Organization Root Tr Token' 536s + '[' '!' -e /tmp/sssd-softhsm2-npKDtO/softhsm2-test-root-CA-trusted-certificate-0001.conf ']' 536s + '[' '!' -d /tmp/sssd-softhsm2-npKDtO/softhsm2-test-root-CA-trusted-certificate-0001 ']' 536s + echo 'Test Organization Root Tr Token' 536s + '[' -n no_verification ']' 536s + local verify_arg=--verify=no_verification 536s + local output_base_name=SSSD-child-3224 536s + local output_file=/tmp/sssd-softhsm2-npKDtO/SSSD-child-3224.output 536s + output_cert_file=/tmp/sssd-softhsm2-npKDtO/SSSD-child-3224.pem 536s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so --verify=no_verification --ca_db=/dev/null 536s [p11_child[2035]] [main] (0x0400): p11_child started. 536s [p11_child[2035]] [main] (0x2000): Running in [pre-auth] mode. 536s [p11_child[2035]] [main] (0x2000): Running with effective IDs: [0][0]. 536s [p11_child[2035]] [main] (0x2000): Running with real IDs [0][0]. 536s [p11_child[2035]] [parse_cert_verify_opts] (0x0020): Found 'no_verification' option, disabling verification completely. This should not be used in production. 536s [p11_child[2035]] [do_card] (0x4000): Module List: 536s [p11_child[2035]] [do_card] (0x4000): common name: [softhsm2]. 536s [p11_child[2035]] [do_card] (0x4000): dll name: [/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 536s [p11_child[2035]] [do_card] (0x4000): Description [SoftHSM slot ID 0x7a9ae1de] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 536s [p11_child[2035]] [do_card] (0x4000): Token label [Test Organization Root Tr Token]. 536s [p11_child[2035]] [do_card] (0x4000): Found [Test Organization Root Tr Token] in slot [SoftHSM slot ID 0x7a9ae1de][2056970718] of module [0][/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 536s [p11_child[2035]] [do_card] (0x4000): Login NOT required. 536s [p11_child[2035]] [read_certs] (0x4000): found cert[Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] 536s [p11_child[2035]] [do_card] (0x4000): /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so (null) Test Organization Root Tr Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 536s [p11_child[2035]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x7a9ae1de;slot-manufacturer=SoftHSM%20project;slot-id=2056970718;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=80e115aefa9ae1de;token=Test%20Organization%20Root%20Tr%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Root%20Trusted%20Certificate%200001;type=cert. 536s [p11_child[2035]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 536s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-npKDtO/SSSD-child-3224.output 536s + echo '-----BEGIN CERTIFICATE-----' 536s + tail -n1 /tmp/sssd-softhsm2-npKDtO/SSSD-child-3224.output 536s + echo '-----END CERTIFICATE-----' 536s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-npKDtO/SSSD-child-3224.pem 536s Certificate: 536s Data: 536s Version: 3 (0x2) 536s Serial Number: 3 (0x3) 536s Signature Algorithm: sha256WithRSAEncryption 536s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root CA 536s Validity 536s Not Before: Mar 26 12:49:52 2024 GMT 536s Not After : Mar 26 12:49:52 2025 GMT 536s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root Trusted Certificate 0001 536s Subject Public Key Info: 536s Public Key Algorithm: rsaEncryption 536s Public-Key: (1024 bit) 536s Modulus: 536s 00:a1:86:89:9e:f9:20:68:bf:0d:d6:b2:7d:b6:c5: 536s c6:36:2a:a8:dd:f1:1e:d5:d7:ed:98:1a:21:e0:fb: 536s 4e:7f:3a:35:3f:75:10:df:40:8a:9e:dc:7a:40:27: 536s f2:de:6c:05:78:3e:c9:71:80:1f:1a:af:93:0c:96: 536s 53:c2:72:be:b7:f0:be:6b:54:ac:d1:b3:5f:d8:a0: 536s e6:8c:dd:51:27:d3:50:80:11:28:e8:74:31:72:aa: 536s ae:96:af:6c:55:86:12:cc:7f:f3:1a:a4:d7:72:cd: 536s 36:50:c5:b5:ae:32:22:4b:f0:0d:a6:80:19:b0:5d: 536s f7:d3:f8:8b:ce:78:1d:8c:5f 536s Exponent: 65537 (0x10001) 536s X509v3 extensions: 536s X509v3 Authority Key Identifier: 536s 5B:FC:E1:E9:13:3C:7E:99:64:5F:B0:82:EA:40:CD:8B:51:12:6B:7E 536s X509v3 Basic Constraints: 536s CA:FALSE 536s Netscape Cert Type: 536s SSL Client, S/MIME 536s Netscape Comment: 536s Test Organization Root CA trusted Certificate 536s X509v3 Subject Key Identifier: 536s 14:34:F9:5F:F0:4D:4C:F2:9B:9F:52:21:20:FE:F3:AA:A8:CA:A2:64 536s X509v3 Key Usage: critical 536s Digital Signature, Non Repudiation, Key Encipherment 536s X509v3 Extended Key Usage: 536s TLS Web Client Authentication, E-mail Protection 536s X509v3 Subject Alternative Name: 536s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 536s Signature Algorithm: sha256WithRSAEncryption 536s Signature Value: 536s bd:46:43:54:e9:06:ac:ae:f1:4e:b1:be:49:fb:20:ac:47:47: 536s 5c:14:29:04:9e:32:2e:d0:b0:bf:f7:b5:1c:39:5e:0a:ae:83: 536s cd:d0:7d:e4:1b:df:37:b6:6b:bc:08:2d:ad:cc:00:75:15:24: 536s e7:be:a9:bf:95:a9:70:85:a3:15:8c:11:0c:1b:14:68:b4:0a: 536s 46:44:c4:82:3a:c9:9b:e8:6d:f9:9f:5e:04:83:43:f2:f3:3d: 536s 46:7c:aa:fa:fb:da:b8:bc:ec:c3:74:7c:6e:4b:9c:3d:30:2d: 536s 91:0f:94:95:1e:a4:ff:54:87:2b:b1:2c:85:c3:11:51:7d:da: 536s f3:79 536s + local found_md5 expected_md5 536s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-npKDtO/test-root-CA-trusted-certificate-0001.pem 536s + expected_md5=Modulus=A186899EF92068BF0DD6B27DB6C5C6362AA8DDF11ED5D7ED981A21E0FB4E7F3A353F7510DF408A9EDC7A4027F2DE6C05783EC971801F1AAF930C9653C272BEB7F0BE6B54ACD1B35FD8A0E68CDD5127D350801128E8743172AAAE96AF6C558612CC7FF31AA4D772CD3650C5B5AE32224BF00DA68019B05DF7D3F88BCE781D8C5F 536s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-npKDtO/SSSD-child-3224.pem 536s + found_md5=Modulus=A186899EF92068BF0DD6B27DB6C5C6362AA8DDF11ED5D7ED981A21E0FB4E7F3A353F7510DF408A9EDC7A4027F2DE6C05783EC971801F1AAF930C9653C272BEB7F0BE6B54ACD1B35FD8A0E68CDD5127D350801128E8743172AAAE96AF6C558612CC7FF31AA4D772CD3650C5B5AE32224BF00DA68019B05DF7D3F88BCE781D8C5F 536s + '[' Modulus=A186899EF92068BF0DD6B27DB6C5C6362AA8DDF11ED5D7ED981A21E0FB4E7F3A353F7510DF408A9EDC7A4027F2DE6C05783EC971801F1AAF930C9653C272BEB7F0BE6B54ACD1B35FD8A0E68CDD5127D350801128E8743172AAAE96AF6C558612CC7FF31AA4D772CD3650C5B5AE32224BF00DA68019B05DF7D3F88BCE781D8C5F '!=' Modulus=A186899EF92068BF0DD6B27DB6C5C6362AA8DDF11ED5D7ED981A21E0FB4E7F3A353F7510DF408A9EDC7A4027F2DE6C05783EC971801F1AAF930C9653C272BEB7F0BE6B54ACD1B35FD8A0E68CDD5127D350801128E8743172AAAE96AF6C558612CC7FF31AA4D772CD3650C5B5AE32224BF00DA68019B05DF7D3F88BCE781D8C5F ']' 536s + output_file=/tmp/sssd-softhsm2-npKDtO/SSSD-child-3224-auth.output 536s ++ basename /tmp/sssd-softhsm2-npKDtO/SSSD-child-3224-auth.output .output 536s + output_cert_file=/tmp/sssd-softhsm2-npKDtO/SSSD-child-3224-auth.pem 536s + echo -n 053350 536s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/dev/null --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 --verify=no_verification --token_name 'Test Organization Root Tr Token' --module_name /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so 536s [p11_child[2043]] [main] (0x0400): p11_child started. 536s [p11_child[2043]] [main] (0x2000): Running in [auth] mode. 536s [p11_child[2043]] [main] (0x2000): Running with effective IDs: [0][0]. 536s [p11_child[2043]] [main] (0x2000): Running with real IDs [0][0]. 536s [p11_child[2043]] [parse_cert_verify_opts] (0x0020): Found 'no_verification' option, disabling verification completely. This should not be used in production. 536s [p11_child[2043]] [do_card] (0x4000): Module List: 536s [p11_child[2043]] [do_card] (0x4000): common name: [softhsm2]. 536s [p11_child[2043]] [do_card] (0x4000): dll name: [/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 536s [p11_child[2043]] [do_card] (0x4000): Description [SoftHSM slot ID 0x7a9ae1de] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 536s [p11_child[2043]] [do_card] (0x4000): Token label [Test Organization Root Tr Token]. 536s [p11_child[2043]] [do_card] (0x4000): Found [Test Organization Root Tr Token] in slot [SoftHSM slot ID 0x7a9ae1de][2056970718] of module [0][/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 536s [p11_child[2043]] [do_card] (0x4000): Login required. 536s [p11_child[2043]] [read_certs] (0x4000): found cert[Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] 536s [p11_child[2043]] [do_card] (0x4000): /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so Test Organization Root Tr Token Test Organization Root Tr Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 536s [p11_child[2043]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x7a9ae1de;slot-manufacturer=SoftHSM%20project;slot-id=2056970718;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=80e115aefa9ae1de;token=Test%20Organization%20Root%20Tr%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Root%20Trusted%20Certificate%200001;type=cert. 536s [p11_child[2043]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 536s [p11_child[2043]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 536s [p11_child[2043]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 536s [p11_child[2043]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 536s [p11_child[2043]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 536s [p11_child[2043]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 536s [p11_child[2043]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 536s [p11_child[2043]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 536s [p11_child[2043]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 536s [p11_child[2043]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 536s [p11_child[2043]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 536s [p11_child[2043]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 536s [p11_child[2043]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 536s [p11_child[2043]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 536s [p11_child[2043]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 536s [p11_child[2043]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 536s [p11_child[2043]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 536s [p11_child[2043]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 536s [p11_child[2043]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 536s [p11_child[2043]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 536s [p11_child[2043]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 536s [p11_child[2043]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 536s [p11_child[2043]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 536s [p11_child[2043]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 536s [p11_child[2043]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 536s [p11_child[2043]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 536s [p11_child[2043]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 536s [p11_child[2043]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 536s [p11_child[2043]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 536s [p11_child[2043]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 536s [p11_child[2043]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 536s [p11_child[2043]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 536s [p11_child[2043]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 536s [p11_child[2043]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 536s [p11_child[2043]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 536s [p11_child[2043]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 536s [p11_child[2043]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 536s [p11_child[2043]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 536s [p11_child[2043]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 536s [p11_child[2043]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 536s [p11_child[2043]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 536s [p11_child[2043]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 536s [p11_child[2043]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 536s [p11_child[2043]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 536s [p11_child[2043]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 536s [p11_child[2043]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 536s [p11_child[2043]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 536s [p11_child[2043]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 536s [p11_child[2043]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 536s [p11_child[2043]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 536s [p11_child[2043]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 536s [p11_child[2043]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 536s [p11_child[2043]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 536s [p11_child[2043]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 536s [p11_child[2043]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 536s [p11_child[2043]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 536s [p11_child[2043]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 536s [p11_child[2043]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 536s [p11_child[2043]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 536s [p11_child[2043]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 536s [p11_child[2043]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 536s [p11_child[2043]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 536s [p11_child[2043]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 536s [p11_child[2043]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 536s [p11_child[2043]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 536s [p11_child[2043]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 536s [p11_child[2043]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 536s [p11_child[2043]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 536s [p11_child[2043]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 536s [p11_child[2043]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 536s [p11_child[2043]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 536s [p11_child[2043]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 536s [p11_child[2043]] [do_card] (0x4000): Certificate verified and validated. 536s [p11_child[2043]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 536s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-npKDtO/SSSD-child-3224-auth.output 536s + echo '-----BEGIN CERTIFICATE-----' 536s + tail -n1 /tmp/sssd-softhsm2-npKDtO/SSSD-child-3224-auth.output 536s + echo '-----END CERTIFICATE-----' 536s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-npKDtO/SSSD-child-3224-auth.pem 536s Certificate: 536s Data: 536s Version: 3 (0x2) 536s Serial Number: 3 (0x3) 536s Signature Algorithm: sha256WithRSAEncryption 536s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root CA 536s Validity 536s Not Before: Mar 26 12:49:52 2024 GMT 536s Not After : Mar 26 12:49:52 2025 GMT 536s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root Trusted Certificate 0001 536s Subject Public Key Info: 536s Public Key Algorithm: rsaEncryption 536s Public-Key: (1024 bit) 536s Modulus: 536s 00:a1:86:89:9e:f9:20:68:bf:0d:d6:b2:7d:b6:c5: 536s c6:36:2a:a8:dd:f1:1e:d5:d7:ed:98:1a:21:e0:fb: 536s 4e:7f:3a:35:3f:75:10:df:40:8a:9e:dc:7a:40:27: 536s f2:de:6c:05:78:3e:c9:71:80:1f:1a:af:93:0c:96: 536s 53:c2:72:be:b7:f0:be:6b:54:ac:d1:b3:5f:d8:a0: 536s e6:8c:dd:51:27:d3:50:80:11:28:e8:74:31:72:aa: 536s ae:96:af:6c:55:86:12:cc:7f:f3:1a:a4:d7:72:cd: 536s 36:50:c5:b5:ae:32:22:4b:f0:0d:a6:80:19:b0:5d: 536s f7:d3:f8:8b:ce:78:1d:8c:5f 536s Exponent: 65537 (0x10001) 536s X509v3 extensions: 536s X509v3 Authority Key Identifier: 536s 5B:FC:E1:E9:13:3C:7E:99:64:5F:B0:82:EA:40:CD:8B:51:12:6B:7E 536s X509v3 Basic Constraints: 536s CA:FALSE 536s Netscape Cert Type: 536s SSL Client, S/MIME 536s Netscape Comment: 536s Test Organization Root CA trusted Certificate 536s X509v3 Subject Key Identifier: 536s 14:34:F9:5F:F0:4D:4C:F2:9B:9F:52:21:20:FE:F3:AA:A8:CA:A2:64 536s X509v3 Key Usage: critical 536s Digital Signature, Non Repudiation, Key Encipherment 536s X509v3 Extended Key Usage: 536s TLS Web Client Authentication, E-mail Protection 536s X509v3 Subject Alternative Name: 536s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 536s Signature Algorithm: sha256WithRSAEncryption 536s Signature Value: 536s bd:46:43:54:e9:06:ac:ae:f1:4e:b1:be:49:fb:20:ac:47:47: 536s 5c:14:29:04:9e:32:2e:d0:b0:bf:f7:b5:1c:39:5e:0a:ae:83: 536s cd:d0:7d:e4:1b:df:37:b6:6b:bc:08:2d:ad:cc:00:75:15:24: 536s e7:be:a9:bf:95:a9:70:85:a3:15:8c:11:0c:1b:14:68:b4:0a: 536s 46:44:c4:82:3a:c9:9b:e8:6d:f9:9f:5e:04:83:43:f2:f3:3d: 536s 46:7c:aa:fa:fb:da:b8:bc:ec:c3:74:7c:6e:4b:9c:3d:30:2d: 536s 91:0f:94:95:1e:a4:ff:54:87:2b:b1:2c:85:c3:11:51:7d:da: 536s f3:79 536s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-npKDtO/SSSD-child-3224-auth.pem 536s + found_md5=Modulus=A186899EF92068BF0DD6B27DB6C5C6362AA8DDF11ED5D7ED981A21E0FB4E7F3A353F7510DF408A9EDC7A4027F2DE6C05783EC971801F1AAF930C9653C272BEB7F0BE6B54ACD1B35FD8A0E68CDD5127D350801128E8743172AAAE96AF6C558612CC7FF31AA4D772CD3650C5B5AE32224BF00DA68019B05DF7D3F88BCE781D8C5F 536s + '[' Modulus=A186899EF92068BF0DD6B27DB6C5C6362AA8DDF11ED5D7ED981A21E0FB4E7F3A353F7510DF408A9EDC7A4027F2DE6C05783EC971801F1AAF930C9653C272BEB7F0BE6B54ACD1B35FD8A0E68CDD5127D350801128E8743172AAAE96AF6C558612CC7FF31AA4D772CD3650C5B5AE32224BF00DA68019B05DF7D3F88BCE781D8C5F '!=' Modulus=A186899EF92068BF0DD6B27DB6C5C6362AA8DDF11ED5D7ED981A21E0FB4E7F3A353F7510DF408A9EDC7A4027F2DE6C05783EC971801F1AAF930C9653C272BEB7F0BE6B54ACD1B35FD8A0E68CDD5127D350801128E8743172AAAE96AF6C558612CC7FF31AA4D772CD3650C5B5AE32224BF00DA68019B05DF7D3F88BCE781D8C5F ']' 536s + valid_certificate /tmp/sssd-softhsm2-npKDtO/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-18537 /tmp/sssd-softhsm2-npKDtO/test-root-CA.pem 536s + check_certificate /tmp/sssd-softhsm2-npKDtO/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-18537 /tmp/sssd-softhsm2-npKDtO/test-root-CA.pem 536s + local certificate=/tmp/sssd-softhsm2-npKDtO/test-root-CA-trusted-certificate-0001.pem 536s + local key_pass=pass:random-root-ca-trusted-cert-0001-18537 536s + local key_ring=/tmp/sssd-softhsm2-npKDtO/test-root-CA.pem 536s + local verify_option= 536s + prepare_softhsm2_card /tmp/sssd-softhsm2-npKDtO/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-18537 536s + local certificate=/tmp/sssd-softhsm2-npKDtO/test-root-CA-trusted-certificate-0001.pem 536s + local key_pass=pass:random-root-ca-trusted-cert-0001-18537 536s + local key_cn 536s + local key_name 536s + local tokens_dir 536s + local output_cert_file 536s + token_name= 536s ++ basename /tmp/sssd-softhsm2-npKDtO/test-root-CA-trusted-certificate-0001.pem .pem 536s + key_name=test-root-CA-trusted-certificate-0001 536s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-npKDtO/test-root-CA-trusted-certificate-0001.pem 536s ++ sed -n 's/ *commonName *= //p' 536s + key_cn='Test Organization Root Trusted Certificate 0001' 536s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 536s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-npKDtO/softhsm2-test-root-CA-trusted-certificate-0001.conf 536s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-npKDtO/softhsm2-test-root-CA-trusted-certificate-0001.conf 536s ++ basename /tmp/sssd-softhsm2-npKDtO/softhsm2-test-root-CA-trusted-certificate-0001.conf .conf 536s + tokens_dir=/tmp/sssd-softhsm2-npKDtO/softhsm2-test-root-CA-trusted-certificate-0001 536s + token_name='Test Organization Root Tr Token' 536s + '[' '!' -e /tmp/sssd-softhsm2-npKDtO/softhsm2-test-root-CA-trusted-certificate-0001.conf ']' 536s Test Organization Root Tr Token 536s + '[' '!' -d /tmp/sssd-softhsm2-npKDtO/softhsm2-test-root-CA-trusted-certificate-0001 ']' 536s + echo 'Test Organization Root Tr Token' 536s + '[' -n '' ']' 536s + local output_base_name=SSSD-child-9998 536s + local output_file=/tmp/sssd-softhsm2-npKDtO/SSSD-child-9998.output 536s + output_cert_file=/tmp/sssd-softhsm2-npKDtO/SSSD-child-9998.pem 536s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so '' --ca_db=/tmp/sssd-softhsm2-npKDtO/test-root-CA.pem 536s [p11_child[2053]] [main] (0x0400): p11_child started. 536s [p11_child[2053]] [main] (0x2000): Running in [pre-auth] mode. 536s [p11_child[2053]] [main] (0x2000): Running with effective IDs: [0][0]. 536s [p11_child[2053]] [main] (0x2000): Running with real IDs [0][0]. 536s [p11_child[2053]] [do_card] (0x4000): Module List: 536s [p11_child[2053]] [do_card] (0x4000): common name: [softhsm2]. 536s [p11_child[2053]] [do_card] (0x4000): dll name: [/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 536s [p11_child[2053]] [do_card] (0x4000): Description [SoftHSM slot ID 0x7a9ae1de] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 536s [p11_child[2053]] [do_card] (0x4000): Token label [Test Organization Root Tr Token]. 536s [p11_child[2053]] [do_card] (0x4000): Found [Test Organization Root Tr Token] in slot [SoftHSM slot ID 0x7a9ae1de][2056970718] of module [0][/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 536s [p11_child[2053]] [do_card] (0x4000): Login NOT required. 536s [p11_child[2053]] [read_certs] (0x4000): found cert[Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] 536s [p11_child[2053]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 536s [p11_child[2053]] [do_card] (0x4000): /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so (null) Test Organization Root Tr Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 536s [p11_child[2053]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x7a9ae1de;slot-manufacturer=SoftHSM%20project;slot-id=2056970718;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=80e115aefa9ae1de;token=Test%20Organization%20Root%20Tr%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Root%20Trusted%20Certificate%200001;type=cert. 536s [p11_child[2053]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 536s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-npKDtO/SSSD-child-9998.output 536s + echo '-----BEGIN CERTIFICATE-----' 536s + tail -n1 /tmp/sssd-softhsm2-npKDtO/SSSD-child-9998.output 536s + echo '-----END CERTIFICATE-----' 536s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-npKDtO/SSSD-child-9998.pem 536s Certificate: 536s Data: 536s Version: 3 (0x2) 536s Serial Number: 3 (0x3) 536s Signature Algorithm: sha256WithRSAEncryption 536s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root CA 536s Validity 536s Not Before: Mar 26 12:49:52 2024 GMT 536s Not After : Mar 26 12:49:52 2025 GMT 536s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root Trusted Certificate 0001 536s Subject Public Key Info: 536s Public Key Algorithm: rsaEncryption 536s Public-Key: (1024 bit) 536s Modulus: 536s 00:a1:86:89:9e:f9:20:68:bf:0d:d6:b2:7d:b6:c5: 536s c6:36:2a:a8:dd:f1:1e:d5:d7:ed:98:1a:21:e0:fb: 536s 4e:7f:3a:35:3f:75:10:df:40:8a:9e:dc:7a:40:27: 536s f2:de:6c:05:78:3e:c9:71:80:1f:1a:af:93:0c:96: 536s 53:c2:72:be:b7:f0:be:6b:54:ac:d1:b3:5f:d8:a0: 536s e6:8c:dd:51:27:d3:50:80:11:28:e8:74:31:72:aa: 536s ae:96:af:6c:55:86:12:cc:7f:f3:1a:a4:d7:72:cd: 536s 36:50:c5:b5:ae:32:22:4b:f0:0d:a6:80:19:b0:5d: 536s f7:d3:f8:8b:ce:78:1d:8c:5f 536s Exponent: 65537 (0x10001) 536s X509v3 extensions: 536s X509v3 Authority Key Identifier: 536s 5B:FC:E1:E9:13:3C:7E:99:64:5F:B0:82:EA:40:CD:8B:51:12:6B:7E 536s X509v3 Basic Constraints: 536s CA:FALSE 536s Netscape Cert Type: 536s SSL Client, S/MIME 536s Netscape Comment: 536s Test Organization Root CA trusted Certificate 536s X509v3 Subject Key Identifier: 536s 14:34:F9:5F:F0:4D:4C:F2:9B:9F:52:21:20:FE:F3:AA:A8:CA:A2:64 536s X509v3 Key Usage: critical 536s Digital Signature, Non Repudiation, Key Encipherment 536s X509v3 Extended Key Usage: 536s TLS Web Client Authentication, E-mail Protection 536s X509v3 Subject Alternative Name: 536s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 536s Signature Algorithm: sha256WithRSAEncryption 536s Signature Value: 536s bd:46:43:54:e9:06:ac:ae:f1:4e:b1:be:49:fb:20:ac:47:47: 536s 5c:14:29:04:9e:32:2e:d0:b0:bf:f7:b5:1c:39:5e:0a:ae:83: 536s cd:d0:7d:e4:1b:df:37:b6:6b:bc:08:2d:ad:cc:00:75:15:24: 536s e7:be:a9:bf:95:a9:70:85:a3:15:8c:11:0c:1b:14:68:b4:0a: 536s 46:44:c4:82:3a:c9:9b:e8:6d:f9:9f:5e:04:83:43:f2:f3:3d: 536s 46:7c:aa:fa:fb:da:b8:bc:ec:c3:74:7c:6e:4b:9c:3d:30:2d: 536s 91:0f:94:95:1e:a4:ff:54:87:2b:b1:2c:85:c3:11:51:7d:da: 536s f3:79 536s + local found_md5 expected_md5 536s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-npKDtO/test-root-CA-trusted-certificate-0001.pem 536s + expected_md5=Modulus=A186899EF92068BF0DD6B27DB6C5C6362AA8DDF11ED5D7ED981A21E0FB4E7F3A353F7510DF408A9EDC7A4027F2DE6C05783EC971801F1AAF930C9653C272BEB7F0BE6B54ACD1B35FD8A0E68CDD5127D350801128E8743172AAAE96AF6C558612CC7FF31AA4D772CD3650C5B5AE32224BF00DA68019B05DF7D3F88BCE781D8C5F 536s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-npKDtO/SSSD-child-9998.pem 536s + found_md5=Modulus=A186899EF92068BF0DD6B27DB6C5C6362AA8DDF11ED5D7ED981A21E0FB4E7F3A353F7510DF408A9EDC7A4027F2DE6C05783EC971801F1AAF930C9653C272BEB7F0BE6B54ACD1B35FD8A0E68CDD5127D350801128E8743172AAAE96AF6C558612CC7FF31AA4D772CD3650C5B5AE32224BF00DA68019B05DF7D3F88BCE781D8C5F 536s + '[' Modulus=A186899EF92068BF0DD6B27DB6C5C6362AA8DDF11ED5D7ED981A21E0FB4E7F3A353F7510DF408A9EDC7A4027F2DE6C05783EC971801F1AAF930C9653C272BEB7F0BE6B54ACD1B35FD8A0E68CDD5127D350801128E8743172AAAE96AF6C558612CC7FF31AA4D772CD3650C5B5AE32224BF00DA68019B05DF7D3F88BCE781D8C5F '!=' Modulus=A186899EF92068BF0DD6B27DB6C5C6362AA8DDF11ED5D7ED981A21E0FB4E7F3A353F7510DF408A9EDC7A4027F2DE6C05783EC971801F1AAF930C9653C272BEB7F0BE6B54ACD1B35FD8A0E68CDD5127D350801128E8743172AAAE96AF6C558612CC7FF31AA4D772CD3650C5B5AE32224BF00DA68019B05DF7D3F88BCE781D8C5F ']' 536s + output_file=/tmp/sssd-softhsm2-npKDtO/SSSD-child-9998-auth.output 536s ++ basename /tmp/sssd-softhsm2-npKDtO/SSSD-child-9998-auth.output .output 536s + output_cert_file=/tmp/sssd-softhsm2-npKDtO/SSSD-child-9998-auth.pem 536s + echo -n 053350 536s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/tmp/sssd-softhsm2-npKDtO/test-root-CA.pem --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 '' --token_name 'Test Organization Root Tr Token' --module_name /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so 536s [p11_child[2061]] [main] (0x0400): p11_child started. 536s [p11_child[2061]] [main] (0x2000): Running in [auth] mode. 536s [p11_child[2061]] [main] (0x2000): Running with effective IDs: [0][0]. 536s [p11_child[2061]] [main] (0x2000): Running with real IDs [0][0]. 536s [p11_child[2061]] [do_card] (0x4000): Module List: 536s [p11_child[2061]] [do_card] (0x4000): common name: [softhsm2]. 536s [p11_child[2061]] [do_card] (0x4000): dll name: [/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 536s [p11_child[2061]] [do_card] (0x4000): Description [SoftHSM slot ID 0x7a9ae1de] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 536s [p11_child[2061]] [do_card] (0x4000): Token label [Test Organization Root Tr Token]. 536s [p11_child[2061]] [do_card] (0x4000): Found [Test Organization Root Tr Token] in slot [SoftHSM slot ID 0x7a9ae1de][2056970718] of module [0][/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 536s [p11_child[2061]] [do_card] (0x4000): Login required. 536s [p11_child[2061]] [read_certs] (0x4000): found cert[Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] 536s [p11_child[2061]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 536s [p11_child[2061]] [do_card] (0x4000): /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so Test Organization Root Tr Token Test Organization Root Tr Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 536s [p11_child[2061]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x7a9ae1de;slot-manufacturer=SoftHSM%20project;slot-id=2056970718;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=80e115aefa9ae1de;token=Test%20Organization%20Root%20Tr%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Root%20Trusted%20Certificate%200001;type=cert. 536s [p11_child[2061]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 536s [p11_child[2061]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 536s [p11_child[2061]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 536s [p11_child[2061]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 536s [p11_child[2061]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 536s [p11_child[2061]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 536s [p11_child[2061]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 536s [p11_child[2061]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 536s [p11_child[2061]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 536s [p11_child[2061]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 536s [p11_child[2061]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 536s [p11_child[2061]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 536s [p11_child[2061]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 536s [p11_child[2061]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 536s [p11_child[2061]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 536s [p11_child[2061]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 536s [p11_child[2061]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 536s [p11_child[2061]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 536s [p11_child[2061]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 536s [p11_child[2061]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 536s [p11_child[2061]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 536s [p11_child[2061]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 536s [p11_child[2061]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 536s [p11_child[2061]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 536s [p11_child[2061]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 536s [p11_child[2061]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 536s [p11_child[2061]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 536s [p11_child[2061]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 536s [p11_child[2061]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 536s [p11_child[2061]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 536s [p11_child[2061]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 536s [p11_child[2061]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 536s [p11_child[2061]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 536s [p11_child[2061]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 536s [p11_child[2061]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 536s [p11_child[2061]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 536s [p11_child[2061]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 536s [p11_child[2061]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 536s [p11_child[2061]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 536s [p11_child[2061]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 536s [p11_child[2061]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 536s [p11_child[2061]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 536s [p11_child[2061]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 536s [p11_child[2061]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 536s [p11_child[2061]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 536s [p11_child[2061]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 536s [p11_child[2061]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 536s [p11_child[2061]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 536s [p11_child[2061]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 536s [p11_child[2061]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 536s [p11_child[2061]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 536s [p11_child[2061]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 536s [p11_child[2061]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 536s [p11_child[2061]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 536s [p11_child[2061]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 536s [p11_child[2061]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 536s [p11_child[2061]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 536s [p11_child[2061]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 536s [p11_child[2061]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 536s [p11_child[2061]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 536s [p11_child[2061]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 536s [p11_child[2061]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 536s [p11_child[2061]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 536s [p11_child[2061]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 536s [p11_child[2061]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 536s [p11_child[2061]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 536s [p11_child[2061]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 536s [p11_child[2061]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 536s [p11_child[2061]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 536s [p11_child[2061]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 536s [p11_child[2061]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 536s [p11_child[2061]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 536s [p11_child[2061]] [do_card] (0x4000): Certificate verified and validated. 536s [p11_child[2061]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 536s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-npKDtO/SSSD-child-9998-auth.output 536s + echo '-----BEGIN CERTIFICATE-----' 536s + tail -n1 /tmp/sssd-softhsm2-npKDtO/SSSD-child-9998-auth.output 536s + echo '-----END CERTIFICATE-----' 536s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-npKDtO/SSSD-child-9998-auth.pem 536s Certificate: 536s Data: 536s Version: 3 (0x2) 536s Serial Number: 3 (0x3) 536s Signature Algorithm: sha256WithRSAEncryption 536s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root CA 536s Validity 536s Not Before: Mar 26 12:49:52 2024 GMT 536s Not After : Mar 26 12:49:52 2025 GMT 536s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root Trusted Certificate 0001 536s Subject Public Key Info: 536s Public Key Algorithm: rsaEncryption 536s Public-Key: (1024 bit) 536s Modulus: 536s 00:a1:86:89:9e:f9:20:68:bf:0d:d6:b2:7d:b6:c5: 536s c6:36:2a:a8:dd:f1:1e:d5:d7:ed:98:1a:21:e0:fb: 536s 4e:7f:3a:35:3f:75:10:df:40:8a:9e:dc:7a:40:27: 536s f2:de:6c:05:78:3e:c9:71:80:1f:1a:af:93:0c:96: 536s 53:c2:72:be:b7:f0:be:6b:54:ac:d1:b3:5f:d8:a0: 536s e6:8c:dd:51:27:d3:50:80:11:28:e8:74:31:72:aa: 536s ae:96:af:6c:55:86:12:cc:7f:f3:1a:a4:d7:72:cd: 536s 36:50:c5:b5:ae:32:22:4b:f0:0d:a6:80:19:b0:5d: 536s f7:d3:f8:8b:ce:78:1d:8c:5f 536s Exponent: 65537 (0x10001) 536s X509v3 extensions: 536s X509v3 Authority Key Identifier: 536s 5B:FC:E1:E9:13:3C:7E:99:64:5F:B0:82:EA:40:CD:8B:51:12:6B:7E 536s X509v3 Basic Constraints: 536s CA:FALSE 536s Netscape Cert Type: 536s SSL Client, S/MIME 536s Netscape Comment: 536s Test Organization Root CA trusted Certificate 536s X509v3 Subject Key Identifier: 536s 14:34:F9:5F:F0:4D:4C:F2:9B:9F:52:21:20:FE:F3:AA:A8:CA:A2:64 536s X509v3 Key Usage: critical 536s Digital Signature, Non Repudiation, Key Encipherment 536s X509v3 Extended Key Usage: 536s TLS Web Client Authentication, E-mail Protection 536s X509v3 Subject Alternative Name: 536s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 536s Signature Algorithm: sha256WithRSAEncryption 536s Signature Value: 536s bd:46:43:54:e9:06:ac:ae:f1:4e:b1:be:49:fb:20:ac:47:47: 536s 5c:14:29:04:9e:32:2e:d0:b0:bf:f7:b5:1c:39:5e:0a:ae:83: 536s cd:d0:7d:e4:1b:df:37:b6:6b:bc:08:2d:ad:cc:00:75:15:24: 536s e7:be:a9:bf:95:a9:70:85:a3:15:8c:11:0c:1b:14:68:b4:0a: 536s 46:44:c4:82:3a:c9:9b:e8:6d:f9:9f:5e:04:83:43:f2:f3:3d: 536s 46:7c:aa:fa:fb:da:b8:bc:ec:c3:74:7c:6e:4b:9c:3d:30:2d: 536s 91:0f:94:95:1e:a4:ff:54:87:2b:b1:2c:85:c3:11:51:7d:da: 536s f3:79 536s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-npKDtO/SSSD-child-9998-auth.pem 536s + found_md5=Modulus=A186899EF92068BF0DD6B27DB6C5C6362AA8DDF11ED5D7ED981A21E0FB4E7F3A353F7510DF408A9EDC7A4027F2DE6C05783EC971801F1AAF930C9653C272BEB7F0BE6B54ACD1B35FD8A0E68CDD5127D350801128E8743172AAAE96AF6C558612CC7FF31AA4D772CD3650C5B5AE32224BF00DA68019B05DF7D3F88BCE781D8C5F 536s + '[' Modulus=A186899EF92068BF0DD6B27DB6C5C6362AA8DDF11ED5D7ED981A21E0FB4E7F3A353F7510DF408A9EDC7A4027F2DE6C05783EC971801F1AAF930C9653C272BEB7F0BE6B54ACD1B35FD8A0E68CDD5127D350801128E8743172AAAE96AF6C558612CC7FF31AA4D772CD3650C5B5AE32224BF00DA68019B05DF7D3F88BCE781D8C5F '!=' Modulus=A186899EF92068BF0DD6B27DB6C5C6362AA8DDF11ED5D7ED981A21E0FB4E7F3A353F7510DF408A9EDC7A4027F2DE6C05783EC971801F1AAF930C9653C272BEB7F0BE6B54ACD1B35FD8A0E68CDD5127D350801128E8743172AAAE96AF6C558612CC7FF31AA4D772CD3650C5B5AE32224BF00DA68019B05DF7D3F88BCE781D8C5F ']' 536s + valid_certificate /tmp/sssd-softhsm2-npKDtO/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-18537 /tmp/sssd-softhsm2-npKDtO/test-root-CA.pem partial_chain 536s + check_certificate /tmp/sssd-softhsm2-npKDtO/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-18537 /tmp/sssd-softhsm2-npKDtO/test-root-CA.pem partial_chain 536s + local certificate=/tmp/sssd-softhsm2-npKDtO/test-root-CA-trusted-certificate-0001.pem 536s + local key_pass=pass:random-root-ca-trusted-cert-0001-18537 536s + local key_ring=/tmp/sssd-softhsm2-npKDtO/test-root-CA.pem 536s + local verify_option=partial_chain 536s + prepare_softhsm2_card /tmp/sssd-softhsm2-npKDtO/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-18537 536s + local certificate=/tmp/sssd-softhsm2-npKDtO/test-root-CA-trusted-certificate-0001.pem 536s + local key_pass=pass:random-root-ca-trusted-cert-0001-18537 536s + local key_cn 536s + local key_name 536s + local tokens_dir 536s + local output_cert_file 536s + token_name= 536s ++ basename /tmp/sssd-softhsm2-npKDtO/test-root-CA-trusted-certificate-0001.pem .pem 536s + key_name=test-root-CA-trusted-certificate-0001 536s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-npKDtO/test-root-CA-trusted-certificate-0001.pem 536s ++ sed -n 's/ *commonName *= //p' 536s + key_cn='Test Organization Root Trusted Certificate 0001' 536s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 536s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-npKDtO/softhsm2-test-root-CA-trusted-certificate-0001.conf 536s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-npKDtO/softhsm2-test-root-CA-trusted-certificate-0001.conf 536s ++ basename /tmp/sssd-softhsm2-npKDtO/softhsm2-test-root-CA-trusted-certificate-0001.conf .conf 536s Test Organization Root Tr Token 536s + tokens_dir=/tmp/sssd-softhsm2-npKDtO/softhsm2-test-root-CA-trusted-certificate-0001 536s + token_name='Test Organization Root Tr Token' 536s + '[' '!' -e /tmp/sssd-softhsm2-npKDtO/softhsm2-test-root-CA-trusted-certificate-0001.conf ']' 536s + '[' '!' -d /tmp/sssd-softhsm2-npKDtO/softhsm2-test-root-CA-trusted-certificate-0001 ']' 536s + echo 'Test Organization Root Tr Token' 536s + '[' -n partial_chain ']' 536s + local verify_arg=--verify=partial_chain 536s + local output_base_name=SSSD-child-7348 536s + local output_file=/tmp/sssd-softhsm2-npKDtO/SSSD-child-7348.output 536s + output_cert_file=/tmp/sssd-softhsm2-npKDtO/SSSD-child-7348.pem 536s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so --verify=partial_chain --ca_db=/tmp/sssd-softhsm2-npKDtO/test-root-CA.pem 536s [p11_child[2071]] [main] (0x0400): p11_child started. 536s [p11_child[2071]] [main] (0x2000): Running in [pre-auth] mode. 536s [p11_child[2071]] [main] (0x2000): Running with effective IDs: [0][0]. 536s [p11_child[2071]] [main] (0x2000): Running with real IDs [0][0]. 536s [p11_child[2071]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 536s [p11_child[2071]] [do_card] (0x4000): Module List: 536s [p11_child[2071]] [do_card] (0x4000): common name: [softhsm2]. 536s [p11_child[2071]] [do_card] (0x4000): dll name: [/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 536s [p11_child[2071]] [do_card] (0x4000): Description [SoftHSM slot ID 0x7a9ae1de] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 536s [p11_child[2071]] [do_card] (0x4000): Token label [Test Organization Root Tr Token]. 536s [p11_child[2071]] [do_card] (0x4000): Found [Test Organization Root Tr Token] in slot [SoftHSM slot ID 0x7a9ae1de][2056970718] of module [0][/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 536s [p11_child[2071]] [do_card] (0x4000): Login NOT required. 536s [p11_child[2071]] [read_certs] (0x4000): found cert[Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] 536s [p11_child[2071]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 536s [p11_child[2071]] [do_card] (0x4000): /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so (null) Test Organization Root Tr Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 536s [p11_child[2071]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x7a9ae1de;slot-manufacturer=SoftHSM%20project;slot-id=2056970718;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=80e115aefa9ae1de;token=Test%20Organization%20Root%20Tr%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Root%20Trusted%20Certificate%200001;type=cert. 536s [p11_child[2071]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 536s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-npKDtO/SSSD-child-7348.output 536s + echo '-----BEGIN CERTIFICATE-----' 536s + tail -n1 /tmp/sssd-softhsm2-npKDtO/SSSD-child-7348.output 536s + echo '-----END CERTIFICATE-----' 536s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-npKDtO/SSSD-child-7348.pem 536s Certificate: 536s Data: 536s Version: 3 (0x2) 536s Serial Number: 3 (0x3) 536s Signature Algorithm: sha256WithRSAEncryption 536s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root CA 536s Validity 536s Not Before: Mar 26 12:49:52 2024 GMT 536s Not After : Mar 26 12:49:52 2025 GMT 536s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root Trusted Certificate 0001 536s Subject Public Key Info: 536s Public Key Algorithm: rsaEncryption 536s Public-Key: (1024 bit) 536s Modulus: 536s 00:a1:86:89:9e:f9:20:68:bf:0d:d6:b2:7d:b6:c5: 536s c6:36:2a:a8:dd:f1:1e:d5:d7:ed:98:1a:21:e0:fb: 536s 4e:7f:3a:35:3f:75:10:df:40:8a:9e:dc:7a:40:27: 536s f2:de:6c:05:78:3e:c9:71:80:1f:1a:af:93:0c:96: 536s 53:c2:72:be:b7:f0:be:6b:54:ac:d1:b3:5f:d8:a0: 536s e6:8c:dd:51:27:d3:50:80:11:28:e8:74:31:72:aa: 536s ae:96:af:6c:55:86:12:cc:7f:f3:1a:a4:d7:72:cd: 536s 36:50:c5:b5:ae:32:22:4b:f0:0d:a6:80:19:b0:5d: 536s f7:d3:f8:8b:ce:78:1d:8c:5f 536s Exponent: 65537 (0x10001) 536s X509v3 extensions: 536s X509v3 Authority Key Identifier: 536s 5B:FC:E1:E9:13:3C:7E:99:64:5F:B0:82:EA:40:CD:8B:51:12:6B:7E 536s X509v3 Basic Constraints: 536s CA:FALSE 536s Netscape Cert Type: 536s SSL Client, S/MIME 536s Netscape Comment: 536s Test Organization Root CA trusted Certificate 536s X509v3 Subject Key Identifier: 536s 14:34:F9:5F:F0:4D:4C:F2:9B:9F:52:21:20:FE:F3:AA:A8:CA:A2:64 536s X509v3 Key Usage: critical 536s Digital Signature, Non Repudiation, Key Encipherment 536s X509v3 Extended Key Usage: 536s TLS Web Client Authentication, E-mail Protection 536s X509v3 Subject Alternative Name: 536s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 536s Signature Algorithm: sha256WithRSAEncryption 536s Signature Value: 536s bd:46:43:54:e9:06:ac:ae:f1:4e:b1:be:49:fb:20:ac:47:47: 536s 5c:14:29:04:9e:32:2e:d0:b0:bf:f7:b5:1c:39:5e:0a:ae:83: 536s cd:d0:7d:e4:1b:df:37:b6:6b:bc:08:2d:ad:cc:00:75:15:24: 536s e7:be:a9:bf:95:a9:70:85:a3:15:8c:11:0c:1b:14:68:b4:0a: 536s 46:44:c4:82:3a:c9:9b:e8:6d:f9:9f:5e:04:83:43:f2:f3:3d: 536s 46:7c:aa:fa:fb:da:b8:bc:ec:c3:74:7c:6e:4b:9c:3d:30:2d: 536s 91:0f:94:95:1e:a4:ff:54:87:2b:b1:2c:85:c3:11:51:7d:da: 536s f3:79 536s + local found_md5 expected_md5 536s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-npKDtO/test-root-CA-trusted-certificate-0001.pem 536s + expected_md5=Modulus=A186899EF92068BF0DD6B27DB6C5C6362AA8DDF11ED5D7ED981A21E0FB4E7F3A353F7510DF408A9EDC7A4027F2DE6C05783EC971801F1AAF930C9653C272BEB7F0BE6B54ACD1B35FD8A0E68CDD5127D350801128E8743172AAAE96AF6C558612CC7FF31AA4D772CD3650C5B5AE32224BF00DA68019B05DF7D3F88BCE781D8C5F 536s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-npKDtO/SSSD-child-7348.pem 536s + found_md5=Modulus=A186899EF92068BF0DD6B27DB6C5C6362AA8DDF11ED5D7ED981A21E0FB4E7F3A353F7510DF408A9EDC7A4027F2DE6C05783EC971801F1AAF930C9653C272BEB7F0BE6B54ACD1B35FD8A0E68CDD5127D350801128E8743172AAAE96AF6C558612CC7FF31AA4D772CD3650C5B5AE32224BF00DA68019B05DF7D3F88BCE781D8C5F 536s + '[' Modulus=A186899EF92068BF0DD6B27DB6C5C6362AA8DDF11ED5D7ED981A21E0FB4E7F3A353F7510DF408A9EDC7A4027F2DE6C05783EC971801F1AAF930C9653C272BEB7F0BE6B54ACD1B35FD8A0E68CDD5127D350801128E8743172AAAE96AF6C558612CC7FF31AA4D772CD3650C5B5AE32224BF00DA68019B05DF7D3F88BCE781D8C5F '!=' Modulus=A186899EF92068BF0DD6B27DB6C5C6362AA8DDF11ED5D7ED981A21E0FB4E7F3A353F7510DF408A9EDC7A4027F2DE6C05783EC971801F1AAF930C9653C272BEB7F0BE6B54ACD1B35FD8A0E68CDD5127D350801128E8743172AAAE96AF6C558612CC7FF31AA4D772CD3650C5B5AE32224BF00DA68019B05DF7D3F88BCE781D8C5F ']' 536s + output_file=/tmp/sssd-softhsm2-npKDtO/SSSD-child-7348-auth.output 536s ++ basename /tmp/sssd-softhsm2-npKDtO/SSSD-child-7348-auth.output .output 536s + output_cert_file=/tmp/sssd-softhsm2-npKDtO/SSSD-child-7348-auth.pem 536s + echo -n 053350 536s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/tmp/sssd-softhsm2-npKDtO/test-root-CA.pem --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 --verify=partial_chain --token_name 'Test Organization Root Tr Token' --module_name /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so 536s [p11_child[2079]] [main] (0x0400): p11_child started. 536s [p11_child[2079]] [main] (0x2000): Running in [auth] mode. 536s [p11_child[2079]] [main] (0x2000): Running with effective IDs: [0][0]. 536s [p11_child[2079]] [main] (0x2000): Running with real IDs [0][0]. 536s [p11_child[2079]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 536s [p11_child[2079]] [do_card] (0x4000): Module List: 536s [p11_child[2079]] [do_card] (0x4000): common name: [softhsm2]. 536s [p11_child[2079]] [do_card] (0x4000): dll name: [/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 536s [p11_child[2079]] [do_card] (0x4000): Description [SoftHSM slot ID 0x7a9ae1de] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 536s [p11_child[2079]] [do_card] (0x4000): Token label [Test Organization Root Tr Token]. 536s [p11_child[2079]] [do_card] (0x4000): Found [Test Organization Root Tr Token] in slot [SoftHSM slot ID 0x7a9ae1de][2056970718] of module [0][/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 536s [p11_child[2079]] [do_card] (0x4000): Login required. 536s [p11_child[2079]] [read_certs] (0x4000): found cert[Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] 536s [p11_child[2079]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 536s [p11_child[2079]] [do_card] (0x4000): /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so Test Organization Root Tr Token Test Organization Root Tr Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 536s [p11_child[2079]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x7a9ae1de;slot-manufacturer=SoftHSM%20project;slot-id=2056970718;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=80e115aefa9ae1de;token=Test%20Organization%20Root%20Tr%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Root%20Trusted%20Certificate%200001;type=cert. 536s [p11_child[2079]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 536s [p11_child[2079]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 536s [p11_child[2079]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 536s [p11_child[2079]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 536s [p11_child[2079]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 536s [p11_child[2079]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 536s [p11_child[2079]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 536s [p11_child[2079]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 536s [p11_child[2079]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 536s [p11_child[2079]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 536s [p11_child[2079]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 536s [p11_child[2079]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 536s [p11_child[2079]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 536s [p11_child[2079]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 536s [p11_child[2079]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 536s [p11_child[2079]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 536s [p11_child[2079]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 536s [p11_child[2079]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 536s [p11_child[2079]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 536s [p11_child[2079]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 536s [p11_child[2079]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 536s [p11_child[2079]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 536s [p11_child[2079]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 536s [p11_child[2079]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 536s [p11_child[2079]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 536s [p11_child[2079]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 536s [p11_child[2079]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 536s [p11_child[2079]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 536s [p11_child[2079]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 536s [p11_child[2079]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 536s [p11_child[2079]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 536s [p11_child[2079]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 536s [p11_child[2079]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 536s [p11_child[2079]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 536s [p11_child[2079]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 536s [p11_child[2079]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 536s [p11_child[2079]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 536s [p11_child[2079]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 536s [p11_child[2079]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 536s [p11_child[2079]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 536s [p11_child[2079]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 536s [p11_child[2079]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 536s [p11_child[2079]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 536s [p11_child[2079]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 536s [p11_child[2079]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 536s [p11_child[2079]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 536s [p11_child[2079]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 536s [p11_child[2079]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 536s [p11_child[2079]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 536s [p11_child[2079]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 536s [p11_child[2079]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 536s [p11_child[2079]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 536s [p11_child[2079]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 536s [p11_child[2079]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 536s [p11_child[2079]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 536s [p11_child[2079]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 536s [p11_child[2079]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 536s [p11_child[2079]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 536s [p11_child[2079]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 536s [p11_child[2079]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 536s [p11_child[2079]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 536s [p11_child[2079]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 536s [p11_child[2079]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 536s [p11_child[2079]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 536s [p11_child[2079]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 536s [p11_child[2079]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 536s [p11_child[2079]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 536s [p11_child[2079]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 536s [p11_child[2079]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 536s [p11_child[2079]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 536s [p11_child[2079]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 536s [p11_child[2079]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 536s [p11_child[2079]] [do_card] (0x4000): Certificate verified and validated. 536s [p11_child[2079]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 536s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-npKDtO/SSSD-child-7348-auth.output 536s + echo '-----BEGIN CERTIFICATE-----' 536s + tail -n1 /tmp/sssd-softhsm2-npKDtO/SSSD-child-7348-auth.output 536s + echo '-----END CERTIFICATE-----' 536s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-npKDtO/SSSD-child-7348-auth.pem 536s Certificate: 536s Data: 536s Version: 3 (0x2) 536s Serial Number: 3 (0x3) 536s Signature Algorithm: sha256WithRSAEncryption 536s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root CA 536s Validity 536s Not Before: Mar 26 12:49:52 2024 GMT 536s Not After : Mar 26 12:49:52 2025 GMT 536s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root Trusted Certificate 0001 536s Subject Public Key Info: 536s Public Key Algorithm: rsaEncryption 536s Public-Key: (1024 bit) 536s Modulus: 536s 00:a1:86:89:9e:f9:20:68:bf:0d:d6:b2:7d:b6:c5: 536s c6:36:2a:a8:dd:f1:1e:d5:d7:ed:98:1a:21:e0:fb: 536s 4e:7f:3a:35:3f:75:10:df:40:8a:9e:dc:7a:40:27: 536s f2:de:6c:05:78:3e:c9:71:80:1f:1a:af:93:0c:96: 536s 53:c2:72:be:b7:f0:be:6b:54:ac:d1:b3:5f:d8:a0: 536s e6:8c:dd:51:27:d3:50:80:11:28:e8:74:31:72:aa: 536s ae:96:af:6c:55:86:12:cc:7f:f3:1a:a4:d7:72:cd: 536s 36:50:c5:b5:ae:32:22:4b:f0:0d:a6:80:19:b0:5d: 536s f7:d3:f8:8b:ce:78:1d:8c:5f 536s Exponent: 65537 (0x10001) 536s X509v3 extensions: 536s X509v3 Authority Key Identifier: 536s 5B:FC:E1:E9:13:3C:7E:99:64:5F:B0:82:EA:40:CD:8B:51:12:6B:7E 536s X509v3 Basic Constraints: 536s CA:FALSE 536s Netscape Cert Type: 536s SSL Client, S/MIME 536s Netscape Comment: 536s Test Organization Root CA trusted Certificate 536s X509v3 Subject Key Identifier: 536s 14:34:F9:5F:F0:4D:4C:F2:9B:9F:52:21:20:FE:F3:AA:A8:CA:A2:64 536s X509v3 Key Usage: critical 536s Digital Signature, Non Repudiation, Key Encipherment 536s X509v3 Extended Key Usage: 536s TLS Web Client Authentication, E-mail Protection 536s X509v3 Subject Alternative Name: 536s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 536s Signature Algorithm: sha256WithRSAEncryption 536s Signature Value: 536s bd:46:43:54:e9:06:ac:ae:f1:4e:b1:be:49:fb:20:ac:47:47: 536s 5c:14:29:04:9e:32:2e:d0:b0:bf:f7:b5:1c:39:5e:0a:ae:83: 536s cd:d0:7d:e4:1b:df:37:b6:6b:bc:08:2d:ad:cc:00:75:15:24: 536s e7:be:a9:bf:95:a9:70:85:a3:15:8c:11:0c:1b:14:68:b4:0a: 536s 46:44:c4:82:3a:c9:9b:e8:6d:f9:9f:5e:04:83:43:f2:f3:3d: 536s 46:7c:aa:fa:fb:da:b8:bc:ec:c3:74:7c:6e:4b:9c:3d:30:2d: 536s 91:0f:94:95:1e:a4:ff:54:87:2b:b1:2c:85:c3:11:51:7d:da: 536s f3:79 536s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-npKDtO/SSSD-child-7348-auth.pem 536s + found_md5=Modulus=A186899EF92068BF0DD6B27DB6C5C6362AA8DDF11ED5D7ED981A21E0FB4E7F3A353F7510DF408A9EDC7A4027F2DE6C05783EC971801F1AAF930C9653C272BEB7F0BE6B54ACD1B35FD8A0E68CDD5127D350801128E8743172AAAE96AF6C558612CC7FF31AA4D772CD3650C5B5AE32224BF00DA68019B05DF7D3F88BCE781D8C5F 536s + '[' Modulus=A186899EF92068BF0DD6B27DB6C5C6362AA8DDF11ED5D7ED981A21E0FB4E7F3A353F7510DF408A9EDC7A4027F2DE6C05783EC971801F1AAF930C9653C272BEB7F0BE6B54ACD1B35FD8A0E68CDD5127D350801128E8743172AAAE96AF6C558612CC7FF31AA4D772CD3650C5B5AE32224BF00DA68019B05DF7D3F88BCE781D8C5F '!=' Modulus=A186899EF92068BF0DD6B27DB6C5C6362AA8DDF11ED5D7ED981A21E0FB4E7F3A353F7510DF408A9EDC7A4027F2DE6C05783EC971801F1AAF930C9653C272BEB7F0BE6B54ACD1B35FD8A0E68CDD5127D350801128E8743172AAAE96AF6C558612CC7FF31AA4D772CD3650C5B5AE32224BF00DA68019B05DF7D3F88BCE781D8C5F ']' 536s + valid_certificate /tmp/sssd-softhsm2-npKDtO/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-18537 /tmp/sssd-softhsm2-npKDtO/test-full-chain-CA.pem 536s + check_certificate /tmp/sssd-softhsm2-npKDtO/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-18537 /tmp/sssd-softhsm2-npKDtO/test-full-chain-CA.pem 536s + local certificate=/tmp/sssd-softhsm2-npKDtO/test-root-CA-trusted-certificate-0001.pem 536s + local key_pass=pass:random-root-ca-trusted-cert-0001-18537 536s + local key_ring=/tmp/sssd-softhsm2-npKDtO/test-full-chain-CA.pem 536s + local verify_option= 536s + prepare_softhsm2_card /tmp/sssd-softhsm2-npKDtO/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-18537 536s + local certificate=/tmp/sssd-softhsm2-npKDtO/test-root-CA-trusted-certificate-0001.pem 536s + local key_pass=pass:random-root-ca-trusted-cert-0001-18537 536s + local key_cn 536s + local key_name 536s + local tokens_dir 536s + local output_cert_file 536s + token_name= 536s ++ basename /tmp/sssd-softhsm2-npKDtO/test-root-CA-trusted-certificate-0001.pem .pem 536s + key_name=test-root-CA-trusted-certificate-0001 536s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-npKDtO/test-root-CA-trusted-certificate-0001.pem 536s ++ sed -n 's/ *commonName *= //p' 536s + key_cn='Test Organization Root Trusted Certificate 0001' 536s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 536s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-npKDtO/softhsm2-test-root-CA-trusted-certificate-0001.conf 536s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-npKDtO/softhsm2-test-root-CA-trusted-certificate-0001.conf 536s ++ basename /tmp/sssd-softhsm2-npKDtO/softhsm2-test-root-CA-trusted-certificate-0001.conf .conf 536s Test Organization Root Tr Token 536s + tokens_dir=/tmp/sssd-softhsm2-npKDtO/softhsm2-test-root-CA-trusted-certificate-0001 536s + token_name='Test Organization Root Tr Token' 536s + '[' '!' -e /tmp/sssd-softhsm2-npKDtO/softhsm2-test-root-CA-trusted-certificate-0001.conf ']' 536s + '[' '!' -d /tmp/sssd-softhsm2-npKDtO/softhsm2-test-root-CA-trusted-certificate-0001 ']' 536s + echo 'Test Organization Root Tr Token' 536s + '[' -n '' ']' 536s + local output_base_name=SSSD-child-15283 536s + local output_file=/tmp/sssd-softhsm2-npKDtO/SSSD-child-15283.output 536s + output_cert_file=/tmp/sssd-softhsm2-npKDtO/SSSD-child-15283.pem 536s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so '' --ca_db=/tmp/sssd-softhsm2-npKDtO/test-full-chain-CA.pem 536s [p11_child[2089]] [main] (0x0400): p11_child started. 536s [p11_child[2089]] [main] (0x2000): Running in [pre-auth] mode. 536s [p11_child[2089]] [main] (0x2000): Running with effective IDs: [0][0]. 536s [p11_child[2089]] [main] (0x2000): Running with real IDs [0][0]. 536s [p11_child[2089]] [do_card] (0x4000): Module List: 536s [p11_child[2089]] [do_card] (0x4000): common name: [softhsm2]. 536s [p11_child[2089]] [do_card] (0x4000): dll name: [/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 536s [p11_child[2089]] [do_card] (0x4000): Description [SoftHSM slot ID 0x7a9ae1de] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 536s [p11_child[2089]] [do_card] (0x4000): Token label [Test Organization Root Tr Token]. 536s [p11_child[2089]] [do_card] (0x4000): Found [Test Organization Root Tr Token] in slot [SoftHSM slot ID 0x7a9ae1de][2056970718] of module [0][/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 536s [p11_child[2089]] [do_card] (0x4000): Login NOT required. 536s [p11_child[2089]] [read_certs] (0x4000): found cert[Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] 536s [p11_child[2089]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 536s [p11_child[2089]] [do_card] (0x4000): /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so (null) Test Organization Root Tr Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 536s [p11_child[2089]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x7a9ae1de;slot-manufacturer=SoftHSM%20project;slot-id=2056970718;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=80e115aefa9ae1de;token=Test%20Organization%20Root%20Tr%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Root%20Trusted%20Certificate%200001;type=cert. 536s [p11_child[2089]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 536s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-npKDtO/SSSD-child-15283.output 536s + echo '-----BEGIN CERTIFICATE-----' 536s + tail -n1 /tmp/sssd-softhsm2-npKDtO/SSSD-child-15283.output 536s + echo '-----END CERTIFICATE-----' 536s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-npKDtO/SSSD-child-15283.pem 536s Certificate: 536s Data: 536s Version: 3 (0x2) 536s Serial Number: 3 (0x3) 536s Signature Algorithm: sha256WithRSAEncryption 536s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root CA 536s Validity 536s Not Before: Mar 26 12:49:52 2024 GMT 536s Not After : Mar 26 12:49:52 2025 GMT 536s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root Trusted Certificate 0001 536s Subject Public Key Info: 536s Public Key Algorithm: rsaEncryption 536s Public-Key: (1024 bit) 536s Modulus: 536s 00:a1:86:89:9e:f9:20:68:bf:0d:d6:b2:7d:b6:c5: 536s c6:36:2a:a8:dd:f1:1e:d5:d7:ed:98:1a:21:e0:fb: 536s 4e:7f:3a:35:3f:75:10:df:40:8a:9e:dc:7a:40:27: 536s f2:de:6c:05:78:3e:c9:71:80:1f:1a:af:93:0c:96: 536s 53:c2:72:be:b7:f0:be:6b:54:ac:d1:b3:5f:d8:a0: 536s e6:8c:dd:51:27:d3:50:80:11:28:e8:74:31:72:aa: 536s ae:96:af:6c:55:86:12:cc:7f:f3:1a:a4:d7:72:cd: 536s 36:50:c5:b5:ae:32:22:4b:f0:0d:a6:80:19:b0:5d: 536s f7:d3:f8:8b:ce:78:1d:8c:5f 536s Exponent: 65537 (0x10001) 536s X509v3 extensions: 536s X509v3 Authority Key Identifier: 536s 5B:FC:E1:E9:13:3C:7E:99:64:5F:B0:82:EA:40:CD:8B:51:12:6B:7E 536s X509v3 Basic Constraints: 536s CA:FALSE 536s Netscape Cert Type: 536s SSL Client, S/MIME 536s Netscape Comment: 536s Test Organization Root CA trusted Certificate 536s X509v3 Subject Key Identifier: 536s 14:34:F9:5F:F0:4D:4C:F2:9B:9F:52:21:20:FE:F3:AA:A8:CA:A2:64 536s X509v3 Key Usage: critical 536s Digital Signature, Non Repudiation, Key Encipherment 536s X509v3 Extended Key Usage: 536s TLS Web Client Authentication, E-mail Protection 536s X509v3 Subject Alternative Name: 536s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 536s Signature Algorithm: sha256WithRSAEncryption 536s Signature Value: 536s bd:46:43:54:e9:06:ac:ae:f1:4e:b1:be:49:fb:20:ac:47:47: 536s 5c:14:29:04:9e:32:2e:d0:b0:bf:f7:b5:1c:39:5e:0a:ae:83: 536s cd:d0:7d:e4:1b:df:37:b6:6b:bc:08:2d:ad:cc:00:75:15:24: 536s e7:be:a9:bf:95:a9:70:85:a3:15:8c:11:0c:1b:14:68:b4:0a: 536s 46:44:c4:82:3a:c9:9b:e8:6d:f9:9f:5e:04:83:43:f2:f3:3d: 536s 46:7c:aa:fa:fb:da:b8:bc:ec:c3:74:7c:6e:4b:9c:3d:30:2d: 536s 91:0f:94:95:1e:a4:ff:54:87:2b:b1:2c:85:c3:11:51:7d:da: 536s f3:79 536s + local found_md5 expected_md5 536s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-npKDtO/test-root-CA-trusted-certificate-0001.pem 536s + expected_md5=Modulus=A186899EF92068BF0DD6B27DB6C5C6362AA8DDF11ED5D7ED981A21E0FB4E7F3A353F7510DF408A9EDC7A4027F2DE6C05783EC971801F1AAF930C9653C272BEB7F0BE6B54ACD1B35FD8A0E68CDD5127D350801128E8743172AAAE96AF6C558612CC7FF31AA4D772CD3650C5B5AE32224BF00DA68019B05DF7D3F88BCE781D8C5F 536s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-npKDtO/SSSD-child-15283.pem 536s + found_md5=Modulus=A186899EF92068BF0DD6B27DB6C5C6362AA8DDF11ED5D7ED981A21E0FB4E7F3A353F7510DF408A9EDC7A4027F2DE6C05783EC971801F1AAF930C9653C272BEB7F0BE6B54ACD1B35FD8A0E68CDD5127D350801128E8743172AAAE96AF6C558612CC7FF31AA4D772CD3650C5B5AE32224BF00DA68019B05DF7D3F88BCE781D8C5F 536s + '[' Modulus=A186899EF92068BF0DD6B27DB6C5C6362AA8DDF11ED5D7ED981A21E0FB4E7F3A353F7510DF408A9EDC7A4027F2DE6C05783EC971801F1AAF930C9653C272BEB7F0BE6B54ACD1B35FD8A0E68CDD5127D350801128E8743172AAAE96AF6C558612CC7FF31AA4D772CD3650C5B5AE32224BF00DA68019B05DF7D3F88BCE781D8C5F '!=' Modulus=A186899EF92068BF0DD6B27DB6C5C6362AA8DDF11ED5D7ED981A21E0FB4E7F3A353F7510DF408A9EDC7A4027F2DE6C05783EC971801F1AAF930C9653C272BEB7F0BE6B54ACD1B35FD8A0E68CDD5127D350801128E8743172AAAE96AF6C558612CC7FF31AA4D772CD3650C5B5AE32224BF00DA68019B05DF7D3F88BCE781D8C5F ']' 536s + output_file=/tmp/sssd-softhsm2-npKDtO/SSSD-child-15283-auth.output 536s ++ basename /tmp/sssd-softhsm2-npKDtO/SSSD-child-15283-auth.output .output 536s + output_cert_file=/tmp/sssd-softhsm2-npKDtO/SSSD-child-15283-auth.pem 537s + echo -n 053350 537s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/tmp/sssd-softhsm2-npKDtO/test-full-chain-CA.pem --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 '' --token_name 'Test Organization Root Tr Token' --module_name /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so 537s [p11_child[2097]] [main] (0x0400): p11_child started. 537s [p11_child[2097]] [main] (0x2000): Running in [auth] mode. 537s [p11_child[2097]] [main] (0x2000): Running with effective IDs: [0][0]. 537s [p11_child[2097]] [main] (0x2000): Running with real IDs [0][0]. 537s [p11_child[2097]] [do_card] (0x4000): Module List: 537s [p11_child[2097]] [do_card] (0x4000): common name: [softhsm2]. 537s [p11_child[2097]] [do_card] (0x4000): dll name: [/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 537s [p11_child[2097]] [do_card] (0x4000): Description [SoftHSM slot ID 0x7a9ae1de] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 537s [p11_child[2097]] [do_card] (0x4000): Token label [Test Organization Root Tr Token]. 537s [p11_child[2097]] [do_card] (0x4000): Found [Test Organization Root Tr Token] in slot [SoftHSM slot ID 0x7a9ae1de][2056970718] of module [0][/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 537s [p11_child[2097]] [do_card] (0x4000): Login required. 537s [p11_child[2097]] [read_certs] (0x4000): found cert[Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] 537s [p11_child[2097]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 537s [p11_child[2097]] [do_card] (0x4000): /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so Test Organization Root Tr Token Test Organization Root Tr Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 537s [p11_child[2097]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x7a9ae1de;slot-manufacturer=SoftHSM%20project;slot-id=2056970718;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=80e115aefa9ae1de;token=Test%20Organization%20Root%20Tr%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Root%20Trusted%20Certificate%200001;type=cert. 537s [p11_child[2097]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 537s [p11_child[2097]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 537s [p11_child[2097]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 537s [p11_child[2097]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 537s [p11_child[2097]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 537s [p11_child[2097]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 537s [p11_child[2097]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 537s [p11_child[2097]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 537s [p11_child[2097]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 537s [p11_child[2097]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 537s [p11_child[2097]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 537s [p11_child[2097]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 537s [p11_child[2097]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 537s [p11_child[2097]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 537s [p11_child[2097]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 537s [p11_child[2097]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 537s [p11_child[2097]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 537s [p11_child[2097]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 537s [p11_child[2097]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 537s [p11_child[2097]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 537s [p11_child[2097]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 537s [p11_child[2097]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 537s [p11_child[2097]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 537s [p11_child[2097]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 537s [p11_child[2097]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 537s [p11_child[2097]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 537s [p11_child[2097]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 537s [p11_child[2097]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 537s [p11_child[2097]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 537s [p11_child[2097]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 537s [p11_child[2097]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 537s [p11_child[2097]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 537s [p11_child[2097]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 537s [p11_child[2097]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 537s [p11_child[2097]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 537s [p11_child[2097]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 537s [p11_child[2097]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 537s [p11_child[2097]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 537s [p11_child[2097]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 537s [p11_child[2097]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 537s [p11_child[2097]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 537s [p11_child[2097]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 537s [p11_child[2097]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 537s [p11_child[2097]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 537s [p11_child[2097]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 537s [p11_child[2097]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 537s [p11_child[2097]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 537s [p11_child[2097]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 537s [p11_child[2097]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 537s [p11_child[2097]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 537s [p11_child[2097]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 537s [p11_child[2097]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 537s [p11_child[2097]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 537s [p11_child[2097]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 537s [p11_child[2097]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 537s [p11_child[2097]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 537s [p11_child[2097]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 537s [p11_child[2097]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 537s [p11_child[2097]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 537s [p11_child[2097]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 537s [p11_child[2097]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 537s [p11_child[2097]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 537s [p11_child[2097]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 537s [p11_child[2097]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 537s [p11_child[2097]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 537s [p11_child[2097]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 537s [p11_child[2097]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 537s [p11_child[2097]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 537s [p11_child[2097]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 537s [p11_child[2097]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 537s [p11_child[2097]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 537s [p11_child[2097]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 537s [p11_child[2097]] [do_card] (0x4000): Certificate verified and validated. 537s [p11_child[2097]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 537s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-npKDtO/SSSD-child-15283-auth.output 537s + echo '-----BEGIN CERTIFICATE-----' 537s + tail -n1 /tmp/sssd-softhsm2-npKDtO/SSSD-child-15283-auth.output 537s + echo '-----END CERTIFICATE-----' 537s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-npKDtO/SSSD-child-15283-auth.pem 537s Certificate: 537s Data: 537s Version: 3 (0x2) 537s Serial Number: 3 (0x3) 537s Signature Algorithm: sha256WithRSAEncryption 537s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root CA 537s Validity 537s Not Before: Mar 26 12:49:52 2024 GMT 537s Not After : Mar 26 12:49:52 2025 GMT 537s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root Trusted Certificate 0001 537s Subject Public Key Info: 537s Public Key Algorithm: rsaEncryption 537s Public-Key: (1024 bit) 537s Modulus: 537s 00:a1:86:89:9e:f9:20:68:bf:0d:d6:b2:7d:b6:c5: 537s c6:36:2a:a8:dd:f1:1e:d5:d7:ed:98:1a:21:e0:fb: 537s 4e:7f:3a:35:3f:75:10:df:40:8a:9e:dc:7a:40:27: 537s f2:de:6c:05:78:3e:c9:71:80:1f:1a:af:93:0c:96: 537s 53:c2:72:be:b7:f0:be:6b:54:ac:d1:b3:5f:d8:a0: 537s e6:8c:dd:51:27:d3:50:80:11:28:e8:74:31:72:aa: 537s ae:96:af:6c:55:86:12:cc:7f:f3:1a:a4:d7:72:cd: 537s 36:50:c5:b5:ae:32:22:4b:f0:0d:a6:80:19:b0:5d: 537s f7:d3:f8:8b:ce:78:1d:8c:5f 537s Exponent: 65537 (0x10001) 537s X509v3 extensions: 537s X509v3 Authority Key Identifier: 537s 5B:FC:E1:E9:13:3C:7E:99:64:5F:B0:82:EA:40:CD:8B:51:12:6B:7E 537s X509v3 Basic Constraints: 537s CA:FALSE 537s Netscape Cert Type: 537s SSL Client, S/MIME 537s Netscape Comment: 537s Test Organization Root CA trusted Certificate 537s X509v3 Subject Key Identifier: 537s 14:34:F9:5F:F0:4D:4C:F2:9B:9F:52:21:20:FE:F3:AA:A8:CA:A2:64 537s X509v3 Key Usage: critical 537s Digital Signature, Non Repudiation, Key Encipherment 537s X509v3 Extended Key Usage: 537s TLS Web Client Authentication, E-mail Protection 537s X509v3 Subject Alternative Name: 537s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 537s Signature Algorithm: sha256WithRSAEncryption 537s Signature Value: 537s bd:46:43:54:e9:06:ac:ae:f1:4e:b1:be:49:fb:20:ac:47:47: 537s 5c:14:29:04:9e:32:2e:d0:b0:bf:f7:b5:1c:39:5e:0a:ae:83: 537s cd:d0:7d:e4:1b:df:37:b6:6b:bc:08:2d:ad:cc:00:75:15:24: 537s e7:be:a9:bf:95:a9:70:85:a3:15:8c:11:0c:1b:14:68:b4:0a: 537s 46:44:c4:82:3a:c9:9b:e8:6d:f9:9f:5e:04:83:43:f2:f3:3d: 537s 46:7c:aa:fa:fb:da:b8:bc:ec:c3:74:7c:6e:4b:9c:3d:30:2d: 537s 91:0f:94:95:1e:a4:ff:54:87:2b:b1:2c:85:c3:11:51:7d:da: 537s f3:79 537s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-npKDtO/SSSD-child-15283-auth.pem 537s + found_md5=Modulus=A186899EF92068BF0DD6B27DB6C5C6362AA8DDF11ED5D7ED981A21E0FB4E7F3A353F7510DF408A9EDC7A4027F2DE6C05783EC971801F1AAF930C9653C272BEB7F0BE6B54ACD1B35FD8A0E68CDD5127D350801128E8743172AAAE96AF6C558612CC7FF31AA4D772CD3650C5B5AE32224BF00DA68019B05DF7D3F88BCE781D8C5F 537s + '[' Modulus=A186899EF92068BF0DD6B27DB6C5C6362AA8DDF11ED5D7ED981A21E0FB4E7F3A353F7510DF408A9EDC7A4027F2DE6C05783EC971801F1AAF930C9653C272BEB7F0BE6B54ACD1B35FD8A0E68CDD5127D350801128E8743172AAAE96AF6C558612CC7FF31AA4D772CD3650C5B5AE32224BF00DA68019B05DF7D3F88BCE781D8C5F '!=' Modulus=A186899EF92068BF0DD6B27DB6C5C6362AA8DDF11ED5D7ED981A21E0FB4E7F3A353F7510DF408A9EDC7A4027F2DE6C05783EC971801F1AAF930C9653C272BEB7F0BE6B54ACD1B35FD8A0E68CDD5127D350801128E8743172AAAE96AF6C558612CC7FF31AA4D772CD3650C5B5AE32224BF00DA68019B05DF7D3F88BCE781D8C5F ']' 537s + valid_certificate /tmp/sssd-softhsm2-npKDtO/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-18537 /tmp/sssd-softhsm2-npKDtO/test-full-chain-CA.pem partial_chain 537s + check_certificate /tmp/sssd-softhsm2-npKDtO/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-18537 /tmp/sssd-softhsm2-npKDtO/test-full-chain-CA.pem partial_chain 537s + local certificate=/tmp/sssd-softhsm2-npKDtO/test-root-CA-trusted-certificate-0001.pem 537s + local key_pass=pass:random-root-ca-trusted-cert-0001-18537 537s + local key_ring=/tmp/sssd-softhsm2-npKDtO/test-full-chain-CA.pem 537s + local verify_option=partial_chain 537s + prepare_softhsm2_card /tmp/sssd-softhsm2-npKDtO/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-18537 537s + local certificate=/tmp/sssd-softhsm2-npKDtO/test-root-CA-trusted-certificate-0001.pem 537s + local key_pass=pass:random-root-ca-trusted-cert-0001-18537 537s + local key_cn 537s + local key_name 537s + local tokens_dir 537s + local output_cert_file 537s + token_name= 537s ++ basename /tmp/sssd-softhsm2-npKDtO/test-root-CA-trusted-certificate-0001.pem .pem 537s + key_name=test-root-CA-trusted-certificate-0001 537s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-npKDtO/test-root-CA-trusted-certificate-0001.pem 537s ++ sed -n 's/ *commonName *= //p' 537s + key_cn='Test Organization Root Trusted Certificate 0001' 537s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 537s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-npKDtO/softhsm2-test-root-CA-trusted-certificate-0001.conf 537s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-npKDtO/softhsm2-test-root-CA-trusted-certificate-0001.conf 537s ++ basename /tmp/sssd-softhsm2-npKDtO/softhsm2-test-root-CA-trusted-certificate-0001.conf .conf 537s Test Organization Root Tr Token 537s + tokens_dir=/tmp/sssd-softhsm2-npKDtO/softhsm2-test-root-CA-trusted-certificate-0001 537s + token_name='Test Organization Root Tr Token' 537s + '[' '!' -e /tmp/sssd-softhsm2-npKDtO/softhsm2-test-root-CA-trusted-certificate-0001.conf ']' 537s + '[' '!' -d /tmp/sssd-softhsm2-npKDtO/softhsm2-test-root-CA-trusted-certificate-0001 ']' 537s + echo 'Test Organization Root Tr Token' 537s + '[' -n partial_chain ']' 537s + local verify_arg=--verify=partial_chain 537s + local output_base_name=SSSD-child-11405 537s + local output_file=/tmp/sssd-softhsm2-npKDtO/SSSD-child-11405.output 537s + output_cert_file=/tmp/sssd-softhsm2-npKDtO/SSSD-child-11405.pem 537s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so --verify=partial_chain --ca_db=/tmp/sssd-softhsm2-npKDtO/test-full-chain-CA.pem 537s [p11_child[2107]] [main] (0x0400): p11_child started. 537s [p11_child[2107]] [main] (0x2000): Running in [pre-auth] mode. 537s [p11_child[2107]] [main] (0x2000): Running with effective IDs: [0][0]. 537s [p11_child[2107]] [main] (0x2000): Running with real IDs [0][0]. 537s [p11_child[2107]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 537s [p11_child[2107]] [do_card] (0x4000): Module List: 537s [p11_child[2107]] [do_card] (0x4000): common name: [softhsm2]. 537s [p11_child[2107]] [do_card] (0x4000): dll name: [/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 537s [p11_child[2107]] [do_card] (0x4000): Description [SoftHSM slot ID 0x7a9ae1de] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 537s [p11_child[2107]] [do_card] (0x4000): Token label [Test Organization Root Tr Token]. 537s [p11_child[2107]] [do_card] (0x4000): Found [Test Organization Root Tr Token] in slot [SoftHSM slot ID 0x7a9ae1de][2056970718] of module [0][/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 537s [p11_child[2107]] [do_card] (0x4000): Login NOT required. 537s [p11_child[2107]] [read_certs] (0x4000): found cert[Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] 537s [p11_child[2107]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 537s [p11_child[2107]] [do_card] (0x4000): /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so (null) Test Organization Root Tr Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 537s [p11_child[2107]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x7a9ae1de;slot-manufacturer=SoftHSM%20project;slot-id=2056970718;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=80e115aefa9ae1de;token=Test%20Organization%20Root%20Tr%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Root%20Trusted%20Certificate%200001;type=cert. 537s [p11_child[2107]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 537s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-npKDtO/SSSD-child-11405.output 537s + echo '-----BEGIN CERTIFICATE-----' 537s + tail -n1 /tmp/sssd-softhsm2-npKDtO/SSSD-child-11405.output 537s + echo '-----END CERTIFICATE-----' 537s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-npKDtO/SSSD-child-11405.pem 537s Certificate: 537s Data: 537s Version: 3 (0x2) 537s Serial Number: 3 (0x3) 537s Signature Algorithm: sha256WithRSAEncryption 537s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root CA 537s Validity 537s Not Before: Mar 26 12:49:52 2024 GMT 537s Not After : Mar 26 12:49:52 2025 GMT 537s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root Trusted Certificate 0001 537s Subject Public Key Info: 537s Public Key Algorithm: rsaEncryption 537s Public-Key: (1024 bit) 537s Modulus: 537s 00:a1:86:89:9e:f9:20:68:bf:0d:d6:b2:7d:b6:c5: 537s c6:36:2a:a8:dd:f1:1e:d5:d7:ed:98:1a:21:e0:fb: 537s 4e:7f:3a:35:3f:75:10:df:40:8a:9e:dc:7a:40:27: 537s f2:de:6c:05:78:3e:c9:71:80:1f:1a:af:93:0c:96: 537s 53:c2:72:be:b7:f0:be:6b:54:ac:d1:b3:5f:d8:a0: 537s e6:8c:dd:51:27:d3:50:80:11:28:e8:74:31:72:aa: 537s ae:96:af:6c:55:86:12:cc:7f:f3:1a:a4:d7:72:cd: 537s 36:50:c5:b5:ae:32:22:4b:f0:0d:a6:80:19:b0:5d: 537s f7:d3:f8:8b:ce:78:1d:8c:5f 537s Exponent: 65537 (0x10001) 537s X509v3 extensions: 537s X509v3 Authority Key Identifier: 537s 5B:FC:E1:E9:13:3C:7E:99:64:5F:B0:82:EA:40:CD:8B:51:12:6B:7E 537s X509v3 Basic Constraints: 537s CA:FALSE 537s Netscape Cert Type: 537s SSL Client, S/MIME 537s Netscape Comment: 537s Test Organization Root CA trusted Certificate 537s X509v3 Subject Key Identifier: 537s 14:34:F9:5F:F0:4D:4C:F2:9B:9F:52:21:20:FE:F3:AA:A8:CA:A2:64 537s X509v3 Key Usage: critical 537s Digital Signature, Non Repudiation, Key Encipherment 537s X509v3 Extended Key Usage: 537s TLS Web Client Authentication, E-mail Protection 537s X509v3 Subject Alternative Name: 537s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 537s Signature Algorithm: sha256WithRSAEncryption 537s Signature Value: 537s bd:46:43:54:e9:06:ac:ae:f1:4e:b1:be:49:fb:20:ac:47:47: 537s 5c:14:29:04:9e:32:2e:d0:b0:bf:f7:b5:1c:39:5e:0a:ae:83: 537s cd:d0:7d:e4:1b:df:37:b6:6b:bc:08:2d:ad:cc:00:75:15:24: 537s e7:be:a9:bf:95:a9:70:85:a3:15:8c:11:0c:1b:14:68:b4:0a: 537s 46:44:c4:82:3a:c9:9b:e8:6d:f9:9f:5e:04:83:43:f2:f3:3d: 537s 46:7c:aa:fa:fb:da:b8:bc:ec:c3:74:7c:6e:4b:9c:3d:30:2d: 537s 91:0f:94:95:1e:a4:ff:54:87:2b:b1:2c:85:c3:11:51:7d:da: 537s f3:79 537s + local found_md5 expected_md5 537s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-npKDtO/test-root-CA-trusted-certificate-0001.pem 537s + expected_md5=Modulus=A186899EF92068BF0DD6B27DB6C5C6362AA8DDF11ED5D7ED981A21E0FB4E7F3A353F7510DF408A9EDC7A4027F2DE6C05783EC971801F1AAF930C9653C272BEB7F0BE6B54ACD1B35FD8A0E68CDD5127D350801128E8743172AAAE96AF6C558612CC7FF31AA4D772CD3650C5B5AE32224BF00DA68019B05DF7D3F88BCE781D8C5F 537s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-npKDtO/SSSD-child-11405.pem 537s + found_md5=Modulus=A186899EF92068BF0DD6B27DB6C5C6362AA8DDF11ED5D7ED981A21E0FB4E7F3A353F7510DF408A9EDC7A4027F2DE6C05783EC971801F1AAF930C9653C272BEB7F0BE6B54ACD1B35FD8A0E68CDD5127D350801128E8743172AAAE96AF6C558612CC7FF31AA4D772CD3650C5B5AE32224BF00DA68019B05DF7D3F88BCE781D8C5F 537s + '[' Modulus=A186899EF92068BF0DD6B27DB6C5C6362AA8DDF11ED5D7ED981A21E0FB4E7F3A353F7510DF408A9EDC7A4027F2DE6C05783EC971801F1AAF930C9653C272BEB7F0BE6B54ACD1B35FD8A0E68CDD5127D350801128E8743172AAAE96AF6C558612CC7FF31AA4D772CD3650C5B5AE32224BF00DA68019B05DF7D3F88BCE781D8C5F '!=' Modulus=A186899EF92068BF0DD6B27DB6C5C6362AA8DDF11ED5D7ED981A21E0FB4E7F3A353F7510DF408A9EDC7A4027F2DE6C05783EC971801F1AAF930C9653C272BEB7F0BE6B54ACD1B35FD8A0E68CDD5127D350801128E8743172AAAE96AF6C558612CC7FF31AA4D772CD3650C5B5AE32224BF00DA68019B05DF7D3F88BCE781D8C5F ']' 537s + output_file=/tmp/sssd-softhsm2-npKDtO/SSSD-child-11405-auth.output 537s ++ basename /tmp/sssd-softhsm2-npKDtO/SSSD-child-11405-auth.output .output 537s + output_cert_file=/tmp/sssd-softhsm2-npKDtO/SSSD-child-11405-auth.pem 537s + echo -n 053350 537s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/tmp/sssd-softhsm2-npKDtO/test-full-chain-CA.pem --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 --verify=partial_chain --token_name 'Test Organization Root Tr Token' --module_name /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so 537s [p11_child[2115]] [main] (0x0400): p11_child started. 537s [p11_child[2115]] [main] (0x2000): Running in [auth] mode. 537s [p11_child[2115]] [main] (0x2000): Running with effective IDs: [0][0]. 537s [p11_child[2115]] [main] (0x2000): Running with real IDs [0][0]. 537s [p11_child[2115]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 537s [p11_child[2115]] [do_card] (0x4000): Module List: 537s [p11_child[2115]] [do_card] (0x4000): common name: [softhsm2]. 537s [p11_child[2115]] [do_card] (0x4000): dll name: [/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 537s [p11_child[2115]] [do_card] (0x4000): Description [SoftHSM slot ID 0x7a9ae1de] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 537s [p11_child[2115]] [do_card] (0x4000): Token label [Test Organization Root Tr Token]. 537s [p11_child[2115]] [do_card] (0x4000): Found [Test Organization Root Tr Token] in slot [SoftHSM slot ID 0x7a9ae1de][2056970718] of module [0][/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 537s [p11_child[2115]] [do_card] (0x4000): Login required. 537s [p11_child[2115]] [read_certs] (0x4000): found cert[Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] 537s [p11_child[2115]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 537s [p11_child[2115]] [do_card] (0x4000): /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so Test Organization Root Tr Token Test Organization Root Tr Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 537s [p11_child[2115]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x7a9ae1de;slot-manufacturer=SoftHSM%20project;slot-id=2056970718;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=80e115aefa9ae1de;token=Test%20Organization%20Root%20Tr%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Root%20Trusted%20Certificate%200001;type=cert. 537s [p11_child[2115]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 537s [p11_child[2115]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 537s [p11_child[2115]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 537s [p11_child[2115]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 537s [p11_child[2115]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 537s [p11_child[2115]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 537s [p11_child[2115]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 537s [p11_child[2115]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 537s [p11_child[2115]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 537s [p11_child[2115]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 537s [p11_child[2115]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 537s [p11_child[2115]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 537s [p11_child[2115]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 537s [p11_child[2115]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 537s [p11_child[2115]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 537s [p11_child[2115]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 537s [p11_child[2115]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 537s [p11_child[2115]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 537s [p11_child[2115]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 537s [p11_child[2115]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 537s [p11_child[2115]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 537s [p11_child[2115]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 537s [p11_child[2115]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 537s [p11_child[2115]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 537s [p11_child[2115]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 537s [p11_child[2115]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 537s [p11_child[2115]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 537s [p11_child[2115]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 537s [p11_child[2115]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 537s [p11_child[2115]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 537s [p11_child[2115]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 537s [p11_child[2115]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 537s [p11_child[2115]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 537s [p11_child[2115]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 537s [p11_child[2115]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 537s [p11_child[2115]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 537s [p11_child[2115]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 537s [p11_child[2115]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 537s [p11_child[2115]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 537s [p11_child[2115]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 537s [p11_child[2115]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 537s [p11_child[2115]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 537s [p11_child[2115]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 537s [p11_child[2115]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 537s [p11_child[2115]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 537s [p11_child[2115]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 537s [p11_child[2115]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 537s [p11_child[2115]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 537s [p11_child[2115]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 537s [p11_child[2115]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 537s [p11_child[2115]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 537s [p11_child[2115]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 537s [p11_child[2115]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 537s [p11_child[2115]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 537s [p11_child[2115]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 537s [p11_child[2115]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 537s [p11_child[2115]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 537s [p11_child[2115]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 537s [p11_child[2115]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 537s [p11_child[2115]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 537s [p11_child[2115]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 537s [p11_child[2115]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 537s [p11_child[2115]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 537s [p11_child[2115]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 537s [p11_child[2115]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 537s [p11_child[2115]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 537s [p11_child[2115]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 537s [p11_child[2115]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 537s [p11_child[2115]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 537s [p11_child[2115]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 537s [p11_child[2115]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 537s [p11_child[2115]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 537s [p11_child[2115]] [do_card] (0x4000): Certificate verified and validated. 537s [p11_child[2115]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 537s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-npKDtO/SSSD-child-11405-auth.output 537s + echo '-----BEGIN CERTIFICATE-----' 537s + tail -n1 /tmp/sssd-softhsm2-npKDtO/SSSD-child-11405-auth.output 537s + echo '-----END CERTIFICATE-----' 537s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-npKDtO/SSSD-child-11405-auth.pem 537s Certificate: 537s Data: 537s Version: 3 (0x2) 537s Serial Number: 3 (0x3) 537s Signature Algorithm: sha256WithRSAEncryption 537s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root CA 537s Validity 537s Not Before: Mar 26 12:49:52 2024 GMT 537s Not After : Mar 26 12:49:52 2025 GMT 537s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root Trusted Certificate 0001 537s Subject Public Key Info: 537s Public Key Algorithm: rsaEncryption 537s Public-Key: (1024 bit) 537s Modulus: 537s 00:a1:86:89:9e:f9:20:68:bf:0d:d6:b2:7d:b6:c5: 537s c6:36:2a:a8:dd:f1:1e:d5:d7:ed:98:1a:21:e0:fb: 537s 4e:7f:3a:35:3f:75:10:df:40:8a:9e:dc:7a:40:27: 537s f2:de:6c:05:78:3e:c9:71:80:1f:1a:af:93:0c:96: 537s 53:c2:72:be:b7:f0:be:6b:54:ac:d1:b3:5f:d8:a0: 537s e6:8c:dd:51:27:d3:50:80:11:28:e8:74:31:72:aa: 537s ae:96:af:6c:55:86:12:cc:7f:f3:1a:a4:d7:72:cd: 537s 36:50:c5:b5:ae:32:22:4b:f0:0d:a6:80:19:b0:5d: 537s f7:d3:f8:8b:ce:78:1d:8c:5f 537s Exponent: 65537 (0x10001) 537s X509v3 extensions: 537s X509v3 Authority Key Identifier: 537s 5B:FC:E1:E9:13:3C:7E:99:64:5F:B0:82:EA:40:CD:8B:51:12:6B:7E 537s X509v3 Basic Constraints: 537s CA:FALSE 537s Netscape Cert Type: 537s SSL Client, S/MIME 537s Netscape Comment: 537s Test Organization Root CA trusted Certificate 537s X509v3 Subject Key Identifier: 537s 14:34:F9:5F:F0:4D:4C:F2:9B:9F:52:21:20:FE:F3:AA:A8:CA:A2:64 537s X509v3 Key Usage: critical 537s Digital Signature, Non Repudiation, Key Encipherment 537s X509v3 Extended Key Usage: 537s TLS Web Client Authentication, E-mail Protection 537s X509v3 Subject Alternative Name: 537s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 537s Signature Algorithm: sha256WithRSAEncryption 537s Signature Value: 537s bd:46:43:54:e9:06:ac:ae:f1:4e:b1:be:49:fb:20:ac:47:47: 537s 5c:14:29:04:9e:32:2e:d0:b0:bf:f7:b5:1c:39:5e:0a:ae:83: 537s cd:d0:7d:e4:1b:df:37:b6:6b:bc:08:2d:ad:cc:00:75:15:24: 537s e7:be:a9:bf:95:a9:70:85:a3:15:8c:11:0c:1b:14:68:b4:0a: 537s 46:44:c4:82:3a:c9:9b:e8:6d:f9:9f:5e:04:83:43:f2:f3:3d: 537s 46:7c:aa:fa:fb:da:b8:bc:ec:c3:74:7c:6e:4b:9c:3d:30:2d: 537s 91:0f:94:95:1e:a4:ff:54:87:2b:b1:2c:85:c3:11:51:7d:da: 537s f3:79 537s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-npKDtO/SSSD-child-11405-auth.pem 537s + found_md5=Modulus=A186899EF92068BF0DD6B27DB6C5C6362AA8DDF11ED5D7ED981A21E0FB4E7F3A353F7510DF408A9EDC7A4027F2DE6C05783EC971801F1AAF930C9653C272BEB7F0BE6B54ACD1B35FD8A0E68CDD5127D350801128E8743172AAAE96AF6C558612CC7FF31AA4D772CD3650C5B5AE32224BF00DA68019B05DF7D3F88BCE781D8C5F 537s + '[' Modulus=A186899EF92068BF0DD6B27DB6C5C6362AA8DDF11ED5D7ED981A21E0FB4E7F3A353F7510DF408A9EDC7A4027F2DE6C05783EC971801F1AAF930C9653C272BEB7F0BE6B54ACD1B35FD8A0E68CDD5127D350801128E8743172AAAE96AF6C558612CC7FF31AA4D772CD3650C5B5AE32224BF00DA68019B05DF7D3F88BCE781D8C5F '!=' Modulus=A186899EF92068BF0DD6B27DB6C5C6362AA8DDF11ED5D7ED981A21E0FB4E7F3A353F7510DF408A9EDC7A4027F2DE6C05783EC971801F1AAF930C9653C272BEB7F0BE6B54ACD1B35FD8A0E68CDD5127D350801128E8743172AAAE96AF6C558612CC7FF31AA4D772CD3650C5B5AE32224BF00DA68019B05DF7D3F88BCE781D8C5F ']' 537s + invalid_certificate /tmp/sssd-softhsm2-npKDtO/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-18537 /tmp/sssd-softhsm2-npKDtO/test-intermediate-CA.pem 537s + check_certificate /tmp/sssd-softhsm2-npKDtO/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-18537 /tmp/sssd-softhsm2-npKDtO/test-intermediate-CA.pem 537s + local certificate=/tmp/sssd-softhsm2-npKDtO/test-root-CA-trusted-certificate-0001.pem 537s + local key_pass=pass:random-root-ca-trusted-cert-0001-18537 537s + local key_ring=/tmp/sssd-softhsm2-npKDtO/test-intermediate-CA.pem 537s + local verify_option= 537s + prepare_softhsm2_card /tmp/sssd-softhsm2-npKDtO/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-18537 537s + local certificate=/tmp/sssd-softhsm2-npKDtO/test-root-CA-trusted-certificate-0001.pem 537s + local key_pass=pass:random-root-ca-trusted-cert-0001-18537 537s + local key_cn 537s + local key_name 537s + local tokens_dir 537s + local output_cert_file 537s + token_name= 537s ++ basename /tmp/sssd-softhsm2-npKDtO/test-root-CA-trusted-certificate-0001.pem .pem 537s + key_name=test-root-CA-trusted-certificate-0001 537s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-npKDtO/test-root-CA-trusted-certificate-0001.pem 537s ++ sed -n 's/ *commonName *= //p' 537s + key_cn='Test Organization Root Trusted Certificate 0001' 537s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 537s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-npKDtO/softhsm2-test-root-CA-trusted-certificate-0001.conf 537s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-npKDtO/softhsm2-test-root-CA-trusted-certificate-0001.conf 537s ++ basename /tmp/sssd-softhsm2-npKDtO/softhsm2-test-root-CA-trusted-certificate-0001.conf .conf 537s + tokens_dir=/tmp/sssd-softhsm2-npKDtO/softhsm2-test-root-CA-trusted-certificate-0001 537s + token_name='Test Organization Root Tr Token' 537s + '[' '!' -e /tmp/sssd-softhsm2-npKDtO/softhsm2-test-root-CA-trusted-certificate-0001.conf ']' 537s + '[' '!' -d /tmp/sssd-softhsm2-npKDtO/softhsm2-test-root-CA-trusted-certificate-0001 ']' 537s + echo 'Test Organization Root Tr Token' 537s + '[' -n '' ']' 537s + local output_base_name=SSSD-child-29381 537s + local output_file=/tmp/sssd-softhsm2-npKDtO/SSSD-child-29381.output 537s + output_cert_file=/tmp/sssd-softhsm2-npKDtO/SSSD-child-29381.pem 537s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so '' --ca_db=/tmp/sssd-softhsm2-npKDtO/test-intermediate-CA.pem 537s Test Organization Root Tr Token 537s [p11_child[2125]] [main] (0x0400): p11_child started. 537s [p11_child[2125]] [main] (0x2000): Running in [pre-auth] mode. 537s [p11_child[2125]] [main] (0x2000): Running with effective IDs: [0][0]. 537s [p11_child[2125]] [main] (0x2000): Running with real IDs [0][0]. 537s [p11_child[2125]] [do_card] (0x4000): Module List: 537s [p11_child[2125]] [do_card] (0x4000): common name: [softhsm2]. 537s [p11_child[2125]] [do_card] (0x4000): dll name: [/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 537s [p11_child[2125]] [do_card] (0x4000): Description [SoftHSM slot ID 0x7a9ae1de] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 537s [p11_child[2125]] [do_card] (0x4000): Token label [Test Organization Root Tr Token]. 537s [p11_child[2125]] [do_card] (0x4000): Found [Test Organization Root Tr Token] in slot [SoftHSM slot ID 0x7a9ae1de][2056970718] of module [0][/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 537s [p11_child[2125]] [do_card] (0x4000): Login NOT required. 537s [p11_child[2125]] [read_certs] (0x4000): found cert[Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] 537s [p11_child[2125]] [do_verification] (0x0040): X509_verify_cert failed [0]. 537s [p11_child[2125]] [do_verification] (0x0040): X509_verify_cert failed [20][unable to get local issuer certificate]. 537s [p11_child[2125]] [read_certs] (0x0040): Certificate [Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] not valid, skipping. 537s [p11_child[2125]] [do_card] (0x4000): No certificate found. 537s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-npKDtO/SSSD-child-29381.output 537s + return 2 537s + invalid_certificate /tmp/sssd-softhsm2-npKDtO/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-18537 /tmp/sssd-softhsm2-npKDtO/test-intermediate-CA.pem partial_chain 537s + check_certificate /tmp/sssd-softhsm2-npKDtO/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-18537 /tmp/sssd-softhsm2-npKDtO/test-intermediate-CA.pem partial_chain 537s + local certificate=/tmp/sssd-softhsm2-npKDtO/test-root-CA-trusted-certificate-0001.pem 537s + local key_pass=pass:random-root-ca-trusted-cert-0001-18537 537s + local key_ring=/tmp/sssd-softhsm2-npKDtO/test-intermediate-CA.pem 537s + local verify_option=partial_chain 537s + prepare_softhsm2_card /tmp/sssd-softhsm2-npKDtO/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-18537 537s + local certificate=/tmp/sssd-softhsm2-npKDtO/test-root-CA-trusted-certificate-0001.pem 537s + local key_pass=pass:random-root-ca-trusted-cert-0001-18537 537s + local key_cn 537s + local key_name 537s + local tokens_dir 537s + local output_cert_file 537s + token_name= 537s ++ basename /tmp/sssd-softhsm2-npKDtO/test-root-CA-trusted-certificate-0001.pem .pem 537s + key_name=test-root-CA-trusted-certificate-0001 537s ++ sed -n 's/ *commonName *= //p' 537s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-npKDtO/test-root-CA-trusted-certificate-0001.pem 537s + key_cn='Test Organization Root Trusted Certificate 0001' 537s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 537s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-npKDtO/softhsm2-test-root-CA-trusted-certificate-0001.conf 537s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-npKDtO/softhsm2-test-root-CA-trusted-certificate-0001.conf 537s ++ basename /tmp/sssd-softhsm2-npKDtO/softhsm2-test-root-CA-trusted-certificate-0001.conf .conf 537s + tokens_dir=/tmp/sssd-softhsm2-npKDtO/softhsm2-test-root-CA-trusted-certificate-0001 537s + token_name='Test Organization Root Tr Token' 537s + '[' '!' -e /tmp/sssd-softhsm2-npKDtO/softhsm2-test-root-CA-trusted-certificate-0001.conf ']' 537s Test Organization Root Tr Token 537s + '[' '!' -d /tmp/sssd-softhsm2-npKDtO/softhsm2-test-root-CA-trusted-certificate-0001 ']' 537s + echo 'Test Organization Root Tr Token' 537s + '[' -n partial_chain ']' 537s + local verify_arg=--verify=partial_chain 537s + local output_base_name=SSSD-child-1389 537s + local output_file=/tmp/sssd-softhsm2-npKDtO/SSSD-child-1389.output 537s + output_cert_file=/tmp/sssd-softhsm2-npKDtO/SSSD-child-1389.pem 537s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so --verify=partial_chain --ca_db=/tmp/sssd-softhsm2-npKDtO/test-intermediate-CA.pem 537s [p11_child[2132]] [main] (0x0400): p11_child started. 537s [p11_child[2132]] [main] (0x2000): Running in [pre-auth] mode. 537s [p11_child[2132]] [main] (0x2000): Running with effective IDs: [0][0]. 537s [p11_child[2132]] [main] (0x2000): Running with real IDs [0][0]. 537s [p11_child[2132]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 537s [p11_child[2132]] [do_card] (0x4000): Module List: 537s [p11_child[2132]] [do_card] (0x4000): common name: [softhsm2]. 537s [p11_child[2132]] [do_card] (0x4000): dll name: [/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 537s [p11_child[2132]] [do_card] (0x4000): Description [SoftHSM slot ID 0x7a9ae1de] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 537s [p11_child[2132]] [do_card] (0x4000): Token label [Test Organization Root Tr Token]. 537s [p11_child[2132]] [do_card] (0x4000): Found [Test Organization Root Tr Token] in slot [SoftHSM slot ID 0x7a9ae1de][2056970718] of module [0][/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 537s [p11_child[2132]] [do_card] (0x4000): Login NOT required. 537s [p11_child[2132]] [read_certs] (0x4000): found cert[Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] 537s [p11_child[2132]] [do_verification] (0x0040): X509_verify_cert failed [0]. 537s [p11_child[2132]] [do_verification] (0x0040): X509_verify_cert failed [20][unable to get local issuer certificate]. 537s [p11_child[2132]] [read_certs] (0x0040): Certificate [Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] not valid, skipping. 537s [p11_child[2132]] [do_card] (0x4000): No certificate found. 537s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-npKDtO/SSSD-child-1389.output 537s + return 2 537s + invalid_certificate /tmp/sssd-softhsm2-npKDtO/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-755 /dev/null 537s + check_certificate /tmp/sssd-softhsm2-npKDtO/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-755 /dev/null 537s + local certificate=/tmp/sssd-softhsm2-npKDtO/test-intermediate-CA-trusted-certificate-0001.pem 537s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-755 537s + local key_ring=/dev/null 537s + local verify_option= 537s + prepare_softhsm2_card /tmp/sssd-softhsm2-npKDtO/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-755 537s + local certificate=/tmp/sssd-softhsm2-npKDtO/test-intermediate-CA-trusted-certificate-0001.pem 537s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-755 537s + local key_cn 537s + local key_name 537s + local tokens_dir 537s + local output_cert_file 537s + token_name= 537s ++ basename /tmp/sssd-softhsm2-npKDtO/test-intermediate-CA-trusted-certificate-0001.pem .pem 537s + key_name=test-intermediate-CA-trusted-certificate-0001 537s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-npKDtO/test-intermediate-CA-trusted-certificate-0001.pem 537s ++ sed -n 's/ *commonName *= //p' 537s + key_cn='Test Organization Intermediate Trusted Certificate 0001' 537s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 537s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-npKDtO/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 537s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-npKDtO/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 537s ++ basename /tmp/sssd-softhsm2-npKDtO/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf .conf 537s + tokens_dir=/tmp/sssd-softhsm2-npKDtO/softhsm2-test-intermediate-CA-trusted-certificate-0001 537s + token_name='Test Organization Interme Token' 537s + '[' '!' -e /tmp/sssd-softhsm2-npKDtO/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf ']' 537s + local key_file 537s + local decrypted_key 537s + mkdir -p /tmp/sssd-softhsm2-npKDtO/softhsm2-test-intermediate-CA-trusted-certificate-0001 537s + key_file=/tmp/sssd-softhsm2-npKDtO/test-intermediate-CA-trusted-certificate-0001-key.pem 537s + decrypted_key=/tmp/sssd-softhsm2-npKDtO/test-intermediate-CA-trusted-certificate-0001-key-decrypted.pem 537s + cat 537s + softhsm2-util --init-token --label 'Test Organization Interme Token' --pin 053350 --so-pin 053350 --free 537s Slot 0 has a free/uninitialized token. 537s The token has been initialized and is reassigned to slot 950892519 537s + softhsm2-util --show-slots 537s Available slots: 537s Slot 950892519 537s Slot info: 537s Description: SoftHSM slot ID 0x38ad77e7 537s Manufacturer ID: SoftHSM project 537s Hardware version: 2.6 537s Firmware version: 2.6 537s Token present: yes 537s Token info: 537s Manufacturer ID: SoftHSM project 537s Model: SoftHSM v2 537s Hardware version: 2.6 537s Firmware version: 2.6 537s Serial number: 548d4e12b8ad77e7 537s Initialized: yes 537s User PIN init.: yes 537s Label: Test Organization Interme Token 537s Slot 1 537s Slot info: 537s Description: SoftHSM slot ID 0x1 537s Manufacturer ID: SoftHSM project 537s Hardware version: 2.6 537s Firmware version: 2.6 537s Token present: yes 537s Token info: 537s Manufacturer ID: SoftHSM project 537s Model: SoftHSM v2 537s Hardware version: 2.6 537s Firmware version: 2.6 537s Serial number: 537s Initialized: no 537s User PIN init.: no 537s Label: 537s + p11tool --provider=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so --write --no-mark-private --load-certificate=/tmp/sssd-softhsm2-npKDtO/test-intermediate-CA-trusted-certificate-0001.pem --login --set-pin=053350 --label 'Test Organization Intermediate Trusted Certificate 0001' --id 00112233445566778899FFAABBCCDDEEFF012345 537s + openssl rsa -passin pass:random-intermediate-ca-trusted-cert-0001-755 -in /tmp/sssd-softhsm2-npKDtO/test-intermediate-CA-trusted-certificate-0001-key.pem -out /tmp/sssd-softhsm2-npKDtO/test-intermediate-CA-trusted-certificate-0001-key-decrypted.pem 537s writing RSA key 537s + p11tool --provider=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so --write --load-privkey=/tmp/sssd-softhsm2-npKDtO/test-intermediate-CA-trusted-certificate-0001-key-decrypted.pem --login --set-pin=053350 --label 'Test Organization Intermediate Trusted Certificate 0001 Key' --id 00112233445566778899FFAABBCCDDEEFF012345 537s + rm /tmp/sssd-softhsm2-npKDtO/test-intermediate-CA-trusted-certificate-0001-key-decrypted.pem 537s + p11tool --provider=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so --list-all 537s Object 0: 537s URL: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=548d4e12b8ad77e7;token=Test%20Organization%20Interme%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Intermediate%20Trusted%20Certificate%200001;type=cert 537s Type: X.509 Certificate (RSA-1024) 537s Expires: Wed Mar 26 12:49:52 2025 537s Label: Test Organization Intermediate Trusted Certificate 0001 537s ID: 00:11:22:33:44:55:66:77:88:99:ff:aa:bb:cc:dd:ee:ff:01:23:45 537s 537s + echo 'Test Organization Interme Token' 537s Test Organization Interme Token 537s + '[' -n '' ']' 537s + local output_base_name=SSSD-child-10300 537s + local output_file=/tmp/sssd-softhsm2-npKDtO/SSSD-child-10300.output 537s + output_cert_file=/tmp/sssd-softhsm2-npKDtO/SSSD-child-10300.pem 537s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so '' --ca_db=/dev/null 537s [p11_child[2148]] [main] (0x0400): p11_child started. 537s [p11_child[2148]] [main] (0x2000): Running in [pre-auth] mode. 537s [p11_child[2148]] [main] (0x2000): Running with effective IDs: [0][0]. 537s [p11_child[2148]] [main] (0x2000): Running with real IDs [0][0]. 537s [p11_child[2148]] [init_verification] (0x0040): X509_LOOKUP_load_file [/dev/null] failed [92274824][error:05800088:x509 certificate routines::no certificate or crl found]. 537s [p11_child[2148]] [do_work] (0x0040): init_verification failed. 537s [p11_child[2148]] [main] (0x0020): p11_child failed (5) 537s + return 2 537s + valid_certificate /tmp/sssd-softhsm2-npKDtO/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-755 /dev/null no_verification 537s + check_certificate /tmp/sssd-softhsm2-npKDtO/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-755 /dev/null no_verification 537s + local certificate=/tmp/sssd-softhsm2-npKDtO/test-intermediate-CA-trusted-certificate-0001.pem 537s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-755 537s + local key_ring=/dev/null 537s + local verify_option=no_verification 537s + prepare_softhsm2_card /tmp/sssd-softhsm2-npKDtO/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-755 537s + local certificate=/tmp/sssd-softhsm2-npKDtO/test-intermediate-CA-trusted-certificate-0001.pem 537s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-755 537s + local key_cn 537s + local key_name 537s + local tokens_dir 537s + local output_cert_file 537s + token_name= 537s ++ basename /tmp/sssd-softhsm2-npKDtO/test-intermediate-CA-trusted-certificate-0001.pem .pem 537s + key_name=test-intermediate-CA-trusted-certificate-0001 537s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-npKDtO/test-intermediate-CA-trusted-certificate-0001.pem 537s ++ sed -n 's/ *commonName *= //p' 537s + key_cn='Test Organization Intermediate Trusted Certificate 0001' 537s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 537s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-npKDtO/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 537s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-npKDtO/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 537s ++ basename /tmp/sssd-softhsm2-npKDtO/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf .conf 537s + tokens_dir=/tmp/sssd-softhsm2-npKDtO/softhsm2-test-intermediate-CA-trusted-certificate-0001 537s + token_name='Test Organization Interme Token' 537s + '[' '!' -e /tmp/sssd-softhsm2-npKDtO/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf ']' 537s + '[' '!' -d /tmp/sssd-softhsm2-npKDtO/softhsm2-test-intermediate-CA-trusted-certificate-0001 ']' 537s Test Organization Interme Token 537s + echo 'Test Organization Interme Token' 537s + '[' -n no_verification ']' 537s + local verify_arg=--verify=no_verification 537s + local output_base_name=SSSD-child-14805 537s + local output_file=/tmp/sssd-softhsm2-npKDtO/SSSD-child-14805.output 537s + output_cert_file=/tmp/sssd-softhsm2-npKDtO/SSSD-child-14805.pem 537s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so --verify=no_verification --ca_db=/dev/null 537s [p11_child[2154]] [main] (0x0400): p11_child started. 537s [p11_child[2154]] [main] (0x2000): Running in [pre-auth] mode. 537s [p11_child[2154]] [main] (0x2000): Running with effective IDs: [0][0]. 537s [p11_child[2154]] [main] (0x2000): Running with real IDs [0][0]. 537s [p11_child[2154]] [parse_cert_verify_opts] (0x0020): Found 'no_verification' option, disabling verification completely. This should not be used in production. 537s [p11_child[2154]] [do_card] (0x4000): Module List: 537s [p11_child[2154]] [do_card] (0x4000): common name: [softhsm2]. 537s [p11_child[2154]] [do_card] (0x4000): dll name: [/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 537s [p11_child[2154]] [do_card] (0x4000): Description [SoftHSM slot ID 0x38ad77e7] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 537s [p11_child[2154]] [do_card] (0x4000): Token label [Test Organization Interme Token]. 537s [p11_child[2154]] [do_card] (0x4000): Found [Test Organization Interme Token] in slot [SoftHSM slot ID 0x38ad77e7][950892519] of module [0][/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 537s [p11_child[2154]] [do_card] (0x4000): Login NOT required. 537s [p11_child[2154]] [read_certs] (0x4000): found cert[Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] 537s [p11_child[2154]] [do_card] (0x4000): /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so (null) Test Organization Interme Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 537s [p11_child[2154]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x38ad77e7;slot-manufacturer=SoftHSM%20project;slot-id=950892519;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=548d4e12b8ad77e7;token=Test%20Organization%20Interme%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Intermediate%20Trusted%20Certificate%200001;type=cert. 537s [p11_child[2154]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 537s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-npKDtO/SSSD-child-14805.output 537s + echo '-----BEGIN CERTIFICATE-----' 537s + tail -n1 /tmp/sssd-softhsm2-npKDtO/SSSD-child-14805.output 537s + echo '-----END CERTIFICATE-----' 537s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-npKDtO/SSSD-child-14805.pem 537s Certificate: 537s Data: 537s Version: 3 (0x2) 537s Serial Number: 4 (0x4) 537s Signature Algorithm: sha256WithRSAEncryption 537s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate CA 537s Validity 537s Not Before: Mar 26 12:49:52 2024 GMT 537s Not After : Mar 26 12:49:52 2025 GMT 537s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate Trusted Certificate 0001 537s Subject Public Key Info: 537s Public Key Algorithm: rsaEncryption 537s Public-Key: (1024 bit) 537s Modulus: 537s 00:b2:66:76:5a:ac:45:8a:ce:c8:e4:2f:c2:f5:f9: 537s 20:67:7e:ba:f3:2d:9b:d1:08:0f:d2:83:c7:c5:ce: 537s 94:fd:71:90:67:66:12:6b:57:3d:d6:3d:cd:b1:08: 537s 1b:a2:26:ef:4c:d3:eb:7f:d6:0a:c0:f3:60:15:e4: 537s 7c:67:b2:dd:e9:48:ad:46:57:39:25:c2:13:02:be: 537s 5d:32:65:cb:a9:d2:24:9d:7d:5f:20:50:bc:81:03: 537s 11:0c:a1:a2:54:4c:09:a8:e9:21:7c:03:d9:6d:44: 537s aa:15:ea:a0:e3:5c:2e:92:f0:9c:00:86:41:12:57: 537s 30:dd:bf:da:02:55:6f:74:85 537s Exponent: 65537 (0x10001) 537s X509v3 extensions: 537s X509v3 Authority Key Identifier: 537s 69:96:63:2F:1F:40:22:FE:44:67:43:50:D7:82:20:3B:98:D4:E5:B6 537s X509v3 Basic Constraints: 537s CA:FALSE 537s Netscape Cert Type: 537s SSL Client, S/MIME 537s Netscape Comment: 537s Test Organization Intermediate CA trusted Certificate 537s X509v3 Subject Key Identifier: 537s AF:F7:A1:17:A2:AF:CB:FA:32:FA:BE:AA:58:1C:DD:B8:70:B6:E9:B7 537s X509v3 Key Usage: critical 537s Digital Signature, Non Repudiation, Key Encipherment 537s X509v3 Extended Key Usage: 537s TLS Web Client Authentication, E-mail Protection 537s X509v3 Subject Alternative Name: 537s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 537s Signature Algorithm: sha256WithRSAEncryption 537s Signature Value: 537s 84:fb:b4:b6:74:92:07:22:f8:bd:1d:61:59:53:74:b4:34:81: 537s cc:8e:de:84:64:0d:d3:3a:c7:fd:55:bc:84:d4:50:f5:88:ea: 537s 73:c7:e5:57:aa:b1:83:a9:f1:f0:e9:2f:d5:07:6c:90:4e:ef: 537s 6b:8b:8c:f7:4d:11:7d:05:fb:5d:5f:2d:e6:4f:d9:45:87:2e: 537s 78:43:36:71:15:42:5c:c8:d5:52:3a:d6:06:5e:05:ae:86:94: 537s f7:d5:36:70:45:59:ec:e1:51:b6:c7:80:59:ec:35:1a:fe:d8: 537s 02:3a:21:60:95:09:6f:f4:6c:78:98:64:3a:32:3f:45:39:5d: 537s 38:ee 537s + local found_md5 expected_md5 537s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-npKDtO/test-intermediate-CA-trusted-certificate-0001.pem 537s + expected_md5=Modulus=B266765AAC458ACEC8E42FC2F5F920677EBAF32D9BD1080FD283C7C5CE94FD71906766126B573DD63DCDB1081BA226EF4CD3EB7FD60AC0F36015E47C67B2DDE948AD46573925C21302BE5D3265CBA9D2249D7D5F2050BC8103110CA1A2544C09A8E9217C03D96D44AA15EAA0E35C2E92F09C008641125730DDBFDA02556F7485 537s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-npKDtO/SSSD-child-14805.pem 537s + found_md5=Modulus=B266765AAC458ACEC8E42FC2F5F920677EBAF32D9BD1080FD283C7C5CE94FD71906766126B573DD63DCDB1081BA226EF4CD3EB7FD60AC0F36015E47C67B2DDE948AD46573925C21302BE5D3265CBA9D2249D7D5F2050BC8103110CA1A2544C09A8E9217C03D96D44AA15EAA0E35C2E92F09C008641125730DDBFDA02556F7485 537s + '[' Modulus=B266765AAC458ACEC8E42FC2F5F920677EBAF32D9BD1080FD283C7C5CE94FD71906766126B573DD63DCDB1081BA226EF4CD3EB7FD60AC0F36015E47C67B2DDE948AD46573925C21302BE5D3265CBA9D2249D7D5F2050BC8103110CA1A2544C09A8E9217C03D96D44AA15EAA0E35C2E92F09C008641125730DDBFDA02556F7485 '!=' Modulus=B266765AAC458ACEC8E42FC2F5F920677EBAF32D9BD1080FD283C7C5CE94FD71906766126B573DD63DCDB1081BA226EF4CD3EB7FD60AC0F36015E47C67B2DDE948AD46573925C21302BE5D3265CBA9D2249D7D5F2050BC8103110CA1A2544C09A8E9217C03D96D44AA15EAA0E35C2E92F09C008641125730DDBFDA02556F7485 ']' 537s + output_file=/tmp/sssd-softhsm2-npKDtO/SSSD-child-14805-auth.output 537s ++ basename /tmp/sssd-softhsm2-npKDtO/SSSD-child-14805-auth.output .output 537s + output_cert_file=/tmp/sssd-softhsm2-npKDtO/SSSD-child-14805-auth.pem 537s + echo -n 053350 537s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/dev/null --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 --verify=no_verification --token_name 'Test Organization Interme Token' --module_name /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so 537s [p11_child[2162]] [main] (0x0400): p11_child started. 537s [p11_child[2162]] [main] (0x2000): Running in [auth] mode. 537s [p11_child[2162]] [main] (0x2000): Running with effective IDs: [0][0]. 537s [p11_child[2162]] [main] (0x2000): Running with real IDs [0][0]. 537s [p11_child[2162]] [parse_cert_verify_opts] (0x0020): Found 'no_verification' option, disabling verification completely. This should not be used in production. 537s [p11_child[2162]] [do_card] (0x4000): Module List: 537s [p11_child[2162]] [do_card] (0x4000): common name: [softhsm2]. 537s [p11_child[2162]] [do_card] (0x4000): dll name: [/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 537s [p11_child[2162]] [do_card] (0x4000): Description [SoftHSM slot ID 0x38ad77e7] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 537s [p11_child[2162]] [do_card] (0x4000): Token label [Test Organization Interme Token]. 537s [p11_child[2162]] [do_card] (0x4000): Found [Test Organization Interme Token] in slot [SoftHSM slot ID 0x38ad77e7][950892519] of module [0][/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 537s [p11_child[2162]] [do_card] (0x4000): Login required. 537s [p11_child[2162]] [read_certs] (0x4000): found cert[Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] 537s [p11_child[2162]] [do_card] (0x4000): /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so Test Organization Interme Token Test Organization Interme Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 537s [p11_child[2162]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x38ad77e7;slot-manufacturer=SoftHSM%20project;slot-id=950892519;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=548d4e12b8ad77e7;token=Test%20Organization%20Interme%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Intermediate%20Trusted%20Certificate%200001;type=cert. 537s [p11_child[2162]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 537s [p11_child[2162]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 537s [p11_child[2162]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 537s [p11_child[2162]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 537s [p11_child[2162]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 537s [p11_child[2162]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 537s [p11_child[2162]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 537s [p11_child[2162]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 537s [p11_child[2162]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 537s [p11_child[2162]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 537s [p11_child[2162]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 537s [p11_child[2162]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 537s [p11_child[2162]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 537s [p11_child[2162]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 537s [p11_child[2162]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 537s [p11_child[2162]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 537s [p11_child[2162]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 537s [p11_child[2162]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 537s [p11_child[2162]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 537s [p11_child[2162]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 537s [p11_child[2162]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 537s [p11_child[2162]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 537s [p11_child[2162]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 537s [p11_child[2162]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 537s [p11_child[2162]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 537s [p11_child[2162]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 537s [p11_child[2162]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 537s [p11_child[2162]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 537s [p11_child[2162]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 537s [p11_child[2162]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 537s [p11_child[2162]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 537s [p11_child[2162]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 537s [p11_child[2162]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 537s [p11_child[2162]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 537s [p11_child[2162]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 537s [p11_child[2162]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 537s [p11_child[2162]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 537s [p11_child[2162]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 537s [p11_child[2162]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 537s [p11_child[2162]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 537s [p11_child[2162]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 537s [p11_child[2162]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 537s [p11_child[2162]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 537s [p11_child[2162]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 537s [p11_child[2162]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 537s [p11_child[2162]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 537s [p11_child[2162]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 537s [p11_child[2162]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 537s [p11_child[2162]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 537s [p11_child[2162]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 537s [p11_child[2162]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 537s [p11_child[2162]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 537s [p11_child[2162]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 537s [p11_child[2162]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 537s [p11_child[2162]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 537s [p11_child[2162]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 537s [p11_child[2162]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 537s [p11_child[2162]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 537s [p11_child[2162]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 537s [p11_child[2162]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 537s [p11_child[2162]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 537s [p11_child[2162]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 537s [p11_child[2162]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 537s [p11_child[2162]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 537s [p11_child[2162]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 537s [p11_child[2162]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 537s [p11_child[2162]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 537s [p11_child[2162]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 537s [p11_child[2162]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 537s [p11_child[2162]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 537s [p11_child[2162]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 537s [p11_child[2162]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 537s [p11_child[2162]] [do_card] (0x4000): Certificate verified and validated. 537s [p11_child[2162]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 537s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-npKDtO/SSSD-child-14805-auth.output 537s + echo '-----BEGIN CERTIFICATE-----' 537s + tail -n1 /tmp/sssd-softhsm2-npKDtO/SSSD-child-14805-auth.output 537s + echo '-----END CERTIFICATE-----' 537s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-npKDtO/SSSD-child-14805-auth.pem 537s Certificate: 537s Data: 537s Version: 3 (0x2) 537s Serial Number: 4 (0x4) 537s Signature Algorithm: sha256WithRSAEncryption 537s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate CA 537s Validity 537s Not Before: Mar 26 12:49:52 2024 GMT 537s Not After : Mar 26 12:49:52 2025 GMT 537s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate Trusted Certificate 0001 537s Subject Public Key Info: 537s Public Key Algorithm: rsaEncryption 537s Public-Key: (1024 bit) 537s Modulus: 537s 00:b2:66:76:5a:ac:45:8a:ce:c8:e4:2f:c2:f5:f9: 537s 20:67:7e:ba:f3:2d:9b:d1:08:0f:d2:83:c7:c5:ce: 537s 94:fd:71:90:67:66:12:6b:57:3d:d6:3d:cd:b1:08: 537s 1b:a2:26:ef:4c:d3:eb:7f:d6:0a:c0:f3:60:15:e4: 537s 7c:67:b2:dd:e9:48:ad:46:57:39:25:c2:13:02:be: 537s 5d:32:65:cb:a9:d2:24:9d:7d:5f:20:50:bc:81:03: 537s 11:0c:a1:a2:54:4c:09:a8:e9:21:7c:03:d9:6d:44: 537s aa:15:ea:a0:e3:5c:2e:92:f0:9c:00:86:41:12:57: 537s 30:dd:bf:da:02:55:6f:74:85 537s Exponent: 65537 (0x10001) 537s X509v3 extensions: 537s X509v3 Authority Key Identifier: 537s 69:96:63:2F:1F:40:22:FE:44:67:43:50:D7:82:20:3B:98:D4:E5:B6 537s X509v3 Basic Constraints: 537s CA:FALSE 537s Netscape Cert Type: 537s SSL Client, S/MIME 537s Netscape Comment: 537s Test Organization Intermediate CA trusted Certificate 537s X509v3 Subject Key Identifier: 537s AF:F7:A1:17:A2:AF:CB:FA:32:FA:BE:AA:58:1C:DD:B8:70:B6:E9:B7 537s X509v3 Key Usage: critical 537s Digital Signature, Non Repudiation, Key Encipherment 537s X509v3 Extended Key Usage: 537s TLS Web Client Authentication, E-mail Protection 537s X509v3 Subject Alternative Name: 537s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 537s Signature Algorithm: sha256WithRSAEncryption 537s Signature Value: 537s 84:fb:b4:b6:74:92:07:22:f8:bd:1d:61:59:53:74:b4:34:81: 537s cc:8e:de:84:64:0d:d3:3a:c7:fd:55:bc:84:d4:50:f5:88:ea: 537s 73:c7:e5:57:aa:b1:83:a9:f1:f0:e9:2f:d5:07:6c:90:4e:ef: 537s 6b:8b:8c:f7:4d:11:7d:05:fb:5d:5f:2d:e6:4f:d9:45:87:2e: 537s 78:43:36:71:15:42:5c:c8:d5:52:3a:d6:06:5e:05:ae:86:94: 537s f7:d5:36:70:45:59:ec:e1:51:b6:c7:80:59:ec:35:1a:fe:d8: 537s 02:3a:21:60:95:09:6f:f4:6c:78:98:64:3a:32:3f:45:39:5d: 537s 38:ee 537s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-npKDtO/SSSD-child-14805-auth.pem 537s + found_md5=Modulus=B266765AAC458ACEC8E42FC2F5F920677EBAF32D9BD1080FD283C7C5CE94FD71906766126B573DD63DCDB1081BA226EF4CD3EB7FD60AC0F36015E47C67B2DDE948AD46573925C21302BE5D3265CBA9D2249D7D5F2050BC8103110CA1A2544C09A8E9217C03D96D44AA15EAA0E35C2E92F09C008641125730DDBFDA02556F7485 537s + '[' Modulus=B266765AAC458ACEC8E42FC2F5F920677EBAF32D9BD1080FD283C7C5CE94FD71906766126B573DD63DCDB1081BA226EF4CD3EB7FD60AC0F36015E47C67B2DDE948AD46573925C21302BE5D3265CBA9D2249D7D5F2050BC8103110CA1A2544C09A8E9217C03D96D44AA15EAA0E35C2E92F09C008641125730DDBFDA02556F7485 '!=' Modulus=B266765AAC458ACEC8E42FC2F5F920677EBAF32D9BD1080FD283C7C5CE94FD71906766126B573DD63DCDB1081BA226EF4CD3EB7FD60AC0F36015E47C67B2DDE948AD46573925C21302BE5D3265CBA9D2249D7D5F2050BC8103110CA1A2544C09A8E9217C03D96D44AA15EAA0E35C2E92F09C008641125730DDBFDA02556F7485 ']' 537s + invalid_certificate /tmp/sssd-softhsm2-npKDtO/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-755 /tmp/sssd-softhsm2-npKDtO/test-root-CA.pem 537s + check_certificate /tmp/sssd-softhsm2-npKDtO/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-755 /tmp/sssd-softhsm2-npKDtO/test-root-CA.pem 537s + local certificate=/tmp/sssd-softhsm2-npKDtO/test-intermediate-CA-trusted-certificate-0001.pem 537s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-755 537s + local key_ring=/tmp/sssd-softhsm2-npKDtO/test-root-CA.pem 537s + local verify_option= 537s + prepare_softhsm2_card /tmp/sssd-softhsm2-npKDtO/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-755 537s + local certificate=/tmp/sssd-softhsm2-npKDtO/test-intermediate-CA-trusted-certificate-0001.pem 537s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-755 537s + local key_cn 537s + local key_name 537s + local tokens_dir 537s + local output_cert_file 537s + token_name= 537s ++ basename /tmp/sssd-softhsm2-npKDtO/test-intermediate-CA-trusted-certificate-0001.pem .pem 537s + key_name=test-intermediate-CA-trusted-certificate-0001 537s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-npKDtO/test-intermediate-CA-trusted-certificate-0001.pem 537s ++ sed -n 's/ *commonName *= //p' 537s + key_cn='Test Organization Intermediate Trusted Certificate 0001' 537s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 537s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-npKDtO/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 537s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-npKDtO/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 537s ++ basename /tmp/sssd-softhsm2-npKDtO/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf .conf 537s + tokens_dir=/tmp/sssd-softhsm2-npKDtO/softhsm2-test-intermediate-CA-trusted-certificate-0001 537s + token_name='Test Organization Interme Token' 537s + '[' '!' -e /tmp/sssd-softhsm2-npKDtO/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf ']' 537s + '[' '!' -d /tmp/sssd-softhsm2-npKDtO/softhsm2-test-intermediate-CA-trusted-certificate-0001 ']' 537s + echo 'Test Organization Interme Token' 537s Test Organization Interme Token 537s + '[' -n '' ']' 537s + local output_base_name=SSSD-child-25907 537s + local output_file=/tmp/sssd-softhsm2-npKDtO/SSSD-child-25907.output 537s + output_cert_file=/tmp/sssd-softhsm2-npKDtO/SSSD-child-25907.pem 537s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so '' --ca_db=/tmp/sssd-softhsm2-npKDtO/test-root-CA.pem 537s [p11_child[2172]] [main] (0x0400): p11_child started. 537s [p11_child[2172]] [main] (0x2000): Running in [pre-auth] mode. 537s [p11_child[2172]] [main] (0x2000): Running with effective IDs: [0][0]. 537s [p11_child[2172]] [main] (0x2000): Running with real IDs [0][0]. 537s [p11_child[2172]] [do_card] (0x4000): Module List: 537s [p11_child[2172]] [do_card] (0x4000): common name: [softhsm2]. 537s [p11_child[2172]] [do_card] (0x4000): dll name: [/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 537s [p11_child[2172]] [do_card] (0x4000): Description [SoftHSM slot ID 0x38ad77e7] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 537s [p11_child[2172]] [do_card] (0x4000): Token label [Test Organization Interme Token]. 537s [p11_child[2172]] [do_card] (0x4000): Found [Test Organization Interme Token] in slot [SoftHSM slot ID 0x38ad77e7][950892519] of module [0][/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 537s [p11_child[2172]] [do_card] (0x4000): Login NOT required. 537s [p11_child[2172]] [read_certs] (0x4000): found cert[Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] 537s [p11_child[2172]] [do_verification] (0x0040): X509_verify_cert failed [0]. 537s [p11_child[2172]] [do_verification] (0x0040): X509_verify_cert failed [20][unable to get local issuer certificate]. 537s [p11_child[2172]] [read_certs] (0x0040): Certificate [Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] not valid, skipping. 537s [p11_child[2172]] [do_card] (0x4000): No certificate found. 537s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-npKDtO/SSSD-child-25907.output 537s + return 2 537s + invalid_certificate /tmp/sssd-softhsm2-npKDtO/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-755 /tmp/sssd-softhsm2-npKDtO/test-root-CA.pem partial_chain 537s + check_certificate /tmp/sssd-softhsm2-npKDtO/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-755 /tmp/sssd-softhsm2-npKDtO/test-root-CA.pem partial_chain 537s + local certificate=/tmp/sssd-softhsm2-npKDtO/test-intermediate-CA-trusted-certificate-0001.pem 537s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-755 537s + local key_ring=/tmp/sssd-softhsm2-npKDtO/test-root-CA.pem 537s + local verify_option=partial_chain 537s + prepare_softhsm2_card /tmp/sssd-softhsm2-npKDtO/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-755 537s + local certificate=/tmp/sssd-softhsm2-npKDtO/test-intermediate-CA-trusted-certificate-0001.pem 537s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-755 537s + local key_cn 537s + local key_name 537s + local tokens_dir 537s + local output_cert_file 537s + token_name= 537s ++ basename /tmp/sssd-softhsm2-npKDtO/test-intermediate-CA-trusted-certificate-0001.pem .pem 537s + key_name=test-intermediate-CA-trusted-certificate-0001 537s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-npKDtO/test-intermediate-CA-trusted-certificate-0001.pem 537s ++ sed -n 's/ *commonName *= //p' 537s + key_cn='Test Organization Intermediate Trusted Certificate 0001' 537s Test Organization Interme Token 537s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 537s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-npKDtO/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 537s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-npKDtO/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 537s ++ basename /tmp/sssd-softhsm2-npKDtO/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf .conf 537s + tokens_dir=/tmp/sssd-softhsm2-npKDtO/softhsm2-test-intermediate-CA-trusted-certificate-0001 537s + token_name='Test Organization Interme Token' 537s + '[' '!' -e /tmp/sssd-softhsm2-npKDtO/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf ']' 537s + '[' '!' -d /tmp/sssd-softhsm2-npKDtO/softhsm2-test-intermediate-CA-trusted-certificate-0001 ']' 537s + echo 'Test Organization Interme Token' 537s + '[' -n partial_chain ']' 537s + local verify_arg=--verify=partial_chain 537s + local output_base_name=SSSD-child-15264 537s + local output_file=/tmp/sssd-softhsm2-npKDtO/SSSD-child-15264.output 537s + output_cert_file=/tmp/sssd-softhsm2-npKDtO/SSSD-child-15264.pem 537s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so --verify=partial_chain --ca_db=/tmp/sssd-softhsm2-npKDtO/test-root-CA.pem 537s [p11_child[2179]] [main] (0x0400): p11_child started. 537s [p11_child[2179]] [main] (0x2000): Running in [pre-auth] mode. 537s [p11_child[2179]] [main] (0x2000): Running with effective IDs: [0][0]. 537s [p11_child[2179]] [main] (0x2000): Running with real IDs [0][0]. 537s [p11_child[2179]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 537s [p11_child[2179]] [do_card] (0x4000): Module List: 537s [p11_child[2179]] [do_card] (0x4000): common name: [softhsm2]. 537s [p11_child[2179]] [do_card] (0x4000): dll name: [/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 537s [p11_child[2179]] [do_card] (0x4000): Description [SoftHSM slot ID 0x38ad77e7] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 537s [p11_child[2179]] [do_card] (0x4000): Token label [Test Organization Interme Token]. 537s [p11_child[2179]] [do_card] (0x4000): Found [Test Organization Interme Token] in slot [SoftHSM slot ID 0x38ad77e7][950892519] of module [0][/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 537s [p11_child[2179]] [do_card] (0x4000): Login NOT required. 537s [p11_child[2179]] [read_certs] (0x4000): found cert[Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] 537s [p11_child[2179]] [do_verification] (0x0040): X509_verify_cert failed [0]. 537s [p11_child[2179]] [do_verification] (0x0040): X509_verify_cert failed [20][unable to get local issuer certificate]. 537s [p11_child[2179]] [read_certs] (0x0040): Certificate [Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] not valid, skipping. 537s [p11_child[2179]] [do_card] (0x4000): No certificate found. 537s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-npKDtO/SSSD-child-15264.output 537s + return 2 537s + valid_certificate /tmp/sssd-softhsm2-npKDtO/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-755 /tmp/sssd-softhsm2-npKDtO/test-full-chain-CA.pem 537s + check_certificate /tmp/sssd-softhsm2-npKDtO/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-755 /tmp/sssd-softhsm2-npKDtO/test-full-chain-CA.pem 537s + local certificate=/tmp/sssd-softhsm2-npKDtO/test-intermediate-CA-trusted-certificate-0001.pem 537s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-755 537s + local key_ring=/tmp/sssd-softhsm2-npKDtO/test-full-chain-CA.pem 537s + local verify_option= 537s + prepare_softhsm2_card /tmp/sssd-softhsm2-npKDtO/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-755 537s + local certificate=/tmp/sssd-softhsm2-npKDtO/test-intermediate-CA-trusted-certificate-0001.pem 537s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-755 537s + local key_cn 537s + local key_name 537s + local tokens_dir 537s + local output_cert_file 537s + token_name= 537s ++ basename /tmp/sssd-softhsm2-npKDtO/test-intermediate-CA-trusted-certificate-0001.pem .pem 537s + key_name=test-intermediate-CA-trusted-certificate-0001 537s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-npKDtO/test-intermediate-CA-trusted-certificate-0001.pem 537s ++ sed -n 's/ *commonName *= //p' 537s + key_cn='Test Organization Intermediate Trusted Certificate 0001' 537s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 537s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-npKDtO/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 537s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-npKDtO/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 537s ++ basename /tmp/sssd-softhsm2-npKDtO/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf .conf 537s Test Organization Interme Token 537s + tokens_dir=/tmp/sssd-softhsm2-npKDtO/softhsm2-test-intermediate-CA-trusted-certificate-0001 537s + token_name='Test Organization Interme Token' 537s + '[' '!' -e /tmp/sssd-softhsm2-npKDtO/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf ']' 537s + '[' '!' -d /tmp/sssd-softhsm2-npKDtO/softhsm2-test-intermediate-CA-trusted-certificate-0001 ']' 537s + echo 'Test Organization Interme Token' 537s + '[' -n '' ']' 537s + local output_base_name=SSSD-child-11215 537s + local output_file=/tmp/sssd-softhsm2-npKDtO/SSSD-child-11215.output 537s + output_cert_file=/tmp/sssd-softhsm2-npKDtO/SSSD-child-11215.pem 537s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so '' --ca_db=/tmp/sssd-softhsm2-npKDtO/test-full-chain-CA.pem 537s [p11_child[2186]] [main] (0x0400): p11_child started. 537s [p11_child[2186]] [main] (0x2000): Running in [pre-auth] mode. 537s [p11_child[2186]] [main] (0x2000): Running with effective IDs: [0][0]. 537s [p11_child[2186]] [main] (0x2000): Running with real IDs [0][0]. 537s [p11_child[2186]] [do_card] (0x4000): Module List: 537s [p11_child[2186]] [do_card] (0x4000): common name: [softhsm2]. 537s [p11_child[2186]] [do_card] (0x4000): dll name: [/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 537s [p11_child[2186]] [do_card] (0x4000): Description [SoftHSM slot ID 0x38ad77e7] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 537s [p11_child[2186]] [do_card] (0x4000): Token label [Test Organization Interme Token]. 537s [p11_child[2186]] [do_card] (0x4000): Found [Test Organization Interme Token] in slot [SoftHSM slot ID 0x38ad77e7][950892519] of module [0][/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 537s [p11_child[2186]] [do_card] (0x4000): Login NOT required. 537s [p11_child[2186]] [read_certs] (0x4000): found cert[Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] 537s [p11_child[2186]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 537s [p11_child[2186]] [do_card] (0x4000): /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so (null) Test Organization Interme Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 537s [p11_child[2186]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x38ad77e7;slot-manufacturer=SoftHSM%20project;slot-id=950892519;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=548d4e12b8ad77e7;token=Test%20Organization%20Interme%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Intermediate%20Trusted%20Certificate%200001;type=cert. 537s [p11_child[2186]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 537s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-npKDtO/SSSD-child-11215.output 537s + echo '-----BEGIN CERTIFICATE-----' 537s + tail -n1 /tmp/sssd-softhsm2-npKDtO/SSSD-child-11215.output 537s + echo '-----END CERTIFICATE-----' 537s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-npKDtO/SSSD-child-11215.pem 537s Certificate: 537s Data: 537s Version: 3 (0x2) 537s Serial Number: 4 (0x4) 537s Signature Algorithm: sha256WithRSAEncryption 537s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate CA 537s Validity 537s Not Before: Mar 26 12:49:52 2024 GMT 537s Not After : Mar 26 12:49:52 2025 GMT 537s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate Trusted Certificate 0001 537s Subject Public Key Info: 537s Public Key Algorithm: rsaEncryption 537s Public-Key: (1024 bit) 537s Modulus: 537s 00:b2:66:76:5a:ac:45:8a:ce:c8:e4:2f:c2:f5:f9: 537s 20:67:7e:ba:f3:2d:9b:d1:08:0f:d2:83:c7:c5:ce: 537s 94:fd:71:90:67:66:12:6b:57:3d:d6:3d:cd:b1:08: 537s 1b:a2:26:ef:4c:d3:eb:7f:d6:0a:c0:f3:60:15:e4: 537s 7c:67:b2:dd:e9:48:ad:46:57:39:25:c2:13:02:be: 537s 5d:32:65:cb:a9:d2:24:9d:7d:5f:20:50:bc:81:03: 537s 11:0c:a1:a2:54:4c:09:a8:e9:21:7c:03:d9:6d:44: 537s aa:15:ea:a0:e3:5c:2e:92:f0:9c:00:86:41:12:57: 537s 30:dd:bf:da:02:55:6f:74:85 537s Exponent: 65537 (0x10001) 537s X509v3 extensions: 537s X509v3 Authority Key Identifier: 537s 69:96:63:2F:1F:40:22:FE:44:67:43:50:D7:82:20:3B:98:D4:E5:B6 537s X509v3 Basic Constraints: 537s CA:FALSE 537s Netscape Cert Type: 537s SSL Client, S/MIME 537s Netscape Comment: 537s Test Organization Intermediate CA trusted Certificate 537s X509v3 Subject Key Identifier: 537s AF:F7:A1:17:A2:AF:CB:FA:32:FA:BE:AA:58:1C:DD:B8:70:B6:E9:B7 537s X509v3 Key Usage: critical 537s Digital Signature, Non Repudiation, Key Encipherment 537s X509v3 Extended Key Usage: 537s TLS Web Client Authentication, E-mail Protection 537s X509v3 Subject Alternative Name: 537s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 537s Signature Algorithm: sha256WithRSAEncryption 537s Signature Value: 537s 84:fb:b4:b6:74:92:07:22:f8:bd:1d:61:59:53:74:b4:34:81: 537s cc:8e:de:84:64:0d:d3:3a:c7:fd:55:bc:84:d4:50:f5:88:ea: 537s 73:c7:e5:57:aa:b1:83:a9:f1:f0:e9:2f:d5:07:6c:90:4e:ef: 537s 6b:8b:8c:f7:4d:11:7d:05:fb:5d:5f:2d:e6:4f:d9:45:87:2e: 537s 78:43:36:71:15:42:5c:c8:d5:52:3a:d6:06:5e:05:ae:86:94: 537s f7:d5:36:70:45:59:ec:e1:51:b6:c7:80:59:ec:35:1a:fe:d8: 537s 02:3a:21:60:95:09:6f:f4:6c:78:98:64:3a:32:3f:45:39:5d: 537s 38:ee 537s + local found_md5 expected_md5 537s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-npKDtO/test-intermediate-CA-trusted-certificate-0001.pem 537s + expected_md5=Modulus=B266765AAC458ACEC8E42FC2F5F920677EBAF32D9BD1080FD283C7C5CE94FD71906766126B573DD63DCDB1081BA226EF4CD3EB7FD60AC0F36015E47C67B2DDE948AD46573925C21302BE5D3265CBA9D2249D7D5F2050BC8103110CA1A2544C09A8E9217C03D96D44AA15EAA0E35C2E92F09C008641125730DDBFDA02556F7485 537s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-npKDtO/SSSD-child-11215.pem 538s + found_md5=Modulus=B266765AAC458ACEC8E42FC2F5F920677EBAF32D9BD1080FD283C7C5CE94FD71906766126B573DD63DCDB1081BA226EF4CD3EB7FD60AC0F36015E47C67B2DDE948AD46573925C21302BE5D3265CBA9D2249D7D5F2050BC8103110CA1A2544C09A8E9217C03D96D44AA15EAA0E35C2E92F09C008641125730DDBFDA02556F7485 538s + '[' Modulus=B266765AAC458ACEC8E42FC2F5F920677EBAF32D9BD1080FD283C7C5CE94FD71906766126B573DD63DCDB1081BA226EF4CD3EB7FD60AC0F36015E47C67B2DDE948AD46573925C21302BE5D3265CBA9D2249D7D5F2050BC8103110CA1A2544C09A8E9217C03D96D44AA15EAA0E35C2E92F09C008641125730DDBFDA02556F7485 '!=' Modulus=B266765AAC458ACEC8E42FC2F5F920677EBAF32D9BD1080FD283C7C5CE94FD71906766126B573DD63DCDB1081BA226EF4CD3EB7FD60AC0F36015E47C67B2DDE948AD46573925C21302BE5D3265CBA9D2249D7D5F2050BC8103110CA1A2544C09A8E9217C03D96D44AA15EAA0E35C2E92F09C008641125730DDBFDA02556F7485 ']' 538s + output_file=/tmp/sssd-softhsm2-npKDtO/SSSD-child-11215-auth.output 538s ++ basename /tmp/sssd-softhsm2-npKDtO/SSSD-child-11215-auth.output .output 538s + output_cert_file=/tmp/sssd-softhsm2-npKDtO/SSSD-child-11215-auth.pem 538s + echo -n 053350 538s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/tmp/sssd-softhsm2-npKDtO/test-full-chain-CA.pem --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 '' --token_name 'Test Organization Interme Token' --module_name /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so 538s [p11_child[2194]] [main] (0x0400): p11_child started. 538s [p11_child[2194]] [main] (0x2000): Running in [auth] mode. 538s [p11_child[2194]] [main] (0x2000): Running with effective IDs: [0][0]. 538s [p11_child[2194]] [main] (0x2000): Running with real IDs [0][0]. 538s [p11_child[2194]] [do_card] (0x4000): Module List: 538s [p11_child[2194]] [do_card] (0x4000): common name: [softhsm2]. 538s [p11_child[2194]] [do_card] (0x4000): dll name: [/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 538s [p11_child[2194]] [do_card] (0x4000): Description [SoftHSM slot ID 0x38ad77e7] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 538s [p11_child[2194]] [do_card] (0x4000): Token label [Test Organization Interme Token]. 538s [p11_child[2194]] [do_card] (0x4000): Found [Test Organization Interme Token] in slot [SoftHSM slot ID 0x38ad77e7][950892519] of module [0][/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 538s [p11_child[2194]] [do_card] (0x4000): Login required. 538s [p11_child[2194]] [read_certs] (0x4000): found cert[Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] 538s [p11_child[2194]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 538s [p11_child[2194]] [do_card] (0x4000): /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so Test Organization Interme Token Test Organization Interme Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 538s [p11_child[2194]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x38ad77e7;slot-manufacturer=SoftHSM%20project;slot-id=950892519;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=548d4e12b8ad77e7;token=Test%20Organization%20Interme%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Intermediate%20Trusted%20Certificate%200001;type=cert. 538s [p11_child[2194]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 538s [p11_child[2194]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 538s [p11_child[2194]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 538s [p11_child[2194]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 538s [p11_child[2194]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 538s [p11_child[2194]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 538s [p11_child[2194]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 538s [p11_child[2194]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 538s [p11_child[2194]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 538s [p11_child[2194]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 538s [p11_child[2194]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 538s [p11_child[2194]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 538s [p11_child[2194]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 538s [p11_child[2194]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 538s [p11_child[2194]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 538s [p11_child[2194]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 538s [p11_child[2194]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 538s [p11_child[2194]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 538s [p11_child[2194]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 538s [p11_child[2194]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 538s [p11_child[2194]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 538s [p11_child[2194]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 538s [p11_child[2194]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 538s [p11_child[2194]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 538s [p11_child[2194]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 538s [p11_child[2194]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 538s [p11_child[2194]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 538s [p11_child[2194]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 538s [p11_child[2194]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 538s [p11_child[2194]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 538s [p11_child[2194]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 538s [p11_child[2194]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 538s [p11_child[2194]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 538s [p11_child[2194]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 538s [p11_child[2194]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 538s [p11_child[2194]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 538s [p11_child[2194]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 538s [p11_child[2194]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 538s [p11_child[2194]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 538s [p11_child[2194]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 538s [p11_child[2194]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 538s [p11_child[2194]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 538s [p11_child[2194]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 538s [p11_child[2194]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 538s [p11_child[2194]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 538s [p11_child[2194]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 538s [p11_child[2194]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 538s [p11_child[2194]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 538s [p11_child[2194]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 538s [p11_child[2194]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 538s [p11_child[2194]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 538s [p11_child[2194]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 538s [p11_child[2194]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 538s [p11_child[2194]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 538s [p11_child[2194]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 538s [p11_child[2194]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 538s [p11_child[2194]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 538s [p11_child[2194]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 538s [p11_child[2194]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 538s [p11_child[2194]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 538s [p11_child[2194]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 538s [p11_child[2194]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 538s [p11_child[2194]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 538s [p11_child[2194]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 538s [p11_child[2194]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 538s [p11_child[2194]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 538s [p11_child[2194]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 538s [p11_child[2194]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 538s [p11_child[2194]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 538s [p11_child[2194]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 538s [p11_child[2194]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 538s [p11_child[2194]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 538s [p11_child[2194]] [do_card] (0x4000): Certificate verified and validated. 538s [p11_child[2194]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 538s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-npKDtO/SSSD-child-11215-auth.output 538s + echo '-----BEGIN CERTIFICATE-----' 538s + tail -n1 /tmp/sssd-softhsm2-npKDtO/SSSD-child-11215-auth.output 538s + echo '-----END CERTIFICATE-----' 538s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-npKDtO/SSSD-child-11215-auth.pem 538s Certificate: 538s Data: 538s Version: 3 (0x2) 538s Serial Number: 4 (0x4) 538s Signature Algorithm: sha256WithRSAEncryption 538s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate CA 538s Validity 538s Not Before: Mar 26 12:49:52 2024 GMT 538s Not After : Mar 26 12:49:52 2025 GMT 538s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate Trusted Certificate 0001 538s Subject Public Key Info: 538s Public Key Algorithm: rsaEncryption 538s Public-Key: (1024 bit) 538s Modulus: 538s 00:b2:66:76:5a:ac:45:8a:ce:c8:e4:2f:c2:f5:f9: 538s 20:67:7e:ba:f3:2d:9b:d1:08:0f:d2:83:c7:c5:ce: 538s 94:fd:71:90:67:66:12:6b:57:3d:d6:3d:cd:b1:08: 538s 1b:a2:26:ef:4c:d3:eb:7f:d6:0a:c0:f3:60:15:e4: 538s 7c:67:b2:dd:e9:48:ad:46:57:39:25:c2:13:02:be: 538s 5d:32:65:cb:a9:d2:24:9d:7d:5f:20:50:bc:81:03: 538s 11:0c:a1:a2:54:4c:09:a8:e9:21:7c:03:d9:6d:44: 538s aa:15:ea:a0:e3:5c:2e:92:f0:9c:00:86:41:12:57: 538s 30:dd:bf:da:02:55:6f:74:85 538s Exponent: 65537 (0x10001) 538s X509v3 extensions: 538s X509v3 Authority Key Identifier: 538s 69:96:63:2F:1F:40:22:FE:44:67:43:50:D7:82:20:3B:98:D4:E5:B6 538s X509v3 Basic Constraints: 538s CA:FALSE 538s Netscape Cert Type: 538s SSL Client, S/MIME 538s Netscape Comment: 538s Test Organization Intermediate CA trusted Certificate 538s X509v3 Subject Key Identifier: 538s AF:F7:A1:17:A2:AF:CB:FA:32:FA:BE:AA:58:1C:DD:B8:70:B6:E9:B7 538s X509v3 Key Usage: critical 538s Digital Signature, Non Repudiation, Key Encipherment 538s X509v3 Extended Key Usage: 538s TLS Web Client Authentication, E-mail Protection 538s X509v3 Subject Alternative Name: 538s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 538s Signature Algorithm: sha256WithRSAEncryption 538s Signature Value: 538s 84:fb:b4:b6:74:92:07:22:f8:bd:1d:61:59:53:74:b4:34:81: 538s cc:8e:de:84:64:0d:d3:3a:c7:fd:55:bc:84:d4:50:f5:88:ea: 538s 73:c7:e5:57:aa:b1:83:a9:f1:f0:e9:2f:d5:07:6c:90:4e:ef: 538s 6b:8b:8c:f7:4d:11:7d:05:fb:5d:5f:2d:e6:4f:d9:45:87:2e: 538s 78:43:36:71:15:42:5c:c8:d5:52:3a:d6:06:5e:05:ae:86:94: 538s f7:d5:36:70:45:59:ec:e1:51:b6:c7:80:59:ec:35:1a:fe:d8: 538s 02:3a:21:60:95:09:6f:f4:6c:78:98:64:3a:32:3f:45:39:5d: 538s 38:ee 538s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-npKDtO/SSSD-child-11215-auth.pem 538s + found_md5=Modulus=B266765AAC458ACEC8E42FC2F5F920677EBAF32D9BD1080FD283C7C5CE94FD71906766126B573DD63DCDB1081BA226EF4CD3EB7FD60AC0F36015E47C67B2DDE948AD46573925C21302BE5D3265CBA9D2249D7D5F2050BC8103110CA1A2544C09A8E9217C03D96D44AA15EAA0E35C2E92F09C008641125730DDBFDA02556F7485 538s + '[' Modulus=B266765AAC458ACEC8E42FC2F5F920677EBAF32D9BD1080FD283C7C5CE94FD71906766126B573DD63DCDB1081BA226EF4CD3EB7FD60AC0F36015E47C67B2DDE948AD46573925C21302BE5D3265CBA9D2249D7D5F2050BC8103110CA1A2544C09A8E9217C03D96D44AA15EAA0E35C2E92F09C008641125730DDBFDA02556F7485 '!=' Modulus=B266765AAC458ACEC8E42FC2F5F920677EBAF32D9BD1080FD283C7C5CE94FD71906766126B573DD63DCDB1081BA226EF4CD3EB7FD60AC0F36015E47C67B2DDE948AD46573925C21302BE5D3265CBA9D2249D7D5F2050BC8103110CA1A2544C09A8E9217C03D96D44AA15EAA0E35C2E92F09C008641125730DDBFDA02556F7485 ']' 538s + valid_certificate /tmp/sssd-softhsm2-npKDtO/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-755 /tmp/sssd-softhsm2-npKDtO/test-full-chain-CA.pem partial_chain 538s + check_certificate /tmp/sssd-softhsm2-npKDtO/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-755 /tmp/sssd-softhsm2-npKDtO/test-full-chain-CA.pem partial_chain 538s + local certificate=/tmp/sssd-softhsm2-npKDtO/test-intermediate-CA-trusted-certificate-0001.pem 538s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-755 538s + local key_ring=/tmp/sssd-softhsm2-npKDtO/test-full-chain-CA.pem 538s + local verify_option=partial_chain 538s + prepare_softhsm2_card /tmp/sssd-softhsm2-npKDtO/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-755 538s + local certificate=/tmp/sssd-softhsm2-npKDtO/test-intermediate-CA-trusted-certificate-0001.pem 538s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-755 538s + local key_cn 538s + local key_name 538s + local tokens_dir 538s + local output_cert_file 538s + token_name= 538s ++ basename /tmp/sssd-softhsm2-npKDtO/test-intermediate-CA-trusted-certificate-0001.pem .pem 538s + key_name=test-intermediate-CA-trusted-certificate-0001 538s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-npKDtO/test-intermediate-CA-trusted-certificate-0001.pem 538s ++ sed -n 's/ *commonName *= //p' 538s + key_cn='Test Organization Intermediate Trusted Certificate 0001' 538s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 538s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-npKDtO/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 538s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-npKDtO/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 538s ++ basename /tmp/sssd-softhsm2-npKDtO/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf .conf 538s + tokens_dir=/tmp/sssd-softhsm2-npKDtO/softhsm2-test-intermediate-CA-trusted-certificate-0001 538s + token_name='Test Organization Interme Token' 538s + '[' '!' -e /tmp/sssd-softhsm2-npKDtO/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf ']' 538s + '[' '!' -d /tmp/sssd-softhsm2-npKDtO/softhsm2-test-intermediate-CA-trusted-certificate-0001 ']' 538s Test Organization Interme Token 538s + echo 'Test Organization Interme Token' 538s + '[' -n partial_chain ']' 538s + local verify_arg=--verify=partial_chain 538s + local output_base_name=SSSD-child-23102 538s + local output_file=/tmp/sssd-softhsm2-npKDtO/SSSD-child-23102.output 538s + output_cert_file=/tmp/sssd-softhsm2-npKDtO/SSSD-child-23102.pem 538s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so --verify=partial_chain --ca_db=/tmp/sssd-softhsm2-npKDtO/test-full-chain-CA.pem 538s [p11_child[2204]] [main] (0x0400): p11_child started. 538s [p11_child[2204]] [main] (0x2000): Running in [pre-auth] mode. 538s [p11_child[2204]] [main] (0x2000): Running with effective IDs: [0][0]. 538s [p11_child[2204]] [main] (0x2000): Running with real IDs [0][0]. 538s [p11_child[2204]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 538s [p11_child[2204]] [do_card] (0x4000): Module List: 538s [p11_child[2204]] [do_card] (0x4000): common name: [softhsm2]. 538s [p11_child[2204]] [do_card] (0x4000): dll name: [/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 538s [p11_child[2204]] [do_card] (0x4000): Description [SoftHSM slot ID 0x38ad77e7] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 538s [p11_child[2204]] [do_card] (0x4000): Token label [Test Organization Interme Token]. 538s [p11_child[2204]] [do_card] (0x4000): Found [Test Organization Interme Token] in slot [SoftHSM slot ID 0x38ad77e7][950892519] of module [0][/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 538s [p11_child[2204]] [do_card] (0x4000): Login NOT required. 538s [p11_child[2204]] [read_certs] (0x4000): found cert[Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] 538s [p11_child[2204]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 538s [p11_child[2204]] [do_card] (0x4000): /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so (null) Test Organization Interme Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 538s [p11_child[2204]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x38ad77e7;slot-manufacturer=SoftHSM%20project;slot-id=950892519;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=548d4e12b8ad77e7;token=Test%20Organization%20Interme%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Intermediate%20Trusted%20Certificate%200001;type=cert. 538s [p11_child[2204]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 538s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-npKDtO/SSSD-child-23102.output 538s + echo '-----BEGIN CERTIFICATE-----' 538s + tail -n1 /tmp/sssd-softhsm2-npKDtO/SSSD-child-23102.output 538s + echo '-----END CERTIFICATE-----' 538s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-npKDtO/SSSD-child-23102.pem 538s Certificate: 538s Data: 538s Version: 3 (0x2) 538s Serial Number: 4 (0x4) 538s Signature Algorithm: sha256WithRSAEncryption 538s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate CA 538s Validity 538s Not Before: Mar 26 12:49:52 2024 GMT 538s Not After : Mar 26 12:49:52 2025 GMT 538s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate Trusted Certificate 0001 538s Subject Public Key Info: 538s Public Key Algorithm: rsaEncryption 538s Public-Key: (1024 bit) 538s Modulus: 538s 00:b2:66:76:5a:ac:45:8a:ce:c8:e4:2f:c2:f5:f9: 538s 20:67:7e:ba:f3:2d:9b:d1:08:0f:d2:83:c7:c5:ce: 538s 94:fd:71:90:67:66:12:6b:57:3d:d6:3d:cd:b1:08: 538s 1b:a2:26:ef:4c:d3:eb:7f:d6:0a:c0:f3:60:15:e4: 538s 7c:67:b2:dd:e9:48:ad:46:57:39:25:c2:13:02:be: 538s 5d:32:65:cb:a9:d2:24:9d:7d:5f:20:50:bc:81:03: 538s 11:0c:a1:a2:54:4c:09:a8:e9:21:7c:03:d9:6d:44: 538s aa:15:ea:a0:e3:5c:2e:92:f0:9c:00:86:41:12:57: 538s 30:dd:bf:da:02:55:6f:74:85 538s Exponent: 65537 (0x10001) 538s X509v3 extensions: 538s X509v3 Authority Key Identifier: 538s 69:96:63:2F:1F:40:22:FE:44:67:43:50:D7:82:20:3B:98:D4:E5:B6 538s X509v3 Basic Constraints: 538s CA:FALSE 538s Netscape Cert Type: 538s SSL Client, S/MIME 538s Netscape Comment: 538s Test Organization Intermediate CA trusted Certificate 538s X509v3 Subject Key Identifier: 538s AF:F7:A1:17:A2:AF:CB:FA:32:FA:BE:AA:58:1C:DD:B8:70:B6:E9:B7 538s X509v3 Key Usage: critical 538s Digital Signature, Non Repudiation, Key Encipherment 538s X509v3 Extended Key Usage: 538s TLS Web Client Authentication, E-mail Protection 538s X509v3 Subject Alternative Name: 538s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 538s Signature Algorithm: sha256WithRSAEncryption 538s Signature Value: 538s 84:fb:b4:b6:74:92:07:22:f8:bd:1d:61:59:53:74:b4:34:81: 538s cc:8e:de:84:64:0d:d3:3a:c7:fd:55:bc:84:d4:50:f5:88:ea: 538s 73:c7:e5:57:aa:b1:83:a9:f1:f0:e9:2f:d5:07:6c:90:4e:ef: 538s 6b:8b:8c:f7:4d:11:7d:05:fb:5d:5f:2d:e6:4f:d9:45:87:2e: 538s 78:43:36:71:15:42:5c:c8:d5:52:3a:d6:06:5e:05:ae:86:94: 538s f7:d5:36:70:45:59:ec:e1:51:b6:c7:80:59:ec:35:1a:fe:d8: 538s 02:3a:21:60:95:09:6f:f4:6c:78:98:64:3a:32:3f:45:39:5d: 538s 38:ee 538s + local found_md5 expected_md5 538s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-npKDtO/test-intermediate-CA-trusted-certificate-0001.pem 538s + expected_md5=Modulus=B266765AAC458ACEC8E42FC2F5F920677EBAF32D9BD1080FD283C7C5CE94FD71906766126B573DD63DCDB1081BA226EF4CD3EB7FD60AC0F36015E47C67B2DDE948AD46573925C21302BE5D3265CBA9D2249D7D5F2050BC8103110CA1A2544C09A8E9217C03D96D44AA15EAA0E35C2E92F09C008641125730DDBFDA02556F7485 538s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-npKDtO/SSSD-child-23102.pem 538s + found_md5=Modulus=B266765AAC458ACEC8E42FC2F5F920677EBAF32D9BD1080FD283C7C5CE94FD71906766126B573DD63DCDB1081BA226EF4CD3EB7FD60AC0F36015E47C67B2DDE948AD46573925C21302BE5D3265CBA9D2249D7D5F2050BC8103110CA1A2544C09A8E9217C03D96D44AA15EAA0E35C2E92F09C008641125730DDBFDA02556F7485 538s + '[' Modulus=B266765AAC458ACEC8E42FC2F5F920677EBAF32D9BD1080FD283C7C5CE94FD71906766126B573DD63DCDB1081BA226EF4CD3EB7FD60AC0F36015E47C67B2DDE948AD46573925C21302BE5D3265CBA9D2249D7D5F2050BC8103110CA1A2544C09A8E9217C03D96D44AA15EAA0E35C2E92F09C008641125730DDBFDA02556F7485 '!=' Modulus=B266765AAC458ACEC8E42FC2F5F920677EBAF32D9BD1080FD283C7C5CE94FD71906766126B573DD63DCDB1081BA226EF4CD3EB7FD60AC0F36015E47C67B2DDE948AD46573925C21302BE5D3265CBA9D2249D7D5F2050BC8103110CA1A2544C09A8E9217C03D96D44AA15EAA0E35C2E92F09C008641125730DDBFDA02556F7485 ']' 538s + output_file=/tmp/sssd-softhsm2-npKDtO/SSSD-child-23102-auth.output 538s ++ basename /tmp/sssd-softhsm2-npKDtO/SSSD-child-23102-auth.output .output 538s + output_cert_file=/tmp/sssd-softhsm2-npKDtO/SSSD-child-23102-auth.pem 538s + echo -n 053350 538s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/tmp/sssd-softhsm2-npKDtO/test-full-chain-CA.pem --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 --verify=partial_chain --token_name 'Test Organization Interme Token' --module_name /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so 538s [p11_child[2212]] [main] (0x0400): p11_child started. 538s [p11_child[2212]] [main] (0x2000): Running in [auth] mode. 538s [p11_child[2212]] [main] (0x2000): Running with effective IDs: [0][0]. 538s [p11_child[2212]] [main] (0x2000): Running with real IDs [0][0]. 538s [p11_child[2212]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 538s [p11_child[2212]] [do_card] (0x4000): Module List: 538s [p11_child[2212]] [do_card] (0x4000): common name: [softhsm2]. 538s [p11_child[2212]] [do_card] (0x4000): dll name: [/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 538s [p11_child[2212]] [do_card] (0x4000): Description [SoftHSM slot ID 0x38ad77e7] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 538s [p11_child[2212]] [do_card] (0x4000): Token label [Test Organization Interme Token]. 538s [p11_child[2212]] [do_card] (0x4000): Found [Test Organization Interme Token] in slot [SoftHSM slot ID 0x38ad77e7][950892519] of module [0][/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 538s [p11_child[2212]] [do_card] (0x4000): Login required. 538s [p11_child[2212]] [read_certs] (0x4000): found cert[Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] 538s [p11_child[2212]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 538s [p11_child[2212]] [do_card] (0x4000): /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so Test Organization Interme Token Test Organization Interme Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 538s [p11_child[2212]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x38ad77e7;slot-manufacturer=SoftHSM%20project;slot-id=950892519;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=548d4e12b8ad77e7;token=Test%20Organization%20Interme%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Intermediate%20Trusted%20Certificate%200001;type=cert. 538s [p11_child[2212]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 538s [p11_child[2212]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 538s [p11_child[2212]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 538s [p11_child[2212]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 538s [p11_child[2212]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 538s [p11_child[2212]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 538s [p11_child[2212]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 538s [p11_child[2212]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 538s [p11_child[2212]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 538s [p11_child[2212]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 538s [p11_child[2212]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 538s [p11_child[2212]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 538s [p11_child[2212]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 538s [p11_child[2212]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 538s [p11_child[2212]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 538s [p11_child[2212]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 538s [p11_child[2212]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 538s [p11_child[2212]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 538s [p11_child[2212]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 538s [p11_child[2212]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 538s [p11_child[2212]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 538s [p11_child[2212]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 538s [p11_child[2212]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 538s [p11_child[2212]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 538s [p11_child[2212]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 538s [p11_child[2212]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 538s [p11_child[2212]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 538s [p11_child[2212]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 538s [p11_child[2212]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 538s [p11_child[2212]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 538s [p11_child[2212]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 538s [p11_child[2212]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 538s [p11_child[2212]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 538s [p11_child[2212]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 538s [p11_child[2212]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 538s [p11_child[2212]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 538s [p11_child[2212]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 538s [p11_child[2212]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 538s [p11_child[2212]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 538s [p11_child[2212]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 538s [p11_child[2212]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 538s [p11_child[2212]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 538s [p11_child[2212]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 538s [p11_child[2212]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 538s [p11_child[2212]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 538s [p11_child[2212]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 538s [p11_child[2212]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 538s [p11_child[2212]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 538s [p11_child[2212]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 538s [p11_child[2212]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 538s [p11_child[2212]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 538s [p11_child[2212]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 538s [p11_child[2212]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 538s [p11_child[2212]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 538s [p11_child[2212]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 538s [p11_child[2212]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 538s [p11_child[2212]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 538s [p11_child[2212]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 538s [p11_child[2212]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 538s [p11_child[2212]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 538s [p11_child[2212]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 538s [p11_child[2212]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 538s [p11_child[2212]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 538s [p11_child[2212]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 538s [p11_child[2212]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 538s [p11_child[2212]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 538s [p11_child[2212]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 538s [p11_child[2212]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 538s [p11_child[2212]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 538s [p11_child[2212]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 538s [p11_child[2212]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 538s [p11_child[2212]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 538s [p11_child[2212]] [do_card] (0x4000): Certificate verified and validated. 538s [p11_child[2212]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 538s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-npKDtO/SSSD-child-23102-auth.output 538s + echo '-----BEGIN CERTIFICATE-----' 538s + tail -n1 /tmp/sssd-softhsm2-npKDtO/SSSD-child-23102-auth.output 538s + echo '-----END CERTIFICATE-----' 538s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-npKDtO/SSSD-child-23102-auth.pem 538s Certificate: 538s Data: 538s Version: 3 (0x2) 538s Serial Number: 4 (0x4) 538s Signature Algorithm: sha256WithRSAEncryption 538s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate CA 538s Validity 538s Not Before: Mar 26 12:49:52 2024 GMT 538s Not After : Mar 26 12:49:52 2025 GMT 538s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate Trusted Certificate 0001 538s Subject Public Key Info: 538s Public Key Algorithm: rsaEncryption 538s Public-Key: (1024 bit) 538s Modulus: 538s 00:b2:66:76:5a:ac:45:8a:ce:c8:e4:2f:c2:f5:f9: 538s 20:67:7e:ba:f3:2d:9b:d1:08:0f:d2:83:c7:c5:ce: 538s 94:fd:71:90:67:66:12:6b:57:3d:d6:3d:cd:b1:08: 538s 1b:a2:26:ef:4c:d3:eb:7f:d6:0a:c0:f3:60:15:e4: 538s 7c:67:b2:dd:e9:48:ad:46:57:39:25:c2:13:02:be: 538s 5d:32:65:cb:a9:d2:24:9d:7d:5f:20:50:bc:81:03: 538s 11:0c:a1:a2:54:4c:09:a8:e9:21:7c:03:d9:6d:44: 538s aa:15:ea:a0:e3:5c:2e:92:f0:9c:00:86:41:12:57: 538s 30:dd:bf:da:02:55:6f:74:85 538s Exponent: 65537 (0x10001) 538s X509v3 extensions: 538s X509v3 Authority Key Identifier: 538s 69:96:63:2F:1F:40:22:FE:44:67:43:50:D7:82:20:3B:98:D4:E5:B6 538s X509v3 Basic Constraints: 538s CA:FALSE 538s Netscape Cert Type: 538s SSL Client, S/MIME 538s Netscape Comment: 538s Test Organization Intermediate CA trusted Certificate 538s X509v3 Subject Key Identifier: 538s AF:F7:A1:17:A2:AF:CB:FA:32:FA:BE:AA:58:1C:DD:B8:70:B6:E9:B7 538s X509v3 Key Usage: critical 538s Digital Signature, Non Repudiation, Key Encipherment 538s X509v3 Extended Key Usage: 538s TLS Web Client Authentication, E-mail Protection 538s X509v3 Subject Alternative Name: 538s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 538s Signature Algorithm: sha256WithRSAEncryption 538s Signature Value: 538s 84:fb:b4:b6:74:92:07:22:f8:bd:1d:61:59:53:74:b4:34:81: 538s cc:8e:de:84:64:0d:d3:3a:c7:fd:55:bc:84:d4:50:f5:88:ea: 538s 73:c7:e5:57:aa:b1:83:a9:f1:f0:e9:2f:d5:07:6c:90:4e:ef: 538s 6b:8b:8c:f7:4d:11:7d:05:fb:5d:5f:2d:e6:4f:d9:45:87:2e: 538s 78:43:36:71:15:42:5c:c8:d5:52:3a:d6:06:5e:05:ae:86:94: 538s f7:d5:36:70:45:59:ec:e1:51:b6:c7:80:59:ec:35:1a:fe:d8: 538s 02:3a:21:60:95:09:6f:f4:6c:78:98:64:3a:32:3f:45:39:5d: 538s 38:ee 538s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-npKDtO/SSSD-child-23102-auth.pem 538s + found_md5=Modulus=B266765AAC458ACEC8E42FC2F5F920677EBAF32D9BD1080FD283C7C5CE94FD71906766126B573DD63DCDB1081BA226EF4CD3EB7FD60AC0F36015E47C67B2DDE948AD46573925C21302BE5D3265CBA9D2249D7D5F2050BC8103110CA1A2544C09A8E9217C03D96D44AA15EAA0E35C2E92F09C008641125730DDBFDA02556F7485 538s + '[' Modulus=B266765AAC458ACEC8E42FC2F5F920677EBAF32D9BD1080FD283C7C5CE94FD71906766126B573DD63DCDB1081BA226EF4CD3EB7FD60AC0F36015E47C67B2DDE948AD46573925C21302BE5D3265CBA9D2249D7D5F2050BC8103110CA1A2544C09A8E9217C03D96D44AA15EAA0E35C2E92F09C008641125730DDBFDA02556F7485 '!=' Modulus=B266765AAC458ACEC8E42FC2F5F920677EBAF32D9BD1080FD283C7C5CE94FD71906766126B573DD63DCDB1081BA226EF4CD3EB7FD60AC0F36015E47C67B2DDE948AD46573925C21302BE5D3265CBA9D2249D7D5F2050BC8103110CA1A2544C09A8E9217C03D96D44AA15EAA0E35C2E92F09C008641125730DDBFDA02556F7485 ']' 538s + invalid_certificate /tmp/sssd-softhsm2-npKDtO/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-755 /tmp/sssd-softhsm2-npKDtO/test-intermediate-CA.pem 538s + check_certificate /tmp/sssd-softhsm2-npKDtO/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-755 /tmp/sssd-softhsm2-npKDtO/test-intermediate-CA.pem 538s + local certificate=/tmp/sssd-softhsm2-npKDtO/test-intermediate-CA-trusted-certificate-0001.pem 538s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-755 538s + local key_ring=/tmp/sssd-softhsm2-npKDtO/test-intermediate-CA.pem 538s + local verify_option= 538s + prepare_softhsm2_card /tmp/sssd-softhsm2-npKDtO/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-755 538s + local certificate=/tmp/sssd-softhsm2-npKDtO/test-intermediate-CA-trusted-certificate-0001.pem 538s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-755 538s + local key_cn 538s + local key_name 538s + local tokens_dir 538s + local output_cert_file 538s + token_name= 538s ++ basename /tmp/sssd-softhsm2-npKDtO/test-intermediate-CA-trusted-certificate-0001.pem .pem 538s + key_name=test-intermediate-CA-trusted-certificate-0001 538s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-npKDtO/test-intermediate-CA-trusted-certificate-0001.pem 538s ++ sed -n 's/ *commonName *= //p' 538s + key_cn='Test Organization Intermediate Trusted Certificate 0001' 538s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 538s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-npKDtO/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 538s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-npKDtO/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 538s ++ basename /tmp/sssd-softhsm2-npKDtO/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf .conf 538s + tokens_dir=/tmp/sssd-softhsm2-npKDtO/softhsm2-test-intermediate-CA-trusted-certificate-0001 538s + token_name='Test Organization Interme Token' 538s + '[' '!' -e /tmp/sssd-softhsm2-npKDtO/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf ']' 538s + '[' '!' -d /tmp/sssd-softhsm2-npKDtO/softhsm2-test-intermediate-CA-trusted-certificate-0001 ']' 538s Test Organization Interme Token 538s + echo 'Test Organization Interme Token' 538s + '[' -n '' ']' 538s + local output_base_name=SSSD-child-21965 538s + local output_file=/tmp/sssd-softhsm2-npKDtO/SSSD-child-21965.output 538s + output_cert_file=/tmp/sssd-softhsm2-npKDtO/SSSD-child-21965.pem 538s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so '' --ca_db=/tmp/sssd-softhsm2-npKDtO/test-intermediate-CA.pem 538s [p11_child[2222]] [main] (0x0400): p11_child started. 538s [p11_child[2222]] [main] (0x2000): Running in [pre-auth] mode. 538s [p11_child[2222]] [main] (0x2000): Running with effective IDs: [0][0]. 538s [p11_child[2222]] [main] (0x2000): Running with real IDs [0][0]. 538s [p11_child[2222]] [do_card] (0x4000): Module List: 538s [p11_child[2222]] [do_card] (0x4000): common name: [softhsm2]. 538s [p11_child[2222]] [do_card] (0x4000): dll name: [/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 538s [p11_child[2222]] [do_card] (0x4000): Description [SoftHSM slot ID 0x38ad77e7] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 538s [p11_child[2222]] [do_card] (0x4000): Token label [Test Organization Interme Token]. 538s [p11_child[2222]] [do_card] (0x4000): Found [Test Organization Interme Token] in slot [SoftHSM slot ID 0x38ad77e7][950892519] of module [0][/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 538s [p11_child[2222]] [do_card] (0x4000): Login NOT required. 538s [p11_child[2222]] [read_certs] (0x4000): found cert[Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] 538s [p11_child[2222]] [do_verification] (0x0040): X509_verify_cert failed [0]. 538s [p11_child[2222]] [do_verification] (0x0040): X509_verify_cert failed [2][unable to get issuer certificate]. 538s [p11_child[2222]] [read_certs] (0x0040): Certificate [Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] not valid, skipping. 538s [p11_child[2222]] [do_card] (0x4000): No certificate found. 538s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-npKDtO/SSSD-child-21965.output 538s + return 2 538s + valid_certificate /tmp/sssd-softhsm2-npKDtO/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-755 /tmp/sssd-softhsm2-npKDtO/test-intermediate-CA.pem partial_chain 538s + check_certificate /tmp/sssd-softhsm2-npKDtO/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-755 /tmp/sssd-softhsm2-npKDtO/test-intermediate-CA.pem partial_chain 538s + local certificate=/tmp/sssd-softhsm2-npKDtO/test-intermediate-CA-trusted-certificate-0001.pem 538s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-755 538s + local key_ring=/tmp/sssd-softhsm2-npKDtO/test-intermediate-CA.pem 538s + local verify_option=partial_chain 538s + prepare_softhsm2_card /tmp/sssd-softhsm2-npKDtO/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-755 538s + local certificate=/tmp/sssd-softhsm2-npKDtO/test-intermediate-CA-trusted-certificate-0001.pem 538s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-755 538s + local key_cn 538s + local key_name 538s + local tokens_dir 538s + local output_cert_file 538s + token_name= 538s ++ basename /tmp/sssd-softhsm2-npKDtO/test-intermediate-CA-trusted-certificate-0001.pem .pem 538s + key_name=test-intermediate-CA-trusted-certificate-0001 538s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-npKDtO/test-intermediate-CA-trusted-certificate-0001.pem 538s ++ sed -n 's/ *commonName *= //p' 538s + key_cn='Test Organization Intermediate Trusted Certificate 0001' 538s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 538s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-npKDtO/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 538s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-npKDtO/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 538s ++ basename /tmp/sssd-softhsm2-npKDtO/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf .conf 538s + tokens_dir=/tmp/sssd-softhsm2-npKDtO/softhsm2-test-intermediate-CA-trusted-certificate-0001 538s + token_name='Test Organization Interme Token' 538s + '[' '!' -e /tmp/sssd-softhsm2-npKDtO/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf ']' 538s + '[' '!' -d /tmp/sssd-softhsm2-npKDtO/softhsm2-test-intermediate-CA-trusted-certificate-0001 ']' 538s + echo 'Test Organization Interme Token' 538s Test Organization Interme Token 538s + '[' -n partial_chain ']' 538s + local verify_arg=--verify=partial_chain 538s + local output_base_name=SSSD-child-18492 538s + local output_file=/tmp/sssd-softhsm2-npKDtO/SSSD-child-18492.output 538s + output_cert_file=/tmp/sssd-softhsm2-npKDtO/SSSD-child-18492.pem 538s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so --verify=partial_chain --ca_db=/tmp/sssd-softhsm2-npKDtO/test-intermediate-CA.pem 538s [p11_child[2229]] [main] (0x0400): p11_child started. 538s [p11_child[2229]] [main] (0x2000): Running in [pre-auth] mode. 538s [p11_child[2229]] [main] (0x2000): Running with effective IDs: [0][0]. 538s [p11_child[2229]] [main] (0x2000): Running with real IDs [0][0]. 538s [p11_child[2229]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 538s [p11_child[2229]] [do_card] (0x4000): Module List: 538s [p11_child[2229]] [do_card] (0x4000): common name: [softhsm2]. 538s [p11_child[2229]] [do_card] (0x4000): dll name: [/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 538s [p11_child[2229]] [do_card] (0x4000): Description [SoftHSM slot ID 0x38ad77e7] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 538s [p11_child[2229]] [do_card] (0x4000): Token label [Test Organization Interme Token]. 538s [p11_child[2229]] [do_card] (0x4000): Found [Test Organization Interme Token] in slot [SoftHSM slot ID 0x38ad77e7][950892519] of module [0][/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 538s [p11_child[2229]] [do_card] (0x4000): Login NOT required. 538s [p11_child[2229]] [read_certs] (0x4000): found cert[Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] 538s [p11_child[2229]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 538s [p11_child[2229]] [do_card] (0x4000): /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so (null) Test Organization Interme Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 538s [p11_child[2229]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x38ad77e7;slot-manufacturer=SoftHSM%20project;slot-id=950892519;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=548d4e12b8ad77e7;token=Test%20Organization%20Interme%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Intermediate%20Trusted%20Certificate%200001;type=cert. 538s [p11_child[2229]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 538s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-npKDtO/SSSD-child-18492.output 538s + echo '-----BEGIN CERTIFICATE-----' 538s + tail -n1 /tmp/sssd-softhsm2-npKDtO/SSSD-child-18492.output 538s + echo '-----END CERTIFICATE-----' 538s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-npKDtO/SSSD-child-18492.pem 538s Certificate: 538s Data: 538s Version: 3 (0x2) 538s Serial Number: 4 (0x4) 538s Signature Algorithm: sha256WithRSAEncryption 538s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate CA 538s Validity 538s Not Before: Mar 26 12:49:52 2024 GMT 538s Not After : Mar 26 12:49:52 2025 GMT 538s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate Trusted Certificate 0001 538s Subject Public Key Info: 538s Public Key Algorithm: rsaEncryption 538s Public-Key: (1024 bit) 538s Modulus: 538s 00:b2:66:76:5a:ac:45:8a:ce:c8:e4:2f:c2:f5:f9: 538s 20:67:7e:ba:f3:2d:9b:d1:08:0f:d2:83:c7:c5:ce: 538s 94:fd:71:90:67:66:12:6b:57:3d:d6:3d:cd:b1:08: 538s 1b:a2:26:ef:4c:d3:eb:7f:d6:0a:c0:f3:60:15:e4: 538s 7c:67:b2:dd:e9:48:ad:46:57:39:25:c2:13:02:be: 538s 5d:32:65:cb:a9:d2:24:9d:7d:5f:20:50:bc:81:03: 538s 11:0c:a1:a2:54:4c:09:a8:e9:21:7c:03:d9:6d:44: 538s aa:15:ea:a0:e3:5c:2e:92:f0:9c:00:86:41:12:57: 538s 30:dd:bf:da:02:55:6f:74:85 538s Exponent: 65537 (0x10001) 538s X509v3 extensions: 538s X509v3 Authority Key Identifier: 538s 69:96:63:2F:1F:40:22:FE:44:67:43:50:D7:82:20:3B:98:D4:E5:B6 538s X509v3 Basic Constraints: 538s CA:FALSE 538s Netscape Cert Type: 538s SSL Client, S/MIME 538s Netscape Comment: 538s Test Organization Intermediate CA trusted Certificate 538s X509v3 Subject Key Identifier: 538s AF:F7:A1:17:A2:AF:CB:FA:32:FA:BE:AA:58:1C:DD:B8:70:B6:E9:B7 538s X509v3 Key Usage: critical 538s Digital Signature, Non Repudiation, Key Encipherment 538s X509v3 Extended Key Usage: 538s TLS Web Client Authentication, E-mail Protection 538s X509v3 Subject Alternative Name: 538s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 538s Signature Algorithm: sha256WithRSAEncryption 538s Signature Value: 538s 84:fb:b4:b6:74:92:07:22:f8:bd:1d:61:59:53:74:b4:34:81: 538s cc:8e:de:84:64:0d:d3:3a:c7:fd:55:bc:84:d4:50:f5:88:ea: 538s 73:c7:e5:57:aa:b1:83:a9:f1:f0:e9:2f:d5:07:6c:90:4e:ef: 538s 6b:8b:8c:f7:4d:11:7d:05:fb:5d:5f:2d:e6:4f:d9:45:87:2e: 538s 78:43:36:71:15:42:5c:c8:d5:52:3a:d6:06:5e:05:ae:86:94: 538s f7:d5:36:70:45:59:ec:e1:51:b6:c7:80:59:ec:35:1a:fe:d8: 538s 02:3a:21:60:95:09:6f:f4:6c:78:98:64:3a:32:3f:45:39:5d: 538s 38:ee 538s + local found_md5 expected_md5 538s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-npKDtO/test-intermediate-CA-trusted-certificate-0001.pem 538s + expected_md5=Modulus=B266765AAC458ACEC8E42FC2F5F920677EBAF32D9BD1080FD283C7C5CE94FD71906766126B573DD63DCDB1081BA226EF4CD3EB7FD60AC0F36015E47C67B2DDE948AD46573925C21302BE5D3265CBA9D2249D7D5F2050BC8103110CA1A2544C09A8E9217C03D96D44AA15EAA0E35C2E92F09C008641125730DDBFDA02556F7485 538s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-npKDtO/SSSD-child-18492.pem 538s + found_md5=Modulus=B266765AAC458ACEC8E42FC2F5F920677EBAF32D9BD1080FD283C7C5CE94FD71906766126B573DD63DCDB1081BA226EF4CD3EB7FD60AC0F36015E47C67B2DDE948AD46573925C21302BE5D3265CBA9D2249D7D5F2050BC8103110CA1A2544C09A8E9217C03D96D44AA15EAA0E35C2E92F09C008641125730DDBFDA02556F7485 538s + '[' Modulus=B266765AAC458ACEC8E42FC2F5F920677EBAF32D9BD1080FD283C7C5CE94FD71906766126B573DD63DCDB1081BA226EF4CD3EB7FD60AC0F36015E47C67B2DDE948AD46573925C21302BE5D3265CBA9D2249D7D5F2050BC8103110CA1A2544C09A8E9217C03D96D44AA15EAA0E35C2E92F09C008641125730DDBFDA02556F7485 '!=' Modulus=B266765AAC458ACEC8E42FC2F5F920677EBAF32D9BD1080FD283C7C5CE94FD71906766126B573DD63DCDB1081BA226EF4CD3EB7FD60AC0F36015E47C67B2DDE948AD46573925C21302BE5D3265CBA9D2249D7D5F2050BC8103110CA1A2544C09A8E9217C03D96D44AA15EAA0E35C2E92F09C008641125730DDBFDA02556F7485 ']' 538s + output_file=/tmp/sssd-softhsm2-npKDtO/SSSD-child-18492-auth.output 538s ++ basename /tmp/sssd-softhsm2-npKDtO/SSSD-child-18492-auth.output .output 538s + output_cert_file=/tmp/sssd-softhsm2-npKDtO/SSSD-child-18492-auth.pem 538s + echo -n 053350 538s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/tmp/sssd-softhsm2-npKDtO/test-intermediate-CA.pem --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 --verify=partial_chain --token_name 'Test Organization Interme Token' --module_name /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so 538s [p11_child[2237]] [main] (0x0400): p11_child started. 538s [p11_child[2237]] [main] (0x2000): Running in [auth] mode. 538s [p11_child[2237]] [main] (0x2000): Running with effective IDs: [0][0]. 538s [p11_child[2237]] [main] (0x2000): Running with real IDs [0][0]. 538s [p11_child[2237]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 538s [p11_child[2237]] [do_card] (0x4000): Module List: 538s [p11_child[2237]] [do_card] (0x4000): common name: [softhsm2]. 538s [p11_child[2237]] [do_card] (0x4000): dll name: [/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 538s [p11_child[2237]] [do_card] (0x4000): Description [SoftHSM slot ID 0x38ad77e7] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 538s [p11_child[2237]] [do_card] (0x4000): Token label [Test Organization Interme Token]. 538s [p11_child[2237]] [do_card] (0x4000): Found [Test Organization Interme Token] in slot [SoftHSM slot ID 0x38ad77e7][950892519] of module [0][/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 538s [p11_child[2237]] [do_card] (0x4000): Login required. 538s [p11_child[2237]] [read_certs] (0x4000): found cert[Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] 538s [p11_child[2237]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 538s [p11_child[2237]] [do_card] (0x4000): /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so Test Organization Interme Token Test Organization Interme Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 538s [p11_child[2237]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x38ad77e7;slot-manufacturer=SoftHSM%20project;slot-id=950892519;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=548d4e12b8ad77e7;token=Test%20Organization%20Interme%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Intermediate%20Trusted%20Certificate%200001;type=cert. 538s [p11_child[2237]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 538s [p11_child[2237]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 538s [p11_child[2237]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 538s [p11_child[2237]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 538s [p11_child[2237]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 538s [p11_child[2237]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 538s [p11_child[2237]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 538s [p11_child[2237]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 538s [p11_child[2237]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 538s [p11_child[2237]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 538s [p11_child[2237]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 538s [p11_child[2237]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 538s [p11_child[2237]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 538s [p11_child[2237]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 538s [p11_child[2237]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 538s [p11_child[2237]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 538s [p11_child[2237]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 538s [p11_child[2237]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 538s [p11_child[2237]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 538s [p11_child[2237]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 538s [p11_child[2237]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 538s [p11_child[2237]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 538s [p11_child[2237]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 538s [p11_child[2237]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 538s [p11_child[2237]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 538s [p11_child[2237]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 538s [p11_child[2237]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 538s [p11_child[2237]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 538s [p11_child[2237]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 538s [p11_child[2237]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 538s [p11_child[2237]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 538s [p11_child[2237]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 538s [p11_child[2237]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 538s [p11_child[2237]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 538s [p11_child[2237]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 538s [p11_child[2237]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 538s [p11_child[2237]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 538s [p11_child[2237]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 538s [p11_child[2237]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 538s [p11_child[2237]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 538s [p11_child[2237]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 538s [p11_child[2237]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 538s [p11_child[2237]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 538s [p11_child[2237]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 538s [p11_child[2237]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 538s [p11_child[2237]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 538s [p11_child[2237]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 538s [p11_child[2237]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 538s [p11_child[2237]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 538s [p11_child[2237]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 538s [p11_child[2237]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 538s [p11_child[2237]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 538s [p11_child[2237]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 538s [p11_child[2237]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 538s [p11_child[2237]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 538s [p11_child[2237]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 538s [p11_child[2237]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 538s [p11_child[2237]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 538s [p11_child[2237]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 538s [p11_child[2237]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 538s [p11_child[2237]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 538s [p11_child[2237]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 538s [p11_child[2237]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 538s [p11_child[2237]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 538s [p11_child[2237]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 538s [p11_child[2237]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 538s [p11_child[2237]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 538s [p11_child[2237]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 538s [p11_child[2237]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 538s [p11_child[2237]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 538s [p11_child[2237]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 538s [p11_child[2237]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 538s [p11_child[2237]] [do_card] (0x4000): Certificate verified and validated. 538s [p11_child[2237]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 538s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-npKDtO/SSSD-child-18492-auth.output 538s + echo '-----BEGIN CERTIFICATE-----' 538s + tail -n1 /tmp/sssd-softhsm2-npKDtO/SSSD-child-18492-auth.output 538s + echo '-----END CERTIFICATE-----' 538s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-npKDtO/SSSD-child-18492-auth.pem 538s Certificate: 538s Data: 538s Version: 3 (0x2) 538s Serial Number: 4 (0x4) 538s Signature Algorithm: sha256WithRSAEncryption 538s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate CA 538s Validity 538s Not Before: Mar 26 12:49:52 2024 GMT 538s Not After : Mar 26 12:49:52 2025 GMT 538s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate Trusted Certificate 0001 538s Subject Public Key Info: 538s Public Key Algorithm: rsaEncryption 538s Public-Key: (1024 bit) 538s Modulus: 538s 00:b2:66:76:5a:ac:45:8a:ce:c8:e4:2f:c2:f5:f9: 538s 20:67:7e:ba:f3:2d:9b:d1:08:0f:d2:83:c7:c5:ce: 538s 94:fd:71:90:67:66:12:6b:57:3d:d6:3d:cd:b1:08: 538s 1b:a2:26:ef:4c:d3:eb:7f:d6:0a:c0:f3:60:15:e4: 538s 7c:67:b2:dd:e9:48:ad:46:57:39:25:c2:13:02:be: 538s 5d:32:65:cb:a9:d2:24:9d:7d:5f:20:50:bc:81:03: 538s 11:0c:a1:a2:54:4c:09:a8:e9:21:7c:03:d9:6d:44: 538s aa:15:ea:a0:e3:5c:2e:92:f0:9c:00:86:41:12:57: 538s 30:dd:bf:da:02:55:6f:74:85 538s Exponent: 65537 (0x10001) 538s X509v3 extensions: 538s X509v3 Authority Key Identifier: 538s 69:96:63:2F:1F:40:22:FE:44:67:43:50:D7:82:20:3B:98:D4:E5:B6 538s X509v3 Basic Constraints: 538s CA:FALSE 538s Netscape Cert Type: 538s SSL Client, S/MIME 538s Netscape Comment: 538s Test Organization Intermediate CA trusted Certificate 538s X509v3 Subject Key Identifier: 538s AF:F7:A1:17:A2:AF:CB:FA:32:FA:BE:AA:58:1C:DD:B8:70:B6:E9:B7 538s X509v3 Key Usage: critical 538s Digital Signature, Non Repudiation, Key Encipherment 538s X509v3 Extended Key Usage: 538s TLS Web Client Authentication, E-mail Protection 538s X509v3 Subject Alternative Name: 538s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 538s Signature Algorithm: sha256WithRSAEncryption 538s Signature Value: 538s 84:fb:b4:b6:74:92:07:22:f8:bd:1d:61:59:53:74:b4:34:81: 538s cc:8e:de:84:64:0d:d3:3a:c7:fd:55:bc:84:d4:50:f5:88:ea: 538s 73:c7:e5:57:aa:b1:83:a9:f1:f0:e9:2f:d5:07:6c:90:4e:ef: 538s 6b:8b:8c:f7:4d:11:7d:05:fb:5d:5f:2d:e6:4f:d9:45:87:2e: 538s 78:43:36:71:15:42:5c:c8:d5:52:3a:d6:06:5e:05:ae:86:94: 538s f7:d5:36:70:45:59:ec:e1:51:b6:c7:80:59:ec:35:1a:fe:d8: 538s 02:3a:21:60:95:09:6f:f4:6c:78:98:64:3a:32:3f:45:39:5d: 538s 38:ee 538s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-npKDtO/SSSD-child-18492-auth.pem 538s + found_md5=Modulus=B266765AAC458ACEC8E42FC2F5F920677EBAF32D9BD1080FD283C7C5CE94FD71906766126B573DD63DCDB1081BA226EF4CD3EB7FD60AC0F36015E47C67B2DDE948AD46573925C21302BE5D3265CBA9D2249D7D5F2050BC8103110CA1A2544C09A8E9217C03D96D44AA15EAA0E35C2E92F09C008641125730DDBFDA02556F7485 538s + '[' Modulus=B266765AAC458ACEC8E42FC2F5F920677EBAF32D9BD1080FD283C7C5CE94FD71906766126B573DD63DCDB1081BA226EF4CD3EB7FD60AC0F36015E47C67B2DDE948AD46573925C21302BE5D3265CBA9D2249D7D5F2050BC8103110CA1A2544C09A8E9217C03D96D44AA15EAA0E35C2E92F09C008641125730DDBFDA02556F7485 '!=' Modulus=B266765AAC458ACEC8E42FC2F5F920677EBAF32D9BD1080FD283C7C5CE94FD71906766126B573DD63DCDB1081BA226EF4CD3EB7FD60AC0F36015E47C67B2DDE948AD46573925C21302BE5D3265CBA9D2249D7D5F2050BC8103110CA1A2544C09A8E9217C03D96D44AA15EAA0E35C2E92F09C008641125730DDBFDA02556F7485 ']' 538s + invalid_certificate /tmp/sssd-softhsm2-npKDtO/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-6197 /tmp/sssd-softhsm2-npKDtO/test-root-CA.pem 538s + check_certificate /tmp/sssd-softhsm2-npKDtO/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-6197 /tmp/sssd-softhsm2-npKDtO/test-root-CA.pem 538s + local certificate=/tmp/sssd-softhsm2-npKDtO/test-sub-intermediate-CA-trusted-certificate-0001.pem 538s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-6197 538s + local key_ring=/tmp/sssd-softhsm2-npKDtO/test-root-CA.pem 538s + local verify_option= 538s + prepare_softhsm2_card /tmp/sssd-softhsm2-npKDtO/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-6197 538s + local certificate=/tmp/sssd-softhsm2-npKDtO/test-sub-intermediate-CA-trusted-certificate-0001.pem 538s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-6197 538s + local key_cn 538s + local key_name 538s + local tokens_dir 538s + local output_cert_file 538s + token_name= 538s ++ basename /tmp/sssd-softhsm2-npKDtO/test-sub-intermediate-CA-trusted-certificate-0001.pem .pem 538s + key_name=test-sub-intermediate-CA-trusted-certificate-0001 538s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-npKDtO/test-sub-intermediate-CA-trusted-certificate-0001.pem 538s ++ sed -n 's/ *commonName *= //p' 538s + key_cn='Test Organization Sub Intermediate Trusted Certificate 0001' 538s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 538s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-npKDtO/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 538s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-npKDtO/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 538s ++ basename /tmp/sssd-softhsm2-npKDtO/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf .conf 538s + tokens_dir=/tmp/sssd-softhsm2-npKDtO/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 538s + token_name='Test Organization Sub Int Token' 538s + '[' '!' -e /tmp/sssd-softhsm2-npKDtO/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf ']' 538s + local key_file 538s + local decrypted_key 538s + mkdir -p /tmp/sssd-softhsm2-npKDtO/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 538s + key_file=/tmp/sssd-softhsm2-npKDtO/test-sub-intermediate-CA-trusted-certificate-0001-key.pem 538s + decrypted_key=/tmp/sssd-softhsm2-npKDtO/test-sub-intermediate-CA-trusted-certificate-0001-key-decrypted.pem 538s + cat 538s + softhsm2-util --init-token --label 'Test Organization Sub Int Token' --pin 053350 --so-pin 053350 --free 538s Slot 0 has a free/uninitialized token. 538s The token has been initialized and is reassigned to slot 1593290939 538s + softhsm2-util --show-slots 538s + p11tool --provider=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so --write --no-mark-private --load-certificate=/tmp/sssd-softhsm2-npKDtO/test-sub-intermediate-CA-trusted-certificate-0001.pem --login --set-pin=053350 --label 'Test Organization Sub Intermediate Trusted Certificate 0001' --id 00112233445566778899FFAABBCCDDEEFF012345 538s Available slots: 538s Slot 1593290939 538s Slot info: 538s Description: SoftHSM slot ID 0x5ef7b0bb 538s Manufacturer ID: SoftHSM project 538s Hardware version: 2.6 538s Firmware version: 2.6 538s Token present: yes 538s Token info: 538s Manufacturer ID: SoftHSM project 538s Model: SoftHSM v2 538s Hardware version: 2.6 538s Firmware version: 2.6 538s Serial number: fcf1f8fedef7b0bb 538s Initialized: yes 538s User PIN init.: yes 538s Label: Test Organization Sub Int Token 538s Slot 1 538s Slot info: 538s Description: SoftHSM slot ID 0x1 538s Manufacturer ID: SoftHSM project 538s Hardware version: 2.6 538s Firmware version: 2.6 538s Token present: yes 538s Token info: 538s Manufacturer ID: SoftHSM project 538s Model: SoftHSM v2 538s Hardware version: 2.6 538s Firmware version: 2.6 538s Serial number: 538s Initialized: no 538s User PIN init.: no 538s Label: 538s + openssl rsa -passin pass:random-sub-intermediate-ca-trusted-cert-0001-6197 -in /tmp/sssd-softhsm2-npKDtO/test-sub-intermediate-CA-trusted-certificate-0001-key.pem -out /tmp/sssd-softhsm2-npKDtO/test-sub-intermediate-CA-trusted-certificate-0001-key-decrypted.pem 538s writing RSA key 538s + p11tool --provider=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so --write --load-privkey=/tmp/sssd-softhsm2-npKDtO/test-sub-intermediate-CA-trusted-certificate-0001-key-decrypted.pem --login --set-pin=053350 --label 'Test Organization Sub Intermediate Trusted Certificate 0001 Key' --id 00112233445566778899FFAABBCCDDEEFF012345 538s + rm /tmp/sssd-softhsm2-npKDtO/test-sub-intermediate-CA-trusted-certificate-0001-key-decrypted.pem 538s + p11tool --provider=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so --list-all 538s Object 0: 538s URL: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=fcf1f8fedef7b0bb;token=Test%20Organization%20Sub%20Int%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Sub%20Intermediate%20Trusted%20Certificate%200001;type=cert 538s Type: X.509 Certificate (RSA-1024) 538s Expires: Wed Mar 26 12:49:52 2025 538s Label: Test Organization Sub Intermediate Trusted Certificate 0001 538s ID: 00:11:22:33:44:55:66:77:88:99:ff:aa:bb:cc:dd:ee:ff:01:23:45 538s 538s + echo 'Test Organization Sub Int Token' 538s + '[' -n '' ']' 538s + local output_base_name=SSSD-child-3691 538s + local output_file=/tmp/sssd-softhsm2-npKDtO/SSSD-child-3691.output 538s + output_cert_file=/tmp/sssd-softhsm2-npKDtO/SSSD-child-3691.pem 538s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so '' --ca_db=/tmp/sssd-softhsm2-npKDtO/test-root-CA.pem 538s Test Organization Sub Int Token 538s [p11_child[2256]] [main] (0x0400): p11_child started. 538s [p11_child[2256]] [main] (0x2000): Running in [pre-auth] mode. 538s [p11_child[2256]] [main] (0x2000): Running with effective IDs: [0][0]. 538s [p11_child[2256]] [main] (0x2000): Running with real IDs [0][0]. 538s [p11_child[2256]] [do_card] (0x4000): Module List: 538s [p11_child[2256]] [do_card] (0x4000): common name: [softhsm2]. 538s [p11_child[2256]] [do_card] (0x4000): dll name: [/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 538s [p11_child[2256]] [do_card] (0x4000): Description [SoftHSM slot ID 0x5ef7b0bb] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 538s [p11_child[2256]] [do_card] (0x4000): Token label [Test Organization Sub Int Token]. 538s [p11_child[2256]] [do_card] (0x4000): Found [Test Organization Sub Int Token] in slot [SoftHSM slot ID 0x5ef7b0bb][1593290939] of module [0][/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 538s [p11_child[2256]] [do_card] (0x4000): Login NOT required. 538s [p11_child[2256]] [read_certs] (0x4000): found cert[Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] 538s [p11_child[2256]] [do_verification] (0x0040): X509_verify_cert failed [0]. 538s [p11_child[2256]] [do_verification] (0x0040): X509_verify_cert failed [20][unable to get local issuer certificate]. 538s [p11_child[2256]] [read_certs] (0x0040): Certificate [Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] not valid, skipping. 538s [p11_child[2256]] [do_card] (0x4000): No certificate found. 538s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-npKDtO/SSSD-child-3691.output 538s + return 2 538s + invalid_certificate /tmp/sssd-softhsm2-npKDtO/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-6197 /tmp/sssd-softhsm2-npKDtO/test-root-CA.pem partial_chain 538s + check_certificate /tmp/sssd-softhsm2-npKDtO/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-6197 /tmp/sssd-softhsm2-npKDtO/test-root-CA.pem partial_chain 538s + local certificate=/tmp/sssd-softhsm2-npKDtO/test-sub-intermediate-CA-trusted-certificate-0001.pem 538s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-6197 538s + local key_ring=/tmp/sssd-softhsm2-npKDtO/test-root-CA.pem 538s + local verify_option=partial_chain 538s + prepare_softhsm2_card /tmp/sssd-softhsm2-npKDtO/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-6197 538s + local certificate=/tmp/sssd-softhsm2-npKDtO/test-sub-intermediate-CA-trusted-certificate-0001.pem 538s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-6197 538s + local key_cn 538s + local key_name 538s + local tokens_dir 538s + local output_cert_file 538s + token_name= 538s ++ basename /tmp/sssd-softhsm2-npKDtO/test-sub-intermediate-CA-trusted-certificate-0001.pem .pem 538s + key_name=test-sub-intermediate-CA-trusted-certificate-0001 538s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-npKDtO/test-sub-intermediate-CA-trusted-certificate-0001.pem 538s ++ sed -n 's/ *commonName *= //p' 538s + key_cn='Test Organization Sub Intermediate Trusted Certificate 0001' 538s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 538s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-npKDtO/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 538s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-npKDtO/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 538s ++ basename /tmp/sssd-softhsm2-npKDtO/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf .conf 538s Test Organization Sub Int Token 538s + tokens_dir=/tmp/sssd-softhsm2-npKDtO/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 538s + token_name='Test Organization Sub Int Token' 538s + '[' '!' -e /tmp/sssd-softhsm2-npKDtO/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf ']' 538s + '[' '!' -d /tmp/sssd-softhsm2-npKDtO/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 ']' 538s + echo 'Test Organization Sub Int Token' 538s + '[' -n partial_chain ']' 538s + local verify_arg=--verify=partial_chain 538s + local output_base_name=SSSD-child-6372 538s + local output_file=/tmp/sssd-softhsm2-npKDtO/SSSD-child-6372.output 538s + output_cert_file=/tmp/sssd-softhsm2-npKDtO/SSSD-child-6372.pem 538s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so --verify=partial_chain --ca_db=/tmp/sssd-softhsm2-npKDtO/test-root-CA.pem 538s [p11_child[2263]] [main] (0x0400): p11_child started. 538s [p11_child[2263]] [main] (0x2000): Running in [pre-auth] mode. 538s [p11_child[2263]] [main] (0x2000): Running with effective IDs: [0][0]. 538s [p11_child[2263]] [main] (0x2000): Running with real IDs [0][0]. 538s [p11_child[2263]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 538s [p11_child[2263]] [do_card] (0x4000): Module List: 538s [p11_child[2263]] [do_card] (0x4000): common name: [softhsm2]. 538s [p11_child[2263]] [do_card] (0x4000): dll name: [/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 538s [p11_child[2263]] [do_card] (0x4000): Description [SoftHSM slot ID 0x5ef7b0bb] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 538s [p11_child[2263]] [do_card] (0x4000): Token label [Test Organization Sub Int Token]. 538s [p11_child[2263]] [do_card] (0x4000): Found [Test Organization Sub Int Token] in slot [SoftHSM slot ID 0x5ef7b0bb][1593290939] of module [0][/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 538s [p11_child[2263]] [do_card] (0x4000): Login NOT required. 538s [p11_child[2263]] [read_certs] (0x4000): found cert[Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] 538s [p11_child[2263]] [do_verification] (0x0040): X509_verify_cert failed [0]. 538s [p11_child[2263]] [do_verification] (0x0040): X509_verify_cert failed [20][unable to get local issuer certificate]. 538s [p11_child[2263]] [read_certs] (0x0040): Certificate [Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] not valid, skipping. 538s [p11_child[2263]] [do_card] (0x4000): No certificate found. 538s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-npKDtO/SSSD-child-6372.output 538s + return 2 538s + valid_certificate /tmp/sssd-softhsm2-npKDtO/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-6197 /tmp/sssd-softhsm2-npKDtO/test-full-chain-CA.pem 538s + check_certificate /tmp/sssd-softhsm2-npKDtO/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-6197 /tmp/sssd-softhsm2-npKDtO/test-full-chain-CA.pem 538s + local certificate=/tmp/sssd-softhsm2-npKDtO/test-sub-intermediate-CA-trusted-certificate-0001.pem 538s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-6197 538s + local key_ring=/tmp/sssd-softhsm2-npKDtO/test-full-chain-CA.pem 538s + local verify_option= 538s + prepare_softhsm2_card /tmp/sssd-softhsm2-npKDtO/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-6197 538s + local certificate=/tmp/sssd-softhsm2-npKDtO/test-sub-intermediate-CA-trusted-certificate-0001.pem 538s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-6197 538s + local key_cn 538s + local key_name 538s + local tokens_dir 538s + local output_cert_file 538s + token_name= 538s ++ basename /tmp/sssd-softhsm2-npKDtO/test-sub-intermediate-CA-trusted-certificate-0001.pem .pem 538s + key_name=test-sub-intermediate-CA-trusted-certificate-0001 538s ++ sed -n 's/ *commonName *= //p' 538s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-npKDtO/test-sub-intermediate-CA-trusted-certificate-0001.pem 538s + key_cn='Test Organization Sub Intermediate Trusted Certificate 0001' 538s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 538s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-npKDtO/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 538s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-npKDtO/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 538s ++ basename /tmp/sssd-softhsm2-npKDtO/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf .conf 538s + tokens_dir=/tmp/sssd-softhsm2-npKDtO/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 538s + token_name='Test Organization Sub Int Token' 538s + '[' '!' -e /tmp/sssd-softhsm2-npKDtO/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf ']' 538s + '[' '!' -d /tmp/sssd-softhsm2-npKDtO/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 ']' 538s + echo 'Test Organization Sub Int Token' 538s Test Organization Sub Int Token 538s + '[' -n '' ']' 538s + local output_base_name=SSSD-child-4363 538s + local output_file=/tmp/sssd-softhsm2-npKDtO/SSSD-child-4363.output 538s + output_cert_file=/tmp/sssd-softhsm2-npKDtO/SSSD-child-4363.pem 538s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so '' --ca_db=/tmp/sssd-softhsm2-npKDtO/test-full-chain-CA.pem 538s [p11_child[2270]] [main] (0x0400): p11_child started. 538s [p11_child[2270]] [main] (0x2000): Running in [pre-auth] mode. 538s [p11_child[2270]] [main] (0x2000): Running with effective IDs: [0][0]. 538s [p11_child[2270]] [main] (0x2000): Running with real IDs [0][0]. 538s [p11_child[2270]] [do_card] (0x4000): Module List: 538s [p11_child[2270]] [do_card] (0x4000): common name: [softhsm2]. 538s [p11_child[2270]] [do_card] (0x4000): dll name: [/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 538s [p11_child[2270]] [do_card] (0x4000): Description [SoftHSM slot ID 0x5ef7b0bb] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 538s [p11_child[2270]] [do_card] (0x4000): Token label [Test Organization Sub Int Token]. 538s [p11_child[2270]] [do_card] (0x4000): Found [Test Organization Sub Int Token] in slot [SoftHSM slot ID 0x5ef7b0bb][1593290939] of module [0][/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 538s [p11_child[2270]] [do_card] (0x4000): Login NOT required. 538s [p11_child[2270]] [read_certs] (0x4000): found cert[Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] 538s [p11_child[2270]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 538s [p11_child[2270]] [do_card] (0x4000): /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so (null) Test Organization Sub Int Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 538s [p11_child[2270]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x5ef7b0bb;slot-manufacturer=SoftHSM%20project;slot-id=1593290939;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=fcf1f8fedef7b0bb;token=Test%20Organization%20Sub%20Int%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Sub%20Intermediate%20Trusted%20Certificate%200001;type=cert. 538s [p11_child[2270]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 538s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-npKDtO/SSSD-child-4363.output 538s + echo '-----BEGIN CERTIFICATE-----' 538s + tail -n1 /tmp/sssd-softhsm2-npKDtO/SSSD-child-4363.output 538s + echo '-----END CERTIFICATE-----' 538s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-npKDtO/SSSD-child-4363.pem 538s Certificate: 538s Data: 538s Version: 3 (0x2) 538s Serial Number: 5 (0x5) 538s Signature Algorithm: sha256WithRSAEncryption 538s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate CA 538s Validity 538s Not Before: Mar 26 12:49:52 2024 GMT 538s Not After : Mar 26 12:49:52 2025 GMT 538s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate Trusted Certificate 0001 538s Subject Public Key Info: 538s Public Key Algorithm: rsaEncryption 538s Public-Key: (1024 bit) 538s Modulus: 538s 00:bb:73:d6:62:89:2c:58:05:7d:fa:ab:86:4a:da: 538s b3:8c:92:01:8c:6d:81:6d:26:c0:ee:8f:cb:25:f4: 538s f4:61:26:e3:11:70:c7:3f:f4:6b:0b:bd:62:0d:0a: 538s 0f:c7:bc:07:24:aa:c7:66:d4:5e:b5:cb:60:9e:3a: 538s ce:44:0b:ac:57:98:c7:1d:d3:a7:e5:4c:9d:cd:05: 538s 45:e4:14:69:0e:36:95:51:c8:26:8a:ff:09:7e:59: 538s 2a:8f:be:e3:67:d3:8b:c1:34:7a:35:8a:c5:a8:d3: 538s a5:b4:04:ae:60:95:25:83:51:7d:9a:de:cf:79:db: 538s 62:bc:29:cd:b2:cb:7f:d7:77 538s Exponent: 65537 (0x10001) 538s X509v3 extensions: 538s X509v3 Authority Key Identifier: 538s 06:C6:E9:59:39:40:4C:C8:91:72:38:58:CE:35:97:D8:7C:8A:AD:58 538s X509v3 Basic Constraints: 538s CA:FALSE 538s Netscape Cert Type: 538s SSL Client, S/MIME 538s Netscape Comment: 538s Test Organization Sub Intermediate CA trusted Certificate 538s X509v3 Subject Key Identifier: 538s 19:7F:4C:47:4B:B5:EB:8E:C4:12:70:A0:0D:C7:11:3F:8C:B9:B2:7A 538s X509v3 Key Usage: critical 538s Digital Signature, Non Repudiation, Key Encipherment 538s X509v3 Extended Key Usage: 538s TLS Web Client Authentication, E-mail Protection 538s X509v3 Subject Alternative Name: 538s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 538s Signature Algorithm: sha256WithRSAEncryption 538s Signature Value: 538s b1:03:6d:b2:16:50:5e:01:77:52:e3:28:78:3b:ce:e0:d9:ce: 538s 3f:42:cd:65:88:bd:d4:84:b3:c4:9f:ae:75:35:f1:cd:75:00: 538s b4:52:56:c2:f4:b8:bc:95:bd:ce:20:2b:aa:cc:f6:eb:2a:fe: 538s de:61:b0:3b:40:cb:23:c1:98:8a:ec:ff:04:d8:f4:f3:64:2f: 538s 91:92:68:13:22:16:5d:15:5e:85:69:b7:00:ee:f3:16:d1:3c: 538s 00:2e:77:88:53:7d:89:bc:04:c9:7b:81:3d:fb:f0:70:b9:60: 538s 9d:01:f8:27:f3:4b:f8:2a:d7:4a:c0:ff:57:17:d5:57:c3:a8: 538s fd:af 538s + local found_md5 expected_md5 538s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-npKDtO/test-sub-intermediate-CA-trusted-certificate-0001.pem 538s + expected_md5=Modulus=BB73D662892C58057DFAAB864ADAB38C92018C6D816D26C0EE8FCB25F4F46126E31170C73FF46B0BBD620D0A0FC7BC0724AAC766D45EB5CB609E3ACE440BAC5798C71DD3A7E54C9DCD0545E414690E369551C8268AFF097E592A8FBEE367D38BC1347A358AC5A8D3A5B404AE60952583517D9ADECF79DB62BC29CDB2CB7FD777 538s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-npKDtO/SSSD-child-4363.pem 538s + found_md5=Modulus=BB73D662892C58057DFAAB864ADAB38C92018C6D816D26C0EE8FCB25F4F46126E31170C73FF46B0BBD620D0A0FC7BC0724AAC766D45EB5CB609E3ACE440BAC5798C71DD3A7E54C9DCD0545E414690E369551C8268AFF097E592A8FBEE367D38BC1347A358AC5A8D3A5B404AE60952583517D9ADECF79DB62BC29CDB2CB7FD777 538s + '[' Modulus=BB73D662892C58057DFAAB864ADAB38C92018C6D816D26C0EE8FCB25F4F46126E31170C73FF46B0BBD620D0A0FC7BC0724AAC766D45EB5CB609E3ACE440BAC5798C71DD3A7E54C9DCD0545E414690E369551C8268AFF097E592A8FBEE367D38BC1347A358AC5A8D3A5B404AE60952583517D9ADECF79DB62BC29CDB2CB7FD777 '!=' Modulus=BB73D662892C58057DFAAB864ADAB38C92018C6D816D26C0EE8FCB25F4F46126E31170C73FF46B0BBD620D0A0FC7BC0724AAC766D45EB5CB609E3ACE440BAC5798C71DD3A7E54C9DCD0545E414690E369551C8268AFF097E592A8FBEE367D38BC1347A358AC5A8D3A5B404AE60952583517D9ADECF79DB62BC29CDB2CB7FD777 ']' 538s + output_file=/tmp/sssd-softhsm2-npKDtO/SSSD-child-4363-auth.output 538s ++ basename /tmp/sssd-softhsm2-npKDtO/SSSD-child-4363-auth.output .output 538s + output_cert_file=/tmp/sssd-softhsm2-npKDtO/SSSD-child-4363-auth.pem 538s + echo -n 053350 538s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/tmp/sssd-softhsm2-npKDtO/test-full-chain-CA.pem --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 '' --token_name 'Test Organization Sub Int Token' --module_name /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so 538s [p11_child[2278]] [main] (0x0400): p11_child started. 538s [p11_child[2278]] [main] (0x2000): Running in [auth] mode. 538s [p11_child[2278]] [main] (0x2000): Running with effective IDs: [0][0]. 538s [p11_child[2278]] [main] (0x2000): Running with real IDs [0][0]. 538s [p11_child[2278]] [do_card] (0x4000): Module List: 538s [p11_child[2278]] [do_card] (0x4000): common name: [softhsm2]. 538s [p11_child[2278]] [do_card] (0x4000): dll name: [/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 538s [p11_child[2278]] [do_card] (0x4000): Description [SoftHSM slot ID 0x5ef7b0bb] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 538s [p11_child[2278]] [do_card] (0x4000): Token label [Test Organization Sub Int Token]. 538s [p11_child[2278]] [do_card] (0x4000): Found [Test Organization Sub Int Token] in slot [SoftHSM slot ID 0x5ef7b0bb][1593290939] of module [0][/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 538s [p11_child[2278]] [do_card] (0x4000): Login required. 538s [p11_child[2278]] [read_certs] (0x4000): found cert[Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] 538s [p11_child[2278]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 538s [p11_child[2278]] [do_card] (0x4000): /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so Test Organization Sub Int Token Test Organization Sub Int Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 538s [p11_child[2278]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x5ef7b0bb;slot-manufacturer=SoftHSM%20project;slot-id=1593290939;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=fcf1f8fedef7b0bb;token=Test%20Organization%20Sub%20Int%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Sub%20Intermediate%20Trusted%20Certificate%200001;type=cert. 538s [p11_child[2278]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 538s [p11_child[2278]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 538s [p11_child[2278]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 538s [p11_child[2278]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 538s [p11_child[2278]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 538s [p11_child[2278]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 538s [p11_child[2278]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 538s [p11_child[2278]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 538s [p11_child[2278]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 538s [p11_child[2278]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 538s [p11_child[2278]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 538s [p11_child[2278]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 538s [p11_child[2278]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 538s [p11_child[2278]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 538s [p11_child[2278]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 538s [p11_child[2278]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 538s [p11_child[2278]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 538s [p11_child[2278]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 538s [p11_child[2278]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 538s [p11_child[2278]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 538s [p11_child[2278]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 538s [p11_child[2278]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 538s [p11_child[2278]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 538s [p11_child[2278]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 538s [p11_child[2278]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 538s [p11_child[2278]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 538s [p11_child[2278]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 538s [p11_child[2278]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 538s [p11_child[2278]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 538s [p11_child[2278]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 538s [p11_child[2278]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 538s [p11_child[2278]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 538s [p11_child[2278]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 538s [p11_child[2278]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 538s [p11_child[2278]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 538s [p11_child[2278]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 538s [p11_child[2278]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 538s [p11_child[2278]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 538s [p11_child[2278]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 538s [p11_child[2278]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 538s [p11_child[2278]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 538s [p11_child[2278]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 538s [p11_child[2278]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 538s [p11_child[2278]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 538s [p11_child[2278]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 538s [p11_child[2278]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 538s [p11_child[2278]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 538s [p11_child[2278]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 538s [p11_child[2278]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 538s [p11_child[2278]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 538s [p11_child[2278]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 538s [p11_child[2278]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 538s [p11_child[2278]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 538s [p11_child[2278]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 538s [p11_child[2278]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 538s [p11_child[2278]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 538s [p11_child[2278]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 538s [p11_child[2278]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 538s [p11_child[2278]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 538s [p11_child[2278]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 538s [p11_child[2278]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 538s [p11_child[2278]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 538s [p11_child[2278]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 538s [p11_child[2278]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 538s [p11_child[2278]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 539s [p11_child[2278]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 539s [p11_child[2278]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 539s [p11_child[2278]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 539s [p11_child[2278]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 539s [p11_child[2278]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 539s [p11_child[2278]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 539s [p11_child[2278]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 539s [p11_child[2278]] [do_card] (0x4000): Certificate verified and validated. 539s [p11_child[2278]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 539s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-npKDtO/SSSD-child-4363-auth.output 539s + echo '-----BEGIN CERTIFICATE-----' 539s + tail -n1 /tmp/sssd-softhsm2-npKDtO/SSSD-child-4363-auth.output 539s + echo '-----END CERTIFICATE-----' 539s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-npKDtO/SSSD-child-4363-auth.pem 539s Certificate: 539s Data: 539s Version: 3 (0x2) 539s Serial Number: 5 (0x5) 539s Signature Algorithm: sha256WithRSAEncryption 539s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate CA 539s Validity 539s Not Before: Mar 26 12:49:52 2024 GMT 539s Not After : Mar 26 12:49:52 2025 GMT 539s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate Trusted Certificate 0001 539s Subject Public Key Info: 539s Public Key Algorithm: rsaEncryption 539s Public-Key: (1024 bit) 539s Modulus: 539s 00:bb:73:d6:62:89:2c:58:05:7d:fa:ab:86:4a:da: 539s b3:8c:92:01:8c:6d:81:6d:26:c0:ee:8f:cb:25:f4: 539s f4:61:26:e3:11:70:c7:3f:f4:6b:0b:bd:62:0d:0a: 539s 0f:c7:bc:07:24:aa:c7:66:d4:5e:b5:cb:60:9e:3a: 539s ce:44:0b:ac:57:98:c7:1d:d3:a7:e5:4c:9d:cd:05: 539s 45:e4:14:69:0e:36:95:51:c8:26:8a:ff:09:7e:59: 539s 2a:8f:be:e3:67:d3:8b:c1:34:7a:35:8a:c5:a8:d3: 539s a5:b4:04:ae:60:95:25:83:51:7d:9a:de:cf:79:db: 539s 62:bc:29:cd:b2:cb:7f:d7:77 539s Exponent: 65537 (0x10001) 539s X509v3 extensions: 539s X509v3 Authority Key Identifier: 539s 06:C6:E9:59:39:40:4C:C8:91:72:38:58:CE:35:97:D8:7C:8A:AD:58 539s X509v3 Basic Constraints: 539s CA:FALSE 539s Netscape Cert Type: 539s SSL Client, S/MIME 539s Netscape Comment: 539s Test Organization Sub Intermediate CA trusted Certificate 539s X509v3 Subject Key Identifier: 539s 19:7F:4C:47:4B:B5:EB:8E:C4:12:70:A0:0D:C7:11:3F:8C:B9:B2:7A 539s X509v3 Key Usage: critical 539s Digital Signature, Non Repudiation, Key Encipherment 539s X509v3 Extended Key Usage: 539s TLS Web Client Authentication, E-mail Protection 539s X509v3 Subject Alternative Name: 539s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 539s Signature Algorithm: sha256WithRSAEncryption 539s Signature Value: 539s b1:03:6d:b2:16:50:5e:01:77:52:e3:28:78:3b:ce:e0:d9:ce: 539s 3f:42:cd:65:88:bd:d4:84:b3:c4:9f:ae:75:35:f1:cd:75:00: 539s b4:52:56:c2:f4:b8:bc:95:bd:ce:20:2b:aa:cc:f6:eb:2a:fe: 539s de:61:b0:3b:40:cb:23:c1:98:8a:ec:ff:04:d8:f4:f3:64:2f: 539s 91:92:68:13:22:16:5d:15:5e:85:69:b7:00:ee:f3:16:d1:3c: 539s 00:2e:77:88:53:7d:89:bc:04:c9:7b:81:3d:fb:f0:70:b9:60: 539s 9d:01:f8:27:f3:4b:f8:2a:d7:4a:c0:ff:57:17:d5:57:c3:a8: 539s fd:af 539s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-npKDtO/SSSD-child-4363-auth.pem 539s + found_md5=Modulus=BB73D662892C58057DFAAB864ADAB38C92018C6D816D26C0EE8FCB25F4F46126E31170C73FF46B0BBD620D0A0FC7BC0724AAC766D45EB5CB609E3ACE440BAC5798C71DD3A7E54C9DCD0545E414690E369551C8268AFF097E592A8FBEE367D38BC1347A358AC5A8D3A5B404AE60952583517D9ADECF79DB62BC29CDB2CB7FD777 539s + '[' Modulus=BB73D662892C58057DFAAB864ADAB38C92018C6D816D26C0EE8FCB25F4F46126E31170C73FF46B0BBD620D0A0FC7BC0724AAC766D45EB5CB609E3ACE440BAC5798C71DD3A7E54C9DCD0545E414690E369551C8268AFF097E592A8FBEE367D38BC1347A358AC5A8D3A5B404AE60952583517D9ADECF79DB62BC29CDB2CB7FD777 '!=' Modulus=BB73D662892C58057DFAAB864ADAB38C92018C6D816D26C0EE8FCB25F4F46126E31170C73FF46B0BBD620D0A0FC7BC0724AAC766D45EB5CB609E3ACE440BAC5798C71DD3A7E54C9DCD0545E414690E369551C8268AFF097E592A8FBEE367D38BC1347A358AC5A8D3A5B404AE60952583517D9ADECF79DB62BC29CDB2CB7FD777 ']' 539s + valid_certificate /tmp/sssd-softhsm2-npKDtO/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-6197 /tmp/sssd-softhsm2-npKDtO/test-full-chain-CA.pem partial_chain 539s + check_certificate /tmp/sssd-softhsm2-npKDtO/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-6197 /tmp/sssd-softhsm2-npKDtO/test-full-chain-CA.pem partial_chain 539s + local certificate=/tmp/sssd-softhsm2-npKDtO/test-sub-intermediate-CA-trusted-certificate-0001.pem 539s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-6197 539s + local key_ring=/tmp/sssd-softhsm2-npKDtO/test-full-chain-CA.pem 539s + local verify_option=partial_chain 539s + prepare_softhsm2_card /tmp/sssd-softhsm2-npKDtO/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-6197 539s + local certificate=/tmp/sssd-softhsm2-npKDtO/test-sub-intermediate-CA-trusted-certificate-0001.pem 539s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-6197 539s + local key_cn 539s + local key_name 539s + local tokens_dir 539s + local output_cert_file 539s + token_name= 539s ++ basename /tmp/sssd-softhsm2-npKDtO/test-sub-intermediate-CA-trusted-certificate-0001.pem .pem 539s + key_name=test-sub-intermediate-CA-trusted-certificate-0001 539s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-npKDtO/test-sub-intermediate-CA-trusted-certificate-0001.pem 539s ++ sed -n 's/ *commonName *= //p' 539s + key_cn='Test Organization Sub Intermediate Trusted Certificate 0001' 539s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 539s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-npKDtO/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 539s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-npKDtO/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 539s ++ basename /tmp/sssd-softhsm2-npKDtO/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf .conf 539s + tokens_dir=/tmp/sssd-softhsm2-npKDtO/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 539s + token_name='Test Organization Sub Int Token' 539s + '[' '!' -e /tmp/sssd-softhsm2-npKDtO/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf ']' 539s Test Organization Sub Int Token 539s + '[' '!' -d /tmp/sssd-softhsm2-npKDtO/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 ']' 539s + echo 'Test Organization Sub Int Token' 539s + '[' -n partial_chain ']' 539s + local verify_arg=--verify=partial_chain 539s + local output_base_name=SSSD-child-6623 539s + local output_file=/tmp/sssd-softhsm2-npKDtO/SSSD-child-6623.output 539s + output_cert_file=/tmp/sssd-softhsm2-npKDtO/SSSD-child-6623.pem 539s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so --verify=partial_chain --ca_db=/tmp/sssd-softhsm2-npKDtO/test-full-chain-CA.pem 539s [p11_child[2288]] [main] (0x0400): p11_child started. 539s [p11_child[2288]] [main] (0x2000): Running in [pre-auth] mode. 539s [p11_child[2288]] [main] (0x2000): Running with effective IDs: [0][0]. 539s [p11_child[2288]] [main] (0x2000): Running with real IDs [0][0]. 539s [p11_child[2288]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 539s [p11_child[2288]] [do_card] (0x4000): Module List: 539s [p11_child[2288]] [do_card] (0x4000): common name: [softhsm2]. 539s [p11_child[2288]] [do_card] (0x4000): dll name: [/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 539s [p11_child[2288]] [do_card] (0x4000): Description [SoftHSM slot ID 0x5ef7b0bb] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 539s [p11_child[2288]] [do_card] (0x4000): Token label [Test Organization Sub Int Token]. 539s [p11_child[2288]] [do_card] (0x4000): Found [Test Organization Sub Int Token] in slot [SoftHSM slot ID 0x5ef7b0bb][1593290939] of module [0][/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 539s [p11_child[2288]] [do_card] (0x4000): Login NOT required. 539s [p11_child[2288]] [read_certs] (0x4000): found cert[Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] 539s [p11_child[2288]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 539s [p11_child[2288]] [do_card] (0x4000): /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so (null) Test Organization Sub Int Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 539s [p11_child[2288]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x5ef7b0bb;slot-manufacturer=SoftHSM%20project;slot-id=1593290939;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=fcf1f8fedef7b0bb;token=Test%20Organization%20Sub%20Int%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Sub%20Intermediate%20Trusted%20Certificate%200001;type=cert. 539s [p11_child[2288]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 539s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-npKDtO/SSSD-child-6623.output 539s + echo '-----BEGIN CERTIFICATE-----' 539s + tail -n1 /tmp/sssd-softhsm2-npKDtO/SSSD-child-6623.output 539s + echo '-----END CERTIFICATE-----' 539s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-npKDtO/SSSD-child-6623.pem 539s Certificate: 539s Data: 539s Version: 3 (0x2) 539s Serial Number: 5 (0x5) 539s Signature Algorithm: sha256WithRSAEncryption 539s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate CA 539s Validity 539s Not Before: Mar 26 12:49:52 2024 GMT 539s Not After : Mar 26 12:49:52 2025 GMT 539s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate Trusted Certificate 0001 539s Subject Public Key Info: 539s Public Key Algorithm: rsaEncryption 539s Public-Key: (1024 bit) 539s Modulus: 539s 00:bb:73:d6:62:89:2c:58:05:7d:fa:ab:86:4a:da: 539s b3:8c:92:01:8c:6d:81:6d:26:c0:ee:8f:cb:25:f4: 539s f4:61:26:e3:11:70:c7:3f:f4:6b:0b:bd:62:0d:0a: 539s 0f:c7:bc:07:24:aa:c7:66:d4:5e:b5:cb:60:9e:3a: 539s ce:44:0b:ac:57:98:c7:1d:d3:a7:e5:4c:9d:cd:05: 539s 45:e4:14:69:0e:36:95:51:c8:26:8a:ff:09:7e:59: 539s 2a:8f:be:e3:67:d3:8b:c1:34:7a:35:8a:c5:a8:d3: 539s a5:b4:04:ae:60:95:25:83:51:7d:9a:de:cf:79:db: 539s 62:bc:29:cd:b2:cb:7f:d7:77 539s Exponent: 65537 (0x10001) 539s X509v3 extensions: 539s X509v3 Authority Key Identifier: 539s 06:C6:E9:59:39:40:4C:C8:91:72:38:58:CE:35:97:D8:7C:8A:AD:58 539s X509v3 Basic Constraints: 539s CA:FALSE 539s Netscape Cert Type: 539s SSL Client, S/MIME 539s Netscape Comment: 539s Test Organization Sub Intermediate CA trusted Certificate 539s X509v3 Subject Key Identifier: 539s 19:7F:4C:47:4B:B5:EB:8E:C4:12:70:A0:0D:C7:11:3F:8C:B9:B2:7A 539s X509v3 Key Usage: critical 539s Digital Signature, Non Repudiation, Key Encipherment 539s X509v3 Extended Key Usage: 539s TLS Web Client Authentication, E-mail Protection 539s X509v3 Subject Alternative Name: 539s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 539s Signature Algorithm: sha256WithRSAEncryption 539s Signature Value: 539s b1:03:6d:b2:16:50:5e:01:77:52:e3:28:78:3b:ce:e0:d9:ce: 539s 3f:42:cd:65:88:bd:d4:84:b3:c4:9f:ae:75:35:f1:cd:75:00: 539s b4:52:56:c2:f4:b8:bc:95:bd:ce:20:2b:aa:cc:f6:eb:2a:fe: 539s de:61:b0:3b:40:cb:23:c1:98:8a:ec:ff:04:d8:f4:f3:64:2f: 539s 91:92:68:13:22:16:5d:15:5e:85:69:b7:00:ee:f3:16:d1:3c: 539s 00:2e:77:88:53:7d:89:bc:04:c9:7b:81:3d:fb:f0:70:b9:60: 539s 9d:01:f8:27:f3:4b:f8:2a:d7:4a:c0:ff:57:17:d5:57:c3:a8: 539s fd:af 539s + local found_md5 expected_md5 539s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-npKDtO/test-sub-intermediate-CA-trusted-certificate-0001.pem 539s + expected_md5=Modulus=BB73D662892C58057DFAAB864ADAB38C92018C6D816D26C0EE8FCB25F4F46126E31170C73FF46B0BBD620D0A0FC7BC0724AAC766D45EB5CB609E3ACE440BAC5798C71DD3A7E54C9DCD0545E414690E369551C8268AFF097E592A8FBEE367D38BC1347A358AC5A8D3A5B404AE60952583517D9ADECF79DB62BC29CDB2CB7FD777 539s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-npKDtO/SSSD-child-6623.pem 539s + found_md5=Modulus=BB73D662892C58057DFAAB864ADAB38C92018C6D816D26C0EE8FCB25F4F46126E31170C73FF46B0BBD620D0A0FC7BC0724AAC766D45EB5CB609E3ACE440BAC5798C71DD3A7E54C9DCD0545E414690E369551C8268AFF097E592A8FBEE367D38BC1347A358AC5A8D3A5B404AE60952583517D9ADECF79DB62BC29CDB2CB7FD777 539s + '[' Modulus=BB73D662892C58057DFAAB864ADAB38C92018C6D816D26C0EE8FCB25F4F46126E31170C73FF46B0BBD620D0A0FC7BC0724AAC766D45EB5CB609E3ACE440BAC5798C71DD3A7E54C9DCD0545E414690E369551C8268AFF097E592A8FBEE367D38BC1347A358AC5A8D3A5B404AE60952583517D9ADECF79DB62BC29CDB2CB7FD777 '!=' Modulus=BB73D662892C58057DFAAB864ADAB38C92018C6D816D26C0EE8FCB25F4F46126E31170C73FF46B0BBD620D0A0FC7BC0724AAC766D45EB5CB609E3ACE440BAC5798C71DD3A7E54C9DCD0545E414690E369551C8268AFF097E592A8FBEE367D38BC1347A358AC5A8D3A5B404AE60952583517D9ADECF79DB62BC29CDB2CB7FD777 ']' 539s + output_file=/tmp/sssd-softhsm2-npKDtO/SSSD-child-6623-auth.output 539s ++ basename /tmp/sssd-softhsm2-npKDtO/SSSD-child-6623-auth.output .output 539s + output_cert_file=/tmp/sssd-softhsm2-npKDtO/SSSD-child-6623-auth.pem 539s + echo -n 053350 539s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/tmp/sssd-softhsm2-npKDtO/test-full-chain-CA.pem --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 --verify=partial_chain --token_name 'Test Organization Sub Int Token' --module_name /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so 539s [p11_child[2296]] [main] (0x0400): p11_child started. 539s [p11_child[2296]] [main] (0x2000): Running in [auth] mode. 539s [p11_child[2296]] [main] (0x2000): Running with effective IDs: [0][0]. 539s [p11_child[2296]] [main] (0x2000): Running with real IDs [0][0]. 539s [p11_child[2296]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 539s [p11_child[2296]] [do_card] (0x4000): Module List: 539s [p11_child[2296]] [do_card] (0x4000): common name: [softhsm2]. 539s [p11_child[2296]] [do_card] (0x4000): dll name: [/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 539s [p11_child[2296]] [do_card] (0x4000): Description [SoftHSM slot ID 0x5ef7b0bb] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 539s [p11_child[2296]] [do_card] (0x4000): Token label [Test Organization Sub Int Token]. 539s [p11_child[2296]] [do_card] (0x4000): Found [Test Organization Sub Int Token] in slot [SoftHSM slot ID 0x5ef7b0bb][1593290939] of module [0][/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 539s [p11_child[2296]] [do_card] (0x4000): Login required. 539s [p11_child[2296]] [read_certs] (0x4000): found cert[Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] 539s [p11_child[2296]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 539s [p11_child[2296]] [do_card] (0x4000): /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so Test Organization Sub Int Token Test Organization Sub Int Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 539s [p11_child[2296]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x5ef7b0bb;slot-manufacturer=SoftHSM%20project;slot-id=1593290939;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=fcf1f8fedef7b0bb;token=Test%20Organization%20Sub%20Int%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Sub%20Intermediate%20Trusted%20Certificate%200001;type=cert. 539s [p11_child[2296]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 539s [p11_child[2296]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 539s [p11_child[2296]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 539s [p11_child[2296]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 539s [p11_child[2296]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 539s [p11_child[2296]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 539s [p11_child[2296]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 539s [p11_child[2296]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 539s [p11_child[2296]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 539s [p11_child[2296]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 539s [p11_child[2296]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 539s [p11_child[2296]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 539s [p11_child[2296]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 539s [p11_child[2296]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 539s [p11_child[2296]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 539s [p11_child[2296]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 539s [p11_child[2296]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 539s [p11_child[2296]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 539s [p11_child[2296]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 539s [p11_child[2296]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 539s [p11_child[2296]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 539s [p11_child[2296]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 539s [p11_child[2296]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 539s [p11_child[2296]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 539s [p11_child[2296]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 539s [p11_child[2296]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 539s [p11_child[2296]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 539s [p11_child[2296]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 539s [p11_child[2296]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 539s [p11_child[2296]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 539s [p11_child[2296]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 539s [p11_child[2296]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 539s [p11_child[2296]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 539s [p11_child[2296]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 539s [p11_child[2296]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 539s [p11_child[2296]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 539s [p11_child[2296]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 539s [p11_child[2296]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 539s [p11_child[2296]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 539s [p11_child[2296]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 539s [p11_child[2296]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 539s [p11_child[2296]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 539s [p11_child[2296]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 539s [p11_child[2296]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 539s [p11_child[2296]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 539s [p11_child[2296]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 539s [p11_child[2296]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 539s [p11_child[2296]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 539s [p11_child[2296]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 539s [p11_child[2296]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 539s [p11_child[2296]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 539s [p11_child[2296]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 539s [p11_child[2296]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 539s [p11_child[2296]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 539s [p11_child[2296]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 539s [p11_child[2296]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 539s [p11_child[2296]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 539s [p11_child[2296]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 539s [p11_child[2296]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 539s [p11_child[2296]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 539s [p11_child[2296]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 539s [p11_child[2296]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 539s [p11_child[2296]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 539s [p11_child[2296]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 539s [p11_child[2296]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 539s [p11_child[2296]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 539s [p11_child[2296]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 539s [p11_child[2296]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 539s [p11_child[2296]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 539s [p11_child[2296]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 539s [p11_child[2296]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 539s [p11_child[2296]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 539s [p11_child[2296]] [do_card] (0x4000): Certificate verified and validated. 539s [p11_child[2296]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 539s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-npKDtO/SSSD-child-6623-auth.output 539s + echo '-----BEGIN CERTIFICATE-----' 539s + tail -n1 /tmp/sssd-softhsm2-npKDtO/SSSD-child-6623-auth.output 539s + echo '-----END CERTIFICATE-----' 539s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-npKDtO/SSSD-child-6623-auth.pem 539s Certificate: 539s Data: 539s Version: 3 (0x2) 539s Serial Number: 5 (0x5) 539s Signature Algorithm: sha256WithRSAEncryption 539s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate CA 539s Validity 539s Not Before: Mar 26 12:49:52 2024 GMT 539s Not After : Mar 26 12:49:52 2025 GMT 539s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate Trusted Certificate 0001 539s Subject Public Key Info: 539s Public Key Algorithm: rsaEncryption 539s Public-Key: (1024 bit) 539s Modulus: 539s 00:bb:73:d6:62:89:2c:58:05:7d:fa:ab:86:4a:da: 539s b3:8c:92:01:8c:6d:81:6d:26:c0:ee:8f:cb:25:f4: 539s f4:61:26:e3:11:70:c7:3f:f4:6b:0b:bd:62:0d:0a: 539s 0f:c7:bc:07:24:aa:c7:66:d4:5e:b5:cb:60:9e:3a: 539s ce:44:0b:ac:57:98:c7:1d:d3:a7:e5:4c:9d:cd:05: 539s 45:e4:14:69:0e:36:95:51:c8:26:8a:ff:09:7e:59: 539s 2a:8f:be:e3:67:d3:8b:c1:34:7a:35:8a:c5:a8:d3: 539s a5:b4:04:ae:60:95:25:83:51:7d:9a:de:cf:79:db: 539s 62:bc:29:cd:b2:cb:7f:d7:77 539s Exponent: 65537 (0x10001) 539s X509v3 extensions: 539s X509v3 Authority Key Identifier: 539s 06:C6:E9:59:39:40:4C:C8:91:72:38:58:CE:35:97:D8:7C:8A:AD:58 539s X509v3 Basic Constraints: 539s CA:FALSE 539s Netscape Cert Type: 539s SSL Client, S/MIME 539s Netscape Comment: 539s Test Organization Sub Intermediate CA trusted Certificate 539s X509v3 Subject Key Identifier: 539s 19:7F:4C:47:4B:B5:EB:8E:C4:12:70:A0:0D:C7:11:3F:8C:B9:B2:7A 539s X509v3 Key Usage: critical 539s Digital Signature, Non Repudiation, Key Encipherment 539s X509v3 Extended Key Usage: 539s TLS Web Client Authentication, E-mail Protection 539s X509v3 Subject Alternative Name: 539s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 539s Signature Algorithm: sha256WithRSAEncryption 539s Signature Value: 539s b1:03:6d:b2:16:50:5e:01:77:52:e3:28:78:3b:ce:e0:d9:ce: 539s 3f:42:cd:65:88:bd:d4:84:b3:c4:9f:ae:75:35:f1:cd:75:00: 539s b4:52:56:c2:f4:b8:bc:95:bd:ce:20:2b:aa:cc:f6:eb:2a:fe: 539s de:61:b0:3b:40:cb:23:c1:98:8a:ec:ff:04:d8:f4:f3:64:2f: 539s 91:92:68:13:22:16:5d:15:5e:85:69:b7:00:ee:f3:16:d1:3c: 539s 00:2e:77:88:53:7d:89:bc:04:c9:7b:81:3d:fb:f0:70:b9:60: 539s 9d:01:f8:27:f3:4b:f8:2a:d7:4a:c0:ff:57:17:d5:57:c3:a8: 539s fd:af 539s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-npKDtO/SSSD-child-6623-auth.pem 539s + found_md5=Modulus=BB73D662892C58057DFAAB864ADAB38C92018C6D816D26C0EE8FCB25F4F46126E31170C73FF46B0BBD620D0A0FC7BC0724AAC766D45EB5CB609E3ACE440BAC5798C71DD3A7E54C9DCD0545E414690E369551C8268AFF097E592A8FBEE367D38BC1347A358AC5A8D3A5B404AE60952583517D9ADECF79DB62BC29CDB2CB7FD777 539s + '[' Modulus=BB73D662892C58057DFAAB864ADAB38C92018C6D816D26C0EE8FCB25F4F46126E31170C73FF46B0BBD620D0A0FC7BC0724AAC766D45EB5CB609E3ACE440BAC5798C71DD3A7E54C9DCD0545E414690E369551C8268AFF097E592A8FBEE367D38BC1347A358AC5A8D3A5B404AE60952583517D9ADECF79DB62BC29CDB2CB7FD777 '!=' Modulus=BB73D662892C58057DFAAB864ADAB38C92018C6D816D26C0EE8FCB25F4F46126E31170C73FF46B0BBD620D0A0FC7BC0724AAC766D45EB5CB609E3ACE440BAC5798C71DD3A7E54C9DCD0545E414690E369551C8268AFF097E592A8FBEE367D38BC1347A358AC5A8D3A5B404AE60952583517D9ADECF79DB62BC29CDB2CB7FD777 ']' 539s + invalid_certificate /tmp/sssd-softhsm2-npKDtO/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-6197 /tmp/sssd-softhsm2-npKDtO/test-sub-intermediate-CA.pem 539s + check_certificate /tmp/sssd-softhsm2-npKDtO/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-6197 /tmp/sssd-softhsm2-npKDtO/test-sub-intermediate-CA.pem 539s + local certificate=/tmp/sssd-softhsm2-npKDtO/test-sub-intermediate-CA-trusted-certificate-0001.pem 539s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-6197 539s + local key_ring=/tmp/sssd-softhsm2-npKDtO/test-sub-intermediate-CA.pem 539s + local verify_option= 539s + prepare_softhsm2_card /tmp/sssd-softhsm2-npKDtO/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-6197 539s + local certificate=/tmp/sssd-softhsm2-npKDtO/test-sub-intermediate-CA-trusted-certificate-0001.pem 539s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-6197 539s + local key_cn 539s + local key_name 539s + local tokens_dir 539s + local output_cert_file 539s + token_name= 539s ++ basename /tmp/sssd-softhsm2-npKDtO/test-sub-intermediate-CA-trusted-certificate-0001.pem .pem 539s + key_name=test-sub-intermediate-CA-trusted-certificate-0001 539s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-npKDtO/test-sub-intermediate-CA-trusted-certificate-0001.pem 539s ++ sed -n 's/ *commonName *= //p' 539s + key_cn='Test Organization Sub Intermediate Trusted Certificate 0001' 539s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 539s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-npKDtO/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 539s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-npKDtO/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 539s ++ basename /tmp/sssd-softhsm2-npKDtO/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf .conf 539s + tokens_dir=/tmp/sssd-softhsm2-npKDtO/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 539s + token_name='Test Organization Sub Int Token' 539s Test Organization Sub Int Token 539s + '[' '!' -e /tmp/sssd-softhsm2-npKDtO/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf ']' 539s + '[' '!' -d /tmp/sssd-softhsm2-npKDtO/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 ']' 539s + echo 'Test Organization Sub Int Token' 539s + '[' -n '' ']' 539s + local output_base_name=SSSD-child-10944 539s + local output_file=/tmp/sssd-softhsm2-npKDtO/SSSD-child-10944.output 539s + output_cert_file=/tmp/sssd-softhsm2-npKDtO/SSSD-child-10944.pem 539s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so '' --ca_db=/tmp/sssd-softhsm2-npKDtO/test-sub-intermediate-CA.pem 539s [p11_child[2306]] [main] (0x0400): p11_child started. 539s [p11_child[2306]] [main] (0x2000): Running in [pre-auth] mode. 539s [p11_child[2306]] [main] (0x2000): Running with effective IDs: [0][0]. 539s [p11_child[2306]] [main] (0x2000): Running with real IDs [0][0]. 539s [p11_child[2306]] [do_card] (0x4000): Module List: 539s [p11_child[2306]] [do_card] (0x4000): common name: [softhsm2]. 539s [p11_child[2306]] [do_card] (0x4000): dll name: [/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 539s [p11_child[2306]] [do_card] (0x4000): Description [SoftHSM slot ID 0x5ef7b0bb] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 539s [p11_child[2306]] [do_card] (0x4000): Token label [Test Organization Sub Int Token]. 539s [p11_child[2306]] [do_card] (0x4000): Found [Test Organization Sub Int Token] in slot [SoftHSM slot ID 0x5ef7b0bb][1593290939] of module [0][/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 539s [p11_child[2306]] [do_card] (0x4000): Login NOT required. 539s [p11_child[2306]] [read_certs] (0x4000): found cert[Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] 539s [p11_child[2306]] [do_verification] (0x0040): X509_verify_cert failed [0]. 539s [p11_child[2306]] [do_verification] (0x0040): X509_verify_cert failed [2][unable to get issuer certificate]. 539s [p11_child[2306]] [read_certs] (0x0040): Certificate [Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] not valid, skipping. 539s [p11_child[2306]] [do_card] (0x4000): No certificate found. 539s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-npKDtO/SSSD-child-10944.output 539s + return 2 539s + invalid_certificate /tmp/sssd-softhsm2-npKDtO/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-6197 /tmp/sssd-softhsm2-npKDtO/test-root-intermediate-chain-CA.pem partial_chain 539s + check_certificate /tmp/sssd-softhsm2-npKDtO/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-6197 /tmp/sssd-softhsm2-npKDtO/test-root-intermediate-chain-CA.pem partial_chain 539s + local certificate=/tmp/sssd-softhsm2-npKDtO/test-sub-intermediate-CA-trusted-certificate-0001.pem 539s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-6197 539s + local key_ring=/tmp/sssd-softhsm2-npKDtO/test-root-intermediate-chain-CA.pem 539s + local verify_option=partial_chain 539s + prepare_softhsm2_card /tmp/sssd-softhsm2-npKDtO/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-6197 539s + local certificate=/tmp/sssd-softhsm2-npKDtO/test-sub-intermediate-CA-trusted-certificate-0001.pem 539s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-6197 539s + local key_cn 539s + local key_name 539s + local tokens_dir 539s + local output_cert_file 539s + token_name= 539s ++ basename /tmp/sssd-softhsm2-npKDtO/test-sub-intermediate-CA-trusted-certificate-0001.pem .pem 539s + key_name=test-sub-intermediate-CA-trusted-certificate-0001 539s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-npKDtO/test-sub-intermediate-CA-trusted-certificate-0001.pem 539s ++ sed -n 's/ *commonName *= //p' 539s + key_cn='Test Organization Sub Intermediate Trusted Certificate 0001' 539s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 539s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-npKDtO/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 539s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-npKDtO/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 539s ++ basename /tmp/sssd-softhsm2-npKDtO/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf .conf 539s Test Organization Sub Int Token 539s + tokens_dir=/tmp/sssd-softhsm2-npKDtO/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 539s + token_name='Test Organization Sub Int Token' 539s + '[' '!' -e /tmp/sssd-softhsm2-npKDtO/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf ']' 539s + '[' '!' -d /tmp/sssd-softhsm2-npKDtO/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 ']' 539s + echo 'Test Organization Sub Int Token' 539s + '[' -n partial_chain ']' 539s + local verify_arg=--verify=partial_chain 539s + local output_base_name=SSSD-child-15780 539s + local output_file=/tmp/sssd-softhsm2-npKDtO/SSSD-child-15780.output 539s + output_cert_file=/tmp/sssd-softhsm2-npKDtO/SSSD-child-15780.pem 539s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so --verify=partial_chain --ca_db=/tmp/sssd-softhsm2-npKDtO/test-root-intermediate-chain-CA.pem 539s [p11_child[2313]] [main] (0x0400): p11_child started. 539s [p11_child[2313]] [main] (0x2000): Running in [pre-auth] mode. 539s [p11_child[2313]] [main] (0x2000): Running with effective IDs: [0][0]. 539s [p11_child[2313]] [main] (0x2000): Running with real IDs [0][0]. 539s [p11_child[2313]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 539s [p11_child[2313]] [do_card] (0x4000): Module List: 539s [p11_child[2313]] [do_card] (0x4000): common name: [softhsm2]. 539s [p11_child[2313]] [do_card] (0x4000): dll name: [/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 539s [p11_child[2313]] [do_card] (0x4000): Description [SoftHSM slot ID 0x5ef7b0bb] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 539s [p11_child[2313]] [do_card] (0x4000): Token label [Test Organization Sub Int Token]. 539s [p11_child[2313]] [do_card] (0x4000): Found [Test Organization Sub Int Token] in slot [SoftHSM slot ID 0x5ef7b0bb][1593290939] of module [0][/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 539s [p11_child[2313]] [do_card] (0x4000): Login NOT required. 539s [p11_child[2313]] [read_certs] (0x4000): found cert[Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] 539s [p11_child[2313]] [do_verification] (0x0040): X509_verify_cert failed [0]. 539s [p11_child[2313]] [do_verification] (0x0040): X509_verify_cert failed [20][unable to get local issuer certificate]. 539s [p11_child[2313]] [read_certs] (0x0040): Certificate [Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] not valid, skipping. 539s [p11_child[2313]] [do_card] (0x4000): No certificate found. 539s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-npKDtO/SSSD-child-15780.output 539s + return 2 539s + valid_certificate /tmp/sssd-softhsm2-npKDtO/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-6197 /tmp/sssd-softhsm2-npKDtO/test-sub-intermediate-CA.pem partial_chain 539s + check_certificate /tmp/sssd-softhsm2-npKDtO/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-6197 /tmp/sssd-softhsm2-npKDtO/test-sub-intermediate-CA.pem partial_chain 539s + local certificate=/tmp/sssd-softhsm2-npKDtO/test-sub-intermediate-CA-trusted-certificate-0001.pem 539s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-6197 539s + local key_ring=/tmp/sssd-softhsm2-npKDtO/test-sub-intermediate-CA.pem 539s + local verify_option=partial_chain 539s + prepare_softhsm2_card /tmp/sssd-softhsm2-npKDtO/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-6197 539s + local certificate=/tmp/sssd-softhsm2-npKDtO/test-sub-intermediate-CA-trusted-certificate-0001.pem 539s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-6197 539s + local key_cn 539s + local key_name 539s + local tokens_dir 539s + local output_cert_file 539s + token_name= 539s ++ basename /tmp/sssd-softhsm2-npKDtO/test-sub-intermediate-CA-trusted-certificate-0001.pem .pem 539s + key_name=test-sub-intermediate-CA-trusted-certificate-0001 539s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-npKDtO/test-sub-intermediate-CA-trusted-certificate-0001.pem 539s ++ sed -n 's/ *commonName *= //p' 539s + key_cn='Test Organization Sub Intermediate Trusted Certificate 0001' 539s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 539s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-npKDtO/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 539s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-npKDtO/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 539s ++ basename /tmp/sssd-softhsm2-npKDtO/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf .conf 539s + tokens_dir=/tmp/sssd-softhsm2-npKDtO/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 539s + token_name='Test Organization Sub Int Token' 539s + '[' '!' -e /tmp/sssd-softhsm2-npKDtO/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf ']' 539s Test Organization Sub Int Token 539s + '[' '!' -d /tmp/sssd-softhsm2-npKDtO/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 ']' 539s + echo 'Test Organization Sub Int Token' 539s + '[' -n partial_chain ']' 539s + local verify_arg=--verify=partial_chain 539s + local output_base_name=SSSD-child-17119 539s + local output_file=/tmp/sssd-softhsm2-npKDtO/SSSD-child-17119.output 539s + output_cert_file=/tmp/sssd-softhsm2-npKDtO/SSSD-child-17119.pem 539s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so --verify=partial_chain --ca_db=/tmp/sssd-softhsm2-npKDtO/test-sub-intermediate-CA.pem 539s [p11_child[2320]] [main] (0x0400): p11_child started. 539s [p11_child[2320]] [main] (0x2000): Running in [pre-auth] mode. 539s [p11_child[2320]] [main] (0x2000): Running with effective IDs: [0][0]. 539s [p11_child[2320]] [main] (0x2000): Running with real IDs [0][0]. 539s [p11_child[2320]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 539s [p11_child[2320]] [do_card] (0x4000): Module List: 539s [p11_child[2320]] [do_card] (0x4000): common name: [softhsm2]. 539s [p11_child[2320]] [do_card] (0x4000): dll name: [/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 539s [p11_child[2320]] [do_card] (0x4000): Description [SoftHSM slot ID 0x5ef7b0bb] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 539s [p11_child[2320]] [do_card] (0x4000): Token label [Test Organization Sub Int Token]. 539s [p11_child[2320]] [do_card] (0x4000): Found [Test Organization Sub Int Token] in slot [SoftHSM slot ID 0x5ef7b0bb][1593290939] of module [0][/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 539s [p11_child[2320]] [do_card] (0x4000): Login NOT required. 539s [p11_child[2320]] [read_certs] (0x4000): found cert[Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] 539s [p11_child[2320]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 539s [p11_child[2320]] [do_card] (0x4000): /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so (null) Test Organization Sub Int Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 539s [p11_child[2320]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x5ef7b0bb;slot-manufacturer=SoftHSM%20project;slot-id=1593290939;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=fcf1f8fedef7b0bb;token=Test%20Organization%20Sub%20Int%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Sub%20Intermediate%20Trusted%20Certificate%200001;type=cert. 539s [p11_child[2320]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 539s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-npKDtO/SSSD-child-17119.output 539s + echo '-----BEGIN CERTIFICATE-----' 539s + tail -n1 /tmp/sssd-softhsm2-npKDtO/SSSD-child-17119.output 539s + echo '-----END CERTIFICATE-----' 539s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-npKDtO/SSSD-child-17119.pem 539s Certificate: 539s Data: 539s Version: 3 (0x2) 539s Serial Number: 5 (0x5) 539s Signature Algorithm: sha256WithRSAEncryption 539s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate CA 539s Validity 539s Not Before: Mar 26 12:49:52 2024 GMT 539s Not After : Mar 26 12:49:52 2025 GMT 539s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate Trusted Certificate 0001 539s Subject Public Key Info: 539s Public Key Algorithm: rsaEncryption 539s Public-Key: (1024 bit) 539s Modulus: 539s 00:bb:73:d6:62:89:2c:58:05:7d:fa:ab:86:4a:da: 539s b3:8c:92:01:8c:6d:81:6d:26:c0:ee:8f:cb:25:f4: 539s f4:61:26:e3:11:70:c7:3f:f4:6b:0b:bd:62:0d:0a: 539s 0f:c7:bc:07:24:aa:c7:66:d4:5e:b5:cb:60:9e:3a: 539s ce:44:0b:ac:57:98:c7:1d:d3:a7:e5:4c:9d:cd:05: 539s 45:e4:14:69:0e:36:95:51:c8:26:8a:ff:09:7e:59: 539s 2a:8f:be:e3:67:d3:8b:c1:34:7a:35:8a:c5:a8:d3: 539s a5:b4:04:ae:60:95:25:83:51:7d:9a:de:cf:79:db: 539s 62:bc:29:cd:b2:cb:7f:d7:77 539s Exponent: 65537 (0x10001) 539s X509v3 extensions: 539s X509v3 Authority Key Identifier: 539s 06:C6:E9:59:39:40:4C:C8:91:72:38:58:CE:35:97:D8:7C:8A:AD:58 539s X509v3 Basic Constraints: 539s CA:FALSE 539s Netscape Cert Type: 539s SSL Client, S/MIME 539s Netscape Comment: 539s Test Organization Sub Intermediate CA trusted Certificate 539s X509v3 Subject Key Identifier: 539s 19:7F:4C:47:4B:B5:EB:8E:C4:12:70:A0:0D:C7:11:3F:8C:B9:B2:7A 539s X509v3 Key Usage: critical 539s Digital Signature, Non Repudiation, Key Encipherment 539s X509v3 Extended Key Usage: 539s TLS Web Client Authentication, E-mail Protection 539s X509v3 Subject Alternative Name: 539s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 539s Signature Algorithm: sha256WithRSAEncryption 539s Signature Value: 539s b1:03:6d:b2:16:50:5e:01:77:52:e3:28:78:3b:ce:e0:d9:ce: 539s 3f:42:cd:65:88:bd:d4:84:b3:c4:9f:ae:75:35:f1:cd:75:00: 539s b4:52:56:c2:f4:b8:bc:95:bd:ce:20:2b:aa:cc:f6:eb:2a:fe: 539s de:61:b0:3b:40:cb:23:c1:98:8a:ec:ff:04:d8:f4:f3:64:2f: 539s 91:92:68:13:22:16:5d:15:5e:85:69:b7:00:ee:f3:16:d1:3c: 539s 00:2e:77:88:53:7d:89:bc:04:c9:7b:81:3d:fb:f0:70:b9:60: 539s 9d:01:f8:27:f3:4b:f8:2a:d7:4a:c0:ff:57:17:d5:57:c3:a8: 539s fd:af 539s + local found_md5 expected_md5 539s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-npKDtO/test-sub-intermediate-CA-trusted-certificate-0001.pem 539s + expected_md5=Modulus=BB73D662892C58057DFAAB864ADAB38C92018C6D816D26C0EE8FCB25F4F46126E31170C73FF46B0BBD620D0A0FC7BC0724AAC766D45EB5CB609E3ACE440BAC5798C71DD3A7E54C9DCD0545E414690E369551C8268AFF097E592A8FBEE367D38BC1347A358AC5A8D3A5B404AE60952583517D9ADECF79DB62BC29CDB2CB7FD777 539s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-npKDtO/SSSD-child-17119.pem 539s + found_md5=Modulus=BB73D662892C58057DFAAB864ADAB38C92018C6D816D26C0EE8FCB25F4F46126E31170C73FF46B0BBD620D0A0FC7BC0724AAC766D45EB5CB609E3ACE440BAC5798C71DD3A7E54C9DCD0545E414690E369551C8268AFF097E592A8FBEE367D38BC1347A358AC5A8D3A5B404AE60952583517D9ADECF79DB62BC29CDB2CB7FD777 539s + '[' Modulus=BB73D662892C58057DFAAB864ADAB38C92018C6D816D26C0EE8FCB25F4F46126E31170C73FF46B0BBD620D0A0FC7BC0724AAC766D45EB5CB609E3ACE440BAC5798C71DD3A7E54C9DCD0545E414690E369551C8268AFF097E592A8FBEE367D38BC1347A358AC5A8D3A5B404AE60952583517D9ADECF79DB62BC29CDB2CB7FD777 '!=' Modulus=BB73D662892C58057DFAAB864ADAB38C92018C6D816D26C0EE8FCB25F4F46126E31170C73FF46B0BBD620D0A0FC7BC0724AAC766D45EB5CB609E3ACE440BAC5798C71DD3A7E54C9DCD0545E414690E369551C8268AFF097E592A8FBEE367D38BC1347A358AC5A8D3A5B404AE60952583517D9ADECF79DB62BC29CDB2CB7FD777 ']' 539s + output_file=/tmp/sssd-softhsm2-npKDtO/SSSD-child-17119-auth.output 539s ++ basename /tmp/sssd-softhsm2-npKDtO/SSSD-child-17119-auth.output .output 539s + output_cert_file=/tmp/sssd-softhsm2-npKDtO/SSSD-child-17119-auth.pem 539s + echo -n 053350 539s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/tmp/sssd-softhsm2-npKDtO/test-sub-intermediate-CA.pem --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 --verify=partial_chain --token_name 'Test Organization Sub Int Token' --module_name /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so 539s [p11_child[2328]] [main] (0x0400): p11_child started. 539s [p11_child[2328]] [main] (0x2000): Running in [auth] mode. 539s [p11_child[2328]] [main] (0x2000): Running with effective IDs: [0][0]. 539s [p11_child[2328]] [main] (0x2000): Running with real IDs [0][0]. 539s [p11_child[2328]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 539s [p11_child[2328]] [do_card] (0x4000): Module List: 539s [p11_child[2328]] [do_card] (0x4000): common name: [softhsm2]. 539s [p11_child[2328]] [do_card] (0x4000): dll name: [/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 539s [p11_child[2328]] [do_card] (0x4000): Description [SoftHSM slot ID 0x5ef7b0bb] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 539s [p11_child[2328]] [do_card] (0x4000): Token label [Test Organization Sub Int Token]. 539s [p11_child[2328]] [do_card] (0x4000): Found [Test Organization Sub Int Token] in slot [SoftHSM slot ID 0x5ef7b0bb][1593290939] of module [0][/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 539s [p11_child[2328]] [do_card] (0x4000): Login required. 539s [p11_child[2328]] [read_certs] (0x4000): found cert[Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] 539s [p11_child[2328]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 539s [p11_child[2328]] [do_card] (0x4000): /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so Test Organization Sub Int Token Test Organization Sub Int Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 539s [p11_child[2328]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x5ef7b0bb;slot-manufacturer=SoftHSM%20project;slot-id=1593290939;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=fcf1f8fedef7b0bb;token=Test%20Organization%20Sub%20Int%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Sub%20Intermediate%20Trusted%20Certificate%200001;type=cert. 539s [p11_child[2328]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 539s [p11_child[2328]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 539s [p11_child[2328]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 539s [p11_child[2328]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 539s [p11_child[2328]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 539s [p11_child[2328]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 539s [p11_child[2328]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 539s [p11_child[2328]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 539s [p11_child[2328]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 539s [p11_child[2328]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 539s [p11_child[2328]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 539s [p11_child[2328]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 539s [p11_child[2328]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 539s [p11_child[2328]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 539s [p11_child[2328]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 539s [p11_child[2328]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 539s [p11_child[2328]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 539s [p11_child[2328]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 539s [p11_child[2328]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 539s [p11_child[2328]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 539s [p11_child[2328]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 539s [p11_child[2328]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 539s [p11_child[2328]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 539s [p11_child[2328]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 539s [p11_child[2328]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 539s [p11_child[2328]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 539s [p11_child[2328]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 539s [p11_child[2328]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 539s [p11_child[2328]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 539s [p11_child[2328]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 539s [p11_child[2328]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 539s [p11_child[2328]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 539s [p11_child[2328]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 539s [p11_child[2328]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 539s [p11_child[2328]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 539s [p11_child[2328]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 539s [p11_child[2328]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 539s [p11_child[2328]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 539s [p11_child[2328]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 539s [p11_child[2328]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 539s [p11_child[2328]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 539s [p11_child[2328]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 539s [p11_child[2328]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 539s [p11_child[2328]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 539s [p11_child[2328]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 539s [p11_child[2328]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 539s [p11_child[2328]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 539s [p11_child[2328]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 539s [p11_child[2328]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 539s [p11_child[2328]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 539s [p11_child[2328]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 539s [p11_child[2328]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 539s [p11_child[2328]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 539s [p11_child[2328]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 539s [p11_child[2328]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 539s [p11_child[2328]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 539s [p11_child[2328]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 539s [p11_child[2328]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 539s [p11_child[2328]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 539s [p11_child[2328]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 539s [p11_child[2328]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 539s [p11_child[2328]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 539s [p11_child[2328]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 539s [p11_child[2328]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 539s [p11_child[2328]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 539s [p11_child[2328]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 539s [p11_child[2328]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 539s [p11_child[2328]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 539s [p11_child[2328]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 539s [p11_child[2328]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 539s [p11_child[2328]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 539s [p11_child[2328]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 539s [p11_child[2328]] [do_card] (0x4000): Certificate verified and validated. 539s [p11_child[2328]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 539s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-npKDtO/SSSD-child-17119-auth.output 539s + echo '-----BEGIN CERTIFICATE-----' 539s + tail -n1 /tmp/sssd-softhsm2-npKDtO/SSSD-child-17119-auth.output 539s + echo '-----END CERTIFICATE-----' 539s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-npKDtO/SSSD-child-17119-auth.pem 539s Certificate: 539s Data: 539s Version: 3 (0x2) 539s Serial Number: 5 (0x5) 539s Signature Algorithm: sha256WithRSAEncryption 539s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate CA 539s Validity 539s Not Before: Mar 26 12:49:52 2024 GMT 539s Not After : Mar 26 12:49:52 2025 GMT 539s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate Trusted Certificate 0001 539s Subject Public Key Info: 539s Public Key Algorithm: rsaEncryption 539s Public-Key: (1024 bit) 539s Modulus: 539s 00:bb:73:d6:62:89:2c:58:05:7d:fa:ab:86:4a:da: 539s b3:8c:92:01:8c:6d:81:6d:26:c0:ee:8f:cb:25:f4: 539s f4:61:26:e3:11:70:c7:3f:f4:6b:0b:bd:62:0d:0a: 539s 0f:c7:bc:07:24:aa:c7:66:d4:5e:b5:cb:60:9e:3a: 539s ce:44:0b:ac:57:98:c7:1d:d3:a7:e5:4c:9d:cd:05: 539s 45:e4:14:69:0e:36:95:51:c8:26:8a:ff:09:7e:59: 539s 2a:8f:be:e3:67:d3:8b:c1:34:7a:35:8a:c5:a8:d3: 539s a5:b4:04:ae:60:95:25:83:51:7d:9a:de:cf:79:db: 539s 62:bc:29:cd:b2:cb:7f:d7:77 539s Exponent: 65537 (0x10001) 539s X509v3 extensions: 539s X509v3 Authority Key Identifier: 539s 06:C6:E9:59:39:40:4C:C8:91:72:38:58:CE:35:97:D8:7C:8A:AD:58 539s X509v3 Basic Constraints: 539s CA:FALSE 539s Netscape Cert Type: 539s SSL Client, S/MIME 539s Netscape Comment: 539s Test Organization Sub Intermediate CA trusted Certificate 539s X509v3 Subject Key Identifier: 539s 19:7F:4C:47:4B:B5:EB:8E:C4:12:70:A0:0D:C7:11:3F:8C:B9:B2:7A 539s X509v3 Key Usage: critical 539s Digital Signature, Non Repudiation, Key Encipherment 539s X509v3 Extended Key Usage: 539s TLS Web Client Authentication, E-mail Protection 539s X509v3 Subject Alternative Name: 539s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 539s Signature Algorithm: sha256WithRSAEncryption 539s Signature Value: 539s b1:03:6d:b2:16:50:5e:01:77:52:e3:28:78:3b:ce:e0:d9:ce: 539s 3f:42:cd:65:88:bd:d4:84:b3:c4:9f:ae:75:35:f1:cd:75:00: 539s b4:52:56:c2:f4:b8:bc:95:bd:ce:20:2b:aa:cc:f6:eb:2a:fe: 539s de:61:b0:3b:40:cb:23:c1:98:8a:ec:ff:04:d8:f4:f3:64:2f: 539s 91:92:68:13:22:16:5d:15:5e:85:69:b7:00:ee:f3:16:d1:3c: 539s 00:2e:77:88:53:7d:89:bc:04:c9:7b:81:3d:fb:f0:70:b9:60: 539s 9d:01:f8:27:f3:4b:f8:2a:d7:4a:c0:ff:57:17:d5:57:c3:a8: 539s fd:af 539s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-npKDtO/SSSD-child-17119-auth.pem 539s + found_md5=Modulus=BB73D662892C58057DFAAB864ADAB38C92018C6D816D26C0EE8FCB25F4F46126E31170C73FF46B0BBD620D0A0FC7BC0724AAC766D45EB5CB609E3ACE440BAC5798C71DD3A7E54C9DCD0545E414690E369551C8268AFF097E592A8FBEE367D38BC1347A358AC5A8D3A5B404AE60952583517D9ADECF79DB62BC29CDB2CB7FD777 539s + '[' Modulus=BB73D662892C58057DFAAB864ADAB38C92018C6D816D26C0EE8FCB25F4F46126E31170C73FF46B0BBD620D0A0FC7BC0724AAC766D45EB5CB609E3ACE440BAC5798C71DD3A7E54C9DCD0545E414690E369551C8268AFF097E592A8FBEE367D38BC1347A358AC5A8D3A5B404AE60952583517D9ADECF79DB62BC29CDB2CB7FD777 '!=' Modulus=BB73D662892C58057DFAAB864ADAB38C92018C6D816D26C0EE8FCB25F4F46126E31170C73FF46B0BBD620D0A0FC7BC0724AAC766D45EB5CB609E3ACE440BAC5798C71DD3A7E54C9DCD0545E414690E369551C8268AFF097E592A8FBEE367D38BC1347A358AC5A8D3A5B404AE60952583517D9ADECF79DB62BC29CDB2CB7FD777 ']' 539s + valid_certificate /tmp/sssd-softhsm2-npKDtO/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-6197 /tmp/sssd-softhsm2-npKDtO/test-intermediate-sub-chain-CA.pem partial_chain 539s + check_certificate /tmp/sssd-softhsm2-npKDtO/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-6197 /tmp/sssd-softhsm2-npKDtO/test-intermediate-sub-chain-CA.pem partial_chain 539s + local certificate=/tmp/sssd-softhsm2-npKDtO/test-sub-intermediate-CA-trusted-certificate-0001.pem 539s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-6197 539s + local key_ring=/tmp/sssd-softhsm2-npKDtO/test-intermediate-sub-chain-CA.pem 539s + local verify_option=partial_chain 539s + prepare_softhsm2_card /tmp/sssd-softhsm2-npKDtO/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-6197 539s + local certificate=/tmp/sssd-softhsm2-npKDtO/test-sub-intermediate-CA-trusted-certificate-0001.pem 539s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-6197 539s + local key_cn 539s + local key_name 539s + local tokens_dir 539s + local output_cert_file 539s + token_name= 539s ++ basename /tmp/sssd-softhsm2-npKDtO/test-sub-intermediate-CA-trusted-certificate-0001.pem .pem 539s + key_name=test-sub-intermediate-CA-trusted-certificate-0001 539s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-npKDtO/test-sub-intermediate-CA-trusted-certificate-0001.pem 539s ++ sed -n 's/ *commonName *= //p' 539s + key_cn='Test Organization Sub Intermediate Trusted Certificate 0001' 539s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 539s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-npKDtO/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 539s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-npKDtO/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 539s ++ basename /tmp/sssd-softhsm2-npKDtO/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf .conf 539s + tokens_dir=/tmp/sssd-softhsm2-npKDtO/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 539s + token_name='Test Organization Sub Int Token' 539s Test Organization Sub Int Token 539s + '[' '!' -e /tmp/sssd-softhsm2-npKDtO/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf ']' 539s + '[' '!' -d /tmp/sssd-softhsm2-npKDtO/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 ']' 539s + echo 'Test Organization Sub Int Token' 539s + '[' -n partial_chain ']' 539s + local verify_arg=--verify=partial_chain 539s + local output_base_name=SSSD-child-7251 539s + local output_file=/tmp/sssd-softhsm2-npKDtO/SSSD-child-7251.output 539s + output_cert_file=/tmp/sssd-softhsm2-npKDtO/SSSD-child-7251.pem 539s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so --verify=partial_chain --ca_db=/tmp/sssd-softhsm2-npKDtO/test-intermediate-sub-chain-CA.pem 539s [p11_child[2338]] [main] (0x0400): p11_child started. 539s [p11_child[2338]] [main] (0x2000): Running in [pre-auth] mode. 539s [p11_child[2338]] [main] (0x2000): Running with effective IDs: [0][0]. 539s [p11_child[2338]] [main] (0x2000): Running with real IDs [0][0]. 539s [p11_child[2338]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 539s [p11_child[2338]] [do_card] (0x4000): Module List: 539s [p11_child[2338]] [do_card] (0x4000): common name: [softhsm2]. 539s [p11_child[2338]] [do_card] (0x4000): dll name: [/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 539s [p11_child[2338]] [do_card] (0x4000): Description [SoftHSM slot ID 0x5ef7b0bb] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 539s [p11_child[2338]] [do_card] (0x4000): Token label [Test Organization Sub Int Token]. 539s [p11_child[2338]] [do_card] (0x4000): Found [Test Organization Sub Int Token] in slot [SoftHSM slot ID 0x5ef7b0bb][1593290939] of module [0][/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 539s [p11_child[2338]] [do_card] (0x4000): Login NOT required. 539s [p11_child[2338]] [read_certs] (0x4000): found cert[Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] 539s [p11_child[2338]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 539s [p11_child[2338]] [do_card] (0x4000): /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so (null) Test Organization Sub Int Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 539s [p11_child[2338]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x5ef7b0bb;slot-manufacturer=SoftHSM%20project;slot-id=1593290939;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=fcf1f8fedef7b0bb;token=Test%20Organization%20Sub%20Int%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Sub%20Intermediate%20Trusted%20Certificate%200001;type=cert. 539s [p11_child[2338]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 539s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-npKDtO/SSSD-child-7251.output 539s + echo '-----BEGIN CERTIFICATE-----' 539s + tail -n1 /tmp/sssd-softhsm2-npKDtO/SSSD-child-7251.output 539s + echo '-----END CERTIFICATE-----' 539s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-npKDtO/SSSD-child-7251.pem 539s Certificate: 539s Data: 539s Version: 3 (0x2) 539s Serial Number: 5 (0x5) 539s Signature Algorithm: sha256WithRSAEncryption 539s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate CA 539s Validity 539s Not Before: Mar 26 12:49:52 2024 GMT 539s Not After : Mar 26 12:49:52 2025 GMT 539s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate Trusted Certificate 0001 539s Subject Public Key Info: 539s Public Key Algorithm: rsaEncryption 539s Public-Key: (1024 bit) 539s Modulus: 539s 00:bb:73:d6:62:89:2c:58:05:7d:fa:ab:86:4a:da: 539s b3:8c:92:01:8c:6d:81:6d:26:c0:ee:8f:cb:25:f4: 539s f4:61:26:e3:11:70:c7:3f:f4:6b:0b:bd:62:0d:0a: 539s 0f:c7:bc:07:24:aa:c7:66:d4:5e:b5:cb:60:9e:3a: 539s ce:44:0b:ac:57:98:c7:1d:d3:a7:e5:4c:9d:cd:05: 539s 45:e4:14:69:0e:36:95:51:c8:26:8a:ff:09:7e:59: 539s 2a:8f:be:e3:67:d3:8b:c1:34:7a:35:8a:c5:a8:d3: 539s a5:b4:04:ae:60:95:25:83:51:7d:9a:de:cf:79:db: 539s 62:bc:29:cd:b2:cb:7f:d7:77 539s Exponent: 65537 (0x10001) 539s X509v3 extensions: 539s X509v3 Authority Key Identifier: 539s 06:C6:E9:59:39:40:4C:C8:91:72:38:58:CE:35:97:D8:7C:8A:AD:58 539s X509v3 Basic Constraints: 539s CA:FALSE 539s Netscape Cert Type: 539s SSL Client, S/MIME 539s Netscape Comment: 539s Test Organization Sub Intermediate CA trusted Certificate 539s X509v3 Subject Key Identifier: 539s 19:7F:4C:47:4B:B5:EB:8E:C4:12:70:A0:0D:C7:11:3F:8C:B9:B2:7A 539s X509v3 Key Usage: critical 539s Digital Signature, Non Repudiation, Key Encipherment 539s X509v3 Extended Key Usage: 539s TLS Web Client Authentication, E-mail Protection 539s X509v3 Subject Alternative Name: 539s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 539s Signature Algorithm: sha256WithRSAEncryption 539s Signature Value: 539s b1:03:6d:b2:16:50:5e:01:77:52:e3:28:78:3b:ce:e0:d9:ce: 539s 3f:42:cd:65:88:bd:d4:84:b3:c4:9f:ae:75:35:f1:cd:75:00: 539s b4:52:56:c2:f4:b8:bc:95:bd:ce:20:2b:aa:cc:f6:eb:2a:fe: 539s de:61:b0:3b:40:cb:23:c1:98:8a:ec:ff:04:d8:f4:f3:64:2f: 539s 91:92:68:13:22:16:5d:15:5e:85:69:b7:00:ee:f3:16:d1:3c: 539s 00:2e:77:88:53:7d:89:bc:04:c9:7b:81:3d:fb:f0:70:b9:60: 539s 9d:01:f8:27:f3:4b:f8:2a:d7:4a:c0:ff:57:17:d5:57:c3:a8: 539s fd:af 539s + local found_md5 expected_md5 539s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-npKDtO/test-sub-intermediate-CA-trusted-certificate-0001.pem 539s + expected_md5=Modulus=BB73D662892C58057DFAAB864ADAB38C92018C6D816D26C0EE8FCB25F4F46126E31170C73FF46B0BBD620D0A0FC7BC0724AAC766D45EB5CB609E3ACE440BAC5798C71DD3A7E54C9DCD0545E414690E369551C8268AFF097E592A8FBEE367D38BC1347A358AC5A8D3A5B404AE60952583517D9ADECF79DB62BC29CDB2CB7FD777 539s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-npKDtO/SSSD-child-7251.pem 539s + found_md5=Modulus=BB73D662892C58057DFAAB864ADAB38C92018C6D816D26C0EE8FCB25F4F46126E31170C73FF46B0BBD620D0A0FC7BC0724AAC766D45EB5CB609E3ACE440BAC5798C71DD3A7E54C9DCD0545E414690E369551C8268AFF097E592A8FBEE367D38BC1347A358AC5A8D3A5B404AE60952583517D9ADECF79DB62BC29CDB2CB7FD777 539s + '[' Modulus=BB73D662892C58057DFAAB864ADAB38C92018C6D816D26C0EE8FCB25F4F46126E31170C73FF46B0BBD620D0A0FC7BC0724AAC766D45EB5CB609E3ACE440BAC5798C71DD3A7E54C9DCD0545E414690E369551C8268AFF097E592A8FBEE367D38BC1347A358AC5A8D3A5B404AE60952583517D9ADECF79DB62BC29CDB2CB7FD777 '!=' Modulus=BB73D662892C58057DFAAB864ADAB38C92018C6D816D26C0EE8FCB25F4F46126E31170C73FF46B0BBD620D0A0FC7BC0724AAC766D45EB5CB609E3ACE440BAC5798C71DD3A7E54C9DCD0545E414690E369551C8268AFF097E592A8FBEE367D38BC1347A358AC5A8D3A5B404AE60952583517D9ADECF79DB62BC29CDB2CB7FD777 ']' 539s + output_file=/tmp/sssd-softhsm2-npKDtO/SSSD-child-7251-auth.output 539s ++ basename /tmp/sssd-softhsm2-npKDtO/SSSD-child-7251-auth.output .output 539s + output_cert_file=/tmp/sssd-softhsm2-npKDtO/SSSD-child-7251-auth.pem 539s + echo -n 053350 539s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/tmp/sssd-softhsm2-npKDtO/test-intermediate-sub-chain-CA.pem --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 --verify=partial_chain --token_name 'Test Organization Sub Int Token' --module_name /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so 539s [p11_child[2346]] [main] (0x0400): p11_child started. 539s [p11_child[2346]] [main] (0x2000): Running in [auth] mode. 539s [p11_child[2346]] [main] (0x2000): Running with effective IDs: [0][0]. 539s [p11_child[2346]] [main] (0x2000): Running with real IDs [0][0]. 539s [p11_child[2346]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 539s [p11_child[2346]] [do_card] (0x4000): Module List: 539s [p11_child[2346]] [do_card] (0x4000): common name: [softhsm2]. 539s [p11_child[2346]] [do_card] (0x4000): dll name: [/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 539s [p11_child[2346]] [do_card] (0x4000): Description [SoftHSM slot ID 0x5ef7b0bb] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 539s [p11_child[2346]] [do_card] (0x4000): Token label [Test Organization Sub Int Token]. 539s [p11_child[2346]] [do_card] (0x4000): Found [Test Organization Sub Int Token] in slot [SoftHSM slot ID 0x5ef7b0bb][1593290939] of module [0][/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so]. 539s [p11_child[2346]] [do_card] (0x4000): Login required. 539s [p11_child[2346]] [read_certs] (0x4000): found cert[Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] 539s [p11_child[2346]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 539s [p11_child[2346]] [do_card] (0x4000): /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so Test Organization Sub Int Token Test Organization Sub Int Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 539s [p11_child[2346]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x5ef7b0bb;slot-manufacturer=SoftHSM%20project;slot-id=1593290939;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=fcf1f8fedef7b0bb;token=Test%20Organization%20Sub%20Int%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Sub%20Intermediate%20Trusted%20Certificate%200001;type=cert. 539s [p11_child[2346]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 539s [p11_child[2346]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 539s [p11_child[2346]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 539s [p11_child[2346]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 539s [p11_child[2346]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 539s [p11_child[2346]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 539s [p11_child[2346]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 539s [p11_child[2346]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 539s [p11_child[2346]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 539s [p11_child[2346]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 539s [p11_child[2346]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 539s [p11_child[2346]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 539s [p11_child[2346]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 539s [p11_child[2346]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 539s [p11_child[2346]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 539s [p11_child[2346]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 539s [p11_child[2346]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 539s [p11_child[2346]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 539s [p11_child[2346]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 539s [p11_child[2346]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 539s [p11_child[2346]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 539s [p11_child[2346]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 539s [p11_child[2346]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 539s [p11_child[2346]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 539s [p11_child[2346]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 539s [p11_child[2346]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 539s [p11_child[2346]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 539s [p11_child[2346]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 539s [p11_child[2346]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 539s [p11_child[2346]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 539s [p11_child[2346]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 539s [p11_child[2346]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 539s [p11_child[2346]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 539s [p11_child[2346]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 539s [p11_child[2346]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 539s [p11_child[2346]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 539s [p11_child[2346]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 539s [p11_child[2346]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 539s [p11_child[2346]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 539s [p11_child[2346]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 539s [p11_child[2346]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 539s [p11_child[2346]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 539s [p11_child[2346]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 539s [p11_child[2346]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 539s [p11_child[2346]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 539s [p11_child[2346]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 539s [p11_child[2346]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 539s [p11_child[2346]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 539s [p11_child[2346]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 539s [p11_child[2346]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 539s [p11_child[2346]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 539s [p11_child[2346]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 539s [p11_child[2346]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 539s [p11_child[2346]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 539s [p11_child[2346]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 539s [p11_child[2346]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 539s [p11_child[2346]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 539s [p11_child[2346]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 539s [p11_child[2346]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 539s [p11_child[2346]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 539s [p11_child[2346]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 539s [p11_child[2346]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 539s [p11_child[2346]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 539s [p11_child[2346]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 539s [p11_child[2346]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 539s [p11_child[2346]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 539s [p11_child[2346]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 539s [p11_child[2346]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 539s [p11_child[2346]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 539s [p11_child[2346]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 539s [p11_child[2346]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 539s [p11_child[2346]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 539s [p11_child[2346]] [do_card] (0x4000): Certificate verified and validated. 539s [p11_child[2346]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 539s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-npKDtO/SSSD-child-7251-auth.output 539s + echo '-----BEGIN CERTIFICATE-----' 539s + tail -n1 /tmp/sssd-softhsm2-npKDtO/SSSD-child-7251-auth.output 539s + echo '-----END CERTIFICATE-----' 539s Certificate: 539s Data: 539s Version: 3 (0x2) 539s Serial Number: 5 (0x5) 539s Signature Algorithm: sha256WithRSAEncryption 539s Issuer: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate CA 539s Validity 539s Not Before: Mar 26 12:49:52 2024 GMT 539s Not After : Mar 26 12:49:52 2025 GMT 539s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate Trusted Certificate 0001 539s Subject Public Key Info: 539s Public Key Algorithm: rsaEncryption 539s Public-Key: (1024 bit) 539s Modulus: 539s 00:bb:73:d6:62:89:2c:58:05:7d:fa:ab:86:4a:da: 539s b3:8c:92:01:8c:6d:81:6d:26:c0:ee:8f:cb:25:f4: 539s f4:61:26:e3:11:70:c7:3f:f4:6b:0b:bd:62:0d:0a: 539s 0f:c7:bc:07:24:aa:c7:66:d4:5e:b5:cb:60:9e:3a: 539s ce:44:0b:ac:57:98:c7:1d:d3:a7:e5:4c:9d:cd:05: 539s 45:e4:14:69:0e:36:95:51:c8:26:8a:ff:09:7e:59: 539s 2a:8f:be:e3:67:d3:8b:c1:34:7a:35:8a:c5:a8:d3: 539s a5:b4:04:ae:60:95:25:83:51:7d:9a:de:cf:79:db: 539s 62:bc:29:cd:b2:cb:7f:d7:77 539s Exponent: 65537 (0x10001) 539s X509v3 extensions: 539s X509v3 Authority Key Identifier: 539s 06:C6:E9:59:39:40:4C:C8:91:72:38:58:CE:35:97:D8:7C:8A:AD:58 539s X509v3 Basic Constraints: 539s CA:FALSE 539s Netscape Cert Type: 539s SSL Client, S/MIME 539s Netscape Comment: 539s Test Organization Sub Intermediate CA trusted Certificate 539s X509v3 Subject Key Identifier: 539s 19:7F:4C:47:4B:B5:EB:8E:C4:12:70:A0:0D:C7:11:3F:8C:B9:B2:7A 539s X509v3 Key Usage: critical 539s Digital Signature, Non Repudiation, Key Encipherment 539s X509v3 Extended Key Usage: 539s TLS Web Client Authentication, E-mail Protection 539s X509v3 Subject Alternative Name: 539s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 539s Signature Algorithm: sha256WithRSAEncryption 539s Signature Value: 539s b1:03:6d:b2:16:50:5e:01:77:52:e3:28:78:3b:ce:e0:d9:ce: 539s 3f:42:cd:65:88:bd:d4:84:b3:c4:9f:ae:75:35:f1:cd:75:00: 539s b4:52:56:c2:f4:b8:bc:95:bd:ce:20:2b:aa:cc:f6:eb:2a:fe: 539s de:61:b0:3b:40:cb:23:c1:98:8a:ec:ff:04:d8:f4:f3:64:2f: 539s 91:92:68:13:22:16:5d:15:5e:85:69:b7:00:ee:f3:16:d1:3c: 539s 00:2e:77:88:53:7d:89:bc:04:c9:7b:81:3d:fb:f0:70:b9:60: 539s 9d:01:f8:27:f3:4b:f8:2a:d7:4a:c0:ff:57:17:d5:57:c3:a8: 539s fd:af 539s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-npKDtO/SSSD-child-7251-auth.pem 539s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-npKDtO/SSSD-child-7251-auth.pem 539s 539s Test completed, Root CA and intermediate issued certificates verified! 539s + found_md5=Modulus=BB73D662892C58057DFAAB864ADAB38C92018C6D816D26C0EE8FCB25F4F46126E31170C73FF46B0BBD620D0A0FC7BC0724AAC766D45EB5CB609E3ACE440BAC5798C71DD3A7E54C9DCD0545E414690E369551C8268AFF097E592A8FBEE367D38BC1347A358AC5A8D3A5B404AE60952583517D9ADECF79DB62BC29CDB2CB7FD777 539s + '[' Modulus=BB73D662892C58057DFAAB864ADAB38C92018C6D816D26C0EE8FCB25F4F46126E31170C73FF46B0BBD620D0A0FC7BC0724AAC766D45EB5CB609E3ACE440BAC5798C71DD3A7E54C9DCD0545E414690E369551C8268AFF097E592A8FBEE367D38BC1347A358AC5A8D3A5B404AE60952583517D9ADECF79DB62BC29CDB2CB7FD777 '!=' Modulus=BB73D662892C58057DFAAB864ADAB38C92018C6D816D26C0EE8FCB25F4F46126E31170C73FF46B0BBD620D0A0FC7BC0724AAC766D45EB5CB609E3ACE440BAC5798C71DD3A7E54C9DCD0545E414690E369551C8268AFF097E592A8FBEE367D38BC1347A358AC5A8D3A5B404AE60952583517D9ADECF79DB62BC29CDB2CB7FD777 ']' 539s + set +x 540s autopkgtest [12:49:57]: test sssd-softhism2-certificates-tests.sh: -----------------------] 541s autopkgtest [12:49:58]: test sssd-softhism2-certificates-tests.sh: - - - - - - - - - - results - - - - - - - - - - 541s sssd-softhism2-certificates-tests.sh PASS 541s autopkgtest [12:49:58]: test sssd-smart-card-pam-auth-configs: preparing testbed 544s Reading package lists... 545s Building dependency tree... 545s Reading state information... 545s Starting pkgProblemResolver with broken count: 0 545s Starting 2 pkgProblemResolver with broken count: 0 545s Done 545s The following additional packages will be installed: 545s pamtester 545s The following NEW packages will be installed: 545s autopkgtest-satdep pamtester 545s 0 upgraded, 2 newly installed, 0 to remove and 0 not upgraded. 545s Need to get 12.2 kB/13.0 kB of archives. 545s After this operation, 36.9 kB of additional disk space will be used. 545s Get:1 /tmp/autopkgtest.6h4hhi/4-autopkgtest-satdep.deb autopkgtest-satdep s390x 0 [760 B] 545s Get:2 http://ftpmaster.internal/ubuntu noble/universe s390x pamtester s390x 0.1.2-4 [12.2 kB] 546s Fetched 12.2 kB in 0s (49.1 kB/s) 546s Selecting previously unselected package pamtester. 546s (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 52315 files and directories currently installed.) 546s Preparing to unpack .../pamtester_0.1.2-4_s390x.deb ... 546s Unpacking pamtester (0.1.2-4) ... 546s Selecting previously unselected package autopkgtest-satdep. 546s Preparing to unpack .../4-autopkgtest-satdep.deb ... 546s Unpacking autopkgtest-satdep (0) ... 546s Setting up pamtester (0.1.2-4) ... 546s Setting up autopkgtest-satdep (0) ... 546s Processing triggers for man-db (2.12.0-3) ... 548s (Reading database ... 52321 files and directories currently installed.) 548s Removing autopkgtest-satdep (0) ... 549s autopkgtest [12:50:06]: test sssd-smart-card-pam-auth-configs: env OFFLINE_MODE=1 bash debian/tests/sssd-smart-card-pam-auth-configs-tester.sh 549s autopkgtest [12:50:06]: test sssd-smart-card-pam-auth-configs: [----------------------- 549s + '[' -z ubuntu ']' 549s + export DEBIAN_FRONTEND=noninteractive 549s + DEBIAN_FRONTEND=noninteractive 549s + required_tools=(pamtester softhsm2-util sssd) 549s + [[ ! -v OFFLINE_MODE ]] 549s + for cmd in "${required_tools[@]}" 549s + command -v pamtester 549s + for cmd in "${required_tools[@]}" 549s + command -v softhsm2-util 549s + for cmd in "${required_tools[@]}" 549s + command -v sssd 549s + PIN=123456 549s ++ mktemp -d -t sssd-softhsm2-certs-XXXXXX 549s + tmpdir=/tmp/sssd-softhsm2-certs-cbnhQX 549s + backupsdir= 549s + alternative_pam_configs=(sss-smart-card-optional sss-smart-card-required) 549s + declare -a restore_paths 549s + declare -a delete_paths 549s + trap handle_exit EXIT 549s ++ dirname debian/tests/sssd-smart-card-pam-auth-configs-tester.sh 549s + tester=debian/tests/sssd-softhism2-certificates-tests.sh 549s + '[' '!' -e debian/tests/sssd-softhism2-certificates-tests.sh ']' 549s + '[' '!' -e debian/tests/sssd-softhism2-certificates-tests.sh ']' 549s + export PIN TEST_TMPDIR=/tmp/sssd-softhsm2-certs-cbnhQX GENERATE_SMART_CARDS=1 KEEP_TEMPORARY_FILES=1 NO_SSSD_TESTS=1 549s + TEST_TMPDIR=/tmp/sssd-softhsm2-certs-cbnhQX 549s + GENERATE_SMART_CARDS=1 549s + KEEP_TEMPORARY_FILES=1 549s + NO_SSSD_TESTS=1 549s + bash debian/tests/sssd-softhism2-certificates-tests.sh 549s + '[' -z ubuntu ']' 549s + required_tools=(p11tool openssl softhsm2-util) 549s + for cmd in "${required_tools[@]}" 549s + command -v p11tool 549s + for cmd in "${required_tools[@]}" 549s + command -v openssl 549s + for cmd in "${required_tools[@]}" 549s + command -v softhsm2-util 549s + PIN=123456 549s +++ head -n 1 549s +++ find /usr/lib/softhsm/libsofthsm2.so 549s ++ realpath /usr/lib/softhsm/libsofthsm2.so 549s + SOFTHSM2_MODULE=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so 549s + SSSD_P11_CHILD=/usr/libexec/sssd/p11_child 549s + TOKEN_ID=00112233445566778899FFAABBCCDDEEFF012345 549s + '[' '!' -v NO_SSSD_TESTS ']' 549s + '[' '!' -e /usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so ']' 549s + tmpdir=/tmp/sssd-softhsm2-certs-cbnhQX 549s + keys_size=1024 549s + [[ ! -v KEEP_TEMPORARY_FILES ]] 549s + trap 'set +x; echo -e "\nUnexpected failure!!!"' ERR 549s + echo -n 01 549s + touch /tmp/sssd-softhsm2-certs-cbnhQX/index.txt 549s + mkdir -p /tmp/sssd-softhsm2-certs-cbnhQX/new_certs 549s + cat 549s + root_ca_key_pass=pass:random-root-CA-password-19259 549s + openssl genrsa -aes256 -out /tmp/sssd-softhsm2-certs-cbnhQX/test-root-CA-key.pem -passout pass:random-root-CA-password-19259 1024 549s + openssl req -passin pass:random-root-CA-password-19259 -batch -config /tmp/sssd-softhsm2-certs-cbnhQX/test-root-CA.config -x509 -new -nodes -key /tmp/sssd-softhsm2-certs-cbnhQX/test-root-CA-key.pem -sha256 -days 1024 -set_serial 0 -extensions v3_ca -out /tmp/sssd-softhsm2-certs-cbnhQX/test-root-CA.pem 549s + openssl x509 -noout -in /tmp/sssd-softhsm2-certs-cbnhQX/test-root-CA.pem 549s + cat 549s + intermediate_ca_key_pass=pass:random-intermediate-CA-password-28106 549s + openssl genrsa -aes256 -out /tmp/sssd-softhsm2-certs-cbnhQX/test-intermediate-CA-key.pem -passout pass:random-intermediate-CA-password-28106 1024 549s + openssl req -batch -new -nodes -passin pass:random-intermediate-CA-password-28106 -config /tmp/sssd-softhsm2-certs-cbnhQX/test-intermediate-CA.config -key /tmp/sssd-softhsm2-certs-cbnhQX/test-intermediate-CA-key.pem -passout pass:random-root-CA-password-19259 -sha256 -extensions v3_ca -out /tmp/sssd-softhsm2-certs-cbnhQX/test-intermediate-CA-certificate-request.pem 549s + openssl req -text -noout -in /tmp/sssd-softhsm2-certs-cbnhQX/test-intermediate-CA-certificate-request.pem 549s Certificate Request: 549s Data: 549s Version: 1 (0x0) 549s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate CA 549s Subject Public Key Info: 549s Public Key Algorithm: rsaEncryption 549s Public-Key: (1024 bit) 549s Modulus: 549s 00:d7:8c:ac:21:f2:78:1e:a2:04:3c:58:c3:62:f9: 549s 9d:b7:9f:2b:71:26:b4:41:22:e7:25:0a:e3:ec:b6: 549s 4b:e7:4a:dd:0e:5e:a4:a0:f2:10:1c:42:c9:7d:27: 549s 84:16:fc:16:97:5b:d6:23:38:f1:b7:3d:03:2a:cf: 549s 17:38:5f:5d:64:d0:0f:88:06:24:dc:dc:1a:b8:e5: 549s 7d:63:22:06:e1:c0:be:51:ac:69:0e:08:ed:3c:8d: 549s ad:1b:8c:ee:fe:76:07:cf:0f:d2:d7:bf:d2:cc:7f: 549s 35:64:91:5f:12:23:5d:e9:73:25:79:f8:18:c7:c9: 549s 18:fc:fc:c7:7c:cf:45:1f:cd 549s Exponent: 65537 (0x10001) 549s Attributes: 549s (none) 549s Requested Extensions: 549s Signature Algorithm: sha256WithRSAEncryption 549s Signature Value: 549s 6f:42:c3:47:93:f0:86:68:58:55:76:e1:8e:21:d2:6e:92:71: 549s 7e:3d:e0:e0:cd:04:ee:5a:9c:3d:28:32:42:9b:50:b0:3d:5c: 549s b2:3f:fb:30:33:5f:1d:01:d4:cc:2d:a8:34:21:eb:31:f4:fa: 549s 42:e6:9e:2d:08:4f:d8:96:51:06:8f:06:b3:8d:3b:f4:cd:b9: 549s d6:ef:60:78:bd:42:c5:e8:2b:dc:0a:75:c4:db:3d:8d:4a:18: 549s 96:87:a7:05:8b:8a:cf:93:0e:32:ca:13:8e:14:2b:cb:85:b6: 549s d4:66:a5:53:fc:3b:da:eb:a1:6c:0c:8f:fa:67:8c:3c:ae:78: 549s 82:82 549s + openssl ca -batch -notext -config /tmp/sssd-softhsm2-certs-cbnhQX/test-root-CA.config -passin pass:random-root-CA-password-19259 -keyfile /tmp/sssd-softhsm2-certs-cbnhQX/test-root-CA-key.pem -in /tmp/sssd-softhsm2-certs-cbnhQX/test-intermediate-CA-certificate-request.pem -days 365 -extensions v3_intermediate_ca -out /tmp/sssd-softhsm2-certs-cbnhQX/test-intermediate-CA.pem 549s Using configuration from /tmp/sssd-softhsm2-certs-cbnhQX/test-root-CA.config 549s Check that the request matches the signature 549s Signature ok 549s Certificate Details: 549s Serial Number: 1 (0x1) 549s Validity 549s Not Before: Mar 26 12:50:06 2024 GMT 549s Not After : Mar 26 12:50:06 2025 GMT 549s Subject: 549s organizationName = Test Organization 549s organizationalUnitName = Test Organization Unit 549s commonName = Test Organization Intermediate CA 549s X509v3 extensions: 549s X509v3 Subject Key Identifier: 549s 4C:BF:20:FA:D2:AD:67:1F:F3:8B:3C:DA:D5:D5:51:40:29:8C:2C:7F 549s X509v3 Authority Key Identifier: 549s keyid:61:BA:11:3E:50:B6:4A:F8:C7:05:44:55:74:C9:CA:DD:2E:0D:DD:77 549s DirName:/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root CA 549s serial:00 549s X509v3 Basic Constraints: 549s CA:TRUE 549s X509v3 Key Usage: critical 549s Digital Signature, Certificate Sign, CRL Sign 549s Certificate is to be certified until Mar 26 12:50:06 2025 GMT (365 days) 549s 549s Write out database with 1 new entries 549s Database updated 549s + openssl x509 -noout -in /tmp/sssd-softhsm2-certs-cbnhQX/test-intermediate-CA.pem 549s + openssl verify -CAfile /tmp/sssd-softhsm2-certs-cbnhQX/test-root-CA.pem /tmp/sssd-softhsm2-certs-cbnhQX/test-intermediate-CA.pem 549s /tmp/sssd-softhsm2-certs-cbnhQX/test-intermediate-CA.pem: OK 549s + cat 549s + sub_intermediate_ca_key_pass=pass:random-sub-intermediate-CA-password-7858 549s + openssl genrsa -aes256 -out /tmp/sssd-softhsm2-certs-cbnhQX/test-sub-intermediate-CA-key.pem -passout pass:random-sub-intermediate-CA-password-7858 1024 549s + openssl req -batch -new -nodes -passin pass:random-sub-intermediate-CA-password-7858 -config /tmp/sssd-softhsm2-certs-cbnhQX/test-sub-intermediate-CA.config -key /tmp/sssd-softhsm2-certs-cbnhQX/test-sub-intermediate-CA-key.pem -passout pass:random-intermediate-CA-password-28106 -sha256 -extensions v3_ca -out /tmp/sssd-softhsm2-certs-cbnhQX/test-sub-intermediate-CA-certificate-request.pem 549s + openssl req -text -noout -in /tmp/sssd-softhsm2-certs-cbnhQX/test-sub-intermediate-CA-certificate-request.pem 549s + openssl ca -batch -notext -config /tmp/sssd-softhsm2-certs-cbnhQX/test-intermediate-CA.config -passin pass:random-intermediate-CA-password-28106 -keyfile /tmp/sssd-softhsm2-certs-cbnhQX/test-intermediate-CA-key.pem -in /tmp/sssd-softhsm2-certs-cbnhQX/test-sub-intermediate-CA-certificate-request.pem -days 365 -extensions v3_intermediate_ca -out /tmp/sssd-softhsm2-certs-cbnhQX/test-sub-intermediate-CA.pem 549s Certificate Request: 549s Data: 549s Version: 1 (0x0) 549s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate CA 549s Subject Public Key Info: 549s Public Key Algorithm: rsaEncryption 549s Public-Key: (1024 bit) 549s Modulus: 549s 00:bc:27:2f:08:4d:2d:22:1b:ae:8e:e5:93:99:a3: 549s ca:2c:ad:30:6d:1e:07:2a:bc:ae:2d:b2:5b:98:03: 549s 01:6e:13:6e:27:73:0a:00:ca:46:ea:e9:be:37:15: 549s a2:c1:b1:d6:3e:15:fb:ad:20:d5:f9:1b:c9:f6:0c: 549s 89:11:d6:a9:c2:ce:51:de:9f:1e:b2:43:97:de:14: 549s b1:3f:e7:5b:6b:9b:6c:37:c9:c9:73:5b:63:bf:95: 549s ab:b0:fa:96:ad:e1:3c:c8:6c:3d:61:95:cd:0c:58: 549s f7:01:dd:0c:4f:18:5b:9e:26:6e:e7:1f:72:80:16: 549s 47:cb:67:e3:ac:86:6e:ec:81 549s Exponent: 65537 (0x10001) 549s Attributes: 549s (none) 549s Requested Extensions: 549s Signature Algorithm: sha256WithRSAEncryption 549s Signature Value: 549s 95:36:5f:86:97:3f:05:ab:00:7c:40:97:03:0e:80:00:5e:c8: 549s 98:45:9c:04:73:a6:f0:57:15:66:7c:ef:cc:d9:37:18:dc:79: 549s c1:99:4d:78:78:73:bf:18:b5:82:d0:30:41:8a:93:b4:30:12: 549s 28:87:a0:51:df:8d:59:7a:40:b4:5f:92:70:cd:d9:0a:18:e9: 549s 0f:f6:82:12:22:6d:41:42:b1:e5:9c:da:7a:62:0a:d9:5f:59: 549s cc:49:79:24:38:c8:16:3d:79:38:ee:c4:8f:4b:a4:97:93:c4: 549s 18:48:d2:0c:77:7e:5d:1e:66:6a:d8:1a:ef:63:75:33:97:45: 549s e1:f3 549s Using configuration from /tmp/sssd-softhsm2-certs-cbnhQX/test-intermediate-CA.config 549s Check that the request matches the signature 549s Signature ok 549s Certificate Details: 549s Serial Number: 2 (0x2) 549s Validity 549s Not Before: Mar 26 12:50:06 2024 GMT 549s Not After : Mar 26 12:50:06 2025 GMT 549s Subject: 549s organizationName = Test Organization 549s organizationalUnitName = Test Organization Unit 549s commonName = Test Organization Sub Intermediate CA 549s X509v3 extensions: 549s X509v3 Subject Key Identifier: 549s 64:43:07:F1:39:AB:56:F6:61:8F:AF:22:89:02:E2:FB:1C:06:A2:D3 549s X509v3 Authority Key Identifier: 549s keyid:4C:BF:20:FA:D2:AD:67:1F:F3:8B:3C:DA:D5:D5:51:40:29:8C:2C:7F 549s DirName:/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root CA 549s serial:01 549s X509v3 Basic Constraints: 549s CA:TRUE 549s X509v3 Key Usage: critical 549s Digital Signature, Certificate Sign, CRL Sign 549s Certificate is to be certified until Mar 26 12:50:06 2025 GMT (365 days) 549s 549s Write out database with 1 new entries 549s Database updated 549s + openssl x509 -noout -in /tmp/sssd-softhsm2-certs-cbnhQX/test-sub-intermediate-CA.pem 549s + openssl verify -partial_chain -CAfile /tmp/sssd-softhsm2-certs-cbnhQX/test-intermediate-CA.pem /tmp/sssd-softhsm2-certs-cbnhQX/test-sub-intermediate-CA.pem 549s /tmp/sssd-softhsm2-certs-cbnhQX/test-sub-intermediate-CA.pem: OK 549s + expect_fail openssl verify -CAfile /tmp/sssd-softhsm2-certs-cbnhQX/test-root-CA.pem /tmp/sssd-softhsm2-certs-cbnhQX/test-sub-intermediate-CA.pem 549s + local cmd=openssl 549s + shift 549s + openssl verify -CAfile /tmp/sssd-softhsm2-certs-cbnhQX/test-root-CA.pem /tmp/sssd-softhsm2-certs-cbnhQX/test-sub-intermediate-CA.pem 549s O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate CA 549s error 20 at 0 depth lookup: unable to get local issuer certificate 549s error /tmp/sssd-softhsm2-certs-cbnhQX/test-sub-intermediate-CA.pem: verification failed 549s + cat 549s + root_ca_trusted_cert_0001_key_pass=pass:random-root-ca-trusted-cert-0001-32610 549s + openssl genrsa -aes256 -out /tmp/sssd-softhsm2-certs-cbnhQX/test-root-CA-trusted-certificate-0001-key.pem -passout pass:random-root-ca-trusted-cert-0001-32610 1024 549s + openssl req -new -nodes -reqexts req_exts -passin pass:random-root-ca-trusted-cert-0001-32610 -key /tmp/sssd-softhsm2-certs-cbnhQX/test-root-CA-trusted-certificate-0001-key.pem -config /tmp/sssd-softhsm2-certs-cbnhQX/test-root-CA-trusted-certificate-0001.config -out /tmp/sssd-softhsm2-certs-cbnhQX/test-root-CA-trusted-certificate-0001-request.pem 549s + openssl req -text -noout -in /tmp/sssd-softhsm2-certs-cbnhQX/test-root-CA-trusted-certificate-0001-request.pem 549s Certificate Request: 549s Data: 549s Version: 1 (0x0) 549s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root Trusted Certificate 0001 549s Subject Public Key Info: 549s Public Key Algorithm: rsaEncryption 549s Public-Key: (1024 bit) 549s Modulus: 549s 00:ca:1d:8e:12:92:03:d9:20:5f:23:29:b4:47:0f: 549s 03:c3:3c:0d:3f:ce:9c:47:88:03:c1:4f:f2:73:a2: 549s 18:e4:a8:5e:ff:1d:5d:0a:f6:98:12:99:0e:70:27: 549s fb:95:12:f2:fd:26:4b:96:fa:cf:d9:6e:d4:65:d6: 549s 0a:36:00:fb:e1:b2:5e:d0:d6:30:6d:f0:15:00:36: 549s fd:a8:73:bb:8a:ad:12:4f:42:82:c8:f5:5b:cc:60: 549s 8d:6c:8b:1c:98:99:60:65:dc:f1:90:b8:07:b6:3d: 549s a0:9d:71:1f:cd:27:b1:12:1b:f0:dc:78:24:89:36: 549s 0d:78:68:09:86:3e:81:10:47 549s Exponent: 65537 (0x10001) 549s Attributes: 549s Requested Extensions: 549s X509v3 Basic Constraints: 549s CA:FALSE 549s Netscape Cert Type: 549s SSL Client, S/MIME 549s Netscape Comment: 549s Test Organization Root CA trusted Certificate 549s X509v3 Subject Key Identifier: 549s 89:F6:62:D7:FB:9B:56:78:1C:8A:22:3F:2D:82:58:5B:E7:49:E8:89 549s X509v3 Key Usage: critical 549s Digital Signature, Non Repudiation, Key Encipherment 549s X509v3 Extended Key Usage: 549s TLS Web Client Authentication, E-mail Protection 549s X509v3 Subject Alternative Name: 549s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 549s Signature Algorithm: sha256WithRSAEncryption 549s Signature Value: 549s 2d:f1:d5:03:a9:22:aa:91:af:ab:27:75:72:b9:e5:99:a1:d3: 549s b5:66:fe:93:13:cc:33:83:ba:41:d2:b1:c3:7e:f7:c8:e8:67: 549s 6f:73:5a:87:8f:6c:a6:3f:57:89:38:dc:84:1f:cd:d5:d2:00: 549s 2c:4d:e0:b3:a0:fb:14:c0:bf:50:da:2e:e0:f4:f8:5f:ba:96: 549s 53:11:4e:cc:2a:01:a4:5f:3f:19:75:89:9a:e1:2f:6d:f3:25: 549s cb:05:93:79:a1:06:81:33:c3:58:8f:e9:47:0d:2a:27:01:92: 549s aa:f0:08:ee:26:e0:24:dd:8b:7d:ac:ec:cf:06:42:64:00:46: 549s 4c:19 549s + openssl ca -batch -notext -config /tmp/sssd-softhsm2-certs-cbnhQX/test-root-CA.config -passin pass:random-root-CA-password-19259 -keyfile /tmp/sssd-softhsm2-certs-cbnhQX/test-root-CA-key.pem -in /tmp/sssd-softhsm2-certs-cbnhQX/test-root-CA-trusted-certificate-0001-request.pem -days 365 -extensions usr_cert -out /tmp/sssd-softhsm2-certs-cbnhQX/test-root-CA-trusted-certificate-0001.pem 549s Using configuration from /tmp/sssd-softhsm2-certs-cbnhQX/test-root-CA.config 549s Check that the request matches the signature 549s Signature ok 549s Certificate Details: 549s Serial Number: 3 (0x3) 549s Validity 549s Not Before: Mar 26 12:50:06 2024 GMT 549s Not After : Mar 26 12:50:06 2025 GMT 549s Subject: 549s organizationName = Test Organization 549s organizationalUnitName = Test Organization Unit 549s commonName = Test Organization Root Trusted Certificate 0001 549s X509v3 extensions: 549s X509v3 Authority Key Identifier: 549s 61:BA:11:3E:50:B6:4A:F8:C7:05:44:55:74:C9:CA:DD:2E:0D:DD:77 549s X509v3 Basic Constraints: 549s CA:FALSE 549s Netscape Cert Type: 549s SSL Client, S/MIME 549s Netscape Comment: 549s Test Organization Root CA trusted Certificate 549s X509v3 Subject Key Identifier: 549s 89:F6:62:D7:FB:9B:56:78:1C:8A:22:3F:2D:82:58:5B:E7:49:E8:89 549s X509v3 Key Usage: critical 549s Digital Signature, Non Repudiation, Key Encipherment 549s X509v3 Extended Key Usage: 549s TLS Web Client Authentication, E-mail Protection 549s X509v3 Subject Alternative Name: 549s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 549s Certificate is to be certified until Mar 26 12:50:06 2025 GMT (365 days) 549s 549s Write out database with 1 new entries 549s Database updated 549s + openssl x509 -noout -in /tmp/sssd-softhsm2-certs-cbnhQX/test-root-CA-trusted-certificate-0001.pem 549s + openssl verify -CAfile /tmp/sssd-softhsm2-certs-cbnhQX/test-root-CA.pem /tmp/sssd-softhsm2-certs-cbnhQX/test-root-CA-trusted-certificate-0001.pem 549s /tmp/sssd-softhsm2-certs-cbnhQX/test-root-CA-trusted-certificate-0001.pem: OK 549s + expect_fail openssl verify -CAfile /tmp/sssd-softhsm2-certs-cbnhQX/test-intermediate-CA.pem /tmp/sssd-softhsm2-certs-cbnhQX/test-root-CA-trusted-certificate-0001.pem 549s + local cmd=openssl 549s + shift 549s + openssl verify -CAfile /tmp/sssd-softhsm2-certs-cbnhQX/test-intermediate-CA.pem /tmp/sssd-softhsm2-certs-cbnhQX/test-root-CA-trusted-certificate-0001.pem 549s O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root Trusted Certificate 0001 549s error 20 at 0 depth lookup: unable to get local issuer certificate 549s error /tmp/sssd-softhsm2-certs-cbnhQX/test-root-CA-trusted-certificate-0001.pem: verification failed 549s + cat 549s + intermediate_ca_trusted_cert_0001_key_pass=pass:random-intermediate-ca-trusted-cert-0001-32437 549s + openssl genrsa -aes256 -out /tmp/sssd-softhsm2-certs-cbnhQX/test-intermediate-CA-trusted-certificate-0001-key.pem -passout pass:random-intermediate-ca-trusted-cert-0001-32437 1024 549s + openssl req -new -nodes -reqexts req_exts -passin pass:random-intermediate-ca-trusted-cert-0001-32437 -key /tmp/sssd-softhsm2-certs-cbnhQX/test-intermediate-CA-trusted-certificate-0001-key.pem -config /tmp/sssd-softhsm2-certs-cbnhQX/test-intermediate-CA-trusted-certificate-0001.config -out /tmp/sssd-softhsm2-certs-cbnhQX/test-intermediate-CA-trusted-certificate-0001-request.pem 549s + openssl req -text -noout -in /tmp/sssd-softhsm2-certs-cbnhQX/test-intermediate-CA-trusted-certificate-0001-request.pem 549s Certificate Request: 549s Data: 549s Version: 1 (0x0) 549s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate Trusted Certificate 0001 549s Subject Public Key Info: 549s Public Key Algorithm: rsaEncryption 549s Public-Key: (1024 bit) 549s Modulus: 549s 00:bf:9e:dc:bd:5c:eb:c2:03:83:a1:c8:cb:24:fd: 549s 7c:35:50:ba:9f:1d:df:19:74:61:25:6d:5c:fa:d5: 549s 75:dd:8c:89:db:62:d6:aa:10:dd:b1:eb:8b:80:b6: 549s cc:4d:89:4a:36:ca:6f:6f:59:48:ce:6d:d5:9f:79: 549s a5:8c:af:14:8f:fc:5a:f6:cc:6f:82:a0:95:16:27: 549s 2b:c6:13:13:e0:64:c0:06:94:76:00:d5:e5:e5:fc: 549s 11:b2:a4:e1:58:8a:a1:a3:ac:22:a2:6e:73:0f:11: 549s 7b:bd:dc:1d:89:e9:e0:24:32:57:de:46:07:a6:a0: 549s 3b:e3:58:f0:36:33:d3:c2:d5 549s Exponent: 65537 (0x10001) 549s Attributes: 549s Requested Extensions: 549s X509v3 Basic Constraints: 549s CA:FALSE 549s Netscape Cert Type: 549s SSL Client, S/MIME 549s Netscape Comment: 549s Test Organization Intermediate CA trusted Certificate 549s X509v3 Subject Key Identifier: 549s 0A:16:42:D0:03:BB:FD:3D:61:CD:23:D1:37:C3:32:F5:D0:95:4F:A0 549s X509v3 Key Usage: critical 549s Digital Signature, Non Repudiation, Key Encipherment 549s X509v3 Extended Key Usage: 549s TLS Web Client Authentication, E-mail Protection 549s X509v3 Subject Alternative Name: 549s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 549s Signature Algorithm: sha256WithRSAEncryption 549s Signature Value: 549s 90:7d:87:ae:07:c8:46:74:ab:a3:e5:1e:7e:1f:63:a9:6e:01: 549s f5:47:7c:9b:96:63:e7:da:37:11:53:b0:c6:37:b1:39:6b:e9: 549s c1:18:2e:e3:76:c2:4f:ea:6d:d2:50:e9:45:60:9e:ff:b2:87: 549s 21:14:28:12:67:54:30:dd:73:ab:29:3b:72:33:bc:c1:5a:95: 549s 2e:de:36:5a:b4:ee:8a:f0:b6:3b:09:01:f0:45:15:71:63:7d: 549s 26:05:d0:9b:fd:e2:91:46:ec:9a:c1:f7:df:9c:aa:74:df:38: 549s 08:c5:2b:d4:c2:97:b4:5f:24:0e:8e:fb:80:aa:85:63:2f:9b: 549s 68:18 549s + openssl ca -passin pass:random-intermediate-CA-password-28106 -config /tmp/sssd-softhsm2-certs-cbnhQX/test-intermediate-CA.config -batch -notext -keyfile /tmp/sssd-softhsm2-certs-cbnhQX/test-intermediate-CA-key.pem -in /tmp/sssd-softhsm2-certs-cbnhQX/test-intermediate-CA-trusted-certificate-0001-request.pem -days 365 -extensions usr_cert -out /tmp/sssd-softhsm2-certs-cbnhQX/test-intermediate-CA-trusted-certificate-0001.pem 549s Using configuration from /tmp/sssd-softhsm2-certs-cbnhQX/test-intermediate-CA.config 549s Check that the request matches the signature 549s Signature ok 549s Certificate Details: 549s Serial Number: 4 (0x4) 549s Validity 549s Not Before: Mar 26 12:50:06 2024 GMT 549s Not After : Mar 26 12:50:06 2025 GMT 549s Subject: 549s organizationName = Test Organization 549s organizationalUnitName = Test Organization Unit 549s commonName = Test Organization Intermediate Trusted Certificate 0001 549s X509v3 extensions: 549s X509v3 Authority Key Identifier: 549s 4C:BF:20:FA:D2:AD:67:1F:F3:8B:3C:DA:D5:D5:51:40:29:8C:2C:7F 549s X509v3 Basic Constraints: 549s CA:FALSE 549s Netscape Cert Type: 549s SSL Client, S/MIME 549s Netscape Comment: 549s Test Organization Intermediate CA trusted Certificate 549s X509v3 Subject Key Identifier: 549s 0A:16:42:D0:03:BB:FD:3D:61:CD:23:D1:37:C3:32:F5:D0:95:4F:A0 549s X509v3 Key Usage: critical 549s Digital Signature, Non Repudiation, Key Encipherment 549s X509v3 Extended Key Usage: 549s TLS Web Client Authentication, E-mail Protection 549s X509v3 Subject Alternative Name: 549s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 549s Certificate is to be certified until Mar 26 12:50:06 2025 GMT (365 days) 549s 549s Write out database with 1 new entries 549s Database updated 549s + openssl x509 -noout -in /tmp/sssd-softhsm2-certs-cbnhQX/test-intermediate-CA-trusted-certificate-0001.pem 549s This certificate should not be trusted fully 549s + echo 'This certificate should not be trusted fully' 549s + expect_fail openssl verify -CAfile /tmp/sssd-softhsm2-certs-cbnhQX/test-intermediate-CA.pem /tmp/sssd-softhsm2-certs-cbnhQX/test-intermediate-CA-trusted-certificate-0001.pem 549s + local cmd=openssl 549s + shift 549s + openssl verify -CAfile /tmp/sssd-softhsm2-certs-cbnhQX/test-intermediate-CA.pem /tmp/sssd-softhsm2-certs-cbnhQX/test-intermediate-CA-trusted-certificate-0001.pem 549s O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate CA 549s error 2 at 1 depth lookup: unable to get issuer certificate 549s error /tmp/sssd-softhsm2-certs-cbnhQX/test-intermediate-CA-trusted-certificate-0001.pem: verification failed 549s + openssl verify -partial_chain -CAfile /tmp/sssd-softhsm2-certs-cbnhQX/test-intermediate-CA.pem /tmp/sssd-softhsm2-certs-cbnhQX/test-intermediate-CA-trusted-certificate-0001.pem 549s /tmp/sssd-softhsm2-certs-cbnhQX/test-intermediate-CA-trusted-certificate-0001.pem: OK 549s + cat 549s + sub_intermediate_ca_trusted_cert_0001_key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-18392 549s + openssl genrsa -aes256 -out /tmp/sssd-softhsm2-certs-cbnhQX/test-sub-intermediate-CA-trusted-certificate-0001-key.pem -passout pass:random-sub-intermediate-ca-trusted-cert-0001-18392 1024 550s + openssl req -new -nodes -reqexts req_exts -passin pass:random-sub-intermediate-ca-trusted-cert-0001-18392 -key /tmp/sssd-softhsm2-certs-cbnhQX/test-sub-intermediate-CA-trusted-certificate-0001-key.pem -config /tmp/sssd-softhsm2-certs-cbnhQX/test-sub-intermediate-CA-trusted-certificate-0001.config -out /tmp/sssd-softhsm2-certs-cbnhQX/test-sub-intermediate-CA-trusted-certificate-0001-request.pem 550s + openssl req -text -noout -in /tmp/sssd-softhsm2-certs-cbnhQX/test-sub-intermediate-CA-trusted-certificate-0001-request.pem 550s Certificate Request: 550s Data: 550s Version: 1 (0x0) 550s Subject: O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate Trusted Certificate 0001 550s Subject Public Key Info: 550s Public Key Algorithm: rsaEncryption 550s Public-Key: (1024 bit) 550s Modulus: 550s 00:ca:9c:b7:97:b5:bd:ca:c0:01:43:47:ac:fb:8e: 550s 97:1c:de:8c:56:38:62:99:6d:d8:5f:5a:2f:53:ff: 550s 82:d3:b3:80:8c:4e:cc:3f:66:34:d6:33:ff:58:b9: 550s a0:d1:86:d8:d9:6c:03:08:32:fa:a1:4e:7d:5f:79: 550s d9:0d:fa:27:50:73:43:ea:c9:01:e0:f6:9d:38:ad: 550s 1b:04:97:a4:21:3e:32:22:02:a1:9e:51:48:b8:96: 550s d4:4d:7b:5b:57:84:bb:95:21:07:8f:fd:8e:2d:85: 550s 84:93:e0:1e:90:b4:77:6a:49:d5:41:61:5b:de:da: 550s fe:b0:31:35:12:a4:65:8c:63 550s Exponent: 65537 (0x10001) 550s Attributes: 550s Requested Extensions: 550s X509v3 Basic Constraints: 550s CA:FALSE 550s Netscape Cert Type: 550s SSL Client, S/MIME 550s Netscape Comment: 550s Test Organization Sub Intermediate CA trusted Certificate 550s X509v3 Subject Key Identifier: 550s 63:98:A9:E5:C1:97:A2:BE:EC:56:89:27:1B:F7:8C:D7:85:02:4A:16 550s X509v3 Key Usage: critical 550s Digital Signature, Non Repudiation, Key Encipherment 550s X509v3 Extended Key Usage: 550s TLS Web Client Authentication, E-mail Protection 550s X509v3 Subject Alternative Name: 550s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 550s Signature Algorithm: sha256WithRSAEncryption 550s Signature Value: 550s 19:9a:36:35:9f:51:70:e6:fa:bb:d8:b3:28:34:a0:1e:f6:ef: 550s 32:d0:1a:77:a3:97:a0:b8:c0:84:7e:1a:f9:95:55:af:8c:3b: 550s 4a:d8:9b:9f:2c:f0:e9:8c:f8:a4:0c:33:be:c5:ab:e2:74:85: 550s ef:dd:21:a9:94:8e:27:7f:df:d8:76:79:09:a8:fe:84:dd:c2: 550s 9d:3d:f1:2a:51:f3:ee:99:a9:f5:5c:ab:f2:a4:ae:33:9f:46: 550s 57:46:dc:93:ae:1b:43:db:d4:4b:0d:7e:11:10:79:49:7f:5d: 550s 4c:f6:f3:1e:f5:5e:83:7b:ef:77:90:e7:be:af:b3:ce:96:af: 550s 42:61 550s + openssl ca -passin pass:random-sub-intermediate-CA-password-7858 -config /tmp/sssd-softhsm2-certs-cbnhQX/test-sub-intermediate-CA.config -batch -notext -keyfile /tmp/sssd-softhsm2-certs-cbnhQX/test-sub-intermediate-CA-key.pem -in /tmp/sssd-softhsm2-certs-cbnhQX/test-sub-intermediate-CA-trusted-certificate-0001-request.pem -days 365 -extensions usr_cert -out /tmp/sssd-softhsm2-certs-cbnhQX/test-sub-intermediate-CA-trusted-certificate-0001.pem 550s Using configuration from /tmp/sssd-softhsm2-certs-cbnhQX/test-sub-intermediate-CA.config 550s Check that the request matches the signature 550s Signature ok 550s Certificate Details: 550s Serial Number: 5 (0x5) 550s Validity 550s Not Before: Mar 26 12:50:06 2024 GMT 550s Not After : Mar 26 12:50:06 2025 GMT 550s Subject: 550s organizationName = Test Organization 550s organizationalUnitName = Test Organization Unit 550s commonName = Test Organization Sub Intermediate Trusted Certificate 0001 550s X509v3 extensions: 550s X509v3 Authority Key Identifier: 550s 64:43:07:F1:39:AB:56:F6:61:8F:AF:22:89:02:E2:FB:1C:06:A2:D3 550s X509v3 Basic Constraints: 550s CA:FALSE 550s Netscape Cert Type: 550s SSL Client, S/MIME 550s Netscape Comment: 550s Test Organization Sub Intermediate CA trusted Certificate 550s X509v3 Subject Key Identifier: 550s 63:98:A9:E5:C1:97:A2:BE:EC:56:89:27:1B:F7:8C:D7:85:02:4A:16 550s X509v3 Key Usage: critical 550s Digital Signature, Non Repudiation, Key Encipherment 550s X509v3 Extended Key Usage: 550s TLS Web Client Authentication, E-mail Protection 550s X509v3 Subject Alternative Name: 550s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 550s Certificate is to be certified until Mar 26 12:50:06 2025 GMT (365 days) 550s 550s Write out database with 1 new entries 550s Database updated 550s + openssl x509 -noout -in /tmp/sssd-softhsm2-certs-cbnhQX/test-sub-intermediate-CA-trusted-certificate-0001.pem 550s This certificate should not be trusted fully 550s + echo 'This certificate should not be trusted fully' 550s + expect_fail openssl verify -CAfile /tmp/sssd-softhsm2-certs-cbnhQX/test-sub-intermediate-CA.pem /tmp/sssd-softhsm2-certs-cbnhQX/test-sub-intermediate-CA-trusted-certificate-0001.pem 550s + local cmd=openssl 550s + shift 550s + openssl verify -CAfile /tmp/sssd-softhsm2-certs-cbnhQX/test-sub-intermediate-CA.pem /tmp/sssd-softhsm2-certs-cbnhQX/test-sub-intermediate-CA-trusted-certificate-0001.pem 550s O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate CA 550s error 2 at 1 depth lookup: unable to get issuer certificate 550s error /tmp/sssd-softhsm2-certs-cbnhQX/test-sub-intermediate-CA-trusted-certificate-0001.pem: verification failed 550s + expect_fail openssl verify -CAfile /tmp/sssd-softhsm2-certs-cbnhQX/test-intermediate-CA.pem /tmp/sssd-softhsm2-certs-cbnhQX/test-sub-intermediate-CA-trusted-certificate-0001.pem 550s + local cmd=openssl 550s + shift 550s + openssl verify -CAfile /tmp/sssd-softhsm2-certs-cbnhQX/test-intermediate-CA.pem /tmp/sssd-softhsm2-certs-cbnhQX/test-sub-intermediate-CA-trusted-certificate-0001.pem 550s O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate Trusted Certificate 0001 550s error 20 at 0 depth lookup: unable to get local issuer certificate 550s error /tmp/sssd-softhsm2-certs-cbnhQX/test-sub-intermediate-CA-trusted-certificate-0001.pem: verification failed 550s + openssl verify -partial_chain -CAfile /tmp/sssd-softhsm2-certs-cbnhQX/test-sub-intermediate-CA.pem /tmp/sssd-softhsm2-certs-cbnhQX/test-sub-intermediate-CA-trusted-certificate-0001.pem 550s /tmp/sssd-softhsm2-certs-cbnhQX/test-sub-intermediate-CA-trusted-certificate-0001.pem: OK 550s + expect_fail openssl verify -partial_chain -CAfile /tmp/sssd-softhsm2-certs-cbnhQX/test-intermediate-CA.pem /tmp/sssd-softhsm2-certs-cbnhQX/test-sub-intermediate-CA-trusted-certificate-0001.pem 550s + local cmd=openssl 550s + shift 550s Building a the full-chain CA file... 550s subject=O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root CA 550s issuer=O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root CA 550s 550s subject=O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate CA 550s issuer=O = Test Organization, OU = Test Organization Unit, CN = Test Organization Root CA 550s 550s subject=O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate CA 550s issuer=O = Test Organization, OU = Test Organization Unit, CN = Test Organization Intermediate CA 550s 550s + openssl verify -partial_chain -CAfile /tmp/sssd-softhsm2-certs-cbnhQX/test-intermediate-CA.pem /tmp/sssd-softhsm2-certs-cbnhQX/test-sub-intermediate-CA-trusted-certificate-0001.pem 550s O = Test Organization, OU = Test Organization Unit, CN = Test Organization Sub Intermediate Trusted Certificate 0001 550s error 20 at 0 depth lookup: unable to get local issuer certificate 550s error /tmp/sssd-softhsm2-certs-cbnhQX/test-sub-intermediate-CA-trusted-certificate-0001.pem: verification failed 550s + echo 'Building a the full-chain CA file...' 550s + cat /tmp/sssd-softhsm2-certs-cbnhQX/test-root-CA.pem /tmp/sssd-softhsm2-certs-cbnhQX/test-intermediate-CA.pem /tmp/sssd-softhsm2-certs-cbnhQX/test-sub-intermediate-CA.pem 550s + cat /tmp/sssd-softhsm2-certs-cbnhQX/test-root-CA.pem /tmp/sssd-softhsm2-certs-cbnhQX/test-intermediate-CA.pem 550s + cat /tmp/sssd-softhsm2-certs-cbnhQX/test-intermediate-CA.pem /tmp/sssd-softhsm2-certs-cbnhQX/test-sub-intermediate-CA.pem 550s + openssl crl2pkcs7 -nocrl -certfile /tmp/sssd-softhsm2-certs-cbnhQX/test-full-chain-CA.pem 550s + openssl pkcs7 -print_certs -noout 550s + openssl verify -CAfile /tmp/sssd-softhsm2-certs-cbnhQX/test-full-chain-CA.pem /tmp/sssd-softhsm2-certs-cbnhQX/test-intermediate-CA.pem 550s /tmp/sssd-softhsm2-certs-cbnhQX/test-intermediate-CA.pem: OK 550s /tmp/sssd-softhsm2-certs-cbnhQX/test-root-CA-trusted-certificate-0001.pem: OK 550s + openssl verify -CAfile /tmp/sssd-softhsm2-certs-cbnhQX/test-full-chain-CA.pem /tmp/sssd-softhsm2-certs-cbnhQX/test-root-CA-trusted-certificate-0001.pem 550s + openssl verify -CAfile /tmp/sssd-softhsm2-certs-cbnhQX/test-full-chain-CA.pem /tmp/sssd-softhsm2-certs-cbnhQX/test-intermediate-CA-trusted-certificate-0001.pem 550s /tmp/sssd-softhsm2-certs-cbnhQX/test-intermediate-CA-trusted-certificate-0001.pem: OK 550s + openssl verify -CAfile /tmp/sssd-softhsm2-certs-cbnhQX/test-full-chain-CA.pem /tmp/sssd-softhsm2-certs-cbnhQX/test-root-intermediate-chain-CA.pem 550s /tmp/sssd-softhsm2-certs-cbnhQX/test-root-intermediate-chain-CA.pem: OK 550s + openssl verify -CAfile /tmp/sssd-softhsm2-certs-cbnhQX/test-full-chain-CA.pem /tmp/sssd-softhsm2-certs-cbnhQX/test-sub-intermediate-CA-trusted-certificate-0001.pem 550s /tmp/sssd-softhsm2-certs-cbnhQX/test-sub-intermediate-CA-trusted-certificate-0001.pem: OK 550s + echo 'Certificates generation completed!' 550s Certificates generation completed! 550s + [[ -v NO_SSSD_TESTS ]] 550s + [[ -v GENERATE_SMART_CARDS ]] 550s + prepare_softhsm2_card /tmp/sssd-softhsm2-certs-cbnhQX/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-32610 550s + local certificate=/tmp/sssd-softhsm2-certs-cbnhQX/test-root-CA-trusted-certificate-0001.pem 550s + local key_pass=pass:random-root-ca-trusted-cert-0001-32610 550s + local key_cn 550s + local key_name 550s + local tokens_dir 550s + local output_cert_file 550s + token_name= 550s ++ basename /tmp/sssd-softhsm2-certs-cbnhQX/test-root-CA-trusted-certificate-0001.pem .pem 550s + key_name=test-root-CA-trusted-certificate-0001 550s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-certs-cbnhQX/test-root-CA-trusted-certificate-0001.pem 550s ++ sed -n 's/ *commonName *= //p' 550s + key_cn='Test Organization Root Trusted Certificate 0001' 550s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 550s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-certs-cbnhQX/softhsm2-test-root-CA-trusted-certificate-0001.conf 550s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-certs-cbnhQX/softhsm2-test-root-CA-trusted-certificate-0001.conf 550s ++ basename /tmp/sssd-softhsm2-certs-cbnhQX/softhsm2-test-root-CA-trusted-certificate-0001.conf .conf 550s + tokens_dir=/tmp/sssd-softhsm2-certs-cbnhQX/softhsm2-test-root-CA-trusted-certificate-0001 550s + token_name='Test Organization Root Tr Token' 550s + '[' '!' -e /tmp/sssd-softhsm2-certs-cbnhQX/softhsm2-test-root-CA-trusted-certificate-0001.conf ']' 550s + local key_file 550s + local decrypted_key 550s + mkdir -p /tmp/sssd-softhsm2-certs-cbnhQX/softhsm2-test-root-CA-trusted-certificate-0001 550s + key_file=/tmp/sssd-softhsm2-certs-cbnhQX/test-root-CA-trusted-certificate-0001-key.pem 550s + decrypted_key=/tmp/sssd-softhsm2-certs-cbnhQX/test-root-CA-trusted-certificate-0001-key-decrypted.pem 550s + cat 550s + softhsm2-util --init-token --label 'Test Organization Root Tr Token' --pin 123456 --so-pin 123456 --free 550s Slot 0 has a free/uninitialized token. 550s The token has been initialized and is reassigned to slot 604155620 550s + softhsm2-util --show-slots 550s Available slots: 550s Slot 604155620 550s Slot info: 550s Description: SoftHSM slot ID 0x2402aee4 550s Manufacturer ID: SoftHSM project 550s Hardware version: 2.6 550s Firmware version: 2.6 550s Token present: yes 550s Token info: 550s Manufacturer ID: SoftHSM project 550s Model: SoftHSM v2 550s Hardware version: 2.6 550s Firmware version: 2.6 550s Serial number: 8b2cc5ee2402aee4 550s Initialized: yes 550s User PIN init.: yes 550s Label: Test Organization Root Tr Token 550s Slot 1 550s Slot info: 550s Description: SoftHSM slot ID 0x1 550s Manufacturer ID: SoftHSM project 550s Hardware version: 2.6 550s Firmware version: 2.6 550s Token present: yes 550s Token info: 550s Manufacturer ID: SoftHSM project 550s Model: SoftHSM v2 550s Hardware version: 2.6 550s Firmware version: 2.6 550s Serial number: 550s Initialized: no 550s User PIN init.: no 550s Label: 550s + p11tool --provider=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so --write --no-mark-private --load-certificate=/tmp/sssd-softhsm2-certs-cbnhQX/test-root-CA-trusted-certificate-0001.pem --login --set-pin=123456 --label 'Test Organization Root Trusted Certificate 0001' --id 00112233445566778899FFAABBCCDDEEFF012345 550s + openssl rsa -passin pass:random-root-ca-trusted-cert-0001-32610 -in /tmp/sssd-softhsm2-certs-cbnhQX/test-root-CA-trusted-certificate-0001-key.pem -out /tmp/sssd-softhsm2-certs-cbnhQX/test-root-CA-trusted-certificate-0001-key-decrypted.pem 550s writing RSA key 550s + p11tool --provider=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so --write --load-privkey=/tmp/sssd-softhsm2-certs-cbnhQX/test-root-CA-trusted-certificate-0001-key-decrypted.pem --login --set-pin=123456 --label 'Test Organization Root Trusted Certificate 0001 Key' --id 00112233445566778899FFAABBCCDDEEFF012345 550s + rm /tmp/sssd-softhsm2-certs-cbnhQX/test-root-CA-trusted-certificate-0001-key-decrypted.pem 550s + p11tool --provider=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so --list-all 550s Object 0: 550s URL: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=8b2cc5ee2402aee4;token=Test%20Organization%20Root%20Tr%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Root%20Trusted%20Certificate%200001;type=cert 550s Type: X.509 Certificate (RSA-1024) 550s Expires: Wed Mar 26 12:50:06 2025 550s Label: Test Organization Root Trusted Certificate 0001 550s ID: 00:11:22:33:44:55:66:77:88:99:ff:aa:bb:cc:dd:ee:ff:01:23:45 550s 550s + echo 'Test Organization Root Tr Token' 550s Test Organization Root Tr Token 550s + prepare_softhsm2_card /tmp/sssd-softhsm2-certs-cbnhQX/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-32437 550s + local certificate=/tmp/sssd-softhsm2-certs-cbnhQX/test-intermediate-CA-trusted-certificate-0001.pem 550s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-32437 550s + local key_cn 550s + local key_name 550s + local tokens_dir 550s + local output_cert_file 550s + token_name= 550s ++ basename /tmp/sssd-softhsm2-certs-cbnhQX/test-intermediate-CA-trusted-certificate-0001.pem .pem 550s + key_name=test-intermediate-CA-trusted-certificate-0001 550s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-certs-cbnhQX/test-intermediate-CA-trusted-certificate-0001.pem 550s ++ sed -n 's/ *commonName *= //p' 550s + key_cn='Test Organization Intermediate Trusted Certificate 0001' 550s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 550s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-certs-cbnhQX/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 550s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-certs-cbnhQX/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 550s ++ basename /tmp/sssd-softhsm2-certs-cbnhQX/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf .conf 550s + tokens_dir=/tmp/sssd-softhsm2-certs-cbnhQX/softhsm2-test-intermediate-CA-trusted-certificate-0001 550s + token_name='Test Organization Interme Token' 550s + '[' '!' -e /tmp/sssd-softhsm2-certs-cbnhQX/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf ']' 550s + local key_file 550s + local decrypted_key 550s + mkdir -p /tmp/sssd-softhsm2-certs-cbnhQX/softhsm2-test-intermediate-CA-trusted-certificate-0001 550s + key_file=/tmp/sssd-softhsm2-certs-cbnhQX/test-intermediate-CA-trusted-certificate-0001-key.pem 550s + decrypted_key=/tmp/sssd-softhsm2-certs-cbnhQX/test-intermediate-CA-trusted-certificate-0001-key-decrypted.pem 550s + cat 550s + softhsm2-util --init-token --label 'Test Organization Interme Token' --pin 123456 --so-pin 123456 --free 550s Slot 0 has a free/uninitialized token. 550s The token has been initialized and is reassigned to slot 1519571417 550s + softhsm2-util --show-slots 550s Available slots: 550s Slot 1519571417 550s Slot info: 550s Description: SoftHSM slot ID 0x5a92d1d9 550s Manufacturer ID: SoftHSM project 550s Hardware version: 2.6 550s Firmware version: 2.6 550s Token present: yes 550s Token info: 550s Manufacturer ID: SoftHSM project 550s Model: SoftHSM v2 550s Hardware version: 2.6 550s Firmware version: 2.6 550s Serial number: 18e09975da92d1d9 550s Initialized: yes 550s User PIN init.: yes 550s Label: Test Organization Interme Token 550s Slot 1 550s Slot info: 550s Description: SoftHSM slot ID 0x1 550s Manufacturer ID: SoftHSM project 550s Hardware version: 2.6 550s Firmware version: 2.6 550s Token present: yes 550s Token info: 550s Manufacturer ID: SoftHSM project 550s Model: SoftHSM v2 550s Hardware version: 2.6 550s Firmware version: 2.6 550s Serial number: 550s Initialized: no 550s User PIN init.: no 550s Label: 550s + p11tool --provider=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so --write --no-mark-private --load-certificate=/tmp/sssd-softhsm2-certs-cbnhQX/test-intermediate-CA-trusted-certificate-0001.pem --login --set-pin=123456 --label 'Test Organization Intermediate Trusted Certificate 0001' --id 00112233445566778899FFAABBCCDDEEFF012345 550s + openssl rsa -passin pass:random-intermediate-ca-trusted-cert-0001-32437 -in /tmp/sssd-softhsm2-certs-cbnhQX/test-intermediate-CA-trusted-certificate-0001-key.pem -out /tmp/sssd-softhsm2-certs-cbnhQX/test-intermediate-CA-trusted-certificate-0001-key-decrypted.pem 550s writing RSA key 550s + p11tool --provider=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so --write --load-privkey=/tmp/sssd-softhsm2-certs-cbnhQX/test-intermediate-CA-trusted-certificate-0001-key-decrypted.pem --login --set-pin=123456 --label 'Test Organization Intermediate Trusted Certificate 0001 Key' --id 00112233445566778899FFAABBCCDDEEFF012345 550s + rm /tmp/sssd-softhsm2-certs-cbnhQX/test-intermediate-CA-trusted-certificate-0001-key-decrypted.pem 550s + p11tool --provider=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so --list-all 550s Object 0: 550s URL: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=18e09975da92d1d9;token=Test%20Organization%20Interme%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Intermediate%20Trusted%20Certificate%200001;type=cert 550s Type: X.509 Certificate (RSA-1024) 550s Expires: Wed Mar 26 12:50:06 2025 550s Label: Test Organization Intermediate Trusted Certificate 0001 550s ID: 00:11:22:33:44:55:66:77:88:99:ff:aa:bb:cc:dd:ee:ff:01:23:45 550s 550s + echo 'Test Organization Interme Token' 550s Test Organization Interme Token 550s + prepare_softhsm2_card /tmp/sssd-softhsm2-certs-cbnhQX/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-18392 550s + local certificate=/tmp/sssd-softhsm2-certs-cbnhQX/test-sub-intermediate-CA-trusted-certificate-0001.pem 550s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-18392 550s + local key_cn 550s + local key_name 550s + local tokens_dir 550s + local output_cert_file 550s + token_name= 550s ++ basename /tmp/sssd-softhsm2-certs-cbnhQX/test-sub-intermediate-CA-trusted-certificate-0001.pem .pem 550s + key_name=test-sub-intermediate-CA-trusted-certificate-0001 550s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-certs-cbnhQX/test-sub-intermediate-CA-trusted-certificate-0001.pem 550s ++ sed -n 's/ *commonName *= //p' 550s + key_cn='Test Organization Sub Intermediate Trusted Certificate 0001' 550s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 550s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-certs-cbnhQX/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 550s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-certs-cbnhQX/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 550s ++ basename /tmp/sssd-softhsm2-certs-cbnhQX/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf .conf 550s + tokens_dir=/tmp/sssd-softhsm2-certs-cbnhQX/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 550s + token_name='Test Organization Sub Int Token' 550s + '[' '!' -e /tmp/sssd-softhsm2-certs-cbnhQX/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf ']' 550s + local key_file 550s + local decrypted_key 550s + mkdir -p /tmp/sssd-softhsm2-certs-cbnhQX/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 550s + key_file=/tmp/sssd-softhsm2-certs-cbnhQX/test-sub-intermediate-CA-trusted-certificate-0001-key.pem 550s + decrypted_key=/tmp/sssd-softhsm2-certs-cbnhQX/test-sub-intermediate-CA-trusted-certificate-0001-key-decrypted.pem 550s + cat 550s + softhsm2-util --init-token --label 'Test Organization Sub Int Token' --pin 123456 --so-pin 123456 --free 550s Slot 0 has a free/uninitialized token. 550s The token has been initialized and is reassigned to slot 131775869 550s + softhsm2-util --show-slots 550s Available slots: 550s Slot 131775869 550s Slot info: 550s Description: SoftHSM slot ID 0x7dabd7d 550s Manufacturer ID: SoftHSM project 550s Hardware version: 2.6 550s Firmware version: 2.6 550s Token present: yes 550s Token info: 550s Manufacturer ID: SoftHSM project 550s Model: SoftHSM v2 550s Hardware version: 2.6 550s Firmware version: 2.6 550s Serial number: f1d2e58887dabd7d 550s Initialized: yes 550s User PIN init.: yes 550s Label: Test Organization Sub Int Token 550s Slot 1 550s Slot info: 550s Description: SoftHSM slot ID 0x1 550s Manufacturer ID: SoftHSM project 550s Hardware version: 2.6 550s Firmware version: 2.6 550s Token present: yes 550s Token info: 550s Manufacturer ID: SoftHSM project 550s Model: SoftHSM v2 550s Hardware version: 2.6 550s Firmware version: 2.6 550s Serial number: 550s Initialized: no 550s User PIN init.: no 550s Label: 550s + p11tool --provider=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so --write --no-mark-private --load-certificate=/tmp/sssd-softhsm2-certs-cbnhQX/test-sub-intermediate-CA-trusted-certificate-0001.pem --login --set-pin=123456 --label 'Test Organization Sub Intermediate Trusted Certificate 0001' --id 00112233445566778899FFAABBCCDDEEFF012345 550s + openssl rsa -passin pass:random-sub-intermediate-ca-trusted-cert-0001-18392 -in /tmp/sssd-softhsm2-certs-cbnhQX/test-sub-intermediate-CA-trusted-certificate-0001-key.pem -out /tmp/sssd-softhsm2-certs-cbnhQX/test-sub-intermediate-CA-trusted-certificate-0001-key-decrypted.pem 550s writing RSA key 550s + p11tool --provider=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so --write --load-privkey=/tmp/sssd-softhsm2-certs-cbnhQX/test-sub-intermediate-CA-trusted-certificate-0001-key-decrypted.pem --login --set-pin=123456 --label 'Test Organization Sub Intermediate Trusted Certificate 0001 Key' --id 00112233445566778899FFAABBCCDDEEFF012345 550s + rm /tmp/sssd-softhsm2-certs-cbnhQX/test-sub-intermediate-CA-trusted-certificate-0001-key-decrypted.pem 550s + p11tool --provider=/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so --list-all 550s Object 0: 550s URL: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=f1d2e58887dabd7d;token=Test%20Organization%20Sub%20Int%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Sub%20Intermediate%20Trusted%20Certificate%200001;type=cert 550s Type: X.509 Certificate (RSA-1024) 550s Expires: Wed Mar 26 12:50:06 2025 550s Label: Test Organization Sub Intermediate Trusted Certificate 0001 550s ID: 00:11:22:33:44:55:66:77:88:99:ff:aa:bb:cc:dd:ee:ff:01:23:45 550s 550s Test Organization Sub Int Token 550s Certificates generation completed! 550s + echo 'Test Organization Sub Int Token' 550s + echo 'Certificates generation completed!' 550s + exit 0 550s + find /tmp/sssd-softhsm2-certs-cbnhQX -type d -exec chmod 777 '{}' ';' 550s + find /tmp/sssd-softhsm2-certs-cbnhQX -type f -exec chmod 666 '{}' ';' 550s + backup_file /etc/sssd/sssd.conf 550s + '[' -z '' ']' 550s ++ mktemp -d -t sssd-softhsm2-backups-XXXXXX 550s + backupsdir=/tmp/sssd-softhsm2-backups-OlWKnC 550s + '[' -e /etc/sssd/sssd.conf ']' 550s + delete_paths+=("$1") 550s + rm -f /etc/sssd/sssd.conf 550s ++ runuser -u ubuntu -- sh -c 'echo ~' 550s + user_home=/home/ubuntu 550s + mkdir -p /home/ubuntu 550s + chown ubuntu:ubuntu /home/ubuntu 550s ++ runuser -u ubuntu -- sh -c 'echo ${XDG_CONFIG_HOME:-~/.config}' 550s + user_config=/home/ubuntu/.config 550s + system_config=/etc 550s + softhsm2_conf_paths=("${AUTOPKGTEST_NORMAL_USER}:$user_config/softhsm2/softhsm2.conf" "root:$system_config/softhsm/softhsm2.conf") 550s + for path_pair in "${softhsm2_conf_paths[@]}" 550s + IFS=: 550s + read -r -a path 550s + path=/home/ubuntu/.config/softhsm2/softhsm2.conf 550s + backup_file /home/ubuntu/.config/softhsm2/softhsm2.conf 550s + '[' -z /tmp/sssd-softhsm2-backups-OlWKnC ']' 550s + '[' -e /home/ubuntu/.config/softhsm2/softhsm2.conf ']' 550s + delete_paths+=("$1") 550s + rm -f /home/ubuntu/.config/softhsm2/softhsm2.conf 550s + for path_pair in "${softhsm2_conf_paths[@]}" 550s + IFS=: 550s + read -r -a path 550s + path=/etc/softhsm/softhsm2.conf 550s + backup_file /etc/softhsm/softhsm2.conf 550s + '[' -z /tmp/sssd-softhsm2-backups-OlWKnC ']' 550s + '[' -e /etc/softhsm/softhsm2.conf ']' 550s ++ dirname /etc/softhsm/softhsm2.conf 550s + local back_dir=/tmp/sssd-softhsm2-backups-OlWKnC//etc/softhsm 550s ++ basename /etc/softhsm/softhsm2.conf 550s + local back_path=/tmp/sssd-softhsm2-backups-OlWKnC//etc/softhsm/softhsm2.conf 550s + '[' '!' -e /tmp/sssd-softhsm2-backups-OlWKnC//etc/softhsm/softhsm2.conf ']' 550s + mkdir -p /tmp/sssd-softhsm2-backups-OlWKnC//etc/softhsm 550s + cp -a /etc/softhsm/softhsm2.conf /tmp/sssd-softhsm2-backups-OlWKnC//etc/softhsm/softhsm2.conf 550s + restore_paths+=("$back_path") 550s + rm -f /etc/softhsm/softhsm2.conf 550s + test_authentication login /tmp/sssd-softhsm2-certs-cbnhQX/softhsm2-test-root-CA-trusted-certificate-0001.conf /tmp/sssd-softhsm2-certs-cbnhQX/test-full-chain-CA.pem 550s + pam_service=login 550s + certificate_config=/tmp/sssd-softhsm2-certs-cbnhQX/softhsm2-test-root-CA-trusted-certificate-0001.conf 550s + ca_db=/tmp/sssd-softhsm2-certs-cbnhQX/test-full-chain-CA.pem 550s + verification_options= 550s + mkdir -p -m 700 /etc/sssd 550s + echo 'Using CA DB '\''/tmp/sssd-softhsm2-certs-cbnhQX/test-full-chain-CA.pem'\'' with verification options: '\'''\''' 550s Using CA DB '/tmp/sssd-softhsm2-certs-cbnhQX/test-full-chain-CA.pem' with verification options: '' 550s + cat 550s + chmod 600 /etc/sssd/sssd.conf 550s + for path_pair in "${softhsm2_conf_paths[@]}" 550s + IFS=: 550s + read -r -a path 550s + user=ubuntu 550s + path=/home/ubuntu/.config/softhsm2/softhsm2.conf 550s ++ dirname /home/ubuntu/.config/softhsm2/softhsm2.conf 550s + runuser -u ubuntu -- mkdir -p /home/ubuntu/.config/softhsm2 550s + runuser -u ubuntu -- ln -sf /tmp/sssd-softhsm2-certs-cbnhQX/softhsm2-test-root-CA-trusted-certificate-0001.conf /home/ubuntu/.config/softhsm2/softhsm2.conf 550s + runuser -u ubuntu -- softhsm2-util --show-slots 550s + grep 'Test Organization' 550s Label: Test Organization Root Tr Token 550s + for path_pair in "${softhsm2_conf_paths[@]}" 550s + IFS=: 550s + read -r -a path 550s + user=root 550s + path=/etc/softhsm/softhsm2.conf 550s ++ dirname /etc/softhsm/softhsm2.conf 550s + runuser -u root -- mkdir -p /etc/softhsm 550s + runuser -u root -- ln -sf /tmp/sssd-softhsm2-certs-cbnhQX/softhsm2-test-root-CA-trusted-certificate-0001.conf /etc/softhsm/softhsm2.conf 550s + runuser -u root -- softhsm2-util --show-slots 550s + grep 'Test Organization' 550s Label: Test Organization Root Tr Token 550s + systemctl restart sssd 550s + pam-auth-update --disable sss-smart-card-optional sss-smart-card-required 550s + for alternative in "${alternative_pam_configs[@]}" 550s + pam-auth-update --enable sss-smart-card-optional 551s + cat /etc/pam.d/common-auth 551s # 551s # /etc/pam.d/common-auth - authentication settings common to all services 551s # 551s # This file is included from other service-specific PAM config files, 551s # and should contain a list of the authentication modules that define 551s # the central authentication scheme for use on the system 551s # (e.g., /etc/shadow, LDAP, Kerberos, etc.). The default is to use the 551s # traditional Unix authentication mechanisms. 551s # 551s # As of pam 1.0.1-6, this file is managed by pam-auth-update by default. 551s # To take advantage of this, it is recommended that you configure any 551s # local modules either before or after the default block, and use 551s # pam-auth-update to manage selection of other modules. See 551s # pam-auth-update(8) for details. 551s 551s # here are the per-package modules (the "Primary" block) 551s auth [success=3 default=ignore] pam_sss.so allow_missing_name try_cert_auth 551s auth [success=2 default=ignore] pam_unix.so nullok try_first_pass 551s auth [success=1 default=ignore] pam_sss.so use_first_pass 551s # here's the fallback if no module succeeds 551s auth requisite pam_deny.so 551s # prime the stack with a positive return value if there isn't one already; 551s # this avoids us returning an error just because nothing sets a success code 551s # since the modules above will each just jump around 551s auth required pam_permit.so 551s # and here are more per-package modules (the "Additional" block) 551s auth optional pam_cap.so 551s # end of pam-auth-update config 551s + echo -n -e 123456 551s + runuser -u ubuntu -- pamtester -v login ubuntu authenticate 551s pamtester: invoking pam_start(login, ubuntu, ...) 551s pamtester: performing operation - authenticate 551s PIN for Test Organization Root Tr Token: pamtester: successfully authenticated 551s + echo -n -e 123456 551s + runuser -u ubuntu -- pamtester -v login '' authenticate 551s pamtester: invoking pam_start(login, , ...) 551s pamtester: performing operation - authenticate 551s PIN for Test Organization Root Tr Token: pamtester: successfully authenticated 551s + echo -n -e wrong123456 551s + runuser -u ubuntu -- pamtester -v login ubuntu authenticate 551s pamtester: invoking pam_start(login, ubuntu, ...) 551s pamtester: performing operation - authenticate 553s PIN for Test Organization Root Tr Token: Password: pamtester: Authentication failure 553s + echo -n -e wrong123456 553s + runuser -u ubuntu -- pamtester -v login '' authenticate 553s pamtester: invoking pam_start(login, , ...) 553s pamtester: performing operation - authenticate 556s PIN for Test Organization Root Tr Token: Password: pamtester: Authentication failure 556s + echo -n -e 123456 556s + pamtester -v login root authenticate 556s pamtester: invoking pam_start(login, root, ...) 556s pamtester: performing operation - authenticate 559s Password: pamtester: Authentication failure 559s + for alternative in "${alternative_pam_configs[@]}" 559s + pam-auth-update --enable sss-smart-card-required 559s PAM configuration 559s ----------------- 559s 559s Incompatible PAM profiles selected. 559s 559s The following PAM profiles cannot be used together: 559s 559s SSS required smart card authentication, SSS optional smart card 559s authentication 559s 559s Please select a different set of modules to enable. 559s 559s + cat /etc/pam.d/common-auth 559s # 559s # /etc/pam.d/common-auth - authentication settings common to all services 559s # 559s # This file is included from other service-specific PAM config files, 559s # and should contain a list of the authentication modules that define 559s # the central authentication scheme for use on the system 559s # (e.g., /etc/shadow, LDAP, Kerberos, etc.). The default is to use the 559s # traditional Unix authentication mechanisms. 559s # 559s # As of pam 1.0.1-6, this file is managed by pam-auth-update by default. 559s # To take advantage of this, it is recommended that you configure any 559s # local modules either before or after the default block, and use 559s # pam-auth-update to manage selection of other modules. See 559s # pam-auth-update(8) for details. 559s 559s # here are the per-package modules (the "Primary" block) 559s auth [success=3 ignore=ignore default=die] pam_sss.so allow_missing_name require_cert_auth 559s auth [success=2 default=ignore] pam_unix.so nullok try_first_pass 559s auth [success=1 default=ignore] pam_sss.so use_first_pass 559s # here's the fallback if no module succeeds 559s auth requisite pam_deny.so 559s # prime the stack with a positive return value if there isn't one already; 559s # this avoids us returning an error just because nothing sets a success code 559s # since the modules above will each just jump around 559s auth required pam_permit.so 559s # and here are more per-package modules (the "Additional" block) 559s auth optional pam_cap.so 559s # end of pam-auth-update config 559s + echo -n -e 123456 559s + runuser -u ubuntu -- pamtester -v login ubuntu authenticate 559s pamtester: invoking pam_start(login, ubuntu, ...) 559s pamtester: performing operation - authenticate 560s PIN for Test Organization Root Tr Token: pamtester: successfully authenticated 560s pamtester: successfully authenticated 560s + echo -n -e 123456 560s + runuser -u ubuntu -- pamtester -v login '' authenticate 560s pamtester: invoking pam_start(login, , ...) 560s pamtester: performing operation - authenticate 560s PIN for Test Organization Root Tr Token: + echo -n -e wrong123456 560s + runuser -u ubuntu -- pamtester -v login ubuntu authenticate 560s pamtester: invoking pam_start(login, ubuntu, ...) 560s pamtester: performing operation - authenticate 564s PIN for Test Organization Root Tr Token: pamtester: Authentication failure 564s + echo -n -e wrong123456 564s + runuser -u ubuntu -- pamtester -v login '' authenticate 564s pamtester: invoking pam_start(login, , ...) 564s pamtester: performing operation - authenticate 567s PIN for Test Organization Root Tr Token: pamtester: Authentication failure 567s + echo -n -e 123456 567s + pamtester -v login root authenticate 567s pamtester: invoking pam_start(login, root, ...) 567s pamtester: performing operation - authenticate 569s pamtester: Authentication service cannot retrieve authentication info 569s + test_authentication login /tmp/sssd-softhsm2-certs-cbnhQX/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf /tmp/sssd-softhsm2-certs-cbnhQX/test-full-chain-CA.pem 569s + pam_service=login 569s + certificate_config=/tmp/sssd-softhsm2-certs-cbnhQX/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 569s + ca_db=/tmp/sssd-softhsm2-certs-cbnhQX/test-full-chain-CA.pem 569s + verification_options= 569s + mkdir -p -m 700 /etc/sssd 569s Using CA DB '/tmp/sssd-softhsm2-certs-cbnhQX/test-full-chain-CA.pem' with verification options: '' 569s + echo 'Using CA DB '\''/tmp/sssd-softhsm2-certs-cbnhQX/test-full-chain-CA.pem'\'' with verification options: '\'''\''' 569s + cat 569s Label: Test Organization Sub Int Token 569s Label: Test Organization Sub Int Token 569s + chmod 600 /etc/sssd/sssd.conf 569s + for path_pair in "${softhsm2_conf_paths[@]}" 569s + IFS=: 569s + read -r -a path 569s + user=ubuntu 569s + path=/home/ubuntu/.config/softhsm2/softhsm2.conf 569s ++ dirname /home/ubuntu/.config/softhsm2/softhsm2.conf 569s + runuser -u ubuntu -- mkdir -p /home/ubuntu/.config/softhsm2 569s + runuser -u ubuntu -- ln -sf /tmp/sssd-softhsm2-certs-cbnhQX/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf /home/ubuntu/.config/softhsm2/softhsm2.conf 569s + runuser -u ubuntu -- softhsm2-util --show-slots 569s + grep 'Test Organization' 569s + for path_pair in "${softhsm2_conf_paths[@]}" 569s + IFS=: 569s + read -r -a path 569s + user=root 569s + path=/etc/softhsm/softhsm2.conf 569s ++ dirname /etc/softhsm/softhsm2.conf 569s + runuser -u root -- mkdir -p /etc/softhsm 569s + runuser -u root -- ln -sf /tmp/sssd-softhsm2-certs-cbnhQX/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf /etc/softhsm/softhsm2.conf 569s + runuser -u root -- softhsm2-util --show-slots 569s + grep 'Test Organization' 569s + systemctl restart sssd 570s + pam-auth-update --disable sss-smart-card-optional sss-smart-card-required 570s + for alternative in "${alternative_pam_configs[@]}" 570s + pam-auth-update --enable sss-smart-card-optional 570s + cat /etc/pam.d/common-auth 570s # 570s # /etc/pam.d/common-auth - authentication settings common to all services 570s # 570s # This file is included from other service-specific PAM config files, 570s # and should contain a list of the authentication modules that define 570s # the central authentication scheme for use on the system 570s # (e.g., /etc/shadow, LDAP, Kerberos, etc.). The default is to use the 570s # traditional Unix authentication mechanisms. 570s # 570s # As of pam 1.0.1-6, this file is managed by pam-auth-update by default. 570s # To take advantage of this, it is recommended that you configure any 570s # local modules either before or after the default block, and use 570s # pam-auth-update to manage selection of other modules. See 570s # pam-auth-update(8) for details. 570s 570s # here are the per-package modules (the "Primary" block) 570s auth [success=3 default=ignore] pam_sss.so allow_missing_name try_cert_auth 570s auth [success=2 default=ignore] pam_unix.so nullok try_first_pass 570s auth [success=1 default=ignore] pam_sss.so use_first_pass 570s # here's the fallback if no module succeeds 570s auth requisite pam_deny.so 570s # prime the stack with a positive return value if there isn't one already; 570s # this avoids us returning an error just because nothing sets a success code 570s # since the modules above will each just jump around 570s auth required pam_permit.so 570s # and here are more per-package modules (the "Additional" block) 570s auth optional pam_cap.so 570s # end of pam-auth-update config 570s + echo -n -e 123456 570s + runuser -u ubuntu -- pamtester -v login ubuntu authenticate 570s pamtester: invoking pam_start(login, ubuntu, ...) 570s pamtester: performing operation - authenticate 570s PIN for Test Organization Sub Int Token: pamtester: successfully authenticated 570s + echo -n -e 123456 570s + runuser -u ubuntu -- pamtester -v login '' authenticate 570s pamtester: invoking pam_start(login, , ...) 570s pamtester: performing operation - authenticate 570s PIN for Test Organization Sub Int Token: pamtester: successfully authenticated 570s + echo -n -e wrong123456 570s + runuser -u ubuntu -- pamtester -v login ubuntu authenticate 570s pamtester: invoking pam_start(login, ubuntu, ...) 570s pamtester: performing operation - authenticate 573s PIN for Test Organization Sub Int Token: Password: pamtester: Authentication failure 573s + echo -n -e wrong123456 573s + runuser -u ubuntu -- pamtester -v login '' authenticate 573s pamtester: invoking pam_start(login, , ...) 573s pamtester: performing operation - authenticate 577s PIN for Test Organization Sub Int Token: Password: pamtester: Authentication failure 577s + echo -n -e 123456 577s + pamtester -v login root authenticate 577s pamtester: invoking pam_start(login, root, ...) 577s pamtester: performing operation - authenticate 579s Password: pamtester: Authentication failure 579s + for alternative in "${alternative_pam_configs[@]}" 579s + pam-auth-update --enable sss-smart-card-required 580s PAM configuration 580s ----------------- 580s 580s Incompatible PAM profiles selected. 580s 580s The following PAM profiles cannot be used together: 580s 580s SSS required smart card authentication, SSS optional smart card 580s authentication 580s 580s Please select a different set of modules to enable. 580s 580s + cat /etc/pam.d/common-auth 580s # 580s # /etc/pam.d/common-auth - authentication settings common to all services 580s # 580s # This file is included from other service-specific PAM config files, 580s # and should contain a list of the authentication modules that define 580s # the central authentication scheme for use on the system 580s # (e.g., /etc/shadow, LDAP, Kerberos, etc.). The default is to use the 580s # traditional Unix authentication mechanisms. 580s # 580s # As of pam 1.0.1-6, this file is managed by pam-auth-update by default. 580s # To take advantage of this, it is recommended that you configure any 580s # local modules either before or after the default block, and use 580s # pam-auth-update to manage selection of other modules. See 580s # pam-auth-update(8) for details. 580s 580s # here are the per-package modules (the "Primary" block) 580s auth [success=3 ignore=ignore default=die] pam_sss.so allow_missing_name require_cert_auth 580s auth [success=2 default=ignore] pam_unix.so nullok try_first_pass 580s auth [success=1 default=ignore] pam_sss.so use_first_pass 580s # here's the fallback if no module succeeds 580s auth requisite pam_deny.so 580s # prime the stack with a positive return value if there isn't one already; 580s # this avoids us returning an error just because nothing sets a success code 580s # since the modules above will each just jump around 580s auth required pam_permit.so 580s # and here are more per-package modules (the "Additional" block) 580s auth optional pam_cap.so 580s # end of pam-auth-update config 580s + echo -n -e 123456 580s + runuser -u ubuntu -- pamtester -v login ubuntu authenticate 580s pamtester: invoking pam_start(login, ubuntu, ...) 580s pamtester: performing operation - authenticate 580s PIN for Test Organization Sub Int Token: pamtester: successfully authenticated 580s + echo -n -e 123456 580s + runuser -u ubuntu -- pamtester -v login '' authenticate 580s pamtester: invoking pam_start(login, , ...) 580s pamtester: performing operation - authenticate 580s PIN for Test Organization Sub Int Token: pamtester: successfully authenticated 580s + echo -n -e wrong123456 580s + runuser -u ubuntu -- pamtester -v login ubuntu authenticate 580s pamtester: invoking pam_start(login, ubuntu, ...) 580s pamtester: performing operation - authenticate 583s PIN for Test Organization Sub Int Token: pamtester: Authentication failure 583s + echo -n -e wrong123456 583s + runuser -u ubuntu -- pamtester -v login '' authenticate 583s pamtester: invoking pam_start(login, , ...) 583s pamtester: performing operation - authenticate 586s PIN for Test Organization Sub Int Token: pamtester: Authentication failure 586s + echo -n -e 123456 586s + pamtester -v login root authenticate 586s pamtester: invoking pam_start(login, root, ...) 586s pamtester: performing operation - authenticate 588s pamtester: Authentication service cannot retrieve authentication info 588s + test_authentication login /tmp/sssd-softhsm2-certs-cbnhQX/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf /tmp/sssd-softhsm2-certs-cbnhQX/test-sub-intermediate-CA.pem partial_chain 588s + pam_service=login 588s + certificate_config=/tmp/sssd-softhsm2-certs-cbnhQX/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 588s + ca_db=/tmp/sssd-softhsm2-certs-cbnhQX/test-sub-intermediate-CA.pem 588s + verification_options=partial_chain 588s + mkdir -p -m 700 /etc/sssd 588s + echo 'Using CA DB '\''/tmp/sssd-softhsm2-certs-cbnhQX/test-sub-intermediate-CA.pem'\'' with verification options: '\''partial_chain'\''' 588s + cat 588s Using CA DB '/tmp/sssd-softhsm2-certs-cbnhQX/test-sub-intermediate-CA.pem' with verification options: 'partial_chain' 588s + chmod 600 /etc/sssd/sssd.conf 588s + for path_pair in "${softhsm2_conf_paths[@]}" 589s + IFS=: 589s + read -r -a path 589s + user=ubuntu 589s + path=/home/ubuntu/.config/softhsm2/softhsm2.conf 589s ++ dirname /home/ubuntu/.config/softhsm2/softhsm2.conf 589s + runuser -u ubuntu -- mkdir -p /home/ubuntu/.config/softhsm2 589s + runuser -u ubuntu -- ln -sf /tmp/sssd-softhsm2-certs-cbnhQX/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf /home/ubuntu/.config/softhsm2/softhsm2.conf 589s + runuser -u ubuntu -- softhsm2-util --show-slots 589s + grep 'Test Organization' 589s + for path_pair in "${softhsm2_conf_paths[@]}" 589s + IFS=: 589s + read -r -a path 589s + user=root 589s + path=/etc/softhsm/softhsm2.conf 589s ++ dirname /etc/softhsm/softhsm2.conf 589s + runuser -u root -- mkdir -p /etc/softhsm 589s + runuser -u root -- ln -sf /tmp/sssd-softhsm2-certs-cbnhQX/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf /etc/softhsm/softhsm2.conf 589s + runuser -u root -- softhsm2-util --show-slots 589s + grep 'Test Organization' 589s + systemctl restart sssd 589s Label: Test Organization Sub Int Token 589s Label: Test Organization Sub Int Token 589s + pam-auth-update --disable sss-smart-card-optional sss-smart-card-required 589s + for alternative in "${alternative_pam_configs[@]}" 589s + pam-auth-update --enable sss-smart-card-optional 589s + cat /etc/pam.d/common-auth 589s # 589s # /etc/pam.d/common-auth - authentication settings common to all services 589s # 589s # This file is included from other service-specific PAM config files, 589s # and should contain a list of the authentication modules that define 589s # the central authentication scheme for use on the system 589s # (e.g., /etc/shadow, LDAP, Kerberos, etc.). The default is to use the 589s # traditional Unix authentication mechanisms. 589s # 589s # As of pam 1.0.1-6, this file is managed by pam-auth-update by default. 589s # To take advantage of this, it is recommended that you configure any 589s # local modules either before or after the default block, and use 589s # pam-auth-update to manage selection of other modules. See 589s # pam-auth-update(8) for details. 589s 589s # here are the per-package modules (the "Primary" block) 589s auth [success=3 default=ignore] pam_sss.so allow_missing_name try_cert_auth 589s auth [success=2 default=ignore] pam_unix.so nullok try_first_pass 589s auth [success=1 default=ignore] pam_sss.so use_first_pass 589s # here's the fallback if no module succeeds 589s auth requisite pam_deny.so 589s # prime the stack with a positive return value if there isn't one already; 589s # this avoids us returning an error just because nothing sets a success code 589s # since the modules above will each just jump around 589s auth required pam_permit.so 589s # and here are more per-package modules (the "Additional" block) 589s auth optional pam_cap.so 589s # end of pam-auth-update config 589s + echo -n -e 123456 589s + runuser -u ubuntu -- pamtester -v login ubuntu authenticate 589s pamtester: invoking pam_start(login, ubuntu, ...) 589s pamtester: performing operation - authenticate 589s PIN for Test Organization Sub Int Token: pamtester: successfully authenticated 589s + echo -n -e 123456 589s + runuser -u ubuntu -- pamtester -v login '' authenticate 589s pamtester: invoking pam_start(login, , ...) 589s pamtester: performing operation - authenticate 589s PIN for Test Organization Sub Int Token: pamtester: successfully authenticated 589s + echo -n -e wrong123456 589s + runuser -u ubuntu -- pamtester -v login ubuntu authenticate 589s pamtester: invoking pam_start(login, ubuntu, ...) 589s pamtester: performing operation - authenticate 592s PIN for Test Organization Sub Int Token: Password: pamtester: Authentication failure 592s + echo -n -e wrong123456 592s + runuser -u ubuntu -- pamtester -v login '' authenticate 592s pamtester: invoking pam_start(login, , ...) 592s pamtester: performing operation - authenticate 595s PIN for Test Organization Sub Int Token: Password: pamtester: Authentication failure 595s + echo -n -e 123456 595s + pamtester -v login root authenticate 595s pamtester: invoking pam_start(login, root, ...) 595s pamtester: performing operation - authenticate 599s Password: pamtester: Authentication failure 599s + for alternative in "${alternative_pam_configs[@]}" 599s + pam-auth-update --enable sss-smart-card-required 599s PAM configuration 599s ----------------- 599s 599s Incompatible PAM profiles selected. 599s 599s The following PAM profiles cannot be used together: 599s 599s SSS required smart card authentication, SSS optional smart card 599s authentication 599s 599s Please select a different set of modules to enable. 599s 599s + cat /etc/pam.d/common-auth 599s # 599s # /etc/pam.d/common-auth - authentication settings common to all services 599s # 599s # This file is included from other service-specific PAM config files, 599s # and should contain a list of the authentication modules that define 599s # the central authentication scheme for use on the system 599s # (e.g., /etc/shadow, LDAP, Kerberos, etc.). The default is to use the 599s # traditional Unix authentication mechanisms. 599s # 599s # As of pam 1.0.1-6, this file is managed by pam-auth-update by default. 599s # To take advantage of this, it is recommended that you configure any 599s # local modules either before or after the default block, and use 599s # pam-auth-update to manage selection of other modules. See 599s # pam-auth-update(8) for details. 599s 599s # here are the per-package modules (the "Primary" block) 599s auth [success=3 ignore=ignore default=die] pam_sss.so allow_missing_name require_cert_auth 599s auth [success=2 default=ignore] pam_unix.so nullok try_first_pass 599s auth [success=1 default=ignore] pam_sss.so use_first_pass 599s # here's the fallback if no module succeeds 599s auth requisite pam_deny.so 599s # prime the stack with a positive return value if there isn't one already; 599s # this avoids us returning an error just because nothing sets a success code 599s # since the modules above will each just jump around 599s auth required pam_permit.so 599s # and here are more per-package modules (the "Additional" block) 599s auth optional pam_cap.so 599s # end of pam-auth-update config 599s + echo -n -e 123456 599s + runuser -u ubuntu -- pamtester -v login ubuntu authenticate 599s pamtester: invoking pam_start(login, ubuntu, ...) 599s pamtester: performing operation - authenticate 599s PIN for Test Organization Sub Int Token: pamtester: successfully authenticated 599s + echo -n -e 123456 599s pamtester: successfully authenticated 599s + runuser -u ubuntu -- pamtester -v login '' authenticate 599s pamtester: invoking pam_start(login, , ...) 599s pamtester: performing operation - authenticate 599s PIN for Test Organization Sub Int Token: + echo -n -e wrong123456 599s + runuser -u ubuntu -- pamtester -v login ubuntu authenticate 599s pamtester: invoking pam_start(login, ubuntu, ...) 599s pamtester: performing operation - authenticate 602s PIN for Test Organization Sub Int Token: pamtester: Authentication failure 602s + echo -n -e wrong123456 602s + runuser -u ubuntu -- pamtester -v login '' authenticate 602s pamtester: invoking pam_start(login, , ...) 602s pamtester: performing operation - authenticate 604s PIN for Test Organization Sub Int Token: pamtester: Authentication failure 604s + echo -n -e 123456 604s + pamtester -v login root authenticate 604s pamtester: invoking pam_start(login, root, ...) 604s pamtester: performing operation - authenticate 607s pamtester: Authentication service cannot retrieve authentication info 607s + handle_exit 607s + exit_code=0 607s + restore_changes 607s + for path in "${restore_paths[@]}" 607s + local original_path 607s ++ realpath --strip --relative-base=/tmp/sssd-softhsm2-backups-OlWKnC /tmp/sssd-softhsm2-backups-OlWKnC//etc/softhsm/softhsm2.conf 607s + original_path=/etc/softhsm/softhsm2.conf 607s + rm /etc/softhsm/softhsm2.conf 607s + mv /tmp/sssd-softhsm2-backups-OlWKnC//etc/softhsm/softhsm2.conf /etc/softhsm/softhsm2.conf 607s + for path in "${delete_paths[@]}" 607s + rm -f /etc/sssd/sssd.conf 607s + for path in "${delete_paths[@]}" 607s + rm -f /home/ubuntu/.config/softhsm2/softhsm2.conf 607s + pam-auth-update --disable sss-smart-card-optional sss-smart-card-required 607s + '[' -e /etc/sssd/sssd.conf ']' 607s + systemctl stop sssd 607s + '[' -e /etc/softhsm/softhsm2.conf ']' 607s + chmod 600 /etc/softhsm/softhsm2.conf 607s + rm -rf /tmp/sssd-softhsm2-certs-cbnhQX 607s + '[' 0 = 0 ']' 607s + rm -rf /tmp/sssd-softhsm2-backups-OlWKnC 607s + set +x 607s Script completed successfully! 607s autopkgtest [12:51:04]: test sssd-smart-card-pam-auth-configs: -----------------------] 608s sssd-smart-card-pam-auth-configs PASS 608s autopkgtest [12:51:05]: test sssd-smart-card-pam-auth-configs: - - - - - - - - - - results - - - - - - - - - - 608s autopkgtest [12:51:05]: @@@@@@@@@@@@@@@@@@@@ summary 608s ldap-user-group-ldap-auth PASS 608s ldap-user-group-krb5-auth PASS 608s sssd-softhism2-certificates-tests.sh PASS 608s sssd-smart-card-pam-auth-configs PASS 621s Creating nova instance adt-noble-s390x-sssd-20240326-124056-juju-7f2275-prod-proposed-migration-environment-2-da4e4e7f-2d29-4b10-ab76-8173b6a7841d from image adt/ubuntu-noble-s390x-server-20240326.img (UUID c527e0e4-2e65-4e86-ad63-05d7f665f2fb)... 621s Creating nova instance adt-noble-s390x-sssd-20240326-124056-juju-7f2275-prod-proposed-migration-environment-2-da4e4e7f-2d29-4b10-ab76-8173b6a7841d from image adt/ubuntu-noble-s390x-server-20240326.img (UUID c527e0e4-2e65-4e86-ad63-05d7f665f2fb)...